From f1fc2129e5962037204ffb1bd7917cafeb995a69 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Wed, 6 Dec 2023 02:32:10 -0800 Subject: [PATCH 01/78] init: file structure and ingress/service/deployment templates --- new-infra/charts/.helmignore | 23 ++++++++++++++ new-infra/charts/app/Chart.yaml | 0 .../charts/app/charts/backend/Chart.yaml | 0 .../charts/backend/templates/deployment.yaml | 20 ++++++++++++ .../app/charts/backend/templates/ingress.yaml | 1 + .../app/charts/backend/templates/service.yaml | 1 + .../charts/app/charts/backend/values.yaml | 1 + .../charts/app/charts/frontend/Chart.yaml | 0 .../charts/frontend/templates/deployment.yaml | 20 ++++++++++++ .../charts/frontend/templates/ingress.yaml | 1 + .../charts/frontend/templates/service.yaml | 1 + .../charts/app/charts/frontend/values.yaml | 1 + new-infra/charts/app/templates/ingress.yaml | 31 +++++++++++++++++++ new-infra/charts/app/templates/service.yaml | 14 +++++++++ new-infra/charts/app/values.yaml | 0 new-infra/init.sh | 0 16 files changed, 114 insertions(+) create mode 100644 new-infra/charts/.helmignore create mode 100644 new-infra/charts/app/Chart.yaml create mode 100644 new-infra/charts/app/charts/backend/Chart.yaml create mode 100644 new-infra/charts/app/charts/backend/templates/deployment.yaml create mode 100644 new-infra/charts/app/charts/backend/templates/ingress.yaml create mode 100644 new-infra/charts/app/charts/backend/templates/service.yaml create mode 100644 new-infra/charts/app/charts/backend/values.yaml create mode 100644 new-infra/charts/app/charts/frontend/Chart.yaml create mode 100644 new-infra/charts/app/charts/frontend/templates/deployment.yaml create mode 100644 new-infra/charts/app/charts/frontend/templates/ingress.yaml create mode 100644 new-infra/charts/app/charts/frontend/templates/service.yaml create mode 100644 new-infra/charts/app/charts/frontend/values.yaml create mode 100644 new-infra/charts/app/templates/ingress.yaml create mode 100644 new-infra/charts/app/templates/service.yaml create mode 100644 new-infra/charts/app/values.yaml create mode 100644 new-infra/init.sh diff --git a/new-infra/charts/.helmignore b/new-infra/charts/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/new-infra/charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/new-infra/charts/app/Chart.yaml b/new-infra/charts/app/Chart.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/new-infra/charts/app/charts/backend/Chart.yaml b/new-infra/charts/app/charts/backend/Chart.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/new-infra/charts/app/charts/backend/templates/deployment.yaml b/new-infra/charts/app/charts/backend/templates/deployment.yaml new file mode 100644 index 000000000..ea1094762 --- /dev/null +++ b/new-infra/charts/app/charts/backend/templates/deployment.yaml @@ -0,0 +1,20 @@ +# from: service + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "{ { .Chart.Name } }-backend" + name: "{ { .Chart.Name } }-backend" + namespace: { { .Release.Namespace } } +spec: + replicas: { { .Values.replicaCount } } + selector: + matchLabels: + component: "{ { .Chart.Name } }-backend" + template: + metadata: + labels: + component: "{ { .Chart.Name } }-backend" + spec: + containers: diff --git a/new-infra/charts/app/charts/backend/templates/ingress.yaml b/new-infra/charts/app/charts/backend/templates/ingress.yaml new file mode 100644 index 000000000..19c801c61 --- /dev/null +++ b/new-infra/charts/app/charts/backend/templates/ingress.yaml @@ -0,0 +1 @@ +{ { include "app.ingress" } } diff --git a/new-infra/charts/app/charts/backend/templates/service.yaml b/new-infra/charts/app/charts/backend/templates/service.yaml new file mode 100644 index 000000000..49ed238e1 --- /dev/null +++ b/new-infra/charts/app/charts/backend/templates/service.yaml @@ -0,0 +1 @@ +{ { include "app.service" } } diff --git a/new-infra/charts/app/charts/backend/values.yaml b/new-infra/charts/app/charts/backend/values.yaml new file mode 100644 index 000000000..5ef7832ca --- /dev/null +++ b/new-infra/charts/app/charts/backend/values.yaml @@ -0,0 +1 @@ +replicaCount: 2 diff --git a/new-infra/charts/app/charts/frontend/Chart.yaml b/new-infra/charts/app/charts/frontend/Chart.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/new-infra/charts/app/charts/frontend/templates/deployment.yaml b/new-infra/charts/app/charts/frontend/templates/deployment.yaml new file mode 100644 index 000000000..c1bc9cb3e --- /dev/null +++ b/new-infra/charts/app/charts/frontend/templates/deployment.yaml @@ -0,0 +1,20 @@ +# from: service + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "{ { .Chart.Name } }-frontend" + name: "{ { .Chart.Name } }-frontend" + namespace: { { .Release.Namespace } } +spec: + replicas: { { .Values.replicaCount } } + selector: + matchLabels: + component: "{ { .Chart.Name } }-frontend" + template: + metadata: + labels: + component: "{ { .Chart.Name } }-frontend" + spec: + containers: diff --git a/new-infra/charts/app/charts/frontend/templates/ingress.yaml b/new-infra/charts/app/charts/frontend/templates/ingress.yaml new file mode 100644 index 000000000..19c801c61 --- /dev/null +++ b/new-infra/charts/app/charts/frontend/templates/ingress.yaml @@ -0,0 +1 @@ +{ { include "app.ingress" } } diff --git a/new-infra/charts/app/charts/frontend/templates/service.yaml b/new-infra/charts/app/charts/frontend/templates/service.yaml new file mode 100644 index 000000000..49ed238e1 --- /dev/null +++ b/new-infra/charts/app/charts/frontend/templates/service.yaml @@ -0,0 +1 @@ +{ { include "app.service" } } diff --git a/new-infra/charts/app/charts/frontend/values.yaml b/new-infra/charts/app/charts/frontend/values.yaml new file mode 100644 index 000000000..ebf6be86b --- /dev/null +++ b/new-infra/charts/app/charts/frontend/values.yaml @@ -0,0 +1 @@ +replicaCount: 1 diff --git a/new-infra/charts/app/templates/ingress.yaml b/new-infra/charts/app/templates/ingress.yaml new file mode 100644 index 000000000..27908ee3d --- /dev/null +++ b/new-infra/charts/app/templates/ingress.yaml @@ -0,0 +1,31 @@ +# from: ingress-controller +# to: service + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: "{ { .Chart.Name } }-ingress" + annotations: |- + {{- if .Values.ingress.annotations }} + {{ toYaml .Values.ingress.annotations | indent 4 }} + {{- end }} +spec: + tls: + - hosts: |- + {{ for $host := .Values.ingress.hosts }} + - {{ $host }} + {{- end }} + secretName: bt-tls + rules: |- + {{ for $host, $path, $name, $port := .Values.ingress.rules }} + - host: {{ $host }} + http: + paths: + - path: {{ $path }} + pathType: Prefix + backend: + service: + name: {{ $name }} + port: + number: {{ $port }} + {{- end }} diff --git a/new-infra/charts/app/templates/service.yaml b/new-infra/charts/app/templates/service.yaml new file mode 100644 index 000000000..3c729484c --- /dev/null +++ b/new-infra/charts/app/templates/service.yaml @@ -0,0 +1,14 @@ +# from: ingress +# to: deployment + +apiVersion: v1 +kind: Service +metadata: + name: "{ { .Chart.Name } }-service" + namespace: { { .Release.Namespace } } +spec: + ports: + - name: http + port: { { .Values.service.port } } + targetPort: { { .Values.service.targetPort } } + protocol: TCP diff --git a/new-infra/charts/app/values.yaml b/new-infra/charts/app/values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/new-infra/init.sh b/new-infra/init.sh new file mode 100644 index 000000000..e69de29bb From cead6a44ba9f2eaf7ed9750f451b8575d15d2b81 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Wed, 6 Dec 2023 22:57:06 -0800 Subject: [PATCH 02/78] refactor: flatten charts file directory --- docs | 1 - new-infra/{charts => }/app/Chart.yaml | 0 .../templates/_ingress.tpl} | 18 ++++++----- new-infra/app/templates/_service.tpl | 16 ++++++++++ new-infra/app/templates/backend.yaml | 30 +++++++++++++++++++ new-infra/app/templates/frontend.yaml | 30 +++++++++++++++++++ new-infra/app/values.yaml | 19 ++++++++++++ new-infra/charts/.helmignore | 23 -------------- .../charts/app/charts/backend/Chart.yaml | 0 .../charts/backend/templates/deployment.yaml | 20 ------------- .../app/charts/backend/templates/ingress.yaml | 1 - .../app/charts/backend/templates/service.yaml | 1 - .../charts/app/charts/backend/values.yaml | 1 - .../charts/app/charts/frontend/Chart.yaml | 0 .../charts/frontend/templates/deployment.yaml | 20 ------------- .../charts/frontend/templates/ingress.yaml | 1 - .../charts/frontend/templates/service.yaml | 1 - .../charts/app/charts/frontend/values.yaml | 1 - new-infra/charts/app/templates/service.yaml | 14 --------- new-infra/charts/app/values.yaml | 0 20 files changed, 105 insertions(+), 92 deletions(-) delete mode 160000 docs rename new-infra/{charts => }/app/Chart.yaml (100%) rename new-infra/{charts/app/templates/ingress.yaml => app/templates/_ingress.tpl} (56%) create mode 100644 new-infra/app/templates/_service.tpl create mode 100644 new-infra/app/templates/backend.yaml create mode 100644 new-infra/app/templates/frontend.yaml create mode 100644 new-infra/app/values.yaml delete mode 100644 new-infra/charts/.helmignore delete mode 100644 new-infra/charts/app/charts/backend/Chart.yaml delete mode 100644 new-infra/charts/app/charts/backend/templates/deployment.yaml delete mode 100644 new-infra/charts/app/charts/backend/templates/ingress.yaml delete mode 100644 new-infra/charts/app/charts/backend/templates/service.yaml delete mode 100644 new-infra/charts/app/charts/backend/values.yaml delete mode 100644 new-infra/charts/app/charts/frontend/Chart.yaml delete mode 100644 new-infra/charts/app/charts/frontend/templates/deployment.yaml delete mode 100644 new-infra/charts/app/charts/frontend/templates/ingress.yaml delete mode 100644 new-infra/charts/app/charts/frontend/templates/service.yaml delete mode 100644 new-infra/charts/app/charts/frontend/values.yaml delete mode 100644 new-infra/charts/app/templates/service.yaml delete mode 100644 new-infra/charts/app/values.yaml diff --git a/docs b/docs deleted file mode 160000 index f4e81d871..000000000 --- a/docs +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f4e81d8715be06657d68630405469bc34a7a6219 diff --git a/new-infra/charts/app/Chart.yaml b/new-infra/app/Chart.yaml similarity index 100% rename from new-infra/charts/app/Chart.yaml rename to new-infra/app/Chart.yaml diff --git a/new-infra/charts/app/templates/ingress.yaml b/new-infra/app/templates/_ingress.tpl similarity index 56% rename from new-infra/charts/app/templates/ingress.yaml rename to new-infra/app/templates/_ingress.tpl index 27908ee3d..b5c17c41a 100644 --- a/new-infra/charts/app/templates/ingress.yaml +++ b/new-infra/app/templates/_ingress.tpl @@ -1,23 +1,24 @@ # from: ingress-controller # to: service +{{- define "app.ingress" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: "{ { .Chart.Name } }-ingress" - annotations: |- - {{- if .Values.ingress.annotations }} - {{ toYaml .Values.ingress.annotations | indent 4 }} + name: {{ .Chart.Name }}-ingress + annotations: + {{- if .Values.XXXXend.ingress.annotations }} + {{ toYaml .Values.XXXXend.ingress.annotations | indent 4 }} {{- end }} spec: tls: - - hosts: |- - {{ for $host := .Values.ingress.hosts }} + - hosts: + {{ for $host := .Values.XXXXend.ingress.hosts }} - {{ $host }} {{- end }} secretName: bt-tls - rules: |- - {{ for $host, $path, $name, $port := .Values.ingress.rules }} + rules: + {{ for $host, $path, $name, $port := .Values.XXXXend.ingress.rules }} - host: {{ $host }} http: paths: @@ -29,3 +30,4 @@ spec: port: number: {{ $port }} {{- end }} +{{- end -}} diff --git a/new-infra/app/templates/_service.tpl b/new-infra/app/templates/_service.tpl new file mode 100644 index 000000000..ecef622d6 --- /dev/null +++ b/new-infra/app/templates/_service.tpl @@ -0,0 +1,16 @@ +# from: ingress +# to: deployment + +{{- define "app.service" -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http + port: {{ .Values.XXXXend.service.port }} + targetPort: {{ .Values.XXXXend.service.targetPort }} + protocol: TCP +{{- end -}} diff --git a/new-infra/app/templates/backend.yaml b/new-infra/app/templates/backend.yaml new file mode 100644 index 000000000..b9fbabbc0 --- /dev/null +++ b/new-infra/app/templates/backend.yaml @@ -0,0 +1,30 @@ +# from: service + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: {{ .Chart.Name }}-backend + name: {{ .Chart.Name }}-backend + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.backend.replicas }} + selector: + matchLabels: + component: {{ .Chart.Name }}-backend + template: + metadata: + labels: + component: {{ .Chart.Name }}-backend + spec: + containers: +--- +# to: deployment +# from: ingress + +{{ include "app.service" | replace "XXXXend" "backend" }} +--- +# to: service +# from: ingress-controller + +{{ include "app.ingress" | replace "XXXXend" "backend" }} diff --git a/new-infra/app/templates/frontend.yaml b/new-infra/app/templates/frontend.yaml new file mode 100644 index 000000000..038af598c --- /dev/null +++ b/new-infra/app/templates/frontend.yaml @@ -0,0 +1,30 @@ +# from: service + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: {{ .Chart.Name }}-frontend + name: {{ .Chart.Name }}-frontend + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.frontend.replicas }} + selector: + matchLabels: + component: {{ .Chart.Name }}-frontend + template: + metadata: + labels: + component: {{ .Chart.Name }}-frontend + spec: + containers: +--- +# to: deployment +# from: ingress + +{{ include "app.service" | replace "XXXXend" "frontend" }} +--- +# to: service +# from: ingress-controller + +{{ include "app.ingress" | replace "XXXXend" "frontend" }} diff --git a/new-infra/app/values.yaml b/new-infra/app/values.yaml new file mode 100644 index 000000000..f768de08b --- /dev/null +++ b/new-infra/app/values.yaml @@ -0,0 +1,19 @@ +frontend: + replicas: 1 + service: + port: + targetPort: + ingress: + annotations: + hosts: + rules: + +backend: + replicas: 2 + service: + port: + targetPort: + ingress: + annotations: + hosts: + rules: diff --git a/new-infra/charts/.helmignore b/new-infra/charts/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/new-infra/charts/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/new-infra/charts/app/charts/backend/Chart.yaml b/new-infra/charts/app/charts/backend/Chart.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/new-infra/charts/app/charts/backend/templates/deployment.yaml b/new-infra/charts/app/charts/backend/templates/deployment.yaml deleted file mode 100644 index ea1094762..000000000 --- a/new-infra/charts/app/charts/backend/templates/deployment.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# from: service - -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: "{ { .Chart.Name } }-backend" - name: "{ { .Chart.Name } }-backend" - namespace: { { .Release.Namespace } } -spec: - replicas: { { .Values.replicaCount } } - selector: - matchLabels: - component: "{ { .Chart.Name } }-backend" - template: - metadata: - labels: - component: "{ { .Chart.Name } }-backend" - spec: - containers: diff --git a/new-infra/charts/app/charts/backend/templates/ingress.yaml b/new-infra/charts/app/charts/backend/templates/ingress.yaml deleted file mode 100644 index 19c801c61..000000000 --- a/new-infra/charts/app/charts/backend/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{ { include "app.ingress" } } diff --git a/new-infra/charts/app/charts/backend/templates/service.yaml b/new-infra/charts/app/charts/backend/templates/service.yaml deleted file mode 100644 index 49ed238e1..000000000 --- a/new-infra/charts/app/charts/backend/templates/service.yaml +++ /dev/null @@ -1 +0,0 @@ -{ { include "app.service" } } diff --git a/new-infra/charts/app/charts/backend/values.yaml b/new-infra/charts/app/charts/backend/values.yaml deleted file mode 100644 index 5ef7832ca..000000000 --- a/new-infra/charts/app/charts/backend/values.yaml +++ /dev/null @@ -1 +0,0 @@ -replicaCount: 2 diff --git a/new-infra/charts/app/charts/frontend/Chart.yaml b/new-infra/charts/app/charts/frontend/Chart.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/new-infra/charts/app/charts/frontend/templates/deployment.yaml b/new-infra/charts/app/charts/frontend/templates/deployment.yaml deleted file mode 100644 index c1bc9cb3e..000000000 --- a/new-infra/charts/app/charts/frontend/templates/deployment.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# from: service - -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: "{ { .Chart.Name } }-frontend" - name: "{ { .Chart.Name } }-frontend" - namespace: { { .Release.Namespace } } -spec: - replicas: { { .Values.replicaCount } } - selector: - matchLabels: - component: "{ { .Chart.Name } }-frontend" - template: - metadata: - labels: - component: "{ { .Chart.Name } }-frontend" - spec: - containers: diff --git a/new-infra/charts/app/charts/frontend/templates/ingress.yaml b/new-infra/charts/app/charts/frontend/templates/ingress.yaml deleted file mode 100644 index 19c801c61..000000000 --- a/new-infra/charts/app/charts/frontend/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{ { include "app.ingress" } } diff --git a/new-infra/charts/app/charts/frontend/templates/service.yaml b/new-infra/charts/app/charts/frontend/templates/service.yaml deleted file mode 100644 index 49ed238e1..000000000 --- a/new-infra/charts/app/charts/frontend/templates/service.yaml +++ /dev/null @@ -1 +0,0 @@ -{ { include "app.service" } } diff --git a/new-infra/charts/app/charts/frontend/values.yaml b/new-infra/charts/app/charts/frontend/values.yaml deleted file mode 100644 index ebf6be86b..000000000 --- a/new-infra/charts/app/charts/frontend/values.yaml +++ /dev/null @@ -1 +0,0 @@ -replicaCount: 1 diff --git a/new-infra/charts/app/templates/service.yaml b/new-infra/charts/app/templates/service.yaml deleted file mode 100644 index 3c729484c..000000000 --- a/new-infra/charts/app/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# from: ingress -# to: deployment - -apiVersion: v1 -kind: Service -metadata: - name: "{ { .Chart.Name } }-service" - namespace: { { .Release.Namespace } } -spec: - ports: - - name: http - port: { { .Values.service.port } } - targetPort: { { .Values.service.targetPort } } - protocol: TCP diff --git a/new-infra/charts/app/values.yaml b/new-infra/charts/app/values.yaml deleted file mode 100644 index e69de29bb..000000000 From 391c1416edae171e8c83a030002cfa465ac6570c Mon Sep 17 00:00:00 2001 From: maxmwang Date: Thu, 25 Jan 2024 02:49:04 -0800 Subject: [PATCH 03/78] pull images from docker registry, running on local kube engine --- new-infra/app/Chart.yaml | 3 ++ new-infra/app/templates/_ingress.tpl | 33 ------------- new-infra/app/templates/_service.tpl | 16 ------- new-infra/app/templates/backend.yaml | 68 ++++++++++++++++++++++++--- new-infra/app/templates/frontend.yaml | 31 +++++++++++- new-infra/app/values.yaml | 14 ++++-- 6 files changed, 104 insertions(+), 61 deletions(-) delete mode 100644 new-infra/app/templates/_ingress.tpl delete mode 100644 new-infra/app/templates/_service.tpl diff --git a/new-infra/app/Chart.yaml b/new-infra/app/Chart.yaml index e69de29bb..89dd5f88b 100644 --- a/new-infra/app/Chart.yaml +++ b/new-infra/app/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +name: bt +version: 0.0.1 diff --git a/new-infra/app/templates/_ingress.tpl b/new-infra/app/templates/_ingress.tpl deleted file mode 100644 index b5c17c41a..000000000 --- a/new-infra/app/templates/_ingress.tpl +++ /dev/null @@ -1,33 +0,0 @@ -# from: ingress-controller -# to: service - -{{- define "app.ingress" -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Chart.Name }}-ingress - annotations: - {{- if .Values.XXXXend.ingress.annotations }} - {{ toYaml .Values.XXXXend.ingress.annotations | indent 4 }} - {{- end }} -spec: - tls: - - hosts: - {{ for $host := .Values.XXXXend.ingress.hosts }} - - {{ $host }} - {{- end }} - secretName: bt-tls - rules: - {{ for $host, $path, $name, $port := .Values.XXXXend.ingress.rules }} - - host: {{ $host }} - http: - paths: - - path: {{ $path }} - pathType: Prefix - backend: - service: - name: {{ $name }} - port: - number: {{ $port }} - {{- end }} -{{- end -}} diff --git a/new-infra/app/templates/_service.tpl b/new-infra/app/templates/_service.tpl deleted file mode 100644 index ecef622d6..000000000 --- a/new-infra/app/templates/_service.tpl +++ /dev/null @@ -1,16 +0,0 @@ -# from: ingress -# to: deployment - -{{- define "app.service" -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }}-service - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: http - port: {{ .Values.XXXXend.service.port }} - targetPort: {{ .Values.XXXXend.service.targetPort }} - protocol: TCP -{{- end -}} diff --git a/new-infra/app/templates/backend.yaml b/new-infra/app/templates/backend.yaml index b9fbabbc0..f5775e344 100644 --- a/new-infra/app/templates/backend.yaml +++ b/new-infra/app/templates/backend.yaml @@ -4,27 +4,83 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - component: {{ .Chart.Name }}-backend - name: {{ .Chart.Name }}-backend + component: {{ .Chart.Name }}-backend-deployment + name: {{ .Chart.Name }}-backend-deployment namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.backend.replicas }} selector: matchLabels: - component: {{ .Chart.Name }}-backend + component: {{ .Chart.Name }}-backend-deployment template: metadata: labels: - component: {{ .Chart.Name }}-backend + component: {{ .Chart.Name }}-backend-deployment spec: containers: + - name: {{ .Chart.Name }}-backend-container + image: {{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} + command: ["npm", "run", "start"] + ports: + - containerPort: {{ .Values.backend.port }} + env: + - name: PORT + value: "5001" + - name: URL + value: "http://localhost:5001" + - name: BACKEND_PATH + value: "/api" + - name: GRAPHQL_PATH + value: "/graphql" + - name: NODE_ENV + value: "development" + - name: MONGODB_URI + value: "mongodb://mongodb:27017/bt" + - name: REDIS_URI + value: "redis://redis:6379" + - name: SIS_CLASS_APP_ID + value: "_" + - name: SIS_CLASS_APP_KEY + value: "_" + - name: SIS_COURSE_APP_ID + value: "_" + - name: SIS_COURSE_APP_KEY + value: "_" + - name: GOOGLE_CLIENT_ID + value: "_" + - name: GOOGLE_CLIENT_SECRET + value: "_" + - name: SESSION_SECRET + value: "_" --- # to: deployment # from: ingress -{{ include "app.service" | replace "XXXXend" "backend" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-backend-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http + port: {{ .Values.backend.service.port }} + targetPort: {{ .Values.backend.port }} + protocol: TCP --- # to: service # from: ingress-controller -{{ include "app.ingress" | replace "XXXXend" "backend" }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Chart.Name }}-backend-ingress + namespace: {{ .Release.Namespace }} + annotations: + {{/* TODO: add annotations */}} +spec: + defaultBackend: + service: + name: {{ .Chart.Name }}-backend-service + port: + number: {{ .Values.backend.service.port }} diff --git a/new-infra/app/templates/frontend.yaml b/new-infra/app/templates/frontend.yaml index 038af598c..25464151a 100644 --- a/new-infra/app/templates/frontend.yaml +++ b/new-infra/app/templates/frontend.yaml @@ -18,13 +18,40 @@ spec: component: {{ .Chart.Name }}-frontend spec: containers: + - name: {{ .Chart.Name }}-frontend-container + image: {{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }} + command: ["npm", "run", "prod"] + ports: + - containerPort: {{ .Values.frontend.port }} --- # to: deployment # from: ingress -{{ include "app.service" | replace "XXXXend" "frontend" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-frontend-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http + port: {{ .Values.frontend.service.port }} + targetPort: {{ .Values.frontend.port }} + protocol: TCP --- # to: service # from: ingress-controller -{{ include "app.ingress" | replace "XXXXend" "frontend" }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Chart.Name }}-frontend-ingress + namespace: {{ .Release.Namespace }} + annotations: + {{/* TODO: add annotations */}} +spec: + defaultBackend: + service: + name: {{ .Chart.Name }}-frontend-service + port: + number: {{ .Values.frontend.service.port }} diff --git a/new-infra/app/values.yaml b/new-infra/app/values.yaml index f768de08b..5fb4b5f68 100644 --- a/new-infra/app/values.yaml +++ b/new-infra/app/values.yaml @@ -1,18 +1,24 @@ frontend: + port: 3000 replicas: 1 + image: + repository: docker.io/maxmwang/bt-new-infra-frontend + tag: latest service: - port: - targetPort: + port: 3000 ingress: annotations: hosts: rules: backend: + port: 5000 replicas: 2 + image: + repository: docker.io/maxmwang/bt-new-infra-backend + tag: latest service: - port: - targetPort: + port: 5000 ingress: annotations: hosts: From 89b5eca74395f3a8ad1d54e768907f4dac3d3e4f Mon Sep 17 00:00:00 2001 From: maxmwang Date: Fri, 26 Jan 2024 23:59:54 -0800 Subject: [PATCH 04/78] feat: nginx-controller routing to frontend --- new-infra/app/templates/backend.yaml | 18 +++++++++++++----- new-infra/app/templates/frontend.yaml | 26 +++++++++++++++++--------- new-infra/init.sh | 16 ++++++++++++++++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/new-infra/app/templates/backend.yaml b/new-infra/app/templates/backend.yaml index f5775e344..cb20aa994 100644 --- a/new-infra/app/templates/backend.yaml +++ b/new-infra/app/templates/backend.yaml @@ -62,6 +62,8 @@ metadata: name: {{ .Chart.Name }}-backend-service namespace: {{ .Release.Namespace }} spec: + selector: + component: {{ .Chart.Name }}-backend-deployment ports: - name: http port: {{ .Values.backend.service.port }} @@ -79,8 +81,14 @@ metadata: annotations: {{/* TODO: add annotations */}} spec: - defaultBackend: - service: - name: {{ .Chart.Name }}-backend-service - port: - number: {{ .Values.backend.service.port }} + ingressClassName: nginx + rules: + - http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: {{ .Chart.Name }}-backend-service + port: + number: {{ .Values.backend.service.port }} diff --git a/new-infra/app/templates/frontend.yaml b/new-infra/app/templates/frontend.yaml index 25464151a..d6cc09483 100644 --- a/new-infra/app/templates/frontend.yaml +++ b/new-infra/app/templates/frontend.yaml @@ -4,18 +4,18 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - component: {{ .Chart.Name }}-frontend - name: {{ .Chart.Name }}-frontend + component: {{ .Chart.Name }}-frontend-deployment + name: {{ .Chart.Name }}-frontend-deployment namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.frontend.replicas }} selector: matchLabels: - component: {{ .Chart.Name }}-frontend + component: {{ .Chart.Name }}-frontend-deployment template: metadata: labels: - component: {{ .Chart.Name }}-frontend + component: {{ .Chart.Name }}-frontend-deployment spec: containers: - name: {{ .Chart.Name }}-frontend-container @@ -33,6 +33,8 @@ metadata: name: {{ .Chart.Name }}-frontend-service namespace: {{ .Release.Namespace }} spec: + selector: + component: {{ .Chart.Name }}-frontend-deployment ports: - name: http port: {{ .Values.frontend.service.port }} @@ -50,8 +52,14 @@ metadata: annotations: {{/* TODO: add annotations */}} spec: - defaultBackend: - service: - name: {{ .Chart.Name }}-frontend-service - port: - number: {{ .Values.frontend.service.port }} + ingressClassName: nginx + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Chart.Name }}-frontend-service + port: + number: {{ .Values.frontend.service.port }} diff --git a/new-infra/init.sh b/new-infra/init.sh index e69de29bb..b7d94a0d5 100644 --- a/new-infra/init.sh +++ b/new-infra/init.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +# install ingress-nginx with helm +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace + +# install app with helm. run in /new-infra +helm install app \ + --name-template=bt \ + --namespace=bt --create-namespace \ + +# uninstall app with helm on config changes. run in /new-infra +helm uninstall app \ + --namespace=bt + From e9badde7aca66e528bcaaefbacf7d7385ed44ff0 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 27 Jan 2024 00:38:06 -0800 Subject: [PATCH 05/78] refactor: rename directory --- new-infra/{app => bt}/Chart.yaml | 0 new-infra/{app => bt}/templates/backend.yaml | 2 ++ new-infra/{app => bt}/templates/frontend.yaml | 2 ++ new-infra/{app => bt}/values.yaml | 0 4 files changed, 4 insertions(+) rename new-infra/{app => bt}/Chart.yaml (100%) rename new-infra/{app => bt}/templates/backend.yaml (98%) rename new-infra/{app => bt}/templates/frontend.yaml (97%) rename new-infra/{app => bt}/values.yaml (100%) diff --git a/new-infra/app/Chart.yaml b/new-infra/bt/Chart.yaml similarity index 100% rename from new-infra/app/Chart.yaml rename to new-infra/bt/Chart.yaml diff --git a/new-infra/app/templates/backend.yaml b/new-infra/bt/templates/backend.yaml similarity index 98% rename from new-infra/app/templates/backend.yaml rename to new-infra/bt/templates/backend.yaml index cb20aa994..7f28498ae 100644 --- a/new-infra/app/templates/backend.yaml +++ b/new-infra/bt/templates/backend.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: + # deployment labels component: {{ .Chart.Name }}-backend-deployment name: {{ .Chart.Name }}-backend-deployment namespace: {{ .Release.Namespace }} @@ -15,6 +16,7 @@ spec: template: metadata: labels: + # pod labels component: {{ .Chart.Name }}-backend-deployment spec: containers: diff --git a/new-infra/app/templates/frontend.yaml b/new-infra/bt/templates/frontend.yaml similarity index 97% rename from new-infra/app/templates/frontend.yaml rename to new-infra/bt/templates/frontend.yaml index d6cc09483..239fd56b0 100644 --- a/new-infra/app/templates/frontend.yaml +++ b/new-infra/bt/templates/frontend.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: + # deployment labels component: {{ .Chart.Name }}-frontend-deployment name: {{ .Chart.Name }}-frontend-deployment namespace: {{ .Release.Namespace }} @@ -15,6 +16,7 @@ spec: template: metadata: labels: + # pod labels component: {{ .Chart.Name }}-frontend-deployment spec: containers: diff --git a/new-infra/app/values.yaml b/new-infra/bt/values.yaml similarity index 100% rename from new-infra/app/values.yaml rename to new-infra/bt/values.yaml From c1fb7db457f70844ed36b262ce9507ec2444eca8 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 27 Jan 2024 01:27:07 -0800 Subject: [PATCH 06/78] feat: mongodb --- new-infra/bt/templates/backend.yaml | 1 + new-infra/bt/templates/frontend.yaml | 1 + new-infra/init.sh | 14 +++++++++----- new-infra/mongodb/values.yaml | 3 +++ 4 files changed, 14 insertions(+), 5 deletions(-) create mode 100644 new-infra/mongodb/values.yaml diff --git a/new-infra/bt/templates/backend.yaml b/new-infra/bt/templates/backend.yaml index 7f28498ae..d9e3ff09f 100644 --- a/new-infra/bt/templates/backend.yaml +++ b/new-infra/bt/templates/backend.yaml @@ -64,6 +64,7 @@ metadata: name: {{ .Chart.Name }}-backend-service namespace: {{ .Release.Namespace }} spec: + type: ClusterIP selector: component: {{ .Chart.Name }}-backend-deployment ports: diff --git a/new-infra/bt/templates/frontend.yaml b/new-infra/bt/templates/frontend.yaml index 239fd56b0..b2d18bf60 100644 --- a/new-infra/bt/templates/frontend.yaml +++ b/new-infra/bt/templates/frontend.yaml @@ -35,6 +35,7 @@ metadata: name: {{ .Chart.Name }}-frontend-service namespace: {{ .Release.Namespace }} spec: + type: ClusterIP selector: component: {{ .Chart.Name }}-frontend-deployment ports: diff --git a/new-infra/init.sh b/new-infra/init.sh index b7d94a0d5..b21539894 100644 --- a/new-infra/init.sh +++ b/new-infra/init.sh @@ -3,14 +3,18 @@ # install ingress-nginx with helm helm upgrade --install ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx --create-namespace + --namespace ingress-nginx --create-namespace # using namespace=bt-base requires changing chart values (through --set or --values) # install app with helm. run in /new-infra -helm install app \ +helm install bt \ --name-template=bt \ - --namespace=bt --create-namespace \ + --namespace=bt --create-namespace # namespace=bt-{env} # uninstall app with helm on config changes. run in /new-infra -helm uninstall app \ - --namespace=bt +helm uninstall bt \ + --namespace=bt # namespace=bt-{env} +# install mongodb with helm +helm upgrade --install mongodb oci://registry-1.docker.io/bitnamicharts/mongodb \ + --namespace=bt --create-namespace \ # namespace=bt-{env} + --values=./mongodb/values.yaml diff --git a/new-infra/mongodb/values.yaml b/new-infra/mongodb/values.yaml new file mode 100644 index 000000000..b394bd9f9 --- /dev/null +++ b/new-infra/mongodb/values.yaml @@ -0,0 +1,3 @@ +# https://github.com/bitnami/charts/issues/7305 +auth: + databases: ["bt"] From 512ae28393745742c364c2ae8d5f150e231d93ed Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 27 Jan 2024 01:38:02 -0800 Subject: [PATCH 07/78] feat: redis --- new-infra/init.sh | 11 ++++++++--- new-infra/redis/values.yaml | 0 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 new-infra/redis/values.yaml diff --git a/new-infra/init.sh b/new-infra/init.sh index b21539894..2715824a4 100644 --- a/new-infra/init.sh +++ b/new-infra/init.sh @@ -8,13 +8,18 @@ helm upgrade --install ingress-nginx ingress-nginx \ # install app with helm. run in /new-infra helm install bt \ --name-template=bt \ - --namespace=bt --create-namespace # namespace=bt-{env} + --namespace=bt --create-namespace # uninstall app with helm on config changes. run in /new-infra helm uninstall bt \ - --namespace=bt # namespace=bt-{env} + --namespace=bt # install mongodb with helm helm upgrade --install mongodb oci://registry-1.docker.io/bitnamicharts/mongodb \ - --namespace=bt --create-namespace \ # namespace=bt-{env} + --namespace=bt --create-namespace \ --values=./mongodb/values.yaml + +# install redis with helm +helm upgrade --install redis oci://registry-1.docker.io/bitnamicharts/redis \ + --namespace=bt --create-namespace \ + --values=./redis/values.yaml diff --git a/new-infra/redis/values.yaml b/new-infra/redis/values.yaml new file mode 100644 index 000000000..e69de29bb From 7d8bab81aca19f27bf7707089936d5cf2d0191af Mon Sep 17 00:00:00 2001 From: maxmwang Date: Wed, 31 Jan 2024 23:18:45 -0800 Subject: [PATCH 08/78] refactor: move ingress-nginx to namespace bt-base --- new-infra/init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/new-infra/init.sh b/new-infra/init.sh index 2715824a4..1d37a7e82 100644 --- a/new-infra/init.sh +++ b/new-infra/init.sh @@ -3,7 +3,7 @@ # install ingress-nginx with helm helm upgrade --install ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx --create-namespace # using namespace=bt-base requires changing chart values (through --set or --values) + --namespace bt-base --create-namespace # using namespace=bt-base requires changing chart values (through --set or --values) # install app with helm. run in /new-infra helm install bt \ From 1cafac6e29ef98c9e9d6072b189b830fc4855c4b Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Sat, 10 Feb 2024 16:49:42 -0800 Subject: [PATCH 09/78] add mongodb install command in init.sh --- new-infra/init.sh | 16 +++++++++++++--- new-infra/mongo-PV-PVC.yaml | 25 +++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 new-infra/mongo-PV-PVC.yaml diff --git a/new-infra/init.sh b/new-infra/init.sh index 1d37a7e82..e49c22ccb 100644 --- a/new-infra/init.sh +++ b/new-infra/init.sh @@ -14,10 +14,20 @@ helm install bt \ helm uninstall bt \ --namespace=bt +# creates the PV and PVC +kubectl apply -f mongo-PV-PVC.yaml -n bt + +# delete PV +kubectl delete pv bt-mongodb-pv + +# delete PVC +kubectl delete pvc bt-mongodb-pv-claim -n bt + # install mongodb with helm -helm upgrade --install mongodb oci://registry-1.docker.io/bitnamicharts/mongodb \ - --namespace=bt --create-namespace \ - --values=./mongodb/values.yaml +helm install mongo \ + --set persistence.existingClaim=bt-mongodb-pv-claim,persistence.mountPath="./db" \ + --namespace=bt \ + oci://registry-1.docker.io/bitnamicharts/mongodb # install redis with helm helm upgrade --install redis oci://registry-1.docker.io/bitnamicharts/redis \ diff --git a/new-infra/mongo-PV-PVC.yaml b/new-infra/mongo-PV-PVC.yaml new file mode 100644 index 000000000..f21fa5c66 --- /dev/null +++ b/new-infra/mongo-PV-PVC.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: bt-mongodb-pv +spec: + storageClassName: manual + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/db" +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bt-mongodb-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: manual \ No newline at end of file From 11f9e34368c2ff7d1fd6adc85c15d39805f49674 Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Mon, 12 Feb 2024 02:14:17 -0800 Subject: [PATCH 10/78] add redis install command to init.sh --- new-infra/init.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/new-infra/init.sh b/new-infra/init.sh index e49c22ccb..77371cb2d 100644 --- a/new-infra/init.sh +++ b/new-infra/init.sh @@ -17,19 +17,20 @@ helm uninstall bt \ # creates the PV and PVC kubectl apply -f mongo-PV-PVC.yaml -n bt -# delete PV -kubectl delete pv bt-mongodb-pv - # delete PVC kubectl delete pvc bt-mongodb-pv-claim -n bt -# install mongodb with helm +# delete PV +kubectl delete pv bt-mongodb-pv + +# install mongodb with helm, replace CHARTNAME with the name of the chart helm install mongo \ - --set persistence.existingClaim=bt-mongodb-pv-claim,persistence.mountPath="./db" \ - --namespace=bt \ + --set nameOverride="db",persistence.existingClaim=bt-mongodb-pv-claim,persistence.mountPath="./db" \ + --namespace=bt --create-namespace \ oci://registry-1.docker.io/bitnamicharts/mongodb # install redis with helm -helm upgrade --install redis oci://registry-1.docker.io/bitnamicharts/redis \ +helm install redis \ + --set replica.replicaCount=0,master.persistence.enabled=false,replica.persistence.enabled=false \ --namespace=bt --create-namespace \ - --values=./redis/values.yaml + oci://registry-1.docker.io/bitnamicharts/redis \ No newline at end of file From 65784113cd9adf454cd8bd240a378def03fb886c Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Mon, 12 Feb 2024 02:14:47 -0800 Subject: [PATCH 11/78] modify backend env uri's to use redis and mongo pod services --- new-infra/bt/templates/backend.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/new-infra/bt/templates/backend.yaml b/new-infra/bt/templates/backend.yaml index d9e3ff09f..f11100529 100644 --- a/new-infra/bt/templates/backend.yaml +++ b/new-infra/bt/templates/backend.yaml @@ -37,9 +37,9 @@ spec: - name: NODE_ENV value: "development" - name: MONGODB_URI - value: "mongodb://mongodb:27017/bt" + value: "mongo-db.bt.svc.cluster.local:27017" - name: REDIS_URI - value: "redis://redis:6379" + value: "redis-master.bt.svc.cluster.local:6379" - name: SIS_CLASS_APP_ID value: "_" - name: SIS_CLASS_APP_KEY From 61a0fc228241e9da5464ab272d25523682136e06 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Fri, 16 Feb 2024 00:07:12 -0800 Subject: [PATCH 12/78] fix: mongodb and redis urls in backend --- new-infra/bt/templates/backend.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/new-infra/bt/templates/backend.yaml b/new-infra/bt/templates/backend.yaml index f11100529..ce91eef17 100644 --- a/new-infra/bt/templates/backend.yaml +++ b/new-infra/bt/templates/backend.yaml @@ -37,9 +37,9 @@ spec: - name: NODE_ENV value: "development" - name: MONGODB_URI - value: "mongo-db.bt.svc.cluster.local:27017" + value: "mongodb://mongo-db.bt.svc.cluster.local:27017" - name: REDIS_URI - value: "redis-master.bt.svc.cluster.local:6379" + value: "redis://redis-master.bt.svc.cluster.local:6379" - name: SIS_CLASS_APP_ID value: "_" - name: SIS_CLASS_APP_KEY From 2822cb9be8f434aaeebb3b3a9f513f7dfc05224d Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 17 Feb 2024 22:58:36 -0800 Subject: [PATCH 13/78] migrate to octoberkeleytime docker hub image repos --- new-infra/bt/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/new-infra/bt/values.yaml b/new-infra/bt/values.yaml index 5fb4b5f68..af3370619 100644 --- a/new-infra/bt/values.yaml +++ b/new-infra/bt/values.yaml @@ -2,7 +2,7 @@ frontend: port: 3000 replicas: 1 image: - repository: docker.io/maxmwang/bt-new-infra-frontend + repository: docker.io/octoberkeleytime/bt-frontend tag: latest service: port: 3000 @@ -15,7 +15,7 @@ backend: port: 5000 replicas: 2 image: - repository: docker.io/maxmwang/bt-new-infra-backend + repository: docker.io/octoberkeleytime/bt-backend tag: latest service: port: 5000 From ed0a05675599b6a02c32caf807531105da439a2e Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 17 Feb 2024 23:03:15 -0800 Subject: [PATCH 14/78] remove old infra, rename new-infra directory --- infra/new-infra/bt-0.0.1.tgz | Bin 0 -> 1222 bytes {new-infra => infra/new-infra}/bt/Chart.yaml | 0 .../new-infra}/bt/templates/backend.yaml | 0 .../new-infra}/bt/templates/frontend.yaml | 0 {new-infra => infra/new-infra}/bt/values.yaml | 0 {new-infra => infra/new-infra}/init.sh | 0 {new-infra => infra/new-infra}/mongo-PV-PVC.yaml | 0 .../new-infra}/mongodb/values.yaml | 0 {new-infra => infra/new-infra}/redis/values.yaml | 0 9 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 infra/new-infra/bt-0.0.1.tgz rename {new-infra => infra/new-infra}/bt/Chart.yaml (100%) rename {new-infra => infra/new-infra}/bt/templates/backend.yaml (100%) rename {new-infra => infra/new-infra}/bt/templates/frontend.yaml (100%) rename {new-infra => infra/new-infra}/bt/values.yaml (100%) rename {new-infra => infra/new-infra}/init.sh (100%) rename {new-infra => infra/new-infra}/mongo-PV-PVC.yaml (100%) rename {new-infra => infra/new-infra}/mongodb/values.yaml (100%) rename {new-infra => infra/new-infra}/redis/values.yaml (100%) diff --git a/infra/new-infra/bt-0.0.1.tgz b/infra/new-infra/bt-0.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6c95feebdab15fd15fc972240af2e4fefd7a86f9 GIT binary patch literal 1222 zcmV;%1UdU3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI&=Z{oNY?{hwd#k`IFBo5dA`mF;|2Mr4>&`PV-3Yo-(sEO^h z4Q*BN-B-Cb$t1(2w;3(xC6VplIX=hdx>QDQjfK)5vF}~H4M7NDr_~C-5W?aY!dCaf zY_&VhcDn(a<^?p(4s2ck_(u21(MBpPF5ru06_xu%2y^#_2A}NgERm*6AFPQgir%O z5bn7)mI#;{0IrW$BsddpFzG5L9uaVueMf}uGQ-CY{ynBEW2x$t+}B-tD{wvG9s(6! zA>d&}q|yM8L~LC<=9!c1(v=`mMmv~Nrm%7ujThETs`yuIJR*^%EwO!etj zG4sPTXrHFR2fqJO8H)HkRLY2TeeG1RC;r>8+bP6<%WQVe@&6w53ET?iqr{mtE!z-a z&ZV(6wL6zO2=oc}*rQLV(tM(@gB1?E*uzWW#s2&WIO(ByBV4zc&lx3DA@KAB^r+(; zVV{8AE{U-EGgJd0YDA7WEIGDg#FTghOA=zjWw6_6k`o){l0tCwCaQgj<0qQ|AP8`e z*ouirHy12@fZ(0tQ`OQ zcyu-He_32l2Nf)QMpvxvEcK<*<<{11ZzB~EdT1Ne=t8qw&U$L~2eThA7Q}I7-Nzxf zQs$jz_qTH1v%zf98(z+4i_6JmG3Zx_SR8`>X8m~re0)8fS*J^Xh952dYCOIgT8rLr zV2$QSOV6WcR&Q!m1y0rdt=Via9__`}>vioDPz+_Njg}O$xcABzvb2WH;xd=by!%pL zQW}q|GwP8O1bUI%4JO}}ljGBPCf6kv3$jUUCtj87;_DZ3p2A{9)PV_-3#OROJOt*w zNyhw%WeT4||xBPWs*Nq77z$hcD8_FwVsEr zG7;p~eaLKO#+ql!4IR&PxDRJ3^qImM0CeLoi8#oYKDv87(@QBg|0U!4D-VEs=D%j6 z(JIb=&35-Z|GfwO1oL0wb%zar)u&%H0j941nj>KOUEg{JESLI{Au#25*c6!Ba?co8 zICuCQ$OUs=G6trClREZJ9c60A4`?aNz2eB8GBw;$P33pyj=BF_U1e&ZU$d=zzn-$h ki?eiaQ(5UuA6*mAbfz<%>Ayh#1^@v6|66Zo1^^@g0A|HfrT_o{ literal 0 HcmV?d00001 diff --git a/new-infra/bt/Chart.yaml b/infra/new-infra/bt/Chart.yaml similarity index 100% rename from new-infra/bt/Chart.yaml rename to infra/new-infra/bt/Chart.yaml diff --git a/new-infra/bt/templates/backend.yaml b/infra/new-infra/bt/templates/backend.yaml similarity index 100% rename from new-infra/bt/templates/backend.yaml rename to infra/new-infra/bt/templates/backend.yaml diff --git a/new-infra/bt/templates/frontend.yaml b/infra/new-infra/bt/templates/frontend.yaml similarity index 100% rename from new-infra/bt/templates/frontend.yaml rename to infra/new-infra/bt/templates/frontend.yaml diff --git a/new-infra/bt/values.yaml b/infra/new-infra/bt/values.yaml similarity index 100% rename from new-infra/bt/values.yaml rename to infra/new-infra/bt/values.yaml diff --git a/new-infra/init.sh b/infra/new-infra/init.sh similarity index 100% rename from new-infra/init.sh rename to infra/new-infra/init.sh diff --git a/new-infra/mongo-PV-PVC.yaml b/infra/new-infra/mongo-PV-PVC.yaml similarity index 100% rename from new-infra/mongo-PV-PVC.yaml rename to infra/new-infra/mongo-PV-PVC.yaml diff --git a/new-infra/mongodb/values.yaml b/infra/new-infra/mongodb/values.yaml similarity index 100% rename from new-infra/mongodb/values.yaml rename to infra/new-infra/mongodb/values.yaml diff --git a/new-infra/redis/values.yaml b/infra/new-infra/redis/values.yaml similarity index 100% rename from new-infra/redis/values.yaml rename to infra/new-infra/redis/values.yaml From 3ee93503dfffedba82ce003236c14cb5fece7ebc Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 17 Feb 2024 23:07:12 -0800 Subject: [PATCH 15/78] remove old infra, rename new-infra directory (actually) --- infra/argocd/_notes.txt | 5 - infra/backup/index.js | 73 ---- infra/backup/package.json | 16 - infra/{new-infra => }/bt-0.0.1.tgz | Bin infra/{new-infra => }/bt/Chart.yaml | 0 .../{new-infra => }/bt/templates/backend.yaml | 0 .../bt/templates/frontend.yaml | 0 infra/{new-infra => }/bt/values.yaml | 0 infra/fail2ban-helper/index.js | 42 --- infra/fail2ban-helper/package.json | 13 - infra/github-notify/Dockerfile | 11 - infra/github-notify/package.json | 16 - infra/github-notify/server/index.js | 20 - infra/github-notify/server/routes/github.js | 94 ----- infra/gitlab-notify/Dockerfile | 11 - infra/gitlab-notify/package.json | 18 - infra/gitlab-notify/server/index.js | 15 - infra/gitlab-notify/server/routes/gitlab.js | 213 ----------- infra/gitlab-runner/Dockerfile | 10 - infra/helm/curator.yaml | 97 ----- infra/helm/elastalert.yaml | 65 ---- infra/helm/filebeat.yaml | 76 ---- infra/helm/gitlab-runner.yaml | 14 - infra/helm/ingress-nginx.yaml | 31 -- infra/helm/istio-base.yaml | 4 - infra/helm/istiod.yaml | 21 -- infra/helm/kibana.yaml | 110 ------ infra/helm/logstash.yaml | 54 --- infra/helm/metallb.yaml | 16 - infra/helm/metricbeat.yaml | 243 ------------ infra/helm/metrics-server.yaml | 6 - infra/helm/mongodb.yaml | 209 ----------- infra/helm/redis.yaml | 11 - infra/helm/rook.yaml | 9 - infra/init.sh | 251 ++----------- infra/k8s/cert-manager/clusterissuer.yaml | 26 -- .../k8s/default/bt-backend-data-updater.yaml | 43 --- infra/k8s/default/bt-backend.yaml | 95 ----- infra/k8s/default/bt-elasticsearch.yaml | 215 ----------- infra/k8s/default/bt-frontend.yaml | 45 --- infra/k8s/default/bt-github-notify.yaml | 51 --- infra/k8s/default/bt-gitlab-notify.yaml | 49 --- infra/k8s/default/bt-gitlab.yaml | 353 ------------------ infra/k8s/default/bt-ingress-infra.yaml | 65 ---- infra/k8s/default/bt-ingress-primary.yaml | 94 ----- infra/k8s/default/bt-ingress-status.yaml | 27 -- infra/k8s/default/bt-ingress-tricycle.yaml | 49 --- infra/k8s/default/bt-psql.yaml | 148 -------- infra/k8s/default/certificate.yaml | 17 - infra/k8s/ingress-nginx/metallb.yaml | 55 --- infra/k8s/istio/envoy-filter.yaml | 28 -- infra/k8s/kube-system/fail2ban.yaml | 135 ------- infra/k8s/kube-system/liveness.yaml | 29 -- infra/k8s/rook/cluster.yaml | 105 ------ infra/k8s/rook/rbd.yaml | 45 --- infra/k8s/rook/utils.yaml | 130 ------- infra/{new-infra => }/mongo-PV-PVC.yaml | 0 infra/{new-infra => }/mongodb/values.yaml | 0 infra/new-infra/init.sh | 36 -- infra/{new-infra => }/redis/values.yaml | 0 infra/tricycle/index.js | 73 ---- infra/tricycle/package.json | 15 - 62 files changed, 36 insertions(+), 3666 deletions(-) delete mode 100644 infra/argocd/_notes.txt delete mode 100644 infra/backup/index.js delete mode 100644 infra/backup/package.json rename infra/{new-infra => }/bt-0.0.1.tgz (100%) rename infra/{new-infra => }/bt/Chart.yaml (100%) rename infra/{new-infra => }/bt/templates/backend.yaml (100%) rename infra/{new-infra => }/bt/templates/frontend.yaml (100%) rename infra/{new-infra => }/bt/values.yaml (100%) delete mode 100644 infra/fail2ban-helper/index.js delete mode 100644 infra/fail2ban-helper/package.json delete mode 100644 infra/github-notify/Dockerfile delete mode 100644 infra/github-notify/package.json delete mode 100644 infra/github-notify/server/index.js delete mode 100644 infra/github-notify/server/routes/github.js delete mode 100644 infra/gitlab-notify/Dockerfile delete mode 100644 infra/gitlab-notify/package.json delete mode 100644 infra/gitlab-notify/server/index.js delete mode 100644 infra/gitlab-notify/server/routes/gitlab.js delete mode 100644 infra/gitlab-runner/Dockerfile delete mode 100644 infra/helm/curator.yaml delete mode 100644 infra/helm/elastalert.yaml delete mode 100644 infra/helm/filebeat.yaml delete mode 100644 infra/helm/gitlab-runner.yaml delete mode 100644 infra/helm/ingress-nginx.yaml delete mode 100644 infra/helm/istio-base.yaml delete mode 100644 infra/helm/istiod.yaml delete mode 100644 infra/helm/kibana.yaml delete mode 100644 infra/helm/logstash.yaml delete mode 100644 infra/helm/metallb.yaml delete mode 100644 infra/helm/metricbeat.yaml delete mode 100644 infra/helm/metrics-server.yaml delete mode 100644 infra/helm/mongodb.yaml delete mode 100644 infra/helm/redis.yaml delete mode 100644 infra/helm/rook.yaml delete mode 100644 infra/k8s/cert-manager/clusterissuer.yaml delete mode 100644 infra/k8s/default/bt-backend-data-updater.yaml delete mode 100644 infra/k8s/default/bt-backend.yaml delete mode 100644 infra/k8s/default/bt-elasticsearch.yaml delete mode 100644 infra/k8s/default/bt-frontend.yaml delete mode 100644 infra/k8s/default/bt-github-notify.yaml delete mode 100644 infra/k8s/default/bt-gitlab-notify.yaml delete mode 100644 infra/k8s/default/bt-gitlab.yaml delete mode 100644 infra/k8s/default/bt-ingress-infra.yaml delete mode 100644 infra/k8s/default/bt-ingress-primary.yaml delete mode 100644 infra/k8s/default/bt-ingress-status.yaml delete mode 100644 infra/k8s/default/bt-ingress-tricycle.yaml delete mode 100644 infra/k8s/default/bt-psql.yaml delete mode 100644 infra/k8s/default/certificate.yaml delete mode 100644 infra/k8s/ingress-nginx/metallb.yaml delete mode 100644 infra/k8s/istio/envoy-filter.yaml delete mode 100644 infra/k8s/kube-system/fail2ban.yaml delete mode 100644 infra/k8s/kube-system/liveness.yaml delete mode 100644 infra/k8s/rook/cluster.yaml delete mode 100644 infra/k8s/rook/rbd.yaml delete mode 100644 infra/k8s/rook/utils.yaml rename infra/{new-infra => }/mongo-PV-PVC.yaml (100%) rename infra/{new-infra => }/mongodb/values.yaml (100%) delete mode 100644 infra/new-infra/init.sh rename infra/{new-infra => }/redis/values.yaml (100%) delete mode 100644 infra/tricycle/index.js delete mode 100644 infra/tricycle/package.json diff --git a/infra/argocd/_notes.txt b/infra/argocd/_notes.txt deleted file mode 100644 index e8b83b868..000000000 --- a/infra/argocd/_notes.txt +++ /dev/null @@ -1,5 +0,0 @@ -https://www.arthurkoziel.com/setting-up-argocd-with-helm/ -helm repo add argo https://argoproj.github.io/argo-helm -helm -n argocd install argocd argo/argo-cd --create-namespace -kubectl port-forward svc/argocd-server 8081:443 --address 0.0.0.0 # web app for ArgoCD on first-time setup, make accessible to external traffic -k get secret -o yaml argocd-initial-admin-secret diff --git a/infra/backup/index.js b/infra/backup/index.js deleted file mode 100644 index 1904b3da2..000000000 --- a/infra/backup/index.js +++ /dev/null @@ -1,73 +0,0 @@ -import moment from "moment"; -import { spawn } from "promisify-child-process"; - -/** - * TO-DO: Convert this from a regular cron to k8s Cronjob, but slightly tricky - * since it requires gcloud auth and rook-ceph-tools pod - */ - -const NUMBER_OF_BACKUPS_TO_STORE = 30; - -const tee = async (...args) => { - const child = spawn(...args, { - env: process.env, - encoding: "utf8", - shell: true, - stdio: "pipe", - // signal: null, - }); - child.stdin.pipe(process.stdin); - child.stdout.pipe(process.stdout); - child.stderr.pipe(process.stderr); - return child.catch((e) => e); -}; - -const upload = async (obj) => { - const { label, pvc } = obj; - const volumeName = JSON.parse( - (await tee(`kubectl get pvc/${pvc} -o json`)).stdout - ).spec.volumeName; - const volumeHandle = JSON.parse( - (await tee(`kubectl get pv/${volumeName} -o json`)).stdout - ) - .spec.csi.volumeHandle.split("-") - .splice(-5) - .join("-"); - const timestamp = moment(new Date()).format("YYYY-MM-DD_HH-mm-ss"); - const volumeSnapshotCompressed = `snapshot_${label}_${timestamp}.img.gz`; - await tee( - `kubectl -n rook exec deploy/rook-ceph-tools -- rbd export rook-cephrbd/csi-vol-${volumeHandle} - | gzip | gsutil cp - gs://berkeleytime-218606/${label}/${volumeSnapshotCompressed}` - ); - const backups = ( - await tee( - `gsutil ls -l gs://berkeleytime-218606/${label} | sort --key 2 --reverse` - ) - ).stdout - .trim() - .split("\n"); - const deletes = []; - for (const [index, line] of backups.entries()) { - if (index > NUMBER_OF_BACKUPS_TO_STORE) { - deletes.push(line.split(/\s+/).slice(-1)[0]); - } - } - if (deletes.length) { - await tee(`gsutil rm ${deletes.join(" ")}`); - } -}; -await upload({ - label: "bt-psql-prod", - pvc: "bt-psql-prod", -}); -await upload({ - label: "bt-psql-staging", - pvc: "bt-psql-staging", -}); -await upload({ - label: "bt-gitlab", - pvc: "bt-gitlab", -}); -await upload({ - label: "bt-elasticsearch", - pvc: "bt-elasticsearch", -}); diff --git a/infra/backup/package.json b/infra/backup/package.json deleted file mode 100644 index 3058e6ca8..000000000 --- a/infra/backup/package.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "backup", - "version": "1.0.0", - "description": "", - "type": "module", - "main": "index.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "author": "", - "license": "ISC", - "dependencies": { - "moment": "^2.29.1", - "promisify-child-process": "^4.1.1" - } -} diff --git a/infra/new-infra/bt-0.0.1.tgz b/infra/bt-0.0.1.tgz similarity index 100% rename from infra/new-infra/bt-0.0.1.tgz rename to infra/bt-0.0.1.tgz diff --git a/infra/new-infra/bt/Chart.yaml b/infra/bt/Chart.yaml similarity index 100% rename from infra/new-infra/bt/Chart.yaml rename to infra/bt/Chart.yaml diff --git a/infra/new-infra/bt/templates/backend.yaml b/infra/bt/templates/backend.yaml similarity index 100% rename from infra/new-infra/bt/templates/backend.yaml rename to infra/bt/templates/backend.yaml diff --git a/infra/new-infra/bt/templates/frontend.yaml b/infra/bt/templates/frontend.yaml similarity index 100% rename from infra/new-infra/bt/templates/frontend.yaml rename to infra/bt/templates/frontend.yaml diff --git a/infra/new-infra/bt/values.yaml b/infra/bt/values.yaml similarity index 100% rename from infra/new-infra/bt/values.yaml rename to infra/bt/values.yaml diff --git a/infra/fail2ban-helper/index.js b/infra/fail2ban-helper/index.js deleted file mode 100644 index 39139326b..000000000 --- a/infra/fail2ban-helper/index.js +++ /dev/null @@ -1,42 +0,0 @@ -// Currently only fail2ban on postgres logs. Redis still under consideration -import { appendFile, readdir, readFile, stat } from "fs/promises"; -import { setTimeout } from "timers/promises"; - -const LOGDIR = `/var/log/containers`; -while (true) { - let target = null; - try { - target = (await readFile(`${LOGDIR}/bt-psql-staging.log`)) - .toString() - .trim() - .split("\n"); - } catch (e) { - console.error(e); - } - const files = await readdir(LOGDIR); - const stats = []; - for (let file of files) { - if (/bt-psql-staging-.+_bt-psql-.+\.log/.test(file)) { - stats.push({ - filename: file, - stat: await stat(`${LOGDIR}/${file}`), - }); - } - } - stats.sort((a, b) => { - return a.stat.mtime.getTime() - b.stat.mtime.getTime(); - }); - for (let stat of stats) { - const contents = (await readFile(`${LOGDIR}/${stat.filename}`)) - .toString() - .trim() - .split("\n"); - for (let content of contents) { - if (!target || !target.includes(content)) { - await appendFile(`${LOGDIR}/bt-psql-staging.log`, `${content}\n`); - } - } - } - console.log(new Date()); - await setTimeout(10000); -} diff --git a/infra/fail2ban-helper/package.json b/infra/fail2ban-helper/package.json deleted file mode 100644 index cbc1ae040..000000000 --- a/infra/fail2ban-helper/package.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "name": "fail2ban-helper", - "version": "1.0.0", - "description": "", - "type": "module", - "main": "index.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "author": "", - "license": "ISC", - "dependencies": {} -} diff --git a/infra/github-notify/Dockerfile b/infra/github-notify/Dockerfile deleted file mode 100644 index cdc8f2e7f..000000000 --- a/infra/github-notify/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM ubuntu:20.04 -USER root -RUN apt update -RUN apt install -y curl -RUN curl -s https://deb.nodesource.com/setup_16.x | bash - -RUN apt update -RUN apt install -y nodejs -RUN mkdir /gitlab-notify -WORKDIR /gitlab-notify -COPY . /gitlab-notify -RUN npm install diff --git a/infra/github-notify/package.json b/infra/github-notify/package.json deleted file mode 100644 index 9812f60d8..000000000 --- a/infra/github-notify/package.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "github-notify", - "version": "1.0.0", - "description": "", - "type": "module", - "scripts": { - "start": "node server/index.js" - }, - "dependencies": { - "@kubernetes/client-node": "^0.13.0", - "axios": "^0.18.1", - "express": "^4.15.2" - }, - "author": "", - "license": "ISC" -} diff --git a/infra/github-notify/server/index.js b/infra/github-notify/server/index.js deleted file mode 100644 index 6cb3313d7..000000000 --- a/infra/github-notify/server/index.js +++ /dev/null @@ -1,20 +0,0 @@ -import fs from "fs/promises"; -await fs.writeFile( - process.env.KUBECONFIG, - Buffer.from(process.env.KUBERNETES_CREDENTIALS, "base64").toString() -); -import bodyParser from "body-parser"; -import express from "express"; - -const PORT = process.env.NODE_PORT; - -const app = express(); -app.use(bodyParser.json()); -app.use("/webhooks/github", (await import("./routes/github.js")).default); -app.use((err, req, res, next) => { - if (err) console.error(err); - res.status(403).send("Request body was not signed or verification failed"); -}); - -console.log(`Server now listening on port ${PORT}`); -app.listen(parseInt(PORT)); diff --git a/infra/github-notify/server/routes/github.js b/infra/github-notify/server/routes/github.js deleted file mode 100644 index e711bbe00..000000000 --- a/infra/github-notify/server/routes/github.js +++ /dev/null @@ -1,94 +0,0 @@ -import * as k8s from "@kubernetes/client-node"; -import axios from "axios"; -import crypto from "crypto"; -import express from "express"; - -const router = express.Router(); - -const kc = new k8s.KubeConfig(); -kc.loadFromDefault(); -const apps = kc.makeApiClient(k8s.AppsV1Api); -const core = kc.makeApiClient(k8s.CoreV1Api); -const networking = kc.makeApiClient(k8s.NetworkingV1Api); - -const { - GITHUB_NOTIFY_SECRET_TOKEN, - GITLAB_DOMAIN, - GITLAB_PROJECT_BT_ACCESS_TOKEN, -} = process.env; -const NS = "default"; -const SIGNATURE_HEADER = "X-Hub-Signature"; -const GITLAB_PROJECT_ID = 35; - -const verifyPostData = (req, res, next) => { - // "Verify GitHub webhook signature header in Node.js" - // https://gist.githubusercontent.com/stigok/57d075c1cf2a609cb758898c0b202428/raw/f6eb21a416af7aad99982015f8d12c35c33bb758/githook.js - // Using the Kubernetes JavaScript Client Library - // https://blog.codewithdan.com/using-the-kubernetes-javascript-client-library/ - const payload = JSON.stringify(req.body); - if (!payload) { - return next("Request body empty"); - } - const sig = req.get(SIGNATURE_HEADER) || ""; - const hmac = crypto.createHmac("sha1", GITHUB_NOTIFY_SECRET_TOKEN); - const digest = Buffer.from( - `sha1=${hmac.update(payload).digest("hex")}`, - "utf8" - ); - const checksum = Buffer.from(sig, "utf8"); - if ( - checksum.length !== digest.length || - !crypto.timingSafeEqual(digest, checksum) - ) { - return next( - `Request body digest (${digest}) did not match ${SIGNATURE_HEADER} (${checksum})` - ); - } - return next(); -}; - -router.post("/delete", verifyPostData, async (req, res) => { - const { - // Delete branch payload https://developer.github.com/webhooks/event-payloads - ref, - ref_type, - } = req.body; - console.log(req.body); - if (ref_type != "branch") { - return res.sendStatus(200); - } - try { - await Promise.all([ - apps.deleteNamespacedDeployment(`bt-backend-dev-${ref}`, NS), - apps.deleteNamespacedDeployment(`bt-frontend-dev-${ref}`, NS), - core.deleteNamespacedSecret(`bt-backend-dev-${ref}`, NS), - core.deleteNamespacedService(`bt-backend-dev-${ref}`, NS), - core.deleteNamespacedService(`bt-frontend-dev-${ref}`, NS), - networking.deleteNamespacedIngress( - `bt-ingress-tricycle-backend-dev-${ref}`, - NS - ), - networking.deleteNamespacedIngress( - `bt-ingress-tricycle-frontend-dev-${ref}`, - NS - ), - ]); - } catch (e) { - console.error(e); - } - try { - await axios.delete( - `${GITLAB_DOMAIN}/api/v4/projects/${GITLAB_PROJECT_ID}/repository/branches/${ref}`, - { - headers: { - "PRIVATE-TOKEN": GITLAB_PROJECT_BT_ACCESS_TOKEN, - }, - } - ); - } catch (e) { - console.error(e); - } - return res.sendStatus(200); -}); - -export default router; diff --git a/infra/gitlab-notify/Dockerfile b/infra/gitlab-notify/Dockerfile deleted file mode 100644 index cdc8f2e7f..000000000 --- a/infra/gitlab-notify/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM ubuntu:20.04 -USER root -RUN apt update -RUN apt install -y curl -RUN curl -s https://deb.nodesource.com/setup_16.x | bash - -RUN apt update -RUN apt install -y nodejs -RUN mkdir /gitlab-notify -WORKDIR /gitlab-notify -COPY . /gitlab-notify -RUN npm install diff --git a/infra/gitlab-notify/package.json b/infra/gitlab-notify/package.json deleted file mode 100644 index c8644ae6a..000000000 --- a/infra/gitlab-notify/package.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "gitlab-notify", - "version": "1.0.0", - "description": "", - "type": "module", - "scripts": { - "start": "node server/index.js" - }, - "dependencies": { - "ansi_up": "^4.0.4", - "axios": "^0.18.1", - "discord.js": "^14.6.0", - "express": "^4.15.2", - "nodemailer": "^6.4.16" - }, - "author": "", - "license": "ISC" -} diff --git a/infra/gitlab-notify/server/index.js b/infra/gitlab-notify/server/index.js deleted file mode 100644 index 78ee70af7..000000000 --- a/infra/gitlab-notify/server/index.js +++ /dev/null @@ -1,15 +0,0 @@ -import axios from "axios"; -import express from "express"; -import bodyParser from "body-parser"; -import gitlab from "./routes/gitlab.js"; - -const PORT = 5000; -axios.defaults.headers["Content-Type"] = "application/json"; - -const app = express(); -app.use(bodyParser.json()); - -app.use("/gitlab", gitlab); - -console.log(`Server now listening on port ${PORT}`); -app.listen(PORT); diff --git a/infra/gitlab-notify/server/routes/gitlab.js b/infra/gitlab-notify/server/routes/gitlab.js deleted file mode 100644 index 7e3c9cd0e..000000000 --- a/infra/gitlab-notify/server/routes/gitlab.js +++ /dev/null @@ -1,213 +0,0 @@ -// https://discordjs.guide/popular-topics/webhooks.html#using-webhooks - -import AU from "ansi_up"; -import axios from "axios"; -import express from "express"; -import nodemailer from "nodemailer"; -import Discord from "discord.js"; - -const ansi_up = new AU.default(); - -const { - PASSWORD_BT_GITLAB_SENDGRID_SMTP, - USERNAME_BT_GITLAB_SENDGRID_SMTP, - GITLAB_DOMAIN, - GITLAB_PROJECT_BT_ACCESS_TOKEN, - DISCORD_WEBHOOK_URL, -} = process.env; - -const quoteCache = {}; -const alreadyPosted = {}; -const avatarURL = "https://i.imgur.com/5TI5N3Q.png"; -const webhookClient = new Discord.WebhookClient( - Discord.parseWebhookURL(DISCORD_WEBHOOK_URL) -); - -const router = express.Router(); -const transporter = nodemailer.createTransport({ - host: "smtp.sendgrid.net", - port: 587, - secure: false, - auth: { - user: USERNAME_BT_GITLAB_SENDGRID_SMTP, - pass: PASSWORD_BT_GITLAB_SENDGRID_SMTP, - }, -}); -await transporter.verify(); - -const today = () => { - const ts = new Date(Date.now()); - const today = `${ts.getFullYear().toString()}${ts - .getMonth() - .toString() - .padStart(2, "0")}${ts.getDate().toString().padStart(2, "0")}`; - return today; -}; - -const inspire = async () => { - const day = today(); - let message; - if (quoteCache[day]) { - console.log(`Cache hit for '${day}'`); - message = `"${quoteCache[day].quote}" —${quoteCache[day].author}`; - } else { - try { - const { - data: { - contents: { quotes }, - }, - } = await axios.get(`https://quotes.rest/qod.json?category=inspire`); - const { quote, author } = quotes[0]; - if (quote && author) { - console.log(`Retrieve quote success: `, quotes[0]); - } - message = `"${quote}" —${author}`; - quoteCache[day] = { quote, author }; - } catch (e) { - console.error("Failed to get inspirational quote, using generic Oski..."); - message = `"did u know? 1 build failure = 1 extra budget cut to EECS program" —Oski🐻`; - } - } - return message; -}; - -router.post("/fail", async (req, res) => { - const { - // Pipeline event payload https://docs.gitlab.com/ee/user/project/integrations/webhooks.html - object_attributes, - project, - commit, - builds, - } = req.body; - console.log(req.body); - const failureDetected = builds.some((build) => build.status == "failed"); - if (!failureDetected) { - return res.sendStatus(200); - } - const message = await inspire(); - const shortSha = commit.id.slice(0, 8); - - let html = ` -

${message}

-

hi ${commit.author.name.toLowerCase()}, looks like we failed to either build or deploy your branch

-

BRANCH: ${object_attributes.ref}

-

COMMIT: ${shortSha}

-

MESSAGE: ${commit.message.trim()}


`; - for (let build of builds) { - if (build.status == "failed") { - html += ` -

JOB #${build.id}

-

BUILD NAME: ${build.name}

-

STARTED: ${build.created_at}

-

FINISHED: ${build.finished_at}

- 
${(
-        await axios.get(
-          `${GITLAB_DOMAIN}/api/v4/projects/${project.id}/jobs/${build.id}/trace`,
-          {
-            headers: {
-              "PRIVATE-TOKEN": GITLAB_PROJECT_BT_ACCESS_TOKEN,
-            },
-          }
-        )
-      ).data
-        .split("\n")
-        .map((line) => ansi_up.ansi_to_html(line))
-        .join("\n")}

`; - } - } - const sendMail = { - from: '"Oski 🐻" ', - to: `"${commit.author.name}" ${commit.author.email}`, - subject: `❌ Build branch '${object_attributes.ref}' pipeline #${ - object_attributes.id - }, commit: '${commit.message.trim()}'`, - html: `${html}`, - }; - console.log(sendMail); - - const day = today(); - if (!(day in alreadyPosted)) { - await webhookClient.send({ - username: "Oski", - content: message, - avatarURL, - }); - alreadyPosted[day] = true; - } - await webhookClient.send({ - username: "Oski", - content: `❌ ${commit.author.name} => ${ - object_attributes.ref - } (${shortSha}: ${commit.message.trim()}) ==> pipeline #${ - object_attributes.id - }`, - avatarURL, - files: [ - { - attachment: Buffer.from(html), - name: `pipeline_${object_attributes.id}.html`, - }, - ], - }); - - // await transporter.sendMail(sendMail); - return res.sendStatus(200); -}); - -router.post("/deployment", async (req, res) => { - const { - // Deployment event payload - // https://docs.gitlab.com/ee/user/project/integrations/webhooks.html - // https://docs.gitlab.com/ee/api/deployments.html - environment, - project, - ref, - short_sha, - status, - } = req.body; - console.log(req.body); - const { author_name, message } = ( - await axios.get( - `${GITLAB_DOMAIN}/api/v4/projects/${project.id}/repository/commits/${short_sha}`, - { - headers: { - "PRIVATE-TOKEN": GITLAB_PROJECT_BT_ACCESS_TOKEN, - }, - } - ) - ).data; - if (environment == "prod") { - if (status == "running") { - await webhookClient.send({ - username: "Oski", - content: `We're deploying commit ${short_sha} to production, OMG ${author_name.toUpperCase()} I'M SO STRESSED, FINGERS CROSSED!!!🤞`, - avatarURL, - }); - } else if (status == "success") { - await webhookClient.send({ - username: "Oski", - content: `It worked ${author_name}! WE DEPLOYED COMMIT ${short_sha} TO PROD! GO BEARS🐻🎉\n...actually let's manually double check, just to be safe`, - avatarURL, - }); - } else if (status == "failed") { - await webhookClient.send({ - username: "Oski", - content: `😭Sorry ${author_name}, we did our best to deploy ${short_sha} to prod, but we fucked up and now Stanford🌲 gets 1 more Big Game win`, - avatarURL, - }); - } - } else { - if (status == "success") { - await webhookClient.send({ - username: "Oski", - content: `✅ ${author_name} => ${ref} (${short_sha}: ${message.trim()}) ==> https://${ - ref == "master" ? "staging" : ref - }.berkeleytime.com`, - avatarURL, - }); - } - } - return res.sendStatus(200); -}); - -export default router; diff --git a/infra/gitlab-runner/Dockerfile b/infra/gitlab-runner/Dockerfile deleted file mode 100644 index 0adb679ba..000000000 --- a/infra/gitlab-runner/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM ubuntu:20.04 -USER root -RUN apt update -RUN apt install -y curl gettext apt-transport-https ca-certificates gnupg2 -RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -RUN curl -s https://deb.nodesource.com/setup_16.x | bash - -RUN echo "deb https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list -RUN echo "deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main" > /etc/apt/sources.list.d/kubernetes.list -RUN apt update -RUN apt install -y google-cloud-sdk kubeadm nodejs diff --git a/infra/helm/curator.yaml b/infra/helm/curator.yaml deleted file mode 100644 index 4aa3a546b..000000000 --- a/infra/helm/curator.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Default values -# https://github.com/helm/charts/blob/01fe5e32178ea1540d1907a7a8badf3bf530c520/stable/elasticsearch-curator/values.yaml -image: - repository: untergeek/curator - tag: 5.8.1 - -cronjob: - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 1 - schedule: "0 * * * *" - successfulJobsHistoryLimit: 1 - startingDeadlineSeconds: 60 - -configMaps: - action_file_yml: |- - actions: - 1: - action: delete_indices - description: >- - Delete indices matching the prefix in excess of specified maximum GB - cluster space starting with the oldest indices' index creation_date. - The disk space total condition is cumulative for all matched indices - options: - allow_ilm_indices: True - ignore_empty_list: True - timeout_override: 300 - continue_if_exception: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: .ds-metricbeat - - filtertype: count # exclude undeletable active data stream write index - count: 1 - - filtertype: space - disk_space: 15 - use_age: True - source: creation_date - 2: - action: delete_indices - options: - allow_ilm_indices: True - ignore_empty_list: True - timeout_override: 300 - continue_if_exception: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: .ds-k8s-rook-ceph - - filtertype: count - count: 1 - - filtertype: space - disk_space: 2 - use_age: True - source: creation_date - 3: - action: delete_indices - options: - allow_ilm_indices: True - ignore_empty_list: True - timeout_override: 300 - continue_if_exception: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: .ds-k8s-ingress-nginx - - filtertype: count - count: 1 - - filtertype: space - disk_space: 2 - use_age: True - source: creation_date - 4: - action: delete_indices - options: - allow_ilm_indices: True - ignore_empty_list: True - timeout_override: 300 - continue_if_exception: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: .ds-k8s-default - - filtertype: count - count: 1 - - filtertype: space - disk_space: 2 - use_age: True - source: creation_date - config_yml: |- - client: - hosts: - - bt-elasticsearch - port: 9200 diff --git a/infra/helm/elastalert.yaml b/infra/helm/elastalert.yaml deleted file mode 100644 index dad3e8b62..000000000 --- a/infra/helm/elastalert.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# Rules appear in /opt/rules -# Config appears in /opt/config -# Create index pattern in Kibana first, Advanced option "Custom index pattern ID" - -# [Elastalert] Enable alert only in specific hour range -# https://marchal.tech/blog/2019/08/27/elastalert-enable-alert-only-in-specific-hour-range/ - -# Helm values template: -# https://github.com/jertel/elastalert-docker/blob/d0c017e5af2145b69511f7e6764b60e2c27166ee/chart/elastalert/values.yaml -# Other examples: -# https://github.com/oneoneonepig/elastalert-chart/blob/master/values.yaml -replicaCount: 1 -elasticsearch: - host: bt-elasticsearch - port: 9200 - # # Specifies an existing secret to be used for the ES username/password - # credentialsSecret: general-secrets - # # The key in elasticsearch.credentialsSecret that stores the ES password - # credentialsSecretUsernameKey: USERNAME_ELASTICSEARCH_USER_ELASTIC - # # The key in elasticsearch.credentialsSecret that stores the ES username - # credentialsSecretPasswordKey: PASSWORD_ELASTICSEARCH_USER_ELASTIC -extraConfigOptions: - # slack_webhook_url: XXX # berkeleytime-integrations channel - # generate_kibana_link: true - # kibana_url: https://berkeleytime.com/kibana/ -# :upside_down_face: *Node:* -rules: - bt-psql-prod: |- - name: bt - type: any - index: k8s-* - filter: - - query_string: - query: "(kubernetes.labels.component: bt-psql-prod OR kubernetes.labels.component: bt-psql-staging OR kubernetes.labels.component: bt-backend-prod OR kubernetes.labels.component: bt-backend-staging OR kubernetes.labels.component: bt-backend-data-updater-prod OR kubernetes.labels.component: bt-backend-data-updater-staging) AND stream: stderr" - alert: - - slack - alert_text_type: alert_text_only - alert_text_args: - - _id - - kubernetes.node.name - - kubernetes.pod.name - - message - - container.id - - "@timestamp" - - kubernetes.labels.component - alert_text: |- - *{6}* {5} - :bear: - :cry: *Pod:* {2} - :no_good::skin-tone-2: *Error:* {3} - # generate_kibana_discover_url: true - # kibana_discover_url: true - # kibana_discover_app_url: https://berkeleytime.com/kibana/app/discover# - # kibana_discover_version: '7.3' - # kibana_discover_columns: - # - kubernetes.pod.name - # - message - # kibana_discover_index_pattern_id: k8s-index-pattern-id - # slack_attach_kibana_discover_url: true - # slack_kibana_discover_title: "Kibana Log Stream" - slack_channel: "#berkeleytime-integrations" - slack_icon_url_override: https://i.imgur.com/5TI5N3Q.png - slack_title: ":point_right::skin-tone-2::point_left::skin-tone-2:🥺" - slack_username_override: Oski - slack_webhook_url: $SLACK_WEBHOOK_URL # berkeleytime-integrations channel diff --git a/infra/helm/filebeat.yaml b/infra/helm/filebeat.yaml deleted file mode 100644 index b94b80724..000000000 --- a/infra/helm/filebeat.yaml +++ /dev/null @@ -1,76 +0,0 @@ -# Template: https://github.com/elastic/helm-charts/blob/master/filebeat/values.yaml -daemonset: - resources: - requests: - cpu: ~ - memory: ~ - limits: - cpu: ~ - memory: ~ -filebeatConfig: - filebeat.yml: | - output: - logstash: - hosts: ["bt-logstash-logstash-headless:5044"] - setup: - kibana: - host: bt-kibana-kibana:5601 - path: /kibana - dashboards: - enabled: false - retry: - enabled: false - ilm: - enabled: false - template: - enabled: false - logging: - level: info - filebeat: - # inputs: - # - type: container - # paths: - # - /var/log/containers/*.log - # processors: - # - add_kubernetes_metadata: - # host: ${NODE_NAME} - # matchers: - # - logs_path: - # logs_path: /var/log/containers/ - autodiscover: - providers: - - type: kubernetes - templates: - - condition: - or: - - equals: - kubernetes.namespace: default - - equals: - kubernetes.namespace: ingress-nginx - config: - - type: container - paths: - - /var/log/containers/*-${data.kubernetes.container.id}.log - multiline: - pattern: '^{' - negate: true - match: after - processors: - - add_kubernetes_metadata: - host: ${NODE_NAME} - matchers: - - logs_path: - logs_path: /var/log/containers/ - # https://gist.github.com/jaganthoutam/34c02a5f19c47a49dcea7b85b9b3667a#file-filebeat-with-pipeline-yam - # documented at https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-container.html -tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule -extraVolumeMounts: - - name: sysdate - mountPath: /etc/localtime -extraVolumes: - - name: sysdate - hostPath: - path: /etc/localtime diff --git a/infra/helm/gitlab-runner.yaml b/infra/helm/gitlab-runner.yaml deleted file mode 100644 index a3d7a550b..000000000 --- a/infra/helm/gitlab-runner.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Template from: https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml -gitlabUrl: http://bt-gitlab:80/git -runners: - config: | - [[runners]] - [runners.kubernetes] - image = "ubuntu:20.04" - privileged = false - image_pull_secrets = ["docker-registry-gcr"] - poll_timeout = 600 - pull_policy = "always" - protected = true - secret: bt-gitlab-runner -unregisterRunners: true \ No newline at end of file diff --git a/infra/helm/ingress-nginx.yaml b/infra/helm/ingress-nginx.yaml deleted file mode 100644 index d96b59c42..000000000 --- a/infra/helm/ingress-nginx.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# https://github.com/kubernetes/ingress-nginx/blob/7cdc819bb33e47628aa626912255249952eb18c1/charts/ingress-nginx/values.yaml -controller: - kind: DaemonSet - service: - type: LoadBalancer - externalTrafficPolicy: Local - config: - http2-max-field-size: "8k" - large-client-header-buffers: "4 12k" - proxy-buffer-size: "32k" - vts-status-zone-size: "20m" - disable-access-log: "false" - log-format-escape-json: "false" - # (Default HTTP log) log-format-upstream: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id' - # (JSON-based example) log-format-upstream: '{ "type": "access_logs", "ssl_protocl": "$ssl_protocol", "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr","x-forward-for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user":"$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status":"$status", "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri","request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent":"$http_user_agent", "upstream": "$upstream_addr", "upstream_status": "$upstream_status", "upstream_latency": "$upstream_response_time", "ingress": "$ingress_name", "namespace": "$namespace" }' - # (Default TCP/UDP log) log_format: '[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time' - # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/log-format/ - log-format-upstream: "$remote_addr [$time_local] [$request] [$http_referer] [$http_user_agent] [$proxy_upstream_name] [$upstream_addr] $status $body_bytes_sent $request_length $request_time $upstream_response_length $upstream_response_time $upstream_status $req_id" - log-format-stream: "$remote_addr [$protocol] $remote_port [$time_local] [$proxy_upstream_name] [$upstream_addr] $status $bytes_sent $bytes_received $session_time" - # hostNetwork: true - # http-snippet: | - # more_set_headers "Server: "; map $geoip_city_continent_code $is_eu_visit { default 0; EU 1; } - # limit-conn-status-code: "429" - # worker-shutdown-timeout: 240s - # enable-opentracing: "true" - # datadog-collector-host: $HOST_IP -tcp: - 2222: default/bt-gitlab:2222::PROXY - 5432: default/bt-psql-staging:5432::PROXY - 6379: default/bt-redis-staging-master:6379::PROXY - 27017: default/bt-mdb-staging-0-external:27017::PROXY diff --git a/infra/helm/istio-base.yaml b/infra/helm/istio-base.yaml deleted file mode 100644 index 4dc3e8f8e..000000000 --- a/infra/helm/istio-base.yaml +++ /dev/null @@ -1,4 +0,0 @@ -global: - # hub: docker.io/istio - # tag: 1.9-dev.3 # https://hub.docker.com/r/istio/base/tags - istioNamespace: istio diff --git a/infra/helm/istiod.yaml b/infra/helm/istiod.yaml deleted file mode 100644 index 3d1fb06c9..000000000 --- a/infra/helm/istiod.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Default values -# https://github.com/istio/istio/blob/41b7d5b72f177303e98cb89dbc53ad8aada4adf6/manifests/charts/istio-control/istio-discovery/values.yaml -global: - # hub: docker.io/istio - # tag: 1.9.0 # https://hub.docker.com/r/istio/pilot/tags - istioNamespace: istio - proxy: - autoInject: disabled - excludeIPRanges: 10.96.0.0/12 # inter-cluster traffic breaks without this, kubectl describe pod kube-apiserver -n kube-system | grep 'service-cluster-ip-range' -meshConfig: - rootNamespace: istio -sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - alwaysInjectSelector: - - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" diff --git a/infra/helm/kibana.yaml b/infra/helm/kibana.yaml deleted file mode 100644 index 60dc30a2c..000000000 --- a/infra/helm/kibana.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# TODO: Access control in Kibana? -# https://github.com/floragunncom/search-guard - -# Template: https://github.com/elastic/helm-charts/blob/480a19413024cab7f9ea96e2d40078bc2247ce2d/kibana/values.yaml -# Example scripted field nginx.ip_agent which combines 2 existing fields -# [ doc['nginx.client_ip.keyword']+''+doc['nginx.user_agent.keyword'] ] -# Kibana Dev Tools example to verify: -# GET /k8s-ingress-nginx-*/_search?pretty=true -# { -# "size": 55, -# "aggs": { -# "ip_agent": { -# "composite": { -# "sources": [ -# { "ip": { "terms": { "field": "nginx.client_ip.keyword" } } }, -# { "agent": { "terms": { "field": "nginx.user_agent.keyword" } } } -# ] -# } -# } -# } -# } -# Example Kibana query DSL that uses wildcards in searches -# {"wildcard":{"kubernetes.pod.name":"berkeleytime*"}} -kibanaConfig: - kibana.yml: | - server: - basePath: /kibana - rewriteBasePath: true - telemetry: - enabled: false - # https://stackoverflow.com/questions/56048741/how-to-hide-menu-items-in-kibana - xpack: - infra: - sources: - default: - logAlias: k8s* - metricAlias: metricbeat* - reporting: - encryptionKey: ${ENCRYPTION_KEY_KIBANA} - security: - encryptionKey: ${ENCRYPTION_KEY_KIBANA} - encryptedSavedObjects: - encryptionKey: ${ENCRYPTION_KEY_KIBANA} -elasticsearchHosts: http://bt-elasticsearch:9200 -healthCheckPath: /kibana/api/status -replicas: 1 -lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - | - while [ "$(curl -s -o /dev/null -w '%{http_code}\n' $KIBANA/app/kibana)" != "200" ] - do - echo `date +"%Y-%m-%d %H:%M:%S"` ...waiting for Kibana to be ready - sleep 1 - done - add_index_pattern() { - curl -d "@-" -X POST -H "Content-Type: application/json" -H "kbn-xsrf: -" "$KIBANA/api/saved_objects/index-pattern/$1" << EOF - { - "attributes": { - "title": "$2", - "timeFieldName": "$3" - } - } - EOF - } - set_default_index_pattern() { - curl -d "@-" -X POST -H "Content-Type: application/json" -H "kbn-xsrf: -" "$KIBANA/api/kibana/settings" << EOF - { - "changes": { - "defaultIndex": "$1" - } - } - EOF - } - - # We add "|| true" because POST = can run only once, and PUT = doesn't work because if resource doesn't exist, it fails - add_index_pattern k8s-index-pattern-id k8s-* @timestamp || true - add_index_pattern k8s-ingress-nginx-index-pattern-id k8s-ingress-nginx* @timestamp || true - add_index_pattern gitlab-index-pattern-id gitlab-* || true - add_index_pattern metricbeat-index-pattern-id metricbeat* @timestamp || true - set_default_index_pattern k8s-index-pattern-id -extraEnvs: - - name: ENCRYPTION_KEY_KIBANA - valueFrom: - secretKeyRef: - name: general-secrets - key: ENCRYPTION_KEY_KIBANA - - name: KIBANA - value: http://localhost:5601/kibana -# - name: ELASTICSEARCH_USERNAME -# valueFrom: -# secretKeyRef: -# name: general-secrets -# key: USERNAME_ELASTICSEARCH_USER_KIBANA_SYSTEM -# - name: ELASTICSEARCH_PASSWORD -# valueFrom: -# secretKeyRef: -# name: general-secrets -# key: PASSWORD_ELASTICSEARCH_USER_KIBANA_SYSTEM -# -# resources: -# requests: -# cpu: "200m" # Default: 1000m -# memory: "1G" # Default: 2Gi -# limits: -# cpu: "200m" # Default: 1000m -# memory: "1G" # Default: 2Gi diff --git a/infra/helm/logstash.yaml b/infra/helm/logstash.yaml deleted file mode 100644 index a0f360e34..000000000 --- a/infra/helm/logstash.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Values template -# https://github.com/elastic/helm-charts/blob/e4ab721d108439a23187dc4da674ac20e6ede056/logstash/values.yaml -replicas: 1 -logstashConfig: - logstash.yml: | - xpack: - monitoring: - enabled: false - elasticsearch: - hosts: - - http://bt-elasticsearch:9200 - http.host: "0.0.0.0" -logstashPipeline: - logstash.conf: | - input { - beats { - port => 5044 - host => "0.0.0.0" - } - } - filter { - if [kubernetes][namespace] { - mutate { add_field => { "[target_index]" => "k8s-%{[kubernetes][namespace]}" } } - } else { - mutate { add_field => { "[target_index]" => "k8s" } } - } - if [kubernetes][namespace] == "ingress-nginx" { - # HTTP nginx logs - grok { - match => { "message" => "%{IPORHOST:[nginx][client_ip]} \[%{HTTPDATE:[nginx][access_time]}\] \[%{WORD:[nginx][http_method]} %{DATA:[nginx][access_url]} HTTP/%{NUMBER:[nginx][http_version]}\] \[%{DATA:[nginx][access_referrer]}\] \[%{DATA:[nginx][user_agent]}\] \[%{DATA:[nginx][proxy_upstream_name]}\] \[%{DATA:[nginx][upstream_addr]}\] %{NUMBER:[nginx][http_response_code]} %{NUMBER:[nginx][body_bytes_sent]} %{NUMBER:[nginx][request_length]} %{NUMBER:[nginx][request_time]} %{NUMBER:[nginx][upstream_response_length]} %{NUMBER:[nginx][upstream_response_time]} %{NUMBER:[nginx][upstream_status]} %{DATA:[nginx][req_id]}" } - } - - # For non-HTTP nginx logs - grok { - match => { "message" => "%{IPORHOST:[nginx][client_ip]} \[%{WORD:[nginx][port_protocol]}\] %{NUMBER:[nginx][port_number]} \[%{HTTPDATE:[nginx][access_time]}\] \[%{DATA:[nginx][proxy_upstream_name]}\] \[%{DATA:[nginx][upstream_addr]}\] %{NUMBER:[nginx][status]} %{NUMBER:[nginx][bytes_sent] %{NUMBER:[nginx][bytes_received] %{NUMBER:[nginx][session_time] %{DATA:[nginx][req_id]}" } - } - geoip { - source => "[nginx][client_ip]" - target => "[geoip]" - } - } - } - output { - elasticsearch { - hosts => "http://bt-elasticsearch:9200" - manage_template => false - action => "create" - ilm_enabled => false - index => "%{[target_index]}" - # user => "${ELASTICSEARCH_USERNAME}" - # password => "${ELASTICSEARCH_PASSWORD}" - } - # stdout { codec => "rubydebug" } # must be run by itself - } diff --git a/infra/helm/metallb.yaml b/infra/helm/metallb.yaml deleted file mode 100644 index 2ecff7bf8..000000000 --- a/infra/helm/metallb.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Default values -# https://github.com/bitnami/charts/tree/master/bitnami/metallb -# controller: -# image: -# repository: metallb/controller -# tag: v0.9.5 -# speaker: -# image: -# repository: metallb/speaker -# tag: v0.9.5 -configInline: - address-pools: - - name: default - protocol: layer2 - addresses: - - 169.229.226.55-169.229.226.55 diff --git a/infra/helm/metricbeat.yaml b/infra/helm/metricbeat.yaml deleted file mode 100644 index 0bb0af9f2..000000000 --- a/infra/helm/metricbeat.yaml +++ /dev/null @@ -1,243 +0,0 @@ -# https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html -# https://github.com/elastic/helm-charts/blob/7.9/metricbeat/values.yaml - -image: docker.elastic.co/beats/metricbeat -imageTag: 7.13.0-SNAPSHOT -replicas: 1 -daemonset: - enabled: true - extraEnvs: - - name: ELASTICSEARCH_HOSTS - value: http://bt-elasticsearch:9200 - metricbeatConfig: - metricbeat.yml: | - output: - elasticsearch: - hosts: ${ELASTICSEARCH_HOSTS} - index: metricbeat-%{[agent.version]} - # username: '${ELASTICSEARCH_USERNAME}' - # password: '${ELASTICSEARCH_PASSWORD}' - index: metricbeat - hosts: - - ${ELASTICSEARCH_HOSTS} - setup: - kibana: - host: bt-kibana-kibana:5601 - path: /kibana - dashboards: - enabled: true - index: metricbeat* - retry: - enabled: true - ilm: - enabled: false - rollover_alias: metricbeat - pattern: ~ - template: - type: component - name: metricbeat - pattern: metricbeat-index-pattern-id - - metricbeat.modules: - - module: kubernetes - enabled: true - metricsets: - - container - - node - - pod - - system - - volume - period: 20s - hosts: - - https://berkeleytime.com:10250 - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl: - verification_mode: none - processors: - - add_kubernetes_metadata: - in_cluster: true - - - module: kubernetes - enabled: true - hosts: - - bt-metricbeat-kube-state-metrics:8080 - metricsets: - - state_node - - state_deployment - - state_replicaset - - state_pod - - state_container - - state_persistentvolume - - state_persistentvolumeclaim - add_metadata: true - period: 20s - - - module: system - enabled: true - metricsets: - - core - - cpu - - diskio - - load - - memory - - network - - process - - process_summary - - socket - - socket_summary - - uptime - processes: ['.*'] - process.include_top_n: - by_cpu: 10 - by_memory: 10 - system.hostfs: /hostfs - period: 20s - - # - module: system - # enabled: true - # period: 1m - # metricsets: - # - filesystem - # - fsstat - # processors: - # - drop_event.when.regexp: - # system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' - - - module: docker - enabled: true - metricsets: - - container - - cpu - # - diskio - # - event - # - healthcheck - # - image - # - info - - memory - - network - hosts: - - unix:///var/run/docker.sock - period: 20s - system.hostfs: /hostfs - - # - module: elasticsearch - # enabled: true - # metricsets: - # - node - # - node_stats - # - index - # - index_recovery - # - shard - # - ml_job - # hosts: - # - http://bt-elasticsearch:9200 - # period: 10s - # system.hostfs: /hostfs - - # - module: kubernetes - # enabled: true - # metricsets: - # - apiserver - # hosts: - # - https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT} - # ssl.verification_mode: none - # bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - # - # - module: kubernetes - # enabled: true - # metricsets: - # - scheduler - # hosts: - # - https://localhost:10259 - # sl.certificate_authorities: - # - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # period: 10s - # - # - module: kubernetes - # enabled: true - # metricsets: - # - controllermanager - # hosts: - # - https://localhost:10257 - # sl.certificate_authorities: - # - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # period: 10s - - # TODO: separate out USER and PASSWORD for postgres and mongodb to secret - - # - module: postgresql # run 'CREATE extension pg_stat_statements;' in psql - # enabled: true - # hosts: - # - postgres://:@ingress-nginx-controller.ingress-nginx.svc.cluster.local/?sslmode=disable - # metricsets: - # - database # Stats about every PostgreSQL database - # - bgwriter # Stats about the background writer process's activity - # - activity # Stats about every PostgreSQL process - # - statement # Stats for statement executions, needs pg_stat_statements - # period: 10s - - # - module: mongodb - # enabled: true - # hosts: - # - mongodb://: /etc/apt/sources.list.d/mongodb.list -# apt install -y mongodb-org - -# MANUALLY VERIFY WORKS IN MONGO: -# mongo "mongodb://:@bt-mdb-staging-0.bt-mdb-staging-headless.default.svc.cluster.local,bt-mdb-staging-1.bt-mdb-staging-headless.default.svc.cluster.local/?authSource=admin&replicaSet=rs0" -# OR for external access: -# mongo "mongodb+srv://:@mdb.berkeleytime.com/?authSource=admin&replicaSet=rs0" -# use bt -# db.fruits.insertOne({ name: "Mango", season: "Summer"}) -# db.fruits.find({}) - -# example secret format for existingSecret: -# mongodb-password= -# mongodb-replica-set-key= -# mongodb-root-password= - -# Fancy mongodb dns srv records in GCP so that mongodb+srv is possible -# gcloud dns record-sets delete --zone berkeleytime --type SRV _mongodb._tcp.mdb.berkeleytime.com. -# gcloud dns record-sets delete --zone berkeleytime --type TXT mdb.berkeleytime.com. -# gcloud dns record-sets create _mongodb._tcp.mdb.berkeleytime.com. --type SRV --ttl 300 --zone berkeleytime --rrdatas "0 0 27017 mdb0.berkeleytime.com.","0 0 27018 mdb1.berkeleytime.com.","0 0 27019 mdb2.berkeleytime.com." -# gcloud dns record-sets create mdb.berkeleytime.com. --type TXT --ttl 300 --zone berkeleytime --rrdatas "authSource=bt&replicaSet=rs0" - -arbiter: - enabled: false -architecture: replicaset # replicaset is great as it enables transaction support -auth: - enabled: true - existingSecret: bt-mdb-$CI_ENVIRONMENT_NAME - username: bt - database: bt -fullnameOverride: bt-mdb-$CI_ENVIRONMENT_NAME -persistence: - size: 1G - accessModes: - - ReadWriteOnce - mountPath: /bitnami/mongodb - subPath: "" -replicaSetName: rs0 -strategyType: RollingUpdate -externalAccess: - enabled: true - service: - type: NodePort - domain: berkeleytime.com - nodePorts: - - 32017 -# readinessProbe: # must be disabled so that traffic can use svc name for sidecar -# enabled: false -replicaCount: $MDB_REPLICA_COUNT -# sidecars: # custom sidecar waits for mdb to start, then changes hostnames to dns, only required if replicaCount > 1 -# - name: mongo -# image: mongo:4.4.4 -# env: -# - name: DOMAIN -# value: berkeleytime.com -# - name: PORT -# value: "27017" -# - name: REPLICAS -# value: "$MDB_REPLICA_COUNT" -# envFrom: -# - secretRef: -# name: bt-mdb-$CI_ENVIRONMENT_NAME -# command: -# - bash -# - -c -# - | -# while true -# do -# password=`env | sed -n 's/mongodb-root-password=\(.*\)/\1/p'` - -# mongo "mongodb://root:${password}@localhost" -- << EOF -# const replicaCount = $REPLICAS; -# const domain = "$DOMAIN"; -# const h = getHostName(); -# const baseHostname = h.split('-').slice(0, -1).join('-'); -# const basePort = $PORT; -# const c = rs.conf(); -# const s = rs.status(); - -# if ( -# s.members && -# s.members.length == replicaCount && -# s.members.every(member => member.name.includes(baseHostname) && member.health == 1) -# ) { -# print("all replicas healthy and properly named"); -# quit(255); -# } -# c.members = []; -# if (h.includes('staging')) { -# for (let i = 0; i < replicaCount; i++) { -# c.members.push({ _id: i, host: \`\${domain}:\${basePort + i}\`}) -# } -# } else { -# for (let i = 0; i < replicaCount; i++) { -# c.members.push({ _id: i, host: \`\${baseHostname}-\${i}:\${basePort}\` }); -# } -# } -# rs.reconfig(c, { force: true }); // forced reconfig results in maxing out NumberLong https://stackoverflow.com/questions/15285060/reconfig-mongo-replicaset-increments-version-randomly -# EOF - -# if [[ $? -eq 255 ]]; then -# echo `date +"%Y-%m-%d %H:%M:%S"` ...replica set is configured correctly... -# sleep 600 -# else -# echo `date +"%Y-%m-%d %H:%M:%S"` ...retrying replica set configuration... -# sleep 15 -# fi -# done -# livenessProbe: -# enabled: false -# initialDelaySeconds: 300 -# timeoutSeconds: 5 -# failureThreshold: 20 -# successThreshold: 1 -# readinessProbe: # required to be disabled so that svc cluster traffic can arrive -# enabled: false -# initialDelaySeconds: 300 -# timeoutSeconds: 10 -# failureThreshold: 20 -# successThreshold: 1 -tls: - enabled: false # only because we want to bring external certs from LetsEncrypt -# existingSecret: # only use this if self-signed certs are desired, because apparently this can only do self-signed certs # https://github.com/bitnami/charts/issues/6045#issuecomment-831480168 - -extraEnvVars: - - name: MONGODB_EXTRA_FLAGS - value: --tlsMode allowTLS --tlsCAFile /pki/lets-encrypt-r3.pem --tlsCertificateKeyFile /pki/tls.pem --tlsAllowConnectionsWithoutCertificates -extraVolumes: - - name: pki - emptyDir: {} # this vol is for building pem file for mdb container using tls - - name: letsencrypt - secret: - secretName: bt-tls # change secretName to whichever LetsEncrypt TLS secret - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -extraVolumeMounts: - - name: pki - mountPath: /pki -initContainers: - - name: curl - image: curlimages/curl - command: - - sh - - -c - - | - cat /letsencrypt/tls.crt /letsencrypt/tls.key > /pki/tls.pem - curl https://letsencrypt.org/certs/lets-encrypt-r3.pem > /pki/lets-encrypt-r3.pem - volumeMounts: - - mountPath: /pki - name: pki - - mountPath: /letsencrypt - name: letsencrypt -# configuration: |- -# # Default configuration file that comes in Helm chart -# # path: /opt/bitnami/mongodb/conf/mongodb.conf -# # ------------------------------------------------- -# # mongod.conf -# # for documentation of all options, see: -# # http://docs.mongodb.org/manual/reference/configuration-options/ -# storage: -# dbPath: /bitnami/mongodb/data/db -# journal: -# enabled: true -# directoryPerDB: false -# systemLog: -# destination: file -# quiet: false -# logAppend: true -# logRotate: reopen -# path: /opt/bitnami/mongodb/logs/mongodb.log -# verbosity: 0 -# net: -# port: 27017 -# unixDomainSocket: -# enabled: true -# pathPrefix: /opt/bitnami/mongodb/tmp -# ipv6: false -# bindIpAll: false -# bindIp: 127.0.0.1 -# #replication: -# #replSetName: replicaset -# #enableMajorityReadConcern: true -# # sharding options -# #sharding: -# #clusterRole: -# # process management options -# processManagement: -# fork: false -# pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid -# # set parameter options -# setParameter: -# enableLocalhostAuthBypass: true -# # security options -# security: -# authorization: disabled -# #keyFile: replace_me diff --git a/infra/helm/redis.yaml b/infra/helm/redis.yaml deleted file mode 100644 index a4bed2e3f..000000000 --- a/infra/helm/redis.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# https://github.com/bitnami/charts/blob/4aad73ac532eb282e2c68162b475b0a1ae264e30/bitnami/redis/values.yaml -usePassword: true -existingSecretPasswordKey: REDIS_PASSWORD -master: - persistence: - enabled: false -architecture: standalone -auth: - enabled: true - existingSecret: bt-redis-${CI_ENVIRONMENT_NAME} - existingSecretPasswordKey: REDIS_PASSWORD diff --git a/infra/helm/rook.yaml b/infra/helm/rook.yaml deleted file mode 100644 index 569887700..000000000 --- a/infra/helm/rook.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Documentation, default values.yaml -# https://github.com/rook/rook/blob/e305810/Documentation/helm-operator.md -# https://github.com/rook/rook/blob/e305810/cluster/charts/rook-ceph/values.yaml -csi: - enableCephfsDriver: false - enableCephfsSnapshotter: false - enableRBDSnapshotter: false -logLevel: DEBUG -enableDiscoveryDaemon: true diff --git a/infra/init.sh b/infra/init.sh index 78648b291..77371cb2d 100644 --- a/infra/init.sh +++ b/infra/init.sh @@ -1,215 +1,36 @@ -# This file intended to run once on new cluster and used as reference thereafter -# Run line-by-line during first-time k8s cluster setup -- do not run all at once - -# Manually authenticate with gcloud-sdk first if necessary before proceeding -# echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list -# curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - -# apt update && apt install -y google-cloud-sdk && gcloud auth login -# Google Bucket (restricted access) --> https://console.cloud.google.com/storage/browser/berkeleytime-218606?authuser=octo.berkeleytime@asuc.org -# GitHub repo's /infra folder should exist at /berkeleytime/infra on filesystem -# Example sync workflow: -# rsync -rav berkeleytime/infra/ root@berkeleytime.com:/berkeleytime/infra/ - -# During failover, to set domain prefix, eg ocf.berkeleytime.com -> gcp.berkeleytime.com -# find /berkeleytime -type f -name "*" -exec sed -i 's/ocf.berkeleytime.com/gcp.berkeleytime.com/g' "{}" \; -# Benefit of domain prefixing is that you can initialize and test a GCP server in the background while OCF still runs - -# Can use command-line to switch between GCP and OCF IPs in case of failover -# gcloud dns record-sets delete --zone berkeleytime --type A berkeleytime.com -# ADDRESS_GCP=34.94.48.10; gcloud dns record-sets create --zone berkeleytime --type A berkeleytime.com --rrdatas $ADDRESS_OCF -# ADDRESS_OCF=169.229.226.55; gcloud dns record-sets create --zone berkeleytime --type A berkeleytime.com --rrdatas $ADDRESS_GCP - -# Tested on: Ubuntu 20.04, Kubernetes v1.20.2, single-node architecture -# Specific kernel required for core features like BPF (Berkeley Packet Filter) -# > uname -a (show Linux kernel version) -# Linux hozer-55 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux -# For issues such as being unable to even ping host or getting block storage, -# consult with one of the OCF site admins -# Slack: http://fco.slack.com -# Slack username: octo.berkeleytime@asuc.org -# Slack password: can be found in Google Bucket -# Public IRC: https://irc.ocf.berkeley.edu -# (Ja Wattanawong was BT's first OCF site admin) - -# TO-DO / FIXME: -# Currently, all Berkeleytime Kubernetes resources are basically all in the -# "default" namespace. However, what we should do is create a new namespace for -# each Berkeleytime environment ==> "k create ns prod" and then make a -# "$NAMESPACE" env variable in the YAML files, to be substituted with envsubst - -# TO-DO / FIXME: -# This is a giant bash script. Make it more reproducible with Ansible or some other tool - -export DEVICE_IP=$(ip -4 addr show $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') | grep -oP '(?<=inet\s)\d+(\.\d+){3}') -apt update -apt install -y curl -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -curl https://baltocdn.com/helm/signing.asc | apt-key add - -echo "deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main" > /etc/apt/sources.list.d/kubernetes.list -echo "deb https://baltocdn.com/helm/stable/debian/ all main" > /etc/apt/sources.list.d/helm-stable-debian.list -apt update -apt install -y docker.io kubeadm kubelet helm -systemctl enable docker -cp ~/.bashrc ~/.bashrc.bak -echo export KUBECONFIG=\$HOME/.kube/config >> ~/.bashrc -echo alias k='kubectl' >> ~/.bashrc -echo shopt -s histverify >> ~/.bashrc -echo "br_netfilter" > /etc/modules-load.d/containerd.conf -echo "net.ipv4.conf.all.route_localnet = 1" >> /etc/sysctl.conf -echo "127.0.0.1 $HOSTNAME" >> /etc/hosts # for some reason, host can have trouble identifying itself -modprobe br_netfilter -swapoff -a && sed -i "s/\/swap/# \/swap/g" /etc/fstab -kubeadm init --skip-phases addon/kube-proxy # BPF replaces kube-proxy, https://docs.cilium.io/en/v1.9/gettingstarted/kubeproxy-free -sed -i '/- kube-apiserver/a\ \ \ \ - --feature-gates=MixedProtocolLBService=true' /etc/kubernetes/manifests/kube-apiserver.yaml # k8s 1.20 Alpha feature -echo "KUBELET_EXTRA_ARGS='--kube-reserved=cpu=100m,memory=100Mi,ephemeral-storage=1Gi,pid=1000 --system-reserved=cpu=100m,memory=100Mi,ephemeral-storage=1Gi,pid=1000 --eviction-hard=memory.available<500Mi'" > /etc/default/kubelet -mkdir -p ~/.kube && cp /etc/kubernetes/admin.conf ~/.kube/config -kubectl taint nodes $(hostname) node-role.kubernetes.io/master- -kubectl apply -f /berkeleytime/infra/k8s/kube-system -timedatectl set-timezone America/Los_Angeles - -# example use: istioctl proxy-config cluster deploy/bt-psql-staging -n default -curl -sL https://istio.io/downloadIstioctl | sh - # istioctl is istio util, helps -echo export PATH=\$PATH:\$HOME/.istioctl/bin >> ~/.bashrc -# > Helm >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -helm repo add bitnami https://charts.bitnami.com/bitnami -helm repo add cilium https://helm.cilium.io -helm repo add codesim https://helm.codesim.com -helm repo add elastic https://helm.elastic.co -helm repo add gitlab https://charts.gitlab.io/ -helm repo add grafana https://grafana.github.io/helm-charts -helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx -helm repo add jetstack https://charts.jetstack.io -helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard -helm repo add rook-release https://charts.rook.io/release -helm repo add stable https://charts.helm.sh/stable -helm repo update -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Helm < - -# > Nightly Backup >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -curl https://deb.nodesource.com/setup_16.x | bash - -apt install -y nodejs -crontab -l | { cat; echo "0 4 * * * /usr/bin/npm --prefix /berkeleytime/infra/backup install && /bin/node /berkeleytime/infra/backup"; } | crontab - -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Nightly Backup < - -# > fail2ban >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -# This is necessary because log filenames from Kubernetes pods are dynamic, but -# fail2ban does not have any built-in logic to parse new log files, so use -# crontab to poll the logs and put it in a statically named file -crontab -l | { cat; echo "@reboot /bin/node /berkeleytime/infra/fail2ban-helper"; } | crontab - -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< fail2ban < - -# > Cluster networking >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -# If BPF works, policy-related things appear in /sys/fs/bpf -helm install cilium cilium/cilium --version 1.9.6 -n kube-system -f - << EOF -# https://github.com/cilium/cilium/blob/e3f96e3328757f5af394a7e09a2781ce5a1554be/install/kubernetes/cilium/values.yaml -k8sServiceHost: $DEVICE_IP -k8sServicePort: 6443 -kubeProxyReplacement: strict -operator: - replicas: 1 -EOF -git clone --single-branch --branch release-1.9 https://github.com/istio/istio.git # https://github.com/istio/istio/commit/5dd2044 -helm -n istio install istio-base istio/manifests/charts/base -f /berkeleytime/infra/helm/istio-base.yaml --create-namespace -helm -n istio install istiod istio/manifests/charts/istio-control/istio-discovery -f /berkeleytime/infra/helm/istiod.yaml -kubectl apply -f /berkeleytime/infra/k8s/istio/envoy-filter.yaml -helm -n kube-system install metrics-server bitnami/metrics-server --version 5.8.4 -f /berkeleytime/infra/helm/metrics-server.yaml -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Cluster networking < - -# > Import secrets >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -kubectl create ns cert-manager -gsutil cp gs://berkeleytime-218606/secrets/iam-bt-dns01-solver.json - | kubectl create secret generic clouddns-dns01-solver-svc-acct --from-file credentials-clouddns-dns01-solver-svc-acct.json=/dev/stdin -n cert-manager -gsutil cp gs://berkeleytime-218606/secrets/iam-bt-gitlab-runner.json - | kubectl create secret docker-registry docker-registry-gcr --docker-server gcr.io --docker-username _json_key --docker-email bt-gitlab-runner@berkeleytime-218606.iam.gserviceaccount.com --docker-password "$(cat /dev/stdin)" -gsutil cp gs://berkeleytime-218606/secrets/bt-gitlab-runner.env - | kubectl create secret generic bt-gitlab-runner --from-env-file /dev/stdin -gsutil cp gs://berkeleytime-218606/secrets/kubernetes-general-secrets.env - | kubectl create secret generic general-secrets --from-env-file /dev/stdin -gsutil cp gs://berkeleytime-218606/secrets/kubernetes-bt-ingress-protected-routes - | kubectl create secret generic bt-ingress-protected-routes --from-file auth=/dev/stdin -kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"docker-registry-gcr"}]}' -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Import secrets < - -# > rook >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -# This handles dynamic pvcs with bare-metal storage. Uses attached block devices -helm install rook rook-release/rook-ceph -n rook --version v1.6.4 --create-namespace -f /berkeleytime/infra/helm/rook.yaml -kubectl apply -f /berkeleytime/infra/k8s/rook --recursive; -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< rook < - -# > Ingress >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -envsubst << EOF | helm install metallb bitnami/metallb --version 1.0.2 -n kube-system -f - -configInline: - address-pools: - - name: default - protocol: layer2 - addresses: - - $DEVICE_IP-$DEVICE_IP -EOF -helm install ingress-nginx ingress-nginx/ingress-nginx --version 3.27.0 -n ingress-nginx --create-namespace -f /berkeleytime/infra/helm/ingress-nginx.yaml -helm install cert-manager jetstack/cert-manager --version v1.1.0 -n cert-manager --create-namespace --set installCRDs=true -until kubectl apply -f /berkeleytime/infra/k8s/default/certificate.yaml && kubectl apply -f /berkeleytime/infra/k8s/cert-manager/clusterissuer.yaml; do sleep 1; done; -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Ingress < - -# > Elasticsearch >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -kubectl apply -f /berkeleytime/infra/k8s/default/bt-elasticsearch.yaml -helm install bt-logstash elastic/logstash --version 7.12.1 -f /berkeleytime/infra/helm/logstash.yaml -helm install bt-kibana elastic/kibana --version 7.12.1 -f /berkeleytime/infra/helm/kibana.yaml -helm install bt-filebeat elastic/filebeat --version 7.12.1 -f /berkeleytime/infra/helm/filebeat.yaml -helm install bt-metricbeat elastic/metricbeat --version 7.12.1 -f /berkeleytime/infra/helm/metricbeat.yaml # As of 2021-04-01, still waiting for a fix first noticed in Version 7.10.2: "error getting group status: open /proc//cgroup: no such file or directory" -helm install bt-curator stable/elasticsearch-curator -f /berkeleytime/infra/helm/curator.yaml -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Elasticsearch < - -# > Slack Webhook >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -export $(gsutil cp gs://berkeleytime-218606/secrets/slack-url-incoming-webhook.env -) -gsutil cp gs://berkeleytime-218606/secrets/slack-url-incoming-webhook.env - | kubectl create secret generic slack-webhooks --from-env-file /dev/stdin -envsubst < /berkeleytime/infra/helm/elastalert.yaml | helm install bt-elastalert codesim/elastalert --version 1.9.0 -f - -gcloud builds submit --project berkeleytime-218606 /berkeleytime/infra/gitlab-notify --tag gcr.io/berkeleytime-218606/gitlab-notify:latest -kubectl apply -f /berkeleytime/infra/k8s/default/bt-gitlab-notify.yaml -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Slack Webhook < - -# > GitLab >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -# Cannot deploy BT app manually unless have extracted bt-*-prod YAML manifests -# GitLab injects secrets during build time -gcloud auth configure-docker -q -gcloud config set builds/use_kaniko True # use_kaniko allows for easy-peasy simple caching logic by Google during `gcloud builds submit` -gcloud builds submit --project berkeleytime-218606 /berkeleytime/infra/gitlab-runner --tag gcr.io/berkeleytime-218606/gitlab-runner:latest -gcloud builds submit --project berkeleytime-218606 /berkeleytime/infra/github-notify --tag gcr.io/berkeleytime-218606/github-notify:latest -kubectl apply -f /berkeleytime/infra/k8s/default/bt-gitlab.yaml -kubectl apply -f /berkeleytime/infra/k8s/default/bt-github-notify.yaml -helm install bt-gitlab-runner gitlab/gitlab-runner -f /berkeleytime/infra/helm/gitlab-runner.yaml --version 0.28.0 -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< GitLab < - -export INGRESS_LABEL=primary; -export BASE_DOMAIN_NAME=berkeleytime.com; -envsubst '$INGRESS_LABEL $BASE_DOMAIN_NAME' < /berkeleytime/infra/k8s/default/bt-ingress-infra.yaml gv| kubectl apply -f - -envsubst '$INGRESS_LABEL $BASE_DOMAIN_NAME' < /berkeleytime/infra/k8s/default/bt-ingress-status.yaml | kubectl apply -f - - -# > BT App Data Layer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -for CI_ENVIRONMENT_NAME in "staging" "prod" -do - export CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME - gsutil cp gs://berkeleytime-218606/secrets/bt-psql-$CI_ENVIRONMENT_NAME.env - | kubectl create secret generic bt-psql-$CI_ENVIRONMENT_NAME --from-env-file /dev/stdin; - gsutil cp gs://berkeleytime-218606/secrets/bt-redis-$CI_ENVIRONMENT_NAME.env - | kubectl create secret generic bt-redis-$CI_ENVIRONMENT_NAME --from-env-file /dev/stdin; - gsutil cp gs://berkeleytime-218606/secrets/bt-mdb-$CI_ENVIRONMENT_NAME.env - | kubectl create secret generic bt-mdb-$CI_ENVIRONMENT_NAME --from-env-file /dev/stdin; - envsubst < /berkeleytime/infra/k8s/default/bt-psql.yaml | kubectl apply -f - - envsubst < /berkeleytime/infra/helm/redis.yaml | helm install bt-redis-$CI_ENVIRONMENT_NAME bitnami/redis --version 14.1.0 -f - - export MDB_REPLICA_COUNT=1; envsubst '$CI_ENVIRONMENT_NAME $MDB_REPLICA_COUNT' < /berkeleytime/infra/helm/mongodb.yaml | helm install bt-mdb-$CI_ENVIRONMENT_NAME bitnami/mongodb --version 10.25.2 -f - # cannot use more than 1 replica for now until switch to Kubernetes Operator with Split Horizon feature - if [ $CI_ENVIRONMENT_NAME == "staging" ]; then - # Expose staging services to the external internet and use istio-proxy sidecars to handle HAProxy Protocol, which preserves client source IPs via annotation TPROXY - kubectl patch deploy/bt-psql-$CI_ENVIRONMENT_NAME -p '{"spec":{"template":{"metadata":{"annotations":{"sidecar.istio.io/inject":"true","sidecar.istio.io/interceptionMode":"TPROXY"}}}}}' - kubectl patch sts/bt-redis-$CI_ENVIRONMENT_NAME-master -p '{"spec":{"template":{"metadata":{"annotations":{"sidecar.istio.io/inject":"true","sidecar.istio.io/interceptionMode":"TPROXY"}}}}}' - kubectl patch sts/bt-mdb-$CI_ENVIRONMENT_NAME -p '{"spec":{"template":{"metadata":{"annotations":{"sidecar.istio.io/inject":"true","sidecar.istio.io/interceptionMode":"TPROXY"}}}}}' - fi -done -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< BT App Data Layer < - -# > Ingress >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -export INGRESS_LABEL=primary; export BASE_DOMAIN_NAME=berkeleytime.com; envsubst '$INGRESS_LABEL $BASE_DOMAIN_NAME' < /berkeleytime/infra/k8s/default/bt-ingress-primary.yaml | kubectl apply -f - -export INGRESS_LABEL=primary; export BASE_DOMAIN_NAME=berkeleytime.com; envsubst '$INGRESS_LABEL $BASE_DOMAIN_NAME' < /berkeleytime/infra/k8s/default/bt-ingress-infra.yaml | kubectl apply -f - -export INGRESS_LABEL=secondary; export BASE_DOMAIN_NAME=ocf.berkeleytime.com; envsubst '$INGRESS_LABEL $BASE_DOMAIN_NAME' < /berkeleytime/infra/k8s/default/bt-ingress-primary.yaml | kubectl apply -f - -export INGRESS_LABEL=secondary; export BASE_DOMAIN_NAME=ocf.berkeleytime.com; envsubst '$INGRESS_LABEL $BASE_DOMAIN_NAME' < /berkeleytime/infra/k8s/default/bt-ingress-infra.yaml | kubectl apply -f - -# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Ingress < - -openssl genrsa -out signed.key 2048 -openssl req -x509 -new -subj "/C=US/ST=NY/L=New York/O=Example Corp/OU=IT Department/CN=berkeleytime.com" -key signed.key -out signed.crt - -openssl req -new -nodes -subj "/C=US/ST=NY/L=New York/O=Example Corp/OU=IT Department/CN=berkeleytime.com" -keyout signed-me.key -out signed-me.csr -openssl x509 -req -days 365 -in signed-me.csr -out signed-me.crt -CA signed.crt -CAkey signed.key -CAcreateserial -extensions req -cat signed-me.key signed-me.crt > signed-me.pem - -kubectl create secret generic bt-mdb --from-file mongodb-ca-cert=signed-me.crt --from-file mongodb-ca-key=signed-me.pem --from-file client-pem=signed-me.pem +#!/usr/bin/env bash + +# install ingress-nginx with helm +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace bt-base --create-namespace # using namespace=bt-base requires changing chart values (through --set or --values) + +# install app with helm. run in /new-infra +helm install bt \ + --name-template=bt \ + --namespace=bt --create-namespace + +# uninstall app with helm on config changes. run in /new-infra +helm uninstall bt \ + --namespace=bt + +# creates the PV and PVC +kubectl apply -f mongo-PV-PVC.yaml -n bt + +# delete PVC +kubectl delete pvc bt-mongodb-pv-claim -n bt + +# delete PV +kubectl delete pv bt-mongodb-pv + +# install mongodb with helm, replace CHARTNAME with the name of the chart +helm install mongo \ + --set nameOverride="db",persistence.existingClaim=bt-mongodb-pv-claim,persistence.mountPath="./db" \ + --namespace=bt --create-namespace \ + oci://registry-1.docker.io/bitnamicharts/mongodb + +# install redis with helm +helm install redis \ + --set replica.replicaCount=0,master.persistence.enabled=false,replica.persistence.enabled=false \ + --namespace=bt --create-namespace \ + oci://registry-1.docker.io/bitnamicharts/redis \ No newline at end of file diff --git a/infra/k8s/cert-manager/clusterissuer.yaml b/infra/k8s/cert-manager/clusterissuer.yaml deleted file mode 100644 index 4fab16700..000000000 --- a/infra/k8s/cert-manager/clusterissuer.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Need to generate gcloud IAM service account for autoconfigure DNS records -# gcloud iam service-accounts create dns01-solver --display-name "dns01-solver" -# gcloud iam service-accounts keys create key.json --iam-account dns01-solver@berkeleytime-218606.iam.gserviceaccount.com -# gcloud projects add-iam-policy-binding berkeleytime-218606 --member serviceAccount:dns01-solver@berkeleytime-218606.iam.gserviceaccount.com --role roles/dns.admin -# kubectl create secret generic clouddns-dns01-solver-svc-acct --from-file=key.json --namespace cert-manager -# OR use pre-existing dns01-solver credentials -# gsutil cp gs://berkeleytime-218606/secrets/credentials-clouddns-dns01-solver-svc-acct.json /credentials-clouddns-dns01-solver-svc-acct.json -# kubectl create secret generic clouddns-dns01-solver-svc-acct --from-file /credentials-clouddns-dns01-solver-svc-acct.json --namespace cert-manager -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt - # cluster-wide, so namespace does not matter -spec: - acme: - # server: https://acme-staging-v02.api.letsencrypt.org/directory # dev URL - server: https://acme-v02.api.letsencrypt.org/directory # prod ACME server URL - privateKeySecretRef: - name: letsencrypt - solvers: - - dns01: - cloudDNS: - project: berkeleytime-218606 - serviceAccountSecretRef: - name: clouddns-dns01-solver-svc-acct - key: credentials-clouddns-dns01-solver-svc-acct.json diff --git a/infra/k8s/default/bt-backend-data-updater.yaml b/infra/k8s/default/bt-backend-data-updater.yaml deleted file mode 100644 index 1d08c0857..000000000 --- a/infra/k8s/default/bt-backend-data-updater.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: bt-backend-data-updater-$CI_ENVIRONMENT_NAME - namespace: default -spec: - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 - failedJobsHistoryLimit: 1 - jobTemplate: - spec: - activeDeadlineSeconds: 64800 - template: - metadata: - labels: - component: bt-backend-data-updater-$CI_ENVIRONMENT_NAME - spec: - containers: - - command: - - ./update-data.sh - env: - - name: ENVIRONMENT_NAME - value: $CI_ENVIRONMENT_NAME - envFrom: - - secretRef: - name: bt-backend-$CI_ENVIRONMENT_NAME - image: $CI_REGISTRY_IMAGE/bt-backend:$CI_COMMIT_BRANCH - imagePullPolicy: Always - name: bt-backend-data-updater-$CI_ENVIRONMENT_NAME - volumeMounts: - - mountPath: /etc/google - name: bt-backend - readOnly: true - restartPolicy: OnFailure - volumes: - - name: bt-backend - secret: - defaultMode: 420 - items: - - key: GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENTS_BASE64 - path: auth.json - secretName: bt-backend-$CI_ENVIRONMENT_NAME - schedule: 0 9 * * * diff --git a/infra/k8s/default/bt-backend.yaml b/infra/k8s/default/bt-backend.yaml deleted file mode 100644 index a4c5303df..000000000 --- a/infra/k8s/default/bt-backend.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - component: bt-backend-$CI_ENVIRONMENT_NAME - name: bt-backend-$CI_ENVIRONMENT_NAME - namespace: default -spec: - ports: - - name: http-bt-port - port: 80 - protocol: TCP - targetPort: 5000 - selector: - component: bt-backend-$CI_ENVIRONMENT_NAME - type: ClusterIP - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: bt-backend-$CI_ENVIRONMENT_NAME - name: bt-backend-$CI_ENVIRONMENT_NAME - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - component: bt-backend-$CI_ENVIRONMENT_NAME - template: - metadata: - labels: - component: bt-backend-$CI_ENVIRONMENT_NAME - spec: - containers: - - command: - - /bin/sh - - -c - - > - python3 /backend/manage.py runserver 0.0.0.0:5000; - env: - - name: ENVIRONMENT_NAME - value: $CI_ENVIRONMENT_NAME - envFrom: - - secretRef: - name: bt-backend-$CI_ENVIRONMENT_NAME - image: $CI_REGISTRY_IMAGE/bt-backend:$CI_COMMIT_BRANCH - imagePullPolicy: Always - name: bt-backend-$CI_ENVIRONMENT_NAME - ports: - - containerPort: 5000 - protocol: TCP - volumeMounts: - - mountPath: /etc/google - name: bt-backend - readOnly: true - volumes: - - name: bt-backend - secret: - defaultMode: 420 - items: - - key: GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENTS_BASE64 - path: auth.json - - key: GOOGLE_SIGNIN_CLIENT_SECRET_CONTENT - path: signin.json - secretName: bt-backend-$CI_ENVIRONMENT_NAME - ---- -apiVersion: v1 -kind: Secret -metadata: - name: bt-backend-$CI_ENVIRONMENT_NAME - namespace: default -type: Opaque -stringData: - DATABASE_URL: $SECRET_DATABASE_URL - DJANGO_SECRET_KEY: $SECRET_BT_DJANGO_SECRET_KEY - GITHUB_TOKEN: $SECRET_GITHUB_TOKEN - GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENTS_BASE64: |- - $IAM_BT_BACKEND - GOOGLE_APPLICATION_CREDENTIALS_FILEPATH: /etc/google/auth.json - GOOGLE_SIGNIN_CLIENT_SECRET_CONTENT: |- - $SECRET_GOOGLE_SIGNIN_CLIENT_SECRET - GOOGLE_SIGNIN_CLIENT_SECRET_FILEPATH: /etc/google/signin.json - GOOGLE_EMAIL: $SECRET_GOOGLE_EMAIL - GOOGLE_PASS: $SECRET_GOOGLE_PASS - OAUTHLIB_RELAX_TOKEN_SCOPE: "true" - REDIS_URL: $SECRET_REDIS_URL - SENDGRID_PASSWORD: $SECRET_SENDGRID_PASSWORD - SENDGRID_USERNAME: $SECRET_SENDGRID_USERNAME - SIS_CLASS_APP_ID: $SECRET_SIS_CLASS_APP_ID - SIS_CLASS_APP_KEY: $SECRET_SIS_CLASS_APP_KEY - SIS_COURSE_APP_ID: $SECRET_SIS_COURSE_APP_ID - SIS_COURSE_APP_KEY: $SECRET_SIS_COURSE_APP_KEY diff --git a/infra/k8s/default/bt-elasticsearch.yaml b/infra/k8s/default/bt-elasticsearch.yaml deleted file mode 100644 index 1c4c3e9b2..000000000 --- a/infra/k8s/default/bt-elasticsearch.yaml +++ /dev/null @@ -1,215 +0,0 @@ -# https://www.deepnetwork.com/blog/2020/03/13/password-protected-efk-stack-on-k8s.html -kind: Service -apiVersion: v1 -metadata: - name: bt-elasticsearch - namespace: default - labels: - component: bt-elasticsearch -spec: - type: ClusterIP - selector: - component: bt-elasticsearch - ports: - - port: 9200 - name: rest - - port: 9300 - name: inter-node - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bt-elasticsearch -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30G - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: bt-elasticsearch - name: bt-elasticsearch - namespace: default -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - component: bt-elasticsearch - template: - metadata: - labels: - component: bt-elasticsearch - spec: - volumes: - - name: bt-elasticsearch-config - configMap: - name: bt-elasticsearch-config - - name: bt-elasticsearch-pvc - persistentVolumeClaim: - claimName: bt-elasticsearch - containers: - - name: bt-elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1 - ports: - - containerPort: 9200 - name: rest - protocol: TCP - - containerPort: 9300 - name: inter-node - protocol: TCP - volumeMounts: - - name: bt-elasticsearch-config - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml - subPath: elasticsearch.yml - - name: bt-elasticsearch-pvc - mountPath: /usr/share/elasticsearch/data - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - | - while [[ ! "$(curl -s $HOSTNAME:9200/_cat/health)" =~ "green" ]] && [[ ! "$(curl -s $HOSTNAME:9200/_cat/health)" =~ "yellow" ]] - do - echo `date +"%Y-%m-%d %H:%M:%S"` ...waiting for Elasticsearch to be ready - sleep 1 - done - - curl -X PUT "$HOSTNAME:9200/_cluster/settings" -H 'Content-Type: application/json' -d '@-' << EOF - { - "persistent": { - "search": { - "allow_expensive_queries": true - } - } - } - EOF - - add_datastream_template() { - TEMPLATE_NAME=$1 - POLICY=$2 - ROLLOVER=$3 - PRIORITY=$4 - PATTERNS=$5 - COMPOSITION=$6 - curl -d "@-" -X PUT -H "Content-Type: application/json" "$HOSTNAME:9200/_index_template/$TEMPLATE_NAME" << EOF - { - "data_stream": {}, - "template": { - "settings": { - "number_of_shards": 1, - "number_of_replicas": 0, - "index": { - "lifecycle": { - "name": "$POLICY", - "rollover_alias": "$ROLLOVER" - } - } - }, - "mappings": { - "dynamic_templates": [ - { - "geoip":{ - "path_match":"geoip.location", - "mapping":{ - "type":"geo_point" - } - } - } - ] - } - }, - "priority": $PRIORITY, - "index_patterns": [ - $PATTERNS - ], - "composed_of": [ - $COMPOSITION - ] - } - EOF - } - - curl -d "@-" -X PUT -H "Content-Type: application/json" "$HOSTNAME:9200/_ilm/policy/datastream" << EOF - { - "policy": { - "phases": { - "hot": { - "actions": { - "rollover": { - "max_size":"1gb" - } - } - } - } - } - } - EOF - - # Stop "TOO_MANY_REQUESTS/12/disk" - curl -d "@-" -X PUT -H "Content-Type: application/json" "$HOSTNAME:9200/_all/_settings" << EOF - { - "index.blocks.read_only_allow_delete": null - } - EOF - curl -d "@-" -X PUT -H "Content-Type: application/json" "$HOSTNAME:9200/_cluster/settings" << EOF - { - "transient": { - "cluster.routing.allocation.disk.threshold_enabled": false - } - } - EOF - # Stop "TOO_MANY_REQUESTS/12/disk" - - add_datastream_template k8s datastream k8s 0 '"k8s*"' - add_datastream_template k8s-ingress-nginx datastream k8s-ingress-nginx 100 '"k8s-ingress-nginx*"' - add_datastream_template metricbeat datastream metricbeat 0 '"metricbeat*"' '"metricbeat"' || true # Requires bt-metricbeat helm chart for component template - # resources: - # limits: - # cpu: 500m - # memory: 4Gi - env: - - name: ES_JAVA_OPTS - value: -Xms1g -Xmx1g - # - name: ELASTICSEARCH_USERNAME - # valueFrom: - # secretKeyRef: - # name: general-secrets - # key: ELASTICSEARCH_USERNAME - # - name: ELASTICSEARCH_USERNAME - # valueFrom: - # secretKeyRef: - # name: general-secrets - # key: ELASTICSEARCH_USERNAME - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bt-elasticsearch-config - labels: - component: bt-elasticsearch -data: - elasticsearch.yml: | - cluster.name: bt-elasticsearch - node.name: bt-elasticsearch - path.data: /usr/share/elasticsearch/data - http: - host: 0.0.0.0 - port: 9200 - bootstrap.memory_lock: true - discovery.type: single-node - transport.host: 127.0.0.1 - indices: - lifecycle: - poll_interval: 1m - stack.templates.enabled: false diff --git a/infra/k8s/default/bt-frontend.yaml b/infra/k8s/default/bt-frontend.yaml deleted file mode 100644 index 54a9ee621..000000000 --- a/infra/k8s/default/bt-frontend.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - appName: bt-frontend-$CI_ENVIRONMENT_NAME - name: bt-frontend-$CI_ENVIRONMENT_NAME - namespace: default -spec: - ports: - - name: http - port: 3000 - targetPort: 3000 - selector: - appName: bt-frontend-$CI_ENVIRONMENT_NAME - type: ClusterIP - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - appName: bt-frontend-$CI_ENVIRONMENT_NAME - name: bt-frontend-$CI_ENVIRONMENT_NAME - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - appName: bt-frontend-$CI_ENVIRONMENT_NAME - template: - metadata: - labels: - appName: bt-frontend-$CI_ENVIRONMENT_NAME - spec: - containers: - - command: - - npm - - run - - prod - env: - - name: REACT_APP_GOOGLE_CLIENT_ID - value: $SECRET_REACT_APP_GOOGLE_CLIENT_ID - image: $CI_REGISTRY_IMAGE/bt-frontend:$CI_COMMIT_BRANCH - imagePullPolicy: Always - name: bt-frontend-$CI_ENVIRONMENT_NAME diff --git a/infra/k8s/default/bt-github-notify.yaml b/infra/k8s/default/bt-github-notify.yaml deleted file mode 100644 index 4b1b172ed..000000000 --- a/infra/k8s/default/bt-github-notify.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - component: bt-github-notify - name: bt-github-notify - namespace: default -spec: - ports: - - name: http - port: 80 - targetPort: 5000 - selector: - component: bt-github-notify - type: ClusterIP - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: bt-github-notify - name: bt-github-notify - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - component: bt-github-notify - template: - metadata: - labels: - component: bt-github-notify - spec: - containers: - - command: - - npm - - start - env: - - name: KUBECONFIG - value: /kubeconfig - - name: GITLAB_DOMAIN - value: https://berkeleytime.com/git - - name: NODE_PORT - value: "5000" - envFrom: - - secretRef: - name: general-secrets - image: berkeleytime.com:5000/berkeleytime/bt-github-notify - imagePullPolicy: Always - name: bt-github-notify diff --git a/infra/k8s/default/bt-gitlab-notify.yaml b/infra/k8s/default/bt-gitlab-notify.yaml deleted file mode 100644 index 0b5a416a2..000000000 --- a/infra/k8s/default/bt-gitlab-notify.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - component: bt-gitlab-notify - name: bt-gitlab-notify - namespace: default -spec: - ports: - - name: http - port: 80 - targetPort: 5000 - selector: - component: bt-gitlab-notify - type: ClusterIP - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: bt-gitlab-notify - name: bt-gitlab-notify - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - component: bt-gitlab-notify - template: - metadata: - labels: - component: bt-gitlab-notify - spec: - containers: - - command: - - npm - - start - env: - - name: GITLAB_DOMAIN - value: https://berkeleytime.com/git - envFrom: - - secretRef: - name: general-secrets - - secretRef: - name: slack-webhooks - image: berkeleytime.com:5000/berkeleytime/bt-gitlab-notify - imagePullPolicy: Always - name: bt-gitlab-notify diff --git a/infra/k8s/default/bt-gitlab.yaml b/infra/k8s/default/bt-gitlab.yaml deleted file mode 100644 index e998bb333..000000000 --- a/infra/k8s/default/bt-gitlab.yaml +++ /dev/null @@ -1,353 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bt-gitlab - labels: - component: bt-gitlab -spec: - type: ClusterIP - selector: - component: bt-gitlab - ports: - - name: bt-gitlab-http - port: 80 - targetPort: 8181 - - name: bt-gitlab-ssh - port: 2222 - targetPort: 22 - - name: bt-gitlab-mattermost - port: 8065 - targetPort: 8065 - - name: bt-gitlab-registry - port: 5050 - targetPort: 5050 - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bt-gitlab -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5G - ---- -# Not best security practices, but allows GitLab Runner to execute any kubectl -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cluster-admin -subjects: - - kind: ServiceAccount - name: default - namespace: default -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bt-gitlab - labels: - component: bt-gitlab -data: - # GITLAB_BACKUP_EXPIRY: "604800" - GITLAB_EXTERNAL_HOSTNAME: berkeleytime.com/git - GITLAB_EXTERNAL_SCHEME: https - # GITLAB_MATTERMOST_EXTERNAL_HOSTNAME: m.berkeleytime.com - # GITLAB_MATTERMOST_EXTERNAL_SCHEME: https - # GITLAB_REGISTRY_EXTERNAL_HOSTNAME: registry.berkeleytime.com - # GITLAB_REGISTRY_EXTERNAL_SCHEME: https - # POSTGRES_DB: gitlab - # POSTGRES_DB_MATTERMOST: mattermost - # POSTGRES_PORT_MATTERMOST: "5432" - # POSTGRES_HOST: bt-psql-prod - # POSTGRES_USER: bt - # MATTERMOST_APP_UID: "2000" - # REDIS_HOST: bt-redis-prod-master - # REDIS_PORT: "6379" - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bt-gitlab -spec: - replicas: 1 - selector: - matchLabels: - component: bt-gitlab - template: - metadata: - annotations: - sidecar.istio.io/inject: "true" - sidecar.istio.io/interceptionMode: TPROXY - traffic.sidecar.istio.io/includeInboundPorts: "22" - labels: - component: bt-gitlab - spec: - volumes: - - name: bt-gitlab - persistentVolumeClaim: - claimName: bt-gitlab - - name: bt-gitlab-license - configMap: - name: bt-gitlab-license - initContainers: - - name: init - image: busybox - volumeMounts: - - name: bt-gitlab - mountPath: /var/opt/gitlab - subPath: gitlab-data - command: - - /bin/sh - - -c - - | - mkdir -p /var/opt/gitlab/.ssh - mkdir -p /var/opt/gitlab/git-data/repositories - containers: - - name: bt-gitlab - image: gitlab/gitlab-ee:13.12.4-ee.0 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - gitlab-ctl stop - postStart: - exec: - command: - - /bin/sh - - -c - - | - update-permissions - chmod -R 400 /etc/gitlab/ - sed -i 's/|| STARTER_PLAN/|| ULTIMATE_PLAN/g' /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb - livenessProbe: - exec: - command: - - curl - - localhost:8181/git - failureThreshold: 5 - initialDelaySeconds: 1200 - periodSeconds: 300 - timeoutSeconds: 5 - volumeMounts: - - name: bt-gitlab - mountPath: /etc/gitlab - subPath: gitlab-config - - name: bt-gitlab - mountPath: /var/opt/gitlab - subPath: gitlab-data - - name: bt-gitlab - mountPath: /var/log/gitlab - subPath: gitlab-logs - - name: bt-gitlab-license - mountPath: /opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub - subPath: license_encryption_key_pub - envFrom: - - configMapRef: - name: bt-gitlab - env: - - name: POSTGRES_PASSWORD - value: NOT_IN_USE - - name: MATTERMOST_APP_SECRET - value: NOT_IN_USE - - name: GITLAB_ROOT_EMAIL - value: root@berkeleytime.com - - name: GITLAB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: general-secrets - key: PASSWORD_BT_GITLAB_GITLAB_ROOT_PASSWORD - - name: GITLAB_SMTP_USERNAME - valueFrom: - secretKeyRef: - name: general-secrets - key: USERNAME_BT_GITLAB_SENDGRID_SMTP - - name: GITLAB_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: general-secrets - key: PASSWORD_BT_GITLAB_SENDGRID_SMTP - - name: GITLAB_OMNIBUS_CONFIG - value: | - alertmanager['enable'] = false - consul['enable'] = false - geo_postgresql['enable'] = false - gitaly['enable'] = true - gitlab_exporter['enable'] = false - gitlab_pages['enable'] = false - # gitlab_rails['incoming_email_enabled'] = true - gitlab_workhorse['enable'] = true - grafana['enable'] = false - letsencrypt['enable'] = nil - logrotate['enable'] = true - manage_accounts['enable'] = true - manage_storage_directories['enable'] = false - mattermost_nginx['enable'] = false - mattermost['enable'] = false - monitoring_role['enable'] = false - nginx['enable'] = false - node_exporter['enable'] = false - pages_nginx['enable'] = false - patroni['enable'] = false - pgbouncer_exporter['enable'] = false - pgbouncer['enable'] = false - postgres_exporter['enable'] = false - postgresql['enable'] = true - praefect['enable'] = false - prometheus_monitoring['enable'] = false - prometheus['enable'] = false - puma['enable'] = true - puma['exporter_enabled'] = false - redis_exporter['enable'] = false - redis_master_role['enable'] = true - redis_replica_role['enable'] = false - redis_sentinel_role['enable'] = false - redis['enable'] = true - registry_nginx['enable'] = false - registry['enable'] = false # Docker registry - repmgr['enable'] = false - repmgrd['enable'] = false - sentinel['enable'] = false - sentinel['enable'] = false - storage_check['enable'] = false - unicorn['enable'] = false - - external_url "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}" - nginx['real_ip_trusted_addresses'] = [ 'nlb.default.svc.cluster.local' ] - nginx['real_ip_header'] = 'X-Forwarded-For' - nginx['real_ip_recursive'] = 'on' - web_server['external_users'] = ['www-data'] - gitlab_rails['trusted_proxies'] = [ 'nlb.default.svc.cluster.local', '10.244.0.0/24' ] - gitlab_rails['time_zone'] = 'America/Los_Angeles' - gitlab_workhorse['listen_network'] = "tcp" - gitlab_workhorse['listen_addr'] = "0.0.0.0:8181" - gitlab_rails['gitlab_shell_ssh_port'] = 2222 - postgresql['shared_buffers'] = '128MB' - - # Sidekiq, required for emails and other stuff to work - sidekiq['enable'] = true - sidekiq['cluster'] = true - # sidekiq['concurrency'] = 25 # Single-process sidekiq only - sidekiq['experimental_queue_selector'] = false - sidekiq['interval'] = nil - sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" - sidekiq['log_format'] = "json" - sidekiq['max_concurrency'] = 25 - sidekiq['min_concurrency'] = 15 - sidekiq['shutdown_timeout'] = 4 - sidekiq['queue_groups'] = ["*"] - # sidekiq['queue_groups'] = [ - # "elastic_indexer", - # "mailers", - # "*" - # ] - sidekiq['negate'] = false - sidekiq['metrics_enabled'] = true - sidekiq['listen_address'] = "localhost" - sidekiq['listen_port'] = 8082 - - # Optimizing Git - puma['worker_processes'] = 0 - puma['min_threads'] = 1 - puma['max_threads'] = 4 - puma['per_worker_max_memory_mb'] = 850 - - # Email Settings - gitlab_ci['gitlab_ci_email_from'] = 'noreply@berkeleytime.com' - gitlab_ci['smtp_address'] = "smtp.sendgrid.net" - gitlab_ci['smtp_authentication'] = "login" - gitlab_ci['smtp_domain'] = "smtp.sendgrid.net" - gitlab_ci['smtp_enable_starttls_auto'] = true - gitlab_ci['smtp_enable'] = true - gitlab_ci['smtp_password'] = ENV['GITLAB_SMTP_PASSWORD'] - gitlab_ci['smtp_port'] = 587 - gitlab_ci['smtp_tls'] = false - gitlab_ci['smtp_user_name'] = ENV['GITLAB_SMTP_USERNAME'] - gitlab_rails['gitlab_email_display_name'] = 'Berkeleytime GitLab' - gitlab_rails['gitlab_email_enabled'] = true - gitlab_rails['gitlab_email_from'] = 'noreply@berkeleytime.com' - gitlab_rails['gitlab_email_reply_to'] = 'noreply@berkeleytime.com' - gitlab_rails['smtp_address'] = "smtp.sendgrid.net" - gitlab_rails['smtp_authentication'] = "login" - gitlab_rails['smtp_domain'] = "smtp.sendgrid.net" - gitlab_rails['smtp_enable_starttls_auto'] = true - gitlab_rails['smtp_enable'] = true - gitlab_rails['smtp_force_ssl'] = false - gitlab_rails['smtp_password'] = ENV['GITLAB_SMTP_PASSWORD'] - gitlab_rails['smtp_port'] = 587 - gitlab_rails['smtp_ssl'] = false - gitlab_rails['smtp_tls'] = false - gitlab_rails['smtp_user_name'] = ENV['GITLAB_SMTP_USERNAME'] - - # Docker registry - # registry_external_url 'url' - - # Raspberry Pi optimization - # https://docs.gitlab.com/omnibus/settings/rpi.html - # puma['worker_processes'] = 7 - # sidekiq['concurrency'] = 9 - - # prometheus['listen_address'] = '0.0.0.0:9090' - # postgres_exporter['env'] = { - # 'DATA_SOURCE_NAME' => "user=#{ENV['POSTGRES_USER']} host=#{ENV['POSTGRES_HOST']} port=#{ENV['POSTGRES_PORT_MATTERMOST']} dbname=#{ENV['POSTGRES_DB_MATTERMOST']} password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable" - # } - # redis_exporter['flags'] = { - # 'redis.addr' => "#{ENV['REDIS_HOST']}:#{ENV['REDIS_PORT']}", - # } - # gitlab_rails['db_database'] = ENV['POSTGRES_DB'] - # gitlab_rails['db_host'] = ENV['POSTGRES_HOST'] - # gitlab_rails['db_password'] = ENV['POSTGRES_PASSWORD'] - # gitlab_rails['db_username'] = ENV['POSTGRES_USER'] - # gitlab_rails['redis_host'] = ENV['REDIS_HOST'] - # registry_external_url "#{ENV['GITLAB_REGISTRY_EXTERNAL_SCHEME']}://#{ENV['GITLAB_REGISTRY_EXTERNAL_HOSTNAME']}" - # mattermost_external_url "#{ENV['GITLAB_MATTERMOST_EXTERNAL_SCHEME']}://#{ENV['GITLAB_MATTERMOST_EXTERNAL_HOSTNAME']}" - # mattermost['service_address'] = '0.0.0.0' - # mattermost['service_port'] = '8065' - # registry['registry_http_addr'] = '0.0.0.0:5050' - # mattermost['file_directory'] = '/gitlab-data/mattermost' - # mattermost['sql_driver_name'] = 'postgres' - # mattermost['sql_data_source'] = "user=#{ENV['POSTGRES_USER']} host=#{ENV['POSTGRES_HOST']} port=#{ENV['POSTGRES_PORT_MATTERMOST']} dbname=#{ENV['POSTGRES_DB_MATTERMOST']} password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable" - # mattermost['gitlab_secret'] = ENV['MATTERMOST_APP_SECRET'] - # mattermost['gitlab_id'] = ENV['MATTERMOST_APP_UID'] - # mattermost['gitlab_scope'] = '' - # mattermost['gitlab_auth_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/authorize" - # mattermost['gitlab_token_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/token" - # mattermost['gitlab_user_api_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/api/v3/user" - # gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys' - # git_data_dir '/gitlab-data/git-data' - # gitlab_rails['initial_license_file'] = "/etc/gitlab/Gitlab.gitlab-license" - # gitlab_rails['shared_path'] = '/gitlab-data/shared' - # gitlab_rails['uploads_directory'] = '/gitlab-data/uploads' - # gitlab_ci['builds_directory'] = '/gitlab-data/builds' - # gitlab_rails['registry_path'] = '/gitlab-registry' - # gitlab_rails['trusted_proxies'] = ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"] - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bt-gitlab-license - labels: - component: bt-gitlab -data: - license_encryption_key_pub: | - -----BEGIN PUBLIC KEY----- - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR8SclLmCUXgnC2fjndj - 94Y/KMTnB+xc4UVGXy+26xHP6lhTsnUMVcpPyZkB877bQv7SXrFYC5MOwb+j53Nr - DgBcx+ikllUjEf1i7nFV+CRq6Ht0p8cdquTmANHw4Jv5hR9jUdPoNdrA0217wm+H - Rcz7r99Kx+n8UoFw5l6CQeYUzusV2kA70Sp2VkaAk1ZgA4CW7YcMZEvNH19NtWr7 - ex1PBYcqn81KVkBovYeE5UnhN2cdgWC7VsLFNrCBesjkkcuZgiCWpABIV5nfsIma - I1m95IJm20irOtgWH0PIYJnZl2HCgLRbrv4bqb+ENK6USnYHOBAqP9G6nE0G3PFh - gQIDAQAB - -----END PUBLIC KEY----- diff --git a/infra/k8s/default/bt-ingress-infra.yaml b/infra/k8s/default/bt-ingress-infra.yaml deleted file mode 100644 index d2ae97c64..000000000 --- a/infra/k8s/default/bt-ingress-infra.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# This template file depends on environment variables -# See infra/init.sh for how to apply this to cluster with envsubst - -# This ingress file is purely concerned with single-instance routes, most -# likely on the infrastructure side. This contrasts with the primary and -# tricycle ingresses because those routes need to account for dev-vs-prod env - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.k8s.io/cluster-issuer: letsencrypt - kubernetes.io/ingress.class: nginx - name: bt-ingress-infra-$INGRESS_LABEL-public -spec: - rules: - - host: $BASE_DOMAIN_NAME - http: - paths: - - backend: - service: - name: bt-gitlab - port: - number: 80 - path: /git - pathType: Prefix - - backend: - service: - name: bt-github-notify - port: - number: 80 - path: /webhooks/github - pathType: Prefix - tls: - - hosts: - - berkeleytime.com - - '*.berkeleytime.com' - secretName: bt-tls ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.k8s.io/cluster-issuer: letsencrypt - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/auth-realm: Authentication Required - Login with credentials - nginx.ingress.kubernetes.io/auth-secret: bt-ingress-protected-routes - nginx.ingress.kubernetes.io/auth-type: basic - name: bt-ingress-infra-$INGRESS_LABEL-protected-routes -spec: - rules: - - host: $BASE_DOMAIN_NAME - http: - paths: - - backend: - service: - name: bt-kibana-kibana - port: - number: 5601 - path: /kibana - pathType: Prefix - tls: - - hosts: - - berkeleytime.com - secretName: bt-tls \ No newline at end of file diff --git a/infra/k8s/default/bt-ingress-primary.yaml b/infra/k8s/default/bt-ingress-primary.yaml deleted file mode 100644 index 491792514..000000000 --- a/infra/k8s/default/bt-ingress-primary.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# This template file depends on environment variables -# See infra/init.sh for how to apply this to cluster with envsubst - -# Debugging certificate errors is annoying -# Here's a bash for-loop to test every URL we care about -# for url in 'http://berkeleytime.com' 'http://www.berkeleytime.com' 'http://staging.berkeleytime.com' 'http://www.staging.berkeleytime.com' 'http://ocf.berkeleytime.com' 'http://www.ocf.berkeleytime.com' 'http://staging.ocf.berkeleytime.com' 'http://www.staging.ocf.berkeleytime.com' 'https://berkeleytime.com' 'https://www.berkeleytime.com' 'https://staging.berkeleytime.com' 'https://www.staging.berkeleytime.com' 'https://ocf.berkeleytime.com' 'https://www.ocf.berkeleytime.com' 'https://staging.ocf.berkeleytime.com' 'https://www.staging.ocf.berkeleytime.com'; do echo $url; curl -L $url; echo; echo; done -# All of the curl outputs should be the same - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bt-ingress-$INGRESS_LABEL-frontend - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.k8s.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/from-to-www-redirect: "true" - nginx.ingress.kubernetes.io/server-snippet: |- - proxy_intercept_errors on; - error_page 404 500 501 502 503 504 = @errorpages; - - location @errorpages { - proxy_set_header X-Code $status; - proxy_pass bt-status-primary.default.svc; - } - - server_name $BASE_DOMAIN_NAME ~^www\.; - if ($host ~* www\.(.*)) { - set $host_without_www $1; - rewrite ^(.*)$ $scheme://$host_without_www$1 permanent; - } -spec: - tls: - - hosts: - - berkeleytime.com - - "*.berkeleytime.com" - secretName: bt-tls - rules: - - host: $BASE_DOMAIN_NAME - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: bt-frontend-prod - port: - number: 3000 - - host: staging.$BASE_DOMAIN_NAME - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: bt-frontend-staging - port: - number: 3000 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bt-ingress-$INGRESS_LABEL-backend - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.k8s.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/rewrite-target: /$1 -spec: - tls: - - hosts: - - "*.berkeleytime.com" - secretName: bt-tls - rules: - - host: $BASE_DOMAIN_NAME - http: - paths: - - path: /api/(.*) - pathType: Prefix - backend: - service: - name: bt-backend-prod - port: - number: 5000 - - host: staging.$BASE_DOMAIN_NAME - http: - paths: - - path: /api/(.*) - pathType: Prefix - backend: - service: - name: bt-backend-staging - port: - number: 5000 diff --git a/infra/k8s/default/bt-ingress-status.yaml b/infra/k8s/default/bt-ingress-status.yaml deleted file mode 100644 index f9eb7ea6a..000000000 --- a/infra/k8s/default/bt-ingress-status.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bt-status-$INGRESS_LABEL -spec: - defaultBackend: - service: - name: bt-status-$INGRESS_LABEL - port: - number: 80 - tls: - - hosts: - - berkeleytime.com - - '*.berkeleytime.com' - secretName: bt-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: bt-status-$INGRESS_LABEL -spec: - externalName: status.berkeleytime.com - ports: - - port: 80 - protocol: TCP - targetPort: 443 - type: ExternalName diff --git a/infra/k8s/default/bt-ingress-tricycle.yaml b/infra/k8s/default/bt-ingress-tricycle.yaml deleted file mode 100644 index 621c87197..000000000 --- a/infra/k8s/default/bt-ingress-tricycle.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bt-ingress-tricycle-frontend-dev-$CI_ENVIRONMENT_NAME - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.k8s.io/cluster-issuer: letsencrypt -spec: - tls: - - hosts: - - "*.berkeleytime.com" - secretName: bt-tls - rules: - - host: $CI_ENVIRONMENT_NAME.berkeleytime.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: bt-frontend-dev-$CI_ENVIRONMENT_NAME - port: - number: 3000 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bt-ingress-tricycle-backend-dev-$CI_ENVIRONMENT_NAME - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.k8s.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/rewrite-target: /$1 -spec: - tls: - - hosts: - - "*.berkeleytime.com" - secretName: bt-tls - rules: - - host: $CI_ENVIRONMENT_NAME.berkeleytime.com - http: - paths: - - path: /api/(.*) - pathType: Prefix - backend: - service: - name: bt-backend-dev-$CI_ENVIRONMENT_NAME - port: - number: 5000 diff --git a/infra/k8s/default/bt-psql.yaml b/infra/k8s/default/bt-psql.yaml deleted file mode 100644 index 8c3e945aa..000000000 --- a/infra/k8s/default/bt-psql.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bt-psql-${CI_ENVIRONMENT_NAME} - labels: - component: bt-psql-${CI_ENVIRONMENT_NAME} -spec: - selector: - component: bt-psql-${CI_ENVIRONMENT_NAME} - ports: - - port: 5432 - targetPort: 5432 - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bt-psql-${CI_ENVIRONMENT_NAME} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5G - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bt-psql-${CI_ENVIRONMENT_NAME} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - component: bt-psql-${CI_ENVIRONMENT_NAME} - template: - metadata: - labels: - component: bt-psql-${CI_ENVIRONMENT_NAME} - spec: - volumes: - - name: bt-psql-data - persistentVolumeClaim: - claimName: bt-psql-${CI_ENVIRONMENT_NAME} - - name: bt-psql-config - configMap: - name: bt-psql-${CI_ENVIRONMENT_NAME} - - name: pg-conf-placeholder - emptyDir: {} - - name: pg-tmp - emptyDir: {} - initContainers: - - name: copy-pg-config-files - image: busybox - volumeMounts: - - name: bt-psql-config - mountPath: /pg_hba.conf - subPath: pgHbaConfiguration - - name: bt-psql-config - mountPath: /postgresql.conf - subPath: postgresqlConfiguration - - name: pg-conf-placeholder - mountPath: /pg-conf-placeholder - command: - - /bin/sh - - -c - - > - cp /pg_hba.conf /postgresql.conf /pg-conf-placeholder; - containers: - - name: bt-psql - command: - - /bin/sh - - -c - - | - ./docker-entrypoint.sh postgres # -c listen_addresses='localhost'; # Can add command-line options - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - | - cp /pg-conf-placeholder/pg_hba.conf /pg-conf-placeholder/postgresql.conf /var/lib/postgresql/data - image: postgres:12 - ports: - - containerPort: 5432 - volumeMounts: - - name: bt-psql-data - mountPath: /var/lib/postgresql/data - subPath: pgdata - - name: pg-conf-placeholder - mountPath: /pg-conf-placeholder - - name: pg-tmp - mountPath: /pg-tmp - envFrom: - - configMapRef: - name: bt-psql-${CI_ENVIRONMENT_NAME} - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: bt-psql-${CI_ENVIRONMENT_NAME} - key: postgresql-password - - name: POSTGRES_USER - value: bt - - name: POSTGRES_DB - value: bt - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bt-psql-${CI_ENVIRONMENT_NAME} -data: - pgHbaConfiguration: | - # Default /var/lib/postgresql/data/pg_hba.conf from Docker image - local all all trust - host all all 127.0.0.1/32 trust - host all all ::1/128 trust - local replication all trust - host replication all 127.0.0.1/32 trust - host replication all ::1/128 trust - host all all all md5 - postgresqlConfiguration: | - # Default /var/lib/postgresql/data/postgresql.conf from Docker image - listen_addresses = '*' - max_connections = 1000 - shared_buffers = 128MB - dynamic_shared_memory_type = posix - max_wal_size = 1GB - min_wal_size = 80MB - datestyle = 'iso, mdy' - default_text_search_config = 'pg_catalog.english' - - # Non-default https://www.postgresql.org/docs/9.5/runtime-config-logging.html - log_line_prefix = '[%m] %h ' - - # Without this line, get "LOG: using stale statistics instead of current ones because stats collector is not responding" - stats_temp_directory = '/pg-tmp' - - # To enable Elasticsearch metrics on statement executions - # first time setup requires: - # CREATE EXTENSION btree_gist; - # CREATE EXTENSION pg_stat_statements; - # CREATE EXTENSION pg_trgm; - shared_preload_libraries = 'pg_stat_statements' diff --git a/infra/k8s/default/certificate.yaml b/infra/k8s/default/certificate.yaml deleted file mode 100644 index 49747bebf..000000000 --- a/infra/k8s/default/certificate.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: bt-tls -spec: - secretName: bt-tls - issuerRef: - name: letsencrypt - kind: ClusterIssuer - commonName: berkeleytime.com - dnsNames: - - berkeleytime.com - - "*.berkeleytime.com" - - "*.ocf.berkeleytime.com" - - "*.staging.berkeleytime.com" - - "*.staging.ocf.berkeleytime.com" - - "*.status.berkeleytime.com" diff --git a/infra/k8s/ingress-nginx/metallb.yaml b/infra/k8s/ingress-nginx/metallb.yaml deleted file mode 100644 index d9d482b9b..000000000 --- a/infra/k8s/ingress-nginx/metallb.yaml +++ /dev/null @@ -1,55 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: nlb-tcp - namespace: ingress-nginx - annotations: - metallb.universe.tf/allow-shared-ip: "true" -spec: - loadBalancerIP: 169.229.226.55 - externalTrafficPolicy: Local - type: LoadBalancer - selector: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - ports: - - name: http - port: 80 - targetPort: 80 - - name: https - port: 443 - targetPort: 443 - - name: gitlab-ssh - port: 2222 - targetPort: 2222 - - name: psql - port: 5432 - targetPort: 5432 - - name: redis-staging - port: 6379 - targetPort: 6379 - - name: mdb-staging-0 - port: 27017 - targetPort: 27017 - - name: mdb-staging-1 - port: 27018 - targetPort: 27018 - - name: mdb-staging-2 - port: 27019 - targetPort: 27019 -# --- -# kind: Service -# apiVersion: v1 -# metadata: -# name: nlb-udp -# namespace: ingress-nginx -# annotations: -# metallb.universe.tf/allow-shared-ip: "true" -# spec: -# loadBalancerIP: 169.229.226.55 -# externalTrafficPolicy: Local -# type: LoadBalancer -# selector: -# app.kubernetes.io/instance: ingress-nginx -# app.kubernetes.io/component: controller -# ports: [] diff --git a/infra/k8s/istio/envoy-filter.yaml b/infra/k8s/istio/envoy-filter.yaml deleted file mode 100644 index 1db719658..000000000 --- a/infra/k8s/istio/envoy-filter.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Get possible configuration options from istio repo: -# cat istio/manifests/charts/base/values.yaml -# cat istio/manifests/charts/istio-control/istio-discovery/values.yaml -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: proxy-protocol - namespace: default -spec: - configPatches: - - applyTo: LISTENER - match: - context: SIDECAR_INBOUND - listener: - portNumber: 15006 - patch: - operation: MERGE - value: - listener_filters: - - name: envoy.filters.listener.proxy_protocol - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol - - name: envoy.filters.listener.original_dst - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst - - name: envoy.filters.listener.original_src - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.listener.original_src.v3.OriginalSrc diff --git a/infra/k8s/kube-system/fail2ban.yaml b/infra/k8s/kube-system/fail2ban.yaml deleted file mode 100644 index 04068f9e8..000000000 --- a/infra/k8s/kube-system/fail2ban.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# fail2ban focuses banning IP addresses at the application level rather than -# TCP-level packet inspection. This means that most ban filters require setting -# up highly specific listeners or parsers for ban criteria - -# In the event of an offending action by an IP address, we drop all future -# packets from IP until the ban expires - -# Test failregex parsing: -# k -n kube-system exec -it deploy/fail2ban -- fail2ban-regex 'STRING' 'REGEX' - -# View fail2ban logs: -# k -n kube-system exec -it deploy/fail2ban -- tail -f /var/log/fail2ban.log - -# Manual IP bans (run cmd in pod) -# fail2ban-client set manban banip 172.58.35.209 (also supports CIDR) -# fail2ban-client status manban - -# Further reading -# https://github.com/crazy-max/docker-fail2ban -# https://github.com/fail2ban/fail2ban - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - component: fail2ban - name: fail2ban - namespace: kube-system -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: fail2ban - namespace: kube-system -spec: - selector: - matchLabels: - component: fail2ban - template: - metadata: - labels: - component: fail2ban - spec: - containers: - - command: - - /bin/sh - - -c - - | - # TODO: Create scheme for persisted bans (write file, cloud, etc) - # and sync it across different Kubernetes nodes - # if [ -n "$(cat /denylist.txt)" ]; then - # gcloud ... - # fi - mkdir -p /data/jail.d; # Required for fail2ban to start - touch /manban.log; # Required for manban jail to work - - cat << EOF > /etc/fail2ban/action.d/iptables-ipset-proto4.local - [Init] - blocktype = DROP - chain = PREROUTING - lockingopt = -w -t raw - EOF - - cat << EOF > /etc/fail2ban/action.d/iptables-ipset-proto6-allports.local - [Init] - blocktype = DROP - chain = PREROUTING - lockingopt = -w -t raw - EOF - - cat << EOF > /etc/fail2ban/jail.local - [DEFAULT] - bantime = 3600 # One hour ban - maxretry = 2 - action = %(action_)s # action only - # action = %(action_mwl)s # action + mail with logs - # destemail = octo-berkeleytime@asuc.org - # sender = noreply@berkeleytime.com - - [manban] - enabled = true - action = iptables-ipset-proto6-allports[protocol="all"] - bantime = -1 - filter = manban - - [psql] - enabled = true - filter = psql - action = iptables-ipset-proto6-allports[protocol="all"] - findtime = 100 # 100-second rolling search window for logins - logpath = /var/log/containers/bt-psql-staging.log - - [ssh] - enabled = true - filter = sshd - logpath = /var/log/auth.log - action = iptables-ipset-proto6-allports[protocol="all"] - EOF - - cat << EOF > /etc/fail2ban/filter.d/manban.conf - [Definition] - failregex = - ignoreregex = - EOF - - cat << EOF > /etc/fail2ban/filter.d/psql.conf - [Definition] - failregex = FATAL - EOF - - fail2ban-server -f -x -v start; - env: - - name: F2B_DB_PURGE_AGE - value: 1d - - name: F2B_LOG_TARGET - value: STDOUT - - name: F2B_LOG_LEVEL - value: DEBUG - - name: TZ - value: America/Los_Angeles - image: crazymax/fail2ban:0.10.5 - name: fail2ban - securityContext: - capabilities: - add: - - "NET_ADMIN" - - "NET_RAW" - - "SYS_TIME" - volumeMounts: - - mountPath: /var/log - name: var-log - hostNetwork: true - volumes: - - name: var-log - hostPath: - path: /var/log diff --git a/infra/k8s/kube-system/liveness.yaml b/infra/k8s/kube-system/liveness.yaml deleted file mode 100644 index 686807ec9..000000000 --- a/infra/k8s/kube-system/liveness.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# This is a liveness check that the VM responds to -# - curl berkeleytime.com:8080/healthz -# ==> Here be dragons! -# Currently live, but no monitoring system currently relies or checks on it -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: healthz - namespace: kube-system -spec: - selector: - matchLabels: - component: healthz - template: - metadata: - name: healthz - labels: - component: healthz - spec: - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - containers: - - name: healthz - image: tapppi/healthz-200 - ports: - - name: tcp - containerPort: 8080 diff --git a/infra/k8s/rook/cluster.yaml b/infra/k8s/rook/cluster.yaml deleted file mode 100644 index 6e3becd39..000000000 --- a/infra/k8s/rook/cluster.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# This initializes Rook's Ceph cluster, an abstraction that can -# provide block storage file systems (rbd: RADOS Block Devices) or -# network file systems (CephFS) that k8s uses for dynamic persistent volumes - -# https://github.com/rook/rook/blob/master/Documentation/ceph-cluster-crd.md -# https://stackoverflow.com/questions/51986300/kubernetes-default-qos-for-whole-namespace -# Kubernetes default QoS for whole namespace -apiVersion: ceph.rook.io/v1 -kind: CephCluster -metadata: - name: rook-ceph-cluster - namespace: rook -spec: - cephVersion: - image: ceph/ceph:v16 - skipUpgradeChecks: false - dataDirHostPath: /var/lib/rook - mon: - allowMultiplePerNode: true - count: 1 - crashCollector: - disable: true - healthCheck: - daemonHealth: - mon: - disabled: false - osd: - disabled: false - status: - disabled: false - livenessProbe: - mon: - disabled: false - mgr: - disabled: false - osd: - disabled: false - probe: - initialDelaySeconds: 300 - timeoutSeconds: 10 - periodSeconds: 0 - successThreshold: 0 - failureThreshold: 10 - monitoring: - enabled: false - rulesNamespace: rook - # placement: - # all: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/hostname - # operator: In - # values: - # - hozer-55 - resources: - # api: - # requests: - # cpu: "100m" - # memory: "250M" - # limits: - # cpu: "100m" - # memory: "250M" - # mgr: - # requests: - # cpu: "100m" - # memory: "750M" - # limits: - # cpu: "100m" - # memory: "750M" - # mon: - # requests: - # cpu: "200m" - # memory: "1000M" - # limits: - # cpu: "200m" - # memory: "1000M" - osd: - requests: - cpu: "200m" - memory: "2G" - limits: - cpu: "200m" - memory: "2G" - storage: - useAllNodes: true - useAllDevices: true - # deviceFilter: vd[b-z] # OCF: vdb, vdc / GCP: sdb, sdc - disruptionManagement: - managePodBudgets: false - osdMaintenanceTimeout: 30 - manageMachineDisruptionBudgets: false - ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: rook-config-override - namespace: rook -data: - config: | - [global] - osd_pool_default_size = 1 - mon_warn_on_pool_no_redundancy = false diff --git a/infra/k8s/rook/rbd.yaml b/infra/k8s/rook/rbd.yaml deleted file mode 100644 index 7c59bea8d..000000000 --- a/infra/k8s/rook/rbd.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: ceph.rook.io/v1 -kind: CephBlockPool -metadata: - name: rook-cephrbd - namespace: rook -spec: - replicated: - requireSafeReplicaSize: false - size: 2 - ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: rook-cephrbd - annotations: - storageclass.kubernetes.io/is-default-class: "true" -provisioner: rook.rbd.csi.ceph.com # k get csidrivers -parameters: - clusterID: rook - pool: rook-cephrbd - imageFormat: "2" - imageFeatures: layering - csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: rook - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: rook - csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node - csi.storage.k8s.io/node-stage-secret-namespace: rook - csi.storage.k8s.io/fstype: ext4 -allowVolumeExpansion: true -reclaimPolicy: Delete -mountOptions: - - discard -# --- -# apiVersion: snapshot.storage.k8s.io/v1beta1 -# kind: VolumeSnapshotClass -# metadata: -# name: csi-rbdplugin-snapclass -# driver: rook-ceph.rbd.csi.ceph.com -# parameters: -# clusterID: rook-ceph -# csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner -# csi.storage.k8s.io/snapshotter-secret-namespace: rook-ceph -# deletionPolicy: Delete diff --git a/infra/k8s/rook/utils.yaml b/infra/k8s/rook/utils.yaml deleted file mode 100644 index 59a96832b..000000000 --- a/infra/k8s/rook/utils.yaml +++ /dev/null @@ -1,130 +0,0 @@ -# Useful container for manual commands to handle persistent volumes -# - kubectl describe pv (list persistent volumes with handles mapped to next cmd) -# Inside rook-ceph-tools pod: -# - rbd ls rook-cephrbd (list persistent volume handles) -# - rbd rm rook-cephrbd/ -# - rbd import rook-cephrbd/ -# - rbd export rook-cephrbd/ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rook-ceph-tools - namespace: rook - labels: - app: rook-ceph-tools -spec: - replicas: 1 - selector: - matchLabels: - app: rook-ceph-tools - template: - metadata: - labels: - app: rook-ceph-tools - spec: - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: rook-ceph-tools - image: rook/ceph:v1.6.4 - command: ["/tini"] - args: ["-g", "--", "/usr/local/bin/toolbox.sh"] - imagePullPolicy: IfNotPresent - env: - - name: ROOK_CEPH_USERNAME - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-username - - name: ROOK_CEPH_SECRET - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-secret - volumeMounts: - - mountPath: /etc/ceph - name: ceph-config - - name: mon-endpoint-volume - mountPath: /etc/rook - volumes: - - name: mon-endpoint-volume - configMap: - name: rook-ceph-mon-endpoints - items: - - key: data - path: mon-endpoints - - name: ceph-config - emptyDir: {} - tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 - ---- -# Useful container for mounting rook-ceph network file system or block storage -# https://github.com/rook/rook/commit/519b36286c630bc6cf84c853c4b0b9673aa881fd -# Can use this if want to manually interact with files in persistent volumes -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rook-direct-mount - namespace: rook - labels: - app: rook-direct-mount -spec: - replicas: 1 - selector: - matchLabels: - app: rook-direct-mount - template: - metadata: - labels: - app: rook-direct-mount - spec: - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: rook-direct-mount - image: rook/ceph:v1.6.4 - command: ["/tini"] - args: ["-g", "--", "/usr/local/bin/toolbox.sh"] - imagePullPolicy: IfNotPresent - env: - - name: ROOK_CEPH_USERNAME - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-username - - name: ROOK_CEPH_SECRET - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-secret - securityContext: - privileged: true - volumeMounts: - - mountPath: /dev - name: dev - - mountPath: /sys/bus - name: sysbus - - mountPath: /lib/modules - name: libmodules - - name: mon-endpoint-volume - mountPath: /etc/rook - # if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021 - hostNetwork: true - volumes: - - name: dev - hostPath: - path: /dev - - name: sysbus - hostPath: - path: /sys/bus - - name: libmodules - hostPath: - path: /lib/modules - - name: mon-endpoint-volume - configMap: - name: rook-ceph-mon-endpoints - items: - - key: data - path: mon-endpoints diff --git a/infra/new-infra/mongo-PV-PVC.yaml b/infra/mongo-PV-PVC.yaml similarity index 100% rename from infra/new-infra/mongo-PV-PVC.yaml rename to infra/mongo-PV-PVC.yaml diff --git a/infra/new-infra/mongodb/values.yaml b/infra/mongodb/values.yaml similarity index 100% rename from infra/new-infra/mongodb/values.yaml rename to infra/mongodb/values.yaml diff --git a/infra/new-infra/init.sh b/infra/new-infra/init.sh deleted file mode 100644 index 77371cb2d..000000000 --- a/infra/new-infra/init.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash - -# install ingress-nginx with helm -helm upgrade --install ingress-nginx ingress-nginx \ - --repo https://kubernetes.github.io/ingress-nginx \ - --namespace bt-base --create-namespace # using namespace=bt-base requires changing chart values (through --set or --values) - -# install app with helm. run in /new-infra -helm install bt \ - --name-template=bt \ - --namespace=bt --create-namespace - -# uninstall app with helm on config changes. run in /new-infra -helm uninstall bt \ - --namespace=bt - -# creates the PV and PVC -kubectl apply -f mongo-PV-PVC.yaml -n bt - -# delete PVC -kubectl delete pvc bt-mongodb-pv-claim -n bt - -# delete PV -kubectl delete pv bt-mongodb-pv - -# install mongodb with helm, replace CHARTNAME with the name of the chart -helm install mongo \ - --set nameOverride="db",persistence.existingClaim=bt-mongodb-pv-claim,persistence.mountPath="./db" \ - --namespace=bt --create-namespace \ - oci://registry-1.docker.io/bitnamicharts/mongodb - -# install redis with helm -helm install redis \ - --set replica.replicaCount=0,master.persistence.enabled=false,replica.persistence.enabled=false \ - --namespace=bt --create-namespace \ - oci://registry-1.docker.io/bitnamicharts/redis \ No newline at end of file diff --git a/infra/new-infra/redis/values.yaml b/infra/redis/values.yaml similarity index 100% rename from infra/new-infra/redis/values.yaml rename to infra/redis/values.yaml diff --git a/infra/tricycle/index.js b/infra/tricycle/index.js deleted file mode 100644 index eec056b2f..000000000 --- a/infra/tricycle/index.js +++ /dev/null @@ -1,73 +0,0 @@ -import { spawn } from "promisify-child-process"; -const tee = async (...args) => { - const child = spawn(...args, { - env: process.env, - encoding: "utf8", - shell: true, - stdio: "pipe", - }); - child.stdin.pipe(process.stdin); - child.stdout.pipe(process.stdout); - child.stderr.pipe(process.stderr); - return child.catch((e) => e); -}; - -const { - CI_COMMIT_BRANCH, - FILEPATH_DEPLOY_BACKEND, - FILEPATH_DEPLOY_FRONTEND, - FILEPATH_DEPLOY_INGRESS, - SECRET_KUBERNETES_CREDENTIALS, - TRICYCLE_MAX_NUMBER_OF_LIVE_DEV_BRANCHES, -} = process.env; -const BASE_NAME_DEPLOYMENT_BACKEND = `bt-backend-dev-`; -const ILLEGAL_BRANCH_NAMES = ["gcp", "ocf", "staging", "www"]; -const SUBDOMAIN_PATTERN = /^[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?$/; // RFC-1123 subdomain name compliance -if (ILLEGAL_BRANCH_NAMES.includes(CI_COMMIT_BRANCH)) { - throw Error( - `'${CI_COMMIT_BRANCH}' is an illegal branch name: '${ILLEGAL_BRANCH_NAMES.map( - (branch) => branch + ".berkeleytime.com" - ).join(", ")}' are special reserved URLs` - ); -} -if (!SUBDOMAIN_PATTERN.test(CI_COMMIT_BRANCH)) { - throw Error( - `'${CI_COMMIT_BRANCH}' is an illegal branch name: it does not conform to RFC-1123 domain name standards` - ); -} -await tee( - `export CI_ENVIRONMENT_NAME=dev-${CI_COMMIT_BRANCH}; envsubst < ${FILEPATH_DEPLOY_BACKEND} | kubectl apply -f - --kubeconfig ${SECRET_KUBERNETES_CREDENTIALS}` -); -await tee( - `export CI_ENVIRONMENT_NAME=dev-${CI_COMMIT_BRANCH}; envsubst < ${FILEPATH_DEPLOY_FRONTEND} | kubectl apply -f - --kubeconfig ${SECRET_KUBERNETES_CREDENTIALS}` -); -await tee( - `export CI_ENVIRONMENT_NAME=${CI_COMMIT_BRANCH}; envsubst < ${FILEPATH_DEPLOY_INGRESS} | kubectl apply -f - --kubeconfig ${SECRET_KUBERNETES_CREDENTIALS}` -); -const backendDeployments = ( - await tee( - `kubectl get deployment --no-headers --sort-by=.metadata.creationTimestamp -o name` - ) -).stdout - .trim() - .split("\n") - .filter((name) => name.includes(BASE_NAME_DEPLOYMENT_BACKEND)); -if (backendDeployments.length > TRICYCLE_MAX_NUMBER_OF_LIVE_DEV_BRANCHES) { - const branchesToPrune = backendDeployments - .slice( - 0, - backendDeployments.length - TRICYCLE_MAX_NUMBER_OF_LIVE_DEV_BRANCHES - ) // ^ Integer arithmetic with integer-like strings (env var) in JS is fine - .map((line) => line.split("/")[1].split("-").slice(3).join("-")); - for (let branch of branchesToPrune) { - await tee( - `export CI_ENVIRONMENT_NAME=dev-${branch}; envsubst < ${FILEPATH_DEPLOY_BACKEND} | kubectl delete -f -` - ); - await tee( - `export CI_ENVIRONMENT_NAME=dev-${branch}; envsubst < ${FILEPATH_DEPLOY_FRONTEND} | kubectl delete -f -` - ); - await tee( - `export CI_ENVIRONMENT_NAME=${branch}; envsubst < ${FILEPATH_DEPLOY_INGRESS} | kubectl delete -f -` - ); - } -} diff --git a/infra/tricycle/package.json b/infra/tricycle/package.json deleted file mode 100644 index ff7309916..000000000 --- a/infra/tricycle/package.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "name": "tricycle", - "version": "1.0.0", - "description": "", - "type": "module", - "main": "index.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "author": "", - "license": "ISC", - "dependencies": { - "promisify-child-process": "^4.1.1" - } -} From 1f8ddd330e6370ac35a47833fd7c67a98b092fa5 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sat, 17 Feb 2024 23:39:48 -0800 Subject: [PATCH 16/78] remove helm build package --- infra/bt-0.0.1.tgz | Bin 1222 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 infra/bt-0.0.1.tgz diff --git a/infra/bt-0.0.1.tgz b/infra/bt-0.0.1.tgz deleted file mode 100644 index 6c95feebdab15fd15fc972240af2e4fefd7a86f9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1222 zcmV;%1UdU3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI&=Z{oNY?{hwd#k`IFBo5dA`mF;|2Mr4>&`PV-3Yo-(sEO^h z4Q*BN-B-Cb$t1(2w;3(xC6VplIX=hdx>QDQjfK)5vF}~H4M7NDr_~C-5W?aY!dCaf zY_&VhcDn(a<^?p(4s2ck_(u21(MBpPF5ru06_xu%2y^#_2A}NgERm*6AFPQgir%O z5bn7)mI#;{0IrW$BsddpFzG5L9uaVueMf}uGQ-CY{ynBEW2x$t+}B-tD{wvG9s(6! zA>d&}q|yM8L~LC<=9!c1(v=`mMmv~Nrm%7ujThETs`yuIJR*^%EwO!etj zG4sPTXrHFR2fqJO8H)HkRLY2TeeG1RC;r>8+bP6<%WQVe@&6w53ET?iqr{mtE!z-a z&ZV(6wL6zO2=oc}*rQLV(tM(@gB1?E*uzWW#s2&WIO(ByBV4zc&lx3DA@KAB^r+(; zVV{8AE{U-EGgJd0YDA7WEIGDg#FTghOA=zjWw6_6k`o){l0tCwCaQgj<0qQ|AP8`e z*ouirHy12@fZ(0tQ`OQ zcyu-He_32l2Nf)QMpvxvEcK<*<<{11ZzB~EdT1Ne=t8qw&U$L~2eThA7Q}I7-Nzxf zQs$jz_qTH1v%zf98(z+4i_6JmG3Zx_SR8`>X8m~re0)8fS*J^Xh952dYCOIgT8rLr zV2$QSOV6WcR&Q!m1y0rdt=Via9__`}>vioDPz+_Njg}O$xcABzvb2WH;xd=by!%pL zQW}q|GwP8O1bUI%4JO}}ljGBPCf6kv3$jUUCtj87;_DZ3p2A{9)PV_-3#OROJOt*w zNyhw%WeT4||xBPWs*Nq77z$hcD8_FwVsEr zG7;p~eaLKO#+ql!4IR&PxDRJ3^qImM0CeLoi8#oYKDv87(@QBg|0U!4D-VEs=D%j6 z(JIb=&35-Z|GfwO1oL0wb%zar)u&%H0j941nj>KOUEg{JESLI{Au#25*c6!Ba?co8 zICuCQ$OUs=G6trClREZJ9c60A4`?aNz2eB8GBw;$P33pyj=BF_U1e&ZU$d=zzn-$h ki?eiaQ(5UuA6*mAbfz<%>Ayh#1^@v6|66Zo1^^@g0A|HfrT_o{ From ffc1e748b31baa4c8ac0de48baf43e72485a398f Mon Sep 17 00:00:00 2001 From: maxmwang Date: Sun, 18 Feb 2024 00:39:47 -0800 Subject: [PATCH 17/78] use --values values.yaml instead of inline --set --- infra/init.sh | 6 +++--- infra/mongodb/values.yaml | 9 +++++++-- infra/redis/values.yaml | 8 ++++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/infra/init.sh b/infra/init.sh index 77371cb2d..c038f9d8e 100644 --- a/infra/init.sh +++ b/infra/init.sh @@ -25,12 +25,12 @@ kubectl delete pv bt-mongodb-pv # install mongodb with helm, replace CHARTNAME with the name of the chart helm install mongo \ - --set nameOverride="db",persistence.existingClaim=bt-mongodb-pv-claim,persistence.mountPath="./db" \ + --values mongodb/values.yaml \ --namespace=bt --create-namespace \ oci://registry-1.docker.io/bitnamicharts/mongodb # install redis with helm helm install redis \ - --set replica.replicaCount=0,master.persistence.enabled=false,replica.persistence.enabled=false \ + --values redis/values.yaml \ --namespace=bt --create-namespace \ - oci://registry-1.docker.io/bitnamicharts/redis \ No newline at end of file + oci://registry-1.docker.io/bitnamicharts/redis diff --git a/infra/mongodb/values.yaml b/infra/mongodb/values.yaml index b394bd9f9..ce3926361 100644 --- a/infra/mongodb/values.yaml +++ b/infra/mongodb/values.yaml @@ -1,3 +1,8 @@ # https://github.com/bitnami/charts/issues/7305 -auth: - databases: ["bt"] +# "Currently, the Bitnami container images do not support the ARM64 architecture." + +nameOverride: db + +persistence: + existingClaim: bt-mongodb-pv-claim + mountPath: "./db" diff --git a/infra/redis/values.yaml b/infra/redis/values.yaml index e69de29bb..0397ff939 100644 --- a/infra/redis/values.yaml +++ b/infra/redis/values.yaml @@ -0,0 +1,8 @@ +replica: + replicaCount: 1 + persistence: + enabled: true + +master: + persistence: + enabled: true From e7546fa3af4a4742eb22518a285007bb6a4d9630 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Mon, 19 Feb 2024 22:48:51 -0800 Subject: [PATCH 18/78] add prod infra --- infra/.gitignore | 1 + infra/app/.helmignore | 23 +++++ infra/app/Chart.yaml | 24 +++++ infra/app/templates/_helpers.tpl | 33 +++++++ infra/app/templates/backend.yaml | 67 +++++++++++++ infra/app/templates/frontend.yaml | 38 ++++++++ infra/app/templates/ingress.yaml | 32 ++++++ infra/app/templates/updater.yaml | 0 infra/app/values.yaml | 36 +++++++ infra/bt/Chart.yaml | 3 - infra/bt/templates/backend.yaml | 97 ------------------- infra/bt/templates/frontend.yaml | 68 ------------- infra/bt/values.yaml | 25 ----- infra/certs/.helmignore | 23 +++++ infra/certs/Chart.lock | 6 ++ infra/certs/Chart.yaml | 29 ++++++ infra/certs/templates/_helpers.tpl | 6 ++ ...cloudflare-stanfurdtime-sealed-secret.yaml | 15 +++ infra/certs/templates/issuer.yaml | 21 ++++ infra/certs/values.yaml | 5 + infra/init.sh | 73 +++++++------- infra/mongo-PV-PVC.yaml | 25 ----- infra/mongo/.helmignore | 23 +++++ infra/mongo/Chart.yaml | 24 +++++ infra/mongo/templates/_helpers.tpl | 16 +++ infra/mongo/templates/deployment.yaml | 43 ++++++++ infra/mongo/templates/pv.yaml | 14 +++ infra/mongo/templates/pvc.yaml | 13 +++ infra/mongo/templates/service.yaml | 13 +++ infra/mongo/values.yaml | 5 + infra/mongodb/values.yaml | 8 -- infra/redis/.helmignore | 23 +++++ infra/redis/Chart.lock | 6 ++ infra/redis/Chart.yaml | 29 ++++++ infra/redis/values.yaml | 15 ++- 35 files changed, 612 insertions(+), 270 deletions(-) create mode 100644 infra/.gitignore create mode 100644 infra/app/.helmignore create mode 100644 infra/app/Chart.yaml create mode 100644 infra/app/templates/_helpers.tpl create mode 100644 infra/app/templates/backend.yaml create mode 100644 infra/app/templates/frontend.yaml create mode 100644 infra/app/templates/ingress.yaml create mode 100644 infra/app/templates/updater.yaml create mode 100644 infra/app/values.yaml delete mode 100644 infra/bt/Chart.yaml delete mode 100644 infra/bt/templates/backend.yaml delete mode 100644 infra/bt/templates/frontend.yaml delete mode 100644 infra/bt/values.yaml create mode 100644 infra/certs/.helmignore create mode 100644 infra/certs/Chart.lock create mode 100644 infra/certs/Chart.yaml create mode 100644 infra/certs/templates/_helpers.tpl create mode 100644 infra/certs/templates/cloudflare-stanfurdtime-sealed-secret.yaml create mode 100644 infra/certs/templates/issuer.yaml create mode 100644 infra/certs/values.yaml mode change 100644 => 100755 infra/init.sh delete mode 100644 infra/mongo-PV-PVC.yaml create mode 100644 infra/mongo/.helmignore create mode 100644 infra/mongo/Chart.yaml create mode 100644 infra/mongo/templates/_helpers.tpl create mode 100644 infra/mongo/templates/deployment.yaml create mode 100644 infra/mongo/templates/pv.yaml create mode 100644 infra/mongo/templates/pvc.yaml create mode 100644 infra/mongo/templates/service.yaml create mode 100644 infra/mongo/values.yaml delete mode 100644 infra/mongodb/values.yaml create mode 100644 infra/redis/.helmignore create mode 100644 infra/redis/Chart.lock create mode 100644 infra/redis/Chart.yaml diff --git a/infra/.gitignore b/infra/.gitignore new file mode 100644 index 000000000..9e30eb9b7 --- /dev/null +++ b/infra/.gitignore @@ -0,0 +1 @@ +*.tgz \ No newline at end of file diff --git a/infra/app/.helmignore b/infra/app/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/infra/app/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/app/Chart.yaml b/infra/app/Chart.yaml new file mode 100644 index 000000000..dff36e5a6 --- /dev/null +++ b/infra/app/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: bt-app +description: A Helm chart for the frontend and backend of the Berkeleytime application. + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.0.0-alpha" diff --git a/infra/app/templates/_helpers.tpl b/infra/app/templates/_helpers.tpl new file mode 100644 index 000000000..0d0a6e9db --- /dev/null +++ b/infra/app/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{/* +Chart name and version +*/}} +{{- define "bt-app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Labels applied to all resources. +*/}} +{{- define "bt-app.labels" -}} +helm.sh/chart: {{ include "bt-app.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "bt-app.backendLabels" -}} +app.kubernetes.io/name: bt-backend +{{ include "bt-app.labels" . }} +{{- end -}} + +{{- define "bt-app.frontendLabels" -}} +app.kubernetes.io/name: bt-frontend +{{ include "bt-app.labels" . }} +{{- end -}} + +{{- define "bt-app.backendName" -}} +{{ .Release.Name }}-backend +{{- end -}} + +{{- define "bt-app.frontendName" -}} +{{ .Release.Name }}-frontend +{{- end -}} diff --git a/infra/app/templates/backend.yaml b/infra/app/templates/backend.yaml new file mode 100644 index 000000000..e27b67d38 --- /dev/null +++ b/infra/app/templates/backend.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bt-app.backendName" . }} + labels: + {{- include "bt-app.backendLabels" . | nindent 4 }} +spec: + replicas: {{ .Values.backend.replicas }} + selector: + matchLabels: + {{- include "bt-app.backendLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "bt-app.backendLabels" . | nindent 8 }} + spec: + containers: + - name: backend + image: {{ printf "%s/%s:%s" .Values.backend.image.registry .Values.backend.image.repository .Values.backend.image.tag }} + command: {{ .Values.backend.command | toJson}} + ports: + - containerPort: {{ .Values.backend.port }} + env: + - name: PORT + value: {{ .Values.backend.port | quote }} + - name: URL + value: "http://localhost:5001" + - name: BACKEND_PATH + value: {{ .Values.backend.path }} + - name: GRAPHQL_PATH + value: "/graphql" + - name: NODE_ENV + value: {{ .Values.nodeEnv }} + - name: MONGODB_URI + value: {{ .Values.mongoUri }} + - name: REDIS_URI + value: {{ .Values.redisUri }} + - name: SIS_CLASS_APP_ID + value: "_" + - name: SIS_CLASS_APP_KEY + value: "_" + - name: SIS_COURSE_APP_ID + value: "_" + - name: SIS_COURSE_APP_KEY + value: "_" + - name: GOOGLE_CLIENT_ID + value: "_" + - name: GOOGLE_CLIENT_SECRET + value: "_" + - name: SESSION_SECRET + value: "_" + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bt-app.backendName" . }}-svc + labels: + {{- include "bt-app.backendLabels" . | nindent 4 }} +spec: + selector: + {{- include "bt-app.backendLabels" . | nindent 4 }} + ports: + - protocol: TCP + port: {{ .Values.port }} + targetPort: {{ .Values.backend.port }} diff --git a/infra/app/templates/frontend.yaml b/infra/app/templates/frontend.yaml new file mode 100644 index 000000000..8d042ba5c --- /dev/null +++ b/infra/app/templates/frontend.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bt-app.frontendName" . }} + labels: + {{- include "bt-app.frontendLabels" . | nindent 4 }} +spec: + replicas: {{ .Values.frontend.replicas }} + selector: + matchLabels: + {{- include "bt-app.frontendLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "bt-app.frontendLabels" . | nindent 8 }} + spec: + containers: + - name: frontend + image: {{ printf "%s/%s:%s" .Values.frontend.image.registry .Values.frontend.image.repository .Values.frontend.image.tag }} + command: {{ .Values.frontend.command | toJson }} + ports: + - containerPort: {{ .Values.frontend.port }} + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bt-app.frontendName" . }}-svc + labels: + {{- include "bt-app.frontendLabels" . | nindent 4 }} +spec: + selector: + {{- include "bt-app.frontendLabels" . | nindent 4 }} + ports: + - protocol: TCP + port: {{ .Values.port }} + targetPort: {{ .Values.frontend.port }} diff --git a/infra/app/templates/ingress.yaml b/infra/app/templates/ingress.yaml new file mode 100644 index 000000000..585ca834a --- /dev/null +++ b/infra/app/templates/ingress.yaml @@ -0,0 +1,32 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-ingress + labels: + {{- include "bt-app.labels" . | nindent 4 }} + annotations: + cert-manager.io/cluster-issuer: {{ .Values.issuer }} +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.host }} + secretName: bt-tls + rules: + - host: {{ .Values.host }} + http: + paths: + - path: {{ .Values.frontend.path }} + pathType: Prefix + backend: + service: + name: {{ include "bt-app.frontendName" . }}-svc + port: + number: {{ .Values.port }} + - path: {{ .Values.backend.path }} + pathType: Prefix + backend: + service: + name: {{ include "bt-app.backendName" . }}-svc + port: + number: {{ .Values.port }} \ No newline at end of file diff --git a/infra/app/templates/updater.yaml b/infra/app/templates/updater.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/infra/app/values.yaml b/infra/app/values.yaml new file mode 100644 index 000000000..11a0bb487 --- /dev/null +++ b/infra/app/values.yaml @@ -0,0 +1,36 @@ +host: berkeleytime.com +port: 80 + +mongoUri: mongodb://bt-prod-mongo-svc.bt.svc.cluster.local:27017 +redisUri: redis://bt-prod-redis-master.bt.svc.cluster.local:6379 +nodeEnv: production + +issuer: letsencrypt-staging + +frontend: + replicas: 2 + + port: 3000 + path: / + command: ["npm", "run", "prod"] + + image: + registry: docker.io + repository: octoberkeleytime/bt-frontend + tag: latest + +backend: + replicas: 2 + + port: 5001 + path: /api + command: ["npm", "run", "start"] + + image: + registry: docker.io + repository: octoberkeleytime/bt-backend + tag: latest + +updater: + schedule: 0 0 * * * + suspend: false diff --git a/infra/bt/Chart.yaml b/infra/bt/Chart.yaml deleted file mode 100644 index 89dd5f88b..000000000 --- a/infra/bt/Chart.yaml +++ /dev/null @@ -1,3 +0,0 @@ -apiVersion: v1 -name: bt -version: 0.0.1 diff --git a/infra/bt/templates/backend.yaml b/infra/bt/templates/backend.yaml deleted file mode 100644 index ce91eef17..000000000 --- a/infra/bt/templates/backend.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# from: service - -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - # deployment labels - component: {{ .Chart.Name }}-backend-deployment - name: {{ .Chart.Name }}-backend-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.backend.replicas }} - selector: - matchLabels: - component: {{ .Chart.Name }}-backend-deployment - template: - metadata: - labels: - # pod labels - component: {{ .Chart.Name }}-backend-deployment - spec: - containers: - - name: {{ .Chart.Name }}-backend-container - image: {{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} - command: ["npm", "run", "start"] - ports: - - containerPort: {{ .Values.backend.port }} - env: - - name: PORT - value: "5001" - - name: URL - value: "http://localhost:5001" - - name: BACKEND_PATH - value: "/api" - - name: GRAPHQL_PATH - value: "/graphql" - - name: NODE_ENV - value: "development" - - name: MONGODB_URI - value: "mongodb://mongo-db.bt.svc.cluster.local:27017" - - name: REDIS_URI - value: "redis://redis-master.bt.svc.cluster.local:6379" - - name: SIS_CLASS_APP_ID - value: "_" - - name: SIS_CLASS_APP_KEY - value: "_" - - name: SIS_COURSE_APP_ID - value: "_" - - name: SIS_COURSE_APP_KEY - value: "_" - - name: GOOGLE_CLIENT_ID - value: "_" - - name: GOOGLE_CLIENT_SECRET - value: "_" - - name: SESSION_SECRET - value: "_" ---- -# to: deployment -# from: ingress - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }}-backend-service - namespace: {{ .Release.Namespace }} -spec: - type: ClusterIP - selector: - component: {{ .Chart.Name }}-backend-deployment - ports: - - name: http - port: {{ .Values.backend.service.port }} - targetPort: {{ .Values.backend.port }} - protocol: TCP ---- -# to: service -# from: ingress-controller - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Chart.Name }}-backend-ingress - namespace: {{ .Release.Namespace }} - annotations: - {{/* TODO: add annotations */}} -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: /api - pathType: Prefix - backend: - service: - name: {{ .Chart.Name }}-backend-service - port: - number: {{ .Values.backend.service.port }} diff --git a/infra/bt/templates/frontend.yaml b/infra/bt/templates/frontend.yaml deleted file mode 100644 index b2d18bf60..000000000 --- a/infra/bt/templates/frontend.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# from: service - -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - # deployment labels - component: {{ .Chart.Name }}-frontend-deployment - name: {{ .Chart.Name }}-frontend-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.frontend.replicas }} - selector: - matchLabels: - component: {{ .Chart.Name }}-frontend-deployment - template: - metadata: - labels: - # pod labels - component: {{ .Chart.Name }}-frontend-deployment - spec: - containers: - - name: {{ .Chart.Name }}-frontend-container - image: {{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }} - command: ["npm", "run", "prod"] - ports: - - containerPort: {{ .Values.frontend.port }} ---- -# to: deployment -# from: ingress - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }}-frontend-service - namespace: {{ .Release.Namespace }} -spec: - type: ClusterIP - selector: - component: {{ .Chart.Name }}-frontend-deployment - ports: - - name: http - port: {{ .Values.frontend.service.port }} - targetPort: {{ .Values.frontend.port }} - protocol: TCP ---- -# to: service -# from: ingress-controller - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Chart.Name }}-frontend-ingress - namespace: {{ .Release.Namespace }} - annotations: - {{/* TODO: add annotations */}} -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ .Chart.Name }}-frontend-service - port: - number: {{ .Values.frontend.service.port }} diff --git a/infra/bt/values.yaml b/infra/bt/values.yaml deleted file mode 100644 index af3370619..000000000 --- a/infra/bt/values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -frontend: - port: 3000 - replicas: 1 - image: - repository: docker.io/octoberkeleytime/bt-frontend - tag: latest - service: - port: 3000 - ingress: - annotations: - hosts: - rules: - -backend: - port: 5000 - replicas: 2 - image: - repository: docker.io/octoberkeleytime/bt-backend - tag: latest - service: - port: 5000 - ingress: - annotations: - hosts: - rules: diff --git a/infra/certs/.helmignore b/infra/certs/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/infra/certs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/certs/Chart.lock b/infra/certs/Chart.lock new file mode 100644 index 000000000..8dc763b53 --- /dev/null +++ b/infra/certs/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.14.1 +digest: sha256:8930e3106106e040ed661f2307d65e3e90b4c925aa901d100e603f38f6fbc3b4 +generated: "2024-02-19T04:05:39.175713-08:00" diff --git a/infra/certs/Chart.yaml b/infra/certs/Chart.yaml new file mode 100644 index 000000000..188159f89 --- /dev/null +++ b/infra/certs/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: bt-certs +description: A Helm chart for cert-manager and its Issuer resource + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.0.0-alpha" + +dependencies: +- name: "cert-manager" + version: "1.14.1" + repository: "https://charts.jetstack.io" \ No newline at end of file diff --git a/infra/certs/templates/_helpers.tpl b/infra/certs/templates/_helpers.tpl new file mode 100644 index 000000000..a3566d1ce --- /dev/null +++ b/infra/certs/templates/_helpers.tpl @@ -0,0 +1,6 @@ +{{/* +Chart name and version +*/}} +{{- define "bt-certs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/infra/certs/templates/cloudflare-stanfurdtime-sealed-secret.yaml b/infra/certs/templates/cloudflare-stanfurdtime-sealed-secret.yaml new file mode 100644 index 000000000..e5f978234 --- /dev/null +++ b/infra/certs/templates/cloudflare-stanfurdtime-sealed-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: cloudflare-api-token-stanfurdtime-secret + namespace: bt +spec: + encryptedData: + api-token: AgB3X5mxc19DAkwJFL98Xt0p9f6EZnG3VHmui3mYprtpSIL7x5XeMGFQC+HM/8UhuMvplVVdv3nF9TWiLsDC2ytbKgWXT3M/7aHSgDSg3iFs7i4SQLrUHSU8ORD7SOYv4wJlXn/HgOwA723uHTZ8jAb3HXWov+x/x2lWF0VgWiEfGAFrUaBHVIp3O9QRl0vlAjS3IF5/2m6ABky0IKozwRri7W2wzQs4MapsQYkMoI08pblXsPQvN748yELL/lRPrlJ2GmFbpM9w6ZZteRJbBAL3JHqShLInHA1T1n0BA3ZQHCa+RPyVH3fkaefnfJyXTVScGVfqH5ttrahbvpDzOjnEoZ+VaXzd6NbwAV3Je61Ew0nxOt5CN0Z7r1AOGYKo+tBnxD/3aQ3l5e2dj7rWxW0FWfOqEwxhNm2ApzuuKg9Qp6k8nT+AAibZ3jlPPzCTOBH9pYAScrBSRzIj5qVIY+n+i+DpfD1ilFtFPsWJOrSDBZ2C3qXPMqKHqKnF6OQTrTRy7esHfI5m10JVs7nmzr9F84q2rXTCA0sFnAvohNEJXIeG69JCPjBqk8BS+do7EWZXPf7PwsBCWI5rlWA32B2MEzOrqq82TK9daKypRQnyInBsozU5Lz77vTaz96HHpGtFRIzE2dC6aTGYBDT5l1w2idtPPrVJc2aZW6TiEDaXr8UHPfVXr3QMJNdpdDwz+/6HNd2OtpkBv8YUuqjz2AeSh3Cdwqw9TZsDcojvR94rFcbbUt0gTGIT + template: + metadata: + creationTimestamp: null + name: cloudflare-api-token-stanfurdtime-secret + namespace: bt + type: Opaque \ No newline at end of file diff --git a/infra/certs/templates/issuer.yaml b/infra/certs/templates/issuer.yaml new file mode 100644 index 000000000..b389e9d66 --- /dev/null +++ b/infra/certs/templates/issuer.yaml @@ -0,0 +1,21 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ .Values.issuerName }} + labels: + app.kubernetes.io/name: base + helm.sh/chart: {{ include "bt-certs.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + acme: + email: {{ .Values.acme.email }} + server: {{ .Values.acme.server }} + privateKeySecretRef: + name: {{ .Values.issuerName }} + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: {{ .Values.acme.cfApiTokenSecretName }} + key: api-token diff --git a/infra/certs/values.yaml b/infra/certs/values.yaml new file mode 100644 index 000000000..e338f5d97 --- /dev/null +++ b/infra/certs/values.yaml @@ -0,0 +1,5 @@ +issuerName: letsencrypt-staging +acme: + email: octo.berkeleytime@asuc.org + server: https://acme-staging-v02.api.letsencrypt.org/directory + cfApiTokenSecretName: cloudflare-api-token-secret \ No newline at end of file diff --git a/infra/init.sh b/infra/init.sh old mode 100644 new mode 100755 index c038f9d8e..e869cdcf2 --- a/infra/init.sh +++ b/infra/init.sh @@ -1,36 +1,37 @@ -#!/usr/bin/env bash - -# install ingress-nginx with helm -helm upgrade --install ingress-nginx ingress-nginx \ - --repo https://kubernetes.github.io/ingress-nginx \ - --namespace bt-base --create-namespace # using namespace=bt-base requires changing chart values (through --set or --values) - -# install app with helm. run in /new-infra -helm install bt \ - --name-template=bt \ - --namespace=bt --create-namespace - -# uninstall app with helm on config changes. run in /new-infra -helm uninstall bt \ - --namespace=bt - -# creates the PV and PVC -kubectl apply -f mongo-PV-PVC.yaml -n bt - -# delete PVC -kubectl delete pvc bt-mongodb-pv-claim -n bt - -# delete PV -kubectl delete pv bt-mongodb-pv - -# install mongodb with helm, replace CHARTNAME with the name of the chart -helm install mongo \ - --values mongodb/values.yaml \ - --namespace=bt --create-namespace \ - oci://registry-1.docker.io/bitnamicharts/mongodb - -# install redis with helm -helm install redis \ - --values redis/values.yaml \ - --namespace=bt --create-namespace \ - oci://registry-1.docker.io/bitnamicharts/redis +#!/bin/bash + +# exit on error +set -e + +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo add bitnami-labs https://bitnami-labs.github.io/sealed-secrets/ +helm repo add cert-manager https://charts.jetstack.io +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx + + +# =================== +# BASE INFRASTRUCTURE +# =================== + +helm install bt-sealed-secrets bitnami-labs/sealed-secrets --version 2.15.0 --namespace=bt --create-namespace +helm install bt-ingress-nginx ingress-nginx/ingress-nginx --version 4.9.1 --namespace=bt + +# see https://cert-manager.io/docs/installation/helm/#3-install-customresourcedefinitions +kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.crds.yaml +helm dependencies build ./certs +helm install bt-certs ./certs --namespace=bt + +# ========== +# PRODUCTION +# ========== + +helm install bt-prod-mongo ./mongo --namespace=bt + +helm dependencies build ./redis +helm install bt-prod-redis ./redis --namespace=bt + +helm install bt-prod-app ./app --namespace=bt \ + --set host=stanfurdtime.com \ + --set mongoUri=mongodb://bt-prod-mongo-svc.bt.svc.cluster.local:27017 \ + --set redisUri=redis://bt-prod-redis-master.bt.svc.cluster.local:6379 \ + --set nodeEnv=development \ No newline at end of file diff --git a/infra/mongo-PV-PVC.yaml b/infra/mongo-PV-PVC.yaml deleted file mode 100644 index f21fa5c66..000000000 --- a/infra/mongo-PV-PVC.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bt-mongodb-pv -spec: - storageClassName: manual - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - hostPath: - path: "/db" ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bt-mongodb-pv-claim -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - storageClassName: manual \ No newline at end of file diff --git a/infra/mongo/.helmignore b/infra/mongo/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/infra/mongo/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/mongo/Chart.yaml b/infra/mongo/Chart.yaml new file mode 100644 index 000000000..f7995ab06 --- /dev/null +++ b/infra/mongo/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: bt-mongo +description: A Helm chart for mongodb and its persistent volume resources. + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.0.0-alpha" diff --git a/infra/mongo/templates/_helpers.tpl b/infra/mongo/templates/_helpers.tpl new file mode 100644 index 000000000..2dc0e691c --- /dev/null +++ b/infra/mongo/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* +Chart name and version +*/}} +{{- define "bt-mongo.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Labels applied to all resources. +*/}} +{{- define "bt-mongo.labels" -}} +app.kuberentes.io/name: bt-mongo +helm.sh/chart: {{ include "bt-mongo.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/infra/mongo/templates/deployment.yaml b/infra/mongo/templates/deployment.yaml new file mode 100644 index 000000000..4d68c120c --- /dev/null +++ b/infra/mongo/templates/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + labels: + {{- include "bt-mongo.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "bt-mongo.labels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "bt-mongo.labels" . | nindent 8 }} + spec: + containers: + - name: mongo + image: {{ .Values.image }} + args: [ "--dbpath", {{ .Values.mountPath | quote }}, "--port", {{ .Values.port | quote }} ] + livenessProbe: + exec: + command: [ "mongosh", "--eval", "db.adminCommand('ping')" ] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: [ "mongosh", "--eval", "db.adminCommand('ping')" ] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: mongo-data-dir + mountPath: {{ .Values.mountPath }} + volumes: + - name: mongo-data-dir + persistentVolumeClaim: + claimName: {{ .Release.Name }}-pvc \ No newline at end of file diff --git a/infra/mongo/templates/pv.yaml b/infra/mongo/templates/pv.yaml new file mode 100644 index 000000000..4dd650d79 --- /dev/null +++ b/infra/mongo/templates/pv.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Release.Name }}-pv + labels: + {{- include "bt-mongo.labels" . | nindent 4 }} +spec: + storageClassName: manual + capacity: + storage: {{ .Values.storage }} + accessModes: + - ReadWriteOnce + hostPath: + path: {{ .Values.hostPath }} diff --git a/infra/mongo/templates/pvc.yaml b/infra/mongo/templates/pvc.yaml new file mode 100644 index 000000000..158a8131a --- /dev/null +++ b/infra/mongo/templates/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-pvc + labels: + {{- include "bt-mongo.labels" . | nindent 4 }} +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage }} \ No newline at end of file diff --git a/infra/mongo/templates/service.yaml b/infra/mongo/templates/service.yaml new file mode 100644 index 000000000..82b71e609 --- /dev/null +++ b/infra/mongo/templates/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-svc + labels: + {{- include "bt-mongo.labels" . | nindent 4 }} +spec: + selector: + {{- include "bt-mongo.labels" . | nindent 4 }} + ports: + - port: {{ .Values.port }} + targetPort: {{ .Values.port }} + protocol: TCP \ No newline at end of file diff --git a/infra/mongo/values.yaml b/infra/mongo/values.yaml new file mode 100644 index 000000000..58df6a0e9 --- /dev/null +++ b/infra/mongo/values.yaml @@ -0,0 +1,5 @@ +image: mongo:7.0.5-jammy +mountPath: /data/db +port: 27017 +storage: 10Gi +hostPath: /data/prod/db \ No newline at end of file diff --git a/infra/mongodb/values.yaml b/infra/mongodb/values.yaml deleted file mode 100644 index ce3926361..000000000 --- a/infra/mongodb/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# https://github.com/bitnami/charts/issues/7305 -# "Currently, the Bitnami container images do not support the ARM64 architecture." - -nameOverride: db - -persistence: - existingClaim: bt-mongodb-pv-claim - mountPath: "./db" diff --git a/infra/redis/.helmignore b/infra/redis/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/infra/redis/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/redis/Chart.lock b/infra/redis/Chart.lock new file mode 100644 index 000000000..f30acda3d --- /dev/null +++ b/infra/redis/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 18.14.0 +digest: sha256:fb8cea35f0caa9c982e26aceee490b0c11ae47434386b71e5693b7fc19da1bbb +generated: "2024-02-19T21:10:04.502722-08:00" diff --git a/infra/redis/Chart.yaml b/infra/redis/Chart.yaml new file mode 100644 index 000000000..568658e4b --- /dev/null +++ b/infra/redis/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: bt-redis +description: A Helm chart for redis. + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.0.0-alpha" + +dependencies: +- name: "redis" + version: "18.14.0" + repository: "https://charts.bitnami.com/bitnami" \ No newline at end of file diff --git a/infra/redis/values.yaml b/infra/redis/values.yaml index 0397ff939..f465856d3 100644 --- a/infra/redis/values.yaml +++ b/infra/redis/values.yaml @@ -1,8 +1,7 @@ -replica: - replicaCount: 1 - persistence: - enabled: true - -master: - persistence: - enabled: true +redis: + architecture: standalone + auth: + enabled: false + master: + persistence: + enabled: false From c3b358167ba27ed58ec9a5b7b3fc40f68aa69b91 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Mon, 19 Feb 2024 23:08:50 -0800 Subject: [PATCH 19/78] reorder charts and change ingress to use issuer, not clusterissuer --- infra/app/templates/ingress.yaml | 2 +- infra/init.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/infra/app/templates/ingress.yaml b/infra/app/templates/ingress.yaml index 585ca834a..44f145c19 100644 --- a/infra/app/templates/ingress.yaml +++ b/infra/app/templates/ingress.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "bt-app.labels" . | nindent 4 }} annotations: - cert-manager.io/cluster-issuer: {{ .Values.issuer }} + cert-manager.io/issuer: {{ .Values.issuer }} spec: ingressClassName: nginx tls: diff --git a/infra/init.sh b/infra/init.sh index e869cdcf2..2d6806a59 100755 --- a/infra/init.sh +++ b/infra/init.sh @@ -14,13 +14,14 @@ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx # =================== helm install bt-sealed-secrets bitnami-labs/sealed-secrets --version 2.15.0 --namespace=bt --create-namespace -helm install bt-ingress-nginx ingress-nginx/ingress-nginx --version 4.9.1 --namespace=bt # see https://cert-manager.io/docs/installation/helm/#3-install-customresourcedefinitions kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.crds.yaml helm dependencies build ./certs helm install bt-certs ./certs --namespace=bt +helm install bt-ingress-nginx ingress-nginx/ingress-nginx --version 4.9.1 --namespace=bt + # ========== # PRODUCTION # ========== From 1e7a73b2314e92eb2ebbc5f26d880dfb280afc77 Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Thu, 22 Feb 2024 14:22:15 -0800 Subject: [PATCH 20/78] create cron job to spin up new pod --- infra/app/templates/updater.yaml | 49 ++++++++++++++++++++++++++++++++ infra/app/values.yaml | 1 + 2 files changed, 50 insertions(+) diff --git a/infra/app/templates/updater.yaml b/infra/app/templates/updater.yaml index e69de29bb..d70dcd435 100644 --- a/infra/app/templates/updater.yaml +++ b/infra/app/templates/updater.yaml @@ -0,0 +1,49 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ include "bt-app.backendName" . }} + labels: + {{- include "bt-app.backendLabels" . | nindent 4 }} +spec: + schedule: {{ .Values.updater.schedule }} + suspend: {{ .Values.updater.suspend }} + jobTemplate: + spec: + template: + spec: + containers: + - name: backend-cron-job + image: {{ printf "%s/%s:%s" .Values.backend.image.registry .Values.backend.image.repository .Values.backend.image.tag }} + command: {{ .Values.updater.command | toJson}} + ports: + - containerPort: {{ .Values.backend.port }} + env: + - name: PORT + value: {{ .Values.backend.port | quote }} + - name: URL + value: "http://localhost:5001" + - name: BACKEND_PATH + value: {{ .Values.backend.path }} + - name: GRAPHQL_PATH + value: "/graphql" + - name: NODE_ENV + value: {{ .Values.nodeEnv }} + - name: MONGODB_URI + value: {{ .Values.mongoUri }} + - name: REDIS_URI + value: {{ .Values.redisUri }} + - name: SIS_CLASS_APP_ID + value: "_" + - name: SIS_CLASS_APP_KEY + value: "_" + - name: SIS_COURSE_APP_ID + value: "_" + - name: SIS_COURSE_APP_KEY + value: "_" + - name: GOOGLE_CLIENT_ID + value: "_" + - name: GOOGLE_CLIENT_SECRET + value: "_" + - name: SESSION_SECRET + value: "_" + restartPolicy: OnFailure \ No newline at end of file diff --git a/infra/app/values.yaml b/infra/app/values.yaml index 11a0bb487..562647165 100644 --- a/infra/app/values.yaml +++ b/infra/app/values.yaml @@ -34,3 +34,4 @@ backend: updater: schedule: 0 0 * * * suspend: false + command: ["npm", "run", "update:catalog"] \ No newline at end of file From afd0a583ffb4f9ffa752731e2f5a0740a75aec94 Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Thu, 22 Feb 2024 15:29:51 -0800 Subject: [PATCH 21/78] finish updater.yaml --- infra/app/templates/_helpers.tpl | 4 ++++ infra/app/templates/updater.yaml | 2 +- infra/app/values.yaml | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/infra/app/templates/_helpers.tpl b/infra/app/templates/_helpers.tpl index 0d0a6e9db..d6a26b0f8 100644 --- a/infra/app/templates/_helpers.tpl +++ b/infra/app/templates/_helpers.tpl @@ -31,3 +31,7 @@ app.kubernetes.io/name: bt-frontend {{- define "bt-app.frontendName" -}} {{ .Release.Name }}-frontend {{- end -}} + +{{- define "bt-app.cronJobName" -}} +{{ .Release.Name }}-cronjob +{{- end -}} \ No newline at end of file diff --git a/infra/app/templates/updater.yaml b/infra/app/templates/updater.yaml index d70dcd435..cc0f6194b 100644 --- a/infra/app/templates/updater.yaml +++ b/infra/app/templates/updater.yaml @@ -1,7 +1,7 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: {{ include "bt-app.backendName" . }} + name: {{ include "bt-app.cronJobName" . }} labels: {{- include "bt-app.backendLabels" . | nindent 4 }} spec: diff --git a/infra/app/values.yaml b/infra/app/values.yaml index 562647165..078a742da 100644 --- a/infra/app/values.yaml +++ b/infra/app/values.yaml @@ -32,6 +32,6 @@ backend: tag: latest updater: - schedule: 0 0 * * * + schedule: "0 0 * * *" suspend: false command: ["npm", "run", "update:catalog"] \ No newline at end of file From a97989d9d6864ea3f3b45578e8225ab30cc25a41 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Thu, 22 Feb 2024 19:46:40 -0800 Subject: [PATCH 22/78] mongo bitnami chart --- infra/mongo/Chart.lock | 6 ++++ infra/mongo/Chart.yaml | 5 ++++ infra/mongo/templates/deployment.yaml | 43 --------------------------- infra/mongo/templates/pv.yaml | 2 +- infra/mongo/templates/pvc.yaml | 2 +- infra/mongo/templates/service.yaml | 13 -------- infra/mongo/values.yaml | 15 ++++++---- 7 files changed, 23 insertions(+), 63 deletions(-) create mode 100644 infra/mongo/Chart.lock delete mode 100644 infra/mongo/templates/deployment.yaml delete mode 100644 infra/mongo/templates/service.yaml diff --git a/infra/mongo/Chart.lock b/infra/mongo/Chart.lock new file mode 100644 index 000000000..465a27dfb --- /dev/null +++ b/infra/mongo/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: mongodb + repository: https://charts.bitnami.com/bitnami + version: 14.10.0 +digest: sha256:22a5ccdfaf71a57e4d022329b563c538292c2e9fadbeea03e8ec526355efd37f +generated: "2024-02-22T19:36:46.44758-08:00" diff --git a/infra/mongo/Chart.yaml b/infra/mongo/Chart.yaml index f7995ab06..def1070d0 100644 --- a/infra/mongo/Chart.yaml +++ b/infra/mongo/Chart.yaml @@ -22,3 +22,8 @@ version: 0.1.0 # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "2.0.0-alpha" + +dependencies: + - name: "mongodb" + version: "14.10.0" + repository: "https://charts.bitnami.com/bitnami" diff --git a/infra/mongo/templates/deployment.yaml b/infra/mongo/templates/deployment.yaml deleted file mode 100644 index 4d68c120c..000000000 --- a/infra/mongo/templates/deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }} - labels: - {{- include "bt-mongo.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "bt-mongo.labels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "bt-mongo.labels" . | nindent 8 }} - spec: - containers: - - name: mongo - image: {{ .Values.image }} - args: [ "--dbpath", {{ .Values.mountPath | quote }}, "--port", {{ .Values.port | quote }} ] - livenessProbe: - exec: - command: [ "mongosh", "--eval", "db.adminCommand('ping')" ] - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - exec: - command: [ "mongosh", "--eval", "db.adminCommand('ping')" ] - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: mongo-data-dir - mountPath: {{ .Values.mountPath }} - volumes: - - name: mongo-data-dir - persistentVolumeClaim: - claimName: {{ .Release.Name }}-pvc \ No newline at end of file diff --git a/infra/mongo/templates/pv.yaml b/infra/mongo/templates/pv.yaml index 4dd650d79..01df0f8a5 100644 --- a/infra/mongo/templates/pv.yaml +++ b/infra/mongo/templates/pv.yaml @@ -7,7 +7,7 @@ metadata: spec: storageClassName: manual capacity: - storage: {{ .Values.storage }} + storage: {{ .Values.mongo.persistence.size }} accessModes: - ReadWriteOnce hostPath: diff --git a/infra/mongo/templates/pvc.yaml b/infra/mongo/templates/pvc.yaml index 158a8131a..08f1512a9 100644 --- a/infra/mongo/templates/pvc.yaml +++ b/infra/mongo/templates/pvc.yaml @@ -10,4 +10,4 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.storage }} \ No newline at end of file + storage: {{ .Values.mongo.persistence.size }} diff --git a/infra/mongo/templates/service.yaml b/infra/mongo/templates/service.yaml deleted file mode 100644 index 82b71e609..000000000 --- a/infra/mongo/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-svc - labels: - {{- include "bt-mongo.labels" . | nindent 4 }} -spec: - selector: - {{- include "bt-mongo.labels" . | nindent 4 }} - ports: - - port: {{ .Values.port }} - targetPort: {{ .Values.port }} - protocol: TCP \ No newline at end of file diff --git a/infra/mongo/values.yaml b/infra/mongo/values.yaml index 58df6a0e9..a630d4fef 100644 --- a/infra/mongo/values.yaml +++ b/infra/mongo/values.yaml @@ -1,5 +1,10 @@ -image: mongo:7.0.5-jammy -mountPath: /data/db -port: 27017 -storage: 10Gi -hostPath: /data/prod/db \ No newline at end of file +# path in host machine. should depend on environment and be different for each mongo pod. +hostPath: /data/prod/db + +mongo: + persistence: + existingClaim: bt-prod-mongo-pvc + + # path in pod. should be same for all mongo pods. + mountPath: /data/db + size: 10Gi From 81886376624b8dcfc20ff84c003f3ba532584c03 Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Thu, 22 Feb 2024 23:45:21 -0800 Subject: [PATCH 23/78] fix implementation to allow for multiple commands --- infra/app/templates/updater.yaml | 2 +- infra/app/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/app/templates/updater.yaml b/infra/app/templates/updater.yaml index cc0f6194b..3624abeda 100644 --- a/infra/app/templates/updater.yaml +++ b/infra/app/templates/updater.yaml @@ -14,7 +14,7 @@ spec: containers: - name: backend-cron-job image: {{ printf "%s/%s:%s" .Values.backend.image.registry .Values.backend.image.repository .Values.backend.image.tag }} - command: {{ .Values.updater.command | toJson}} + command: {{ .Values.updater.command | toJson }} ports: - containerPort: {{ .Values.backend.port }} env: diff --git a/infra/app/values.yaml b/infra/app/values.yaml index 078a742da..36f2c61f5 100644 --- a/infra/app/values.yaml +++ b/infra/app/values.yaml @@ -34,4 +34,4 @@ backend: updater: schedule: "0 0 * * *" suspend: false - command: ["npm", "run", "update:catalog"] \ No newline at end of file + command: ["/bin/sh", "-c", "npm run update:catalog;"] \ No newline at end of file From ad2c0b36983189ad691b8aaee5dfd0c290c30e40 Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Fri, 23 Feb 2024 14:12:28 -0800 Subject: [PATCH 24/78] add metallb and move base dependencies --- infra/app/templates/_helpers.tpl | 4 ++-- infra/{certs => base}/.helmignore | 0 infra/{certs => base}/Chart.yaml | 9 ++------- infra/base/templates/_helpers.tpl | 13 +++++++++++++ .../cloudflare-stanfurdtime-sealed-secret.yaml | 0 infra/{certs => base}/templates/issuer.yaml | 5 +---- infra/base/templates/metallb-config.yaml | 14 ++++++++++++++ infra/{certs => base}/values.yaml | 3 ++- infra/certs/Chart.lock | 6 ------ infra/certs/templates/_helpers.tpl | 6 ------ infra/init.sh | 11 +++++------ 11 files changed, 39 insertions(+), 32 deletions(-) rename infra/{certs => base}/.helmignore (100%) rename infra/{certs => base}/Chart.yaml (85%) create mode 100644 infra/base/templates/_helpers.tpl rename infra/{certs => base}/templates/cloudflare-stanfurdtime-sealed-secret.yaml (100%) rename infra/{certs => base}/templates/issuer.yaml (68%) create mode 100644 infra/base/templates/metallb-config.yaml rename infra/{certs => base}/values.yaml (58%) delete mode 100644 infra/certs/Chart.lock delete mode 100644 infra/certs/templates/_helpers.tpl diff --git a/infra/app/templates/_helpers.tpl b/infra/app/templates/_helpers.tpl index d6a26b0f8..1df673e9d 100644 --- a/infra/app/templates/_helpers.tpl +++ b/infra/app/templates/_helpers.tpl @@ -15,12 +15,12 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "bt-app.backendLabels" -}} -app.kubernetes.io/name: bt-backend +app.kubernetes.io/name: backend {{ include "bt-app.labels" . }} {{- end -}} {{- define "bt-app.frontendLabels" -}} -app.kubernetes.io/name: bt-frontend +app.kubernetes.io/name: frontend {{ include "bt-app.labels" . }} {{- end -}} diff --git a/infra/certs/.helmignore b/infra/base/.helmignore similarity index 100% rename from infra/certs/.helmignore rename to infra/base/.helmignore diff --git a/infra/certs/Chart.yaml b/infra/base/Chart.yaml similarity index 85% rename from infra/certs/Chart.yaml rename to infra/base/Chart.yaml index 188159f89..96188278b 100644 --- a/infra/certs/Chart.yaml +++ b/infra/base/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: bt-certs -description: A Helm chart for cert-manager and its Issuer resource +name: bt-base +description: A Helm chart for resources used by the entire cluster. # A chart can be either an 'application' or a 'library' chart. # @@ -22,8 +22,3 @@ version: 0.1.0 # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "2.0.0-alpha" - -dependencies: -- name: "cert-manager" - version: "1.14.1" - repository: "https://charts.jetstack.io" \ No newline at end of file diff --git a/infra/base/templates/_helpers.tpl b/infra/base/templates/_helpers.tpl new file mode 100644 index 000000000..7f78edebf --- /dev/null +++ b/infra/base/templates/_helpers.tpl @@ -0,0 +1,13 @@ +{{/* +Chart name and version +*/}} +{{- define "bt-base.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "bt-base.labels" -}} +app.kubernetes.io/name: base +helm.sh/chart: {{ include "bt-base.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/infra/certs/templates/cloudflare-stanfurdtime-sealed-secret.yaml b/infra/base/templates/cloudflare-stanfurdtime-sealed-secret.yaml similarity index 100% rename from infra/certs/templates/cloudflare-stanfurdtime-sealed-secret.yaml rename to infra/base/templates/cloudflare-stanfurdtime-sealed-secret.yaml diff --git a/infra/certs/templates/issuer.yaml b/infra/base/templates/issuer.yaml similarity index 68% rename from infra/certs/templates/issuer.yaml rename to infra/base/templates/issuer.yaml index b389e9d66..5418d42a8 100644 --- a/infra/certs/templates/issuer.yaml +++ b/infra/base/templates/issuer.yaml @@ -3,10 +3,7 @@ kind: Issuer metadata: name: {{ .Values.issuerName }} labels: - app.kubernetes.io/name: base - helm.sh/chart: {{ include "bt-certs.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "bt-base.labels" . | nindent 4 }} spec: acme: email: {{ .Values.acme.email }} diff --git a/infra/base/templates/metallb-config.yaml b/infra/base/templates/metallb-config.yaml new file mode 100644 index 000000000..93a4ea315 --- /dev/null +++ b/infra/base/templates/metallb-config.yaml @@ -0,0 +1,14 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: {{ .Release.Name }}-pool +spec: + addresses: + - {{ .Values.ipAddressRange }} + +--- + +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: {{ .Release.Name }}-l2 diff --git a/infra/certs/values.yaml b/infra/base/values.yaml similarity index 58% rename from infra/certs/values.yaml rename to infra/base/values.yaml index e338f5d97..dd8e2af02 100644 --- a/infra/certs/values.yaml +++ b/infra/base/values.yaml @@ -2,4 +2,5 @@ issuerName: letsencrypt-staging acme: email: octo.berkeleytime@asuc.org server: https://acme-staging-v02.api.letsencrypt.org/directory - cfApiTokenSecretName: cloudflare-api-token-secret \ No newline at end of file + cfApiTokenSecretName: cloudflare-api-token-secret +ipAddressRange: 169.229.226.55-169.229.226.55 \ No newline at end of file diff --git a/infra/certs/Chart.lock b/infra/certs/Chart.lock deleted file mode 100644 index 8dc763b53..000000000 --- a/infra/certs/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.14.1 -digest: sha256:8930e3106106e040ed661f2307d65e3e90b4c925aa901d100e603f38f6fbc3b4 -generated: "2024-02-19T04:05:39.175713-08:00" diff --git a/infra/certs/templates/_helpers.tpl b/infra/certs/templates/_helpers.tpl deleted file mode 100644 index a3566d1ce..000000000 --- a/infra/certs/templates/_helpers.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{/* -Chart name and version -*/}} -{{- define "bt-certs.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/infra/init.sh b/infra/init.sh index 2d6806a59..3a764e6fd 100755 --- a/infra/init.sh +++ b/infra/init.sh @@ -7,6 +7,7 @@ helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami-labs https://bitnami-labs.github.io/sealed-secrets/ helm repo add cert-manager https://charts.jetstack.io helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo add metallb https://metallb.github.io/metallb # =================== @@ -14,14 +15,12 @@ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx # =================== helm install bt-sealed-secrets bitnami-labs/sealed-secrets --version 2.15.0 --namespace=bt --create-namespace - -# see https://cert-manager.io/docs/installation/helm/#3-install-customresourcedefinitions -kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.crds.yaml -helm dependencies build ./certs -helm install bt-certs ./certs --namespace=bt - +helm install bt-metallb metallb/metallb --version 0.14.3 --namespace=bt +helm install bt-cert-manager cert-manager/cert-manager --set installCRDs=true --version 1.14.1 --namespace=bt helm install bt-ingress-nginx ingress-nginx/ingress-nginx --version 4.9.1 --namespace=bt +helm install bt-base ./base --namespace=bt + # ========== # PRODUCTION # ========== From 2357342921ee337439aa0c0bf77aa4bcba2ef3fa Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Fri, 23 Feb 2024 14:24:55 -0800 Subject: [PATCH 25/78] fix default address range (oops used current bt ip) --- infra/base/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base/values.yaml b/infra/base/values.yaml index dd8e2af02..df9c2eaba 100644 --- a/infra/base/values.yaml +++ b/infra/base/values.yaml @@ -3,4 +3,4 @@ acme: email: octo.berkeleytime@asuc.org server: https://acme-staging-v02.api.letsencrypt.org/directory cfApiTokenSecretName: cloudflare-api-token-secret -ipAddressRange: 169.229.226.55-169.229.226.55 \ No newline at end of file +ipAddressRange: 169.229.226.51-169.229.226.51 \ No newline at end of file From cc21c2098b35d11dece69de90d651783f467355b Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Fri, 23 Feb 2024 14:28:59 -0800 Subject: [PATCH 26/78] move to letsencrypt prod --- infra/app/values.yaml | 2 +- infra/base/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/infra/app/values.yaml b/infra/app/values.yaml index 36f2c61f5..35d337571 100644 --- a/infra/app/values.yaml +++ b/infra/app/values.yaml @@ -5,7 +5,7 @@ mongoUri: mongodb://bt-prod-mongo-svc.bt.svc.cluster.local:27017 redisUri: redis://bt-prod-redis-master.bt.svc.cluster.local:6379 nodeEnv: production -issuer: letsencrypt-staging +issuer: letsencrypt-prod frontend: replicas: 2 diff --git a/infra/base/values.yaml b/infra/base/values.yaml index df9c2eaba..e51bc2034 100644 --- a/infra/base/values.yaml +++ b/infra/base/values.yaml @@ -1,6 +1,6 @@ -issuerName: letsencrypt-staging +issuerName: letsencrypt-prod acme: email: octo.berkeleytime@asuc.org - server: https://acme-staging-v02.api.letsencrypt.org/directory + server: https://acme-v02.api.letsencrypt.org/directory cfApiTokenSecretName: cloudflare-api-token-secret ipAddressRange: 169.229.226.51-169.229.226.51 \ No newline at end of file From 310904c073754b2b3852920f70943a57072ca71e Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Fri, 23 Feb 2024 14:37:57 -0800 Subject: [PATCH 27/78] add common labels to metallb configs --- infra/base/templates/metallb-config.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/infra/base/templates/metallb-config.yaml b/infra/base/templates/metallb-config.yaml index 93a4ea315..376400dc5 100644 --- a/infra/base/templates/metallb-config.yaml +++ b/infra/base/templates/metallb-config.yaml @@ -2,6 +2,8 @@ apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: {{ .Release.Name }}-pool + labels: + {{- include "bt-base.labels" . | nindent 4 }} spec: addresses: - {{ .Values.ipAddressRange }} @@ -12,3 +14,5 @@ apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: {{ .Release.Name }}-l2 + labels: + {{- include "bt-base.labels" . | nindent 4 }} From 6b990b835fd6f325b9dcdbddfd2f90dc9af1f1e5 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Mon, 26 Feb 2024 18:16:35 -0800 Subject: [PATCH 28/78] formatting --- infra/app/templates/ingress.yaml | 2 +- infra/app/templates/updater.yaml | 2 +- infra/app/values.yaml | 2 +- infra/redis/Chart.lock | 6 +++--- infra/redis/Chart.yaml | 6 +++--- infra/redis/values.yaml | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/infra/app/templates/ingress.yaml b/infra/app/templates/ingress.yaml index 44f145c19..3ee6b0520 100644 --- a/infra/app/templates/ingress.yaml +++ b/infra/app/templates/ingress.yaml @@ -29,4 +29,4 @@ spec: service: name: {{ include "bt-app.backendName" . }}-svc port: - number: {{ .Values.port }} \ No newline at end of file + number: {{ .Values.port }} diff --git a/infra/app/templates/updater.yaml b/infra/app/templates/updater.yaml index cc0f6194b..7753549ad 100644 --- a/infra/app/templates/updater.yaml +++ b/infra/app/templates/updater.yaml @@ -46,4 +46,4 @@ spec: value: "_" - name: SESSION_SECRET value: "_" - restartPolicy: OnFailure \ No newline at end of file + restartPolicy: OnFailure diff --git a/infra/app/values.yaml b/infra/app/values.yaml index 078a742da..e0c861440 100644 --- a/infra/app/values.yaml +++ b/infra/app/values.yaml @@ -34,4 +34,4 @@ backend: updater: schedule: "0 0 * * *" suspend: false - command: ["npm", "run", "update:catalog"] \ No newline at end of file + command: ["npm", "run", "update:catalog"] diff --git a/infra/redis/Chart.lock b/infra/redis/Chart.lock index f30acda3d..90faddf4a 100644 --- a/infra/redis/Chart.lock +++ b/infra/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 18.14.0 + - name: redis + repository: https://charts.bitnami.com/bitnami + version: 18.14.0 digest: sha256:fb8cea35f0caa9c982e26aceee490b0c11ae47434386b71e5693b7fc19da1bbb generated: "2024-02-19T21:10:04.502722-08:00" diff --git a/infra/redis/Chart.yaml b/infra/redis/Chart.yaml index 568658e4b..b2a3ba046 100644 --- a/infra/redis/Chart.yaml +++ b/infra/redis/Chart.yaml @@ -24,6 +24,6 @@ version: 0.1.0 appVersion: "2.0.0-alpha" dependencies: -- name: "redis" - version: "18.14.0" - repository: "https://charts.bitnami.com/bitnami" \ No newline at end of file + - name: "redis" + version: "18.14.0" + repository: "https://charts.bitnami.com/bitnami" diff --git a/infra/redis/values.yaml b/infra/redis/values.yaml index f465856d3..c57ff67fc 100644 --- a/infra/redis/values.yaml +++ b/infra/redis/values.yaml @@ -4,4 +4,4 @@ redis: enabled: false master: persistence: - enabled: false + enabled: false From df994f74fe12503a9736962c8e3e81b29e4873b2 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Mon, 26 Feb 2024 18:16:45 -0800 Subject: [PATCH 29/78] use bitnami mongodb chart --- infra/init.sh | 6 +++--- infra/mongo/templates/pv.yaml | 2 +- infra/mongo/templates/pvc.yaml | 2 +- infra/mongo/values.yaml | 5 ++++- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/infra/init.sh b/infra/init.sh index 2d6806a59..ac22ae85b 100755 --- a/infra/init.sh +++ b/infra/init.sh @@ -26,13 +26,13 @@ helm install bt-ingress-nginx ingress-nginx/ingress-nginx --version 4.9.1 --name # PRODUCTION # ========== -helm install bt-prod-mongo ./mongo --namespace=bt +helm install bt-prod-mongo ./mongo --namespace=bt --set hostPath=/dev/prod/db,mongodb.persistence.existingClaim=bt-prod-mongo-pvc helm dependencies build ./redis helm install bt-prod-redis ./redis --namespace=bt helm install bt-prod-app ./app --namespace=bt \ --set host=stanfurdtime.com \ - --set mongoUri=mongodb://bt-prod-mongo-svc.bt.svc.cluster.local:27017 \ + --set mongoUri=mongodb://bt-prod-mongo-mongodb.bt.svc.cluster.local:27017 \ --set redisUri=redis://bt-prod-redis-master.bt.svc.cluster.local:6379 \ - --set nodeEnv=development \ No newline at end of file + --set nodeEnv=development diff --git a/infra/mongo/templates/pv.yaml b/infra/mongo/templates/pv.yaml index 01df0f8a5..dd9d0e005 100644 --- a/infra/mongo/templates/pv.yaml +++ b/infra/mongo/templates/pv.yaml @@ -7,7 +7,7 @@ metadata: spec: storageClassName: manual capacity: - storage: {{ .Values.mongo.persistence.size }} + storage: {{ .Values.mongodb.persistence.size }} accessModes: - ReadWriteOnce hostPath: diff --git a/infra/mongo/templates/pvc.yaml b/infra/mongo/templates/pvc.yaml index 08f1512a9..ec34c7b5c 100644 --- a/infra/mongo/templates/pvc.yaml +++ b/infra/mongo/templates/pvc.yaml @@ -10,4 +10,4 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.mongo.persistence.size }} + storage: {{ .Values.mongodb.persistence.size }} diff --git a/infra/mongo/values.yaml b/infra/mongo/values.yaml index a630d4fef..ea43ebf41 100644 --- a/infra/mongo/values.yaml +++ b/infra/mongo/values.yaml @@ -1,7 +1,10 @@ # path in host machine. should depend on environment and be different for each mongo pod. hostPath: /data/prod/db -mongo: +mongodb: + image: + tag: 7.0.5 + persistence: existingClaim: bt-prod-mongo-pvc From 9b5e95dc7fd4dcbe058e22ed4f0b5ad06e204d69 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Tue, 27 Feb 2024 20:50:50 -0800 Subject: [PATCH 30/78] use existingClaim as pvc name --- infra/mongo/templates/pvc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/mongo/templates/pvc.yaml b/infra/mongo/templates/pvc.yaml index ec34c7b5c..22e29003b 100644 --- a/infra/mongo/templates/pvc.yaml +++ b/infra/mongo/templates/pvc.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ .Release.Name }}-pvc + name: {{ .Values.mongodb.persistence.existingClaim }} labels: {{- include "bt-mongo.labels" . | nindent 4 }} spec: From 3fc27495c44268b04cad1b0bfa842f24add75d02 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Wed, 28 Feb 2024 20:35:57 -0800 Subject: [PATCH 31/78] express trust proxy (nginx) --- backend/src/bootstrap/loaders/passport.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/src/bootstrap/loaders/passport.ts b/backend/src/bootstrap/loaders/passport.ts index 1b036f705..c19b890d2 100644 --- a/backend/src/bootstrap/loaders/passport.ts +++ b/backend/src/bootstrap/loaders/passport.ts @@ -26,6 +26,7 @@ const SCOPE = ['profile', 'email'] export default async (app: Application) => { // init + app.use('trust proxy') app.use(session({ secret: config.SESSION_SECRET, name: 'sessionId', From 55b9b9632a9d6cf5b51bc7fe5e202094bb9ee215 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Thu, 29 Feb 2024 00:46:50 -0800 Subject: [PATCH 32/78] disable mongo auth, update helm commands --- infra/init.sh | 6 ++++-- infra/mongo/values.yaml | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/infra/init.sh b/infra/init.sh index 328dbdc27..211715e9c 100755 --- a/infra/init.sh +++ b/infra/init.sh @@ -25,13 +25,15 @@ helm install bt-base ./base --namespace=bt # PRODUCTION # ========== -helm install bt-prod-mongo ./mongo --namespace=bt --set hostPath=/dev/prod/db,mongodb.persistence.existingClaim=bt-prod-mongo-pvc +helm install bt-prod-mongo ./mongo --namespace=bt \ + --set hostPath=/dev/prod/db \ + --set mongodb.persistence.existingClaim=bt-prod-mongo-pvc helm dependencies build ./redis helm install bt-prod-redis ./redis --namespace=bt helm install bt-prod-app ./app --namespace=bt \ --set host=stanfurdtime.com \ - --set mongoUri=mongodb://bt-prod-mongo-mongodb.bt.svc.cluster.local:27017 \ + --set mongoUri=mongodb://bt-prod-mongo-mongodb.bt.svc.cluster.local:27017/bt \ --set redisUri=redis://bt-prod-redis-master.bt.svc.cluster.local:6379 \ --set nodeEnv=development diff --git a/infra/mongo/values.yaml b/infra/mongo/values.yaml index ea43ebf41..7fb8264a6 100644 --- a/infra/mongo/values.yaml +++ b/infra/mongo/values.yaml @@ -5,6 +5,9 @@ mongodb: image: tag: 7.0.5 + auth: + enabled: false + persistence: existingClaim: bt-prod-mongo-pvc From 610d42497119584d8b1afa161d55fc63bdb10701 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 24 Mar 2024 23:31:19 -0700 Subject: [PATCH 33/78] add CI/CD workflows --- .github/workflows/cd-branch.yml | 35 +++++++++++++++++++++++++++++++++ .github/workflows/cd-master.yml | 30 ++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 .github/workflows/cd-branch.yml create mode 100644 .github/workflows/cd-master.yml diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml new file mode 100644 index 000000000..eec3f0e16 --- /dev/null +++ b/.github/workflows/cd-branch.yml @@ -0,0 +1,35 @@ +name: + Deploy to Dev + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: SSH into Hozer + uses: appleboy/ssh-action@v1.0.3 + with: + host: hozer-51.ocf.berkeley.edu + username: root + key: ${{ secrets.SSH_KEY }} + script: | + cd /berkeleytime + git checkout ${{ github.event.pull_request.head.sha }} + git pull + docker compose up --build -d + docker tag berkeleytime-backend octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} + docker tag berkeleytime-frontend octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} + docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + docker push octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} + docker push octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} + helm install bt-dev-app ./app --namespace=bt \ + --set host=${{ github.event.pull_request.head.sha }}.stanfurdtime.com \ + --set mongoUri=mongodb://bt-dev-mongo-mongodb.bt.svc.cluster.local:27017/bt \ + --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ + --set nodeEnv=development \ + --set frontend.image.tag=${{ github.event.pull_request.head.sha }} \ + --set backend.image.tag=${{ github.event.pull_request.head.sha }} \ No newline at end of file diff --git a/.github/workflows/cd-master.yml b/.github/workflows/cd-master.yml new file mode 100644 index 000000000..f8e784b99 --- /dev/null +++ b/.github/workflows/cd-master.yml @@ -0,0 +1,30 @@ +name: + Deploy to Staging + +on: + push: + branches: [ master ] + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: SSH into Hozer + uses: appleboy/ssh-action@v1.0.3 + with: + host: hozer-51.ocf.berkeley.edu + username: root + key: ${{ secrets.SSH_KEY }} + script: | + cd /berkeleytime + git checkout master + git pull + docker compose up --build -d + docker tag berkeleytime-backend octoberkeleytime/bt-backend:latest + docker tag berkeleytime-frontend octoberkeleytime/bt-frontend:latest + docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + docker push octoberkeleytime/bt-backend:latest + docker push octoberkeleytime/bt-frontend:latest + kubectl rollout restart deployment bt-staging-app-backend + kubectl rollout restart deployment bt-staging-app-frontend \ No newline at end of file From 1c1c6dd72aecb61e4e6bbd563fe4bf515061ee02 Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Mon, 25 Mar 2024 00:13:19 -0700 Subject: [PATCH 34/78] test --- infra/app/templates/backend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/app/templates/backend.yaml b/infra/app/templates/backend.yaml index e27b67d38..b3f874f96 100644 --- a/infra/app/templates/backend.yaml +++ b/infra/app/templates/backend.yaml @@ -64,4 +64,4 @@ spec: ports: - protocol: TCP port: {{ .Values.port }} - targetPort: {{ .Values.backend.port }} + targetPort: {{ .Values.backend.port }} \ No newline at end of file From 6fd9d995e5421f82c7459468ef47c8c35d9d02e5 Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Thu, 4 Apr 2024 18:51:39 -0700 Subject: [PATCH 35/78] test --- backend/src/scripts/update-catalog.ts | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/src/scripts/update-catalog.ts b/backend/src/scripts/update-catalog.ts index a8df30b99..c52c77e76 100644 --- a/backend/src/scripts/update-catalog.ts +++ b/backend/src/scripts/update-catalog.ts @@ -15,7 +15,7 @@ const SIS_SECTION_URL = 'https://gateway.api.berkeley.edu/sis/v1/classes/section const semToTermId = (s: SemesterType) => { // term-id is computed by dropping the century digit of the year, then adding the term code - const termMap: { [key: string] : number} = {'Fall': 8, 'Spring': 2, 'Summer': 5} + const termMap: { [key: string]: number } = { 'Fall': 8, 'Spring': 2, 'Summer': 5 } return `${Math.floor(s.year / 1000)}${s.year % 100}${termMap[s.term]}` } @@ -31,13 +31,13 @@ const queryPages = async (url: string, params: any, headers: any, field: stri let resp: AxiosResponse>; try { - resp = await axios.get(url, { params: { 'page-number': page, ...params}, headers }); + resp = await axios.get(url, { params: { 'page-number': page, ...params }, headers }); } catch (err) { if (axios.isAxiosError(err) && err.response?.status === 404) { break; } else { console.log(`Unexpected err querying SIS API. Error: ${err}.`) - + if (retries > 0) { retries--; console.log(`Retrying...`) @@ -45,7 +45,7 @@ const queryPages = async (url: string, params: any, headers: any, field: stri } else { console.log(`Too many errors querying SIS API for courses. Terminating update...`) throw err; - } + } } } @@ -71,7 +71,7 @@ const updateCourses = async () => { const courses = await queryPages(SIS_COURSE_URL, params, headers, 'courses'); console.log("Updating database with new course data...") - + const bulkOps = courses.map(c => ({ replaceOne: { filter: { classDisplayName: c.classDisplayName }, @@ -95,7 +95,7 @@ const updateClasses = async () => { const activeSemesters = await SemesterModel.find({ active: true }).lean(); const classes: ClassType[] = []; - + for (const s of activeSemesters) { console.log(`Updating classses for ${s.term} ${s.year}...`) @@ -132,7 +132,7 @@ const updateSections = async () => { const activeSemesters = await SemesterModel.find({ active: true }).lean(); const sections: SectionType[] = []; - + for (const s of activeSemesters) { console.log(`Updating sections for ${s.term} ${s.year}...`) @@ -180,4 +180,4 @@ const updateSections = async () => { } process.exit(0); -})(); \ No newline at end of file +})(); From 51766ca760b89d60aed2f84326bc3651d57454fa Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Thu, 4 Apr 2024 19:05:40 -0700 Subject: [PATCH 36/78] test --- .github/workflows/cd-branch.yml | 16 ++++++++-------- .github/workflows/cd-master.yml | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index eec3f0e16..73e4950d5 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,13 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: SSH into Hozer - uses: appleboy/ssh-action@v1.0.3 - with: - host: hozer-51.ocf.berkeley.edu - username: root - key: ${{ secrets.SSH_KEY }} - script: | + - name: SSH + run: | + mkdir -p ~/.ssh + echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + ssh -i ~/.ssh/id_rsa root@hozer-51.ocf.berkeley.edu << EOF cd /berkeleytime git checkout ${{ github.event.pull_request.head.sha }} git pull @@ -32,4 +31,5 @@ jobs: --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ --set nodeEnv=development \ --set frontend.image.tag=${{ github.event.pull_request.head.sha }} \ - --set backend.image.tag=${{ github.event.pull_request.head.sha }} \ No newline at end of file + --set backend.image.tag=${{ github.event.pull_request.head.sha }} + EOF \ No newline at end of file diff --git a/.github/workflows/cd-master.yml b/.github/workflows/cd-master.yml index f8e784b99..37d20774f 100644 --- a/.github/workflows/cd-master.yml +++ b/.github/workflows/cd-master.yml @@ -10,13 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: SSH into Hozer - uses: appleboy/ssh-action@v1.0.3 - with: - host: hozer-51.ocf.berkeley.edu - username: root - key: ${{ secrets.SSH_KEY }} - script: | + - name: SSH + run: | + mkdir -p ~/.ssh + echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + ssh -i ~/.ssh/id_rsa root@hozer-51.ocf.berkeley.edu << EOF cd /berkeleytime git checkout master git pull @@ -27,4 +26,5 @@ jobs: docker push octoberkeleytime/bt-backend:latest docker push octoberkeleytime/bt-frontend:latest kubectl rollout restart deployment bt-staging-app-backend - kubectl rollout restart deployment bt-staging-app-frontend \ No newline at end of file + kubectl rollout restart deployment bt-staging-app-frontend + EOF \ No newline at end of file From 178510e686829b3b4787b20bef8585b08b0a24b4 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:23:27 -0700 Subject: [PATCH 37/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 73e4950d5..76ab281a3 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,26 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: SSH - run: | - mkdir -p ~/.ssh - echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh -i ~/.ssh/id_rsa root@hozer-51.ocf.berkeley.edu << EOF - cd /berkeleytime - git checkout ${{ github.event.pull_request.head.sha }} - git pull - docker compose up --build -d - docker tag berkeleytime-backend octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} - docker tag berkeleytime-frontend octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} - docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - docker push octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} - docker push octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} - helm install bt-dev-app ./app --namespace=bt \ - --set host=${{ github.event.pull_request.head.sha }}.stanfurdtime.com \ - --set mongoUri=mongodb://bt-dev-mongo-mongodb.bt.svc.cluster.local:27017/bt \ - --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ - --set nodeEnv=development \ - --set frontend.image.tag=${{ github.event.pull_request.head.sha }} \ - --set backend.image.tag=${{ github.event.pull_request.head.sha }} - EOF \ No newline at end of file + - name: Checkout Repository + uses: actions/checkout@v2 + + - name: Install SSH client + run: apt-get update && apt-get install -y openssh-client + + - name: Run SSH command + run: | + ssh -i ${{ secrets.SSH_KEY }} root@hozer-51.ocf.berkeley.edu "echo test" From 9e64e27ec9432253b609f472de7256fcc0b4a85a Mon Sep 17 00:00:00 2001 From: Chengming Li Date: Thu, 4 Apr 2024 19:23:58 -0700 Subject: [PATCH 38/78] test --- backend/src/scripts/update-catalog.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/scripts/update-catalog.ts b/backend/src/scripts/update-catalog.ts index c52c77e76..0cc041e5c 100644 --- a/backend/src/scripts/update-catalog.ts +++ b/backend/src/scripts/update-catalog.ts @@ -180,4 +180,4 @@ const updateSections = async () => { } process.exit(0); -})(); +})(); \ No newline at end of file From 7b7fa7ce82b63434c5329fa6aa37268e2d6ff713 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:28:26 -0700 Subject: [PATCH 39/78] Fix cd-branch.yml --- .github/workflows/cd-branch.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 76ab281a3..449fd488d 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,9 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout Repository - uses: actions/checkout@v2 - - name: Install SSH client run: apt-get update && apt-get install -y openssh-client From 3c8ee6c64f132468cb18479bb30022a700be6be3 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:35:50 -0700 Subject: [PATCH 40/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 449fd488d..d6f12bdca 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,9 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Install SSH client - run: apt-get update && apt-get install -y openssh-client - - name: Run SSH command run: | ssh -i ${{ secrets.SSH_KEY }} root@hozer-51.ocf.berkeley.edu "echo test" From 7021f997e4586d0b9d8e936cb28fc201c6ff15b8 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:39:16 -0700 Subject: [PATCH 41/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index d6f12bdca..98da25bdb 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -9,7 +9,15 @@ jobs: deploy: runs-on: ubuntu-latest + container: + image: ubuntu:latest + options: --privileged + steps: + - name: Install SSH client + run: | + apt-get update + apt-get install -y openssh-client - name: Run SSH command run: | ssh -i ${{ secrets.SSH_KEY }} root@hozer-51.ocf.berkeley.edu "echo test" From 663529ae7d7db7f94f2c726c39b652ed380791b0 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:46:09 -0700 Subject: [PATCH 42/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 98da25bdb..701f0d690 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -14,10 +14,12 @@ jobs: options: --privileged steps: - - name: Install SSH client + - name: SSH into server + env: + SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY }} run: | - apt-get update - apt-get install -y openssh-client - - name: Run SSH command - run: | - ssh -i ${{ secrets.SSH_KEY }} root@hozer-51.ocf.berkeley.edu "echo test" + mkdir -p ~/.ssh + echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + ssh -o StrictHostKeyChecking=no -p root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From c474f782ff8f2b97ab1ae4660725f9becbfc73d5 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:47:56 -0700 Subject: [PATCH 43/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 701f0d690..c9ac992e6 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -14,6 +14,11 @@ jobs: options: --privileged steps: + - name: Install OpenSSH client + run: | + sudo apt-get update + sudo apt-get install -y openssh-client + - name: SSH into server env: SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY }} From d27a92896fb7e11be5ebb62e9d2add940b3fd0ee Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:48:54 -0700 Subject: [PATCH 44/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index c9ac992e6..ac053af17 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -16,8 +16,8 @@ jobs: steps: - name: Install OpenSSH client run: | - sudo apt-get update - sudo apt-get install -y openssh-client + apt-get update + apt-get install -y openssh-client - name: SSH into server env: From 6d87e91d631cd56e882a5562c12918c66f22a190 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 00:03:12 -0700 Subject: [PATCH 45/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index ac053af17..87cc1b6b6 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -27,4 +27,4 @@ jobs: echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - ssh -o StrictHostKeyChecking=no -p root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" + ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From 03bcbe36533155c191bb764f77972486e87c4bcd Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 00:12:20 -0700 Subject: [PATCH 46/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 87cc1b6b6..733baa6c4 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -24,7 +24,7 @@ jobs: SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY }} run: | mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa + echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From 422a205b47f57699f31b34ee8e296eb81eee33fb Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 00:14:04 -0700 Subject: [PATCH 47/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 733baa6c4..e85906a54 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -25,6 +25,3 @@ jobs: run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - - ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From c6bb2d9706442be1d6a1ea581861c151d0417f1f Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 00:15:10 -0700 Subject: [PATCH 48/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index e85906a54..ed933b657 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -25,3 +25,5 @@ jobs: run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From 4b7922c6674e9f20e32d5272e2b39588fed3792c Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 00:16:04 -0700 Subject: [PATCH 49/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index ed933b657..79d54b333 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -26,4 +26,3 @@ jobs: mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From 252bfe926aca2987ef0635867783c4ebc262e91f Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 00:16:37 -0700 Subject: [PATCH 50/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 79d54b333..ed933b657 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -26,3 +26,4 @@ jobs: mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 + ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" From d238ae00ff2a8e517c3cf0d50855592751e10969 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 22:51:14 -0700 Subject: [PATCH 51/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 40 +++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index ed933b657..01a5a3438 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -9,21 +9,27 @@ jobs: deploy: runs-on: ubuntu-latest - container: - image: ubuntu:latest - options: --privileged - steps: - - name: Install OpenSSH client - run: | - apt-get update - apt-get install -y openssh-client - - - name: SSH into server - env: - SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY }} - run: | - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - ssh -o StrictHostKeyChecking=no -p 22 root@hozer-51.ocf.berkeley.edu "echo 'SSH connection established!'" + - name: SSH into Hozer + uses: appleboy/ssh-action@v1.0.3 + with: + host: hozer-51.ocf.berkeley.edu + username: root + key: ${{ secrets.SSH_KEY }} + script: | + cd /berkeleytime + git checkout ${{ github.event.pull_request.head.sha }} + git pull + docker compose up --build -d + docker tag berkeleytime-backend octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} + docker tag berkeleytime-frontend octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} + docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + docker push octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} + docker push octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} + helm install bt-dev-app ./app --namespace=bt \ + --set host=${{ github.event.pull_request.head.sha }}.stanfurdtime.com \ + --set mongoUri=mongodb://bt-dev-mongo-mongodb.bt.svc.cluster.local:27017/bt \ + --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ + --set nodeEnv=development \ + --set frontend.image.tag=${{ github.event.pull_request.head.sha }} \ + --set backend.image.tag=${{ github.event.pull_request.head.sha }} From a9dc2a894e2296cc68c7c6ea20b5b095ea2e5223 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 22:56:27 -0700 Subject: [PATCH 52/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 01a5a3438..516b74851 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,26 +10,10 @@ jobs: runs-on: ubuntu-latest steps: - - name: SSH into Hozer - uses: appleboy/ssh-action@v1.0.3 - with: - host: hozer-51.ocf.berkeley.edu - username: root - key: ${{ secrets.SSH_KEY }} - script: | - cd /berkeleytime - git checkout ${{ github.event.pull_request.head.sha }} - git pull - docker compose up --build -d - docker tag berkeleytime-backend octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} - docker tag berkeleytime-frontend octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} - docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - docker push octoberkeleytime/bt-backend:${{ github.event.pull_request.head.sha }} - docker push octoberkeleytime/bt-frontend:${{ github.event.pull_request.head.sha }} - helm install bt-dev-app ./app --namespace=bt \ - --set host=${{ github.event.pull_request.head.sha }}.stanfurdtime.com \ - --set mongoUri=mongodb://bt-dev-mongo-mongodb.bt.svc.cluster.local:27017/bt \ - --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ - --set nodeEnv=development \ - --set frontend.image.tag=${{ github.event.pull_request.head.sha }} \ - --set backend.image.tag=${{ github.event.pull_request.head.sha }} + - name: Setup SSH Key + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.SSH_KEY }} + - name: SSH into Hozer + run: | + ssh root@hozer-51.ocf.berkeley.edu "echo 'test'" From 4d872039fcd274eaaf79dedb36ccd6d436cbdd89 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 22:57:30 -0700 Subject: [PATCH 53/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 516b74851..9d878d63d 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Setup SSH Key - uses: webfactory/ssh-agent@v0.9.0 + uses: webfactory/ssh-agent with: ssh-private-key: ${{ secrets.SSH_KEY }} - name: SSH into Hozer From 0062e08d61e4f39c70901afcc1c7eeee5c4f159e Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 22:58:16 -0700 Subject: [PATCH 54/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 9d878d63d..516b74851 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Setup SSH Key - uses: webfactory/ssh-agent + uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SSH_KEY }} - name: SSH into Hozer From a039ff3d3bd89a2725c15e4c209feed096b5d9e8 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Fri, 5 Apr 2024 23:06:49 -0700 Subject: [PATCH 55/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 516b74851..a078ae805 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -16,4 +16,4 @@ jobs: ssh-private-key: ${{ secrets.SSH_KEY }} - name: SSH into Hozer run: | - ssh root@hozer-51.ocf.berkeley.edu "echo 'test'" + ssh root@hozer-51.ocf.berkeley.edu "cd /berkeleytime" From 075e355d2f0c9b0a0b28bd053012b018c170013b Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 9 Apr 2024 20:17:40 -0700 Subject: [PATCH 56/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index a078ae805..875a3ccf8 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,10 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - name: Setup SSH Key - uses: webfactory/ssh-agent@v0.9.0 - with: - ssh-private-key: ${{ secrets.SSH_KEY }} - - name: SSH into Hozer - run: | - ssh root@hozer-51.ocf.berkeley.edu "cd /berkeleytime" + - name: Install sshpass + run: sudo apt-get install -y sshpass + - name: SSH into server + run: sshpass -p ${{ secrets.SSH_PASSWORD }} ssh root@hozer-51.ocf.berkeley.edu 'echo hello' From 26d1dacf14ffe860a5af36379597ab72a3328406 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 9 Apr 2024 20:39:33 -0700 Subject: [PATCH 57/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 875a3ccf8..c7bad7937 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,7 +10,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Install sshpass - run: sudo apt-get install -y sshpass - - name: SSH into server - run: sshpass -p ${{ secrets.SSH_PASSWORD }} ssh root@hozer-51.ocf.berkeley.edu 'echo hello' + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: hozer-51.ocf.berkeley.edu + username: root + key: ${{ secrets.SSH_KEY }} + port: 22 + script: whoami From e6a5297f2627fb6e3b31e4ba0fd01bba5b1db9b0 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 9 Apr 2024 21:31:35 -0700 Subject: [PATCH 58/78] Create cd-build-backend.yml --- .github/workflows/cd-build-backend.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/cd-build-backend.yml diff --git a/.github/workflows/cd-build-backend.yml b/.github/workflows/cd-build-backend.yml new file mode 100644 index 000000000..139627ea9 --- /dev/null +++ b/.github/workflows/cd-build-backend.yml @@ -0,0 +1,26 @@ +name: + Build Backend + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + + - name: Build Docker Image + run: docker build -t berkeleytime-backend . + + - name: Save Docker Image as Tarball + run: docker save berkeleytime-backend:latest -o berkeleytime-backend.tar + + - name: Upload Docker Image as Artifact + uses: actions/upload-artifact@v2 + with: + name: backend + path: berkeleytime-backend.tar From 927209f315c7a9afb8fda7083613cd2da0e323c8 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 9 Apr 2024 21:31:57 -0700 Subject: [PATCH 59/78] Create cd-build-frontend.yml --- .github/workflows/cd-build-frontend.yml | 26 +++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/cd-build-frontend.yml diff --git a/.github/workflows/cd-build-frontend.yml b/.github/workflows/cd-build-frontend.yml new file mode 100644 index 000000000..4f5aac740 --- /dev/null +++ b/.github/workflows/cd-build-frontend.yml @@ -0,0 +1,26 @@ +name: + Build Frontend + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + + - name: Build Docker Image + run: docker build -t berkeleytime-frontend . + + - name: Save Docker Image as Tarball + run: docker save berkeleytime-frontend:latest -o berkeleytime-frontend.tar + + - name: Upload Docker Image as Artifact + uses: actions/upload-artifact@v2 + with: + name: frontend + path: berkeleytime-frontend.tar From 16437027b925b3619f0f8631952d9b29d625fbc5 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 9 Apr 2024 21:34:34 -0700 Subject: [PATCH 60/78] Update cd-build-frontend.yml --- .github/workflows/cd-build-frontend.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd-build-frontend.yml b/.github/workflows/cd-build-frontend.yml index 4f5aac740..a96c54a9a 100644 --- a/.github/workflows/cd-build-frontend.yml +++ b/.github/workflows/cd-build-frontend.yml @@ -13,8 +13,11 @@ jobs: - name: Checkout Repository uses: actions/checkout@v2 + - name: echo + run: pwd + - name: Build Docker Image - run: docker build -t berkeleytime-frontend . + run: docker build -t berkeleytime-frontend ./frontend/ - name: Save Docker Image as Tarball run: docker save berkeleytime-frontend:latest -o berkeleytime-frontend.tar From 878a1c9d2b872911778e1a0ad376cb805a18083d Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 9 Apr 2024 21:35:22 -0700 Subject: [PATCH 61/78] Update cd-build-backend.yml --- .github/workflows/cd-build-backend.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-build-backend.yml b/.github/workflows/cd-build-backend.yml index 139627ea9..32716111d 100644 --- a/.github/workflows/cd-build-backend.yml +++ b/.github/workflows/cd-build-backend.yml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@v2 - name: Build Docker Image - run: docker build -t berkeleytime-backend . + run: docker build -t berkeleytime-backend ./backend/ - name: Save Docker Image as Tarball run: docker save berkeleytime-backend:latest -o berkeleytime-backend.tar From fac0f791744a39f4b5cd06ceff8685ecdd1268d0 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 11 Apr 2024 19:04:56 -0700 Subject: [PATCH 62/78] Update cd-master.yml --- .github/workflows/cd-master.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd-master.yml b/.github/workflows/cd-master.yml index 37d20774f..8619d4a61 100644 --- a/.github/workflows/cd-master.yml +++ b/.github/workflows/cd-master.yml @@ -4,6 +4,12 @@ name: on: push: branches: [ master ] + workflow_run: + workflows: + - "Build Frontend" + - "Build Backend" + types: + - completed jobs: deploy: @@ -27,4 +33,4 @@ jobs: docker push octoberkeleytime/bt-frontend:latest kubectl rollout restart deployment bt-staging-app-backend kubectl rollout restart deployment bt-staging-app-frontend - EOF \ No newline at end of file + EOF From 9691cc67d99454a972eb13fc4eb5a50eabf9b1c4 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 11 Apr 2024 19:04:59 -0700 Subject: [PATCH 63/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index c7bad7937..c953d1a25 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -4,6 +4,12 @@ name: on: pull_request: types: [opened, synchronize, reopened] + workflow_run: + workflows: + - "Build Frontend" + - "Build Backend" + types: + - completed jobs: deploy: From d3856d565ce52870eeb72e54369bf63a76d660e2 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Thu, 11 Apr 2024 19:31:12 -0700 Subject: [PATCH 64/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index c953d1a25..87e2c64ff 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -2,20 +2,18 @@ name: Deploy to Dev on: - pull_request: - types: [opened, synchronize, reopened] - workflow_run: - workflows: - - "Build Frontend" - - "Build Backend" - types: - - completed + repository_dispatch: + types: [trigger-workflow] jobs: deploy: runs-on: ubuntu-latest steps: + - name: Echo Params + run: | + echo "Subdomain: ${{ github.event.client_payload.param1 }}" + echo "Time to Live: ${{ github.event.client_payload.param2 }}" - name: executing remote ssh commands using ssh key uses: appleboy/ssh-action@v1.0.3 with: From 65c22e3af41c6ded4e072b4db497df6e84424dee Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:09:16 -0700 Subject: [PATCH 65/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 87e2c64ff..4e67213ac 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -10,6 +10,19 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checkout Repository + uses: actions/checkout@v2 + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build Docker Image + run: docker build -t berkeleytime-backend ./backend/ + - name: Tag Docker Image + run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} + - name: Push Docker Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend - name: Echo Params run: | echo "Subdomain: ${{ github.event.client_payload.param1 }}" @@ -21,4 +34,10 @@ jobs: username: root key: ${{ secrets.SSH_KEY }} port: 22 - script: whoami + script: | + helm install bt-dev-app-${{ github.sha }} ./app --namespace=bt \ + --set host=${{ github.event.client_payload.param1 }}.stanfurdtime.com \ + --set mongoUri=mongodb://bt-dev-mongo-mongodb.bt.svc.cluster.local:27017/bt \ + --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ + --set nodeEnv=development + helm release ttl bt-dev-app-${{ github.sha }} --set='${{ github.event.client_payload.param2 }}' From fd8ef598845672560786480a14fb8d3dab77a4da Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:11:57 -0700 Subject: [PATCH 66/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 4e67213ac..601868aa2 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -22,7 +22,7 @@ jobs: - name: Tag Docker Image run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} - name: Push Docker Image - run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} - name: Echo Params run: | echo "Subdomain: ${{ github.event.client_payload.param1 }}" From eda6dadcecc678ecbe710cd4295baf6d7c92d67c Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:12:23 -0700 Subject: [PATCH 67/78] Update cd-branch.yml --- .github/workflows/cd-branch.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-branch.yml index 601868aa2..e06836a7f 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-branch.yml @@ -23,10 +23,6 @@ jobs: run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} - name: Push Docker Image run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} - - name: Echo Params - run: | - echo "Subdomain: ${{ github.event.client_payload.param1 }}" - echo "Time to Live: ${{ github.event.client_payload.param2 }}" - name: executing remote ssh commands using ssh key uses: appleboy/ssh-action@v1.0.3 with: From f86de067737cc1a4024d2ec83a08c0c8c0c65cc9 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:12:55 -0700 Subject: [PATCH 68/78] Update and rename cd-master.yml to cd-prod.yml --- .github/workflows/cd-master.yml | 36 ------------------------------- .github/workflows/cd-prod.yml | 38 +++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 36 deletions(-) delete mode 100644 .github/workflows/cd-master.yml create mode 100644 .github/workflows/cd-prod.yml diff --git a/.github/workflows/cd-master.yml b/.github/workflows/cd-master.yml deleted file mode 100644 index 8619d4a61..000000000 --- a/.github/workflows/cd-master.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: - Deploy to Staging - -on: - push: - branches: [ master ] - workflow_run: - workflows: - - "Build Frontend" - - "Build Backend" - types: - - completed - -jobs: - deploy: - runs-on: ubuntu-latest - - steps: - - name: SSH - run: | - mkdir -p ~/.ssh - echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh -i ~/.ssh/id_rsa root@hozer-51.ocf.berkeley.edu << EOF - cd /berkeleytime - git checkout master - git pull - docker compose up --build -d - docker tag berkeleytime-backend octoberkeleytime/bt-backend:latest - docker tag berkeleytime-frontend octoberkeleytime/bt-frontend:latest - docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - docker push octoberkeleytime/bt-backend:latest - docker push octoberkeleytime/bt-frontend:latest - kubectl rollout restart deployment bt-staging-app-backend - kubectl rollout restart deployment bt-staging-app-frontend - EOF diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml new file mode 100644 index 000000000..ccef726ed --- /dev/null +++ b/.github/workflows/cd-prod.yml @@ -0,0 +1,38 @@ +name: + Deploy to Staging + +on: + repository_dispatch: + types: [trigger-workflow] + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build Docker Image + run: docker build -t berkeleytime-backend ./backend/ + - name: Tag Docker Image + run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} + - name: Push Docker Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: hozer-51.ocf.berkeley.edu + username: root + key: ${{ secrets.SSH_KEY }} + port: 22 + script: | + helm install bt-prod-app-${{ github.sha }} ./app --namespace=bt \ + --set host=prod.stanfurdtime.com \ + --set mongoUri=mongodb://bt-prod-mongo-mongodb.bt.svc.cluster.local:27017/bt \ + --set redisUri=redis://bt-prod-redis-master.bt.svc.cluster.local:6379 \ + --set nodeEnv=development From c6c37cc2106abf092867ab3804798fac26d0b055 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:14:59 -0700 Subject: [PATCH 69/78] Update cd-prod.yml --- .github/workflows/cd-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml index ccef726ed..aaab854bd 100644 --- a/.github/workflows/cd-prod.yml +++ b/.github/workflows/cd-prod.yml @@ -1,5 +1,5 @@ name: - Deploy to Staging + Deploy to Prod on: repository_dispatch: From 15f27f419e0bbde40ccf3c269c2d1d9be0aca329 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:18:33 -0700 Subject: [PATCH 70/78] Create cd-staging.yml --- .github/workflows/cd-staging.yml | 41 ++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/cd-staging.yml diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml new file mode 100644 index 000000000..d7da3ebdd --- /dev/null +++ b/.github/workflows/cd-staging.yml @@ -0,0 +1,41 @@ +name: + Deploy to Staging + +on: + push: + branches: [ master ] + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build Backend Image + run: docker build -t berkeleytime-backend ./backend/ + - name: Tag Backend Image + run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:staging + - name: Push Backend Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:staging + - name: Build Frontend Image + run: docker build -t berkeleytime-frontend ./frontend/ + - name: Tag Frontend Image + run: docker tag berkeleytime-frontend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-frontend:staging + - name: Push Frontend Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-frontend:staging + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: hozer-51.ocf.berkeley.edu + username: root + key: ${{ secrets.SSH_KEY }} + port: 22 + script: | + kubectl rollout restart deployment bt-staging-app-backend + kubectl rollout restart deployment bt-staging-app-frontend From 701edd921f353ab34a2687a594d3dd7787c3f7e9 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:20:28 -0700 Subject: [PATCH 71/78] Update cd-prod.yml --- .github/workflows/cd-prod.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml index aaab854bd..f6450d85e 100644 --- a/.github/workflows/cd-prod.yml +++ b/.github/workflows/cd-prod.yml @@ -17,12 +17,18 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build Docker Image + - name: Build Backend Image run: docker build -t berkeleytime-backend ./backend/ - - name: Tag Docker Image - run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} - - name: Push Docker Image - run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} + - name: Tag Backend Image + run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:prod + - name: Push Backend Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:prod + - name: Build Frontend Image + run: docker build -t berkeleytime-frontend ./frontend/ + - name: Tag Frontend Image + run: docker tag berkeleytime-frontend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-frontend:prod + - name: Push Frontend Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-frontend:prod - name: executing remote ssh commands using ssh key uses: appleboy/ssh-action@v1.0.3 with: @@ -31,8 +37,5 @@ jobs: key: ${{ secrets.SSH_KEY }} port: 22 script: | - helm install bt-prod-app-${{ github.sha }} ./app --namespace=bt \ - --set host=prod.stanfurdtime.com \ - --set mongoUri=mongodb://bt-prod-mongo-mongodb.bt.svc.cluster.local:27017/bt \ - --set redisUri=redis://bt-prod-redis-master.bt.svc.cluster.local:6379 \ - --set nodeEnv=development + kubectl rollout restart deployment bt-prod-app-backend + kubectl rollout restart deployment bt-prod-app-frontend From e1717bc8529eb8b90b0bf53f7c8caac136bbfeca Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:21:29 -0700 Subject: [PATCH 72/78] Update and rename cd-branch.yml to cd-dev.yml --- .github/workflows/{cd-branch.yml => cd-dev.yml} | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) rename .github/workflows/{cd-branch.yml => cd-dev.yml} (74%) diff --git a/.github/workflows/cd-branch.yml b/.github/workflows/cd-dev.yml similarity index 74% rename from .github/workflows/cd-branch.yml rename to .github/workflows/cd-dev.yml index e06836a7f..54a41c3de 100644 --- a/.github/workflows/cd-branch.yml +++ b/.github/workflows/cd-dev.yml @@ -17,12 +17,18 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build Docker Image + - name: Build Backend Image run: docker build -t berkeleytime-backend ./backend/ - - name: Tag Docker Image + - name: Tag Backend Image run: docker tag berkeleytime-backend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} - - name: Push Docker Image + - name: Push Backend Image run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-backend:${{ github.sha }} + - name: Build Frontend Image + run: docker build -t berkeleytime-frontend ./frontend/ + - name: Tag Frontend Image + run: docker tag berkeleytime-frontend ${{ secrets.DOCKER_USERNAME }}/berkeleytime-frontend:${{ github.sha }} + - name: Push Frontend Image + run: docker push ${{ secrets.DOCKER_USERNAME }}/berkeleytime-frontend:${{ github.sha }} - name: executing remote ssh commands using ssh key uses: appleboy/ssh-action@v1.0.3 with: From 46a3bb13ca4ad36792c179793ec787d75e2437f6 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 23 Jun 2024 17:37:11 -0700 Subject: [PATCH 73/78] Update update-catalog.ts --- backend/src/scripts/update-catalog.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/scripts/update-catalog.ts b/backend/src/scripts/update-catalog.ts index 0cc041e5c..1ffda9790 100644 --- a/backend/src/scripts/update-catalog.ts +++ b/backend/src/scripts/update-catalog.ts @@ -80,7 +80,7 @@ const updateCourses = async () => { } })); - const options = { strict: 'throw' } as MongooseBulkWriteOptions; + const options = { strict: 'throw' } as unknown as MongooseBulkWriteOptions; const res = await CourseModel.bulkWrite(bulkOps, options); @@ -117,7 +117,7 @@ const updateClasses = async () => { } })); - const options = { strict: 'throw' } as MongooseBulkWriteOptions; + const options = { strict: 'throw' } as unknown as MongooseBulkWriteOptions; const res = await ClassModel.bulkWrite(bulkOps, options); @@ -180,4 +180,4 @@ const updateSections = async () => { } process.exit(0); -})(); \ No newline at end of file +})(); From c988a359ca24512c49abc38469d3b983294086fe Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 23 Jun 2024 17:41:43 -0700 Subject: [PATCH 74/78] Update update-catalog.ts --- backend/src/scripts/update-catalog.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/scripts/update-catalog.ts b/backend/src/scripts/update-catalog.ts index 1ffda9790..262f9da18 100644 --- a/backend/src/scripts/update-catalog.ts +++ b/backend/src/scripts/update-catalog.ts @@ -154,7 +154,7 @@ const updateSections = async () => { } })); - const options = { strict: 'throw' } as MongooseBulkWriteOptions; + const options = { strict: 'throw' } as unknown as MongooseBulkWriteOptions; const res = await SectionModel.bulkWrite(bulkOps, options); From 99263fddb9a91ecd8b56d10168001be92ffe5272 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 23 Jun 2024 17:51:35 -0700 Subject: [PATCH 75/78] Update update-catalog.ts --- backend/src/scripts/update-catalog.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/scripts/update-catalog.ts b/backend/src/scripts/update-catalog.ts index 262f9da18..c48fdb693 100644 --- a/backend/src/scripts/update-catalog.ts +++ b/backend/src/scripts/update-catalog.ts @@ -80,7 +80,7 @@ const updateCourses = async () => { } })); - const options = { strict: 'throw' } as unknown as MongooseBulkWriteOptions; + const options = { } as MongooseBulkWriteOptions; const res = await CourseModel.bulkWrite(bulkOps, options); @@ -117,7 +117,7 @@ const updateClasses = async () => { } })); - const options = { strict: 'throw' } as unknown as MongooseBulkWriteOptions; + const options = { } as MongooseBulkWriteOptions; const res = await ClassModel.bulkWrite(bulkOps, options); @@ -154,7 +154,7 @@ const updateSections = async () => { } })); - const options = { strict: 'throw' } as unknown as MongooseBulkWriteOptions; + const options = { } as MongooseBulkWriteOptions; const res = await SectionModel.bulkWrite(bulkOps, options); From c076b202ae6e542aa0a4b839913adec84298ea65 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 23 Jun 2024 18:05:02 -0700 Subject: [PATCH 76/78] Update Dockerfile --- frontend/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/Dockerfile b/frontend/Dockerfile index c3c211e5c..04538bcad 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -8,6 +8,6 @@ ENTRYPOINT npm start FROM dev AS prod RUN npm install -g serve -RUN npm run build +RUN npm run build || (cat /root/.npm/_logs/2024-06-24T00_52_43_746Z-debug.log && false) RUN rm -rf node_modules ENTRYPOINT npm run prod From e06b7590ba67932fd0d7b4694bed29625476f9ca Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 23 Jun 2024 18:09:14 -0700 Subject: [PATCH 77/78] Update Dockerfile --- frontend/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 04538bcad..de7e105ed 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -8,6 +8,7 @@ ENTRYPOINT npm start FROM dev AS prod RUN npm install -g serve -RUN npm run build || (cat /root/.npm/_logs/2024-06-24T00_52_43_746Z-debug.log && false) +RUN node -v +RUN npm run build RUN rm -rf node_modules ENTRYPOINT npm run prod From 1452389d4b7cb08d5fd01649c40a7d04cd6e6124 Mon Sep 17 00:00:00 2001 From: Chengming-Li <115936688+Chengming-Li@users.noreply.github.com> Date: Sun, 23 Jun 2024 18:12:59 -0700 Subject: [PATCH 78/78] Update cd-build-frontend.yml --- .github/workflows/cd-build-frontend.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cd-build-frontend.yml b/.github/workflows/cd-build-frontend.yml index a96c54a9a..8ef26fb99 100644 --- a/.github/workflows/cd-build-frontend.yml +++ b/.github/workflows/cd-build-frontend.yml @@ -16,6 +16,9 @@ jobs: - name: echo run: pwd + - name: node + run: node -v + - name: Build Docker Image run: docker build -t berkeleytime-frontend ./frontend/