Cron log #141
Cron log #141
Conversation
Add the service account forgold production viewer-cli
Connect up a network policy to allow prod cron job to run
Add a flag to prevent empty dir
| @@ -18,3 +18,24 @@ spec: | |||
| name: {{ .Chart.Name }} | |||
| policyTypes: | |||
| - Ingress | |||
| --- | |||
There was a problem hiding this comment.
we have one network policy already; do we need another one or can just update the existing one?
There was a problem hiding this comment.
I believe we need one for the cron job in the tools namespace to access patroni, and I believe we need one for the job in the prod namespace to access the tools patroni instance.
There was a problem hiding this comment.
hm.. not clear.. did something not work without this Network policy?
There was a problem hiding this comment.
the log job wasn't running for me until I added it. Once I did there were no more issues. Before I added the network police, the job would trigger, but the initdb step failed run. I made sure the credentials in prod and tools namespaces matched, but that didn't fix the issue. Only the network policy did.
| - from: | ||
| - podSelector: | ||
| matchLabels: | ||
| app.kubernetes.io/name: kc-cron-job |
There was a problem hiding this comment.
can we have this name dynamically so that it syncs up with other labels in cronjobx
such as {{ include "..name" . }}
There was a problem hiding this comment.
done, I did use the name override value since I believe that determines the pod names
docker/kc-cron-job/event-logs.js
Outdated
| input: fs.createReadStream(`${dirname}/${filename}`), | ||
| }); | ||
| promises.push(saveLogsForFile(lineReader, client)); | ||
| if (fs.existsSync(dirname)) { |
There was a problem hiding this comment.
for readability, can we handle the edge case first and exit?
such as
if (!fs.existsSync(dirname)) {
console.info(`Directory ${dirname} does not exist.`);
return
}
so that it prevents the main logic is in a nested structure.
helm/kc-cron-job/Makefile
Outdated
| @@ -31,3 +31,10 @@ service-acount-secret: | |||
| --from-literal=keycloak-url=${URL} \ | |||
| --from-literal=client-id=script-cli \ | |||
| --from-literal=client-secret=${CLIENTSECRET} | |||
|
|
|||
| .PHONY: service-acount-secret-gold-prod | |||
There was a problem hiding this comment.
it seems like a duplicate function with the one above:
since Makefile is more for the deployment, can we have this function in a separate bash script that takes client-id as an argument? also, let's have a check to make sure the secret does not exist.
There was a problem hiding this comment.
done, though I left the check out, using kubctl create will error out if it tries to create a secret that already exists.
implemented jm changes on the code
fixed the makefile in helm
Simple fix to check that a directory exists and prevents the job from erroring out when it's absent.
Add a network policy to allow the prod cron job to access the tools db