Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update YQ everywhere and deploy-renku wants split values files. #60

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: update YQ everywhere and deploy-renku wants split values files. #60

wants to merge 1 commit into from

Conversation

aledegano
Copy link
Contributor

  • deploy-renku now expects two files for the values of the Helm chart to deploy:
    one is the secrets that are stored in GH organization, the other is a file passed
    to the action, meant to be in the Renku repository itself.

  • YQ has been updated to version 4.x everywhere and the commands fixed according
    to the need of the new version

  • The base Docker image have also been updated

  • YQ is now installed in all actions through the Alpine package directly

@aledegano aledegano requested review from olevski, Panaetius and a team and removed request for Panaetius and olevski August 10, 2023 08:33
rokroskar
rokroskar reviewed Aug 10, 2023
View reviewed changes
Copy link
Member

@rokroskar rokroskar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this @aledegano! Two things:

  • could you please make a test PR that uses this branch in the main renku repo to verify it all works as expected?
  • can you remove the x in set -ex in all the scripts? I know you didn't add it, but since we're updating things it seems like a good opportunity

update-component-version/Dockerfile Outdated Show resolved Hide resolved
@aledegano
Copy link
Contributor Author

Thanks for doing this @aledegano! Two things:

* could you please make a test PR that uses this branch in the main renku repo to verify it all works as expected?

This is the sister PR: SwissDataScienceCenter/renku#3191 in Renku that uses the new deploy-renku method, it needs some cleanup but it works and the code is all there.

I am not sure if I can "test" the other actions as they are invoked in very specific situations. I have tested in my terminal all the yq updated commands and the building of the Docker images. Beside that I was leaning into the strategy of fixing things that breaks afterwards...

* can you remove the `x` in `set -ex` in all the scripts? I know you didn't add it, but since we're updating things it seems like a good opportunity

Good point, done.

@rokroskar
Copy link
Member

I am not sure if I can "test" the other actions as they are invoked in very specific situations.

yes, that's always problematic with these - the only thing that raises orange flags is the change of chartpress version. This has caused issues in the past and there was a reason why it was pinned. I believe this issue may be a part of it? But for sure it changes the tag format. It could be that more recent versions do it better, but 1.0 was definitely a problem in the past with our workflows.

@aledegano
Copy link
Contributor Author

I am not sure if I can "test" the other actions as they are invoked in very specific situations.

yes, that's always problematic with these - the only thing that raises orange flags is the change of chartpress version. This has caused issues in the past and there was a reason why it was pinned. I believe this issue may be a part of it? But for sure it changes the tag format. It could be that more recent versions do it better, but 1.0 was definitely a problem in the past with our workflows.

Okay I'll double check it then.
I know we use version 1.0.0 on another action, but it might be different

@aledegano
chore: update YQ everywhere and deploy-renku wants split values files.
6742941 
- deploy-renku now expects two files for the values of the Helm chart to deploy:
one is the secrets that are stored in GH organization, the other is a file passed
to the action, meant to be in the Renku repository itself.

- YQ has been updated to version 4.x everywhere and the commands fixed according
to the need of the new version

- The base Docker image have also been updated

- YQ is now installed in all actions through the Alpine package directly
olevski
olevski requested changes Oct 20, 2023
View reviewed changes
deploy-renku/entrypoint.sh
APP_ID=$(echo $gitlab_app | jq -r '.application_id')
APP_SECRET=$(echo $gitlab_app | jq -r '.secret')
export APP_ID=$(echo $gitlab_app | jq -r '.application_id')
export APP_SECRET=$(echo $gitlab_app | jq -r '.secret')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am pretty sure we don't need the export here and in front of APP_ID and for RENKU_VALUES_FILE. The variables will be available within the script even without export. So no need to do it.

deploy-renku/entrypoint.sh
export RENKU_VALUES_FILE="/renku-values.yaml"

# merge the secret and clear value files
printf "%s" "$RENKU_SECRET_VALUES" > $RENKU_VALUES_FILE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to update the README.md for these changes accordingly. According to the README the secret values are called just RENKU_VALUES.

deploy-renku/entrypoint.sh
@@ -12,8 +12,14 @@ echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
# set up kube context and values file
echo "$RENKUBOT_KUBECONFIG" > "$KUBECONFIG" && chmod 400 "$KUBECONFIG"

# set up the values file
printf "%s" "$RENKU_VALUES" | sed "s/<replace>/${RENKU_RELEASE}/" > $RENKU_VALUES_FILE
export RENKU_VALUES_FILE="/renku-values.yaml"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already a RENKU_VALUES_FILE variable defined (or at least that is what the README says) and that contains the values.yaml file that comes with the helm chart. But here this is something else I think? Is this supposed to contain the non-secret CI values?

deploy-renku/entrypoint.sh

# merge the secret and clear value files
printf "%s" "$RENKU_SECRET_VALUES" > $RENKU_VALUES_FILE
yq eval-all --inplace '. as $item ireduce ({}; . * $item )' $RENKU_VALUES_FILE $RENKU_CLEAR_VALUES_FILE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is better to let helm take care of this if we simply pass the files on to the helm command in the python script that does helm upgrade --install. I.e. we can do helm install -f non-secret.values.yaml -f secret-values.yaml --set extra-values-from-comment. Then we dont have to do this yq magic stuff. Helm already handles this.

@olevski
Copy link
Member

olevski commented Oct 20, 2023

I tested this on the notebooks repo and it does not work:
SwissDataScienceCenter/renku-notebooks#1676

The problem is that the deploy actions looks for the values file locally. It would be nice if we do not have to have copies of the clear values file in every component repo. This does not make a lot of sense since now we have one helm chart in the renku repo. We should address this as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rokroskar rokroskar rokroskar left review comments

@olevski olevski olevski requested changes

@leafty leafty Awaiting requested review from leafty

@ciyer ciyer Awaiting requested review from ciyer

@jachro jachro Awaiting requested review from jachro

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aledegano @rokroskar @olevski