Merge pull request #1153 from equinor/master

Improve pipeline sync (#1152)
equinor · Aug 7, 2024 · 11b8594 · 11b8594
2 parents 22f4fd8 + c5b07af
commit 11b8594
Show file tree

Hide file tree

Showing 20 changed files with 1,014 additions and 267 deletions.
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -15,7 +15,6 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch: [arm64]
         target:
         - name: "dev"
           ref: "refs/heads/master"

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -7,9 +7,6 @@ jobs:
   build:
     name: pull-request-check
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        arch: [arm64]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Docker Buildx
@@ -36,9 +33,6 @@ jobs:
   radix-operator-test:
     name: Pipeline-runner unit tests
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        arch: [arm64]
     steps:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
@@ -56,9 +50,6 @@ jobs:
   pipeline-runner-test:
     name: Pipeline-runner unit tests
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        arch: [arm64]
     steps:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
@@ -76,9 +67,6 @@ jobs:
   radix-operator-lint:
     name: Lint
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        arch: [arm64]
     steps:
     - uses: actions/checkout@v4
       with:
@@ -95,9 +83,6 @@ jobs:
   verify-code-generation:
     name: Verify Code Generation
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        arch: [arm64]
     steps:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5

diff --git a/Makefile b/Makefile
@@ -86,6 +86,7 @@ mocks: bootstrap
 	mockgen -source ./pkg/apis/dnsalias/syncer.go -destination ./pkg/apis/dnsalias/syncer_mock.go -package dnsalias
 	mockgen -source ./radix-operator/dnsalias/internal/syncerfactory.go -destination ./radix-operator/dnsalias/internal/syncerfactory_mock.go -package internal
 	mockgen -source ./radix-operator/common/handler.go -destination ./radix-operator/common/handler_mock.go -package common
+	mockgen -source ./pkg/apis/job/job_history.go -destination ./radix-operator/job/job_history_mock.go -package job
 	mockgen -source ./pipeline-runner/internal/wait/job.go -destination ./pipeline-runner/internal/wait/job_mock.go -package wait
 	mockgen -source ./pipeline-runner/internal/watcher/radix_deployment_watcher.go -destination ./pipeline-runner/internal/watcher/radix_deployment_watcher_mock.go -package watcher
 

diff --git a/charts/radix-operator/Chart.yaml b/charts/radix-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: radix-operator
-version: 1.37.8
-appVersion: 1.57.7
+version: 1.37.9
+appVersion: 1.57.8
 kubeVersion: ">=1.24.0"
 description: Radix Operator
 keywords:

diff --git a/charts/radix-operator/templates/deployment.yaml b/charts/radix-operator/templates/deployment.yaml
@@ -87,6 +87,8 @@ spec:
               value: {{ .Values.deploymentsPerEnvironmentHistoryLimit | quote }}
             - name: RADIX_PIPELINE_JOBS_HISTORY_LIMIT
               value: {{ .Values.pipelineJobsHistoryLimit | quote }}
+            - name: RADIX_PIPELINE_JOBS_HISTORY_PERIOD_LIMIT
+              value: {{ .Values.pipelineJobsHistoryPeriodLimit | quote }}
             - name: RADIX_TEKTON_IMAGE
               value: {{ .Values.radixTekton }}
             - name: RADIX_IMAGE_BUILDER

diff --git a/charts/radix-operator/values.yaml b/charts/radix-operator/values.yaml
@@ -161,6 +161,7 @@ radixGroups:
 
 deploymentsPerEnvironmentHistoryLimit: 10
 pipelineJobsHistoryLimit: 5
+pipelineJobsHistoryPeriodLimit: "720h"
 logLevel: "INFO"
 logPretty: false
 oauthProxyDefaultIssuerUrl: https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0

diff --git a/operator.Dockerfile b/operator.Dockerfile
@@ -1,30 +1,24 @@
-FROM golang:1.22-alpine3.20 as base
-ENV GO111MODULE=on
-RUN apk update && \
-    apk add git ca-certificates curl && \
-    apk add --no-cache gcc musl-dev
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.5-alpine3.20 AS builder
+ARG TARGETARCH
+ENV CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=${TARGETARCH}
 
-WORKDIR /go/src/github.com/equinor/radix-operator/
+WORKDIR /src
 
-# Install project dependencies
-COPY go.mod go.sum ./
+COPY ./go.mod ./go.sum ./
 RUN go mod download
-# Copy project code
 COPY ./radix-operator ./radix-operator
 COPY ./pkg ./pkg
+WORKDIR /src/radix-operator
+RUN go build -ldflags="-s -w" -o /build/radix-operator
+
+# Final stage, ref https://github.com/GoogleContainerTools/distroless/blob/main/base/README.md for distroless
+FROM gcr.io/distroless/static
+WORKDIR /app
+COPY --from=builder /build/radix-operator .
+USER 1000
+ENTRYPOINT ["/app/radix-operator"]
 
-FROM base as builder
-# Build
-WORKDIR /go/src/github.com/equinor/radix-operator/radix-operator/
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o ./rootfs/radix-operator
-RUN addgroup -S -g 1000 radix-operator
-RUN adduser -S -u 1000 -G radix-operator radix-operator
 
-# Run operator
-FROM scratch
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /etc/passwd /etc/passwd
-COPY --from=builder /go/src/github.com/equinor/radix-operator/radix-operator/rootfs/radix-operator /usr/local/bin/radix-operator
 
-USER radix-operator
-ENTRYPOINT ["/usr/local/bin/radix-operator"]
diff --git a/pipeline.Dockerfile b/pipeline.Dockerfile
@@ -1,30 +1,21 @@
-FROM golang:1.22-alpine3.20 as base
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.5-alpine3.20 AS builder
+ARG TARGETARCH
+ENV CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=${TARGETARCH}
 
-RUN apk update && \
-    apk add ca-certificates curl git  && \
-    apk add --no-cache gcc musl-dev
+WORKDIR /src
 
-WORKDIR /go/src/github.com/equinor/radix-operator/
-
-# Install project dependencies
-COPY go.mod go.sum ./
+COPY ./go.mod ./go.sum ./
 RUN go mod download
-
-# Copy project code
 COPY ./pipeline-runner ./pipeline-runner
 COPY ./pkg ./pkg
+WORKDIR /src/pipeline-runner
+RUN go build -ldflags="-s -w" -o /build/pipeline-runner
 
-# Build
-FROM base as builder
-WORKDIR /go/src/github.com/equinor/radix-operator/pipeline-runner/
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o ./rootfs/pipeline-runner
-RUN adduser -D -g '' radix-pipeline
-
-# Run operator
-FROM scratch
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /etc/passwd /etc/passwd
-COPY --from=builder /go/src/github.com/equinor/radix-operator/pipeline-runner/rootfs/pipeline-runner /usr/local/bin/pipeline-runner
-
-USER radix-pipeline
-ENTRYPOINT ["/usr/local/bin/pipeline-runner"]
+# Final stage, ref https://github.com/GoogleContainerTools/distroless/blob/main/base/README.md for distroless
+FROM gcr.io/distroless/static
+WORKDIR /app
+COPY --from=builder /build/pipeline-runner .
+USER 1000
+ENTRYPOINT ["/app/pipeline-runner"]
diff --git a/pkg/apis/config/pipelinejob/config.go b/pkg/apis/config/pipelinejob/config.go
@@ -1,10 +1,15 @@
 package pipelinejob
 
-import "k8s.io/apimachinery/pkg/api/resource"
+import (
+	"time"
+
+	"k8s.io/apimachinery/pkg/api/resource"
+)
 
 // Config for pipeline jobs
 type Config struct {
 	PipelineJobsHistoryLimit              int
+	PipelineJobsHistoryPeriodLimit        time.Duration
 	DeploymentsHistoryLimitPerEnvironment int
 	AppBuilderResourcesLimitsMemory       *resource.Quantity
 	AppBuilderResourcesRequestsCPU        *resource.Quantity

diff --git a/pkg/apis/defaults/environment_variables.go b/pkg/apis/defaults/environment_variables.go
@@ -13,9 +13,12 @@ const (
 	// DeploymentsHistoryLimitEnvironmentVariable Controls the number of RDs we can have in a environment
 	DeploymentsHistoryLimitEnvironmentVariable = "RADIX_DEPLOYMENTS_PER_ENVIRONMENT_HISTORY_LIMIT"
 
-	// PipelineJobsHistoryLimitEnvironmentVariable Controls the number of RJs we can have in an app namespace, per groups by branch and status
+	// PipelineJobsHistoryLimitEnvironmentVariable Controls the number of RJs should exist in an app namespace, per groups by environment and status
 	PipelineJobsHistoryLimitEnvironmentVariable = "RADIX_PIPELINE_JOBS_HISTORY_LIMIT"
 
+	// PipelineJobsHistoryPeriodLimitEnvironmentVariable Controls how long an RJ should exist in an app namespace, per groups by environment and status
+	PipelineJobsHistoryPeriodLimitEnvironmentVariable = "RADIX_PIPELINE_JOBS_HISTORY_PERIOD_LIMIT"
+
 	// ClusternameEnvironmentVariable The name of the cluster
 	ClusternameEnvironmentVariable = "RADIX_CLUSTERNAME"
 

diff --git a/pkg/apis/job/job.go b/pkg/apis/job/job.go
@@ -24,8 +24,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/selection"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/util/retry"
 )
@@ -100,10 +98,6 @@ func (job *Job) OnSync(ctx context.Context) error {
 			return err
 		}
 	}
-
-	job.maintainHistoryLimit(ctx)
-	job.garbageCollectConfigMaps(ctx)
-
 	return nil
 }
 
@@ -711,44 +705,3 @@ func (job *Job) updateRadixJobStatus(ctx context.Context, rj *v1.RadixJob, chang
 	})
 	return err
 }
-
-func (job *Job) garbageCollectConfigMaps(ctx context.Context) {
-	namespace := job.radixJob.GetNamespace()
-	radixJobConfigMaps, err := job.kubeutil.ListConfigMapsWithSelector(ctx, namespace, getRadixJobNameExistsSelector().String())
-	if err != nil {
-		log.Ctx(ctx).Warn().Err(err).Msgf("Failed to get ConfigMaps while garbage collecting config-maps in %s", namespace)
-		return
-	}
-	radixJobNameSet, err := job.getRadixJobNameSet(ctx)
-	if err != nil {
-		log.Ctx(ctx).Warn().Err(err).Msg("Failed to get RadixJob name set")
-		return
-	}
-	for _, configMap := range radixJobConfigMaps {
-		jobName := configMap.GetLabels()[kube.RadixJobNameLabel]
-		if _, radixJobExists := radixJobNameSet[jobName]; !radixJobExists {
-			log.Ctx(ctx).Debug().Msgf("Delete ConfigMap %s in %s", configMap.GetName(), configMap.GetNamespace())
-			err := job.kubeutil.DeleteConfigMap(ctx, configMap.GetNamespace(), configMap.GetName())
-			if err != nil {
-				log.Ctx(ctx).Warn().Err(err).Msgf("failed to delete ConfigMap %s while garbage collecting config-maps in %s", configMap.GetName(), namespace)
-			}
-		}
-	}
-}
-
-func (job *Job) getRadixJobNameSet(ctx context.Context) (map[string]bool, error) {
-	radixJobs, err := job.getAllRadixJobs(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("failed to list RadixJobs: %w", err)
-	}
-	radixJobNameSet := make(map[string]bool)
-	for _, radixJob := range radixJobs {
-		radixJobNameSet[radixJob.GetName()] = true
-	}
-	return radixJobNameSet, nil
-}
-
-func getRadixJobNameExistsSelector() labels.Selector {
-	requirement, _ := labels.NewRequirement(kube.RadixJobNameLabel, selection.Exists, []string{})
-	return labels.NewSelector().Add(*requirement)
-}