Skip to content

Commit

Permalink
[ISV-4165] Export update-metrics task to a separate pipeline. (#551)
Browse files Browse the repository at this point in the history 
Co-authored-by: mszymutk <[email protected]>
  • Loading branch information
@BorekZnovustvoritel
BorekZnovustvoritel and BorekZnovustvoritel committed Nov 22, 2023
1 parent 1894968 commit 2d7185c
Show file tree
Hide file tree
Showing 23 changed files with 306 additions and 227 deletions.
2 changes: 0 additions & 2 deletions ansible/inventory/group_vars/operator-pipeline-prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,6 @@ operator_pipeline_github_bot_token: ../../vaults/prod/github-bot-token.txt
operator_pipeline_preflight_decryption_key_private_local_path: ../../vaults/prod/preflight-decryption-key-priv.gpg
operator_pipeline_preflight_decryption_key_public_local_path: ../../vaults/prod/preflight-decryption-key-pub

pipelines_metrics_endpoint: http://pipeline-metrics.pipeline-metrics-prod

tekton_pruner_keep: 50

# Settings for importing index imagestreams
Expand Down
2 changes: 0 additions & 2 deletions ansible/inventory/group_vars/operator-pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ kerberos_keytab_isv_pending: ../../vaults/common/nonprod-operatorpipelines.keyta
kerberos_keytab_community: ../../vaults/common/nonprod-operatorpipelines.keytab
kerberos_keytab_community_pending: ../../vaults/common/nonprod-operatorpipelines.keytab

pipelines_metrics_endpoint: http://pipeline-metrics.pipeline-metrics-nonprod

community_signing_pipeline_name: community-signing-pipeline
community_signing_pipeline_private_key_local_path: ../../vaults/{{ env }}/community-operator-signing-pipeline.key
community_signing_pipeline_private_cert_local_path: ../../vaults/{{ env }}/community-operator-signing-pipeline.pem
Expand Down
1 change: 1 addition & 0 deletions ansible/inventory/host_vars/crc-cluster.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
---
ocp_host: https://api.crc.testing:6443
pipelines_metrics_endpoint: http://pipeline-metrics.pipeline-metrics-nonprod
1 change: 1 addition & 0 deletions ansible/inventory/host_vars/prod-cluster.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
---
ocp_host: https://api.pipelines-prod.ijdb.p1.openshiftapps.com:6443
pipelines_metrics_endpoint: http://pipeline-metrics.pipeline-metrics-prod
1 change: 1 addition & 0 deletions ansible/inventory/host_vars/stage-cluster.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
---
ocp_host: https://api.pipelines-stage.0ce8.p1.openshiftapps.com:6443
pipelines_metrics_endpoint: http://pipeline-metrics.pipeline-metrics-nonprod
4 changes: 1 addition & 3 deletions ansible/playbooks/config-ocp-cluster.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@
- name: Configure OCP cluster
hosts: "{{ clusters }}"
roles:
- config_ocp_cluster
vars_files:
- ../vaults/pipelinerun-listener/secret-vars.yml
- name: config_ocp_cluster
environment:
K8S_AUTH_API_KEY: "{{ ocp_token }}"
K8S_AUTH_HOST: "{{ ocp_host }}"
105 changes: 105 additions & 0 deletions ansible/roles/config_ocp_cluster/tasks/gchat-trigger.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
---
- name: Create Google Chat trigger resources
tags:
- gchat
block:
- name: Create Tasks
kubernetes.core.k8s:
state: present
apply: true
validate_certs: "{{ k8s_validate_certs }}"
namespace: "{{ pipelinerun_listener_namespace }}"
definition: "{{ lookup('file', '{{ item }}') }}"
with_fileglob:
- ../files/tasks/*

- name: Create Google Chat webhook Secret
no_log: true
kubernetes.core.k8s:
state: present
force: true
validate_certs: "{{ k8s_validate_certs }}"
namespace: "{{ pipelinerun_listener_namespace }}"
definition:
apiVersion: v1
kind: Secret
type: opaque
metadata:
name: google-chat
data:
webhook: "{{ google_chat_webhook | b64encode }}"

- name: Create GChat TriggerBinding
kubernetes.core.k8s:
state: present
apply: true
namespace: "{{ pipelinerun_listener_namespace }}"
validate_certs: "{{ k8s_validate_certs }}"
definition:
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: pipelinerun-trigger-binding
spec:
params:
- name: namespace
value: $(body.pipelineRun.metadata.namespace)
- name: pipelinerun
value: $(body.pipelineRun.metadata.name)
- name: thread_key
value: "$(body.pipelineRun.metadata.namespace)-$(header['Ce-Type'])"

- name: Create GChat TriggerTemplate
kubernetes.core.k8s:
state: present
apply: true
namespace: "{{ pipelinerun_listener_namespace }}"
validate_certs: "{{ k8s_validate_certs }}"
definition:
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: pipelinerun-trigger-template
spec:
params:
- name: namespace
- name: pipelinerun
- name: thread_key
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
# Tekton may produce duplicate CloudEvents. Use a consistent Task
# name to make this trigger idempotent.
name: $(tt.params.pipelinerun)
spec:
timeout: "5m"
params:
- name: namespace
value: $(tt.params.namespace)
- name: pipelinerun
value: $(tt.params.pipelinerun)
- name: thread_key
value: $(tt.params.thread_key)
taskRef:
name: google-chat-pipelinerun-summary

- name: Create ClusterRoleBinding
kubernetes.core.k8s:
state: present
apply: true
namespace: "{{ pipelinerun_listener_namespace }}"
validate_certs: "{{ k8s_validate_certs }}"
definition:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pipelinerun-listener-view-all-namespaces
subjects:
- kind: ServiceAccount
name: pipeline
namespace: "{{ pipelinerun_listener_namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-aggregate-view
21 changes: 21 additions & 0 deletions ansible/roles/config_ocp_cluster/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
---
- name: Customize TektonConfig
tags:
- always
kubernetes.core.k8s:
state: present
validate_certs: "{{ k8s_validate_certs }}"
Expand All @@ -8,4 +10,23 @@
- ../files/tektonconfig.yml

- name: Include pipelinerun listener task
tags:
- gchat
- metrics
ansible.builtin.include_tasks: tasks/pipelinerun-listener.yml

- name: Include GChat secret vars
tags:
- gchat
ansible.builtin.include_vars:
file: ../../vaults/pipelinerun-listener/secret-vars.yml

- name: Include GChat trigger
tags:
- gchat
ansible.builtin.include_tasks: tasks/gchat-trigger.yml

- name: Include Metrics trigger
tags:
- metrics
ansible.builtin.include_tasks: tasks/metrics-trigger.yml
98 changes: 98 additions & 0 deletions ansible/roles/config_ocp_cluster/tasks/metrics-trigger.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
---
- name: Create Metrics trigger resources
tags:
- metrics
block:
- name: Create metrics pipeline and task
kubernetes.core.k8s:
namespace: "{{ pipelinerun_listener_namespace }}"
state: present
validate_certs: "{{ k8s_validate_certs }}"
definition: "{{ lookup('file', '{{ item }}') }}"
with_items:
- ../templates/openshift/update-metrics.yml
- ../templates/openshift/metrics-pipeline.yml

- name: Create metrics TriggerBinding
kubernetes.core.k8s:
state: present
apply: true
namespace: "{{ pipelinerun_listener_namespace }}"
validate_certs: "{{ k8s_validate_certs }}"
definition:
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: metrics-trigger-binding
spec:
params:
- name: pipelinerun_namespace
value: $(body.pipelineRun.metadata.namespace)
- name: pipelinerun
value: $(body.pipelineRun.metadata.name)
- name: metrics_endpoint
value: "{{ pipelines_metrics_endpoint }}"

- name: Create Metrics TriggerTemplate
kubernetes.core.k8s:
state: present
apply: true
namespace: "{{ pipelinerun_listener_namespace }}"
validate_certs: "{{ k8s_validate_certs }}"
definition:
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: metrics-trigger-template
spec:
params:
- name: pipelinerun_namespace
- name: pipelinerun
- name: metrics_endpoint
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
# Tekton may produce duplicate CloudEvents. Use a consistent Pipeline
# name to make this trigger idempotent.
name: "metrics-pipeline-$(tt.params.pipelinerun)"
spec:
timeout: "5m"
params:
- name: metrics_endpoint
value: $(tt.params.metrics_endpoint)
- name: pipelinerun_namespace
value: $(tt.params.pipelinerun_namespace)
- name: pipelinerun
value: $(tt.params.pipelinerun)
pipelineRef:
name: metrics-pipeline
workspaces:
- name: results
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

- name: Create ClusterRoleBinding
kubernetes.core.k8s:
state: present
apply: true
namespace: "{{ pipelinerun_listener_namespace }}"
validate_certs: "{{ k8s_validate_certs }}"
definition:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-listener-view-all-namespaces
subjects:
- kind: ServiceAccount
name: pipeline
namespace: "{{ pipelinerun_listener_namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-aggregate-view
Loading

0 comments on commit 2d7185c

Please sign in to comment.