Skip to content

Update pipeline-service prod #4028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 9, 2024
Merged

Update pipeline-service prod #4028

merged 1 commit into from
Jul 9, 2024

Conversation

@enarha
Copy link
Contributor

@enarha enarha commented Jul 9, 2024

The change includes the Tekton Results update to enable TLS verification (pipeline-service commit SHA 706387e06fde062c3c8fc23531ea9fe8a62a372f), but does not include the OSP version bump (pipeline-service commit SHA 8eada62e76fb135d2cba5b7929411181c0a0e9e0). The latter is planned for update a week from now.

@openshift-ci openshift-ci bot requested review from Roming22 and ramessesii2 July 9, 2024 11:14
@enarha enarha requested a review from gabemontero July 9, 2024 11:14
gabemontero
gabemontero suggested changes Jul 9, 2024
View reviewed changes
Copy link
Contributor

@gabemontero gabemontero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the pinning looks good @enarha but found a couple of anomalies ... ptal

components/pipeline-service/production/stone-prd-m01/deploy.yaml
key: db.name
name: tekton-results-database
image: quay.io/redhat-appstudio/tekton-results-api:bae7851ff584423503af324200f52cd28ca99116
image: quay.io/redhat-appstudio/tekton-results-api:ed360eccc021ad5eedf8ea9c0732912ef602b15a
Copy link
Contributor

@gabemontero gabemontero Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep we are allowing a bump of the api server image while we still pin the watcher image at the level with the mem leak (and the performance cheats which we need to live with until the WG approved rewrite of logging to bypass the GRPC calls occurs).

the watcher image is not changed here

looks good

components/pipeline-service/production/stone-prd-m01/deploy.yaml Outdated
--dry-run=client \
-o yaml | kubectl apply -f -
image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14
image: quay.io/redhat-appstudio/appstudio-utils:dbbdd82734232e6289e8fbae5b4c858481a7c057
Copy link
Contributor

@gabemontero gabemontero Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this intentional ?? .... I think konflux-ci is the new approved way ... maybe this is getting picked up from the pipeline service repo and should be reverted there ?

Copy link
Contributor Author

@enarha enarha Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I compared that with staging and considered it good, but it isn't. The problem is #3848 updated the deploy.yaml files directly, instead of the refs in the pipeline-service repo and now our update is overriding it. I'll create the fix in the service repo, but we can't consume it without the OSP bump (or at least without revering it in both service and infra repos and staging clusters, which I'm not willing to do). So I'll create the change in the service repo and revert those specific changes in the deploy.yaml files. @rcerven FYI.

components/pipeline-service/production/stone-prd-m01/deploy.yaml
enable-git-resolver: true
enable-hub-resolver: true
enable-tekton-oci-bundles: true
enable-step-actions: true
Copy link
Contributor

@gabemontero gabemontero Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah pretty sure @amisstea recently enabled this .... something is inadvertently reverting this @enarha

Copy link
Contributor Author

@enarha enarha Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same thing as above, different PR #3818 , changes the deploy.yaml files instead of the pipeline-service repo. I'll revert the changes to the deploy.yaml files and create a PR to update pipeline-service. @Omeramsc FYI.

@enarha
Update pipeline-service prod
62673a8 
The change includes the Tekton Results update to enable TLS verification
(pipeline-service commit SHA 706387e06fde062c3c8fc23531ea9fe8a62a372f),
but does not include the OSP version bump (pipeline-service commit SHA
8eada62e76fb135d2cba5b7929411181c0a0e9e0). The latter is planned for
update a week from now.
@enarha enarha force-pushed the update-pipeline-service-prod branch from 905bcda to 62673a8 Compare July 9, 2024 14:22
enarha
enarha commented Jul 9, 2024
View reviewed changes
components/pipeline-service/production/stone-prod-p02/deploy.yaml
Comment on lines -1206 to +1347
- args: []
image: quay.io/redhat-appstudio/pipeline-service-exporter:2782659983c94692497467cd1cf952b1bc1f0da4
- args:
- -pprof-address
- "6060"
image: quay.io/redhat-appstudio/pipeline-service-exporter:c93b6d93e8bbd4540a4d565a35bae2a8b081b000
Copy link
Contributor Author

@enarha enarha Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this cluster was not up to date, thus the change.

Copy link
Contributor

@gabemontero gabemontero Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep this is OK and lines up with https://github.com/redhat-appstudio/infra-deployments/blob/main/components/pipeline-service/staging/stone-stg-rh01/deploy.yaml#L1349-L1353

components/pipeline-service/production/stone-prod-p02/deploy.yaml
Comment on lines -2054 to +2200
image: quay.io/openshift-pipeline/openshift-pipelines-pipelines-operator-bundle-container-index@sha256:c2c6587e059b0b5144f4b2cff79f31f1f6fee36f0927b301a17a3b608237134f
image: quay.io/openshift-pipeline/openshift-pipelines-pipelines-operator-bundle-container-index@sha256:beec206d5f9650173348c0d9db404faee6b791ec6d25a9ea3410a909a8e37187
Copy link
Contributor Author

@enarha enarha Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above. It is inline with the other clusters though.

gabemontero
gabemontero approved these changes Jul 9, 2024
View reviewed changes
Copy link
Contributor

@gabemontero gabemontero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/hold
(until you release the hold at the date you specified in your konflux announce email
/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jul 9, 2024
@openshift-ci
Copy link

openshift-ci bot commented Jul 9, 2024

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: enarha, gabemontero

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gabemontero
Copy link
Contributor

gabemontero commented Jul 9, 2024

I think you kube-linter error is a github.com hiccup

Error when running kustomize build for components/pipeline-service/staging/base: Error: accumulating resources: accumulation err='accumulating resources from 'https://github.com/openshift-pipelines/pipeline-service.git/operator/gitops/argocd/pipeline-service?ref=8eada62e76fb135d2cba5b7929411181c0a0e9e0': URL is a git repository': failed to run '/usr/bin/git fetch --depth=1 https://github.com/openshift-pipelines/pipeline-service.git 8eada62e76fb135d2cba5b7929411181c0a0e9e0': fatal: unable to access 'https://github.com/openshift-pipelines/pipeline-service.git/': Failed to connect to github.com port 443 after 21 ms: Connection refused

@enarha
Copy link
Contributor Author

enarha commented Jul 9, 2024

/hold (until you release the hold at the date you specified in your konflux announce email /lgtm

This change does not include the OSP bump, see the commit message. I actually planned to merge it as soon as the CI pass and I get the respective approvals. I see the CI is already green, so unless you have any objections, I'll remove the hold.

@gabemontero
Copy link
Contributor

gabemontero commented Jul 9, 2024

/hold (until you release the hold at the date you specified in your konflux announce email /lgtm

This change does not include the OSP bump, see the commit message. I actually planned to merge it as soon as the CI pass and I get the respective approvals. I see the CI is already green, so unless you have any objections, I'll remove the hold.

sorry totally missed that in the description

/hold cancel

@openshift-merge-bot openshift-merge-bot bot merged commit 57e872c into redhat-appstudio:main Jul 9, 2024
@enarha enarha deleted the update-pipeline-service-prod branch July 10, 2024 10:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ramessesii2 ramessesii2 Awaiting requested review from ramessesii2

@Roming22 Roming22 Awaiting requested review from Roming22

1 more reviewer

@gabemontero gabemontero gabemontero approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@gabemontero gabemontero

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@enarha @gabemontero