From bff26d6dfb1f8d61012e4de8c1d821098f2b0727 Mon Sep 17 00:00:00 2001 From: Rohit Sharma Date: Wed, 6 May 2020 21:16:30 +0100 Subject: [PATCH 1/2] Adding cleanup job --- hokstack/files/jobs/cleanup.sh | 38 +++++++++++++++ hokstack/templates/jobs/cleanup-cm.yaml | 8 ++++ hokstack/templates/jobs/cleanup-job.yaml | 48 +++++++++++++++++++ hokstack/templates/jobs/cluster-watch-cm.yaml | 2 +- .../templates/jobs/cluster-watch-job.yaml | 4 +- hokstack/templates/rbac/hok-admin.yaml | 34 +++++++++++++ hokstack/values.yaml | 14 +++++- 7 files changed, 144 insertions(+), 4 deletions(-) create mode 100644 hokstack/files/jobs/cleanup.sh create mode 100644 hokstack/templates/jobs/cleanup-cm.yaml create mode 100644 hokstack/templates/jobs/cleanup-job.yaml create mode 100644 hokstack/templates/rbac/hok-admin.yaml diff --git a/hokstack/files/jobs/cleanup.sh b/hokstack/files/jobs/cleanup.sh new file mode 100644 index 0000000..5433055 --- /dev/null +++ b/hokstack/files/jobs/cleanup.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +function create_kubeconfig() { + # export KUBECONFIG=./hok + API_SERVER="https://${KUBERNETES_PORT_443_TCP_ADDR}:443" + TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) + CA_FILE="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + kubectl config set-cluster hok --server=$API_SERVER --certificate-authority=$CA_FILE --embed-certs=true + kubectl config set-credentials hok-admin --token=$TOKEN + kubectl config set-context hok --cluster hok --user hok-admin + kubectl config use-context hok +} + +function remove_statefulsets() { + for i in $(kubectl get sts -n $NAMESPACE |awk '{print $1}'|grep -iv name); do + kubectl patch sts $i -p '{"metadata":{"finalizers":null}}' -n $NAMESPACE; + kubectl delete sts $i --grace-period=0 --force -n $NAMESPACE; + done; +} + +function remove_pvc() { + for i in $(kubectl get pvc -n $NAMESPACE |awk '{print $1}'|grep -iv name); do + kubectl delete pvc $i -n $NAMESPACE; + done; +} + + +if [ "{{.Values.cleanup.enabled}}" == "true" ]; then + create_kubeconfig +fi + +if [ "{{.Values.cleanup.removestatefulest.enabled}}" == "true" ]; then + remove_statefulsets +fi + +if [ "{{.Values.cleanup.removepvc.enabled}}" == "true" ]; then + remove_pvc +fi \ No newline at end of file diff --git a/hokstack/templates/jobs/cleanup-cm.yaml b/hokstack/templates/jobs/cleanup-cm.yaml new file mode 100644 index 0000000..1ff0de1 --- /dev/null +++ b/hokstack/templates/jobs/cleanup-cm.yaml @@ -0,0 +1,8 @@ +{{- if .Values.cleanup.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: cleanup-sh +data: +{{ (tpl (.Files.Glob "files/jobs/cleanup.sh").AsConfig . ) | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/hokstack/templates/jobs/cleanup-job.yaml b/hokstack/templates/jobs/cleanup-job.yaml new file mode 100644 index 0000000..7a536f1 --- /dev/null +++ b/hokstack/templates/jobs/cleanup-job.yaml @@ -0,0 +1,48 @@ +{{- if .Values.cleanup.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: cleanup-job + annotations: + "helm.sh/hook": "post-delete" +spec: + template: + spec: + serviceAccountName: hok-admin + containers: + - name: cleanup + image: {{ .Values.ambariserver.image.repository }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: ["bash","-c", "/scripts/cleanup.sh"] + env: + - name: AMBARISERVER + value: "ambariserver-0" + - name: DATANODE + value: "datanode" + - name: PODIP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PODNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: cleanup-sh + mountPath: /scripts/cleanup.sh + subPath: cleanup.sh + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + volumes: + - name: cleanup-sh + configMap: + name: cleanup-sh + defaultMode: 0777 + backoffLimit: 5 + completions: 1 + parallelism: 1 +{{- end }} \ No newline at end of file diff --git a/hokstack/templates/jobs/cluster-watch-cm.yaml b/hokstack/templates/jobs/cluster-watch-cm.yaml index 1af89c9..a82926c 100644 --- a/hokstack/templates/jobs/cluster-watch-cm.yaml +++ b/hokstack/templates/jobs/cluster-watch-cm.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ambariserver.enabled }} +{{- if .Values.clusterwatch.enabled }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/hokstack/templates/jobs/cluster-watch-job.yaml b/hokstack/templates/jobs/cluster-watch-job.yaml index 092eb2a..de0ca27 100644 --- a/hokstack/templates/jobs/cluster-watch-job.yaml +++ b/hokstack/templates/jobs/cluster-watch-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ambariserver.enabled }} +{{- if .Values.clusterwatch.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -44,4 +44,4 @@ spec: backoffLimit: 5 completions: 1 parallelism: 1 - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/hokstack/templates/rbac/hok-admin.yaml b/hokstack/templates/rbac/hok-admin.yaml new file mode 100644 index 0000000..ba4bbfc --- /dev/null +++ b/hokstack/templates/rbac/hok-admin.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hok-admin +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hok-admin +subjects: +- kind: ServiceAccount + name: hok-admin + namespace: {{ .Values.teamname }} +roleRef: + kind: ClusterRole + name: hok-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hok-admin + namespace: {{ .Values.teamname }} \ No newline at end of file diff --git a/hokstack/values.yaml b/hokstack/values.yaml index 1120166..0c95d58 100644 --- a/hokstack/values.yaml +++ b/hokstack/values.yaml @@ -2,7 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -teamname: shubh-demo1 +teamname: team1 imagePullPolicy: Always postgres: @@ -205,3 +205,15 @@ kdc: storageClassName: gp2 accessModes: ReadWriteOnce storage: 10Gi + +clusterwatch: + enabled: true + +cleanup: + enabled: true + + removestatefulest: + enabled: true + + removepvc: + enabled: true \ No newline at end of file From 813d4f45866e158e4f59291856529fee3080424c Mon Sep 17 00:00:00 2001 From: Rohit Sharma Date: Sun, 10 May 2020 13:31:09 +0100 Subject: [PATCH 2/2] Adding after final testing --- hokstack/files/jobs/cleanup.sh | 19 +++++++++++++++---- hokstack/templates/datanode/datanode.yaml | 3 +++ hokstack/templates/jobs/cleanup-cm.yaml | 2 ++ hokstack/templates/jobs/cleanup-job.yaml | 4 ++-- hokstack/templates/rbac/hok-admin.yaml | 23 +++++++++++++++++------ hokstack/values.yaml | 3 --- 6 files changed, 39 insertions(+), 15 deletions(-) diff --git a/hokstack/files/jobs/cleanup.sh b/hokstack/files/jobs/cleanup.sh index 5433055..32c2215 100644 --- a/hokstack/files/jobs/cleanup.sh +++ b/hokstack/files/jobs/cleanup.sh @@ -9,21 +9,32 @@ function create_kubeconfig() { kubectl config set-credentials hok-admin --token=$TOKEN kubectl config set-context hok --cluster hok --user hok-admin kubectl config use-context hok + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] kubeconfig generation complete." } function remove_statefulsets() { - for i in $(kubectl get sts -n $NAMESPACE |awk '{print $1}'|grep -iv name); do + for i in $(kubectl get sts -n $NAMESPACE |awk '{print $1}'|grep -iv name); do kubectl patch sts $i -p '{"metadata":{"finalizers":null}}' -n $NAMESPACE; - kubectl delete sts $i --grace-period=0 --force -n $NAMESPACE; + # kubectl delete sts $i --grace-period=0 --force -n $NAMESPACE; + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] Patching statefulset $i" done; } function remove_pvc() { + # PODCOUNT=$(kubectl get pods -o json |jq .items[].metadata.name -r |wc -l) for i in $(kubectl get pvc -n $NAMESPACE |awk '{print $1}'|grep -iv name); do kubectl delete pvc $i -n $NAMESPACE; + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] Removing PVC $i" done; } +function remove_residual() { + sleep 30 + kubectl delete cm cleanup-sh -n $NAMESPACE + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] Removing cleanup-sh configMap" + kubectl delete job cleanup-job -n $NAMESPACE + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] Removing cleanup-job" +} if [ "{{.Values.cleanup.enabled}}" == "true" ]; then create_kubeconfig @@ -33,6 +44,6 @@ if [ "{{.Values.cleanup.removestatefulest.enabled}}" == "true" ]; then remove_statefulsets fi -if [ "{{.Values.cleanup.removepvc.enabled}}" == "true" ]; then - remove_pvc +if [ "{{.Values.cleanup.enabled}}" == "true" ]; then + remove_residual fi \ No newline at end of file diff --git a/hokstack/templates/datanode/datanode.yaml b/hokstack/templates/datanode/datanode.yaml index f655fad..5aa4760 100644 --- a/hokstack/templates/datanode/datanode.yaml +++ b/hokstack/templates/datanode/datanode.yaml @@ -48,6 +48,9 @@ spec: postStart: exec: command: {{.Values.datanode.lifecycle.postStart.exec.command}} + # preStop: + # exec: + # command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] ports: - containerPort: 2181 - containerPort: 50070 diff --git a/hokstack/templates/jobs/cleanup-cm.yaml b/hokstack/templates/jobs/cleanup-cm.yaml index 1ff0de1..e9c8bea 100644 --- a/hokstack/templates/jobs/cleanup-cm.yaml +++ b/hokstack/templates/jobs/cleanup-cm.yaml @@ -3,6 +3,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: cleanup-sh + annotations: + "helm.sh/hook": "pre-install" data: {{ (tpl (.Files.Glob "files/jobs/cleanup.sh").AsConfig . ) | indent 4 }} {{- end }} \ No newline at end of file diff --git a/hokstack/templates/jobs/cleanup-job.yaml b/hokstack/templates/jobs/cleanup-job.yaml index 7a536f1..d6fa645 100644 --- a/hokstack/templates/jobs/cleanup-job.yaml +++ b/hokstack/templates/jobs/cleanup-job.yaml @@ -4,11 +4,11 @@ kind: Job metadata: name: cleanup-job annotations: - "helm.sh/hook": "post-delete" + "helm.sh/hook": "pre-delete" spec: template: spec: - serviceAccountName: hok-admin + serviceAccountName: {{ .Values.teamname }}-hok-admin containers: - name: cleanup image: {{ .Values.ambariserver.image.repository }} diff --git a/hokstack/templates/rbac/hok-admin.yaml b/hokstack/templates/rbac/hok-admin.yaml index ba4bbfc..c0a5813 100644 --- a/hokstack/templates/rbac/hok-admin.yaml +++ b/hokstack/templates/rbac/hok-admin.yaml @@ -1,7 +1,11 @@ +{{- if .Values.cleanup.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: hok-admin + name: {{ .Values.teamname }}-hok-admin + annotations: + # "helm.sh/hook": "pre-delete" + # "helm.sh/hook-delete-policy": "hook-succeeded" rules: - apiGroups: - '*' @@ -17,18 +21,25 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hok-admin + name: {{ .Values.teamname }}-hok-admin + annotations: + # "helm.sh/hook": "pre-delete" + # "helm.sh/hook-delete-policy": "hook-succeeded" subjects: - kind: ServiceAccount - name: hok-admin + name: {{ .Values.teamname }}-hok-admin namespace: {{ .Values.teamname }} roleRef: kind: ClusterRole - name: hok-admin + name: {{ .Values.teamname }}-hok-admin apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: - name: hok-admin - namespace: {{ .Values.teamname }} \ No newline at end of file + name: {{ .Values.teamname }}-hok-admin + namespace: {{ .Values.teamname }} + annotations: + # "helm.sh/hook": "pre-delete" + # "helm.sh/hook-delete-policy": "hook-succeeded" +{{- end }} \ No newline at end of file diff --git a/hokstack/values.yaml b/hokstack/values.yaml index 0c95d58..33b89e6 100644 --- a/hokstack/values.yaml +++ b/hokstack/values.yaml @@ -213,7 +213,4 @@ cleanup: enabled: true removestatefulest: - enabled: true - - removepvc: enabled: true \ No newline at end of file