danskernesdigitalebibliotek · ITViking · Aug 19, 2024 · Aug 22, 2024 · Aug 22, 2024 · Aug 22, 2024
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/copy-files-from-nginx-to-cli.sh b/infrastructure/dpladm/bin/csi-migration-scripts/copy-files-from-nginx-to-cli.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+#
+# Start a KK Shell session
+#
+# Syntax:
+#  dplsh [-p profile-name] [additional shell args]
+#
+set -euo pipefail
+
+NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}' | grep herning)
+
+for ns in $NAMESPACES; do
+  echo $ns
+  NGINX=$(kubectl get pod -n $ns -l lagoon.sh/service=nginx -o name | head -n1)
+  CLI=$(kubectl get pod -n $ns -l lagoon.sh/service=cli --no-headers | grep -v cronjob | grep Running | awk '{print $1}')
+  kubectl exec -n $ns $NGINX -- tar cf - /app/web/sites/default/files | kubectl exec -i -n $ns $CLI  -- tar xvfk - -C / || true
+done
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/create-pv-and-pvc-for-namespace.sh b/infrastructure/dpladm/bin/csi-migration-scripts/create-pv-and-pvc-for-namespace.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+#
+# This script creates new PersistentVolumeClaims and PersistentVolumes for a namespace
+#
+
+set -euo pipefail
+
+source ./deleteOldPvAndPvc.sh
+
+# Test the entered namespace for good measure
+kubectl get ns $1
+
+echo "Adding new PVC and PV to $1"
+
+#Get the volume name of the PV
+VOLUME_NAME=$(kubectl get pvc -n $1 nginx | grep pvc | awk '{print $3}')
+# Change it's name slighty so we can recognize it from the old ones
+NEW="new-"
+NEW_VOLUME_NAME=${NEW}${VOLUME_NAME}
+echo $NEW_VOLUME_NAME
+
+# Set the PVC's volumeName to the new volume name
+volumeName=$NEW_VOLUME_NAME yq -i '.spec.volumeName = strenv(volumeName)' pvc.yaml
+namespace=$1 yq -i '.metadata.namespace = strenv(namespace)' pvc.yaml
+
+# Set the PV's name  to the new volume name
+volumeName=$NEW_VOLUME_NAME yq -i '.metadata.name = strenv(volumeName)' pv.yaml
+# The sharename is the same as we are doing a logical deletion and not a real one
+shareName=$VOLUME_NAME yq -i '.spec.csi.volumeAttributes.shareName = strenv(shareName)' pv.yaml
+
+# Apply the new PV and PVC to the cluster
+kubectl apply -f pv.yaml
+kubectl apply -f pvc.yaml
+
+# Switch the nginx deployments nginx volume to use the new PVC
+kubectl patch deployments.apps -n $1 nginx -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "new-nginx"}}]}}}}'
+
+echo "$1 is now using the intermediary SC via it's new PVC and PV. The Nginx has been patched and new pods spun up"
+
+echo "Proceeding to remove the now obsolete PV and PVC from the namespace $1"
+
+backupAndDeleteOldPvAndPvc $1 $VOLUME_NAME "nginx"
+
+echo ######## Done ########
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/delete-pv-and-pvc.sh b/infrastructure/dpladm/bin/csi-migration-scripts/delete-pv-and-pvc.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+#
+# This script creates new PersistentVolumeClaims and PersistentVolumes for a namespace
+#
+
+set -euo pipefail
+
+NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}')
+for NAMESPACE in $NAMESPACES; do
+  echo $NAMESPACE
+  # Get pvc variable
+  PV_NAME=$(kubectl get pv -n $NAMESPACE new-nginx | grep pvc | awk '{print $3}') || true
+  echo $PV_NAME
+  if [ -z $PV_NAME ]; then
+    echo "skipping"
+    continue
+  fi
+  echo $PV_NAME
+
+  # Delete old PVC from namespace
+  kubectl delete pvc -n $NAMESPACE new-nginx --wait=false || true
+  kubectl patch pvc -n $NAMESPACE new-nginx -p '{"metadata":{"finalizers":null}}' || true
+  # Mark old PV as up for deletion
+  # kubectl delete pv $PV_NAME  --grace-period=0 --wait=false || true
+  # kubectl patch pv $PV_NAME -p '{"metadata":{"finalizers":null}}' || true
+
+done
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/deleteOldPvAndPvc.sh b/infrastructure/dpladm/bin/csi-migration-scripts/deleteOldPvAndPvc.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+#
+# This script creates new PersistentVolumeClaims and PersistentVolumes for a namespace
+#
+
+set -euo pipefail
+
+function backupAndDeleteOldPvAndPvc() {
+  local NAMESPACE=$1
+  local VOLUME_NAME=$2
+  local PVC_NAME=$3
+
+  # Backup the the old PVC and PV before deleting them
+  kubectl get pvc -n $NAMESPACE $PVC_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${PVC_NAME}.yaml"
+  kubectl get pv $VOLUME_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${VOLUME_NAME}"
-  kubectl get pvc -n $NAMESPACE $PVC_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${PVC_NAME}.yaml"
-  kubectl get pv $VOLUME_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${VOLUME_NAME}"
+  kubectl get pvc -n "$NAMESPACE" "$PVC_NAME" -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${PVC_NAME}.yaml"
+  kubectl get pv "$VOLUME_NAME" -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${VOLUME_NAME}"
-  kubectl get pvc -n $NAMESPACE $PVC_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${PVC_NAME}.yaml"
-  kubectl get pv $VOLUME_NAME -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${VOLUME_NAME}"
+  kubectl get pvc -n "$NAMESPACE" "$PVC_NAME" -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${PVC_NAME}.yaml"
+  kubectl get pv "$VOLUME_NAME" -o yaml > "./pvAndPvcBackup/${NAMESPACE}_${VOLUME_NAME}"
+  # Delete old PVC from namespace
+  kubectl delete pvc -n $NAMESPACE $PVC_NAME --wait=false
+  kubectl patch pvc -n $NAMESPACE $PVC_NAME -p '{"metadata":{"finalizers":null}}'
-  kubectl delete pvc -n $NAMESPACE $PVC_NAME --wait=false
-  kubectl patch pvc -n $NAMESPACE $PVC_NAME -p '{"metadata":{"finalizers":null}}'
+  kubectl delete pvc -n "$NAMESPACE" "$PVC_NAME" --wait=false
+  kubectl patch pvc -n "$NAMESPACE" "$PVC_NAME" -p '{"metadata":{"finalizers":null}}'
-  kubectl delete pvc -n $NAMESPACE $PVC_NAME --wait=false
-  kubectl patch pvc -n $NAMESPACE $PVC_NAME -p '{"metadata":{"finalizers":null}}'
+  kubectl delete pvc -n "$NAMESPACE" "$PVC_NAME" --wait=false
+  kubectl patch pvc -n "$NAMESPACE" "$PVC_NAME" -p '{"metadata":{"finalizers":null}}'
+  # Mark old PV as up for deletion
+  kubectl delete pv $VOLUME_NAME  --grace-period=0 --wait=false
+  kubectl patch pv $VOLUME_NAME -p '{"metadata":{"finalizers":null}}'
-  kubectl delete pv $VOLUME_NAME  --grace-period=0 --wait=false
-  kubectl patch pv $VOLUME_NAME -p '{"metadata":{"finalizers":null}}'
+  kubectl delete pv "$VOLUME_NAME"  --grace-period=0 --wait=false
+  kubectl patch pv "$VOLUME_NAME" -p '{"metadata":{"finalizers":null}}'
-  kubectl delete pv $VOLUME_NAME  --grace-period=0 --wait=false
-  kubectl patch pv $VOLUME_NAME -p '{"metadata":{"finalizers":null}}'
+  kubectl delete pv "$VOLUME_NAME"  --grace-period=0 --wait=false
+  kubectl patch pv "$VOLUME_NAME" -p '{"metadata":{"finalizers":null}}'
+}
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/make-tmp-pv-and-pvc-for-namespace.sh b/infrastructure/dpladm/bin/csi-migration-scripts/make-tmp-pv-and-pvc-for-namespace.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+#
+# Start a KK Shell session
+#
+# Syntax:
+#  dplsh [-p profile-name] [additional shell args]
+#
+set -euo pipefail
+
+NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}' | grep main)
+VOLUMEHANDLE_PREFIX="/subscriptions/8ac8a259-5bb3-4799-bd1e-455145b12550/resourceGroups/rg-env-dplplat01/providers/Microsoft.Storage/storageAccounts/stdpldplplat01585708af/"
+for ns in $NAMESPACES; do
+  echo $ns
+  # Get pvc variable
+  SHARE_NAME=$(kubectl get pvc -n $ns tmp-nginx | grep pvc | awk '{print $3}' | cut -c 5- )
+  # echo $SHARE_NAME
+
+  PROJECT_NAME=$(echo $ns | rev | cut -c 6- | rev)
+  # echo $PROJECT_NAME
+  # Set the PV's name  to the new sharename
+  volumeName="$SHARE_NAME" yq -i '.metadata.name = strenv(volumeName)' pv.yaml
+  # The sharename is the same as we are doing a logical deletion and not a real one
+  shareName=$SHARE_NAME yq -i '.spec.csi.volumeAttributes.shareName = strenv(shareName)' pv.yaml
+
+  volumeHandle="$VOLUMEHANDLE_PREFIX$SHARE_NAME" yq -i '.spec.csi.volumeHandle = strenv(volumeHandle)' pv.yaml
+  namespace=$ns yq -i '.metadata.namespace = strenv(namespace)' pv.yaml
+  namespace=$ns yq -i '.spec.csi.nodeStageSecretRef.namespace = strenv(namespace)' pv.yaml
+  # cat pv.yaml
+
+  namespace=$ns yq -i '.metadata.namespace = strenv(namespace)' pvc.yaml
+  volumeName="$SHARE_NAME" yq -i '.spec.volumeName = strenv(volumeName)' pvc.yaml
+  projectName=$PROJECT_NAME yq -i '.metadata.labels."lagoon.sh/project" = strenv(projectName)' pvc.yaml
+  # cat pvc.yaml
+  kubectl apply -f pv.yaml
+  kubectl apply -f pvc.yaml
+
+  kubectl patch deployments.apps -n $ns cli -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "nginx"}}]}}}}'
+  kubectl patch deployments.apps -n $ns nginx -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "nginx"}}]}}}}'
+done
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/new-bulk.yaml b/infrastructure/dpladm/bin/csi-migration-scripts/new-bulk.yaml
@@ -0,0 +1,12 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: bulk
+provisioner: file.csi.azure.com
+reclaimPolicy: Retain
+volumeBindingMode: Immediate
+allowVolumeExpansion: true
+parameters:
+  resourcegroup: rg-env-dplplat01
+  skuName: Standard_LRS
+  storageAccount: stdpldplplat01585708af
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/patch-nginx-in-namespaces.sh b/infrastructure/dpladm/bin/csi-migration-scripts/patch-nginx-in-namespaces.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+#
+# Start a KK Shell session
+#
+# Syntax:
+#  dplsh [-p profile-name] [additional shell args]
+#
+set -euo pipefail
+
+NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}' )
+
+for ns in $NAMESPACES; do
+  echo $ns
+  kubectl patch deployments.apps -n $ns nginx -p '{"spec":{"template":{"spec": {"volumes": [{"name": "nginx", "persistentVolumeClaim": { "claimName": "tmp-nginx"}}]}}}}'
+done
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/patch-pvc-metadata.sh b/infrastructure/dpladm/bin/csi-migration-scripts/patch-pvc-metadata.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Start a KK Shell session
+#
+# Syntax:
+#  dplsh [-p profile-name] [additional shell args]
+#
+set -euo pipefail
+
+NAMESPACES=$(kubectl get ns -l lagoon.sh/controller=lagoon --no-headers | awk '{print $1}')
+for ns in $NAMESPACES; do
+  echo $ns
+  kubectl patch -n $ns pvc nginx -p '{
+    "metadata": {
+      "annotations": {
+        "kubectl.kubernetes.io/last-applied-configuration": null
+      }
+    }
+  }' || true
+done
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/pv.yaml b/infrastructure/dpladm/bin/csi-migration-scripts/pv.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: file.csi.azure.com
+  name: pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826
+  namespace: vordingborg-main
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: bulk
+  csi:
+    driver: file.csi.azure.com
+    readOnly: false
+    volumeHandle: /subscriptions/8ac8a259-5bb3-4799-bd1e-455145b12550/resourceGroups/rg-env-dplplat01/providers/Microsoft.Storage/storageAccounts/stdpldplplat01585708af/pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826 # make sure volumeid is unique for every identical share in the cluster
+    volumeAttributes:
+      resourceGroup: rg-env-dplplat01 # optional, only set this when storage account is not in the same resource group as the cluster nodes
+      shareName: pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826
+    nodeStageSecretRef:
+      name: azure-storage-account-stdpldplplat01585708af-secret
+      namespace: vordingborg-main
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=0
+    - gid=0
+    - mfsymlinks
+    - nosharesock
+    - nobrl # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
diff --git a/infrastructure/dpladm/bin/csi-migration-scripts/pvc.yaml b/infrastructure/dpladm/bin/csi-migration-scripts/pvc.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  annotations:
+    k8up.syn.tools/backup: "true"
+    lagoon.sh/branch: main
+    lagoon.sh/version: 23.12.0
+  finalizers:
+    - kubernetes.io/pvc-protection
+  labels:
+    app.kubernetes.io/instance: nginx
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: nginx-php-persistent
+    helm.sh/chart: nginx-php-persistent-0.1.0
+    lagoon.sh/buildType: branch
+    lagoon.sh/environment: main
+    lagoon.sh/environmentType: production
+    lagoon.sh/project: vordingborg
+    lagoon.sh/service: nginx
+    lagoon.sh/service-type: nginx-php-persistent
+  name: nginx
+  namespace: "vordingborg-main"
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: bulk
+  volumeMode: Filesystem
+  volumeName: "pvc-5e5d8491-5ed5-4f92-ad51-598e507a9826"
diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
@@ -14,13 +14,21 @@ sites:
   # Testing and instructional sites
   canary:
     name: "Canary"
-    description: "A site to test new releases on"
+    description: "A site for developers and operators to test on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.36.0"
     plan: webmaster
     moduletest-dpl-cms-release: "2024.36.0"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
+  staging:
+    name: "Staging"
+    description: "A site to test new releases on"
+    releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+    releaseImageName: dpl-cms-source
+    dpl-cms-release: "2024.33.0"
+    plan: webmaster
+    deploy_key:
   cms-school:
     name: "CMS-skole"
     description: "Et site til undervisning i CMSet"