From 5ea4a2f4ae668cca740795ed88b8725124e56eb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20MERLE?= <95630726+smerle33@users.noreply.github.com> Date: Wed, 3 Jul 2024 08:19:50 +0200 Subject: [PATCH] feat(releaseci): adding a dedicated disk/pv/pvc for release.ci as standard-zrs (#768) as per https://github.com/jenkins-infra/helpdesk/issues/4044 preparing the migration from premium to standard ZRS --------- Co-authored-by: Damien Duportal --- privatek8s.tf | 11 +++++++ release.ci.jenkins.io.tf | 70 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 release.ci.jenkins.io.tf diff --git a/privatek8s.tf b/privatek8s.tf index 7017f35f..d207c7c4 100644 --- a/privatek8s.tf +++ b/privatek8s.tf @@ -320,6 +320,17 @@ resource "kubernetes_storage_class" "managed_csi_standard_ZRS_retain_private" { allow_volume_expansion = true } +resource "kubernetes_storage_class" "statically_provisionned_privatek8s" { + metadata { + name = "statically-provisionned" + } + storage_provisioner = "disk.csi.azure.com" + reclaim_policy = "Retain" + provider = kubernetes.privatek8s + allow_volume_expansion = true +} + + # Used later by the load balancer deployed on the cluster, see https://github.com/jenkins-infra/kubernetes-management/config/privatek8s.yaml resource "azurerm_public_ip" "public_privatek8s" { name = "public-privatek8s" diff --git a/release.ci.jenkins.io.tf b/release.ci.jenkins.io.tf new file mode 100644 index 00000000..bf8bc3b8 --- /dev/null +++ b/release.ci.jenkins.io.tf @@ -0,0 +1,70 @@ +resource "azurerm_resource_group" "release_ci_controller" { + name = "release-ci" + location = var.location +} + +resource "azurerm_managed_disk" "jenkins_release_data" { + name = "jenkins-release-data" + location = azurerm_resource_group.release_ci_controller.location + resource_group_name = azurerm_resource_group.release_ci_controller.name + storage_account_type = "StandardSSD_ZRS" + create_option = "Empty" + disk_size_gb = 64 + tags = { + environment = azurerm_resource_group.release_ci_controller.name + } +} + +resource "kubernetes_persistent_volume" "jenkins_release_data" { + provider = kubernetes.privatek8s + metadata { + name = "jenkins-release-pv" + } + spec { + capacity = { + storage = azurerm_managed_disk.jenkins_release_data.disk_size_gb + } + access_modes = ["ReadWriteOnce"] + persistent_volume_reclaim_policy = "Retain" + storage_class_name = kubernetes_storage_class.statically_provisionned_privatek8s.id + persistent_volume_source { + csi { + driver = "disk.csi.azure.com" + volume_handle = azurerm_managed_disk.jenkins_release_data.id + } + } + } +} + +resource "kubernetes_persistent_volume_claim" "jenkins_release_data" { + provider = kubernetes.privatek8s + metadata { + name = "jenkins-release-data" + namespace = "jenkins-release" + } + spec { + access_modes = kubernetes_persistent_volume.jenkins_release_data.spec[0].access_modes + volume_name = kubernetes_persistent_volume.jenkins_release_data.metadata.0.name + storage_class_name = kubernetes_storage_class.statically_provisionned_privatek8s.id + resources { + requests = { + storage = azurerm_managed_disk.jenkins_release_data.disk_size_gb + } + } + } +} + +# Required to allow the release controller to read the disk +resource "azurerm_role_definition" "release_ci_jenkins_io_controller_disk_reader" { + name = "ReadreleaseCIDisk" + scope = azurerm_resource_group.release_ci_controller.id + + permissions { + actions = ["Microsoft.Compute/disks/read"] + } +} +resource "azurerm_role_assignment" "release_ci_jenkins_io_allow_azurerm" { + scope = azurerm_resource_group.release_ci_controller.id + role_definition_id = azurerm_role_definition.release_ci_jenkins_io_controller_disk_reader.role_definition_resource_id + principal_id = azurerm_kubernetes_cluster.privatek8s.identity[0].principal_id +}