ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ops): preserve resources on deploy failure and protect ConfigMap/PVC from deletion

Browse Source 
- deploy.sh: keep failed release for debugging instead of auto-uninstall,
  add helm.sh/resource-policy=keep annotation on ConfigMap and PVC
- uninstall.sh: interactive confirmation with protected resource list,
  post-uninstall verification that namespace/ConfigMap/PVC still exist
This commit is contained in:
ZhenYi 2026-05-11 00:17:43 +08:00
parent b560d9ea0f
commit fc013b174f
2 changed files with 76 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
deploy.sh
View File

@ -30,24 +30,25 @@ log "Ensuring namespace $NAMESPACE exists..."
kubectl create namespace "$NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - kubectl create namespace "$NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
# ── 2. Ensure prerequisites ───────────────────────────────────────── # ── 2. Ensure prerequisites ─────────────────────────────────────────
# Namespace must exist (not managed by Helm)
if ! kubectl get namespace "$NAMESPACE" &>/dev/null; then if ! kubectl get namespace "$NAMESPACE" &>/dev/null; then
err "Namespace '$NAMESPACE' not found — create it first: kubectl create namespace $NAMESPACE" err "Namespace '$NAMESPACE' not found — create it first: kubectl create namespace $NAMESPACE"
fi fi
# ConfigMap (must exist before Helm install)
if ! kubectl get configmap "$CONFIG_MAP" -n "$NAMESPACE" &>/dev/null; then if ! kubectl get configmap "$CONFIG_MAP" -n "$NAMESPACE" &>/dev/null; then
err "ConfigMap '$CONFIG_MAP' not found in namespace '$NAMESPACE' — create it first" err "ConfigMap '$CONFIG_MAP' not found in namespace '$NAMESPACE' — create it first"
fi fi
# PVC (must exist before Helm install)
if ! kubectl get pvc "$PVC_NAME" -n "$NAMESPACE" &>/dev/null; then if ! kubectl get pvc "$PVC_NAME" -n "$NAMESPACE" &>/dev/null; then
err "PVC '$PVC_NAME' not found in namespace '$NAMESPACE' — create it first" err "PVC '$PVC_NAME' not found in namespace '$NAMESPACE' — create it first"
fi fi
# Protect ConfigMap and PVC from accidental Helm deletion
kubectl annotate configmap "$CONFIG_MAP" -n "$NAMESPACE" helm.sh/resource-policy=keep --overwrite
kubectl annotate pvc "$PVC_NAME" -n "$NAMESPACE" helm.sh/resource-policy=keep --overwrite
# cert-manager ClusterIssuer # cert-manager ClusterIssuer
if ! kubectl get clusterissuer letsencrypt-prod &>/dev/null; then if ! kubectl get clusterissuer cloudflare-acme-cluster-issuer &>/dev/null; then
warn "ClusterIssuer 'letsencrypt-prod' not found — TLS certificate issuance will fail" warn "ClusterIssuer 'cloudflare-acme-cluster-issuer' not found — TLS certificate issuance will fail"
fi fi
log "Prerequisites verified" log "Prerequisites verified"
@ -59,14 +60,24 @@ helm lint "$CHART_DIR" || err "Helm lint failed"
# ── 4. Deploy ──────────────────────────────────────────────────────── # ── 4. Deploy ────────────────────────────────────────────────────────
log "Deploying release $RELEASE with tag $TAG..." log "Deploying release $RELEASE with tag $TAG..."
helm upgrade --install "$RELEASE" "$CHART_DIR" \ if ! helm upgrade --install "$RELEASE" "$CHART_DIR" \
--namespace "$NAMESPACE" \ --namespace "$NAMESPACE" \
--set imageRegistry="$REGISTRY" \ --set imageRegistry="$REGISTRY" \
--set imageTag="$TAG" \ --set imageTag="$TAG" \
--set configMapName="$CONFIG_MAP" \ --set configMapName="$CONFIG_MAP" \
--set pvcName="$PVC_NAME" \ --set pvcName="$PVC_NAME" \
--wait \ --timeout 5m; then
--timeout 5m echo ""
err "Deployment FAILED — release preserved for debugging.
Debug commands:
helm status $RELEASE -n $NAMESPACE
kubectl get pods -n $NAMESPACE
kubectl logs -n app <pod-name> --previous
helm rollback $RELEASE -n $NAMESPACE (rollback to previous release)
helm uninstall $RELEASE -n $NAMESPACE (remove failed release)"
fi
log "Release $RELEASE deployed successfully" log "Release $RELEASE deployed successfully"

57
uninstall.sh Normal file
View File

@ -0,0 +1,57 @@
#!/usr/bin/env bash
set -euo pipefail
# ── helpers ──────────────────────────────────────────────────────────
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
log() { echo -e "${GREEN}[OK]${NC} $*"; }
warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
# ── defaults ─────────────────────────────────────────────────────────
NAMESPACE="${NAMESPACE:-app}"
RELEASE="${RELEASE:-deploy}"
CONFIG_MAP="${CONFIG_MAP:-app-env}"
PVC_NAME="${PVC_NAME:-shared-data}"
# ── safety check ─────────────────────────────────────────────────────
echo ""
warn "This will remove Helm release '$RELEASE' from namespace '$NAMESPACE'."
warn "The following resources are PROTECTED and will NOT be deleted:"
warn " - Namespace: $NAMESPACE"
warn " - ConfigMap: $CONFIG_MAP"
warn " - PVC: $PVC_NAME"
echo ""
read -rp "Continue? [y/N] " confirm
if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
log "Cancelled"
exit 0
fi
# ── uninstall ────────────────────────────────────────────────────────
log "Uninstalling Helm release $RELEASE..."
helm uninstall "$RELEASE" --namespace "$NAMESPACE"
log "Helm release uninstalled"
# ── verify protected resources ───────────────────────────────────────
log "Verifying protected resources still exist..."
if kubectl get namespace "$NAMESPACE" &>/dev/null; then
log "Namespace '$NAMESPACE' preserved"
else
echo -e "${RED}[ERR]${NC} Namespace '$NAMESPACE' was deleted!"
fi
if kubectl get configmap "$CONFIG_MAP" -n "$NAMESPACE" &>/dev/null; then
log "ConfigMap '$CONFIG_MAP' preserved"
else
echo -e "${RED}[ERR]${NC} ConfigMap '$CONFIG_MAP' was deleted!"
fi
if kubectl get pvc "$PVC_NAME" -n "$NAMESPACE" &>/dev/null; then
log "PVC '$PVC_NAME' preserved"
else
echo -e "${RED}[ERR]${NC} PVC '$PVC_NAME' was deleted!"
fi
log "Uninstall complete — remaining resources in namespace $NAMESPACE:"
kubectl get all,pvc,configmap,ingress -n "$NAMESPACE"