VEC-436 add kubernetes support for deploying node roles GKE and Insec…

…ure only (#76) Currently node types each have own helm chart. 2 query and 1 update --------- Co-authored-by: Adam Hevenor <[email protected]>
aerospike · Dec 9, 2024 · 93c9a62 · 93c9a62
1 parent 867a248
commit 93c9a62
Show file tree

Hide file tree

Showing 6 changed files with 801 additions and 96 deletions.
diff --git a/.gitignore b/.gitignore
@@ -167,3 +167,4 @@ features.conf
 
 # Kubernetes default generated dir
 /kubernetes/generated
+/kubernetes/logs/*
diff --git a/kubernetes/full-create-and-install-gke.sh b/kubernetes/full-create-and-install-gke.sh
@@ -12,18 +12,17 @@ WORKSPACE="$(pwd)"
 PROJECT_ID="$(gcloud config get-value project)"
 # Prepend the current username to the cluster name
 USERNAME=$(whoami)
-
+CHART_VERSION="0.7.0"
 # Default values
 DEFAULT_CLUSTER_NAME_SUFFIX="avs"
-RUN_INSECURE=1  # Default value for insecure mode (false meaning secure with auth + tls)
 
 # Function to display the script usage
 usage() {
     echo "Usage: $0 [options]"
     echo "Options:"
     echo "  --chart-location, -l <path>  If specified expects a local directory for AVS Helm chart (default: official repo)"
     echo "  --cluster-name, -c <name>    Override the default cluster name (default: ${USERNAME}-${PROJECT_ID}-${DEFAULT_CLUSTER_NAME_SUFFIX})"
-    echo "  --run-insecure, -r           Run setup cluster without auth or tls. No argument required."
+    echo "  --run-insecure, -i           Run setup cluster without auth or tls. No argument required."
     echo "  --help, -h                   Show this help message"
     exit 1
 }
@@ -33,7 +32,7 @@ while [[ "$#" -gt 0 ]]; do
     case $1 in
         --chart-location|-l) CHART_LOCATION="$2"; shift 2 ;;
         --cluster-name|-c) CLUSTER_NAME_OVERRIDE="$2"; shift 2 ;;
-        --run-insecure|-r) RUN_INSECURE=1; shift ;;   # just flag no argument
+        --run-insecure|-i) RUN_INSECURE=1; shift ;;   # just flag no argument
         --help|-h) usage ;;  # Display the help/usage if --help or -h is passed
         *) echo "Unknown parameter passed: $1"; usage ;;  # Unknown parameter triggers usage
     esac
@@ -77,12 +76,12 @@ reset_build() {
         mv -f "$BUILD_DIR" "$temp_dir"
     fi
     mkdir -p "$BUILD_DIR/input" "$BUILD_DIR/output" "$BUILD_DIR/secrets" "$BUILD_DIR/certs" "$BUILD_DIR/manifests"
-    cp "$FEATURES_CONF" "$BUILD_DIR/secrets/features.conf"
-    if [[ "${RUN_INSECURE}" == 1 ]]; then
-        cp $WORKSPACE/manifests/avs-values.yaml $BUILD_DIR/manifests/avs-values.yaml
-        cp $WORKSPACE/manifests/aerospike-cr.yaml $BUILD_DIR/manifests/aerospike-cr.yaml
-    else
-        cp $WORKSPACE/manifests/avs-values-auth.yaml $BUILD_DIR/manifests/avs-values.yaml
+    cp "$FEATURES_CONF" "$BUILD_DIR/secrets/features.conf"   
+    cp "$WORKSPACE/manifests/avs-values.yaml" "$BUILD_DIR/manifests/avs-values.yaml"    
+    cp "$WORKSPACE/manifests/aerospike-cr.yaml" "$BUILD_DIR/manifests/aerospike-cr.yaml"
+
+# override aerospike-cr.yaml with secure version if run insecure not specified
+    if [[ "${RUN_INSECURE}" != 1 ]]; then
         cp $WORKSPACE/manifests/aerospike-cr-auth.yaml $BUILD_DIR/manifests/aerospike-cr.yaml
     fi
 }
@@ -281,6 +280,12 @@ generate_certs() {
 
 # Function to create GKE cluster
 create_gke_cluster() {
+    if ! gcloud container clusters describe "$CLUSTER_NAME" --zone "$ZONE" &> /dev/null; then
+        echo "Cluster $CLUSTER_NAME does not exist. Creating..."
+    else
+        echo "Cluster $CLUSTER_NAME already exists. Skipping creation."
+        return
+    fi
     echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting GKE cluster creation..."
     if ! gcloud container clusters create "$CLUSTER_NAME" \
         --project "$PROJECT_ID" \
@@ -334,16 +339,29 @@ create_gke_cluster() {
         xargs -I {} kubectl label {} aerospike.com/node-pool=avs --overwrite
 
     echo "Setting up namespaces..."
-    kubectl create namespace aerospike
-    kubectl create namespace avs
 }
 
-# Function to create Aerospike node pool and deploy AKO
+
 setup_aerospike() {
+    kubectl create namespace aerospike || true  # Idempotent namespace creation
 
     echo "Deploying Aerospike Kubernetes Operator (AKO)..."
-    curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/install.sh | bash -s v0.25.0
-    kubectl create -f https://operatorhub.io/install/aerospike-kubernetes-operator.yaml
+
+    if ! kubectl get ns olm &> /dev/null; then
+        echo "Installing OLM..."
+        curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/install.sh | bash -s v0.25.0
+    else
+        echo "OLM is already installed in olm namespace. Skipping installation."
+    fi
+
+    # Check if the subscription already exists
+    if ! kubectl get subscription my-aerospike-kubernetes-operator --namespace operators &> /dev/null; then
+        echo "Installing AKO subscription..."
+        kubectl create -f https://operatorhub.io/install/aerospike-kubernetes-operator.yaml
+    else
+        echo "AKO subscription already exists. Skipping installation."
+    fi
+
 
     echo "Waiting for AKO to be ready..."
     while true; do
@@ -378,14 +396,15 @@ setup_aerospike() {
 
 # Function to setup AVS node pool and namespace
 setup_avs() {
-
+    kubectl create namespace avs
 
     echo "Setting secrets for AVS cluster..."
     kubectl --namespace avs create secret generic auth-secret --from-literal=password='admin123'
     kubectl --namespace avs create secret generic aerospike-tls \
         --from-file="$BUILD_DIR/certs"
     kubectl --namespace avs create secret generic aerospike-secret \
         --from-file="$BUILD_DIR/secrets"
+
 }
 
 # Function to optionally deploy Istio
@@ -404,23 +423,35 @@ deploy_istio() {
 
     kubectl apply -f manifests/istio/gateway.yaml
     kubectl apply -f manifests/istio/avs-virtual-service.yaml
- }
+}
 
 get_reverse_dns() {
     INGRESS_IP=$(kubectl get svc istio-ingress -n istio-ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
     REVERSE_DNS_AVS=$(dig +short -x $INGRESS_IP)
     echo "Reverse DNS: $REVERSE_DNS_AVS"
 }
+
 # Function to deploy AVS Helm chart
 deploy_avs_helm_chart() {
     echo "Deploying AVS Helm chart..."
     helm repo add aerospike-helm https://artifact.aerospike.io/artifactory/api/helm/aerospike-helm
     helm repo update
-    if [ -z "$CHART_LOCATION" ]; then
-        helm install avs-app --values $BUILD_DIR/manifests/avs-values.yaml --namespace avs aerospike-helm/aerospike-vector-search --version 0.6.0 --wait
-    else
-        helm install avs-app --values $BUILD_DIR/manifests/avs-values.yaml --namespace avs "$CHART_LOCATION" --wait
-    fi
+# Installs AVS query nodes    
+    helm install avs-app aerospike-helm/aerospike-vector-search\
+        --set replicaCount=2 \
+        --set aerospikeVectorSearchConfig.cluster.node-roles[0]=query \
+        --values $BUILD_DIR/manifests/avs-values.yaml \
+        --namespace avs\
+        --version $CHART_VERSION\
+        --atomic --wait
+# Install AVS index-update node
+    helm install avs-app-update aerospike-helm/aerospike-vector-search\
+        --set replicaCount=1 \
+        --set aerospikeVectorSearchConfig.cluster.node-roles[0]=index-update \
+        --values $BUILD_DIR/manifests/avs-values.yaml \
+        --namespace avs\
+        --version $CHART_VERSION\
+        --atomic --wait
 }
 
 # Function to setup monitoring
@@ -461,12 +492,12 @@ main() {
     print_env
     reset_build
     create_gke_cluster
+    setup_aerospike
     deploy_istio
     get_reverse_dns
     if [[ "${RUN_INSECURE}" != 1 ]]; then
         generate_certs
     fi
-    setup_aerospike
     setup_avs
     deploy_avs_helm_chart
     setup_monitoring
Original file line number	Diff line number	Diff line change
Expand Up		@@ -167,3 +167,4 @@ features.conf

		# Kubernetes default generated dir
		/kubernetes/generated
		/kubernetes/logs/*