Merge pull request #52 from udx/UDXI-427

* OS updates * added config for a cronjob to scheduled container rest…
udx · Nov 12, 2024 · 1288338 · 1288338
2 parents b4147b0 + be6aad8
commit 1288338
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 2 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -174,6 +174,7 @@ jobs:
         sed -i.bak "s|CLUSTER_NAME_VALUE|${{ vars.GKE_CLUSTER }}|g" ci/deployment-v2.yml
         sed -i.bak "s|CLUSTER_ENDPOINT_VALUE|${{ secrets.KUBERNETES_CLUSTER_ENDPOINT }}|g" ci/deployment-v2.yml
         sed -i.bak "s|CLUSTER_NAMESPACE_VALUE|${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }}|g" ci/deployment-v2.yml
+        sed -i.bak "s|CLUSTER_NAMESPACE_VALUE|${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }}|g" ci/deployment-restart-cronjob.yml
         sed -i.bak "s|CLUSTER_USER_TOKEN_VALUE|${{ secrets.KUBERNETES_CLUSTER_USER_TOKEN }}|g" ci/deployment-v2.yml
         sed -i.bak "s|CLUSTER_SERVICEACCOUNT_VALUE|${{ secrets.KUBERNETES_CLUSTER_SERVICEACCOUNT }}|g" ci/deployment-v2.yml
         sed -i.bak "s|CLUSTER_CERTIFICATE_VALUE|${{ secrets.KUBERNETES_CLUSTER_CERTIFICATE }}|g" ci/deployment-v2.yml
@@ -185,11 +186,14 @@ jobs:
         sed -i.bak "s|IMAGE_VERSION|${{ steps.version.outputs.TAG }}|g" ci/deployment-v2.yml
         sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/service.yml
         sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/deployment-v2.yml
+        sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/deployment-restart-cronjob.yml
         sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/service.yml
         sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/deployment-v2.yml
+        sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/deployment-restart-cronjob.yml
         sed -i.bak "s|PROJECT_ID|$PROJECT_ID|g" ci/deployment-v2.yml
         sed -i.bak "s|AR_LOCATION|$AR_LOCATION|g" ci/deployment-v2.yml
     # Deploy the Docker image to the GKE cluster
     - run: |
         kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/service.yml && \
-        kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/deployment-v2.yml
+        kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/deployment-v2.yml && \
+        kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/deployment-restart-cronjob.yml
diff --git a/changes.md b/changes.md
@@ -1,3 +1,8 @@
+### 0.5.1
+* OS updates
+* added config for a cronjob to scheduled container restart
+* set limits for k8s deploymets
+
 ### 0.5.0
 * Upgraded parent Docker Image to `node:22.7.0-alpine`
 * Improved `GitHub Action workflow` and removed sensitive data from Docker Image

diff --git a/ci/deployment-restart-cronjob.yml b/ci/deployment-restart-cronjob.yml
@@ -0,0 +1,70 @@
+---
+# Service account the client will use to reset the deployment,
+# by default the pods running inside the cluster can do no such things.
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: sftp-deployment-restart
+  namespace: CLUSTER_NAMESPACE_VALUE
+---
+# allow getting status and patching only the one deployment you want
+# to restart
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: sftp-deployment-restart
+  namespace: CLUSTER_NAMESPACE_VALUE
+rules:
+  - apiGroups: ["apps", "extensions"]
+    resources: ["deployments"]
+    resourceNames: ["GITHUB_ORG-sftp-GITHUB_BRANCH"]
+    verbs: ["get", "patch", "list", "watch"] # "list" and "watch" are only needed
+                                             # if you want to use `rollout status`
+---
+# bind the role to the service account
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sftp-deployment-restart
+  namespace: CLUSTER_NAMESPACE_VALUE
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sftp-deployment-restart
+subjects:
+  - kind: ServiceAccount
+    name: sftp-deployment-restart
+    namespace: CLUSTER_NAMESPACE_VALUE
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: sftp-deployment-restart
+  namespace: CLUSTER_NAMESPACE_VALUE
+spec:
+  concurrencyPolicy: Forbid
+  schedule: '0 3 */3 * *' # cron spec of time
+  jobTemplate:
+    spec:
+      backoffLimit: 2 # this has very low chance of failing, as all this does
+                      # is prompt kubernetes to schedule new replica set for
+                      # the deployment
+      activeDeadlineSeconds: 600 # timeout, makes most sense with
+                                 # "waiting for rollout" variant specified below
+      template:
+        spec:
+          serviceAccountName: sftp-deployment-restart # name of the service
+                                                      # account configured above
+          restartPolicy: Never
+          containers:
+            - name: kubectl
+              image: bitnami/kubectl # probably any kubectl image will do,
+                                     # optionaly specify version, but this
+                                     # should not be necessary, as long the
+                                     # version of kubectl is new enough to
+                                     # have `rollout restart`
+              command:
+                - 'kubectl'
+                - 'rollout'
+                - 'restart'
+                - 'deployment/GITHUB_ORG-sftp-GITHUB_BRANCH'
diff --git a/ci/deployment-v2.yml b/ci/deployment-v2.yml
@@ -34,7 +34,13 @@ spec:
           ports:
             - name: ssh
               containerPort: 22
-          resources: {}
+          resources: 
+            limits:
+              cpu: '2'
+              memory: 2Gi
+            requests:
+              cpu: 200m
+              memory: 212Mi
           env:
             - name: KUBERNETES_CLUSTER_ENDPOINT
               value: https://CLUSTER_ENDPOINT_VALUE