From be6aad8fcc536cd4b08bb153a89cab19e92c764c Mon Sep 17 00:00:00 2001 From: kavaribes Date: Tue, 12 Nov 2024 19:01:29 +0200 Subject: [PATCH] * OS updates * added config for a cronjob to scheduled container restart * set limits for k8s deploymets UDXI-427 --- .github/workflows/deploy.yml | 6 ++- changes.md | 5 +++ ci/deployment-restart-cronjob.yml | 70 +++++++++++++++++++++++++++++++ ci/deployment-v2.yml | 8 +++- 4 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 ci/deployment-restart-cronjob.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4aab2638..962b8983 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -174,6 +174,7 @@ jobs: sed -i.bak "s|CLUSTER_NAME_VALUE|${{ vars.GKE_CLUSTER }}|g" ci/deployment-v2.yml sed -i.bak "s|CLUSTER_ENDPOINT_VALUE|${{ secrets.KUBERNETES_CLUSTER_ENDPOINT }}|g" ci/deployment-v2.yml sed -i.bak "s|CLUSTER_NAMESPACE_VALUE|${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }}|g" ci/deployment-v2.yml + sed -i.bak "s|CLUSTER_NAMESPACE_VALUE|${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }}|g" ci/deployment-restart-cronjob.yml sed -i.bak "s|CLUSTER_USER_TOKEN_VALUE|${{ secrets.KUBERNETES_CLUSTER_USER_TOKEN }}|g" ci/deployment-v2.yml sed -i.bak "s|CLUSTER_SERVICEACCOUNT_VALUE|${{ secrets.KUBERNETES_CLUSTER_SERVICEACCOUNT }}|g" ci/deployment-v2.yml sed -i.bak "s|CLUSTER_CERTIFICATE_VALUE|${{ secrets.KUBERNETES_CLUSTER_CERTIFICATE }}|g" ci/deployment-v2.yml @@ -185,11 +186,14 @@ jobs: sed -i.bak "s|IMAGE_VERSION|${{ steps.version.outputs.TAG }}|g" ci/deployment-v2.yml sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/service.yml sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/deployment-v2.yml + sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/deployment-restart-cronjob.yml sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/service.yml sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/deployment-v2.yml + sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/deployment-restart-cronjob.yml sed -i.bak "s|PROJECT_ID|$PROJECT_ID|g" ci/deployment-v2.yml sed -i.bak "s|AR_LOCATION|$AR_LOCATION|g" ci/deployment-v2.yml # Deploy the Docker image to the GKE cluster - run: | kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/service.yml && \ - kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/deployment-v2.yml \ No newline at end of file + kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/deployment-v2.yml && \ + kubectl apply -n ${{ secrets.KUBERNETES_CLUSTER_NAMESPACE }} -f ci/deployment-restart-cronjob.yml \ No newline at end of file diff --git a/changes.md b/changes.md index 8e5ffe2a..7ba81627 100644 --- a/changes.md +++ b/changes.md @@ -1,3 +1,8 @@ +### 0.5.1 +* OS updates +* added config for a cronjob to scheduled container restart +* set limits for k8s deploymets + ### 0.5.0 * Upgraded parent Docker Image to `node:22.7.0-alpine` * Improved `GitHub Action workflow` and removed sensitive data from Docker Image diff --git a/ci/deployment-restart-cronjob.yml b/ci/deployment-restart-cronjob.yml new file mode 100644 index 00000000..c39f8041 --- /dev/null +++ b/ci/deployment-restart-cronjob.yml @@ -0,0 +1,70 @@ +--- +# Service account the client will use to reset the deployment, +# by default the pods running inside the cluster can do no such things. +kind: ServiceAccount +apiVersion: v1 +metadata: + name: sftp-deployment-restart + namespace: CLUSTER_NAMESPACE_VALUE +--- +# allow getting status and patching only the one deployment you want +# to restart +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sftp-deployment-restart + namespace: CLUSTER_NAMESPACE_VALUE +rules: + - apiGroups: ["apps", "extensions"] + resources: ["deployments"] + resourceNames: ["GITHUB_ORG-sftp-GITHUB_BRANCH"] + verbs: ["get", "patch", "list", "watch"] # "list" and "watch" are only needed + # if you want to use `rollout status` +--- +# bind the role to the service account +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: sftp-deployment-restart + namespace: CLUSTER_NAMESPACE_VALUE +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sftp-deployment-restart +subjects: + - kind: ServiceAccount + name: sftp-deployment-restart + namespace: CLUSTER_NAMESPACE_VALUE +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: sftp-deployment-restart + namespace: CLUSTER_NAMESPACE_VALUE +spec: + concurrencyPolicy: Forbid + schedule: '0 3 */3 * *' # cron spec of time + jobTemplate: + spec: + backoffLimit: 2 # this has very low chance of failing, as all this does + # is prompt kubernetes to schedule new replica set for + # the deployment + activeDeadlineSeconds: 600 # timeout, makes most sense with + # "waiting for rollout" variant specified below + template: + spec: + serviceAccountName: sftp-deployment-restart # name of the service + # account configured above + restartPolicy: Never + containers: + - name: kubectl + image: bitnami/kubectl # probably any kubectl image will do, + # optionaly specify version, but this + # should not be necessary, as long the + # version of kubectl is new enough to + # have `rollout restart` + command: + - 'kubectl' + - 'rollout' + - 'restart' + - 'deployment/GITHUB_ORG-sftp-GITHUB_BRANCH' \ No newline at end of file diff --git a/ci/deployment-v2.yml b/ci/deployment-v2.yml index 18a55aaf..de900824 100644 --- a/ci/deployment-v2.yml +++ b/ci/deployment-v2.yml @@ -34,7 +34,13 @@ spec: ports: - name: ssh containerPort: 22 - resources: {} + resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 200m + memory: 212Mi env: - name: KUBERNETES_CLUSTER_ENDPOINT value: https://CLUSTER_ENDPOINT_VALUE