diff --git a/kubernetes/full-create-and-install.sh b/kubernetes/full-create-and-install.sh index 0b2d8b6..d28631f 100755 --- a/kubernetes/full-create-and-install.sh +++ b/kubernetes/full-create-and-install.sh @@ -26,21 +26,21 @@ print_env() { echo "export NODE_POOL_NAME_AVS=$NODE_POOL_NAME_AVS" echo "export ZONE=$ZONE" echo "export FEATURES_CONF=$FEATURES_CONF" - echo "export AEROSPIKE_CR=$AEROSPIKE_CR" echo "export CHART_LOCATION=$CHART_LOCATION" + } # Function to set environment variables set_env_variables() { export WORKSPACE="$(pwd)" export PROJECT_ID="$(gcloud config get-value project)" - export CLUSTER_NAME="${PROJECT_ID}-avs-auth" + export CLUSTER_NAME="${PROJECT_ID}-avs-noauth" export NODE_POOL_NAME_AEROSPIKE="aerospike-pool" export NODE_POOL_NAME_AVS="avs-pool" export ZONE="us-central1-c" export FEATURES_CONF="$WORKSPACE/features.conf" - export AEROSPIKE_CR="$WORKSPACE/manifests/ssd_storage_cluster_cr.yaml" export BUILD_DIR="$WORKSPACE/generated" + export RUN_INSECURE=1 export REVERSE_DNS_AVS } @@ -50,9 +50,15 @@ reset_build() { temp_dir=$(mktemp -d /tmp/avs-deploy-previous.XXXXXX) mv -f "$BUILD_DIR" "$temp_dir" fi - mkdir -p "$BUILD_DIR/input" "$BUILD_DIR/output" "$BUILD_DIR/secrets" "$BUILD_DIR/certs" + mkdir -p "$BUILD_DIR/input" "$BUILD_DIR/output" "$BUILD_DIR/secrets" "$BUILD_DIR/certs" "$BUILD_DIR/manifests" cp "$FEATURES_CONF" "$BUILD_DIR/secrets/features.conf" - + if [[ "${RUN_INSECURE}" == 1 ]]; then + cp $WORKSPACE/manifests/avs-gke-values.yaml $BUILD_DIR/manifests/avs-gke-values.yaml + cp $WORKSPACE/manifests/aerospike-cr.yaml $BUILD_DIR/manifests/aerospike-cr.yaml + else + cp $WORKSPACE/manifests/avs-gke-values-auth.yaml $BUILD_DIR/manifests/avs-gke-values.yaml + cp $WORKSPACE/manifests/aerospike-cr-auth.yaml $BUILD_DIR/manifests/aerospike-cr.yaml + fi } generate_certs() { @@ -343,7 +349,7 @@ setup_aerospike() { kubectl apply -f https://raw.githubusercontent.com/aerospike/aerospike-kubernetes-operator/master/config/samples/storage/gce_ssd_storage_class.yaml echo "Deploying Aerospike cluster..." - kubectl apply -f "$AEROSPIKE_CR" + kubectl apply -f $BUILD_DIR/manifests/aerospike-cr.yaml } # Function to setup AVS node pool and namespace @@ -387,9 +393,9 @@ deploy_avs_helm_chart() { helm repo add aerospike-helm https://artifact.aerospike.io/artifactory/api/helm/aerospike-helm helm repo update if [ -z "$CHART_LOCATION" ]; then - helm install avs-gke --values "manifests/avs-gke-values.yaml" --namespace avs aerospike-helm/aerospike-vector-search --version 0.4.1 --wait + helm install avs-gke --values $BUILD_DIR/manifests/avs-gke-values.yaml --namespace avs aerospike-helm/aerospike-vector-search --version 0.4.1 --wait else - helm install avs-gke --values "manifests/avs-gke-values.yaml" --namespace avs "$CHART_LOCATION" --wait + helm install avs-gke --values $BUILD_DIR/manifests/avs-gke-values.yaml --namespace avs "$CHART_LOCATION" --wait fi } diff --git a/kubernetes/manifests/ssd_storage_cluster_cr.yaml b/kubernetes/manifests/aerospike-cr-auth.yaml similarity index 100% rename from kubernetes/manifests/ssd_storage_cluster_cr.yaml rename to kubernetes/manifests/aerospike-cr-auth.yaml diff --git a/kubernetes/manifests/aerospike-cr.yaml b/kubernetes/manifests/aerospike-cr.yaml new file mode 100644 index 0000000..8bef8b0 --- /dev/null +++ b/kubernetes/manifests/aerospike-cr.yaml @@ -0,0 +1,140 @@ +apiVersion: asdb.aerospike.com/v1 +kind: AerospikeCluster +metadata: + name: aerocluster + namespace: aerospike + +spec: + size: 3 + image: aerospike/aerospike-server-enterprise:7.0.0.0 + storage: + filesystemVolumePolicy: + initMethod: deleteFiles + cascadeDelete: true + blockVolumePolicy: + cascadeDelete: true + volumes: + - name: workdir + aerospike: + path: /opt/aerospike + source: + persistentVolume: + storageClass: ssd + volumeMode: Filesystem + size: 1Gi + - name: avs-meta + aerospike: + path: /avs/dev/xvdf + source: + persistentVolume: + storageClass: ssd + volumeMode: Block + size: 20Gi + + - name: ns + aerospike: + path: /test/dev/xvdf + source: + persistentVolume: + storageClass: ssd + volumeMode: Block + size: 20Gi + - name: aerospike-config-secret + source: + secret: + secretName: aerospike-secret + aerospike: + path: /etc/aerospike/secret + - name: aerospike-tls-config + source: + secret: + secretName: aerospike-tls + aerospike: + path: /etc/aerospike/ssl + + + podSpec: + sidecars: + - name: aerospike-prometheus-exporter + image: aerospike/aerospike-prometheus-exporter:v1.9.0 + ports: + - containerPort: 9145 + name: exporter + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: aerospike.com/node-pool + operator: In + values: + - "default-rack" + multiPodPerHost: false + + # aerospikeAccessControl: + # users: + # - name: admin + # secretName: auth-secret + # roles: + # - sys-admin + # - user-admin + # - name: tester + # secretName: auth-secret + # roles: + # - truncate + # - sindex-admin + # - user-admin + # - data-admin + # - read-write + # - read + # - write + # - read-write-udf + # - sys-admin + # - udf-admin + # operatorClientCert: + # secretCertSource: + # secretName: aerospike-tls + # caCertsFilename: ca.aerospike.com.pem + # clientCertFilename: asd.aerospike.com.pem + # clientKeyFilename: asd.aerospike.com.key + + aerospikeConfig: + service: + feature-key-file: /etc/aerospike/secret/features.conf + # security: {} + network: + service: + # port: 3000 + tls-name: asd.aerospike.com + tls-authenticate-client: "false" + tls-port: 4333 + fabric: + # port: 3001 + tls-name: asd.aerospike.com + tls-port: 3012 + heartbeat: + # port: 3002 + tls-name: asd.aerospike.com + tls-port: 3011 + tls: + - name: asd.aerospike.com + cert-file: /etc/aerospike/ssl/asd.aerospike.com.pem + key-file: /etc/aerospike/ssl/asd.aerospike.com.key + ca-file: /etc/aerospike/ssl/ca.aerospike.com.pem + namespaces: + - name: test + replication-factor: 2 + storage-engine: + type: device + devices: + - /test/dev/xvdf + + - name: avs-meta + nsup-period: 600 + nsup-threads: 2 + evict-tenths-pct: 5 + replication-factor: 2 + storage-engine: + type: device + devices: + - /avs/dev/xvdf \ No newline at end of file diff --git a/kubernetes/manifests/avs-gke-values-auth.yaml b/kubernetes/manifests/avs-gke-values-auth.yaml new file mode 100644 index 0000000..40c0025 --- /dev/null +++ b/kubernetes/manifests/avs-gke-values-auth.yaml @@ -0,0 +1,129 @@ +replicaCount: 3 +aerospikeVectorSearchConfig: + cluster: + cluster-name: "avs-db-1" + feature-key-file: "/etc/aerospike-vector-search/secrets/features.conf" + service: + metadata-namespace: "avs-meta" + ports: + 5433: + addresses: + "0.0.0.0" + tls-id: service-tls + manage: + ports: + 5040: { } + + heartbeat: + seeds: + - address: avs-gke-aerospike-vector-search-0.avs-gke-aerospike-vector-search.avs.svc.cluster.local +# port: 5001 + port: 5444 + interconnect: + client-tls-id: interconnect-tls + ports: + 5444: + addresses: + "0.0.0.0" + tls-id: interconnect-tls +# ports: +# 5001: +# addresses: +# "0.0.0.0" + storage: + client-policy: +# cluster-name: aerocluster +# max-conns-per-node: 1000 + tls-id: aerospike-tls + credentials: + username: tester + password-file: "/etc/aerospike-vector-search/secrets/aerospike-password.txt" + seeds: + - aerocluster-0-0.aerocluster.aerospike.svc.cluster.local: +# port: 3000 + port: 4333 + tls-name: "asd.aerospike.com" + security: + auth-token: + private-key: "/etc/aerospike-vector-search/secrets/private_key.pem" + private-key-password: "/etc/aerospike-vector-search/secrets/client-password.txt" + public-key: "/etc/aerospike-vector-search/secrets/public_key.pem" + tls: + service-tls: + trust-store: + store-file: /etc/ssl/certs/ca.aerospike.com.truststore.jks + store-password-file: /etc/ssl/certs/storepass + key-password-file: "/etc/ssl/certs/keypass" + key-store: + store-file: /etc/ssl/certs/svc.aerospike.com.keystore.jks + store-password-file: /etc/ssl/certs/storepass + key-password-file: /etc/ssl/certs/keypass +# override-tls-hostname: avs-gke-aerospike-vector-search-0.avs-gke-aerospike-vector-search.aerospike.svc.cluster.local + + interconnect-tls: + trust-store: + store-file: /etc/ssl/certs/ca.aerospike.com.truststore.jks + store-password-file: /etc/ssl/certs/storepass + key-password-file: "/etc/ssl/certs/keypass" + key-store: + store-file: /etc/ssl/certs/avs.aerospike.com.keystore.jks + store-password-file: /etc/ssl/certs/storepass + key-password-file: /etc/ssl/certs/keypass + override-tls-hostname: avs.aerospike.com + + aerospike-tls: + trust-store: + store-file: "/etc/ssl/certs/ca.aerospike.com.truststore.jks" + store-password-file: "/etc/ssl/certs/storepass" + key-password-file: "/etc/ssl/certs/keypass" + key-store: + store-file: "/etc/ssl/certs/avs.aerospike.com.keystore.jks" + store-password-file: "/etc/ssl/certs/storepass" + key-password-file: "/etc/ssl/certs/keypass" +# override-tls-hostname: "asd.aerospike.com" + logging: + # file: /var/log/aerospike-vector-search/aerospike-vector-search.log + enable-console-logging: false + format: simple + max-history: 30 + levels: + metrics-ticker: debug + root: info + ticker-interval: 10 + +securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 +image: + repository: "aerospike/aerospike-vector-search" + pullPolicy: "IfNotPresent" + # Overrides the image tag whose default is the chart appVersion. + tag: "0.9.0" +extraSecretVolumeMounts: + - name: aerospike-tls + mountPath: "/etc/ssl/certs" + readOnly: true + +extraVolumes: + - name: aerospike-tls + secret: + secretName: aerospike-tls + optional: false +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: aerospike.com/node-pool + operator: In + values: + - "avs" +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - topologyKey: "kubernetes.io/hostname" +# labelSelector: +# matchExpressions: +# - key: "app.kubernetes.io/name" +# operator: In +# values: +# - "aerospike-vector-search" diff --git a/kubernetes/manifests/avs-gke-values.yaml b/kubernetes/manifests/avs-gke-values.yaml index 40c0025..3700be1 100644 --- a/kubernetes/manifests/avs-gke-values.yaml +++ b/kubernetes/manifests/avs-gke-values.yaml @@ -43,11 +43,11 @@ aerospikeVectorSearchConfig: # port: 3000 port: 4333 tls-name: "asd.aerospike.com" - security: - auth-token: - private-key: "/etc/aerospike-vector-search/secrets/private_key.pem" - private-key-password: "/etc/aerospike-vector-search/secrets/client-password.txt" - public-key: "/etc/aerospike-vector-search/secrets/public_key.pem" + # security: + # auth-token: + # private-key: "/etc/aerospike-vector-search/secrets/private_key.pem" + # private-key-password: "/etc/aerospike-vector-search/secrets/client-password.txt" + # public-key: "/etc/aerospike-vector-search/secrets/public_key.pem" tls: service-tls: trust-store: