-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(BDC-326): Adds gen3-user-data-library
- Loading branch information
1 parent
69e15ba
commit aecdd7c
Showing
6 changed files
with
180 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
.idea | ||
Chef/nodes/ | ||
tf_files/*output/* | ||
tf_files/terraform.tfstate | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
#!/bin/bash | ||
# | ||
# Deploy the gen3-user-data-library service | ||
# | ||
|
||
source "${GEN3_HOME}/gen3/lib/utils.sh" | ||
gen3_load "gen3/gen3setup" | ||
|
||
setup_database() { | ||
gen3_log_info "setting up gen3-user-data-library service ..." | ||
|
||
if g3kubectl describe secret gen3userdatalibrary-g3auto > /dev/null 2>&1; then | ||
gen3_log_info "gen3userdatalibrary-g3auto secret already configured" | ||
return 0 | ||
fi | ||
if [[ -n "$JENKINS_HOME" || ! -f "$(gen3_secrets_folder)/creds.json" ]]; then | ||
gen3_log_err "skipping db setup in non-adminvm environment" | ||
return 0 | ||
fi | ||
# Setup .env file that gen3-user-data-library service consumes | ||
if [[ ! -f "$secretsFolder/gen3-user-data-library.env" || ! -f "$secretsFolder/base64Authz.txt" ]]; then | ||
local secretsFolder="$(gen3_secrets_folder)/g3auto/gen3userdatalibrary" | ||
|
||
if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then | ||
if ! gen3 db setup gen3userdatalibrary; then | ||
gen3_log_err "Failed setting up database for gen3-user-data-library service" | ||
return 1 | ||
fi | ||
fi | ||
if [[ ! -f "$secretsFolder/dbcreds.json" ]]; then | ||
gen3_log_err "dbcreds not present in Gen3Secrets/" | ||
return 1 | ||
fi | ||
|
||
# go ahead and rotate the password whenever we regen this file | ||
local password="$(gen3 random)" | ||
local db_host=$(jq -r .db_host < "$secretsFolder/dbcreds.json") | ||
local db_user=$(jq -r .db_username < "$secretsFolder/dbcreds.json") | ||
local db_password=$(jq -r .db_password < "$secretsFolder/dbcreds.json") | ||
local db_database=$(jq -r .db_database < "$secretsFolder/dbcreds.json") | ||
cat - > "$secretsFolder/gen3-user-data-library.env" <<EOM | ||
DB_CONNECTION_STRING=postgresql+asyncpg://$db_user:$db_password@$db_host/$db_database | ||
URL_PREFIX=/library | ||
EOM | ||
# make it easy for nginx to get the Authorization header ... | ||
echo -n "gateway:$password" | base64 > "$secretsFolder/base64Authz.txt" | ||
fi | ||
gen3 secrets sync 'setup gen3userdatalibrary-g3auto secrets' | ||
} | ||
|
||
|
||
if ! setup_database; then | ||
gen3_log_err "kube-setup-gen3-user-data-library bailing out - database failed setup" | ||
exit 1 | ||
fi | ||
|
||
if ! g3k_manifest_lookup '.versions."gen3-user-data-library"' 2> /dev/null; then | ||
gen3_log_info "kube-setup-gen3-user-data-library exiting - gen3-user-data-library service not in manifest" | ||
exit 0 | ||
fi | ||
|
||
gen3 roll gen3-user-data-library | ||
g3kubectl apply -f "${GEN3_HOME}/kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml" | ||
|
||
if [[ -z "$GEN3_ROLL_ALL" ]]; then | ||
gen3 kube-setup-networkpolicy | ||
gen3 kube-setup-revproxy | ||
fi | ||
|
||
gen3_log_info "The gen3-user-data-library service has been deployed onto the kubernetes cluster" |
70 changes: 70 additions & 0 deletions
70
kube/services/gen3-user-data-library/gen3-user-data-library-deploy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: gen3-user-data-library-deployment | ||
spec: | ||
selector: | ||
# Only select pods based on the 'app' label | ||
matchLabels: | ||
app: gen3-user-data-library | ||
release: production | ||
strategy: | ||
type: RollingUpdate | ||
rollingUpdate: | ||
maxSurge: 1 | ||
maxUnavailable: 0 | ||
template: | ||
metadata: | ||
labels: | ||
app: gen3-user-data-library | ||
release: production | ||
public: "yes" | ||
netnolimit: "yes" | ||
GEN3_DATE_LABEL | ||
spec: | ||
volumes: | ||
- name: gen3-user-data-library-g3auto-volume | ||
secret: | ||
secretName: gen3userdatalibrary-g3auto | ||
containers: | ||
- name: gen3-user-data-library | ||
GEN3_GEN3-USER-DATA-LIBRARY_IMAGE | ||
ports: | ||
- containerPort: 8080 | ||
env: | ||
- name: GEN3_DEBUG | ||
GEN3_DEBUG_FLAG|-value: "False"-| | ||
- name: ANONYMIZED_TELEMETRY | ||
value: "False" | ||
volumeMounts: | ||
- name: gen3-user-data-library-g3auto-volume | ||
readOnly: true | ||
mountPath: /gen3userdatalibrary/.env | ||
subPath: gen3-user-data-library.env | ||
imagePullPolicy: Always | ||
resources: | ||
requests: | ||
cpu: 1 | ||
memory: 1024Mi | ||
limits: | ||
cpu: 2 | ||
memory: 2048Mi | ||
initContainers: | ||
- name: gen3-user-data-library-db-migrate | ||
GEN3_GEN3-USER-DATA-LIBRARY_IMAGE | ||
imagePullPolicy: Always | ||
volumeMounts: | ||
- name: gen3-user-data-library-g3auto-volume | ||
readOnly: true | ||
mountPath: /gen3userdatalibrary/.env | ||
subPath: gen3-user-data-library.env | ||
resources: | ||
limits: | ||
cpu: 0.8 | ||
memory: 512Mi | ||
command: [ "/bin/sh" ] | ||
args: | ||
- "-c" | ||
- | | ||
# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility | ||
poetry run alembic upgrade head || /env/bin/alembic upgrade head |
21 changes: 21 additions & 0 deletions
21
kube/services/gen3-user-data-library/gen3-user-data-library-service.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
kind: Service | ||
apiVersion: v1 | ||
metadata: | ||
name: gen3-user-data-library-service | ||
spec: | ||
selector: | ||
app: gen3-user-data-library | ||
release: production | ||
ports: | ||
- protocol: TCP | ||
port: 80 | ||
targetPort: 8000 | ||
name: http | ||
nodePort: null | ||
- protocol: TCP | ||
port: 443 | ||
targetPort: 443 | ||
name: https | ||
nodePort: null | ||
type: ClusterIP | ||
|
12 changes: 12 additions & 0 deletions
12
kube/services/revproxy/gen3.nginx.conf/gen3-user-data-library-service.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
location /library { | ||
if ($csrf_check !~ ^ok-\S.+$) { | ||
return 403 "failed csrf check"; | ||
} | ||
|
||
set $proxy_service "gen3-user-data-library-service"; | ||
set $upstream http://gen3-user-data-library-service$des_domain; | ||
rewrite ^/library/(.*) /$1 break; | ||
proxy_pass $upstream; | ||
proxy_redirect http://$host/ https://$host/library/; | ||
client_max_body_size 0; | ||
} |