Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Restart the frontend deployment to update site-config #60776

Open
daxmc99 wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Restart the frontend deployment to update site-config #60776

daxmc99 wants to merge 13 commits into from

Conversation

@daxmc99
Copy link
Contributor

@daxmc99 daxmc99 commented Feb 28, 2024
edited
Loading

@dandiem requested this to reduce CE workload

Test plan

We can do this, we should do this

Will test images

@cla-bot cla-bot bot added the cla-signed label Feb 28, 2024
@daxmc99 daxmc99 requested a review from a team February 28, 2024 12:38
@daxmc99 daxmc99 force-pushed the dax/rollout_the_frontend_on_conf_change branch from aeb87de to 1e3ff6d Compare February 28, 2024 15:17
michaellzc
michaellzc reviewed Feb 28, 2024
View reviewed changes
cmd/frontend/graphqlbackend/site_reload.go Outdated
return nil, err
}
ns := endpoint.Namespace(r.logger)
data := fmt.Sprintf(`{"spec": {"template": {"metadata": {"annotations": {"kubectl.kubernetes.io/restartedAt": "%s"}}}}}`, time.Now().Format("20060102150405"))
Copy link
Member

@michaellzc michaellzc Feb 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this cause drift with the deployment manifests? e.g., kustomize, helm.

I would like to see an E2E test against a locally deployed (with kind) sourcegraph k8s deployment.

you can build images from this branch with:

sg ci build docker-images-candidates-notest

Then in your helm overrides:

storageClass:
  create: false
  name: standard

sourcegraph: 
  localDevMode: true
  image:
    # you can find the tag from buildkite logs
    defaultTag: docker-images-candidates-notest-<replace_md>
    useGlobalTagAsDefault: true

Copy link
Contributor

@filiphaftek filiphaftek Feb 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this cause drift with the deployment manifests? e.g., kustomize, helm.

I would like to see an E2E test against a locally deployed (with kind) sourcegraph k8s deployment.

you can build images from this branch with:

sg ci build docker-images-candidates-notest

Then in your helm overrides:

storageClass:
  create: false
  name: standard

sourcegraph: 
  localDevMode: true
  image:
    # you can find the tag from buildkite logs
    defaultTag: docker-images-candidates-notest-<replace_md>
    useGlobalTagAsDefault: true

@michaellzc I do not expect any drift, b/c I just did kubectl rollout restart deployment sourcegraph-frontend and it resulted in these annotations being added to deployment:

  template:
    metadata:
      annotations:
        checksum/auth: 5dda2c15191bf709225a311e8b732e6253d7b1c9afcf89e6ec994511cbbd2cf4
        checksum/redis: 63b58e05a2640417d599c4aee6d866cb9063e3a9aa452dc08dbfff836b7781b7
        kubectl.kubernetes.io/default-container: frontend
        kubectl.kubernetes.io/restartedAt: "2024-02-29T00:51:29+01:00" <-- new one just added by kubectl

so this action is same as normal operation done by our self-service
but +1 for test results.

Copy link
Member

@michaellzc michaellzc Feb 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it, didn't know that's how rollout restart work underneath.

on that notes, a few suggestions:

  • replace the annotation namespace from kubectl.kubernetes.io/restartedAt to something like sourcegraph.com/restartedAt. just makes it clear we're not trying to impersonate as kubectl, and leave a proper fingerprint.
  • add some basic sanity checks to prevent mis-used, e.g., check if all pods are healthy, check if there's restart in progress, etc.
  • record this action in audit logs
  • add a flag (e.g., SRC_ENABLE_FRONTEND_SITE_RELOAD) so it's possible to disable this feature if we want, especially frontend availability affects Cloud uptime SLA.

@michaellzc michaellzc requested a review from a team February 28, 2024 17:03
@daxmc99 daxmc99 force-pushed the dax/rollout_the_frontend_on_conf_change branch from 0377f37 to efecd89 Compare February 29, 2024 09:06
filiphaftek
filiphaftek reviewed Feb 29, 2024
View reviewed changes
cmd/frontend/graphqlbackend/site_reload.go Outdated
if err := auth.CheckCurrentUserIsSiteAdmin(ctx, r.db); err != nil {
return nil, err
}
if cloud.SiteConfig().SourcegraphOperatorAuthProviderEnabled() {
Copy link
Contributor

@filiphaftek filiphaftek Feb 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cloud only - nice 👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@filiphaftek filiphaftek filiphaftek left review comments

@michaellzc michaellzc michaellzc left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daxmc99 @filiphaftek @michaellzc