coreos-ostree-importer: Move from deprecated DeploymentConfig to Deployment

First try aat move from deprecated DeploymentConfig to Deployment using staging environment. See: https://github.com/jbtrystram/coreos-hackathon/issues/13
2024-11-02 19:08:50 +01:00 · 2024-11-02 19:08:50 +01:00 · 678f318f4c
commit 678f318f4c
parent 91beda6fc4
2 changed files with 82 additions and 5 deletions
--- a/playbooks/openshift-apps/coreos-ostree-importer.yml
+++ b/playbooks/openshift-apps/coreos-ostree-importer.yml
@ -10,11 +10,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  vars:
-    - fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}"
-    - fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}"
-    - fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem"
-    - fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem"
-    - fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem"
+    fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}"
+    fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}"
+    fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem"
+    fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem"
+    fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem"

  # Set the fedora_messaging_routing_keys var based on the environment
  pre_tasks:
@ -91,6 +91,13 @@
    object_app: coreos-ostree-importer
    object_template: deploymentconfig.yml.j2
    object_objectname: deploymentconfig.yml
+    when: env == "production"
+
+  - role: openshift/object
+    object_app: coreos-ostree-importer
+    object_template: deployment.yml.j2
+    object_objectname: deployment.yml
+    when: env == "staging"

  - role: openshift/object
    object_app: coreos-ostree-importer
--- a/roles/openshift-apps/coreos-ostree-importer/templates/deployment.yml.j2
+++ b/roles/openshift-apps/coreos-ostree-importer/templates/deployment.yml.j2
@ -0,0 +1,70 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: coreos-ostree-importer
+  name: coreos-ostree-importer
+  annotations:
+    image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"coreos-ostree-importer-img:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"coreos-ostree-importer\")].image","paused":false}]'
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: coreos-ostree-importer
+  strategy:
+    resources: {}
+  template:
+    metadata:
+      labels:
+        app: coreos-ostree-importer
+      name: coreos-ostree-importer
+    spec:
+      containers:
+        - name: coreos-ostree-importer
+          # sleep infinity is useful for debugging environment issues
+          # comment out when not debugging
+          # args: ['/usr/bin/sleep', 'infinity']
+          # command: ['/usr/bin/dumb-init']
+          volumeMounts:
+            - name: fedora-ostree-content-volume
+              mountPath: /mnt/koji
+            - name: fedora-messaging-config-volume
+              mountPath: /etc/fedora-messaging
+              readOnly: true
+            - name: fedora-messaging-ca-volume
+              mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
+              subPath: "{{ fedora_messaging_ca_file }}"
+              readOnly: true
+            - name: fedora-messaging-crt-volume
+              mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
+              subPath: "{{ fedora_messaging_cert_file }}"
+              readOnly: true
+            - name: fedora-messaging-key-volume
+              mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
+              subPath: "{{ fedora_messaging_key_file }}"
+              readOnly: true
+          image: ""
+          imagePullPolicy: IfNotPresent
+          resources: {}
+      # The files in the ostree volumes are created with group ownership of 263.
+      # We need to have 263 in our supplemental groups. See https://pagure.io/releng/issue/8811#comment-629051
+      securityContext:
+        supplementalGroups: [263]
+      volumes:
+        - name: fedora-ostree-content-volume
+          persistentVolumeClaim:
+            claimName: fedora-ostree-content-volume
+        - name: fedora-messaging-config-volume
+          configMap:
+            name: fedora-messaging-configmap
+        - name: fedora-messaging-ca-volume
+          secret:
+            secretName: fedora-messaging-ca
+        - name: fedora-messaging-crt-volume
+          secret:
+            secretName: fedora-messaging-crt
+        - name: fedora-messaging-key-volume
+          secret:
+            secretName: fedora-messaging-key
+      restartPolicy: Always