Update aiservice pipeline setup

Author: durera

src/mas/devops/tekton.py

@@ -170,8 +170,47 @@ def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None,
                 sleep(15)
 
 
-def prepareInstallSecrets(dynClient: DynamicClient, instanceId: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None) -> None:
-    namespace = f"mas-{instanceId}-pipelines"
+def prepareAiServicePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True, configureRBAC: bool = True):
+    templateDir = path.join(path.abspath(path.dirname(__file__)), "templates")
+    env = Environment(
+        loader=FileSystemLoader(searchpath=templateDir)
+    )
+    namespace = f"aiservice-{instanceId}-pipelines"
+    template = env.get_template("pipelines-rbac.yml.j2")
+
+    if configureRBAC:
+        # Create RBAC
+        renderedTemplate = template.render(mas_instance_id=instanceId)
+        logger.debug(renderedTemplate)
+        crb = yaml.safe_load(renderedTemplate)
+        clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding")
+        clusterRoleBindingAPI.apply(body=crb, namespace=namespace)
+
+    template = env.get_template("aiservice-pipelines-pvc.yml.j2")
+    renderedTemplate = template.render(
+        aiservice_instance_id=instanceId,
+        pipeline_storage_class=storageClass,
+        pipeline_storage_accessmode=accessMode
+    )
+    logger.debug(renderedTemplate)
+    pvc = yaml.safe_load(renderedTemplate)
+    pvcAPI = dynClient.resources.get(api_version="v1", kind="PersistentVolumeClaim")
+    pvcAPI.apply(body=pvc, namespace=namespace)
+
+    if waitForBind:
+        logger.debug("Waiting for PVC to be bound")
+        pvcIsBound = False
+        while not pvcIsBound:
+            configPVC = pvcAPI.get(name="config-pvc", namespace=namespace)
+            if configPVC.status.phase == "Bound":
+                pvcIsBound = True
+            else:
+                logger.debug("Waiting 15s before checking status of PVC again")
+                logger.debug(configPVC)
+                sleep(15)
+
+
+def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None) -> None:
     secretsAPI = dynClient.resources.get(api_version="v1", kind="Secret")
 
     # 1. Secret/pipeline-additional-configs
@@ -402,24 +441,24 @@ def launchInstallPipeline(dynClient: DynamicClient, params: dict) -> str:
     return pipelineURL
 
 
-def launchInstallPipelineForAiservice(dynClient: DynamicClient, params: dict) -> str:
+def launchUpdatePipeline(dynClient: DynamicClient, params: dict) -> str:
     """
-    Create a PipelineRun to install the Aiservice
+    Create a PipelineRun to update the Maximo Operator Catalog
     """
-    instanceId = params["aiservice_instance_id"]
-    namespace = f"aiservice-{instanceId}-pipelines"
-    timestamp = launchPipelineRun(dynClient, namespace, "pipelinerun-aiservice-install", params)
+    namespace = "mas-pipelines"
+    timestamp = launchPipelineRun(dynClient, namespace, "pipelinerun-update", params)
 
-    pipelineURL = f"{getConsoleURL(dynClient)}/k8s/ns/aiservice-{instanceId}-pipelines/tekton.dev~v1beta1~PipelineRun/{instanceId}-install-{timestamp}"
+    pipelineURL = f"{getConsoleURL(dynClient)}/k8s/ns/mas-pipelines/tekton.dev~v1beta1~PipelineRun/mas-update-{timestamp}"
     return pipelineURL
 
 
-def launchUpdatePipeline(dynClient: DynamicClient, params: dict) -> str:
+def launchAiServiceInstallPipeline(dynClient: DynamicClient, params: dict) -> str:
     """
-    Create a PipelineRun to update the Maximo Operator Catalog
+    Create a PipelineRun to install the AI Service
     """
-    namespace = "mas-pipelines"
-    timestamp = launchPipelineRun(dynClient, namespace, "pipelinerun-update", params)
+    instanceId = params["aiservice_instance_id"]
+    namespace = f"aiservice-{instanceId}-pipelines"
+    timestamp = launchPipelineRun(dynClient, namespace, "pipelinerun-aiservice-install", params)
 
-    pipelineURL = f"{getConsoleURL(dynClient)}/k8s/ns/mas-pipelines/tekton.dev~v1beta1~PipelineRun/mas-update-{timestamp}"
+    pipelineURL = f"{getConsoleURL(dynClient)}/k8s/ns/aiservice-{instanceId}-pipelines/tekton.dev~v1beta1~PipelineRun/{instanceId}-install-{timestamp}"
     return pipelineURL

src/mas/devops/templates/aiservice-pipelines-pvc.yml.j2

@@ -0,0 +1,15 @@
+---
+# 1. Set up a PVC for shared storage
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: config-pvc
+  namespace: aiservice-{{ aiservice_instance_id }}-pipelines
+spec:
+  accessModes:
+    - {{ pipeline_storage_accessmode }}
+  volumeMode: Filesystem
+  storageClassName: {{ pipeline_storage_class }}
+  resources:
+    requests:
+      storage: 500Mi

src/mas/devops/templates/aiservice-pipelines-rbac.yml.j2

@@ -0,0 +1,14 @@
+---
+# 1. Configure RBAC for the pipeline tasks
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: aiservice-pipeline-{{ aiservice_instance_id }}
+subjects:
+  - kind: ServiceAccount
+    name: pipeline
+    namespace: aiservice-{{ aiservice_instance_id }}-pipelines
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin