From cdb84d7cd35eb136f7f9029ee03185bcc5fe9ea4 Mon Sep 17 00:00:00 2001 From: Emil Natan <37400297+enarha@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:41:35 +0200 Subject: [PATCH] Update Results ext prod clusters (#5238) This updates Results on the external prod clusters. Includes update allowing the pipelines service team to manage the Vector pods. --- .../production/kflux-ocp-p01/deploy.yaml | 46 +++++ .../production/kflux-prd-rh02/deploy.yaml | 184 +++++++++++++++++- .../production/stone-prd-m01/deploy.yaml | 184 +++++++++++++++++- .../production/stone-prd-rh01/deploy.yaml | 184 +++++++++++++++++- .../production/stone-prod-p01/deploy.yaml | 46 +++++ .../production/stone-prod-p02/deploy.yaml | 46 +++++ 6 files changed, 666 insertions(+), 24 deletions(-) diff --git a/components/pipeline-service/production/kflux-ocp-p01/deploy.yaml b/components/pipeline-service/production/kflux-ocp-p01/deploy.yaml index 002d1bb8bd3..93fd28c1179 100644 --- a/components/pipeline-service/production/kflux-ocp-p01/deploy.yaml +++ b/components/pipeline-service/production/kflux-ocp-p01/deploy.yaml @@ -75,6 +75,33 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -585,6 +612,25 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-service-sre-manage-vector-pods +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-pipeline-service +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-sre +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true diff --git a/components/pipeline-service/production/kflux-prd-rh02/deploy.yaml b/components/pipeline-service/production/kflux-prd-rh02/deploy.yaml index 7b0f160d547..573d3a430dc 100644 --- a/components/pipeline-service/production/kflux-prd-rh02/deploy.yaml +++ b/components/pipeline-service/production/kflux-prd-rh02/deploy.yaml @@ -75,6 +75,33 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -495,6 +522,18 @@ rules: - pods/log verbs: - get +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch - apiGroups: - tekton.dev resources: @@ -589,6 +628,25 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-service-sre-manage-vector-pods +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-pipeline-service +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-sre +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -994,7 +1052,7 @@ data: LOGS_API=false LOGS_TYPE=File LOGS_BUFFER_SIZE=5242880 - LOGS_PATH=/logs + LOGS_PATH=//logs S3_BUCKET_NAME= S3_ENDPOINT= S3_HOSTNAME_IMMUTABLE=false @@ -1006,6 +1064,18 @@ data: STORAGE_EMULATOR_HOST= PROFILING=true PROFILING_PORT=6060 + CONVERTER_ENABLE=false + CONVERTER_DB_LIMIT=50 + LOGGING_PLUGIN_PROXY_PATH=/api/logs/v1/application + LOGGING_PLUGIN_TOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token + LOGGING_PLUGIN_NAMESPACE_KEY=kubernetes_namespace_name + LOGGING_PLUGIN_STATIC_LABELS='log_type=application' + LOGGING_PLUGIN_CA_CERT= + LOGGING_PLUGIN_QUERY_LIMIT=1700 + LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE= + LOGGING_PLUGIN_FORWARDER_DELAY_DURATION=10 + LOGGING_PLUGIN_API_URL=s3://tekton-logs + LOGGING_PLUGIN_QUERY_PARAMS='v1alpha2LogType=true&use_path_style=true' kind: ConfigMap metadata: annotations: @@ -1147,6 +1217,21 @@ metadata: namespace: tekton-results --- apiVersion: v1 +data: + maxRetention: "30" + runAt: 5 5 * * 0 +kind: ConfigMap +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + app.kubernetes.io/name: tekton-results-retention-policy + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-config-results-retention-policy + namespace: tekton-results +--- +apiVersion: v1 data: version: devel kind: ConfigMap @@ -1367,20 +1452,20 @@ spec: - name: LOGS_API value: "true" - name: LOGS_TYPE - value: S3 + value: blob - name: S3_HOSTNAME_IMMUTABLE value: "true" - - name: S3_ACCESS_KEY_ID + - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: tekton-results-s3 - - name: S3_SECRET_ACCESS_KEY + - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: tekton-results-s3 - - name: S3_REGION + - name: AWS_REGION valueFrom: secretKeyRef: key: aws_region @@ -1390,11 +1475,16 @@ spec: secretKeyRef: key: bucket name: tekton-results-s3 - - name: S3_ENDPOINT + - name: AWS_ENDPOINT_URL valueFrom: secretKeyRef: key: endpoint name: tekton-results-s3 + - name: LOGGING_PLUGIN_API_URL + valueFrom: + secretKeyRef: + key: s3_url + name: tekton-results-s3 - name: DB_USER valueFrom: secretKeyRef: @@ -1415,7 +1505,7 @@ spec: secretKeyRef: key: db.name name: tekton-results-database - image: quay.io/redhat-appstudio/tekton-results-api:ed360eccc021ad5eedf8ea9c0732912ef602b15a + image: quay.io/konflux-ci/tekton-results-api:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a livenessProbe: httpGet: path: /healthz @@ -1479,6 +1569,83 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-retention-policy-agent + namespace: tekton-results +spec: + replicas: 0 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: quay.io/konflux-ci/tekton-results-retention-policy-agent:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a + name: retention-policy-agent + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -1557,6 +1724,7 @@ spec: - -completed_run_grace_period - 10m - -threadiness=32 + - -logs_api=true env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1574,7 +1742,7 @@ spec: value: tekton-results-api-service.tekton-pipelines.svc.cluster.local:8080 - name: AUTH_MODE value: token - image: quay.io/redhat-appstudio/tekton-results-watcher:bae7851ff584423503af324200f52cd28ca99116 + image: quay.io/konflux-ci/tekton-results-watcher:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a name: watcher ports: - containerPort: 9090 diff --git a/components/pipeline-service/production/stone-prd-m01/deploy.yaml b/components/pipeline-service/production/stone-prd-m01/deploy.yaml index d225a4ea2be..76c13f1d603 100644 --- a/components/pipeline-service/production/stone-prd-m01/deploy.yaml +++ b/components/pipeline-service/production/stone-prd-m01/deploy.yaml @@ -75,6 +75,33 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -479,6 +506,18 @@ rules: - pods/log verbs: - get +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch - apiGroups: - tekton.dev resources: @@ -573,6 +612,25 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-service-sre-manage-vector-pods +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-pipeline-service +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-sre +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -963,7 +1021,7 @@ data: LOGS_API=false LOGS_TYPE=File LOGS_BUFFER_SIZE=5242880 - LOGS_PATH=/logs + LOGS_PATH=//logs S3_BUCKET_NAME= S3_ENDPOINT= S3_HOSTNAME_IMMUTABLE=false @@ -975,6 +1033,18 @@ data: STORAGE_EMULATOR_HOST= PROFILING=true PROFILING_PORT=6060 + CONVERTER_ENABLE=false + CONVERTER_DB_LIMIT=50 + LOGGING_PLUGIN_PROXY_PATH=/api/logs/v1/application + LOGGING_PLUGIN_TOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token + LOGGING_PLUGIN_NAMESPACE_KEY=kubernetes_namespace_name + LOGGING_PLUGIN_STATIC_LABELS='log_type=application' + LOGGING_PLUGIN_CA_CERT= + LOGGING_PLUGIN_QUERY_LIMIT=1700 + LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE= + LOGGING_PLUGIN_FORWARDER_DELAY_DURATION=10 + LOGGING_PLUGIN_API_URL=s3://tekton-logs + LOGGING_PLUGIN_QUERY_PARAMS='v1alpha2LogType=true&use_path_style=true' kind: ConfigMap metadata: annotations: @@ -1116,6 +1186,21 @@ metadata: namespace: tekton-results --- apiVersion: v1 +data: + maxRetention: "30" + runAt: 5 5 * * 0 +kind: ConfigMap +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + app.kubernetes.io/name: tekton-results-retention-policy + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-config-results-retention-policy + namespace: tekton-results +--- +apiVersion: v1 data: version: devel kind: ConfigMap @@ -1336,20 +1421,20 @@ spec: - name: LOGS_API value: "true" - name: LOGS_TYPE - value: S3 + value: blob - name: S3_HOSTNAME_IMMUTABLE value: "true" - - name: S3_ACCESS_KEY_ID + - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: tekton-results-s3 - - name: S3_SECRET_ACCESS_KEY + - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: tekton-results-s3 - - name: S3_REGION + - name: AWS_REGION valueFrom: secretKeyRef: key: aws_region @@ -1359,11 +1444,16 @@ spec: secretKeyRef: key: bucket name: tekton-results-s3 - - name: S3_ENDPOINT + - name: AWS_ENDPOINT_URL valueFrom: secretKeyRef: key: endpoint name: tekton-results-s3 + - name: LOGGING_PLUGIN_API_URL + valueFrom: + secretKeyRef: + key: s3_url + name: tekton-results-s3 - name: DB_USER valueFrom: secretKeyRef: @@ -1384,7 +1474,7 @@ spec: secretKeyRef: key: db.name name: tekton-results-database - image: quay.io/redhat-appstudio/tekton-results-api:ed360eccc021ad5eedf8ea9c0732912ef602b15a + image: quay.io/konflux-ci/tekton-results-api:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a livenessProbe: httpGet: path: /healthz @@ -1448,6 +1538,83 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-retention-policy-agent + namespace: tekton-results +spec: + replicas: 0 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: quay.io/konflux-ci/tekton-results-retention-policy-agent:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a + name: retention-policy-agent + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -1526,6 +1693,7 @@ spec: - -completed_run_grace_period - 10m - -threadiness=32 + - -logs_api=true env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1543,7 +1711,7 @@ spec: value: tekton-results-api-service.tekton-pipelines.svc.cluster.local:8080 - name: AUTH_MODE value: token - image: quay.io/redhat-appstudio/tekton-results-watcher:bae7851ff584423503af324200f52cd28ca99116 + image: quay.io/konflux-ci/tekton-results-watcher:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a name: watcher ports: - containerPort: 9090 diff --git a/components/pipeline-service/production/stone-prd-rh01/deploy.yaml b/components/pipeline-service/production/stone-prd-rh01/deploy.yaml index ad6c44ffa17..15dfb7d9a51 100644 --- a/components/pipeline-service/production/stone-prd-rh01/deploy.yaml +++ b/components/pipeline-service/production/stone-prd-rh01/deploy.yaml @@ -75,6 +75,33 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -479,6 +506,18 @@ rules: - pods/log verbs: - get +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch - apiGroups: - tekton.dev resources: @@ -573,6 +612,25 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-service-sre-manage-vector-pods +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-pipeline-service +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-sre +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -963,7 +1021,7 @@ data: LOGS_API=false LOGS_TYPE=File LOGS_BUFFER_SIZE=5242880 - LOGS_PATH=/logs + LOGS_PATH=//logs S3_BUCKET_NAME= S3_ENDPOINT= S3_HOSTNAME_IMMUTABLE=false @@ -975,6 +1033,18 @@ data: STORAGE_EMULATOR_HOST= PROFILING=true PROFILING_PORT=6060 + CONVERTER_ENABLE=false + CONVERTER_DB_LIMIT=50 + LOGGING_PLUGIN_PROXY_PATH=/api/logs/v1/application + LOGGING_PLUGIN_TOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token + LOGGING_PLUGIN_NAMESPACE_KEY=kubernetes_namespace_name + LOGGING_PLUGIN_STATIC_LABELS='log_type=application' + LOGGING_PLUGIN_CA_CERT= + LOGGING_PLUGIN_QUERY_LIMIT=1700 + LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE= + LOGGING_PLUGIN_FORWARDER_DELAY_DURATION=10 + LOGGING_PLUGIN_API_URL=s3://tekton-logs + LOGGING_PLUGIN_QUERY_PARAMS='v1alpha2LogType=true&use_path_style=true' kind: ConfigMap metadata: annotations: @@ -1116,6 +1186,21 @@ metadata: namespace: tekton-results --- apiVersion: v1 +data: + maxRetention: "30" + runAt: 5 5 * * 0 +kind: ConfigMap +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + app.kubernetes.io/name: tekton-results-retention-policy + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-config-results-retention-policy + namespace: tekton-results +--- +apiVersion: v1 data: version: devel kind: ConfigMap @@ -1336,20 +1421,20 @@ spec: - name: LOGS_API value: "true" - name: LOGS_TYPE - value: S3 + value: blob - name: S3_HOSTNAME_IMMUTABLE value: "true" - - name: S3_ACCESS_KEY_ID + - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: key: aws_access_key_id name: tekton-results-s3 - - name: S3_SECRET_ACCESS_KEY + - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: key: aws_secret_access_key name: tekton-results-s3 - - name: S3_REGION + - name: AWS_REGION valueFrom: secretKeyRef: key: aws_region @@ -1359,11 +1444,16 @@ spec: secretKeyRef: key: bucket name: tekton-results-s3 - - name: S3_ENDPOINT + - name: AWS_ENDPOINT_URL valueFrom: secretKeyRef: key: endpoint name: tekton-results-s3 + - name: LOGGING_PLUGIN_API_URL + valueFrom: + secretKeyRef: + key: s3_url + name: tekton-results-s3 - name: DB_USER valueFrom: secretKeyRef: @@ -1384,7 +1474,7 @@ spec: secretKeyRef: key: db.name name: tekton-results-database - image: quay.io/redhat-appstudio/tekton-results-api:ed360eccc021ad5eedf8ea9c0732912ef602b15a + image: quay.io/konflux-ci/tekton-results-api:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a livenessProbe: httpGet: path: /healthz @@ -1448,6 +1538,83 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-retention-policy-agent + namespace: tekton-results +spec: + replicas: 0 + selector: + matchLabels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: tekton-results-retention-policy-agent + app.kubernetes.io/version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: tekton-results-config-logging + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: tekton-results-postgres + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: tekton-results-postgres + image: quay.io/konflux-ci/tekton-results-retention-policy-agent:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a + name: retention-policy-agent + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/tekton/results + name: config + readOnly: true + - mountPath: /etc/tls + name: tls + readOnly: true + serviceAccountName: tekton-results-watcher + volumes: + - configMap: + name: tekton-results-api-config + name: config + - name: tls + secret: + secretName: tekton-results-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -1526,6 +1693,7 @@ spec: - -completed_run_grace_period - 10m - -threadiness=32 + - -logs_api=true env: - name: SYSTEM_NAMESPACE valueFrom: @@ -1543,7 +1711,7 @@ spec: value: tekton-results-api-service.tekton-pipelines.svc.cluster.local:8080 - name: AUTH_MODE value: token - image: quay.io/redhat-appstudio/tekton-results-watcher:bae7851ff584423503af324200f52cd28ca99116 + image: quay.io/konflux-ci/tekton-results-watcher:cc0e0ecfe4cd88c9e7537e23e4a2b159e397d59a name: watcher ports: - containerPort: 9090 diff --git a/components/pipeline-service/production/stone-prod-p01/deploy.yaml b/components/pipeline-service/production/stone-prod-p01/deploy.yaml index 7dcebc86de0..a704f77d85b 100644 --- a/components/pipeline-service/production/stone-prod-p01/deploy.yaml +++ b/components/pipeline-service/production/stone-prod-p01/deploy.yaml @@ -75,6 +75,33 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -585,6 +612,25 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-service-sre-manage-vector-pods +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-pipeline-service +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-sre +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true diff --git a/components/pipeline-service/production/stone-prod-p02/deploy.yaml b/components/pipeline-service/production/stone-prod-p02/deploy.yaml index 9b3c6685ac5..ff7ac105717 100644 --- a/components/pipeline-service/production/stone-prod-p02/deploy.yaml +++ b/components/pipeline-service/production/stone-prod-p02/deploy.yaml @@ -75,6 +75,33 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -585,6 +612,25 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pipeline-service-sre-manage-vector-pods + namespace: tekton-logging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-service-sre-manage-vector-pods +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-pipeline-service +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: konflux-sre +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true