Merge pull request #174 from SAP/gardener

integrate gardener service

Author: ib-steffen

ib.py

@@ -36,6 +36,7 @@
     {'name': 'docker-registry-nginx', 'depends_on': ['images-base']},
     {'name': 'db', 'depends_on': ['images-base']},
     {'name': 'postgres'},
+    {'name': 'service-gardener'},
     {'name': 'service-gcp'},
     {'name': 'service-namespace'},
     {'name': 'metrics'},

infrabox/generator/deployments.json

@@ -526,6 +526,30 @@
                 }
             ]
         },
+        {
+            "type": "docker",
+            "build_context": "../..",
+            "name": "service-gardener",
+            "docker_file": "src/services/gardener/Dockerfile",
+            "resources": {
+                "limits": {
+                    "cpu": 1,
+                    "memory": 2048
+                }
+            },
+            "deployments": [
+                {
+                    "type": "docker-registry",
+                    "host": "quay.io/infrabox",
+                    "repository": "service-gcp",
+                    "username": "infrabox+infrabox_ci",
+                    "password": {
+                        "$secret": "QUAY_PASSWORD"
+                    }
+                }
+            ]
+        },
+
         {
             "type": "docker",
             "build_context": "../..",

src/api/handlers/project.py

@@ -13,7 +13,7 @@
 
 from werkzeug.datastructures import FileStorage
 
-from pyinfraboxutils import get_logger
+from pyinfraboxutils import get_logger, get_root_url
 
 from pyinfraboxutils.ibflask import OK
 from pyinfraboxutils.ibrestplus import api, response_model
@@ -388,7 +388,8 @@ def post(self, project_id):
                 SELECT name FROM project WHERE id = %s
             ''', [project_id])[0]
 
-            url = '%s/dashboard/#/project/%s/build/%s/1' % (os.environ['INFRABOX_ROOT_URL'],
+            root_url = get_root_url('global')
+            url = '%s/dashboard/#/project/%s/build/%s/1' % (root_url,
                                                             project_name,
                                                             build_number)
 

src/scheduler/kubernetes/scheduler.py

@@ -226,7 +226,16 @@ def _sync_services(self, pi):
                                                    s['apiVersion'],
                                                    pi['metadata']['namespace'],
                                                    s['kind'].lower() + 's')
-            self._create(url, service)
+            try:
+                self._create(url, service)
+            except APIException as ae:
+                if ae.result.status_code == 404:
+                    pi['status']['state'] = 'error'
+                    pi['status']['message'] = ae.result.text
+                    ready = False
+                    return
+                else:
+                    raise ae
 
             url = '%s/apis/%s/namespaces/%s/%s/%s' % (self.args.api_server,
                                                       s['apiVersion'],

src/services/gardener/README.md

@@ -27,7 +27,7 @@ The InfraBox Garden Service can be used to dynamically provision a Kubernetes Cl
                 "maxNodes": 1,
                 "minNodes": 1,
                 "zone": "eu-central-1a",
-                "clusterVersion": "1.10",
+                "clusterVersion": "1.10"
             }
         }]
     }]
@@ -79,31 +79,22 @@ kubectl get pods
 
 ## Install
 To install the service in your Kubernetes cluster you have to first create a AWS Service Account and configure gardener to use it (secretBindingRef). Next, create a kubeconfig which this service will use to communicate with Gardener. Create a secret containing the kubeconfig:
+
 ```bash
-kubectl -n infrabox-system create secret generic infrabox-service-garden-sa --from-file ./garden_kubeconfig
+kubectl -n infrabox-system create secret generic infrabox-service-gardener-sa --from-file ./garden_kubeconfig
 ```
 
-The names of the secret and the secretBindingRef can be chosen arbitrarily. The service will read the names from the environment variables mentioned below. The name of the kubeconfig entry within the secret (`garden_kubeconfig`) is mandatory. 
+The names of the secret and the secretBindingRef can be chosen arbitrarily. The service will read the names from the environment variables mentioned below. The name of the kubeconfig entry within the secret (`garden_kubeconfig`) is mandatory.
+
+Now use helm to install the Gardener Service. Edit values.yaml for specify the required values.
 
-Now use helm to install the GCP Service.
+Parameter | Description | Default | Required
+--- | --- | --- | ---
+`gardener.project` | Name of the Gardener Project | `nil` | yes
+`gardener.namespace` | Name of the Gardener Namespace | `nil` | yes
+`gardener.secret_binding_ref` | Name of the Gardener Secret binding ref| `nil` | yes
 
 ```bash
 cd infrabox-service-gardener
 helm install --namespace infrabox-system -n infrabox-service-gardener .
-```
-
-### Env variables
-The garden-operator depends on several environment variables:
-
-#### mandatory:
-* `CRENDENTIALS_SECRET`: Name of the secret containing the kubeconfig for Gardener. Within the secret, the config must be stored under the name `garden_kubecfg`.
-* `GARDEN_NAMESPACE` : The namespace within Gardener to create new shoot clusters in.
-* `GARDENER_PROJECTNAME`: Name of the gardener project which will contain the generated clusters.
-* `SECRET_BINDING_REF`: secretBindingRef as configured in Gardener.
-
-#### optional
-* `LOGLVL`: the logging level to use. Valid values are: `debug`, `info`, `warn`, `error`. default: `warn`.
-* `AWS_MAINTENANCE_AUTOUPDATE`: boolean. Enables autoupdate of kubernetes. default: `true`.
-* `AWS_MAINTENANCE_AUTOUPDATE_TWBEGIN`: Begin of the maintenance window. default: `220000+0100`. If used, must be set in conjunction with `AWS_MAINTENANCE_AUTOUPDATE_TWBEND`.
-* `AWS_MAINTENANCE_AUTOUPDATE_TWBEND`: End of the maintenance window. default: `230000+0100`. If used, must be set in conjunction with `AWS_MAINTENANCE_AUTOUPDATE_TWBEGIN`.
-  
+```

src/services/gardener/infrabox-service-garden/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "infrabox-service-gcp.name" -}}
+{{- define "infrabox-service-gardener.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "infrabox-service-gcp.fullname" -}}
+{{- define "infrabox-service-gardener.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "infrabox-service-gcp.chart" -}}
+{{- define "infrabox-service-gardener.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

src/services/gardener/infrabox-service-garden/templates/deployment.yaml

@@ -1,10 +1,10 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: {{ template "infrabox-service-gcp.fullname" . }}
+  name: {{ template "infrabox-service-gardener.fullname" . }}
   labels:
-    app: {{ template "infrabox-service-gcp.name" . }}
-    chart: {{ template "infrabox-service-gcp.chart" . }}
+    app: {{ template "infrabox-service-gardener.name" . }}
+    chart: {{ template "infrabox-service-gardener.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
@@ -34,6 +34,14 @@ spec:
           env:
           - name: WATCH_NAMESPACE
             value: infrabox-worker
+          - name: CREDENTIALS_SECRET
+            value: {{ .Values.gardener.credential_secret }}
+          - name: GARDENER_NAMESPACE
+            value: {{ .Values.gardener.namespace }}
+          - name: GARDENER_PROJECTNAME
+            value: {{ .Values.gardener.project }}
+          - name: SECRET_BINDING_REF
+            value: {{ .Values.gardener.secret_binding_ref }}
       volumes:
       - name: service-account
         secret:

src/services/gardener/infrabox-service-garden/values.yaml

@@ -3,3 +3,9 @@ replicaCount: 1
 image:
   repository: quay.io/infrabox/service-gardener
   tag: latest
+
+gardener:
+  credential_secret: infrabox-service-gardener-sa
+  namespace: <REQUIRED>
+  project: <REQUIRED>
+  secret_binding_ref: <REQUIRED>

src/services/gardener/pkg/stub/handler.go

@@ -127,7 +127,7 @@ func (h *Handler) sync(shootCluster *v1alpha1.ShootCluster, log *logrus.Entry) e
 	return nil
 }
 
-const ENVGardenNamespace = "GARDEN_NAMESPACE"
+const ENVGardenNamespace = "GARDENER_NAMESPACE"
 
 func (h *Handler) ensureThatGardenerFieldsAreSet(shootCluster *v1alpha1.ShootCluster, log *logrus.Entry) error {
 	if len(shootCluster.Status.ClusterName) == 0 {

src/services/gardener/pkg/stub/shootOperations/common/constants.go

@@ -2,7 +2,7 @@ package common
 
 const (
 	EnvCredentialSecretName  = "CREDENTIALS_SECRET" // env variable for name of input secret
-	KeyGardenKubectlInSecret = "garden_kubecfg"
+	KeyGardenKubectlInSecret = "gardener.conf"
 
 	// output secret
 	LabelForTargetSecret = "service.infrabox.net/secret-name"