diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/copy-files-from-nginx-to-cli.sh b/infrastructure/dpladm/bin/csi-migration-scripts/copy-files-from-nginx-to-cli.sh new file mode 100755 index 00000000..cc85a5d3 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/copy-files-from-nginx-to-cli.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# +# Start a KK Shell session +# +# Syntax: +# dplsh [-p profile-name] [additional shell args] +# +set -euo pipefail + +NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}' | grep herning) + +for ns in $NAMESPACES; do + echo $ns + NGINX=$(kubectl get pod -n $ns -l lagoon.sh/service=nginx -o name | head -n1) + CLI=$(kubectl get pod -n $ns -l lagoon.sh/service=cli --no-headers | grep -v cronjob | grep Running | awk '{print $1}') + kubectl exec -n $ns $NGINX -- tar cf - /app/web/sites/default/files | kubectl exec -i -n $ns $CLI -- tar xvfk - -C / || true +done diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/create-pv-and-pvc-for-namespace.sh b/infrastructure/dpladm/bin/csi-migration-scripts/create-pv-and-pvc-for-namespace.sh new file mode 100755 index 00000000..a9733f2c --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/create-pv-and-pvc-for-namespace.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +# +# This script creates new PersistentVolumeClaims and PersistentVolumes for a namespace +# + +set -euo pipefail + +source ./deleteOldPvAndPvc.sh + +# Test the entered namespace for good measure +kubectl get ns $1 + +echo "Adding new PVC and PV to $1" + +#Get the volume name of the PV +VOLUME_NAME=$(kubectl get pvc -n $1 nginx | grep pvc | awk '{print $3}') +# Change it's name slighty so we can recognize it from the old ones +NEW="new-" +NEW_VOLUME_NAME=${NEW}${VOLUME_NAME} +echo $NEW_VOLUME_NAME + +# Set the PVC's volumeName to the new volume name +volumeName=$NEW_VOLUME_NAME yq -i '.spec.volumeName = strenv(volumeName)' pvc.yaml +namespace=$1 yq -i '.metadata.namespace = strenv(namespace)' pvc.yaml + +# Set the PV's name to the new volume name +volumeName=$NEW_VOLUME_NAME yq -i '.metadata.name = strenv(volumeName)' pv.yaml +# The sharename is the same as we are doing a logical deletion and not a real one +shareName=$VOLUME_NAME yq -i '.spec.csi.volumeAttributes.shareName = strenv(shareName)' pv.yaml + +# Apply the new PV and PVC to the cluster +kubectl apply -f pv.yaml +kubectl apply -f pvc.yaml + +# Switch the nginx deployments nginx volume to use the new PVC +kubectl patch deployments.apps -n $1 nginx -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "new-nginx"}}]}}}}' + +echo "$1 is now using the intermediary SC via it's new PVC and PV. The Nginx has been patched and new pods spun up" + +echo "Proceeding to remove the now obsolete PV and PVC from the namespace $1" + +backupAndDeleteOldPvAndPvc $1 $VOLUME_NAME "nginx" + +echo ######## Done ######## diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/delete-pv-and-pvc.sh b/infrastructure/dpladm/bin/csi-migration-scripts/delete-pv-and-pvc.sh new file mode 100755 index 00000000..bc9475a6 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/delete-pv-and-pvc.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +# +# This script creates new PersistentVolumeClaims and PersistentVolumes for a namespace +# + +set -euo pipefail + +NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}') +for NAMESPACE in $NAMESPACES; do + echo $NAMESPACE + # Get pvc variable + PV_NAME=$(kubectl get pv -n $NAMESPACE new-nginx | grep pvc | awk '{print $3}') || true + echo $PV_NAME + if [ -z $PV_NAME ]; then + echo "skipping" + continue + fi + echo $PV_NAME + + # Delete old PVC from namespace + kubectl delete pvc -n $NAMESPACE new-nginx --wait=false || true + kubectl patch pvc -n $NAMESPACE new-nginx -p '{"metadata":{"finalizers":null}}' || true + # Mark old PV as up for deletion + # kubectl delete pv $PV_NAME --grace-period=0 --wait=false || true + # kubectl patch pv $PV_NAME -p '{"metadata":{"finalizers":null}}' || true + +done diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/deleteOldPvAndPvc.sh b/infrastructure/dpladm/bin/csi-migration-scripts/deleteOldPvAndPvc.sh new file mode 100644 index 00000000..eec25cc7 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/deleteOldPvAndPvc.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# +# This script creates new PersistentVolumeClaims and PersistentVolumes for a namespace +# + +set -euo pipefail + +function backupAndDeleteOldPvAndPvc() { + local NAMESPACE=$1 + local VOLUME_NAME=$2 + local PVC_NAME=$3 + + # Backup the the old PVC and PV before deleting them + kubectl get pvc -n $NAMESPACE $PVC_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${PVC_NAME}.yaml" + kubectl get pv $VOLUME_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${VOLUME_NAME}" + # Delete old PVC from namespace + kubectl delete pvc -n $NAMESPACE $PVC_NAME --wait=false + kubectl patch pvc -n $NAMESPACE $PVC_NAME -p '{"metadata":{"finalizers":null}}' + # Mark old PV as up for deletion + kubectl delete pv $VOLUME_NAME --grace-period=0 --wait=false + kubectl patch pv $VOLUME_NAME -p '{"metadata":{"finalizers":null}}' +} diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/make-tmp-pv-and-pvc-for-namespace.sh b/infrastructure/dpladm/bin/csi-migration-scripts/make-tmp-pv-and-pvc-for-namespace.sh new file mode 100755 index 00000000..2e5a1d06 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/make-tmp-pv-and-pvc-for-namespace.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash +# +# Start a KK Shell session +# +# Syntax: +# dplsh [-p profile-name] [additional shell args] +# +set -euo pipefail + +NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}' | grep main) +VOLUMEHANDLE_PREFIX="/subscriptions/8ac8a259-5bb3-4799-bd1e-455145b12550/resourceGroups/rg-env-dplplat01/providers/Microsoft.Storage/storageAccounts/stdpldplplat01585708af/" +for ns in $NAMESPACES; do + echo $ns + # Get pvc variable + SHARE_NAME=$(kubectl get pvc -n $ns tmp-nginx | grep pvc | awk '{print $3}' | cut -c 5- ) + # echo $SHARE_NAME + + PROJECT_NAME=$(echo $ns | rev | cut -c 6- | rev) + # echo $PROJECT_NAME + # Set the PV's name to the new sharename + volumeName="$SHARE_NAME" yq -i '.metadata.name = strenv(volumeName)' pv.yaml + # The sharename is the same as we are doing a logical deletion and not a real one + shareName=$SHARE_NAME yq -i '.spec.csi.volumeAttributes.shareName = strenv(shareName)' pv.yaml + + volumeHandle="$VOLUMEHANDLE_PREFIX$SHARE_NAME" yq -i '.spec.csi.volumeHandle = strenv(volumeHandle)' pv.yaml + namespace=$ns yq -i '.metadata.namespace = strenv(namespace)' pv.yaml + namespace=$ns yq -i '.spec.csi.nodeStageSecretRef.namespace = strenv(namespace)' pv.yaml + # cat pv.yaml + + namespace=$ns yq -i '.metadata.namespace = strenv(namespace)' pvc.yaml + volumeName="$SHARE_NAME" yq -i '.spec.volumeName = strenv(volumeName)' pvc.yaml + projectName=$PROJECT_NAME yq -i '.metadata.labels."lagoon.sh/project" = strenv(projectName)' pvc.yaml + # cat pvc.yaml + kubectl apply -f pv.yaml + kubectl apply -f pvc.yaml + + kubectl patch deployments.apps -n $ns cli -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "nginx"}}]}}}}' + kubectl patch deployments.apps -n $ns nginx -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "nginx"}}]}}}}' +done diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/new-bulk.yaml b/infrastructure/dpladm/bin/csi-migration-scripts/new-bulk.yaml new file mode 100644 index 00000000..bbbd797d --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/new-bulk.yaml @@ -0,0 +1,12 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: bulk +provisioner: file.csi.azure.com +reclaimPolicy: Retain +volumeBindingMode: Immediate +allowVolumeExpansion: true +parameters: + resourcegroup: rg-env-dplplat01 + skuName: Standard_LRS + storageAccount: stdpldplplat01585708af diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/patch-nginx-in-namespaces.sh b/infrastructure/dpladm/bin/csi-migration-scripts/patch-nginx-in-namespaces.sh new file mode 100755 index 00000000..faa76303 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/patch-nginx-in-namespaces.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +# +# Start a KK Shell session +# +# Syntax: +# dplsh [-p profile-name] [additional shell args] +# +set -euo pipefail + +NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}' ) + +for ns in $NAMESPACES; do + echo $ns + kubectl patch deployments.apps -n $ns nginx -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "tmp-nginx"}}]}}}}' +done diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/patch-pvc-metadata.sh b/infrastructure/dpladm/bin/csi-migration-scripts/patch-pvc-metadata.sh new file mode 100755 index 00000000..f7831ff5 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/patch-pvc-metadata.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# +# Start a KK Shell session +# +# Syntax: +# dplsh [-p profile-name] [additional shell args] +# +set -euo pipefail + +NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}') +for ns in $NAMESPACES; do + echo $ns + kubectl patch -n $ns pvc nginx -p '{ + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": null + } + } + }' || true +done diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/pv.yaml b/infrastructure/dpladm/bin/csi-migration-scripts/pv.yaml new file mode 100644 index 00000000..4090ddfe --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/pv.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + annotations: + pv.kubernetes.io/provisioned-by: file.csi.azure.com + name: pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826 + namespace: vordingborg-main +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: bulk + csi: + driver: file.csi.azure.com + readOnly: false + volumeHandle: /subscriptions/8ac8a259-5bb3-4799-bd1e-455145b12550/resourceGroups/rg-env-dplplat01/providers/Microsoft.Storage/storageAccounts/stdpldplplat01585708af/pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826 # make sure volumeid is unique for every identical share in the cluster + volumeAttributes: + resourceGroup: rg-env-dplplat01 # optional, only set this when storage account is not in the same resource group as the cluster nodes + shareName: pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826 + nodeStageSecretRef: + name: azure-storage-account-stdpldplplat01585708af-secret + namespace: vordingborg-main + mountOptions: + - dir_mode=0777 + - file_mode=0777 + - uid=0 + - gid=0 + - mfsymlinks + - nosharesock + - nobrl # disable sending byte range lock requests to the server and for applications which have challenges with posix locks diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/pvc.yaml b/infrastructure/dpladm/bin/csi-migration-scripts/pvc.yaml new file mode 100644 index 00000000..66becff1 --- /dev/null +++ b/infrastructure/dpladm/bin/csi-migration-scripts/pvc.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + k8up.syn.tools/backup: "true" + lagoon.sh/branch: main + lagoon.sh/version: 23.12.0 + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: nginx-php-persistent + helm.sh/chart: nginx-php-persistent-0.1.0 + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: vordingborg + lagoon.sh/service: nginx + lagoon.sh/service-type: nginx-php-persistent + name: nginx + namespace: "vordingborg-main" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: bulk + volumeMode: Filesystem + volumeName: "pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826" diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml index eccd2a09..208701d8 100644 --- a/infrastructure/environments/dplplat01/sites.yaml +++ b/infrastructure/environments/dplplat01/sites.yaml @@ -14,13 +14,21 @@ sites: # Testing and instructional sites canary: name: "Canary" - description: "A site to test new releases on" + description: "A site for developers and operators to test on" releaseImageRepository: ghcr.io/danskernesdigitalebibliotek releaseImageName: dpl-cms-source dpl-cms-release: "2024.36.0" plan: webmaster moduletest-dpl-cms-release: "2024.36.0" deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx" + staging: + name: "Staging" + description: "A site to test new releases on" + releaseImageRepository: ghcr.io/danskernesdigitalebibliotek + releaseImageName: dpl-cms-source + dpl-cms-release: "2024.33.0" + plan: webmaster + deploy_key: cms-school: name: "CMS-skole" description: "Et site til undervisning i CMSet"