IBM Cloud deployment improvements

[Tansito]

Summary

Testing our current configuration in IBM Cloud. Fix #423

Details and comments

Due to the differences between the deployment in local vs IBM Cloud I made more dynamic our Ingress configuration with the purpose to be able to support AWS too without the need to change the template if not only the values (as a normal user would do).

• I removed nginxconfig in favor of adding those annotations in ingress.
• Renamed ray-ingress to just ingress now that we are going to expose different applications
• ingress now is more dynamic so you can add the annotations and host configuration through the values file.
• How only the gateway + repository are going to be exposed I changed the serviceType of almost all the services to ClusterIP.
• Fix in terraform values that now are required by the project: machine_type, workers_per_zone...
• Removed helm integration in terraform due to now helm release requires values from the cluster after its creation (investigating if we can obtain them).
• ray-cluster changed from a fixed worker to a dynamic set of workers

Resources

• IBM Cloud
• NGINX Controller annotations

[Tansito]

@psschwei I don't know if you can help me debugging a problem that I found. Installing the helm I'm not being able to find kuberay/operator:

[psschwei]

@psschwei I don't know if you can help me debugging a problem that I found. Installing the helm I'm not being able to find kuberay/operator:

Looks like the tag should be v0.5.0

[Tansito]

Totally right @psschwei , hours fighting yesterday and there was a v 🤦 , thank you!

[psschwei]

Is this PR the same config we used to set up the cluster for the dev forum?

[Tansito]

Yes but with some on-real-time changes 😂 . Like for example we improved the raycluster configuration, we needed to modify the realm configuration due to some kind of random error and a problem with the docker entrypoints that we need to take a look before open it to review. But yeah is almost with these changes.

[Tansito]

I'm working on those points right now btw.

[pacomf]

@Tansito tests are failing because: #509 (comment)

[Tansito]

Yes, I was commenting w/ @psschwei and @IceKhan13 in the issue, thank you @pacomf !

[IceKhan13]

Any of #508 and #512 will fix failing test :)

[IceKhan13]

@Tansito can you merge main here? tests are fixed now :)

[IceKhan13]

ah, that was a problem of not having migrations :)

[Tansito]

mostly, it seems that command overrides the entrypoint that you can have in your container (you always learn something new).

[IceKhan13]

My only comment is this. Maybe we should uncomment this? :)
or /metrics is not available? or do /api/v1/

[Tansito]

You are totally right. My two cents here from previous experiences is that the security team will ask us for two different end-points for liveness and readiness for a simple HTTP 200 and a DB access. For the DB access I think /api/v1 can work (I would need to confirm it) but for the HTTP 200 we will need a specific end-point. That's why I commented them. If you are agree @IceKhan13 I can create an issue for this.

[IceKhan13]

Makes sense :) Yeah, let's add something like /health or something like this in following PRs

[psschwei]

this failed to install for me:

$ helm -n quantum-serverless install quantum-serverless --create-namespace -f values-ibm.yaml .
coalesce.go:223: warning: destination for loki.gateway.affinity is a table. Ignoring non-table value (podAntiAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          {{- include "loki.gatewaySelectorLabels" . | nindent 10 }}
      topologyKey: kubernetes.io/hostname
)
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "loki" namespace: "" from "": no matches for kind "GrafanaAgent" in version "monitoring.grafana.com/v1alpha1"
ensure CRDs are installed first, resource mapping not found for name: "loki" namespace: "" from "": no matches for kind "LogsInstance" in version "monitoring.grafana.com/v1alpha1"
ensure CRDs are installed first, resource mapping not found for name: "loki" namespace: "" from "": no matches for kind "PodLogs" in version "monitoring.grafana.com/v1alpha1"
ensure CRDs are installed first]

(looks like I broke something in ce747be -- seems like we need the grafana-agent CRDs or maybe even the entire operator...)

not for this PR, but we may want to look into something like kustomize for some of the provider-specific overlays: https://jfrog.com/blog/power-up-helm-charts-using-kustomize-to-manage-kubernetes-deployments/

also, one minor nit: can we update the readme for IBM-specific install instructions?

[Tansito]

(looks like I broke something in ce747be -- seems like we need the grafana-agent CRDs or maybe even the entire operator...)

@psschwei I'm going to update this PR with master now but my last deployment in IBM Cloud was with your changes and I think it was working. I can confirm you in some minutes when I try to deploy again.

we may want to look into something like kustomize for some of the provider-specific overlays

I'm always open for improvements. Before introduce more things in the infrastructure I would like to work too in the tests: #117 and #118

also, one minor nit: can we update the readme for IBM-specific install instructions?

You are totally right. I will review it now.

[Tansito]

@psschwei I can confirm you. Regardless the warning in:

coalesce.go:223: warning: destination for loki.gateway.affinity is a table. Ignoring non-table value (podAntiAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          {{- include "loki.gatewaySelectorLabels" . | nindent 10 }}
      topologyKey: kubernetes.io/hostname
)

I could deploy it in IBM Cloud without a problem.

[psschwei]

Yeah, the warning has been there for a while (I think I opened an issue for it sometime back)... the errors were new for me (and also weird, because I didn't get them before...).

On kustomize I'm thinking two things:

• minimizing duplicates in the config files
• making it easy for users to set their values (secrets, etc, basically all those things in the readme we say for them to edit)

not any hurry on that, more of a day 2 / nice to have at this point. Agree testing would be better for now 😄

[psschwei]

kustomize

Someone this week recommended helmfile as a potentially better fit, so we have options 😄

[IceKhan13]

monumental work of setting this all up 👏

[pacomf]

Here we go! 🚀