From 41021c472bf00f1615140a3dc1a7ac4ba79838b4 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Tue, 31 Mar 2026 14:21:53 -0300 Subject: [PATCH] maintenance/jenkins: align Metis ingress, sentinel push, and CI job --- services/jenkins/configmap-jcasc.yaml | 26 ++++++ services/maintenance/kustomization.yaml | 1 + services/maintenance/metis-configmap.yaml | 6 +- services/maintenance/metis-deployment.yaml | 16 +--- services/maintenance/metis-ingress.yaml | 27 +++++++ .../maintenance/metis-sentinel-daemonset.yaml | 81 +++++++++++++++++-- 6 files changed, 135 insertions(+), 22 deletions(-) create mode 100644 services/maintenance/metis-ingress.yaml diff --git a/services/jenkins/configmap-jcasc.yaml b/services/jenkins/configmap-jcasc.yaml index 84976d99..d0efa4ba 100644 --- a/services/jenkins/configmap-jcasc.yaml +++ b/services/jenkins/configmap-jcasc.yaml @@ -167,6 +167,32 @@ data: } } } + pipelineJob('metis') { + properties { + pipelineTriggers { + triggers { + scmTrigger { + scmpoll_spec('H/2 * * * *') + ignorePostCommitHooks(false) + } + } + } + } + definition { + cpsScm { + scm { + git { + remote { + url('https://scm.bstein.dev/bstein/metis.git') + credentials('gitea-pat') + } + branches('*/master') + } + } + scriptPath('Jenkinsfile') + } + } + } pipelineJob('atlasbot') { properties { pipelineTriggers { diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml index 2aa08489..0280e6f3 100644 --- a/services/maintenance/kustomization.yaml +++ b/services/maintenance/kustomization.yaml @@ -33,6 +33,7 @@ resources: - node-image-sweeper-daemonset.yaml - image-sweeper-cronjob.yaml - metis-service.yaml + - metis-ingress.yaml - soteria-service.yaml images: - name: registry.bstein.dev/bstein/ariadne diff --git a/services/maintenance/metis-configmap.yaml b/services/maintenance/metis-configmap.yaml index ba45d881..8cc5928a 100644 --- a/services/maintenance/metis-configmap.yaml +++ b/services/maintenance/metis-configmap.yaml @@ -6,7 +6,11 @@ metadata: namespace: maintenance data: METIS_DEFAULT_FLASH_NODE: titan-22 + METIS_UI_BASE_URL: https://metis.bstein.dev METIS_METRICS_PORT: "8080" METIS_METRICS_PATH: /metrics + METIS_SENTINEL_PUSH_URL: http://metis.maintenance.svc.cluster.local/api/internal/sentinel/snapshots + METIS_SENTINEL_PUSH_TIMEOUT_SEC: "10" + METIS_SENTINEL_PUSH_INTERVAL_SEC: "120" METIS_SENTINEL_OUT: /var/run/metis-sentinel - METIS_SENTINEL_INTERVAL_SEC: "300" + METIS_SENTINEL_INTERVAL_SEC: "120" diff --git a/services/maintenance/metis-deployment.yaml b/services/maintenance/metis-deployment.yaml index 87b2db78..d4747c86 100644 --- a/services/maintenance/metis-deployment.yaml +++ b/services/maintenance/metis-deployment.yaml @@ -21,23 +21,9 @@ spec: spec: serviceAccountName: metis nodeSelector: + kubernetes.io/hostname: titan-22 kubernetes.io/arch: amd64 node-role.kubernetes.io/worker: "true" - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: ["titan-22"] - - weight: 25 - preference: - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: ["titan-24"] containers: - name: metis image: registry.bstein.dev/bstein/metis:latest diff --git a/services/maintenance/metis-ingress.yaml b/services/maintenance/metis-ingress.yaml new file mode 100644 index 00000000..4d257781 --- /dev/null +++ b/services/maintenance/metis-ingress.yaml @@ -0,0 +1,27 @@ +# services/maintenance/metis-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: metis + namespace: maintenance + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.middlewares: sso-oauth2-proxy-forward-auth@kubernetescrd +spec: + tls: + - hosts: ["metis.bstein.dev"] + secretName: metis-tls + rules: + - host: metis.bstein.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: metis + port: + number: 80 diff --git a/services/maintenance/metis-sentinel-daemonset.yaml b/services/maintenance/metis-sentinel-daemonset.yaml index 44236904..e9127c13 100644 --- a/services/maintenance/metis-sentinel-daemonset.yaml +++ b/services/maintenance/metis-sentinel-daemonset.yaml @@ -27,6 +27,27 @@ spec: - name: metis-sentinel image: registry.bstein.dev/bstein/metis-sentinel:latest imagePullPolicy: Always + command: + - /bin/sh + - -c + args: + - | + set -eu + out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}" + interval="${METIS_SENTINEL_INTERVAL_SEC:-120}" + mkdir -p "${out_dir}" + while true; do + ts="$(date -u +%Y%m%dT%H%M%SZ)" + node="${METIS_SENTINEL_NODE:-unknown}" + tmp="${out_dir}/${node}-${ts}.json.tmp" + out="${out_dir}/${node}-${ts}.json" + if metis-sentinel > "${tmp}"; then + mv "${tmp}" "${out}" + else + rm -f "${tmp}" || true + fi + sleep "${interval}" + done envFrom: - configMapRef: name: metis @@ -39,9 +60,6 @@ spec: - name: http containerPort: 8080 volumeMounts: - - name: host-root - mountPath: /host - readOnly: true - name: sentinel-output mountPath: /var/run/metis-sentinel resources: @@ -56,9 +74,60 @@ spec: runAsUser: 0 capabilities: drop: ["ALL"] + - name: sentinel-pusher + image: curlimages/curl:8.12.1 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + args: + - | + set -eu + out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}" + push_url="${METIS_SENTINEL_PUSH_URL:-}" + interval="${METIS_SENTINEL_PUSH_INTERVAL_SEC:-120}" + timeout="${METIS_SENTINEL_PUSH_TIMEOUT_SEC:-10}" + mkdir -p "${out_dir}" + while true; do + for snapshot in "${out_dir}"/*.json; do + [ -f "${snapshot}" ] || continue + if [ -z "${push_url}" ]; then + break + fi + if curl -fsS --connect-timeout "${timeout}" --max-time "${timeout}" \ + -X POST \ + -H "Content-Type: application/json" \ + -H "X-Metis-Node: ${METIS_SENTINEL_NODE:-unknown}" \ + --data-binary "@${snapshot}" \ + "${push_url}"; then + rm -f "${snapshot}" + fi + done + sleep "${interval}" + done + envFrom: + - configMapRef: + name: metis + env: + - name: METIS_SENTINEL_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: sentinel-output + mountPath: /var/run/metis-sentinel + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + capabilities: + drop: ["ALL"] volumes: - - name: host-root - hostPath: - path: / - name: sentinel-output emptyDir: {}