feat: patch argocd resources when oomkilled (#1814)

Co-authored-by: jeho <[email protected]>

Author: CasLubbers

charts/otomi-pipelines/templates/tekton-otomi-task-teams.yaml

@@ -70,6 +70,7 @@ spec:
         - 'binzx/otomi validate-values'
     - name: apply
       computeResources: {}
+      {{/* Be aware that during the upgrade this task is not immediately upgraded */}}
       script: |
         #!/bin/bash
         set -e

charts/otomi-pipelines/templates/tekton-otomi-task.yaml

@@ -77,6 +77,7 @@ spec:
         - 'binzx/otomi validate-values'
     - name: apply
       computeResources: {}
+      {{/* Be aware that during the upgrade this task is not immediately upgraded */}}
       script: |
         #!/bin/bash
         set -e

src/cmd/apply-as-apps.ts

@@ -4,12 +4,13 @@ import { writeFile } from 'fs/promises'
 import { cleanupHandler, prepareEnvironment } from 'src/common/cli'
 import { logLevelString, terminal } from 'src/common/debug'
 import { hf } from 'src/common/hf'
-import { isResourcePresent } from 'src/common/k8s'
+import { patchContainerResourcesOfSts, isResourcePresent, k8s } from 'src/common/k8s'
 import { getFilename, loadYaml } from 'src/common/utils'
 import { getImageTag, objectToYaml } from 'src/common/values'
 import { HelmArguments, getParsedArgs, helmOptions, setParsedArgs } from 'src/common/yargs'
 import { Argv, CommandModule } from 'yargs'
 import { $ } from 'zx'
+import { V1ResourceRequirements } from '@kubernetes/client-node/dist/gen/model/v1ResourceRequirements'
 
 const cmdName = getFilename(__filename)
 const dir = '/tmp/otomi'
@@ -113,17 +114,47 @@ const removeApplication = async (release: HelmRelease): Promise<void> => {
   }
 }
 
+function getResources(values: Record<string, any>) {
+  const config = values
+  const resources: V1ResourceRequirements = {
+    limits: {
+      cpu: config.controller?.resources?.limits?.cpu,
+      memory: config.controller?.resources?.limits?.memory,
+    },
+    requests: {
+      cpu: config.controller?.resources?.requests?.cpu,
+      memory: config.controller?.resources?.requests?.memory,
+    },
+  }
+  return resources
+}
+
+async function patchArgocdResources(release: HelmRelease, values: Record<string, any>) {
+  if (release.name === 'argocd') {
+    const resources = getResources(values)
+    await patchContainerResourcesOfSts(
+      'argocd-application-controller',
+      'argocd',
+      'application-controller',
+      resources,
+      k8s.app(),
+      k8s.core(),
+      d,
+    )
+  }
+}
+
 const writeApplicationManifest = async (release: HelmRelease, otomiVersion: string): Promise<void> => {
   const appName = `${release.namespace}-${release.name}`
-  // d.info(`Generating Argocd Application at ${appName}`)
   const applicationPath = `${appsDir}/${appName}.yaml`
   const valuesPath = `${valuesDir}/${appName}.yaml`
-  // d.info(`Loading values file from ${valuesPath}`)
   let values = {}
+
   if (await pathExists(valuesPath)) values = (await loadYaml(valuesPath)) || {}
   const manifest = getArgocdAppManifest(release, values, otomiVersion)
-  // d.info(`Saving Argocd Application at ${applicationPath}`)
   await writeFile(applicationPath, objectToYaml(manifest))
+
+  await patchArgocdResources(release, values)
 }
 export const applyAsApps = async (argv: HelmArguments): Promise<void> => {
   const helmfileSource = argv.file?.toString() || 'helmfile.d/'

src/cmd/commit.ts

@@ -1,12 +1,12 @@
-import { CoreV1Api, CustomObjectsApi, KubeConfig } from '@kubernetes/client-node'
+import { CoreV1Api } from '@kubernetes/client-node'
 import retry from 'async-retry'
 import { bootstrapGit, setIdentity } from 'src/common/bootstrap'
 import { prepareEnvironment } from 'src/common/cli'
 import { encrypt } from 'src/common/crypt'
 import { terminal } from 'src/common/debug'
 import { env, isCi } from 'src/common/envalid'
 import { hfValues } from 'src/common/hf'
-import { createGenericSecret, waitTillGitRepoAvailable } from 'src/common/k8s'
+import { createGenericSecret, k8s, waitTillGitRepoAvailable } from 'src/common/k8s'
 import { getFilename } from 'src/common/utils'
 import { getRepo } from 'src/common/values'
 import { HelmArguments, getParsedArgs, setParsedArgs } from 'src/common/yargs'
@@ -128,12 +128,9 @@ export async function retryCheckingForPipelineRun() {
 
 export async function retryIsOAuth2ProxyRunning() {
   const d = terminal(`cmd:${cmdName}:isOAuth2ProxyRunning`)
-  const kc = new KubeConfig()
-  kc.loadFromDefault()
-  const coreV1Api = kc.makeApiClient(CoreV1Api)
   await retry(
     async () => {
-      await isOAuth2ProxyAvailable(coreV1Api)
+      await isOAuth2ProxyAvailable(k8s.core())
     },
     { retries: env.RETRIES, randomize: env.RANDOM, minTimeout: env.MIN_TIMEOUT, factor: env.FACTOR },
   ).catch((e) => {
@@ -142,10 +139,10 @@ export async function retryIsOAuth2ProxyRunning() {
   })
 }
 
-export async function isOAuth2ProxyAvailable(k8s: CoreV1Api): Promise<void> {
+export async function isOAuth2ProxyAvailable(coreV1Api: CoreV1Api): Promise<void> {
   const d = terminal(`cmd:${cmdName}:isOAuth2ProxyRunning`)
   d.info('Checking if OAuth2Proxy is available, waiting...')
-  const { body: oauth2ProxyEndpoint } = await k8s.readNamespacedEndpoints('oauth2-proxy', 'istio-system')
+  const { body: oauth2ProxyEndpoint } = await coreV1Api.readNamespacedEndpoints('oauth2-proxy', 'istio-system')
   if (!oauth2ProxyEndpoint) {
     throw new Error('OAuth2Proxy endpoint not found, waiting...')
   }
@@ -163,16 +160,10 @@ export async function isOAuth2ProxyAvailable(k8s: CoreV1Api): Promise<void> {
 
 export async function checkIfPipelineRunExists(): Promise<void> {
   const d = terminal(`cmd:${cmdName}:pipelineRun`)
-  const kc = new KubeConfig()
-  kc.loadFromDefault()
-  const customObjectsApi = kc.makeApiClient(CustomObjectsApi)
 
-  const response = await customObjectsApi.listNamespacedCustomObject(
-    'tekton.dev',
-    'v1beta1',
-    'otomi-pipelines',
-    'pipelineruns',
-  )
+  const response = await k8s
+    .custom()
+    .listNamespacedCustomObject('tekton.dev', 'v1beta1', 'otomi-pipelines', 'pipelineruns')
 
   const pipelineRuns = (response.body as { items: any[] }).items
   if (pipelineRuns.length === 0) {
@@ -186,10 +177,7 @@ export async function checkIfPipelineRunExists(): Promise<void> {
 
 async function createCredentialsSecret(secretName: string, username: string, password: string): Promise<void> {
   const secretData = { username, password }
-  const kc = new KubeConfig()
-  kc.loadFromDefault()
-  const coreV1Api = kc.makeApiClient(CoreV1Api)
-  await createGenericSecret(coreV1Api, secretName, 'keycloak', secretData)
+  await createGenericSecret(k8s.core(), secretName, 'keycloak', secretData)
 }
 
 export const printWelcomeMessage = async (): Promise<void> => {