Portal:Toolforge/Admin/Kubernetes/Custom components

From Wikitech
Jump to navigation Jump to search

This page contains information on how to operate, build and deploy our custom Toolforge Kubernetes components.

The information in here is subject to change as we move in the direction of Wikimedia_Cloud_Services_team/EnhancementProposals/Toolforge_Kubernetes_component_workflow_improvements

In general, assume this is valid for both tools and toolsbeta.

build

Use the wmcs.toolforge.k8s.component.build cookbook to build the docker container image that will later be deployed in the kubernetes cluster.

user@laptop:~$ cookbook wmcs.toolforge.k8s.component.build -h
usage: cookbooks.wmcs.toolforge.k8s.component.build [-h] [--project PROJECT] [--task-id TASK_ID] [--no-dologmsg]
                                                    [--registry-url REGISTRY_URL]
                                                    [--docker-builder-hostname DOCKER_BUILDER_HOSTNAME] --git-url GIT_URL
                                                    [--git-name GIT_NAME] [--git-branch GIT_BRANCH]
                                                    [--docker-image-tag DOCKER_IMAGE_TAG]
                                                    [--docker-image-name DOCKER_IMAGE_NAME]

WMCS Toolforge Kubernetes - build a docker image for a custom component

Usage example:
    cookbook wmcs.toolforge.k8s.component/build \
        --git-url https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-api

options:
  -h, --help            show this help message and exit
  --project PROJECT     Relevant Cloud VPS openstack project (for operations, dologmsg, etc). If this cookbook is for hardware,
                        this only affects dologmsg calls. Default is 'tools'.
  --task-id TASK_ID     Id of the task related to this operation (ex. T123456). (default: None)
  --no-dologmsg         To disable dologmsg calls (no SAL messages on IRC). (default: False)
  --registry-url REGISTRY_URL
                        docker registry URL (default: docker-registry.tools.wmflabs.org)
  --docker-builder-hostname DOCKER_BUILDER_HOSTNAME
                        docker image builder virtual machine hostname (default: tools-docker-imagebuilder-01)
  --git-url GIT_URL     git URL for the source code (default: None)
  --git-name GIT_NAME   git repository name. If not provided, it will be guessed based on the git URL (default: None)
  --git-branch GIT_BRANCH
                        git branch in the source repository (default: main)
  --docker-image-tag DOCKER_IMAGE_TAG
                        docker tag for the new image, if not provided the git hash of the latest commit will be used (default:
                        None)
  --docker-image-name DOCKER_IMAGE_NAME
                        docker image name. If not provided, it will be guessed based on the git name (default: None)

Example:

user@laptop:~$ cookbook wmcs.toolforge.k8s.component.build --git-url https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-api
[..]
user@laptop:~$ cookbook wmcs.toolforge.k8s.component.build --git-url https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-emailer
INFO: guesses git tree name as jobs-framework-emailer
INFO: guesses docker image name as toolforge-jobs-framework-emailer
START - Cookbook wmcs.toolforge.k8s.component.build
INFO: using build node tools-docker-imagebuilder-01.tools.eqiad1.wikimedia.cloud
INFO: creating temp dir /tmp/cookbook-toolforge-k8s-component-build-ulprobicib
INFO: git cloning https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-emailer
INFO: git checkout main on cloning /tmp/cookbook-toolforge-k8s-component-build-ulprobicib/jobs-framework-emailer
INFO: building docker image toolforge-jobs-framework-emailer:latest
INFO: cleaning up temp dir /tmp/cookbook-toolforge-k8s-component-build-ulprobicib
INFO: creating docker tag docker-registry.tools.wmflabs.org/toolforge-jobs-framework-emailer:latest
INFO: pushing to the registry docker-registry.tools.wmflabs.org/toolforge-jobs-framework-emailer:latest
[DOLOGMSG]: build & push docker image docker-registry.tools.wmflabs.org/toolforge-jobs-framework-emailer:latest from https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-emailer (084ee51)
END (PASS) - Cookbook wmcs.toolforge.k8s.component.build (exit_code=0)

deploy

Use the wmcs.toolforge.k8s.component.deploy cookbook to deploy the custom component in the given kubernetes cluster.

user@laptop:~$ cookbook wmcs.toolforge.k8s.component.deploy -h
usage: cookbooks.wmcs.toolforge.k8s.component.deploy [-h] [--project PROJECT] [--task-id TASK_ID] [--no-dologmsg]
                                                     [--deploy-node-hostname DEPLOY_NODE_HOSTNAME] --git-url GIT_URL
                                                     [--git-name GIT_NAME] [--git-branch GIT_BRANCH]
                                                     [--deployment-command DEPLOYMENT_COMMAND]

WMCS Toolforge Kubernetes - deploy a kubernetes custom component

Usage example:
    cookbook wmcs.toolforge.k8s.component.deploy \
        --git-url https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-api

options:
  -h, --help            show this help message and exit
  --project PROJECT     Relevant Cloud VPS openstack project (for operations, dologmsg, etc). If this cookbook is for hardware,
                        this only affects dologmsg calls. Default is 'toolsbeta'.
  --task-id TASK_ID     Id of the task related to this operation (ex. T123456). (default: None)
  --no-dologmsg         To disable dologmsg calls (no SAL messages on IRC). (default: False)
  --deploy-node-hostname DEPLOY_NODE_HOSTNAME
                        k8s control node hostname (default: toolsbeta-test-k8s-control-4)
  --git-url GIT_URL     git URL for the source code (default: None)
  --git-name GIT_NAME   git repository name. If not provided, it will be guessed based on the git URL (default: None)
  --git-branch GIT_BRANCH
                        git branch in the source repository (default: main)
  --deployment-command DEPLOYMENT_COMMAND
                        command to trigger the deployment. (default: ./deploy.sh)

list of components

This is a (most likely outdated) list of our custom components and where to find them:

custom components
Name Repository clone URL for the cookbooks Repository browser URL Comments
volume-admission-controller https://gerrit.wikimedia.org/r/cloud/toolforge/volume-admission-controller https://gerrit.wikimedia.org/r/admin/repos/cloud/toolforge/volume-admission-controller See also: redundant link1 redundant link2
ingress-admission-controller https://gerrit.wikimedia.org/r/cloud/toolforge/ingress-admission-controller https://gerrit.wikimedia.org/r/admin/repos/cloud/toolforge/ingress-admission-controller See also: redundant link1 redundant link2
registry-admission-controller https://gerrit.wikimedia.org/r/labs/tools/registry-admission-webhook https://gerrit.wikimedia.org/r/admin/repos/labs/tools/registry-admission-webhook See also: redundant link1 redundant link2
nginx-ingress https://gitlab.wikimedia.org/repos/cloud/toolforge/ingress-nginx https://gitlab.wikimedia.org/repos/cloud/toolforge/ingress-nginx See also: Portal:Toolforge/Admin/Kubernetes/Networking_and_ingress#nginx-ingress
delete-crashing-pods https://gerrit.wikimedia.org/r/cloud/toolforge/delete-crashing-pods https://gerrit.wikimedia.org/r/admin/repos/cloud/toolforge/delete-crashing-pods See also: Portal:Toolforge/Admin/Kubernetes/Deploying#delete-crashing-pods
jobs-framework-api https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-api https://gerrit.wikimedia.org/r/admin/repos/cloud/toolforge/jobs-framework-api See also: Portal:Toolforge/Admin/Kubernetes/Jobs_framework
jobs-framework-emailer https://gerrit.wikimedia.org/r/cloud/toolforge/jobs-framework-emailer https://gerrit.wikimedia.org/r/admin/repos/cloud/toolforge/jobs-framework-emailer See also: Portal:Toolforge/Admin/Kubernetes/Jobs_framework
maintain-kubeusers https://gerrit.wikimedia.org/r/labs/tools/maintain-kubeusers https://gerrit.wikimedia.org/r/admin/repos/labs/tools/maintain-kubeusers See also: Portal:Toolforge/Admin/Kubernetes/Certificates#Tool_certs

See also