extract statefulset-runner to a standalone deployment

cloudfoundry · Oct 17, 2024 · 6781705 · 6781705
1 parent c5d494e
commit 6781705
Show file tree

Hide file tree

Showing 16 changed files with 330 additions and 57 deletions.
diff --git a/controllers/config/config.go b/controllers/config/config.go
@@ -9,9 +9,6 @@ import (
 )
 
 type ControllerConfig struct {
-	// components
-	IncludeStatefulsetRunner bool `yaml:"includeStatefulsetRunner"`
-
 	// core controllers
 	CFProcessDefaults                CFProcessDefaults  `yaml:"cfProcessDefaults"`
 	CFStagingResources               CFStagingResources `yaml:"cfStagingResources"`

diff --git a/controllers/main.go b/controllers/main.go
@@ -60,7 +60,6 @@ import (
 	packageswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/packages"
 	spaceswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/spaces"
 	taskswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/tasks"
-	statefulsetcontrollers "code.cloudfoundry.org/korifi/statefulset-runner/controllers"
 	"code.cloudfoundry.org/korifi/tools"
 	"code.cloudfoundry.org/korifi/tools/image"
 	"code.cloudfoundry.org/korifi/version"
@@ -333,28 +332,6 @@ func main() {
 			os.Exit(1)
 		}
 
-		if controllerConfig.IncludeStatefulsetRunner {
-			if err = statefulsetcontrollers.NewAppWorkloadReconciler(
-				mgr.GetClient(),
-				mgr.GetScheme(),
-				statefulsetcontrollers.NewAppWorkloadToStatefulsetConverter(mgr.GetScheme()),
-				statefulsetcontrollers.NewPDBUpdater(mgr.GetClient()),
-				controllersLog,
-			).SetupWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create controller", "controller", "AppWorkload")
-				os.Exit(1)
-			}
-
-			if err = statefulsetcontrollers.NewRunnerInfoReconciler(
-				mgr.GetClient(),
-				mgr.GetScheme(),
-				controllersLog,
-			).SetupWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create controller", "controller", "RunnerInfo")
-				os.Exit(1)
-			}
-		}
-
 		if err = routes.NewReconciler(
 			mgr.GetClient(),
 			mgr.GetScheme(),

diff --git a/helm/korifi/controllers/configmap.yaml b/helm/korifi/controllers/configmap.yaml
@@ -5,7 +5,6 @@ metadata:
   namespace: {{ .Release.Namespace }}
 data:
   config.yaml: |-
-    includeStatefulsetRunner: {{ .Values.statefulsetRunner.include }}
     builderName: {{ .Values.reconcilers.build }}
     runnerName: {{ .Values.reconcilers.run }}
     cfProcessDefaults:

diff --git a/helm/korifi/controllers/rbac.yaml b/helm/korifi/controllers/rbac.yaml
@@ -79,19 +79,3 @@ subjects:
 - kind: ServiceAccount
   name: korifi-controllers-controller-manager
   namespace: {{ .Release.Namespace }}
-
-{{- if .Values.statefulsetRunner.include }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: korifi-statefulset-runner-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: korifi-statefulset-runner-appworkload-manager-role
-subjects:
-- kind: ServiceAccount
-  name: korifi-controllers-controller-manager
-  namespace: {{ .Release.Namespace }}
-{{- end }}
diff --git a/helm/korifi/statefulset-runner/deployment.yaml b/helm/korifi/statefulset-runner/deployment.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: statefulset-runner
+  name: statefulset-runner-controller-manager
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.statefulsetRunner.replicas }}
+  selector:
+    matchLabels:
+      app: statefulset-runner
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+        prometheus.io/path: /metrics
+        prometheus.io/port: "8080"
+        prometheus.io/scrape: "true"
+      labels:
+        app: statefulset-runner
+    spec:
+      containers:
+      - name: manager
+        image: {{ .Values.statefulsetRunner.image }}
+{{- if .Values.debug }}
+        command:
+        - "/dlv"
+        args:
+        - "--listen=:40000"
+        - "--headless=true"
+        - "--api-version=2"
+        - "exec"
+        - "/manager"
+        - "--continue"
+        - "--accept-multiclient"
+        - "--"
+        - "--health-probe-bind-address=:8081"
+        - "--leader-elect"
+{{- else }}
+        args:
+        - --health-probe-bind-address=:8081
+        - --leader-elect
+{{- end }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        ports:
+        - containerPort: 8080
+          name: metrics
+          protocol: TCP
+        resources:
+        {{- .Values.statefulsetRunner.resources | toYaml | nindent 10 }}
+        {{- include "korifi.securityContext" . | indent 8 }}
+      {{- include "korifi.podSecurityContext" . | indent 6 }}
+      serviceAccountName: statefulset-runner-controller-manager
+{{- if .Values.statefulsetRunner.nodeSelector }}
+      nodeSelector:
+      {{ toYaml .Values.statefulsetRunner.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.statefulsetRunner.tolerations }}
+      tolerations:
+      {{- toYaml .Values.statefulsetRunner.tolerations | nindent 8 }}
+{{- end }}
+      terminationGracePeriodSeconds: 10
diff --git a/helm/korifi/statefulset-runner/post-install-runnerinfo.yaml b/helm/korifi/statefulset-runner/post-install-runnerinfo.yaml
@@ -23,7 +23,7 @@ spec:
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
         helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     spec:
-      serviceAccountName: korifi-controllers-controller-manager
+      serviceAccountName: statefulset-runner-controller-manager
       restartPolicy: Never
       {{- include "korifi.podSecurityContext" . | indent 6 }}
       containers:

diff --git a/helm/korifi/statefulset-runner/rbac.yaml b/helm/korifi/statefulset-runner/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: statefulset-runner-controller-manager
+  namespace: {{ .Release.Namespace }}
+imagePullSecrets:
+{{- range .Values.systemImagePullSecrets }}
+- name: {{ . | quote }}
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: statefulset-runner-leader-election-rolebinding
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: korifi-controllers-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: statefulset-runner-controller-manager
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: statefulset-runner-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: korifi-statefulset-runner-appworkload-manager-role
+subjects:
+- kind: ServiceAccount
+  name: statefulset-runner-controller-manager
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/korifi/statefulset-runner/service.yaml b/helm/korifi/statefulset-runner/service.yaml
@@ -0,0 +1,18 @@
+---
+{{- if .Values.debug }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: statefulset-runner-debug-port
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+    - name: debug-30055
+      nodePort: 30055
+      port: 30055
+      protocol: TCP
+      targetPort: 40000
+  selector:
+    app: statefulset-runner
+  type: NodePort
+{{- end }}
diff --git a/helm/korifi/values.yaml b/helm/korifi/values.yaml
@@ -112,14 +112,15 @@ kpackImageBuilder:
 
 statefulsetRunner:
   include: true
+  image: cloudfoundry/statefulset-runner:latest
   replicas: 1
   resources:
     limits:
-      cpu: 500m
-      memory: 128Mi
+      cpu: 1000m
+      memory: 1Gi
     requests:
-      cpu: 10m
-      memory: 64Mi
+      cpu: 50m
+      memory: 100Mi
 
 jobTaskRunner:
   include: true

diff --git a/scripts/assets/korifi-debug-kbld.yml b/scripts/assets/korifi-debug-kbld.yml
@@ -20,6 +20,12 @@ sources:
     buildx:
       file: kpack-image-builder/remote-debug/Dockerfile
 
+- image: cloudfoundry/statefulset-runner:latest
+  path: .
+  docker:
+    buildx:
+      file: statefulset-runner/remote-debug/Dockerfile
+
 - image: cloudfoundry/job-task-runner:latest
   path: .
   docker:

diff --git a/scripts/assets/korifi-kbld.yml b/scripts/assets/korifi-kbld.yml
@@ -20,6 +20,12 @@ sources:
     buildx:
       file: kpack-image-builder/Dockerfile
 
+- image: cloudfoundry/statefulset-runner:latest
+  path: .
+  docker:
+    buildx:
+      file: statefulset-runner/Dockerfile
+
 - image: cloudfoundry/job-task-runner:latest
   path: .
   docker:

diff --git a/statefulset-runner/Dockerfile b/statefulset-runner/Dockerfile
@@ -0,0 +1,32 @@
+# syntax = docker/dockerfile:experimental
+FROM golang:1.23 as builder
+
+ARG version=dev
+
+WORKDIR /workspace
+
+COPY go.mod go.sum ./
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    go mod download
+
+COPY api api
+COPY controllers controllers
+COPY statefulset-runner statefulset-runner
+COPY model model
+COPY tools tools
+COPY version version
+
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 GOOS=linux go build -ldflags "-X code.cloudfoundry.org/korifi/version.Version=${version}" -o manager statefulset-runner/main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]