From 1180e5aee1dc13de8cf9fcf8023888f353e0aef0 Mon Sep 17 00:00:00 2001 From: Robert Tuck Date: Wed, 18 Sep 2024 09:20:57 +0100 Subject: [PATCH 1/2] Miscellaneous kubernetes deployment fixes * Enable hostNetwork to helmchart in order to access instrumentation network * Fix version extraction from folder path * Change helmchart image name to mx-bluesky to match the release CI workflow * Fix helmchart default log folder to not clash with non-containerised version * Do final docker image pip install with no-deps to prevent editable dodal being clobbered --- Dockerfile.release | 2 +- helmchart/templates/deployment.yaml | 42 ++++++++++++++++++- helmchart/values.yaml | 2 +- .../deploy/deploy_hyperion_to_k8s.sh | 2 +- 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/Dockerfile.release b/Dockerfile.release index 2d9deb56b..435170617 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -31,7 +31,7 @@ RUN git restore . # Regenerate _version.py with the correct version - this should run quickly since we already have our dependencies RUN rm src/mx_bluesky/_version.py -RUN pip install --no-cache-dir --no-compile -e . +RUN pip install --no-cache-dir --no-compile --no-deps -e . ENTRYPOINT /app/hyperion/utility_scripts/docker/entrypoint.sh diff --git a/helmchart/templates/deployment.yaml b/helmchart/templates/deployment.yaml index 10a5dc1b9..067f7ab29 100644 --- a/helmchart/templates/deployment.yaml +++ b/helmchart/templates/deployment.yaml @@ -57,7 +57,46 @@ spec: path: "{{ .Values.hyperion.dataDir }}" containers: - name: hyperion - image: {{ .Values.hyperion.imageRepository}}/hyperion:{{ .Values.hyperion.appVersion }} + image: {{ .Values.hyperion.imageRepository}}/mx-bluesky:{{ .Values.hyperion.appVersion }} + securityContext: + capabilities: + # Required for hostNetwork + drop: + - AUDIT_WRITE + - CHOWN + - DAC_OVERRIDE + - FOWNER + - FSETID + - KILL + - MKNOD + - NET_BIND_SERVICE + - NET_RAW + - SETFCAP + - SETGID + - SETPCAP + - SETUID + - SYS_CHROOT + - AUDIT_CONTROL + - BLOCK_SUSPEND + - DAC_READ_SEARCH + - IPC_LOCK + - IPC_OWNER + - LEASE + - LINUX_IMMUTABLE + - MAC_ADMIN + - MAC_OVERRIDE + - SYS_ADMIN + - SYS_BOOT + - SYS_MODULE + - SYS_NICE + - SYS_PACCT + - SYS_MODULE + - SYS_PTRACE + - SYS_RESOURCE + - SYS_TIME + - SYS_TTY_CONFIG + - SYSLOG + - WAKE_ALARM resources: limits: cpu: "1" @@ -111,3 +150,4 @@ spec: name: logs - mountPath: "/dls/{{ .Values.hyperion.beamline }}/data" name: data + hostNetwork: true diff --git a/helmchart/values.yaml b/helmchart/values.yaml index bf6bf352d..c7d2f61db 100644 --- a/helmchart/values.yaml +++ b/helmchart/values.yaml @@ -8,7 +8,7 @@ hyperion: supplementalGroups: [] beamline: i03 dev: false - logDir: "/dls_sw/i03/logs/bluesky" + logDir: "/dls_sw/i03/logs/bluesky/hyperion-k8s" dataDir: "/dls/i03/data" # These should be overridden at install time projectDir: SET_ON_INSTALL diff --git a/utility_scripts/deploy/deploy_hyperion_to_k8s.sh b/utility_scripts/deploy/deploy_hyperion_to_k8s.sh index 73b54f6e5..4db99c1c7 100755 --- a/utility_scripts/deploy/deploy_hyperion_to_k8s.sh +++ b/utility_scripts/deploy/deploy_hyperion_to_k8s.sh @@ -103,7 +103,7 @@ else cd $NEW_PROJECTDIR PROJECTDIR=$NEW_PROJECTDIR HYPERION_BASENAME=$(basename $HYPERION_BASE) - CHECKED_OUT_VERSION=${HYPERION_BASENAME#mx_bluesky_v} + CHECKED_OUT_VERSION=${HYPERION_BASENAME#mx_bluesky_} fi From 7851a16e86e6e54ae8765bb7a9705e6f3d7c756c Mon Sep 17 00:00:00 2001 From: Robert Tuck Date: Wed, 18 Sep 2024 11:37:51 +0100 Subject: [PATCH 2/2] Update image name to mx-bluesky in line with CI build --- utility_scripts/build_docker_image.sh | 12 ++++++------ utility_scripts/docker/i03-compose.yml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/utility_scripts/build_docker_image.sh b/utility_scripts/build_docker_image.sh index aba8d1c92..ec9dc17db 100755 --- a/utility_scripts/build_docker_image.sh +++ b/utility_scripts/build_docker_image.sh @@ -30,7 +30,7 @@ for option in "$@"; do done PROJECTDIR=`dirname $0`/.. -PROJECT=hyperion +IMAGE=mx-bluesky if ! git diff --cached --quiet; then echo "Cannot build image from unclean workspace" @@ -40,7 +40,7 @@ fi if [[ $BUILD == 1 ]]; then echo "Building initial image" - LATEST_TAG=$PROJECT:latest + LATEST_TAG=$IMAGE:latest TMPDIR=/tmp podman build \ -f $PROJECTDIR/Dockerfile.release \ --tag $LATEST_TAG \ @@ -48,7 +48,7 @@ if [[ $BUILD == 1 ]]; then # Now extract the version from the built image and then rebuild with the label IMAGE_VERSION=$(podman run --rm --entrypoint=hyperion $LATEST_TAG -c "--version" | \ sed -e 's/[^a-zA-Z0-9 ._-]/_/g') - TAG=$PROJECT:$IMAGE_VERSION + TAG=$IMAGE:$IMAGE_VERSION echo "Labelling image with version $IMAGE_VERSION, tagging with tags $TAG $LATEST_TAG" TMPDIR=/tmp podman build \ -f $PROJECTDIR/Dockerfile.release \ @@ -64,7 +64,7 @@ if [[ $PUSH == 1 ]]; then echo "Not logged in to ghcr.io" exit 1 fi - echo "Pushing to ghcr.io/$NAMESPACE/$PROJECT:latest ..." - podman push $PROJECT:latest docker://ghcr.io/$NAMESPACE/$PROJECT:latest - podman push $PROJECT:latest docker://ghcr.io/$NAMESPACE/$PROJECT:$IMAGE_VERSION + echo "Pushing to ghcr.io/$NAMESPACE/$IMAGE:latest ..." + podman push $IMAGE:latest docker://ghcr.io/$NAMESPACE/$IMAGE:latest + podman push $IMAGE:latest docker://ghcr.io/$NAMESPACE/$IMAGE:$IMAGE_VERSION fi diff --git a/utility_scripts/docker/i03-compose.yml b/utility_scripts/docker/i03-compose.yml index 55a0500d8..d47ba964a 100644 --- a/utility_scripts/docker/i03-compose.yml +++ b/utility_scripts/docker/i03-compose.yml @@ -1,7 +1,7 @@ name: i03-hyperion services: hyperion-common: - image: localhost/hyperion + image: localhost/mx-bluesky pull_policy: never expose: - "5005"