Skip to content

Commit

Permalink
feat: replace zarf data injection (#145)
Browse files Browse the repository at this point in the history 
* iterating

* using the right pod (whoops)

* finding the right pod

* adding a wait

* adding a cleanup

* RIP zarfception :salute:

* updating comment explanation

* always let the job end

---------

Co-authored-by: awendt <anthony@defenseunicorns.com>
  • Loading branch information
@blancharda @anthonywendt
blancharda and anthonywendt authored Jul 12, 2024
1 parent 07282ae commit 5f9be14
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 85 deletions.
4 changes: 2 additions & 2 deletions packages/keycloak-config-wrapper/init-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ spec:
[
"sh",
"-c",
# This command looks for the Zarf "data injection marker" which is a timestamped file that is injected after everything else and marks the injection as complete.
'while [ ! -f /home/nonroot/###ZARF_DATA_INJECTION_MARKER### ]; do echo "waiting for zarf data sync" && sleep 1; done; echo "we are done waiting!"; /home/nonroot/sync.sh',
# This command waits for a marker file added after the kubectl cp completes
'while [ ! -f /home/nonroot/marker ]; do echo "waiting for data sync" && sleep 1; done; echo "we are done waiting!"; /home/nonroot/sync.sh',
]
securityContext:
runAsUser: 65532
Expand Down
53 changes: 24 additions & 29 deletions packages/keycloak-config-wrapper/zarf.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,48 +10,43 @@ components:
only:
cluster:
architecture: amd64
files:
# Transfer the files for zarf to use at deploytime
- source: init-job.yaml
target: tmp_deploy/init-job.yaml
- source: zarfception.yaml
target: tmp_deploy/zarf.yaml
manifests:
#create a job from the pre-existing init image
- name: data-loader
namespace: keycloak
files:
- init-job.yaml
images:
# renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver
- "ghcr.io/defenseunicorns/uds/identity-config:0.4.3"
actions:
onDeploy:
before:
# cleanup output from previous attempts
onDeploy:
before:
# cleanup previous attempts
- cmd: |
rm -rf tmp_deploy
mkdir tmp_deploy
./zarf tools kubectl delete job -n keycloak identity-config-loader 2>/dev/null || true
# Check deploy system arch
- cmd: if [ "$(uname -m)" != "x86_64" ]; then echo "this package architecture is amd64, but the target system has a different architecture. These architectures must be the same" && exit 1; fi
description: Check that the host architecture matches the package architecture
maxRetries: 0
after:
# check for jar files (CAN EXIT EARLY)
- cmd: |
COUNT=`ls -1 *.jar 2>/dev/null | wc -l`
if [ $COUNT = 0 ]; then
echo "No local JAR files detected -- SKIPPING CUSTOM PLUGIN LOAD"
exit 0
fi
# wait for the job to start
./zarf tools wait-for job -n keycloak identity-config-loader '{.status.ready}'=1
# move to workdir
cp *.jar tmp_deploy/
cd tmp_deploy
# find the pod
POD=$(./zarf tools kubectl get pods -n keycloak --selector app=data-loader --no-headers -o custom-columns=":metadata.name")
# build the zarf wrapper wrapper (yo dawg... 'zarfception.yaml') -- collect the local files
./zarf package create . --confirm
# copy the jars if they exist (CAN ERROR QUIETLY)
./zarf tools kubectl cp *.jar keycloak/$POD:/home/nonroot || true
# deploy the zarf wrapper
./zarf package deploy zarf-package*.tar.zst --confirm
# set the marker
./zarf tools kubectl exec -n keycloak $POD -- touch /home/nonroot/marker
# CLEANUP attempted deploys
# wait for the job to finish
./zarf tools wait-for job -n keycloak identity-config-loader '{.status.succeeded}'=1

onSuccess:
- cmd: rm -rf tmp_deploy
onFailure:
- cmd: rm -rf tmp_deploy
# bounce keycloak statefulset
- cmd: ./zarf tools kubectl rollout restart statefulset -n keycloak keycloak
54 changes: 0 additions & 54 deletions packages/keycloak-config-wrapper/zarfception.yaml
View file

This file was deleted.

0 comments on commit 5f9be14

Please sign in to comment.