Propose namespaced tasks #404
Conversation
[ci skip]
michaelsauter
requested review from
oalyman,
kuebler,
gerardcl,
henrjk and
henninggross
[ci skip Co-authored-by: gerardcl <gerardcl@gmail.com>
|
I am not exited tbh. |
|
I suppose if one adjusted the "user installation" so that one would have a subtree (or perhaps submodule) of the entire ods-pipeline repo at |
|
Based on an off-screen discussion with @henrjk following his comment, I am inclined to update my proposal with @henrjk's suggestion. In effect, he proposes to go one step further and abolish a central installation altogether. This has the following advantages:
Disadvantage is obviously that every project needs to build images themselves. However the images build quickly and reliably at the moment. We could also further explore to get rid of building images in the cluster at all, and simply provide images from a central registry like Docker Hub. Technically, there are only two blockers right now: one is the baked in sonar edition (easily solved, see #410) and the other is the aqua scanner. This one could be handled either as a special case or we could start downloading the scanner in the pipeline run (potentially caching it in the PVC to avoid re-download). @kuebler @gerardcl @oalyman since you already approved, I would like to hear your thoughts on expanding the scope of the PR even further |
|
I also see the point and agree, I like it. Things to take into consideration:
|
Validation of tooling can (and I believe should) happen at the project level (qualifying a specific use case vs. a generic one).
The proposal right now removes this option. We could think about making it optional though.
Correct, they are part of ODS core. The proposal does not affect how we see them. |
|
Really like the extended scope, in particular w.r.t. Docker Hub, we need to consider their rate limiting, though. |
Two ideas come to mind:
|
|
@michaelsauter I like it. Especially that it puts some pressure on the topic to pre build images as I already proposed. |
[ci skip] Co-authored-by: Vincent Elcrin <vincent.elcrin@gmail.com>
[ci skip] Co-authored-by: Vincent Elcrin <vincent.elcrin@gmail.com>
|
So I've put some more thought into this and want to suggest the following now. I'm going to expand the scope to remove the admin installation completely. For the images, I entertained a few options but have now settled on an approach that we have already tried and tested with ODS core, and I believe is the best we can do for now. I'll call the approach the "wrapper technique". The idea is simple: built an image in GitHub, but wrap this image in a BuildConfig/ImageStream in OpenShift. For example, say we build the While the wrapper images comes with some conceptual overhead, the advantages easily outweigh this in my opinion:
@kuebler @gerardcl @oalyman @henrjk Would love to get one more round of feedback :) |
|
hi! makes sense to me! but! how and where is the deployment of, for example, ods-sonar? |
I assume you talk about a SonarQube server? This, along with other services, is provided by a central ODS core installation. Projects do not need to provide/maintain their own services (SQ, Nexus, Bitbucket, Aqua), although they could if they wanted to. The interfaces of ODS Pipeline are described here: https://github.com/opendevstack/ods-pipeline/blob/master/docs/design/software-architecture.adoc#interfaces. We could further clarify the exact requirements of this central ODS core installation but I am OK with the current state for now. |
|
so then this will still exist https://github.com/opendevstack/ods-pipeline/tree/master/deploy/central, right? but only with the https://github.com/opendevstack/ods-pipeline/tree/master/deploy/central/images-chart bc related to central installation? |
…proposal # Conflicts: # deploy/central/tasks-chart/templates/task-ods-build-typescript-with-sidecar.yaml # docs/tasks/ods-build-typescript-with-sidecar.adoc
| * Pipeline users cannot specify task resources. This was possible in Jenkins and also used by many users. See issue https://github.com/opendevstack/ods-pipeline/issues/195. Currently support is not even on the Tekton roadmap. Only workaround: multiple tasks or high defaults. If that does not work, users must create their own copies of the tasks. | ||
| * Pipeline users cannot specify sidecars. This was possible in Jenkins and also used by many users (e.g. to spin up a database for testing). See issue https://github.com/opendevstack/ods-pipeline/issues/135. Currently support is not even on the Tekton roadmap. Only workaround: multiple tasks. If that does not work (e.g. you need more than one sidecar), users must create their own copies of the tasks. | ||
| * Pipeline users cannot specify task resources dynamically without changing the task at hand. This was possible in Jenkins and also used by many users. See issue https://github.com/opendevstack/ods-pipeline/issues/195. Currently, support is not even on the Tekton roadmap. Only workaround: multiple tasks or high defaults. | ||
| * Pipeline users cannot specify sidecars dynamically without changing the task at hand. This was possible in Jenkins and also used by many users (e.g. to spin up a database for testing). See issue https://github.com/opendevstack/ods-pipeline/issues/135. Currently, support is not even on the Tekton roadmap. Only workaround: multiple tasks. |
There was a problem hiding this comment.
Thanks for the updates to this file!
I think we can take out the first two limitations: specifying resources and sidecars is possible with this PR :)
There was a problem hiding this comment.
We were thinking about removing those points as well, but after a small discussion decided to add that this is indeed possible but only on a project-wide scope by changing the task itself, not on a per-repo scope as it was possible with a Jenkinsfile.
But we are also happy to remove both of those bullets if you think that this is confusing.
There was a problem hiding this comment.
Yes I think the new solution is good enough to be a solution for now. We should remove this as it isn't a "blocker" any longer.
I would love to have both pain points mentioned in the ADR though, and in the discussion we should link to the issues / Tekton TEPs.
|
|
||
| Users will still be able to consume quickstarters via the provisioning app. | ||
|
|
||
| Authoring a new quickstarter means potentially creating a new task (say a Rust task). This task would then need to be installed centrally as a ClusterTask like the others. I do not know yet how a less official task could be shared easily ... each namespace would need to install that task separately. | ||
| Authoring a new quickstarter means potentially creating a new task (say a Rust task). We do not know yet how a less official task could be shared easily ... each namespace would need to install that task separately. |
This proposal aims to adress the following issues:
Let's try out a different format this time. Instead of discussing in an issue, this approach allows to discuss one specific proposal PR-style (allowing to comment inline etc.)
Looking forward to feedback of any kind!