-
Notifications
You must be signed in to change notification settings - Fork 750
/
Copy pathmain.yaml
248 lines (214 loc) · 10.6 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
---
- name: Jenkins | Check jenkins status
shell: >
{{ bin_dir }}/kubectl get deploy -n kubesphere-devops-system ks-jenkins
register: jenkins_status
ignore_errors: True
# Get old config
- import_tasks: get_old_config.yaml
when:
- jenkins_status.rc == 0
# Uninstall update center
- name: ks-devops | Checking Jenkins update center status
shell: >
{{ bin_dir }}/kubectl get deploy -n kubesphere-devops-system uc-jenkins-update-center
register: jenkins_uc_status
failed_when: false
- import_tasks: uninstall_update_center.yaml
when:
- jenkins_uc_status.rc == 0
# SonarQube application
- block:
- name: ks-devops | Getting sonarqube host
shell: >
{{ bin_dir }}/kubectl get cm -n kubesphere-system kubesphere-config -o jsonpath='{.data.kubesphere\.yaml}' | grep "sonarQube:" -A 2 | grep "host" | awk '{print $2}'
register: sonarqube_host
- name: ks-devops | Getting sonarqube token
shell: >
{{ bin_dir }}/kubectl get cm -n kubesphere-system kubesphere-config -o jsonpath='{.data.kubesphere\.yaml}' | grep "sonarQube:" -A 2 | grep "token" | awk '{print $2}'
register: sonarqube_token
when:
- devops.sonarqube is not defined
- set_fact:
sonarQubeHost: "{{ sonarqube_host.stdout }}"
sonarQubeToken: "{{ sonarqube_token.stdout }}"
when:
- sonarqube_host is defined and sonarqube_host.stdout is defined and sonarqube_host.stdout != ""
- sonarqube_token is defined and sonarqube_token.stdout is defined and sonarqube_token.stdout != ""
- set_fact:
sonarQubeHost: "{{ devops.sonarqube.externalSonarUrl }}"
sonarQubeToken: "{{ devops.sonarqube.externalSonarToken }}"
when:
- devops.sonarqube is defined
- devops.sonarqube.externalSonarUrl is defined
- devops.sonarqube.externalSonarToken is defined
# DevOps application
- name: ks-devops | Getting KubeSphere JWT secret
register: ks_jwt_secret
shell: >
{{ bin_dir }}/kubectl get secret -n kubesphere-system kubesphere-secret -ojsonpath="{.data.secret}" | base64 -d
- name: ks-devops | Debug KubeSphere JWT secret
debug:
var: ks_jwt_secret
- name: Get Argo CD installation
shell: >
{{ bin_dir }}/kubectl get cc -n kubesphere-system ks-installer -o=jsonpath='{.spec.devops.argocd.installation}'
register: argocd_installation
ignore_errors: true
- name: Get Argo CD namespace
shell: |
ns=$({{ bin_dir }}/kubectl get cc -n kubesphere-system ks-installer -o=jsonpath='{.spec.devops.argocd.namespace}')
echo -n ${ns:-argocd}
register: argocd_namespace
ignore_errors: true
- name: ks-devops | Getting devops installation charts
copy:
src: "{{ item }}"
dest: "{{ kubesphere_dir }}/"
loop:
- ks-devops
- name: ks-devops | Checking existing PVC named ks-jenkins
shell: >
{{ bin_dir }}/kubectl -n kubesphere-devops-system get pvc ks-jenkins -o jsonpath='{.metadata.name}' --ignore-not-found
register: ks_jenkins_pvc
- name: ks-devops | Debug exisiting PVC named ks-jenkins
debug:
var: ks_jenkins_pvc
- name: ks-devops | Getting name of existing PVC named ks-jenkins
set_fact:
KS_JENKINS_PVC: "{{ ks_jenkins_pvc.stdout }}"
- name: ks-devops | Getting Kubernetes Node info
shell: |
kubectl get node -ojson | jq '.items[0].status.nodeInfo.containerRuntimeVersion'
register: container_runtime
- name: ks-devops | Setting container runtime of agent builder
set_fact:
builder_container_runtime: "{{ container_runtime.stdout is search('docker://') | ternary('docker', 'podman') }}"
- name: ks-devops | Creating manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kubesphere_dir }}/{{ item.path }}/{{ item.file }}"
with_items:
- { path: ks-devops, file: ks-devops-values.yaml }
- { path: ks-devops, file: argo-cd-values.yaml }
- name: ks-devops | Checking if ks-devops has installed
shell: |
# TODO Rename helm chart name
helm status devops -n kubesphere-devops-system
register: ks_devops_installed
failed_when: false
- name: ks-devops | Cleaning up resources before upgrading or installing ks-devops
import_tasks: cleanup.yaml
# When ks-devops is not installed, clean up some resources
when: ks_devops_installed is not defined or ks_devops_installed.rc != 0
- name: ks-devops | Checking ks-devops Helm Release
shell: >
{{ bin_dir }}/kubectl -n kubesphere-devops-system get secrets --field-selector=type=helm.sh/release.v1 | grep s2i-webhook-server-cert |wc -l
register: helm_release
ignore_errors: True
- name: ks-devops | Convert ks-devops to helm mananged
args:
executable: /bin/bash
shell: >
RESOURCE=$({{ bin_dir }}/kubectl -n {{ item.ns }} get {{ item.kind }} {{ item.resource }} 2> /dev/null | head -n 1);
if [[ "$RESOURCE" != '' ]]; then
{{ bin_dir }}/kubectl -n {{ item.ns }} annotate --overwrite {{ item.kind }} {{ item.resource }} meta.helm.sh/release-name={{ item.release }};
{{ bin_dir }}/kubectl -n {{ item.ns }} annotate --overwrite {{ item.kind }} {{ item.resource }} meta.helm.sh/release-namespace=kubesphere-devops-system;
{{ bin_dir }}/kubectl -n {{ item.ns }} label --overwrite {{ item.kind }} {{ item.resource }} app.kubernetes.io/managed-by=Helm;
fi
loop:
- {ns: "kubesphere-devops-system", kind: "secrets", resource: "s2i-webhook-server-cert", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "configmap", resource: "jenkins-casc-config", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "configmap", resource: "ks-devops-agent", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "clusterrole", resource: "manager-role", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "clusterrole", resource: "proxy-role", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "ClusterRoleBinding", resource: "manager-rolebinding", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "ClusterRoleBinding", resource: "proxy-rolebinding", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "service", resource: "s2ioperator-metrics-service", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "service", resource: "s2i-trigger-service", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "service", resource: "webhook-server-service", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "service", resource: "s2ioperator-trigger-service", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "StatefulSet", resource: "s2ioperator", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "MutatingWebhookConfiguration", resource: "mutating-webhook-configuration", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "ValidatingWebhookConfiguration", resource: "validating-webhook-configuration", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "S2iBuilderTemplate", resource: "binary", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "S2iBuilderTemplate", resource: "java", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "S2iBuilderTemplate", resource: "nodejs", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "S2iBuilderTemplate", resource: "tomcat", release: "devops"}
- {ns: "kubesphere-devops-system", kind: "S2iBuilderTemplate", resource: "python", release: "devops"}
when:
- helm_release.stdout == "0"
register: source_state
failed_when: "source_state.stderr and 'NotFound' not in source_state.stderr"
- name: ks-devops | Stop the existing Jenkins
shell: |
{{ bin_dir }}/kubectl -n kubesphere-devops-system delete service ks-jenkins-agent --ignore-not-found
{{ bin_dir }}/kubectl -n kubesphere-devops-system delete service ks-jenkins --ignore-not-found
{{ bin_dir }}/kubectl -n kubesphere-devops-system scale deployment ks-jenkins --replicas=0
ignore_errors: True
when:
- helm_release.stdout == "0"
- name: ks-devops | Upgrading or installing Argo CD
args:
executable: /bin/bash
shell: |
{{ bin_dir }}/helm upgrade --install devops {{ kubesphere_dir }}/ks-devops/charts/argo-cd-4.4.0.tgz \
-n argocd --create-namespace --reuse-values \
-f {{ kubesphere_dir }}/ks-devops/argo-cd-values.yaml
register: argocd_upgrade_result
until: argocd_upgrade_result is succeeded
when:
- argocd_installation.stdout != "custom"
retries: 3
delay: 10
- name: ks-devops | Upgrading or installing ks-devops
args:
executable: /bin/bash
shell: |
# Delete Job migrate because 'helm upgrade' will try to update immutable fields of Job, which is not allowed.
{{ bin_dir }}/kubectl delete job -n kubesphere-devops-system migrate --ignore-not-found
ks_devops_chart_version=0.1.15
charts_folder={{ kubesphere_dir }}/ks-devops/charts
ks_devops_chart=$charts_folder/ks-devops-$ks_devops_chart_version.tgz
# Create or update CRDs manually
tar xzvf $ks_devops_chart -C $charts_folder
{{ bin_dir }}/kubectl apply -f $charts_folder/ks-devops/crds
{{ bin_dir }}/kubectl apply -f $charts_folder/ks-devops/charts/s2i/crds
# Import the templates seperately due the potential webhook issues
rm -rf s2i-templates
helm template $charts_folder/ks-devops/charts/s2i/ \
-f {{ kubesphere_dir }}/ks-devops/ks-devops-values.yaml \
-s templates/binary.yaml \
-s templates/java.yaml \
-s templates/nodejs.yaml \
-s templates/python.yaml \
-s templates/tomcat.yaml > s2i-templates\templates.yaml
rm -rf $charts_folder/ks-devops/charts/s2i/templates/binary.yaml
rm -rf $charts_folder/ks-devops/charts/s2i/templates/java.yaml
rm -rf $charts_folder/ks-devops/charts/s2i/templates/nodejs.yaml
rm -rf $charts_folder/ks-devops/charts/s2i/templates/python.yaml
rm -rf $charts_folder/ks-devops/charts/s2i/templates/tomcat.yaml
{{ bin_dir }}/helm upgrade --install devops $ks_devops_chart \
-n kubesphere-devops-system \
-f {{ kubesphere_dir }}/ks-devops/ks-devops-values.yaml --wait
{{ bin_dir }}/kubectl apply -f s2i-templates\templates.yaml
register: devops_upgrade_result
until: devops_upgrade_result is succeeded
retries: 3
delay: 10
- name: ks-devops | Labelling devops namespaces as system workspace
shell: |
{{ bin_dir }}/kubectl label --overwrite namespaces {{ item }} kubesphere.io/workspace=system-workspace
loop:
- kubesphere-devops-worker
- name: ks-devops | Importing ks-devops status
shell: >
{{ bin_dir }}/kubectl patch cc ks-installer
--type merge
-p '{"status": {"devops": {"status": "enabled", "enabledTime": "{{ lookup('pipe','date +%Y-%m-%dT%H:%M:%S%Z') }}"}}}'
-n kubesphere-system
register: cc_result
failed_when: "cc_result.stderr and 'Warning' not in cc_result.stderr"
until: cc_result is succeeded
retries: 5
delay: 3