Skip to content

Commit

Permalink
feat(BDC-326): Adds gen3-user-data-library
Browse files Browse the repository at this point in the history
  • Loading branch information
k-burt-uch committed Nov 18, 2024
1 parent c32ab5f commit 45aea17
Show file tree
Hide file tree
Showing 6 changed files with 160 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.idea
Chef/nodes/
tf_files/*output/*
tf_files/terraform.tfstate
Expand Down
6 changes: 6 additions & 0 deletions gen3/bin/kube-roll-all.sh
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,12 @@ else
gen3_log_info "not deploying gen3-discovery-ai - no manifest entry for '.versions[\"gen3-discovery-ai\"]'"
fi

if g3k_manifest_lookup '.versions["gen3-user-data-library"]' 2> /dev/null; then
gen3 kube-setup-gen3-user-data-library &
else
gen3_log_info "not deploying gen3-user-data-library - no manifest entry for '.versions[\"gen3-user-data-library\"]'"
fi

if g3k_manifest_lookup '.versions["ohdsi-atlas"]' && g3k_manifest_lookup '.versions["ohdsi-webapi"]' 2> /dev/null; then
gen3 kube-setup-ohdsi &
else
Expand Down
69 changes: 69 additions & 0 deletions gen3/bin/kube-setup-gen3-user-data-library.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
#!/bin/bash
#
# Deploy the gen3-user-data-library service
#

source "${GEN3_HOME}/gen3/lib/utils.sh"
gen3_load "gen3/gen3setup"

setup_database() {
gen3_log_info "setting up gen3-user-data-library service ..."

if g3kubectl describe secret gen3userdatalibrary-g3auto > /dev/null 2>&1; then
gen3_log_info "gen3userdatalibrary-g3auto secret already configured"
return 0
fi
if [[ -n "$JENKINS_HOME" || ! -f "$(gen3_secrets_folder)/creds.json" ]]; then
gen3_log_err "skipping db setup in non-adminvm environment"
return 0
fi
# Setup .env file that gen3-user-data-library service consumes
if [[ ! -f "$secretsFolder/gen3-user-data-library.env" || ! -f "$secretsFolder/base64Authz.txt" ]]; then
local secretsFolder="$(gen3_secrets_folder)/g3auto/gen3userdatalibrary"

if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then
if ! gen3 db setup gen3userdatalibrary; then
gen3_log_err "Failed setting up database for gen3-user-data-library service"
return 1
fi
fi
if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then
gen3_log_err "dbcreds not present in Gen3Secrets/"
return 1
fi

# go ahead and rotate the password whenever we regen this file
local password="$(gen3 random)"
local db_host=$(jq -r .db_host < "$secretsFolder/dbcreds.json")
local db_user=$(jq -r .db_username < "$secretsFolder/dbcreds.json")
local db_password=$(jq -r .db_password < "$secretsFolder/dbcreds.json")
local db_database=$(jq -r .db_database < "$secretsFolder/dbcreds.json")
cat - > "$secretsFolder/gen3-user-data-library.env" <<EOM
DB_CONNECTION_STRING=postgresql+asyncpg://$db_user:$db_password@$db_host/$db_database
EOM
# make it easy for nginx to get the Authorization header ...
echo -n "gateway:$password" | base64 > "$secretsFolder/base64Authz.txt"
fi
gen3 secrets sync 'setup gen3userdatalibrary-g3auto secrets'
}


if ! setup_database; then
gen3_log_err "kube-setup-gen3-user-data-library bailing out - database failed setup"
exit 1
fi

if ! g3k_manifest_lookup '.versions."gen3-user-data-library"' 2> /dev/null; then
gen3_log_info "kube-setup-gen3-user-data-library exiting - gen3-user-data-library service not in manifest"
exit 0
fi

gen3 roll gen3-user-data-library
g3kubectl apply -f "${GEN3_HOME}/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml"

if [[ -z "$GEN3_ROLL_ALL" ]]; then
gen3 kube-setup-networkpolicy
gen3 kube-setup-revproxy
fi

gen3_log_info "The gen3-user-data-library service has been deployed onto the kubernetes cluster"
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gen3-user-data-library-deployment
spec:
selector:
# Only select pods based on the 'app' label
matchLabels:
app: gen3-user-data-library
release: production
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: gen3-user-data-library
release: production
public: "yes"
netnolimit: "yes"
GEN3_DATE_LABEL
spec:
volumes:
- name: gen3-user-data-library-g3auto-volume
secret:
secretName: gen3userdatalibrary-g3auto
containers:
- name: gen3-user-data-library
GEN3_GEN3-USER-DATA-LIBRARY_IMAGE
ports:
- containerPort: 8080
env:
- name: GEN3_DEBUG
GEN3_DEBUG_FLAG|-value: "False"-|
- name: ANONYMIZED_TELEMETRY
value: "False"
volumeMounts:
- name: gen3-user-data-library-g3auto-volume
readOnly: true
mountPath: /gen3userdatalibrary/.env
subPath: gen3-user-data-library.env
imagePullPolicy: Always
resources:
requests:
cpu: 1
memory: 1024Mi
limits:
cpu: 2
memory: 2048Mi
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
kind: Service
apiVersion: v1
metadata:
name: gen3-user-data-library-service
spec:
selector:
app: gen3-user-data-library
release: production
ports:
- protocol: TCP
port: 80
targetPort: 8000
name: http
nodePort: null
- protocol: TCP
port: 443
targetPort: 443
name: https
nodePort: null
type: ClusterIP

Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
location /library {
if ($csrf_check !~ ^ok-\S.+$) {
return 403 "failed csrf check";
}

set $proxy_service "gen3-user-data-library-service";
set $upstream http://gen3-user-data-library-service$des_domain;
rewrite ^/library/(.*) /$1 break;
proxy_pass $upstream;
proxy_redirect http://$host/ https://$host/library/;
client_max_body_size 0;
}

0 comments on commit 45aea17

Please sign in to comment.