diff --git a/.gitignore b/.gitignore index 299bdc807..12870ff28 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.idea Chef/nodes/ tf_files/*output/* tf_files/terraform.tfstate diff --git a/gen3/bin/kube-roll-all.sh b/gen3/bin/kube-roll-all.sh index 6357f0788..9334f0cde 100644 --- a/gen3/bin/kube-roll-all.sh +++ b/gen3/bin/kube-roll-all.sh @@ -249,6 +249,12 @@ else gen3_log_info "not deploying gen3-discovery-ai - no manifest entry for '.versions[\"gen3-discovery-ai\"]'" fi +if g3k_manifest_lookup '.versions["gen3-user-data-library"]' 2> /dev/null; then + gen3 kube-setup-gen3-user-data-library & +else + gen3_log_info "not deploying gen3-user-data-library - no manifest entry for '.versions[\"gen3-user-data-library\"]'" +fi + if g3k_manifest_lookup '.versions["ohdsi-atlas"]' && g3k_manifest_lookup '.versions["ohdsi-webapi"]' 2> /dev/null; then gen3 kube-setup-ohdsi & else diff --git a/gen3/bin/kube-setup-gen3-user-data-library.sh b/gen3/bin/kube-setup-gen3-user-data-library.sh new file mode 100644 index 000000000..e96b9405b --- /dev/null +++ b/gen3/bin/kube-setup-gen3-user-data-library.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# +# Deploy the gen3-user-data-library service +# + +source "${GEN3_HOME}/gen3/lib/utils.sh" +gen3_load "gen3/gen3setup" + +setup_database() { + gen3_log_info "setting up gen3-user-data-library service ..." + + if g3kubectl describe secret gen3userdatalibrary-g3auto > /dev/null 2>&1; then + gen3_log_info "gen3userdatalibrary-g3auto secret already configured" + return 0 + fi + if [[ -n "$JENKINS_HOME" || ! -f "$(gen3_secrets_folder)/creds.json" ]]; then + gen3_log_err "skipping db setup in non-adminvm environment" + return 0 + fi + # Setup .env file that gen3-user-data-library service consumes + if [[ ! -f "$secretsFolder/gen3-user-data-library.env" || ! -f "$secretsFolder/base64Authz.txt" ]]; then + local secretsFolder="$(gen3_secrets_folder)/g3auto/gen3userdatalibrary" + + if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then + if ! gen3 db setup gen3userdatalibrary; then + gen3_log_err "Failed setting up database for gen3-user-data-library service" + return 1 + fi + fi + if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then + gen3_log_err "dbcreds not present in Gen3Secrets/" + return 1 + fi + + # go ahead and rotate the password whenever we regen this file + local password="$(gen3 random)" + local db_host=$(jq -r .db_host < "$secretsFolder/dbcreds.json") + local db_user=$(jq -r .db_username < "$secretsFolder/dbcreds.json") + local db_password=$(jq -r .db_password < "$secretsFolder/dbcreds.json") + local db_database=$(jq -r .db_database < "$secretsFolder/dbcreds.json") + cat - > "$secretsFolder/gen3-user-data-library.env" < "$secretsFolder/base64Authz.txt" + fi + gen3 secrets sync 'setup gen3userdatalibrary-g3auto secrets' +} + + +if ! setup_database; then + gen3_log_err "kube-setup-gen3-user-data-library bailing out - database failed setup" + exit 1 +fi + +if ! g3k_manifest_lookup '.versions."gen3-user-data-library"' 2> /dev/null; then + gen3_log_info "kube-setup-gen3-user-data-library exiting - gen3-user-data-library service not in manifest" + exit 0 +fi + +gen3 roll gen3-user-data-library +g3kubectl apply -f "${GEN3_HOME}/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml" + +if [[ -z "$GEN3_ROLL_ALL" ]]; then + gen3 kube-setup-networkpolicy + gen3 kube-setup-revproxy +fi + +gen3_log_info "The gen3-user-data-library service has been deployed onto the kubernetes cluster" diff --git a/kube/services/gen3-user-data-library/gen3-user-data-library-deploy.yaml b/kube/services/gen3-user-data-library/gen3-user-data-library-deploy.yaml new file mode 100644 index 000000000..c5988a4fd --- /dev/null +++ b/kube/services/gen3-user-data-library/gen3-user-data-library-deploy.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gen3-user-data-library-deployment +spec: + selector: + # Only select pods based on the 'app' label + matchLabels: + app: gen3-user-data-library + release: production + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: gen3-user-data-library + release: production + public: "yes" + netnolimit: "yes" + GEN3_DATE_LABEL + spec: + volumes: + - name: gen3-user-data-library-g3auto-volume + secret: + secretName: gen3userdatalibrary-g3auto + containers: + - name: gen3-user-data-library + GEN3_GEN3-USER-DATA-LIBRARY_IMAGE + ports: + - containerPort: 8080 + env: + - name: GEN3_DEBUG + GEN3_DEBUG_FLAG|-value: "False"-| + - name: ANONYMIZED_TELEMETRY + value: "False" + volumeMounts: + - name: gen3-user-data-library-g3auto-volume + readOnly: true + mountPath: /gen3userdatalibrary/.env + subPath: gen3-user-data-library.env + imagePullPolicy: Always + resources: + requests: + cpu: 1 + memory: 1024Mi + limits: + cpu: 2 + memory: 2048Mi diff --git a/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml b/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml new file mode 100644 index 000000000..b3760d66f --- /dev/null +++ b/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml @@ -0,0 +1,21 @@ +kind: Service +apiVersion: v1 +metadata: + name: gen3-user-data-library-service +spec: + selector: + app: gen3-user-data-library + release: production + ports: + - protocol: TCP + port: 80 + targetPort: 8000 + name: http + nodePort: null + - protocol: TCP + port: 443 + targetPort: 443 + name: https + nodePort: null + type: ClusterIP + diff --git a/kube/services/revproxy/gen3.nginx.conf/gen3-user-data-library-service.conf b/kube/services/revproxy/gen3.nginx.conf/gen3-user-data-library-service.conf new file mode 100644 index 000000000..996aa07f9 --- /dev/null +++ b/kube/services/revproxy/gen3.nginx.conf/gen3-user-data-library-service.conf @@ -0,0 +1,12 @@ + location /library { + if ($csrf_check !~ ^ok-\S.+$) { + return 403 "failed csrf check"; + } + + set $proxy_service "gen3-user-data-library-service"; + set $upstream http://gen3-user-data-library-service$des_domain; + rewrite ^/library/(.*) /$1 break; + proxy_pass $upstream; + proxy_redirect http://$host/ https://$host/library/; + client_max_body_size 0; + }