From 4268a545f303608ce4c492752bf18bb1333f9106 Mon Sep 17 00:00:00 2001 From: Janibasha Date: Fri, 8 Nov 2024 11:30:45 +0530 Subject: [PATCH] added lb code --- .github/workflows/deploy-genai-appstack.yml | 7 ++++++ .../terraform/managed_k8s.tf | 2 +- .../terraform/terraform.tfvars | 2 -- .../terraform/terraform.tfvars.example | 2 +- .../terraform/variables.tf | 6 ----- .../terraform/xc_loadbalancer.tf | 22 ++++++++++++++++--- 6 files changed, 28 insertions(+), 13 deletions(-) diff --git a/.github/workflows/deploy-genai-appstack.yml b/.github/workflows/deploy-genai-appstack.yml index 930422a7e..8804dc8f8 100644 --- a/.github/workflows/deploy-genai-appstack.yml +++ b/.github/workflows/deploy-genai-appstack.yml @@ -80,3 +80,10 @@ jobs: - name: Terraform Apply if: github.ref == 'refs/heads/deploy-genai-appstack' && github.event_name == 'push' run: terraform apply -auto-approve -input=false + + - name: Deploy App + run: | + curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl + curl --location --header 'Access-Control-Allow-Origin: *' --data-raw '{"expirationTimestamp":"2100-09-14T09:02:25.547659194Z"}' --request POST 'https://treino.console.ves.volterra.io/api/web/namespaces/system/sites/jani-appstack/global-kubeconfigs' --cert api.p12:Jani_123 > ves_default_k8.yaml + ./kubectl apply -f llm.yaml --kubeconfig=ves_default_k8.yaml + ./kubectl apply -f langchain-doc-qa-api.yaml --kubeconfig=ves_default_k8.yaml \ No newline at end of file diff --git a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/managed_k8s.tf b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/managed_k8s.tf index 4bb63e373..19e242745 100644 --- a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/managed_k8s.tf +++ b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/managed_k8s.tf @@ -24,7 +24,7 @@ resource "volterra_k8s_cluster" "mk8s" { #} resource "volterra_aws_vpc_site" "this" { - name = var.site_name + name = format("%s-appstack", var.project_prefix) namespace = "system" aws_region = var.aws_region ssh_key = var.ssh_key diff --git a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars index b24b54473..7c55e9b06 100644 --- a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars +++ b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars @@ -6,5 +6,3 @@ project_prefix = "jani-genai" app_domain = "jbgenai.f5-hyd-xcdemo.com" serviceName = "langchain-doc-qa-api.llm" serviceport = "8501" -site_name = "jb-appstack" -user_site = "true" diff --git a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars.example b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars.example index c3edc0869..6ae500053 100644 --- a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars.example +++ b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/terraform.tfvars.example @@ -16,4 +16,4 @@ xc_waf_blocking = true # pool and LB inputs serviceName = "" serviceport = "" -site_name = "" + diff --git a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/variables.tf b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/variables.tf index e4aba672c..9dac77787 100644 --- a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/variables.tf +++ b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/variables.tf @@ -57,12 +57,6 @@ variable user_site { default = "true" } -variable "site_name" { - type = string - description = "CE site name to advertise load balancer." - default = "" -} - variable "k8s_pool" { type = string description = "If pool is on k8s." diff --git a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/xc_loadbalancer.tf b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/xc_loadbalancer.tf index 2f3f9d0e4..58185b219 100644 --- a/workflow-guides/smcn/genai-inference-at-the-edge/terraform/xc_loadbalancer.tf +++ b/workflow-guides/smcn/genai-inference-at-the-edge/terraform/xc_loadbalancer.tf @@ -20,7 +20,7 @@ resource "volterra_origin_pool" "op" { outside_network = true site_locator { site { - name = var.site_name + name = format("%s-appstack", var.project_prefix) namespace = "system" tenant = var.xc_tenant } @@ -35,11 +35,24 @@ resource "volterra_origin_pool" "op" { loadbalancer_algorithm = "LB_OVERRIDE" } +resource "volterra_app_firewall" "waap-tf" { + name = format("%s-firewall", var.project_prefix) + description = format("WAF in block mode for %s", var.project_prefix) + namespace = var.xc_namespace + allow_all_response_codes = true + default_anonymization = true + use_default_blocking_page = true + default_bot_setting = true + default_detection_settings= true + use_loadbalancer_setting = true + blocking = true +} + resource "volterra_http_loadbalancer" "lb_https" { depends_on = [volterra_origin_pool.op] name = format("%s-xclb", var.project_prefix) namespace = var.xc_namespace - description = format("HTTP loadbalancer object for %s origin server", var.project_prefix) + description = format("HTTP load balancer object for %s origin server", var.project_prefix) domains = [var.app_domain] advertise_on_public_default_vip = true @@ -64,7 +77,10 @@ resource "volterra_http_loadbalancer" "lb_https" { weight = 1 } - disable_waf = false + app_firewall { + name = volterra_app_firewall.waap-tf.name + namespace = var.xc_namespace + } round_robin = true service_policies_from_namespace = true user_id_client_ip = true