Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cron log #141

Merged
merged 5 commits into from
Jul 15, 2022
Merged

Cron log #141

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c723c27
feat: cronfix
thegentlemanphysicist Jul 12, 2022
a05a814
chore: fixcron
thegentlemanphysicist Jul 13, 2022
7eb3330
chore: cronfix
thegentlemanphysicist Jul 15, 2022
f63f258
chore: cronlog
thegentlemanphysicist Jul 15, 2022
103950e
chore: cronlog
thegentlemanphysicist Jul 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .tool-versions
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
nodejs 14.14.0
python 3.8.6
kubectl 1.18.0
kubectl 1.24.2
oc 4.7.5
helm 3.8.2
yarn 1.22.4
Expand Down
18 changes: 11 additions & 7 deletions docker/kc-cron-job/event-logs.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,14 +67,18 @@ const reduceDataFromFiles = async (dirname) => {
try {
client = getClient();
await client.connect();
const files = await fsPromises.readdir(dirname);
for (const filename of files) {
const lineReader = readline.createInterface({
input: fs.createReadStream(`${dirname}/${filename}`),
});
promises.push(saveLogsForFile(lineReader, client));
if (fs.existsSync(dirname)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for readability, can we handle the edge case first and exit?
such as

if (!fs.existsSync(dirname)) {
console.info(`Directory ${dirname} does not exist.`);
return
}

so that it prevents the main logic is in a nested structure.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

const files = await fsPromises.readdir(dirname);
for (const filename of files) {
const lineReader = readline.createInterface({
input: fs.createReadStream(`${dirname}/${filename}`),
});
promises.push(saveLogsForFile(lineReader, client));
}
await Promise.all(promises);
} else {
console.info(`Directory ${dirname} does not exist.`);
}
await Promise.all(promises);
} catch (e) {
console.error('error while reducing file data', e);
} finally {
Expand Down
7 changes: 7 additions & 0 deletions helm/kc-cron-job/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,10 @@ service-acount-secret:
--from-literal=keycloak-url=${URL} \
--from-literal=client-id=script-cli \
--from-literal=client-secret=${CLIENTSECRET}

.PHONY: service-acount-secret-gold-prod
Copy link
Contributor

@junminahn junminahn Jul 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems like a duplicate function with the one above:
since Makefile is more for the deployment, can we have this function in a separate bash script that takes client-id as an argument? also, let's have a check to make sure the secret does not exist.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, though I left the check out, using kubctl create will error out if it tries to create a secret that already exists.

service-acount-secret-gold-prod:
kubectl create secret generic kc-cron-service-account -n "${NAMESPACE}" \
--from-literal=keycloak-url=${URL} \
--from-literal=client-id=viewer-cli \
--from-literal=client-secret=${CLIENTSECRET}
21 changes: 21 additions & 0 deletions helm/kc-cron-job/templates/network-policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,24 @@ spec:
name: {{ .Chart.Name }}
policyTypes:
- Ingress
---
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have one network policy already; do we need another one or can just update the existing one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we need one for the cron job in the tools namespace to access patroni, and I believe we need one for the job in the prod namespace to access the tools patroni instance.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm.. not clear.. did something not work without this Network policy?

Copy link
Contributor Author

@thegentlemanphysicist thegentlemanphysicist Jul 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the log job wasn't running for me until I added it. Once I did there were no more issues. Before I added the network police, the job would trigger, but the initdb step failed run. I made sure the credentials in prod and tools namespaces matched, but that didn't fix the issue. Only the network policy did.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: kc-cron-prod-access
namespace: {{ .Values.networkPolicy.licensePlate }}-tools
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: kc-cron-job
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: kc-cron-job
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we have this name dynamically so that it syncs up with other labels in cronjobx
such as {{ include "..name" . }}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, I did use the name override value since I believe that determines the pod names

namespaceSelector:
matchLabels:
environment: prod
name: {{ .Values.networkPolicy.licensePlate }}
policyTypes:
- Ingress