feat(releaseci): adding a dedicated disk/pv/pvc for release.ci as sta…

…ndard-zrs (#768) as per jenkins-infra/helpdesk#4044 preparing the migration from premium to standard ZRS --------- Co-authored-by: Damien Duportal <damien.duportal@gmail.com>
jenkins-infra · Jul 3, 2024 · 5ea4a2f · 5ea4a2f
1 parent 72a26fb
commit 5ea4a2f
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 0 deletions.
diff --git a/privatek8s.tf b/privatek8s.tf
@@ -320,6 +320,17 @@ resource "kubernetes_storage_class" "managed_csi_standard_ZRS_retain_private" {
   allow_volume_expansion = true
 }
 
+resource "kubernetes_storage_class" "statically_provisionned_privatek8s" {
+  metadata {
+    name = "statically-provisionned"
+  }
+  storage_provisioner    = "disk.csi.azure.com"
+  reclaim_policy         = "Retain"
+  provider               = kubernetes.privatek8s
+  allow_volume_expansion = true
+}
+
+
 # Used later by the load balancer deployed on the cluster, see https://github.com/jenkins-infra/kubernetes-management/config/privatek8s.yaml
 resource "azurerm_public_ip" "public_privatek8s" {
   name                = "public-privatek8s"

diff --git a/release.ci.jenkins.io.tf b/release.ci.jenkins.io.tf
@@ -0,0 +1,70 @@
+resource "azurerm_resource_group" "release_ci_controller" {
+  name     = "release-ci"
+  location = var.location
+}
+
+resource "azurerm_managed_disk" "jenkins_release_data" {
+  name                 = "jenkins-release-data"
+  location             = azurerm_resource_group.release_ci_controller.location
+  resource_group_name  = azurerm_resource_group.release_ci_controller.name
+  storage_account_type = "StandardSSD_ZRS"
+  create_option        = "Empty"
+  disk_size_gb         = 64
+  tags = {
+    environment = azurerm_resource_group.release_ci_controller.name
+  }
+}
+
+resource "kubernetes_persistent_volume" "jenkins_release_data" {
+  provider = kubernetes.privatek8s
+  metadata {
+    name = "jenkins-release-pv"
+  }
+  spec {
+    capacity = {
+      storage = azurerm_managed_disk.jenkins_release_data.disk_size_gb
+    }
+    access_modes                     = ["ReadWriteOnce"]
+    persistent_volume_reclaim_policy = "Retain"
+    storage_class_name               = kubernetes_storage_class.statically_provisionned_privatek8s.id
+    persistent_volume_source {
+      csi {
+        driver        = "disk.csi.azure.com"
+        volume_handle = azurerm_managed_disk.jenkins_release_data.id
+      }
+    }
+  }
+}
+
+resource "kubernetes_persistent_volume_claim" "jenkins_release_data" {
+  provider = kubernetes.privatek8s
+  metadata {
+    name      = "jenkins-release-data"
+    namespace = "jenkins-release"
+  }
+  spec {
+    access_modes       = kubernetes_persistent_volume.jenkins_release_data.spec[0].access_modes
+    volume_name        = kubernetes_persistent_volume.jenkins_release_data.metadata.0.name
+    storage_class_name = kubernetes_storage_class.statically_provisionned_privatek8s.id
+    resources {
+      requests = {
+        storage = azurerm_managed_disk.jenkins_release_data.disk_size_gb
+      }
+    }
+  }
+}
+
+# Required to allow the release controller to read the disk
+resource "azurerm_role_definition" "release_ci_jenkins_io_controller_disk_reader" {
+  name  = "ReadreleaseCIDisk"
+  scope = azurerm_resource_group.release_ci_controller.id
+
+  permissions {
+    actions = ["Microsoft.Compute/disks/read"]
+  }
+}
+resource "azurerm_role_assignment" "release_ci_jenkins_io_allow_azurerm" {
+  scope              = azurerm_resource_group.release_ci_controller.id
+  role_definition_id = azurerm_role_definition.release_ci_jenkins_io_controller_disk_reader.role_definition_resource_id
+  principal_id       = azurerm_kubernetes_cluster.privatek8s.identity[0].principal_id
+}