Merge pull request #216 from PermanentOrg/per-10376_fix_deploys_when_pods_are_missing

liam-lloyd · web-flow · commit 2db841dd2d81 · 2025-12-17T15:57:33.000-06:00
Per 10376 fix deploys when pods are missing
diff --git a/archivematica/prod_cluster/archivematica_deployment.tf b/archivematica/prod_cluster/archivematica_deployment.tf
@@ -1,4 +1,5 @@
 data "kubernetes_resource" "archivematica_prod" {
+  count       = local.need_images ? 1 : 0
   kind        = "Deployment"
   api_version = "apps/v1"
   metadata { name = "archivematica-prod" }
@@ -563,6 +564,7 @@ resource "kubernetes_deployment" "archivematica_prod" {
 }
 
 data "kubernetes_resource" "mcp_client_prod" {
+  count       = local.need_images ? 1 : 0
   kind        = "Deployment"
   api_version = "apps/v1"
   metadata { name = "archivematica-mcp-client-prod" }
diff --git a/archivematica/prod_cluster/eks-cluster.tf b/archivematica/prod_cluster/eks-cluster.tf
@@ -73,15 +73,15 @@ module "eks" {
 }
 
 module "ebs_csi_irsa" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "5.60.0"
 
-  role_name_prefix = "${local.cluster_name}-ebs-csi-"
+  role_name_prefix      = "${local.cluster_name}-ebs-csi-"
   attach_ebs_csi_policy = true
 
   oidc_providers = {
     main = {
-      provider_arn = module.eks.oidc_provider_arn
+      provider_arn               = module.eks.oidc_provider_arn
       namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
     }
   }
diff --git a/archivematica/prod_cluster/locals.tf b/archivematica/prod_cluster/locals.tf
@@ -1,19 +1,19 @@
 locals {
+  required_images = [
+    "archivematica-storage-service-prod",
+    "archivematica-dashboard-prod",
+    "archivematica-mcp-server-prod",
+    "archivematica-mcp-client-prod",
+  ]
+
+  need_images = length(setsubtract(local.required_images, keys(var.image_overrides))) > 0
   current_archivematica_prod_deploy = data.kubernetes_resource.archivematica_prod.object
   current_mcp_client_prod_deploy    = data.kubernetes_resource.mcp_client_prod.object
 
-  current_containers = concat(
-    try(local.current_archivematica_prod_deploy.spec.template.spec.containers),
-    try(local.current_mcp_client_prod_deploy.spec.template.spec.containers)
+  current_images = merge(
+    try(for container in data.kubernetes_resource.archivematica_prod[0].object.spec.template.spec.containers : container.name => container.image }, {}),
+    try(for container in data.kubernetes_resource.mcp_client_prod[0].object.spec.template.spec.containers : container.name => container.image }, {}),
   )
 
-  current_images = { for container in local.current_containers : container.name => container.image }
-
-  desired_images = {
-    for name, image in local.current_images :
-    name => (contains(keys(var.image_overrides), name)
-      ? var.image_overrides[name]
-      : local.current_images[name]
-    )
-  }
+  desired_images = merge(local.current_images, var.image_overrides)
 }
diff --git a/archivematica/test_cluster/dev_archivematica_deployment.tf b/archivematica/test_cluster/dev_archivematica_deployment.tf
@@ -1,4 +1,5 @@
 data "kubernetes_resource" "archivematica_dev" {
+  count       = local.need_dev_images ? 1 : 0
   kind        = "Deployment"
   api_version = "apps/v1"
   metadata { name = "archivematica-dev" }
@@ -88,7 +89,7 @@ resource "kubernetes_deployment" "archivematica_dev" {
             value = "dev.archivematica.permanent.org"
           }
           env {
-            name  = "DJANGO_SECRET_KEY"
+            name = "DJANGO_SECRET_KEY"
             value_from {
               secret_key_ref {
                 name     = "dev-archivematica-secrets"
@@ -243,7 +244,7 @@ resource "kubernetes_deployment" "archivematica_dev" {
           image = local.desired_images["archivematica-mcp-server-dev"]
           name  = "archivematica-mcp-server-dev"
           env {
-            name  = "DJANGO_SECRET_KEY"
+            name = "DJANGO_SECRET_KEY"
             value_from {
               secret_key_ref {
                 name     = "dev-archivematica-secrets"
@@ -364,7 +365,7 @@ resource "kubernetes_deployment" "archivematica_dev" {
           }
         }
         init_container {
-          image   = local.desired_images["archivematica-storage-service-dev"]
+          image = local.desired_images["archivematica-storage-service-dev"]
           name  = "archivematica-storage-service-create-user"
           env {
             name  = "DJANGO_SETTINGS_MODULE"
@@ -563,6 +564,7 @@ resource "kubernetes_deployment" "archivematica_dev" {
 }
 
 data "kubernetes_resource" "mcp_client_dev" {
+  count       = local.need_dev_images ? 1 : 0
   kind        = "Deployment"
   api_version = "apps/v1"
   metadata { name = "archivematica-mcp-client-dev" }
diff --git a/archivematica/test_cluster/eks-cluster.tf b/archivematica/test_cluster/eks-cluster.tf
@@ -2,11 +2,11 @@ module "eks" {
   source  = "terraform-aws-modules/eks/aws"
   version = "21.2.0"
 
-  name    = local.cluster_name
+  name               = local.cluster_name
   kubernetes_version = "1.32"
 
-  vpc_id                         = var.vpc_id
-  subnet_ids                     = var.subnet_ids
+  vpc_id                 = var.vpc_id
+  subnet_ids             = var.subnet_ids
   endpoint_public_access = true
   security_group_id      = var.dev_security_group_id
   access_entries = {
@@ -47,7 +47,7 @@ module "eks" {
 
   eks_managed_node_groups = {
     one = {
-      name = "node-group-1"
+      name     = "node-group-1"
       ami_type = "AL2023_x86_64_STANDARD"
 
       vpc_security_group_ids = [var.dev_security_group_id, var.staging_security_group_id]
@@ -74,15 +74,15 @@ module "eks" {
 }
 
 module "ebs_csi_irsa" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "5.60.0"
 
-  role_name_prefix = "${local.cluster_name}-ebs-csi-"
+  role_name_prefix      = "${local.cluster_name}-ebs-csi-"
   attach_ebs_csi_policy = true
 
   oidc_providers = {
     main = {
-      provider_arn = module.eks.oidc_provider_arn
+      provider_arn               = module.eks.oidc_provider_arn
       namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
     }
   }
@@ -96,8 +96,8 @@ resource "kubernetes_storage_class" "gp3" {
   parameters = {
     type = "gp3"
   }
-  reclaim_policy = "Delete"
-  volume_binding_mode = "WaitForFirstConsumer"
+  reclaim_policy         = "Delete"
+  volume_binding_mode    = "WaitForFirstConsumer"
   allow_volume_expansion = true
 }
 
diff --git a/archivematica/test_cluster/load_balancer.tf b/archivematica/test_cluster/load_balancer.tf
@@ -1,5 +1,5 @@
 module "lb_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "5.60.0"
 
   role_name                              = "dev_archivematica_lb"
diff --git a/archivematica/test_cluster/locals.tf b/archivematica/test_cluster/locals.tf
@@ -1,24 +1,27 @@
 locals {
-  current_archivematica_dev_deploy = data.kubernetes_resource.archivematica_dev.object
-  current_mcp_client_dev_deploy = data.kubernetes_resource.mcp_client_dev.object
+  required_dev_images = [
+    "archivematica-storage-service-dev",
+    "archivematica-dashboard-dev",
+    "archivematica-mcp-server-dev",
+    "archivematica-mcp-client-dev",
+  ]
 
-  current_archivematica_staging_deploy = data.kubernetes_resource.archivematica_staging.object
-  current_mcp_client_staging_deploy = data.kubernetes_resource.mcp_client_staging.object
+  required_staging_images = [
+    "archivematica-storage-service-staging",
+    "archivematica-dashboard-staging",
+    "archivematica-mcp-server-staging",
+    "archivematica-mcp-client-staging",
+  ]
 
-  current_containers = concat(
-    try(local.current_archivematica_dev_deploy.spec.template.spec.containers),
-    try(local.current_mcp_client_dev_deploy.spec.template.spec.containers),
-    try(local.current_archivematica_staging_deploy.spec.template.spec.containers),
-    try(local.current_mcp_client_staging_deploy.spec.template.spec.containers)
-  )
+  need_dev_images     = length(setsubtract(local.required_dev_images, keys(var.image_overrides))) > 0
+  need_staging_images = length(setsubtract(local.required_staging_images, keys(var.image_overrides))) > 0
 
-  current_images = { for container in local.current_containers : container.name => container.image }
+  current_images = merge(
+    try({ for container in data.kubernetes_resource.archivematica_dev[0].object.spec.template.spec.containers : container.name => container.image }, {}),
+    try({ for container in data.kubernetes_resource.mcp_client_dev[0].object.spec.template.spec.containers : container.name => container.image }, {}),
+    try({ for container in data.kubernetes_resource.archivematica_staging[0].object.spec.template.spec.containers : container.name => container.image }, {}),
+    try({ for container in data.kubernetes_resource.mcp_client_staging[0].object.spec.template.spec.containers : container.name => container.image }, {}),
+  )
 
-  desired_images = {
-    for name, image in local.current_images :
-    name => (contains(keys(var.image_overrides), name)
-      ? var.image_overrides[name]
-      : local.current_images[name]
-    )
-  }
+  desired_images = merge(local.current_images, var.image_overrides)
 }
diff --git a/archivematica/test_cluster/staging_archivematica_deployment.tf b/archivematica/test_cluster/staging_archivematica_deployment.tf
@@ -1,4 +1,5 @@
 data "kubernetes_resource" "archivematica_staging" {
+  count       = local.need_staging_images ? 1 : 0
   kind        = "Deployment"
   api_version = "apps/v1"
   metadata { name = "archivematica-staging" }
@@ -88,7 +89,7 @@ resource "kubernetes_deployment" "archivematica_staging" {
             value = "staging.archivematica.permanent.org"
           }
           env {
-            name  = "DJANGO_SECRET_KEY"
+            name = "DJANGO_SECRET_KEY"
             value_from {
               secret_key_ref {
                 name     = "staging-archivematica-secrets"
@@ -243,7 +244,7 @@ resource "kubernetes_deployment" "archivematica_staging" {
           image = local.desired_images["archivematica-mcp-server-staging"]
           name  = "archivematica-mcp-server-staging"
           env {
-            name  = "DJANGO_SECRET_KEY"
+            name = "DJANGO_SECRET_KEY"
             value_from {
               secret_key_ref {
                 name     = "staging-archivematica-secrets"
@@ -324,7 +325,7 @@ resource "kubernetes_deployment" "archivematica_staging" {
           }
         }
         init_container {
-          image = local.desired_images["archivematica-storage-service-staging"]
+          image   = local.desired_images["archivematica-storage-service-staging"]
           name    = "archivematica-storage-service-migrations"
           command = ["sh"]
           args    = ["-c", "python manage.py migrate --noinput"]
@@ -432,7 +433,7 @@ resource "kubernetes_deployment" "archivematica_staging" {
           args    = ["-c", "python manage.py create_user --username=$(AM_SS_USERNAME) --password='$(AM_SS_PASSWORD)' --email=$(AM_SS_EMAIL) --api-key='$(AM_SS_API_KEY)' --superuser"]
         }
         init_container {
-          image = local.desired_images["archivematica-dashboard-staging"]
+          image   = local.desired_images["archivematica-dashboard-staging"]
           name    = "archivematica-dashboard-migration"
           command = ["sh"]
           args    = ["-c", "python /src/src/dashboard/src/manage.py migrate --noinput"]
@@ -494,7 +495,7 @@ resource "kubernetes_deployment" "archivematica_staging" {
           }
         }
         init_container {
-          image = local.desired_images["archivematica-storage-service-staging"]
+          image   = local.desired_images["archivematica-storage-service-staging"]
           name    = "archivematica-rclone-configuration"
           command = ["sh"]
           args    = ["-c", "rclone config create permanentb2 b2 account $(BACKBLAZE_KEY_ID) key $(BACKBLAZE_APPLICATION_KEY) --obscure"]
@@ -563,6 +564,7 @@ resource "kubernetes_deployment" "archivematica_staging" {
 }
 
 data "kubernetes_resource" "mcp_client_staging" {
+  count       = local.need_staging_images ? 1 : 0
   kind        = "Deployment"
   api_version = "apps/v1"
   metadata { name = "archivematica-mcp-client-staging" }
diff --git a/archivematica/test_cluster/variables.tf b/archivematica/test_cluster/variables.tf
@@ -126,6 +126,6 @@ variable "whitelisted_cidrs" {
 
 variable "image_overrides" {
   description = "A map of docker images to be updated"
-  type = map(string)
-  default = {}
+  type        = map(string)
+  default     = {}
 }

Original file line number	Diff line number	Diff line change
`@@ -73,15 +73,15 @@ module "eks" {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`module "ebs_csi_irsa" {`
`76`		`- source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"`
	`76`	`+ source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"`
`77`	`77`	`version = "5.60.0"`
`78`	`78`
`79`		`- role_name_prefix = "${local.cluster_name}-ebs-csi-"`
	`79`	`+ role_name_prefix = "${local.cluster_name}-ebs-csi-"`
`80`	`80`	`attach_ebs_csi_policy = true`
`81`	`81`
`82`	`82`	`oidc_providers = {`
`83`	`83`	`main = {`
`84`		`- provider_arn = module.eks.oidc_provider_arn`
	`84`	`+ provider_arn = module.eks.oidc_provider_arn`
`85`	`85`	`namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]`
`86`	`86`	`}`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -126,6 +126,6 @@ variable "whitelisted_cidrs" {`
`126`	`126`
`127`	`127`	`variable "image_overrides" {`
`128`	`128`	`description = "A map of docker images to be updated"`
`129`		`- type = map(string)`
`130`		`- default = {}`
	`129`	`+ type = map(string)`
	`130`	`+ default = {}`
`131`	`131`	`}`