From ff6f50a501ae6ce24de368cdc0caebb51780097f Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Tue, 31 Mar 2026 14:21:53 -0300 Subject: [PATCH] maintenance/jenkins: align Metis ingress, sentinel push, and CI job --- services/maintenance/metis-configmap.yaml | 6 +- services/maintenance/metis-deployment.yaml | 16 +--- services/maintenance/metis-ingress.yaml | 27 +++++++ .../maintenance/metis-sentinel-daemonset.yaml | 81 +++++++++++++++++-- 4 files changed, 108 insertions(+), 22 deletions(-) create mode 100644 services/maintenance/metis-ingress.yaml diff --git a/services/maintenance/metis-configmap.yaml b/services/maintenance/metis-configmap.yaml index ba45d881..8cc5928a 100644 --- a/services/maintenance/metis-configmap.yaml +++ b/services/maintenance/metis-configmap.yaml @@ -6,7 +6,11 @@ metadata: namespace: maintenance data: METIS_DEFAULT_FLASH_NODE: titan-22 + METIS_UI_BASE_URL: https://metis.bstein.dev METIS_METRICS_PORT: "8080" METIS_METRICS_PATH: /metrics + METIS_SENTINEL_PUSH_URL: http://metis.maintenance.svc.cluster.local/api/internal/sentinel/snapshots + METIS_SENTINEL_PUSH_TIMEOUT_SEC: "10" + METIS_SENTINEL_PUSH_INTERVAL_SEC: "120" METIS_SENTINEL_OUT: /var/run/metis-sentinel - METIS_SENTINEL_INTERVAL_SEC: "300" + METIS_SENTINEL_INTERVAL_SEC: "120" diff --git a/services/maintenance/metis-deployment.yaml b/services/maintenance/metis-deployment.yaml index 87b2db78..d4747c86 100644 --- a/services/maintenance/metis-deployment.yaml +++ b/services/maintenance/metis-deployment.yaml @@ -21,23 +21,9 @@ spec: spec: serviceAccountName: metis nodeSelector: + kubernetes.io/hostname: titan-22 kubernetes.io/arch: amd64 node-role.kubernetes.io/worker: "true" - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: ["titan-22"] - - weight: 25 - preference: - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: ["titan-24"] containers: - name: metis image: registry.bstein.dev/bstein/metis:latest diff --git a/services/maintenance/metis-ingress.yaml b/services/maintenance/metis-ingress.yaml new file mode 100644 index 00000000..4d257781 --- /dev/null +++ b/services/maintenance/metis-ingress.yaml @@ -0,0 +1,27 @@ +# services/maintenance/metis-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: metis + namespace: maintenance + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.middlewares: sso-oauth2-proxy-forward-auth@kubernetescrd +spec: + tls: + - hosts: ["metis.bstein.dev"] + secretName: metis-tls + rules: + - host: metis.bstein.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: metis + port: + number: 80 diff --git a/services/maintenance/metis-sentinel-daemonset.yaml b/services/maintenance/metis-sentinel-daemonset.yaml index 44236904..e9127c13 100644 --- a/services/maintenance/metis-sentinel-daemonset.yaml +++ b/services/maintenance/metis-sentinel-daemonset.yaml @@ -27,6 +27,27 @@ spec: - name: metis-sentinel image: registry.bstein.dev/bstein/metis-sentinel:latest imagePullPolicy: Always + command: + - /bin/sh + - -c + args: + - | + set -eu + out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}" + interval="${METIS_SENTINEL_INTERVAL_SEC:-120}" + mkdir -p "${out_dir}" + while true; do + ts="$(date -u +%Y%m%dT%H%M%SZ)" + node="${METIS_SENTINEL_NODE:-unknown}" + tmp="${out_dir}/${node}-${ts}.json.tmp" + out="${out_dir}/${node}-${ts}.json" + if metis-sentinel > "${tmp}"; then + mv "${tmp}" "${out}" + else + rm -f "${tmp}" || true + fi + sleep "${interval}" + done envFrom: - configMapRef: name: metis @@ -39,9 +60,6 @@ spec: - name: http containerPort: 8080 volumeMounts: - - name: host-root - mountPath: /host - readOnly: true - name: sentinel-output mountPath: /var/run/metis-sentinel resources: @@ -56,9 +74,60 @@ spec: runAsUser: 0 capabilities: drop: ["ALL"] + - name: sentinel-pusher + image: curlimages/curl:8.12.1 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + args: + - | + set -eu + out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}" + push_url="${METIS_SENTINEL_PUSH_URL:-}" + interval="${METIS_SENTINEL_PUSH_INTERVAL_SEC:-120}" + timeout="${METIS_SENTINEL_PUSH_TIMEOUT_SEC:-10}" + mkdir -p "${out_dir}" + while true; do + for snapshot in "${out_dir}"/*.json; do + [ -f "${snapshot}" ] || continue + if [ -z "${push_url}" ]; then + break + fi + if curl -fsS --connect-timeout "${timeout}" --max-time "${timeout}" \ + -X POST \ + -H "Content-Type: application/json" \ + -H "X-Metis-Node: ${METIS_SENTINEL_NODE:-unknown}" \ + --data-binary "@${snapshot}" \ + "${push_url}"; then + rm -f "${snapshot}" + fi + done + sleep "${interval}" + done + envFrom: + - configMapRef: + name: metis + env: + - name: METIS_SENTINEL_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: sentinel-output + mountPath: /var/run/metis-sentinel + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + capabilities: + drop: ["ALL"] volumes: - - name: host-root - hostPath: - path: / - name: sentinel-output emptyDir: {}