Optimize deploying experience and adapt to a newer version of K8s(1.2…

…2+) (#9) * Fix that horizon-core could not launch successfully if gitlab has been restarted && Bump Tekton trigger verson to 0.17.0 to fix the issue that EventListener cannot be deleted in helm uninstallation && Fix that some resources cannot be applied to v1.22+ K8s because some v1beta resource versions are unavailable in v1.22+
horizoncd · Feb 27, 2023 · 4927df9 · 4927df9
1 parent edcb4ca
commit 4927df9
Show file tree

Hide file tree

Showing 123 changed files with 4,409 additions and 3,004 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,4 @@
 .idea
 .vscode
+Chart.lock
+*.tgz
diff --git a/charts/gitlab/Chart.yaml b/charts/gitlab/Chart.yaml
@@ -1,6 +1,6 @@
 name: gitlab
 apiVersion: v2
-version: 2.0.1
+version: 2.0.2
 appVersion: 15.5.1
 description: GitLab Community Edition
 keywords:
@@ -11,3 +11,8 @@ keywords:
 - code review
 - wiki
 home: https://about.gitlab.com
+
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    version: 2.x.x
diff --git a/charts/gitlab/templates/configmap.yaml b/charts/gitlab/templates/configmap.yaml
@@ -13,12 +13,24 @@ data:
   GITLAB_TIMEZONE: {{ .Values.config.GITLAB_TIMEZONE | quote }}
   {{- end }}
   init.sh: |
-      while true
-      do
-        CHECK_STATUS="$(curl -s -o /dev/null -w "%{http_code}" http://localhost/help)"
-        [[ "$CHECK_STATUS" == 20* ]] && {
-          gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'Automation token'); token.set_token('{{ .Values.config.GITLAB_ROOT_ACCESS_TOKEN }}'); token.save!"
-          exit 0
-        }
-        sleep 10
-      done
+    while true
+    do
+      CHECK_STATUS="$(curl -s -o /dev/null -w "%{http_code}" http://localhost/help)"
+      [[ "$CHECK_STATUS" == 20* ]] && {
+        gitlab-rails runner /tmp/script.rb
+        exit 0
+      }
+      sleep 10
+    done
+  script.rb: |
+    # clear token to solve 500 error, refer: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/59623,
+    # https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26829/diffs
+    Project.update(runners_token: nil, runners_token_encrypted: nil)
+    Namespace.update(runners_token: nil, runners_token_encrypted: nil)
+
+    # create personal access token
+    token = User.find_by_username('root').personal_access_tokens.find_by_name('Automation token')
+    token.delete if token
+    token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api], name: 'Automation token')
+    token.set_token('{{ .Values.config.GITLAB_ROOT_ACCESS_TOKEN }}')
+    token.save!
diff --git a/charts/gitlab/templates/ingress.yaml b/charts/gitlab/templates/ingress.yaml
@@ -1,6 +1,6 @@
 {{- $releaseName := .Release.Name -}}
 {{- $servicePort := .Values.httpPort -}}
-apiVersion: extensions/v1beta1
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   annotations:
@@ -18,7 +18,8 @@ spec:
       http:
         paths:
           - path: /
-            backend:
-              serviceName: {{ printf "%s-%s" $releaseName "gitlab" | trunc 63 }}
-              servicePort: {{ $servicePort }}
-  {{- end }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" $releaseName "gitlab" | trunc 63) "servicePort" $servicePort "context" $)  | nindent 14 }}
+  {{- end }}
diff --git a/charts/gitlab/templates/pvc.yaml b/charts/gitlab/templates/pvc.yaml
diff --git a/charts/gitlab/templates/deployment.yaml → charts/gitlab/templates/statefulset.yaml b/charts/gitlab/templates/deployment.yaml → charts/gitlab/templates/statefulset.yaml
@@ -1,5 +1,5 @@
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
 metadata:
   name: {{ template "fullname" . }}
   namespace: {{ .Release.Namespace }}
@@ -10,6 +10,7 @@ spec:
   selector:
     matchLabels:
       app: {{ template "fullname" . }}
+  serviceName: {{ template "fullname" . }}
   template:
     metadata:
       labels:
@@ -31,7 +32,7 @@ spec:
         - name: GITLAB_OMNIBUS_CONFIG
           value: |
             external_url 'http://{{ .Values.config.GITLAB_HOST }}'
-            
+
             # Smtp
             gitlab_rails['smtp_enable'] = false
             gitlab_rails['gitlab_email_enabled'] = false
@@ -142,16 +143,35 @@ spec:
         - name: init
           mountPath: /tmp/init.sh
           subPath: init.sh
+        - name: init
+          mountPath: /tmp/script.rb
+          subPath: script.rb
         resources:
 {{ toYaml .Values.resources | indent 10 }}
       volumes:
-      - name: gitlab-data
-      {{- if .Values.persistence.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ template "fullname" . }}-data
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: init
-        configMap:
-          name: {{ template "fullname" . }}
+        - name: init
+          configMap:
+            name: {{ template "fullname" . }}
+        {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
+        - name: gitlab-data
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim }}
+        {{- else if not .Values.persistence.enabled }}
+          emptyDir: {}
+        {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+  volumeClaimTemplates:
+    - metadata:
+        name: gitlab-data
+        annotations:
+        {{- if .Values.persistence.storageClass }}
+          volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
+        {{- else }}
+          volume.alpha.kubernetes.io/storage-class: default
+        {{- end }}
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode | quote }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+        {{- end }}
diff --git a/charts/gitlab/values.yaml b/charts/gitlab/values.yaml
@@ -11,6 +11,7 @@ ingress:
 
 persistence:
   enabled: false
+  existingClaim: ""
   size: 2Gi
   accessMode: ReadWriteOnce
   storageClass: ""

diff --git a/charts/horizon/Chart.yaml b/charts/horizon/Chart.yaml
@@ -8,6 +8,9 @@ version: 2.0.4
 appVersion: v2.0.5
 
 dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    version: 2.x.x
   - name: gitlab
     version: 2.0.1
     repository: https://horizoncd.github.io/helm-charts

diff --git a/charts/horizon/charts/tektonci-resources/templates/common/pipeline-sa.yaml b/charts/horizon/charts/tektonci-resources/templates/common/pipeline-sa.yaml
@@ -8,4 +8,4 @@ secrets:
   - name: git-secret{{ $i }}
   {{- end }}
   - name: git-token
-  - name: harbor-secret
+  - name: harbor-secret
diff --git a/charts/horizon/charts/tektonci-resources/templates/horizon/build-task.yaml b/charts/horizon/charts/tektonci-resources/templates/horizon/build-task.yaml
@@ -58,9 +58,6 @@ spec:
       {{- with .Values.horizon.buildTask.timeout.imageStep }}
       timeout: {{.}}
       {{- end}}
-      env:
-        - name: DOCKER_CONFIG
-          value: /tekton/home/.docker/
       script:
       {{ toYaml (tpl .Values.horizon.script.image .) | nindent 8 }}
       {{ if .Values.extraVolumeMounts -}}

diff --git a/charts/horizon/charts/tektonci-resources/templates/horizon/pipeline.yaml b/charts/horizon/charts/tektonci-resources/templates/horizon/pipeline.yaml
@@ -8,19 +8,33 @@ metadata:
 spec:
   params:
     - name: token
+      type: string
     - name: application
+      type: string
     - name: cluster
+      type: string
     - name: clusterID
+      type: string
     - name: environment
+      type: string
     - name: gitRepositoryUrl
+      type: string
     - name: gitSubfolder
+      type: string
     - name: gitCommit
+      type: string
     - name: gitBranch
+      type: string
     - name: gitTag
+      type: string
     - name: pipelineJSONBlob
+      type: string
     - name: imageURL
+      type: string
     - name: pipelinerunID
+      type: string
     - name: requestID
+      type: string
   workspaces:
     - name: buildinfo
   tasks:

diff --git a/charts/horizon/charts/tektonci-resources/templates/horizon/trigger-el-v1beta.yaml b/charts/horizon/charts/tektonci-resources/templates/horizon/trigger-el-v1beta.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.enableV1betaEventListener }}
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: horizon-listener
+spec:
+  serviceAccountName: tekton-triggers-sa
+  resources:
+    kubernetesResource:
+      replicas: {{ .Values.eventListener.replicas }}
+      spec:
+        template:
+          spec:
+            containers:
+            - resources:
+                requests:
+                  memory: 32Mi
+                  cpu: 1m
+                limits:
+                  memory: 256Mi
+                  cpu: 100m
+  triggers:
+    - bindings:
+      - ref: horizon-taskbinding
+      template:
+        ref: horizon-triggertemplate
+      interceptors:
+        - ref:
+            name: "cel"
+          params:
+            - name: "overlays"
+              value:
+                - key: pipelineJSONBlob
+                  expression: "body.pipelineJSONBlob.marshalJSON()"
+{{- end }}
diff --git a/charts/horizon/charts/tektonci-resources/templates/horizon/trigger-el.yaml b/charts/horizon/charts/tektonci-resources/templates/horizon/trigger-el.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.enableV1betaEventListener }}
 apiVersion: triggers.tekton.dev/v1alpha1
 kind: EventListener
 metadata:
@@ -30,3 +31,4 @@ spec:
             overlays:
               - key: pipelineJSONBlob
                 expression: "body.pipelineJSONBlob.marshalJSON()"
+{{- end }}
diff --git a/charts/horizon/charts/tektonci-resources/templates/horizon/trigger-ingress.yaml b/charts/horizon/charts/tektonci-resources/templates/horizon/trigger-ingress.yaml
@@ -1,17 +1,18 @@
 {{- if .Values.horizon.ingress.hosts }}
-apiVersion: extensions/v1beta1
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: horizon-listener
 spec:
   rules:
-  {{- range .Values.horizon.ingress.hosts }}
-  - host: {{ . }}
-    http:
-      paths:
-      - backend:
-          serviceName: el-horizon-listener
-          servicePort: 8080
-        path: /
-  {{- end }}
-{{- end }} 
+    {{- range .Values.horizon.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: /
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" "el-horizon-listener" "servicePort" 8080 "context" $)  | nindent 14 }}
+    {{- end }}
+{{- end }}
diff --git a/charts/horizon/charts/tektonci-resources/templates/trigger-clusterrole.yaml b/charts/horizon/charts/tektonci-resources/templates/trigger-clusterrole.yaml
@@ -6,4 +6,9 @@ rules:
   # EventListeners need to be able to fetch any clustertriggerbindings
 - apiGroups: ["triggers.tekton.dev"]
   resources: ["clustertriggerbindings"]
-  verbs: ["get", "list", "watch"]
+  verbs: ["get", "list", "watch"]
+{{- if .Values.enableV1betaEventListener }}
+- apiGroups: ["triggers.tekton.dev"]
+  resources: ["clusterinterceptors"]
+  verbs: ["get", "list", "watch"]
+{{- end }}
diff --git a/charts/horizon/charts/tektonci-resources/values.yaml b/charts/horizon/charts/tektonci-resources/values.yaml
@@ -135,7 +135,6 @@ horizon:
     image: |
       #!/bin/bash
       set -e
-
       export BUILD_TYPE="$(cat $(workspaces.buildinfo.path)/build-type)"
 
       export APPLICATION="$(params.application)"
@@ -154,6 +153,7 @@ horizon:
 
       echo -e "\nstart building: $DOCKER_IMAGE"
 
+      export DOCKER_CONFIG=~/.docker
       CMD_KANIKO="time /kaniko/executor --skip-tls-verify --context=${CONTEXT} \
           --snapshotMode=redo \
           --use-new-run \
@@ -329,3 +329,5 @@ gitRepos:
 eventListener:
   replicas: 1
 extraVolumeMounts: []
+# When set true, custom resources of tekton triggers like EventListener are rendered based on tekton triggers whose version is above v0.17.0.
+enableV1betaEventListener: true
diff --git a/charts/horizon/templates/core/core-cloudevent-ingress.yaml b/charts/horizon/templates/core/core-cloudevent-ingress.yaml
@@ -1,11 +1,7 @@
 {{- if .Values.core.cloudEventIngress.enabled -}}
   {{- $fullName := printf "%v-%v" (include "horizon.core" .) "cloudevent" -}}
   {{- $svcPort := .Values.core.cloudEventService.port -}}
-  {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-  {{- else -}}
-apiVersion: extensions/v1beta1
-  {{- end }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -16,26 +12,17 @@ metadata:
   {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if .Values.core.cloudEventIngress.tls }}
-  tls:
-    {{- range .Values.core.cloudEventIngress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-  {{- end }}
   rules:
     {{- range .Values.core.cloudEventIngress.hosts }}
     - host: {{ .host | quote }}
       http:
         paths:
           {{- range .paths }}
           - path: {{ .path }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ $.Values.core.cloudEventIngress.pathType}}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" $fullName "servicePort" $svcPort "context" $)  | nindent 14 }}
+          {{- end }}
     {{- end }}
-  {{- end }}
-  {{- end }}
+{{- end }}