From a48dfc9b1c4afb512dd8856fdfd96fabd8ecf0c3 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:48:35 +0100 Subject: [PATCH 1/4] BC-8876 - add of filed to pod teplates --- ansible/roles/clamav/templates/deployment.yml.j2 | 2 ++ ansible/roles/clammit/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_etherpad/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 | 2 ++ ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_mongo/templates/deployment.yml.j2 | 2 ++ ansible/roles/dof_postgresql/templates/deployment.yml.j2 | 2 ++ .../templates/job-database-deletion.yml.j2 | 2 ++ ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 | 2 ++ ansible/roles/dof_redis/templates/deployment.yml.j2 | 2 ++ ansible/roles/erwin-idm/templates/deployment.yml.j2 | 2 ++ ansible/roles/erwin-idm/templates/init_job.yml.j2 | 2 ++ ansible/roles/erwin-idm/templates/job-database-init.yml.j2 | 2 ++ .../roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 | 2 ++ ansible/roles/hydra/templates/deployment.yml.j2 | 2 ++ ansible/roles/hydra/templates/job-database-init.yml.j2 | 2 ++ ansible/roles/hydra/templates/job.yml.j2 | 2 ++ .../ingress/templates/default-backend-404-deployment.yml.j2 | 2 ++ ansible/roles/libreoffice/templates/deployment.yml.j2 | 2 ++ ansible/roles/maildrop/templates/deployment.yml.j2 | 2 ++ ansible/roles/oidcmock/templates/deployment.yml.j2 | 2 ++ ansible/roles/pre_deployment/templates/job.yml.j2 | 2 ++ ansible/roles/rocketchat/templates/deployment.yml.j2 | 2 ++ ansible/roles/rocketchat/templates/fixup-job.yml.j2 | 2 ++ ansible/roles/storage/templates/deployment.yml.j2 | 2 ++ 25 files changed, 50 insertions(+) diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index 2b38b4d6d..3e9722e0f 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -36,6 +36,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: clamav image: {{ CLAMAV_IMAGE_NAME }}:{{ CLAMAV_IMAGE_TAG }} diff --git a/ansible/roles/clammit/templates/deployment.yml.j2 b/ansible/roles/clammit/templates/deployment.yml.j2 index 84f4b7988..d4a37baf1 100644 --- a/ansible/roles/clammit/templates/deployment.yml.j2 +++ b/ansible/roles/clammit/templates/deployment.yml.j2 @@ -34,6 +34,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: clammit image: {{ CLAMMIT_IMAGE_NAME }}:{{ CLAMMIT_IMAGE_TAG }} diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index c1f535c63..5fdd96656 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -49,6 +49,8 @@ spec: runAsGroup: 5001 fsGroup: 5001 runAsNonRoot: true + os: + name: linux containers: - name: etherpad image: {{ ETHERPAD_IMAGE_NAME }}:{{ ETHERPAD_IMAGE_TAG }} diff --git a/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 index d23c2d24a..7075947c4 100644 --- a/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 @@ -46,6 +46,8 @@ spec: #runAsGroup: 1000 #fsGroup: 1000 #runAsNonRoot: true + os: + name: linux containers: - name: etherpad-nginx image: {{ ETHERPAD_NGINX_IMAGE_NAME }}:{{ ETHERPAD_NGINX_IMAGE_TAG }} diff --git a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 index 57a2763a9..6066c01e5 100644 --- a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 @@ -40,6 +40,8 @@ spec: securityContext: #readOnlyRootFilesystem: true #runAsNonRoot: true + os: + name: linux containers: - name: mailcatcher image: {{ MAILCATCHER_IMAGE_NAME }}:{{ MAILCATCHER_IMAGE_TAG }} diff --git a/ansible/roles/dof_mongo/templates/deployment.yml.j2 b/ansible/roles/dof_mongo/templates/deployment.yml.j2 index 0170f9894..8977e72e0 100644 --- a/ansible/roles/dof_mongo/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mongo/templates/deployment.yml.j2 @@ -46,6 +46,8 @@ spec: runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true + os: + name: linux containers: - name: mongo image: {{ MONGO_IMAGE_NAME }}:{{ MONGO_IMAGE_TAG }} diff --git a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 index 8b44c1a17..cab855fba 100644 --- a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 +++ b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 @@ -36,6 +36,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: postgres image: {{ POSTGRES_IMAGE_NAME }}:{{ POSTGRES_IMAGE_TAG }} diff --git a/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 b/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 index f2f2de5a6..1fa8aa1fc 100644 --- a/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 +++ b/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 @@ -23,6 +23,8 @@ spec: name: pg-configmap-deletion # 711 in decimal is 457 defaultMode: 457 + os: + name: linux containers: - name: psql-config image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} diff --git a/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 b/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 index 79b27fde4..772d686a2 100644 --- a/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 +++ b/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 @@ -22,6 +22,8 @@ spec: spec: template: spec: + os: + name: linux containers: - name: rabbitmq volumeMounts: diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index c2242dbbf..5bc04c12d 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -40,6 +40,8 @@ spec: securityContext: #readOnlyRootFilesystem: true #runAsNonRoot: true + os: + name: linux containers: - name: redis image: {{ REDIS_IMAGE_NAME }}:{{ REDIS_IMAGE_TAG }} diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index ea841322b..276d49a63 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -49,6 +49,8 @@ spec: runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true + os: + name: linux containers: - name: erwinidm image: {{ ERWINIDM_IMAGE_NAME }}:{{ ERWINIDM_IMAGE_TAG }} diff --git a/ansible/roles/erwin-idm/templates/init_job.yml.j2 b/ansible/roles/erwin-idm/templates/init_job.yml.j2 index e34c9b81a..434a0f89e 100644 --- a/ansible/roles/erwin-idm/templates/init_job.yml.j2 +++ b/ansible/roles/erwin-idm/templates/init_job.yml.j2 @@ -10,6 +10,8 @@ spec: labels: app: erwinidm-init spec: + os: + name: linux containers: - name: erwinidm-init image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 b/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 index 0b2c7cd3c..61a0ba0d4 100644 --- a/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 +++ b/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 @@ -29,6 +29,8 @@ spec: name: pg-erwinidm-configmap-init # 711 in decimal is 457 defaultMode: 457 + os: + name: linux containers: - name: psql-erwinidm-config image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} diff --git a/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 b/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 index 3438ee6ad..b48c93a06 100644 --- a/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 +++ b/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 @@ -40,6 +40,8 @@ spec: git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: h5p-proxy-nginx image: {{ H5P_PROXY_IMAGE_NAME }}:{{ H5P_PROXY_IMAGE_TAG }} diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index ad6323b9e..d8e6784c4 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -39,6 +39,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: hydra image: {{ HYDRA_IMAGE_NAME }}:{{ HYDRA_IMAGE_TAG }} diff --git a/ansible/roles/hydra/templates/job-database-init.yml.j2 b/ansible/roles/hydra/templates/job-database-init.yml.j2 index 5406cd9b4..d36a45633 100644 --- a/ansible/roles/hydra/templates/job-database-init.yml.j2 +++ b/ansible/roles/hydra/templates/job-database-init.yml.j2 @@ -29,6 +29,8 @@ spec: name: pg-hydra-configmap-init # 711 in decimal is 457 defaultMode: 457 + os: + name: linux containers: - name: psql-hydra-config image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} diff --git a/ansible/roles/hydra/templates/job.yml.j2 b/ansible/roles/hydra/templates/job.yml.j2 index b3f35e51e..a3697e662 100644 --- a/ansible/roles/hydra/templates/job.yml.j2 +++ b/ansible/roles/hydra/templates/job.yml.j2 @@ -11,6 +11,8 @@ spec: labels: app: hydra-migrate-db-job spec: + os: + name: linux containers: - name: hydra-migrate image: {{ HYDRA_IMAGE_NAME }}:{{ HYDRA_IMAGE_TAG }} diff --git a/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 b/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 index 625bb340b..07269b4d8 100644 --- a/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 +++ b/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 @@ -34,6 +34,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: default-backend-404 image: nginx:1.27-alpine diff --git a/ansible/roles/libreoffice/templates/deployment.yml.j2 b/ansible/roles/libreoffice/templates/deployment.yml.j2 index a84474058..9fbc7884f 100644 --- a/ansible/roles/libreoffice/templates/deployment.yml.j2 +++ b/ansible/roles/libreoffice/templates/deployment.yml.j2 @@ -41,6 +41,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: libreoffice image: {{ LIBREOFFICE_IMAGE_NAME }}:{{ LIBREOFFICE_IMAGE_TAG }} diff --git a/ansible/roles/maildrop/templates/deployment.yml.j2 b/ansible/roles/maildrop/templates/deployment.yml.j2 index b2a2e2147..bb12592b8 100644 --- a/ansible/roles/maildrop/templates/deployment.yml.j2 +++ b/ansible/roles/maildrop/templates/deployment.yml.j2 @@ -37,6 +37,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: maildrop image: {{ MAILDROP_IMAGE_NAME }}:{{ MAILDROP_IMAGE_TAG }} diff --git a/ansible/roles/oidcmock/templates/deployment.yml.j2 b/ansible/roles/oidcmock/templates/deployment.yml.j2 index bb3f63344..14422b075 100644 --- a/ansible/roles/oidcmock/templates/deployment.yml.j2 +++ b/ansible/roles/oidcmock/templates/deployment.yml.j2 @@ -39,6 +39,8 @@ spec: annotations: configmapHash: "" spec: + os: + name: linux initContainers: - name: oidcmock-initcontainers image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/pre_deployment/templates/job.yml.j2 b/ansible/roles/pre_deployment/templates/job.yml.j2 index be96b441f..27b9304ff 100644 --- a/ansible/roles/pre_deployment/templates/job.yml.j2 +++ b/ansible/roles/pre_deployment/templates/job.yml.j2 @@ -4,6 +4,8 @@ metadata: name: deployment-metrics-marker-job spec: template: + os: + name: linux spec: containers: - name: deployment-metrics-marker diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index dcdc83f3e..68a09f89f 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -39,6 +39,8 @@ spec: runAsGroup: 99999 fsGroup: 99999 runAsNonRoot: true + os: + name: linux containers: - name: rocketchat image: {{ ROCKETCHAT_IMAGE_NAME }}:{{ ROCKETCHAT_IMAGE_TAG }} diff --git a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 index ac12684fe..46676a0a4 100644 --- a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 +++ b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 @@ -18,6 +18,8 @@ spec: spec: activeDeadlineSeconds: 300 template: + os: + name: linux spec: containers: - name: fixup-rocketchat-job diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index 69b4788db..8c6d91e01 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -44,6 +44,8 @@ spec: runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true + os: + name: linux containers: - name: storage image: {{ STORAGE_IMAGE_NAME }} From 7610e58d47f476753416624bc9b0ea13dfaac598 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:59:08 +0100 Subject: [PATCH 2/4] BC-8876 -fix task for pg deletion job --- .../dof_postgresql_management/tasks/main.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/ansible/roles/dof_postgresql_management/tasks/main.yml b/ansible/roles/dof_postgresql_management/tasks/main.yml index eeccc39ff..6692a1c0f 100644 --- a/ansible/roles/dof_postgresql_management/tasks/main.yml +++ b/ansible/roles/dof_postgresql_management/tasks/main.yml @@ -17,12 +17,25 @@ tags: - configmap +- name: Test if TSP Init Job exit + kubernetes.core.k8s_info: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + api_version: batch/v1 + kind: Job + name: pg-deletion-job + register: pg_deletion_job_present + tags: + - job + - name: Create suspended Job for database deletion kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" template: job-database-deletion.yml.j2 apply: yes - when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT + when: + - WITH_BRANCH_POSTGRES_DB_MANAGEMENT + - pg_deletion_job_present.resources|length == 0 tags: - job \ No newline at end of file From 29342a07379d711368c5e2e6776873d2b94d49bc Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Wed, 29 Jan 2025 17:10:55 +0100 Subject: [PATCH 3/4] BC-8876 - fix --- ansible/roles/pre_deployment/templates/job.yml.j2 | 4 ++-- ansible/roles/rocketchat/templates/fixup-job.yml.j2 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/pre_deployment/templates/job.yml.j2 b/ansible/roles/pre_deployment/templates/job.yml.j2 index 27b9304ff..fa5b22fae 100644 --- a/ansible/roles/pre_deployment/templates/job.yml.j2 +++ b/ansible/roles/pre_deployment/templates/job.yml.j2 @@ -4,9 +4,9 @@ metadata: name: deployment-metrics-marker-job spec: template: - os: - name: linux spec: + os: + name: linux containers: - name: deployment-metrics-marker image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 index 46676a0a4..34ec8e29f 100644 --- a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 +++ b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 @@ -18,9 +18,9 @@ spec: spec: activeDeadlineSeconds: 300 template: - os: - name: linux spec: + os: + name: linux containers: - name: fixup-rocketchat-job image: quay.io/schulcloudverbund/infra-tools:latest From 9114239427a709b8c4254f480a5d9a7ec5a94054 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Thu, 30 Jan 2025 15:17:48 +0100 Subject: [PATCH 4/4] BC-8876 - fix text for job --- ansible/roles/dof_postgresql_management/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/dof_postgresql_management/tasks/main.yml b/ansible/roles/dof_postgresql_management/tasks/main.yml index 6692a1c0f..9158bfac1 100644 --- a/ansible/roles/dof_postgresql_management/tasks/main.yml +++ b/ansible/roles/dof_postgresql_management/tasks/main.yml @@ -17,7 +17,7 @@ tags: - configmap -- name: Test if TSP Init Job exit +- name: Test if Job for database deletion exit kubernetes.core.k8s_info: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" @@ -38,4 +38,4 @@ - WITH_BRANCH_POSTGRES_DB_MANAGEMENT - pg_deletion_job_present.resources|length == 0 tags: - - job \ No newline at end of file + - job