diff --git a/poc-argoworkflow/0_manual-config.md b/poc-argoworkflow/0_manual-config.md new file mode 100644 index 0000000..1ad5efb --- /dev/null +++ b/poc-argoworkflow/0_manual-config.md @@ -0,0 +1,46 @@ +# longhorn +- Install longhorn in the cluster +- create a [zfs] directory /srv/longhorn/data1/ on all nodes +- Configure a new data store on all nodes +- Remove the default data store on all nodes + +# Argo workflow + +- Install argo stack + +``` +export ARGO_VERSION=v3.3.8 + +# workflow +kubectl apply -n argo -f "https://github.com/argoproj/argo-workflows/releases/download/${ARGO_VERSION}/install.yaml" + +# argo server +# kubectl apply -n argo -f "https://raw.githubusercontent.com/argoproj/argo-workflows/${ARGO_VERSION}/manifests/base/argo-server/argo-server-deployment.yaml" +``` + +- Create a System account + +``` +kubectl -n argo create sa argo-server-adm +#kubectl -n argo create clusterrolebinding argo-server-adm --clusterrole=argo-aggregate-to-admin --serviceaccount=argo:argo-server-adm +kubectl -n argo create clusterrolebinding argo-server-adm --clusterrole=argo-server-cluster-role --serviceaccount=argo:argo-server-adm + +``` + +- Get the access token + +``` +# admin +SECRET_ID=$(kubectl get -n argo sa argo-server-adm -o=jsonpath='{.secrets[0].name}') +TOKEN="Bearer $(kubectl get secret ${SECRET_ID} -o=jsonpath='{.data.token}' | base64 --decode)" +echo $TOKEN +``` + +- + +- For quick access without an ingress: + +``` +while true; do kubectl -n argo port-forward svc/argo-server 2746:2746; sleep 1; done +``` +Connect to https://localhost:2746 diff --git a/poc-argoworkflow/namespace.yaml b/poc-argoworkflow/namespace.yaml new file mode 100644 index 0000000..325701d --- /dev/null +++ b/poc-argoworkflow/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: argo diff --git a/poc-argoworkflow/storageclass.yaml b/poc-argoworkflow/storageclass.yaml new file mode 100644 index 0000000..f8c1610 --- /dev/null +++ b/poc-argoworkflow/storageclass.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +allowVolumeExpansion: true +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "false" + name: longhorn +parameters: + fromBackup: "" + fsType: ext4 + numberOfReplicas: "3" + staleReplicaTimeout: "30" +provisioner: driver.longhorn.io +reclaimPolicy: Delete +volumeBindingMode: Immediate +--- + apiVersion: storage.k8s.io/v1 + kind: StorageClass + allowVolumeExpansion: true + metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + name: longhorn-2replicas + parameters: + fromBackup: "" + fsType: ext4 + numberOfReplicas: "2" + staleReplicaTimeout: "30" + provisioner: driver.longhorn.io + reclaimPolicy: Delete + volumeBindingMode: Immediate diff --git a/poc-argoworkflow/workflows/templates/git-clone.yaml b/poc-argoworkflow/workflows/templates/git-clone.yaml new file mode 100644 index 0000000..bf39182 --- /dev/null +++ b/poc-argoworkflow/workflows/templates/git-clone.yaml @@ -0,0 +1,56 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: git-clone +spec: + volumeClaimTemplates: + - metadata: + name: workspace + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi + + entrypoint: clone + inputs: + parameters: + - name: repository + value: url + - name: directory + value: default + - name: branch + value: master + + templates: + - name: clone + steps: + - - name: git-clone + templateRef: + name: git-clone + template: clone-into-directory + arguments: + parameters: + - name: directory + value: default + + - name: clone-into-directory + inputs: + parameters: + - name: directory + container: + image: python:3.9 + workdir: /workspace # seems to not work + command: [sh, -c] + args: + - | + set -x + DIRECTORY="{{inputs.parameters.directory}}" + BRANCH="{{workflow.parameters.branch}}" + REPOSITORY="{{workflow.parameters.repository}}" + cd /workspace + pwd + git clone -v -b ${BRANCH} ${REPOSITORY} ${DIRECTORY} + volumeMounts: + - name: "workspace" + mountPath: /workspace diff --git a/poc-argoworkflow/workflows/templates/swh-apps.yaml b/poc-argoworkflow/workflows/templates/swh-apps.yaml new file mode 100644 index 0000000..c0a9698 --- /dev/null +++ b/poc-argoworkflow/workflows/templates/swh-apps.yaml @@ -0,0 +1,120 @@ +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: swh-apps +spec: + volumeClaimTemplates: + - metadata: + name: workspace + spec: + accessModes: [ "ReadWriteMany" ] + resources: + requests: + storage: 1Gi + + entrypoint: main + arguments: + parameters: + - name: repository + value: https://forge.softwareheritage.org/source/swh-apps.git + - name: directory + value: default + - name: branch + value: master + + templates: + - name: main # test the templates + steps: + - - name: clone + templateRef: + name: git-clone + template: clone + - - name: list-all-apps + template: list-all-apps + - name: ls + template: ls + + - name: update-app + inputs: + parameters: + - name: app + steps: + - - name: clone + templateRef: + name: git-clone + template: clone-into-directory + arguments: + parameters: + - name: directory + value: "{{inputs.parameters.app}}" + - - name: freeze-dependencies + template: freeze-dependencies + arguments: + parameters: + - name: app + value: "{{inputs.parameters.app}}" + - name: directory + value: "{{inputs.parameters.app}}" + + - name: list-all-apps + script: + image: python:3.9 # TODO use an image where the user is not root + volumeMounts: + - name: "workspace" + mountPath: /workspace + command: [python] + source: | + import json + import os + + apps=[] + apps_dir="/workspace/{{workflow.parameters.directory}}/apps" + for f in os.listdir(apps_dir): + p = f"{apps_dir}/{f}" + if os.path.isdir(p): + if os.path.isfile(f"{p}/requirements.txt"): + apps.append(f) + print(json.dumps(apps)) + + - name: freeze-dependencies + inputs: + parameters: + - name: directory # the path to the root directory where the repository was cloned + - name: app # the app name, must match the directory in /apps + container: + image: python:3.9 # (!) user will be root + volumeMounts: + - name: "workspace" + mountPath: /workspace + command: [sh, -c] + args: + - | + set -x + + WORKDIR=/workspace/{{inputs.parameters.directory}} + APP={{inputs.parameters.directory}} + + ## ack for winery + apt update + apt install -y libcmph-dev + + cd ${WORKDIR} + scripts/generate-frozen-requirements ${APP} + + + - name: ls # for debug + container: + image: python:3.9 # TODO use an image where the user is not root + volumeMounts: + - name: "workspace" + mountPath: /workspace + command: [sh, -c] + args: + - | + set -x + cd /workspace + ls + cd default + ls + cd apps + ls diff --git a/poc-argoworkflow/workflows/test.yaml b/poc-argoworkflow/workflows/test.yaml new file mode 100644 index 0000000..c90672e --- /dev/null +++ b/poc-argoworkflow/workflows/test.yaml @@ -0,0 +1,45 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: refresh-swh-apps- +spec: + volumeClaimTemplates: + - metadata: + name: workspace + spec: + accessModes: [ "ReadWriteMany" ] + resources: + requests: + storage: 1Gi + + entrypoint: build + arguments: + parameters: + - name: repository + value: https://forge.softwareheritage.org/source/swh-apps.git + - name: branch + value: master + - name: directory + value: default + templates: + - name: build + steps: + - - name: clone + templateRef: + name: git-clone + template: clone + - - name: list-all-apps + templateRef: + name: swh-apps + template: list-all-apps + - - name: update-app + templateRef: + name: swh-apps + template: update-app + arguments: + parameters: + - name: app + value: "{{item}}" + - name: directory + value: "{{item}}" + withParam: "{{steps.list-all-apps.outputs.result}}"