feat(ARM): Update service to support MAC M1/M2 (ARM processor), fix m…

…inor issue with local setup - SAAS-1953 (#190) * Update service to support ARM processor, fix minor issue with local setup --------- Co-authored-by: Nguyen Hoan Tien <[email protected]>
armory · Oct 19, 2023 · 51165d0 · 51165d0
1 parent e98d186
commit 51165d0
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 57 deletions.
diff --git a/README.md b/README.md
@@ -49,52 +49,49 @@ The script does the following:
 * Deploys a basic Armory Continuous Deployment instance with some default
   integrations to the `spinnaker` namespace.
 
-If you already have the Armory Operator deployed, you can use
-`SPIN_OP_DEPLOY=0` to specify not to deploy the Operator.
+The script also provide variables based on customize usage, you can set those variables as environment before execute the script 
 
-### Deploy open source Spinnaker
-
-#### Deploy Spinnaker Operator open source
+**Variable**
+- **SPIN_FLAVOR**: Distribution of spinnaker operator to deploy _(default: armory)_
+  + `armory`
+  + `oss`
 
-```shell
-# Pick a release from https://github.com/armory/spinnaker-operator/releases (or clone the repo and use the master branch for the latest development work)
-mkdir -p spinnaker-operator && cd spinnaker-operator
-bash -c 'curl -L https://github.com/armory/spinnaker-operator/releases/latest/download/manifests.tgz | tar -xz'
-
-# Install or update CRDs cluster wide
-kubectl apply -f deploy/crds/
+- **SPIN_OP_DEPLOY** : Deploy Operator or not. _(default: 1)_
+  + Set to `0` to **skip** deploy Operator
+  + Set to `1`  to deploy the operator. 
+    > When deploying, if we already one running operator in our cluster with the same namespace. It will delete the old one automatically
 
-# Install operator in namespace spinnaker-operator, see below if you want a different namespace
-kubectl create ns spinnaker-operator
-kubectl -n spinnaker-operator apply -f deploy/operator/cluster
-```
+- **SPIN_OP_VERSION** : Define the version of operator we want to deploy _(default: latest)_, check https://github.com/armory/spinnaker-operator/releases for the list release version
 
+- **SPIN_OP_NS**: Specify the namespace of operator _(default: spinnaker-operator)_
 
-#### Deploy Spinnaker
+- **SPIN_OP_MODE**: Distribution of Spinnaker operator mode to use _(default: cluster)_
+  + `basic`
+  + `cluster`
+  > Currently, this script isn't support for `helm` mode. If you want to deploy operator with helm, please deploy it manually and set variable `SPIN_OP_DEPLOY`
 
-You can use oss recipes to deploy Spinnaker instead of Armory Continuous
-Delivery.
+- **SPIN_WATCH**: Watch/Wait for spinnaker to come up or not _(default: 1)_
+  + Set to `0` to **skip**
+  + Set to `1`  to watch/wait
 
-```shell
-# Delete default recipe
-rm kustomization.yml
-
-# Create symlink for oss recipe
-ln -s ./recipes/kustomization-oss-minimum.yml kustomization.yml
+### Deploy open source Spinnaker
 
-# Create the spinnaker namespace
-kubectl create ns spinnaker
+1. You can use oss recipes to deploy Spinnaker instead of Armory Continuous Delivery.
+    ```shell
+    # Delete default recipe
+    rm kustomization.yml
 
-# Build the kustomize template and deploy in kubernetes
-kustomize build . | kubectl apply -f -
-```
+    # Create symlink for oss recipe
+    ln -s ./recipes/kustomization-oss-minimum.yml kustomization.yml
+    ```
 
-When you use an oss recipe, it does the following:
+    When you use an oss recipe, it does the following:
 
-* Modifies relevant patch files, replacing `apiVersion:
-  spinnaker.armory.io/v1alpha2` with `apiVersion: spinnaker.io/v1alpha2`.
-* Deploys a basic of Spinnaker to the `spinnaker` namespace.
+    * Modifies relevant patch files, replacing `apiVersion:
+      spinnaker.armory.io/v1alpha2` with `apiVersion: spinnaker.io/v1alpha2`.
+    * Deploys a basic of Spinnaker to the `spinnaker` namespace.
 
+1. Execute `deploy.sh` script to deploy **Spinnaker Operator**, with latest version, and **Spinnaker**
 
 ## Add remote clusters script
 

diff --git a/deploy.sh b/deploy.sh
@@ -16,6 +16,8 @@ SPIN_FLAVOR=${SPIN_FLAVOR:-armory}         # Distribution of spinnaker to deploy
 SPIN_OP_DEPLOY=${SPIN_OP_DEPLOY:-1}        # Whether or not to deploy and manage operator (0 or 1)
 SPIN_OP_VERSION=${SPIN_OP_VERSION:-latest} # Spinnaker operator version
 SPIN_WATCH=${SPIN_WATCH:-1}                # Whether or not to watch/wait for Spinnaker to come up (0 or 1)
+SPIN_OP_NS=${SPIN_OP_NS:-"spinnaker-operator"} # Distribution Operator namespace
+SPIN_OP_MODE=${SPIN_OP_MODE:-"cluster"}  # Distribution of operator mode to use (basic or cluser)
 
 ROOT_DIR="$(
   cd "$(dirname "$0")" >/dev/null 2>&1 || exit 1
@@ -140,11 +142,11 @@ function find_current_operator_details() {
 
 function delete_operator() {
   info "Deleting operator\n"
-  exec_kubectl_mutating "kubectl -n $OPERATOR_NS delete deployment spinnaker-operator" handle_generic_kubectl_error
+  exec_kubectl_mutating "kubectl -n $SPIN_OP_NS delete deployment spinnaker-operator" handle_generic_kubectl_error
 }
 
 function check_operator_deployment() {
-  OP_READY_REP=$({ kubectl -n $OPERATOR_NS get deployment spinnaker-operator -o json | jq '.status.readyReplicas'; } 2>>"$OUT")
+  OP_READY_REP=$({ kubectl -n $SPIN_OP_NS get deployment spinnaker-operator -o json | jq '.status.readyReplicas'; } 2>>"$OUT")
   [[ "$OP_READY_REP" == "1" ]] && OP_READY=1 || OP_READY=0
 }
 
@@ -157,10 +159,15 @@ function deploy_operator() {
   info "Downloading operator from $OP_URL\n"
   { curl -L $OP_URL | tar -xz; } >>"$OUT" 2>&1
   exec_kubectl_mutating "kubectl apply -f $ROOT_DIR/operator/deploy/crds/" handle_generic_kubectl_error
-  if ! kubectl get ns "$OPERATOR_NS" >/dev/null 2>&1; then
-    exec_kubectl_mutating "kubectl create ns $OPERATOR_NS" handle_generic_kubectl_error
+  if ! kubectl get ns "$SPIN_OP_NS" >/dev/null 2>&1; then
+    exec_kubectl_mutating "kubectl create ns $SPIN_OP_NS" handle_generic_kubectl_error
   fi
-  exec_kubectl_mutating "kubectl -n $OPERATOR_NS apply -k $ROOT_DIR/operator" handle_generic_kubectl_error
+
+  if [ "$SPIN_OP_MODE" == "helm" ]; then
+    error "Helm deployment isn't support with this script right now, you should try the \"basic\" or \"cluster\" mode.\nOr you can try to deploy Helm Operator manually and set env var SPIN_OP_DEPLOY=0 to skip the overriding from this script.\n We will update helm suport in this script soon"
+  fi
+
+  exec_kubectl_mutating "kubectl -n $SPIN_OP_NS apply -f $ROOT_DIR/operator/deploy/operator/$SPIN_OP_MODE" handle_generic_kubectl_error
   info "Waiting for operator to start."
   check_operator_deployment
   while [[ $OP_READY != 1 ]]; do
@@ -176,15 +183,14 @@ function assert_operator() {
   [[ $SPIN_OP_DEPLOY = 0 ]] && info "Not manging operator\n" && return
 
   find_current_operator_details
-  OPERATOR_NS=$(grep "^namespace:" "$ROOT_DIR"/operator/kustomization.yml | awk '{print $2}')
-  info "Resolved operator namespace: $OPERATOR_NS\n"
+  info "Resolved operator namespace: $SPIN_OP_NS\n"
   check_operator_deployment
 
-  if [[ "$CURRENT_OP_NS" != "" && "$CURRENT_OP_NS" != "$OPERATOR_NS" ]]; then
-    error "There is already a spinnaker operator in the cluster at namespace \"$CURRENT_OP_NS\", and doesn't match the desired namespace \"$OPERATOR_NS\". Change desired namespace in operator/kustomization.yml, or delete the existing operator, or set the env var SPIN_OP_DEPLOY=0 to ignore this error.\n"
+  if [[ "$CURRENT_OP_NS" != "" && "$CURRENT_OP_NS" != "$SPIN_OP_NS" ]]; then
+    error "There is already a spinnaker operator in the cluster at namespace \"$CURRENT_OP_NS\", and doesn't match the desired namespace \"$SPIN_OP_NS\". Change desired namespace with env var \"export SPIN_OP_NS=\", or delete the existing operator, or set the env var SPIN_OP_DEPLOY=0 to ignore this error.\n"
 
   elif [[ $CURRENT_OP_IMAGE != "" && ${CURRENT_OP_IMAGE//:*/} != "$OP_IMAGE_BASE" ]]; then
-    warn "There is a different operator in namespace \"$OPERATOR_NS\" (expected: \"$OP_IMAGE_BASE\", actual: \"${CURRENT_OP_IMAGE//:*/}\"). Do you want to delete it? (y/n)\n"
+    warn "There is a different operator in namespace \"$SPIN_OP_NS\" (expected: \"$OP_IMAGE_BASE\", actual: \"${CURRENT_OP_IMAGE//:*/}\"). Do you want to delete it? (y/n)\n"
     read -r del_choice
     [[ "$del_choice" != "y" ]] && exit 0
     delete_operator
@@ -193,7 +199,7 @@ function assert_operator() {
   elif [[ $CRD_READY == 0 || $OP_READY != 1 ]]; then
     deploy_operator
   fi
-  OP_IMAGE=$(kubectl -n $OPERATOR_NS get deployment spinnaker-operator -o json | jq '.spec.template.spec.containers | .[] | select(.name | contains("spinnaker-operator")) | .image')
+  OP_IMAGE=$(kubectl -n $SPIN_OP_NS get deployment spinnaker-operator -o json | jq '.spec.template.spec.containers | .[] | select(.name | contains("spinnaker-operator")) | .image')
   info "Operator version: $OP_IMAGE\n"
 }
 

diff --git a/infrastructure/mysql.yml b/infrastructure/mysql.yml
@@ -79,7 +79,7 @@ spec:
         app: mysql
     spec:
       containers:
-        - image: mysql:5.7
+        - image: mysql:8.1-oracle
           name: mysql
           env:
             - name: MYSQL_ROOT_PASSWORD
@@ -117,8 +117,6 @@ spec:
                 secretKeyRef:
                   name: spin-secrets
                   key: mysqlF50MigratePassword
-          args:
-            - "--ignore-db-dir=lost+found"
           ports:
             - containerPort: 3306
               name: mysql

diff --git a/persistence/patch-sql-clouddriver.yml b/persistence/patch-sql-clouddriver.yml
@@ -33,7 +33,7 @@ spec:
               # for more detail and to view defaults, see:
               # https://github.com/spinnaker/kork/blob/master/kork-sql/src/main/kotlin/com/netflix/spinnaker/kork/sql/config/ConnectionPoolProperties.kt
               default: true
-              jdbcUrl: jdbc:mysql://mysql:3306/clouddriver?useSSL=false&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8mb4_unicode_ci # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+              jdbcUrl: jdbc:mysql://mysql:3306/clouddriver?useSSL=false&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8mb4_unicode_ci&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
               user: clouddriver_service
               password: encrypted:k8s!n:spin-secrets!k:mysqlCdPassword  # (Secret). Depending on db auth and how spinnaker secrets are managed
             # The following tasks connection pool is optional. At Netflix, clouddriver
@@ -43,11 +43,11 @@ spec:
             tasks:
               user: clouddriver_service
               password: encrypted:k8s!n:spin-secrets!k:mysqlCdPassword  # (Secret). Depending on db auth and how spinnaker secrets are managed
-              jdbcUrl: jdbc:mysql://mysql:3306/clouddriver?useSSL=false&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8mb4_unicode_ci # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+              jdbcUrl: jdbc:mysql://mysql:3306/clouddriver?useSSL=false&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8mb4_unicode_ci&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
           migration:
             user: clouddriver_migrate
             password: encrypted:k8s!n:spin-secrets!k:mysqlCdMigratePassword  # (Secret). Depending on db auth and how spinnaker secrets are managed
-            jdbcUrl: jdbc:mysql://mysql:3306/clouddriver?useSSL=false&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8mb4_unicode_ci # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+            jdbcUrl: jdbc:mysql://mysql:3306/clouddriver?useSSL=false&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8mb4_unicode_ci&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
 
         dualTaskRepository: # Maintaining Task Repository Availability While Migrating from Redis to SQL in production https://spinnaker.io/setup/productionize/persistence/clouddriver-sql/#maintaining-task-repository-availability-while-migrating-from-redis-to-sql
           enabled: false

diff --git a/persistence/patch-sql-front50.yml b/persistence/patch-sql-front50.yml
@@ -19,13 +19,13 @@ spec:
             # for more detail and to view defaults, see:
             # https://github.com/spinnaker/kork/blob/master/kork-sql/src/main/kotlin/com/netflix/spinnaker/kork/sql/config/ConnectionPoolProperties.kt
               default: true
-              jdbcUrl: jdbc:mysql://mysql:3306/front50?useSSL=false&useUnicode=true&characterEncoding=utf8 # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+              jdbcUrl: jdbc:mysql://mysql:3306/front50?useSSL=false&useUnicode=true&characterEncoding=utf8&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
               user: front50_service
               password: encrypted:k8s!n:spin-secrets!k:mysqlF50Password
           migration:                # this migration user is required even if you do not plan to migrate any data from an exisiting persistentStorage location
             user: front50_migrate
             password: encrypted:k8s!n:spin-secrets!k:mysqlF50MigratePassword
-            jdbcUrl: jdbc:mysql://mysql:3306/front50?useSSL=false&useUnicode=true&characterEncoding=utf8 # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+            jdbcUrl: jdbc:mysql://mysql:3306/front50?useSSL=false&useUnicode=true&characterEncoding=utf8&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
 
         spinnaker:
           s3:             # change this to the persistenStoreType you have defined below, s3/gcs/redis/aze for example

diff --git a/persistence/patch-sql-orca.yml b/persistence/patch-sql-orca.yml
@@ -14,15 +14,15 @@ spec:
         sql:
           enabled: true
           connectionPool:
-            jdbcUrl: jdbc:mysql://mysql:3306/orca?useSSL=false&useUnicode=true&characterEncoding=utf8 # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+            jdbcUrl: jdbc:mysql://mysql:3306/orca?useSSL=false&useUnicode=true&characterEncoding=utf8&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
             user: orca_service
             password: encrypted:k8s!n:spin-secrets!k:mysqlOrcaPassword
             connectionTimeout: 5000
             maxLifetime: 30000
             # MariaDB-specific:
             maxPoolSize: 50
           migration:
-            jdbcUrl: jdbc:mysql://mysql:3306/orca?useSSL=false&useUnicode=true&characterEncoding=utf8 # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
+            jdbcUrl: jdbc:mysql://mysql:3306/orca?useSSL=false&useUnicode=true&characterEncoding=utf8&allowPublicKeyRetrieval=true # useUnicode and utf8 makes sure the database can store an emoji if one is ever added to the database
             user: orca_migrate
             password: encrypted:k8s!n:spin-secrets!k:mysqlOrcaMigratePassword
 

diff --git a/utilities/unique-service-account.yml b/utilities/unique-service-account.yml
@@ -32,7 +32,5 @@ fieldSpecs:
     path: metadata/name
   - kind: ClusterRoleBinding
     path: metadata/name
-  - kind: ClusterRoleBinding
-    path: subjects/name
   - kind: SpinnakerService
     path: spec/spinnakerConfig/service-settings/clouddriver/kubernetes/serviceAccountName