Skip to content

External Zuul Executor

Control plane

The Zuul executor must be disabled on the control plane by setting enabled to false in the spec.zuul.executor section. Furthermore, the k8s-api-url and the logserver-host setting must be set in the spec.config-location section.

yaml apiVersion: sf.softwarefactory-project.io/v1 kind: SoftwareFactory metadata: name: my-sf namespace: sf spec: fqdn: "sfop.me" config-location: k8s-api-url: "https://<control-plane-cluster-api-url>:6443" logserver-host: "<hostname-or-ip-of-logserver-sshd-service>" ... zuul: gerritconns: ... executor: enabled: false

The zuul executor component(s) require access to the following control plane services:

  • Zookeeper (2281/TCP)
  • The system-config git server (9418/TCP)
  • The logs server (2222/TCP)

A way to enable ingress on such a service is to use a Service Resource of type LoadBalancer:

```yaml

apiVersion: v1 kind: Service metadata: name: zookeeper-lb spec: ports: - name: zookeeper-2281 port: 2281 protocol: TCP targetPort: 2281 selector: statefulset.kubernetes.io/pod-name: zookeeper-0 app: sf run: zookeeper type: LoadBalancer

apiVersion: v1 kind: Service metadata: name: git-server-ro-lb spec: ports: - name: git-server-port-9418 port: 9418 protocol: TCP targetPort: 9418 selector: statefulset.kubernetes.io/pod-name: git-server-0 type: LoadBalancer

apiVersion: v1 kind: Service metadata: name: logserver-lb spec: ports: - name: logserver-2222 port: 2222 protocol: TCP targetPort: 2222 selector: statefulset.kubernetes.io/pod-name: logserver-0 type: LoadBalancer ```

Executor

The SoftwareFactory's CR to deploy only the zuul-executor component (on a cluster allowing the Privileged SCC) must be as follows:

yaml apiVersion: sf.softwarefactory-project.io/v1 kind: SoftwareFactory metadata: name: my-ext-ze spec: fqdn: "sfop.me" zuul: executor: standalone: controlPlanePublicZKHostname: "<hostname-or-ip-of-zookeeper-service>" controlPlanePublicGSHostname: "<hostname-or-ip-of-gitserver-service>" publicHostname: <hostname-or-ip-of-executor>

Zuul's connection definition must be similar in both Custom Resources, and the connection's secrets must be synchronized between the control plane's namespace and the zuul-executor namespace.

External executor deployment can be performed using the following command:

go run main.go deploy main-sf.yaml --remote external-executor.yaml

The control plane zuul-web must be able to access the zuul-executor component(s) finger port 7900. To do so, the following service can be defined:

yaml apiVersion: v1 kind: Service metadata: name: zuul-executor-headless-hp spec: ports: - name: zuul-executor-7900 port: 7900 protocol: TCP targetPort: 7900 selector: app: sf run: zuul-executor type: LoadBalancer