diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index fa21615387..637d7bc0c3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -282,10 +282,14 @@ jobs: - name: Process template run: | mkdir processed-templates - oc process -f templates/composer.yml \ + oc process -f templates/openshift/composer.yml \ -p IMAGE_TAG=image_tag \ --local \ -o yaml > processed-templates/composer.yml + oc process -f templates/openshift/maintenance-crc-workers.yml \ + -p IMAGE_TAG=image_tag \ + --local \ + -o yaml > processed-templates/maintenance-crc-workers.yml - uses: stackrox/kube-linter-action@v1.0.5 with: diff --git a/cmd/osbuild-service-maintenance/main.go b/cmd/osbuild-service-maintenance/main.go index 9d2e3ef280..351c04e693 100644 --- a/cmd/osbuild-service-maintenance/main.go +++ b/cmd/osbuild-service-maintenance/main.go @@ -16,7 +16,12 @@ func main() { cutoff := time.Now().Add(-(time.Hour * 24 * 14)) logrus.Infof("Cutoff date: %v", cutoff) - var conf Config + conf := Config{ + MaxConcurrentRequests: 20, + EnableDBMaintenance: false, + EnableGCPMaintenance: false, + EnableAWSMaintenance: false, + } err := LoadConfigFromEnv(&conf) if err != nil { logrus.Fatal(err) diff --git a/templates/openshift/maintenance-crc-workers.yml b/templates/openshift/maintenance-crc-workers.yml new file mode 100644 index 0000000000..eefbe489fe --- /dev/null +++ b/templates/openshift/maintenance-crc-workers.yml @@ -0,0 +1,151 @@ +apiVersion: v1 +kind: Template +metadata: + name: composer + annotations: + openshift.io/display-name: Image Builder CRC worker services + description: | + Services related to maintaining the CRC workers. + tags: golang + iconClass: icon-shadowman + template.openshift.io/provider-display-name: Red Hat, Inc. +labels: + template: composer-worker-maintenance +objects: +- apiVersion: batch/v1 + kind: CronJob + metadata: + labels: + service: image-builder + name: crc-worker-maintenance + spec: + # run maintenance job at midnight + schedule: 0 0 * * * + concurrencyPolicy: Forbid + # don't run if the job doesn't get scheduled within 30 minutes + startingDeadlineSeconds: 1800 + jobTemplate: + spec: + template: + spec: + serviceAccountName: image-builder + restartPolicy: Never + containers: + - image: "${IMAGE_NAME}:${IMAGE_TAG}" + name: crc-worker-maintenance + resources: + requests: + cpu: "${CPU_REQUEST}" + memory: "${MEMORY_REQUEST}" + limits: + cpu: "${CPU_LIMIT}" + memory: "${MEMORY_LIMIT}" + env: + - name: GCP_AUTH_PROVIDER_X509_CERT_URL + valueFrom: + secretKeyRef: + name: gcp-service-account + key: auth_provider_x509_cert_url + - name: GCP_AUTH_URI + valueFrom: + secretKeyRef: + name: gcp-service-account + key: auth_uri + - name: GCP_CLIENT_EMAIL + valueFrom: + secretKeyRef: + name: gcp-service-account + key: client_email + - name: GCP_CLIENT_ID + valueFrom: + secretKeyRef: + name: gcp-service-account + key: client_id + - name: GCP_CLIENT_X509_CERT_URL + valueFrom: + secretKeyRef: + name: gcp-service-account + key: client_x509_cert_url + - name: GCP_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: gcp-service-account + key: private_key + - name: GCP_PRIVATE_KEY_ID + valueFrom: + secretKeyRef: + name: gcp-service-account + key: private_key_id + - name: GCP_PROJECT_ID + valueFrom: + secretKeyRef: + name: gcp-service-account + key: project_id + - name: GCP_TOKEN_URI + valueFrom: + secretKeyRef: + name: gcp-service-account + key: token_uri + - name: GCP_TYPE + valueFrom: + secretKeyRef: + name: gcp-service-account + key: type + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-account + key: access_key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-account + key: secret_access_key + - name: DRY_RUN + value: "${MAINTENANCE_DRY_RUN}" + - name: ENABLE_AWS_MAINTENANCE + value: "${ENABLE_AWS_MAINTENANCE}" + - name: ENABLE_GCP_MAINTENANCE + value: "${ENABLE_GCP_MAINTENANCE}" + - name: MAX_CONCURRENT_REQUESTS + value: "${MAINTENANCE_MAX_CONCURRENT_REQUESTS}" + +parameters: + - description: maintenance image name + name: IMAGE_NAME + value: quay.io/app-sre/composer-maintenance + required: true + - description: composer image tag + name: IMAGE_TAG + required: true + - name: CPU_REQUEST + description: CPU request per container + value: "50m" + - name: CPU_LIMIT + description: CPU limit per container + value: "100m" + - name: MEMORY_REQUEST + description: Memory request per container + value: "128Mi" + - name: MEMORY_LIMIT + description: Memory limit per container + value: "512Mi" + - description: composer-maintenance dry run + name: MAINTENANCE_DRY_RUN + # don't change this value, overwrite it in app-interface for a specific namespace + value: "true" + required: true + - description: Enable AWS maintenance + name: ENABLE_AWS_MAINTENANCE + # don't change this value, overwrite it in app-interface for a specific namespace + value: "false" + required: true + - description: Enable GPC maintenance + name: ENABLE_GCP_MAINTENANCE + # don't change this value, overwrite it in app-interface for a specific namespace + value: "false" + required: true + - description: composer-maintenance max concurrent requests + name: MAINTENANCE_MAX_CONCURRENT_REQUESTS + value: "10" + required: true