A bunch of deployment config and param fixes (#4271)

deploy/helm_charts/dc_website/templates/deployment.yaml

@@ -162,6 +162,7 @@ spec:
               path: /healthz
               port: 6060
             failureThreshold: 30
+            periodSeconds: 10
             timeoutSeconds: 5
           readinessProbe:
             httpGet:
@@ -172,11 +173,13 @@ spec:
             # there's already NUM_WORKERS number of requests, need to wait
             # before /healthz can be served.
             timeoutSeconds: 300
+            periodSeconds: 10
           livenessProbe:
             httpGet:
               path: /healthz
               port: 6060
             timeoutSeconds: 300
+            periodSeconds: 10
           ports:
             - containerPort: 6060
         {{- end }}

deploy/helm_charts/dc_website/templates/single_cluster.yaml

@@ -74,6 +74,7 @@ metadata:
     {{- end }}
     cloud.google.com/backend-config: '{"ports": {"8080":"backendconfig-nodejs"}}'
 spec:
+  type: NodePort
   ports:
     - port: 8080
       targetPort: 8080
@@ -134,7 +135,7 @@ metadata:
     {{- if .Values.ingress.internal }}
     ingress.gcp.kubernetes.io/pre-shared-cert: "website-ilb"
     kubernetes.io/ingress.regional-static-ip-name: "website-ilb-ip"
-    kubernetes.io/ingress.class: "gce-internal"
+    kubernetes.io/spec.ingressClassName: "gce-internal"
     kubernetes.io/ingress.allow-http: "false"
     {{- else }}
     kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingress.ipName }}

deploy/helm_charts/envs/dev.yaml

@@ -28,6 +28,9 @@ website:
 serviceAccount:
   name: website-ksa
 
+ingress:
+  enabled: true
+
 serviceGroups:
   recon: null
   svg:

gke/README.md

@@ -1,8 +1,8 @@
-## Deploy Website to Multiple GKE Clusters
+# Deploy Website to Multiple GKE Clusters
 
 You should have owner/editor role to perform the following tasks.
 
-### Prerequisites
+## Prerequisites
 
 - Register a website domain on Google Domain or other registrars.
 
@@ -23,73 +23,73 @@ You should have owner/editor role to perform the following tasks.
   - [`kustomize`](https://kustomize.io/)
   - [`yq` 4.x](https://github.com/mikefarah/yq#install)
 
-### One time setup
+## One time setup
 
-1.  Run the following scripts sequentially. Retry any script if errors occur.
+1. Run the following scripts sequentially. Retry any script if errors occur.
 
-    ```bash
-    # Update gcloud
-    gcloud components update
-    gcloud auth login
+   ```bash
+   # Update gcloud
+   gcloud components update
+   gcloud auth login
 
-    # Enable GCP services
-    ./enable_services.sh
+   # Enable GCP services
+   ./enable_services.sh
 
-    # Create a static IP for the domain (Skip this step if you are using apigee proxy)
-    ./create_ip.sh
+   # Create a static IP for the domain (Skip this step if you are using apigee proxy)
+   ./create_ip.sh
 
-    # Create api key for web client maps and places API
-    ./create_api_key.sh
+   # Create api key for web client maps and places API
+   ./create_api_key.sh
 
-    # Create robot account
-    ./create_robot_account.sh
+   # Create robot account
+   ./create_robot_account.sh
 
-    # Config robot account IAM in the project
-    ./add_policy_binding.sh
+   # Config robot account IAM in the project
+   ./add_policy_binding.sh
 
-    # [Ask Data Commons team to run this] Get permission to read Data Commons data
-    ./get_storage_permission.sh
+   # [Ask Data Commons team to run this] Get permission to read Data Commons data
+   ./get_storage_permission.sh
 
-    # Create SSL certificate
-    ./setup_ssl.sh
+   # Create SSL certificate
+   ./setup_ssl.sh
 
-    # Deploy esp service
-    ./setup_esp.sh
+   # Deploy esp service
+   ./setup_esp.sh
 
-    # [For apigee configurations only] Configure internal load balancer network and dns settings
-    ./configure_internal_load_balancer.sh
-    ```
+   # [For apigee configurations only] Configure internal load balancer network and dns settings
+   ./configure_internal_load_balancer.sh
+   ```
 
-1.  Copy the `config.yaml` file into the `/deploy/gke` folder. Rename
-    the file to describe the environment the clusters are being used for.
+1. Copy the `config.yaml` file into the `/deploy/gke` folder. Rename
+   the file to describe the environment the clusters are being used for.
 
-    ```text
-      > The filename used will be the `<ENV>` in subsequent commands. E.g. if you
-      > named the yaml file `staging.yaml`, then the `ENV` below is `staging`.
-    ```
+   ```text
+     > The filename used will be the `<ENV>` in subsequent commands. E.g. if you
+     > named the yaml file `staging.yaml`, then the `ENV` below is `staging`.
+   ```
 
-1.  Run the following scripts sequentially.
+1. Run the following scripts sequentially.
 
-    ```bash
-    # Create clusters
-    ./create_all_clusters.sh <ENV>
+   ```bash
+   # Create clusters
+   ./create_all_clusters.sh <ENV>
 
-    # Deploy helm
-    ../scripts/deploy_gke_helm.sh -e <ENV> -l <REGION>
-    ```
+   # Deploy helm
+   ../scripts/deploy_gke_helm.sh -e <ENV> -l <REGION>
+   ```
 
 1. (Optional) If you're using multiple clusters, run the following script to
    setup multi-cluster ingress and services. Use the "-n" flag to include the nodejs server in the setup.
 
-    ```bash
-    # Set up multi-cluster ingress and service WITHOUT nodejs
-    ./setup_config_cluster.sh
+   ```bash
+   # Set up multi-cluster ingress and service WITHOUT nodejs
+   ./setup_config_cluster.sh
 
-    # Set up multi-cluster ingress and service WITH nodejs
-    ./setup_config_cluster.sh -n
-    ```
+   # Set up multi-cluster ingress and service WITH nodejs
+   ./setup_config_cluster.sh -n
+   ```
 
-### DNS setup
+## DNS setup
 
 - [Configure the DNS in the domain
   registrar](https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#update-dns).
@@ -105,7 +105,7 @@ You should have owner/editor role to perform the following tasks.
   Ingress](mci.yaml.tpl). If they are not linked, need to manually add the
   certificate to the load balancing ([example setup in GCP](ssl.png)).
 
-### Add a new cluster
+## Add a new cluster
 
 If new cluster is needed to scale, then run:
 

gke/create_cluster.sh

@@ -34,7 +34,7 @@ gcloud config set project $PROJECT_ID
 gcloud container clusters create $CLUSTER_NAME \
   --num-nodes=$NODES \
   --region=$REGION \
-  --machine-type=e2-highmem-4 \
+  --machine-type=e2-highmem-8 \
   --enable-ip-alias \
   --workload-pool=$PROJECT_ID.svc.id.goog \
   --scopes=https://www.googleapis.com/auth/trace.append

scripts/deploy_gke_helm.sh

@@ -138,7 +138,7 @@ function deploy_website() {
   helm upgrade --install dc-website deploy/helm_charts/dc_website \
   -f "deploy/helm_charts/envs/$ENV.yaml" \
   --atomic \
-  --timeout 10m \
+  --timeout 15m \
   --set website.image.tag="$WEBSITE_HASH" \
   --set website.githash="$WEBSITE_HASH" \
   --set nodejs.apiRoot="$WEBSITE_SERVICE_URL" \