Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Streamline deployment of GESIS stage server #3090

Closed
wants to merge 133 commits into from
Closed

Streamline deployment of GESIS stage server #3090

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
133 commits
Select commit Hold shift + click to select a range
ddbfe6d
Add Ansible inventory for GESIS stage cluster
rgaiacs Sep 6, 2024
2eee2cb
Add k8s-common role
rgaiacs Sep 6, 2024
0b9eee2
Add Ansible playbook for GESIS
rgaiacs Sep 6, 2024
751696b
Add GitLab CI Kubernetes agent for stage
rgaiacs Sep 6, 2024
96e940a
Add GitLab CI
rgaiacs Sep 6, 2024
43bec3a
Add Ansible vault
rgaiacs Sep 6, 2024
ce9454c
Remove manual option for GitLab CI
rgaiacs Sep 6, 2024
9944c78
Remove ssh-key-type from GitLab CI
rgaiacs Sep 6, 2024
239265c
Upgrade Ansible Component
rgaiacs Sep 6, 2024
12ae72e
Upgrade Ansible Component
rgaiacs Sep 6, 2024
f58e1c8
Add smoke test
rgaiacs Sep 6, 2024
6048419
Add EditorConfig
rgaiacs Sep 6, 2024
abe6e30
Fix warming from Ansible
rgaiacs Sep 6, 2024
0db8dfe
Remove rules for debug
rgaiacs Sep 6, 2024
7633776
Fix Ansible Vault
rgaiacs Sep 6, 2024
36b439d
Fix SSH key type
rgaiacs Sep 6, 2024
b279cdf
Enable root for Ansible
rgaiacs Sep 6, 2024
e798169
Configure Kubernetes control panel
rgaiacs Sep 6, 2024
ad735b2
Configure Kubernetes worker
rgaiacs Sep 6, 2024
b94c011
Configure kernels modules at boot
rgaiacs Sep 6, 2024
dc19c9b
Configure Calico
rgaiacs Sep 6, 2024
53aa48e
Configure JupyterHub worker
rgaiacs Sep 6, 2024
8dbd358
Add labels to Kubernetes nodes
rgaiacs Sep 6, 2024
dbe21b4
Fix Ansible warnings
rgaiacs Sep 6, 2024
917c589
Fix path to calico custom resources
rgaiacs Sep 6, 2024
ec4f3bf
Fix loopup based on ChatGPT answer
rgaiacs Sep 6, 2024
bcc2690
Fix missing / in path
rgaiacs Sep 6, 2024
d9212da
Fix file location
rgaiacs Sep 6, 2024
789c5e6
Add shebang to file
rgaiacs Sep 6, 2024
e5a60ed
Add more configuration to Kubernetes control node
rgaiacs Sep 6, 2024
567afe4
Configure Helm deploy
rgaiacs Sep 6, 2024
0dc8898
Remove GitLab CI conditions
rgaiacs Sep 6, 2024
8290bba
Fix Helm lint
rgaiacs Sep 6, 2024
5bcf27d
Fix Helm lint
rgaiacs Sep 6, 2024
9d1201a
Move helm lint to deploy
rgaiacs Sep 6, 2024
b2f4022
Deploy secondary Helm chart
rgaiacs Sep 6, 2024
cb94204
More Helm configuration
rgaiacs Sep 6, 2024
c89ff4b
Fix Docker registry
rgaiacs Sep 6, 2024
2e491b6
Fix shell for loop
rgaiacs Sep 6, 2024
4390d7f
Fix another shell for loop
rgaiacs Sep 6, 2024
2abfa0a
Fix name of helm release
rgaiacs Sep 6, 2024
3c9aaf1
Add hosts to Helm configuration
rgaiacs Sep 6, 2024
165d060
Clean git repository
rgaiacs Sep 6, 2024
44556ab
Do a clean clone of repository
rgaiacs Sep 6, 2024
3ed6fb9
Fix Helm lint
rgaiacs Sep 6, 2024
34caf68
Install Cert Manager
rgaiacs Sep 6, 2024
a4fd805
Add ingress-nginx
rgaiacs Sep 6, 2024
25b3e61
Fix NGINX ingress resources
rgaiacs Sep 6, 2024
6c20fe1
Remove duplicated resource
rgaiacs Sep 6, 2024
824fdac
Change externalTrafficPolicy
rgaiacs Sep 6, 2024
fed5547
Reduce replica
rgaiacs Sep 6, 2024
1b006a5
Remove externalTrafficPolicy
rgaiacs Sep 6, 2024
0cd6d58
Add nodeSelector to Helm
rgaiacs Sep 6, 2024
46798b3
Temporarlily remove svko-css-backup-node
rgaiacs Sep 20, 2024
e751c6a
Isolate Container Network Interface configuration
rgaiacs Sep 20, 2024
9555f59
Improve version of Kubernetes
rgaiacs Sep 23, 2024
3e2b781
Fix typo
rgaiacs Sep 23, 2024
8385101
Upgrade Helm version
rgaiacs Sep 23, 2024
369dadc
Fix version matching
rgaiacs Sep 23, 2024
ec82162
Restore Calico
rgaiacs Sep 23, 2024
89639cc
Upgrade Calico
rgaiacs Sep 23, 2024
9b52694
Fix wrong indentation
rgaiacs Sep 23, 2024
ede9196
Fix cannot unmarshal bool into Go struct field
rgaiacs Sep 23, 2024
df42101
Comment Tigera
rgaiacs Sep 23, 2024
99de37e
Deploy same helm chart twice
rgaiacs Sep 23, 2024
c5057b0
Fix typo
rgaiacs Sep 23, 2024
0363cc2
Use inventory name for GitLab agent
rgaiacs Sep 23, 2024
53307a0
Fix Calico IP pools
rgaiacs Sep 23, 2024
ab28076
Run chartpress
rgaiacs Sep 23, 2024
7eed54a
Change to use Alpine
rgaiacs Sep 23, 2024
a379b89
Install missing Git to Alpine
rgaiacs Sep 23, 2024
089718d
Add missing Docker to Alpine
rgaiacs Sep 23, 2024
2a30931
Add missing helm
rgaiacs Sep 23, 2024
51535cf
Add Docker in Docker service
rgaiacs Sep 23, 2024
7087dd2
Revert creation of release number
rgaiacs Sep 23, 2024
ab77b7f
Fix typo
rgaiacs Sep 23, 2024
b6144d1
Fix CLOUD_SDK_MISSING_CREDENTIALS
rgaiacs Sep 23, 2024
54b9510
Avoid Helm deployment
rgaiacs Sep 11, 2024
0e1cd7c
Upgrade Kubernetes
rgaiacs Sep 11, 2024
66906db
Add configuration files from Pixi
rgaiacs Sep 24, 2024
f9bb594
Add variables to inventory
rgaiacs Sep 24, 2024
ca5a800
Checkout changes from older branch
rgaiacs Sep 24, 2024
1ff8ad6
Add new Ansible vault
rgaiacs Sep 24, 2024
a189664
Restore GitLab CI
rgaiacs Sep 24, 2024
3267f34
Add secret volume to deployment
rgaiacs Sep 24, 2024
7e547dd
Add MetalLB to deployment
rgaiacs Sep 24, 2024
b9e6479
Add IP Address Pool
rgaiacs Sep 24, 2024
6ed8984
Fix MetalLB IP Address Pool
rgaiacs Sep 24, 2024
6ba5968
Add MetalLb advertisement
rgaiacs Sep 24, 2024
25b932a
Use variable for IP pool
rgaiacs Sep 24, 2024
49e0f6f
Disable MetalLB speaker
rgaiacs Sep 24, 2024
47572e2
Fix MetalLB name
rgaiacs Sep 24, 2024
bb5db91
Enable MetalDB speakers
rgaiacs Sep 24, 2024
93ec46d
Use IP range for MetalLB
rgaiacs Sep 24, 2024
28c0d8e
Add placeholder for GESIS documentation
rgaiacs Sep 24, 2024
d7c348d
Document load balancer
rgaiacs Sep 25, 2024
5b2e10e
Mention GitLab CI
rgaiacs Sep 25, 2024
674798f
Update GitLab CI
rgaiacs Sep 25, 2024
26dc100
Fix GitLab CI
rgaiacs Sep 25, 2024
5ce49a9
Fix stage names in GitLab CI
rgaiacs Sep 25, 2024
e240f58
pixi run pre-commit run -a
rgaiacs Sep 25, 2024
bbd180a
Rename stages
rgaiacs Jan 2, 2025
62c8f19
Add role for Harbor
rgaiacs Jan 2, 2025
77c8c5f
Add missing $ to the name of variable
rgaiacs Jan 2, 2025
29b52e6
Fix name of GitLab CI definition
rgaiacs Jan 2, 2025
6492acf
Add missing $ to the name of variable
rgaiacs Jan 2, 2025
834df81
Fix lint errors
rgaiacs Jan 2, 2025
cce9d24
Remove white space from file name
rgaiacs Jan 2, 2025
6e10155
Add missing information to Helm deploy
rgaiacs Jan 2, 2025
6685c92
Add missing variable
rgaiacs Jan 2, 2025
f37f52c
Update storage class name
rgaiacs Jan 2, 2025
34eda4a
Fix name of storage unit
rgaiacs Jan 2, 2025
ac60a4f
Use variable for harbor version
rgaiacs Jan 2, 2025
38ca8e4
Fix metadata for PersistentVolume
rgaiacs Jan 2, 2025
f30d28a
Fix persistent volume
rgaiacs Jan 2, 2025
7bbbc30
Update values for Harbor Helm chart
rgaiacs Jan 2, 2025
cf7dda7
Fix typo in GitLab CI
rgaiacs Jan 3, 2025
9850e9a
Update GitLab CI rules
rgaiacs Jan 3, 2025
60b4269
Improve GitLab CI
rgaiacs Jan 3, 2025
306c7b3
Fix GitLab CI
rgaiacs Jan 3, 2025
1f15674
Change type of expose for Harbor
rgaiacs Jan 2, 2025
7da0eee
Merge branch '18-configure-access-harbor' into 'gesis'
rgaiacs Jan 3, 2025
34094e0
Update value of Ansible K8S_INGRESS
rgaiacs Jan 3, 2025
7393b63
Merge branch '18-configure-access-harbor' into 'gesis'
rgaiacs Jan 3, 2025
4f516f7
Change Harbor expose type to ClusterIP
rgaiacs Jan 3, 2025
67c29df
Configure Ingress NGINX
rgaiacs Jan 3, 2025
15e45d8
Merge branch '18-ingress' into 'gesis'
rgaiacs Jan 3, 2025
00446b2
Fix Kubernetes configuration file is group-readable
rgaiacs Jan 3, 2025
2d90927
Force update Helm repository
rgaiacs Jan 3, 2025
14e1087
Merge branch '18-ingress-fix' into 'gesis'
rgaiacs Jan 3, 2025
a201407
Configure Ingress for Harbor
rgaiacs Jan 3, 2025
26aec89
Merge branch '18-add-ingress-resource' into 'gesis'
rgaiacs Jan 3, 2025
60d4e61
Improve use of Ansible roles variables
rgaiacs Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
root = true

[ansible/**]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
2 changes: 2 additions & 0 deletions .gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
**/secrets/** filter=git-crypt diff=git-crypt
# GitHub syntax highlighting
pixi.lock linguist-language=YAML linguist-generated=true
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,6 @@ travis/crypt-key
env

.terraform
# pixi environments
.pixi
*.egg-info
150 changes: 150 additions & 0 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
variables:
GIT_STRATEGY: clone
GIT_CLEAN_FLAGS: "-ffdx"

stages:
- lint
- deploy-acceptance-ansible
- deploy-acceptance-helm
- test-acceptance
- deploy-production-nginx
- deploy-production-helm

.gesis-manual-web:
rules:
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == 'web'
when: manual
allow_failure: true

.gesis-merge-request:
rules:
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == "merge_request_event"
changes:
- .gitlab.yml
when: manual
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == "merge_request_event"
changes:
- ansible/**/*
- mybinder/**/*
- config/**/*
- secrets/**/*

.gesis-push-main:
rules:
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == 'main'

.gesis-push-gesis:
rules:
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == 'gesis'

include:
- component: $CI_SERVER_FQDN/rse/docker/images/ansible/[email protected]
inputs:
stage: lint
dir: ansible

- component: $CI_SERVER_FQDN/rse/docker/images/ansible/[email protected]
inputs:
stage: deploy-acceptance-ansible
dir: ansible
inventory: gesis-acceptance
playbook: gesis.yml
ssh-user: ansible
ssh-key-type: ed25519
rules:
- if: $CI_SERVER_HOST == "git.gesis.org" && $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == 'main'
- if: $CI_SERVER_HOST == 'git.gesis.org' && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == 'gesis'

.gesis helm deploy:
image:
name: docker-private.gesis.intra/gesis/ilcm/orc2/k8s:latest
entrypoint: [""]
rules:
- if: $CI_SERVER_HOST == "git.gesis.org"
variables:
HELM_ENVIRONMENT: template
script:
- cat $git_crypt_secret_key | base64 -d > git_crypt_secret_key
- git-crypt unlock git_crypt_secret_key
- kubectl config use-context ${CI_PROJECT_PATH}:${HELM_ENVIRONMENT}
- helm version
- |
for d in ./mybinder*/; do
helm dependency update "$d";
done
# - |
# for chart in mybinder-kube-system mybinder-tigera-operator; do
# helm upgrade \
# ${chart:9} ./${chart} \
# --cleanup-on-fail \
# --create-namespace \
# --history-max 3 \
# --install \
# --namespace=${chart};
# done
- |
helm lint ./mybinder \
--values ./config/gesis-${HELM_ENVIRONMENT}.yaml \
--values ./secrets/config/common/common.yaml \
--values ./secrets/config/common/cryptnono.yaml \
--values ./secrets/config/common/gesis.yaml \
--values ./secrets/config/gesis-${HELM_ENVIRONMENT}.yaml
- |
helm upgrade \
binderhub ./mybinder \
--cleanup-on-fail \
--create-namespace \
--history-max 3 \
--install \
--namespace=gesis \
--render-subchart-notes \
--values ./config/gesis-${HELM_ENVIRONMENT}.yaml \
--values ./secrets/config/common/common.yaml \
--values ./secrets/config/common/cryptnono.yaml \
--values ./secrets/config/common/gesis.yaml \
--values ./secrets/config/gesis-${HELM_ENVIRONMENT}.yaml

gesis helm acceptance deploy:
resource_group: acceptance
stage: deploy-acceptance-helm
rules:
- !reference [.gesis-manual-web, rules]
- !reference [.gesis-merge-request, rules]
- !reference [.gesis-push-main, rules]
- !reference [.gesis-push-gesis, rules]
variables:
HELM_ENVIRONMENT: acceptance
extends:
- .gesis helm deploy

.gesis helm production deploy:
resource_group: production
stage: deploy-production-helm
rules:
- !reference [.gesis-manual-web, rules]
- !reference [.gesis-push-main, rules]
- !reference [.gesis-push-gesis, rules]
variables:
HELM_ENVIRONMENT: stage
extends:
- .gesis helm deploy

.smoke test:
stage: test-acceptance
variables:
INTERACTIVE_URL: url
script:
- curl $INTERACTIVE_URL

smoke test to acceptance cluster:
stage: test-acceptance
rules:
- !reference [.gesis-manual-web, rules]
- !reference [.gesis-merge-request, rules]
- !reference [.gesis-push-main, rules]
- !reference [.gesis-push-gesis, rules]
variables:
INTERACTIVE_URL: https://notebooks-test.gesis.org/binder/
extends:
- .smoke test
3 changes: 3 additions & 0 deletions .gitlab/agents/stage/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
ci_access:
projects:
- id: methods-hub/interactive-environment
46 changes: 46 additions & 0 deletions ansible/gesis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
- name: Configure servers that are part of Kubernetes cluster
hosts: all
gather_facts: false
become: true
roles:
- k8s-common
- name: Configure Kubernetes control panel
hosts: kubernetes_control_panel
gather_facts: false
become: true
roles:
- role: k8s-control-panel
vars:
k8s_control_panel_addresses_begin: '{{ K8S_INGRESS }}'
k8s_control_panel_addresses_end: '{{ K8S_INGRESS }}'
- name: Configure Kubernetes workers
hosts: kubernetes_workers
gather_facts: false
become: true
roles:
- k8s-worker
- name: Configure Kubernetes Persistent Volumes
hosts: kubernetes_control_panel
gather_facts: false
become: true
roles:
- k8s-pv
- name: Configure Harbor
hosts: kubernetes_control_panel
gather_facts: false
roles:
- role: harbor
vars:
harbor_domain: '{{ HARBOR_DOMAIN }}'
harbor_path: '{{ HARBOR_PATH }}'
- name: Configure JupyterHub workers
hosts: jupyterhub_single_user
gather_facts: false
become: true
roles:
- k8s-worker
- name: Configure mybinder.org Kubernetes cluster
hosts: kubernetes_control_panel
gather_facts: false
roles:
- mybinder
51 changes: 51 additions & 0 deletions ansible/inventories/gesis-acceptance
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
[all]
svko-css-backup-node ansible_host=194.95.75.20 ansible_ssh_user=ansible ansible_become_pass='{{ become_pass_194_95_75_20 }}'
svko-k8s-test01 ansible_host=194.95.75.21 ansible_ssh_user=ansible ansible_become_pass='{{ become_pass_194_95_75_21 }}'
svko-k8s-test02 ansible_host=194.95.75.22 ansible_ssh_user=ansible ansible_become_pass='{{ become_pass_194_95_75_22 }}'
svko-k8s-test03 ansible_host=194.95.75.23 ansible_ssh_user=ansible ansible_become_pass='{{ become_pass_194_95_75_23 }}'

[all:vars]
INVENTORY_NAME=stage
K8S_CONTROL_PLANE_ENDPOINT=194.95.75.21
K8S_CONTROL_PLANE_ALIAS=svko-k8s-test01
; Replace this variable with a filter
; This must match the group ingress
K8S_INGRESS=194.95.75.20

[notebooks_gesis_org]
svko-css-backup-node

[kubernetes_control_panel]
svko-k8s-test01

[kubernetes_control_panel:vars]
GRAFANA_CAPACITY_STORAGE=2Gi
JUPYTERHUB_CAPACITY_STORAGE=2Gi
PROMETHEUS_CAPACITY_STORAGE=15Gi
HARBOR_DOMAIN=notebooks.gesis.org
HARBOR_PATH='/'

[kubernetes_workers]
svko-k8s-test02
svko-k8s-test03

[ingress]
svko-css-backup-node

[harbor]
svko-k8s-test03

[binderhub]
svko-k8s-test02

[jupyterhub]
svko-k8s-test02

[jupyterhub_single_user]
svko-k8s-test02

[prometheus]
svko-css-backup-node

[grafana]
svko-css-backup-node
Loading