From d56d909b722659ffccb50b544d9d4bdf555fea26 Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Tue, 3 Oct 2023 19:04:37 -0500 Subject: [PATCH 1/7] Add probes to staging --- kubernetes/deployment-staging.tmpl | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/kubernetes/deployment-staging.tmpl b/kubernetes/deployment-staging.tmpl index f593a7d..4a234a1 100644 --- a/kubernetes/deployment-staging.tmpl +++ b/kubernetes/deployment-staging.tmpl @@ -24,6 +24,36 @@ spec: limits: memory: "600Mi" cpu: "500m" + startupProbe: + httpGet: + path: / + port: 80 + httpHeaders: + - name: X-Forwarded-Proto + value: https + # wait 6 * 10 seconds(default periodSeconds) for the container to start + # after this succeeds once the liveness probe takes over + failureThreshold: 6 + livenessProbe: + httpGet: + path: / + port: 80 + httpHeaders: + - name: X-Forwarded-Proto + value: https + # allow a longer response time than 1s + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 80 + httpHeaders: + - name: X-Forwarded-Proto + value: https + # start checking for readiness after 20s (to serve traffic) + initialDelaySeconds: 20 + # allow a longer response time than 1s + timeoutSeconds: 10 env: - name: RAILS_LOG_TO_STDOUT value: "true" From c44f065565c57fb5bf51c92f6c7b82445572401b Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Tue, 3 Oct 2023 19:16:56 -0500 Subject: [PATCH 2/7] Manual lambda deploys only --- .github/workflows/deploy_lambda_staging.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/deploy_lambda_staging.yml b/.github/workflows/deploy_lambda_staging.yml index 93e37af..d8577ea 100644 --- a/.github/workflows/deploy_lambda_staging.yml +++ b/.github/workflows/deploy_lambda_staging.yml @@ -1,9 +1,6 @@ name: Deploy Lambda Function on: - push: - tags: - - lambda-release workflow_dispatch: jobs: @@ -12,7 +9,7 @@ jobs: defaults: run: working-directory: ./kinesis-to-http - name: Deploy lambda function + name: Deploy staging lambda steps: - name: Checkout uses: actions/checkout@v2 From 8c2c65a149600415cf5587841a7514b349df44da Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Tue, 3 Oct 2023 19:17:12 -0500 Subject: [PATCH 3/7] Production lambda deploy --- .../workflows/deploy_lambda_production.yml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/deploy_lambda_production.yml diff --git a/.github/workflows/deploy_lambda_production.yml b/.github/workflows/deploy_lambda_production.yml new file mode 100644 index 0000000..051b798 --- /dev/null +++ b/.github/workflows/deploy_lambda_production.yml @@ -0,0 +1,37 @@ +name: Deploy Production Lambda Function + +on: + workflow_dispatch: + +jobs: + deploy_lambda: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./kinesis-to-http + name: Deploy production lambda + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.LAMBDA_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.LAMBDA_AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + role-session-name: lambda-deploy-production + + - name: Install dependencies + run: | + mkdir ./package && pip install --target ./package requests + + - name: Zip package + run: | + zip -r ./lambda.zip . + + - name: AWS Deploy + run: | + aws lambda update-function-code \ + --function-name eras-forwarder-production \ + --zip-file fileb://lambda.zip From 6d92d7426b67eca555281dbba78af65a8225625d Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Tue, 3 Oct 2023 19:18:19 -0500 Subject: [PATCH 4/7] Produciton deploy templates --- .github/workflows/deploy_production.yml | 39 +++++++++++ kubernetes/deployment-production.tmpl | 88 +++++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 .github/workflows/deploy_production.yml create mode 100644 kubernetes/deployment-production.tmpl diff --git a/.github/workflows/deploy_production.yml b/.github/workflows/deploy_production.yml new file mode 100644 index 0000000..626ec4d --- /dev/null +++ b/.github/workflows/deploy_production.yml @@ -0,0 +1,39 @@ +name: Deploy to Production + +on: + push: + tags: + - production-release + workflow_dispatch: + +jobs: + build_and_push_image: + name: Build and Push Image + uses: zooniverse/ci-cd/.github/workflows/build_and_push_image.yaml@main + with: + repo_name: eras + commit_id: ${{ github.sha }} + latest: true + + db_migration_production: + name: Production DB Migration + uses: zooniverse/ci-cd/.github/workflows/db_migration.yaml@main + needs: build_and_push_image + with: + app_name: eras + environment: production + commit_id: ${{ github.sha }} + secrets: + creds: ${{ secrets.AZURE_AKS }} + + deploy_production: + name: Deploy to Production + uses: zooniverse/ci-cd/.github/workflows/deploy_app.yaml@main + needs: [build_and_push_image, db_migration_production] + with: + app_name: eras + repo_name: eras + commit_id: ${{ github.sha }} + environment: production + secrets: + creds: ${{ secrets.AZURE_AKS }} diff --git a/kubernetes/deployment-production.tmpl b/kubernetes/deployment-production.tmpl new file mode 100644 index 0000000..6df0732 --- /dev/null +++ b/kubernetes/deployment-production.tmpl @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eras-production-app + labels: + app: eras-production-app +spec: + replicas: 1 + selector: + matchLabels: + app: eras-production-app + template: + metadata: + labels: + app: eras-production-app + spec: + containers: + - name: eras-production-app + image: ghcr.io/zooniverse/eras:__IMAGE_TAG__ + resources: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "1000Mi" + cpu: "1000m" + startupProbe: + httpGet: + path: / + port: 80 + httpHeaders: + - name: X-Forwarded-Proto + value: https + # wait 6 * 10 seconds(default periodSeconds) for the container to start + # after this succeeds once the liveness probe takes over + failureThreshold: 6 + livenessProbe: + httpGet: + path: / + port: 80 + httpHeaders: + - name: X-Forwarded-Proto + value: https + # allow a longer response time than 1s + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 80 + httpHeaders: + - name: X-Forwarded-Proto + value: https + # start checking for readiness after 20s (to serve traffic) + initialDelaySeconds: 20 + # allow a longer response time than 1s + timeoutSeconds: 10 + env: + - name: RAILS_LOG_TO_STDOUT + value: "true" + - name: RAILS_ENV + value: production + - name: RAILS_MASTER_KEY + valueFrom: + secretKeyRef: + name: eras-production + key: rails-master-key + volumeMounts: + - mountPath: /tmp + name: eras-production-app-data + volumes: + - name: eras-production-app-data + hostPath: + # directory location on host node temp disk + path: /mnt/eras-production-app-data + type: DirectoryOrCreate +--- +apiVersion: v1 +kind: Service +metadata: + name: eras-production-app +spec: + selector: + app: eras-production-app + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: NodePort From 21d7639c5d7c14a0f07e83fe917369e9dd86edf2 Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Wed, 4 Oct 2023 12:11:49 -0500 Subject: [PATCH 5/7] Production credentials --- config/credentials/production.yml.enc | 1 + 1 file changed, 1 insertion(+) create mode 100644 config/credentials/production.yml.enc diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc new file mode 100644 index 0000000..89c1ee7 --- /dev/null +++ b/config/credentials/production.yml.enc @@ -0,0 +1 @@ +eqnALI7MN47S0mBhfjaK5EGmDYeswAgKWkiduqfkLlscxRPc5UmIQPI4mu89UNL70xyhI9EKI9FL/s+j3Aq5G6Mbok9QnjU8gVqVhaB0wesFov0yKvPsL9J5s4aqoPlmj6A3IP7zrRSLJjVIm51xRqyjp5jONo+s5blGR3e7Uts3B5zLaOFfW56J2FUF6zJUICDQbNAWl03Nuec6U0GIgPJM3FVCbyvcwYHsLXxMug9kNlU+Sq85DmDxpL2OpBcuT3TyUUh4OVbsWC4jJmdkuGl9ZqgLOjTMyADwofaWB/xPBpjXZMOJrPEssDZplYCrh4ZxaIFJzkO1jalYQ8HIIaNLyiDDRNV5UJnzl/kdxVyrjdxdqyXcWa737CIhlnAtetRg+Xs1S3sxCCqowLcULccPhaQtD7arVYPS2Ox7vXI614PwLv4fgcaNpLjB3QDcgHH1yl+8X7YkJPXbmrECJDIaJVJbX9jLmm7gY481jtzsJhB8TOl5z648aWwSs3NcUO/w8FywZ4htCq4yesK84z4XqxoqztMh1UqP67KNo7MRZ+NVlqa5Z4rqKCX2kBOy1MvzIX4WNFyFdJbWXek8Pq0P+fDmRE6I/qydptRWbKidcWqJP9AjCso997Q5qg==--/WuoYgMCEHz1UMzq--6pLCOPC56KYGEilMTbAA/w== \ No newline at end of file From 256e1bfb39fa633a6e941cecc23331bdad342516 Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Wed, 4 Oct 2023 12:12:01 -0500 Subject: [PATCH 6/7] Production DB migration job template --- kubernetes/db-migrate-production.tmpl | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 kubernetes/db-migrate-production.tmpl diff --git a/kubernetes/db-migrate-production.tmpl b/kubernetes/db-migrate-production.tmpl new file mode 100644 index 0000000..a33fbd0 --- /dev/null +++ b/kubernetes/db-migrate-production.tmpl @@ -0,0 +1,23 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: __JOB_NAME__ +spec: + template: + spec: + containers: + - name: eras-db-migrate-production + image: ghcr.io/zooniverse/eras:__IMAGE_TAG__ + command: ["bundle", "exec", "rails", "db:migrate"] + env: + - name: RAILS_LOG_TO_STDOUT + value: "true" + - name: RAILS_ENV + value: staging + - name: RAILS_MASTER_KEY + valueFrom: + secretKeyRef: + name: eras-production + key: rails-master-key + restartPolicy: Never + backoffLimit: 1 \ No newline at end of file From 63706581a20be1cd6d6e0341937de6aa38fb878f Mon Sep 17 00:00:00 2001 From: Zach Wolfenbarger Date: Wed, 4 Oct 2023 15:12:41 -0500 Subject: [PATCH 7/7] Clarify name of lambda deploy --- .github/workflows/deploy_lambda_staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_lambda_staging.yml b/.github/workflows/deploy_lambda_staging.yml index d8577ea..0b34a70 100644 --- a/.github/workflows/deploy_lambda_staging.yml +++ b/.github/workflows/deploy_lambda_staging.yml @@ -1,4 +1,4 @@ -name: Deploy Lambda Function +name: Deploy Staging Lambda Function on: workflow_dispatch: