From f3c294659a453dea322cd1088f58f798fdf2b6b0 Mon Sep 17 00:00:00 2001 From: dandds Date: Tue, 4 Dec 2018 15:26:16 -0500 Subject: [PATCH] refine test environment sample data script, add k8s role and role binding for updating sample data --- .circleci/config.yml | 6 +---- deploy/kubernetes/atst-reset-sample-data.sh | 10 +++---- deploy/kubernetes/test/atat-deploy-role.yml | 30 +++++++++++++-------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4ea3a0d4..1976976a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -240,13 +240,11 @@ workflows: nightly: triggers: - schedule: - cron: "45 * * * *" - # cron: "0 0 * * *" + cron: "0 0 * * *" filters: branches: only: - master - - test-env jobs: - app_setup - test: @@ -259,7 +257,6 @@ workflows: branches: only: - master - - test-env - deploy_test: requires: - build_and_push_image @@ -267,4 +264,3 @@ workflows: branches: only: - master - - test-env diff --git a/deploy/kubernetes/atst-reset-sample-data.sh b/deploy/kubernetes/atst-reset-sample-data.sh index 4210a9bc..32e0ea06 100755 --- a/deploy/kubernetes/atst-reset-sample-data.sh +++ b/deploy/kubernetes/atst-reset-sample-data.sh @@ -17,11 +17,6 @@ else NAMESPACE=$1 fi -if [ "${IMAGE_NAME}x" = "x" ] -then - IMAGE_NAME="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" -fi - # Remove the K8S CA file when the script exits function cleanup { printf "Cleaning up...\n" @@ -50,7 +45,10 @@ kubectl config use-context atst-deployer kubectl config current-context # we only need to run these commands against one existing pod -ATST_POD=$(kubectl -n ${NAMESPACE} get pods -l app=atst -o custom-columns=NAME:.metadata.name --no-headers) +ATST_POD=$(kubectl -n ${NAMESPACE} get pods -l app=atst -o custom-columns=NAME:.metadata.name --no-headers | sed -n 1p) +# echo "kubectl -n ${NAMESPACE} exec ${ATST_POD} -- pipenv run python script/remove_sample_data.py" +echo "removing sample data on pod ${ATST_POD}" kubectl -n ${NAMESPACE} exec ${ATST_POD} -- pipenv run python script/remove_sample_data.py +echo "seeding sample data on pod ${ATST_POD}" kubectl -n ${NAMESPACE} exec ${ATST_POD} -- pipenv run python script/seed_sample.py diff --git a/deploy/kubernetes/test/atat-deploy-role.yml b/deploy/kubernetes/test/atat-deploy-role.yml index 2e2ee7c4..8a7b6f85 100644 --- a/deploy/kubernetes/test/atat-deploy-role.yml +++ b/deploy/kubernetes/test/atat-deploy-role.yml @@ -2,17 +2,25 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: namespace: atat-test - name: atat-deploy-role + name: atat-sample-update rules: -- apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "watch", "create", "update", "patch"] - apiGroups: [""] - resources: ["services"] - verbs: ["get", "create", "update", "patch"] + resources: ["pods"] + verbs: ["get", "list"] - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "update", "patch"] -- apiGroups: ["extensions", "apps"] - resources: ["ingresses"] - verbs: ["get", "create", "update", "patch"] + resources: ["pods/exec"] + verbs: ["create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: atst-sample-role-binding + namespace: atat-test +subjects: +- kind: ServiceAccount + name: atat-deployer + namespace: atat +roleRef: + kind: Role + name: atat-sample-update + apiGroup: rbac.authorization.k8s.io