Skip to content

Commit

Permalink
Migrate to OpenShift 4 (#208)
Browse files Browse the repository at this point in the history
  • Loading branch information
@williambelle
williambelle authored Nov 27, 2024
1 parent 5e069c8 commit 6c662cd
Show file tree
Hide file tree
Showing 17 changed files with 335 additions and 289 deletions.
26 changes: 8 additions & 18 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

## Prerequisites

- Access to our Keybase `/keybase/team/epfl_search` directory.
- Access to `wwp-test` and `wwp` namespaces on our OpenShift cluster.
- Groups `vra_p_svc0012`.
- Keybase `epfl_search`.
- Access to ghcr.io via a personal access tokens (PATs).

## Setup

Expand Down Expand Up @@ -74,21 +75,10 @@ git push origin main --tags

## Deploy

Log into `ghcr.io`, `os-docker-registry.epfl.ch` and OpenShift, then

```text
Usage: ./ansible/searchapisible [options]
Options:
-h, --help Show help message and exit
--list-tags List all available tags
--prod Deploy in production
-t, --tags Run tasks tagged with these values [string]
-v, --verbose Causes Ansible to print more debug messages
--version Show version number
```bash
# Help
./ansible/searchapisible --help

Examples:
./ansible/searchapisible
./ansible/searchapisible --prod
./ansible/searchapisible --prod -t app.restart
# Production
./ansible/searchapisible --prod
```
13 changes: 13 additions & 0 deletions ansible/inventory/dev.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
all:
hosts:
search-dev-openshift:
ansible_connection: local
ansible_host: localhost
openshift_namespace: svc0012d-search-engine
ansible_python_interpreter: '{{searchapisible_suitcase_dir}}/bin/python3'
vars:
hostnames:
- dev-search-api.epfl.ch
routes_availability: private
secrets: '{{ lookup("file", "/keybase/team/epfl_search/api/dev/secrets.yml") | from_yaml }}'
tag: 0.9.4
28 changes: 14 additions & 14 deletions ansible/inventory/prod.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
all:
children:
openshift_namespaces:
hosts:
wwp: {}
vars:
ansible_connection: local
openshift_namespace: 'wwp'

hostnames:
- search-backend.epfl.ch
- search-2012.epfl.ch
- search-api.epfl.ch
tag: latest
searchapi_secrets: "{{ lookup('file', '/keybase/team/epfl_search/api/prod/secrets.yml') | from_yaml }}"
hosts:
search-staging-openshift:
ansible_connection: local
ansible_host: localhost
openshift_namespace: svc0012p-search-engine
ansible_python_interpreter: '{{searchapisible_suitcase_dir}}/bin/python3'
vars:
hostnames:
- search-backend.epfl.ch
- search-2012.epfl.ch
- search-api.epfl.ch
routes_availability: public
secrets: '{{ lookup("file", "/keybase/team/epfl_search/api/prod/secrets.yml") | from_yaml }}'
tag: 0.9.4
13 changes: 13 additions & 0 deletions ansible/inventory/staging.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
all:
hosts:
search-staging-openshift:
ansible_connection: local
ansible_host: localhost
openshift_namespace: svc0012t-search-engine
ansible_python_interpreter: '{{searchapisible_suitcase_dir}}/bin/python3'
vars:
hostnames:
- staging-search-api.epfl.ch
routes_availability: private
secrets: '{{ lookup("file", "/keybase/team/epfl_search/api/staging/secrets.yml") | from_yaml }}'
tag: 0.9.4
15 changes: 0 additions & 15 deletions ansible/inventory/test.yml
View file

This file was deleted.

2 changes: 1 addition & 1 deletion ansible/playbook.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
- name: Search API Kubernetes objects
hosts: openshift_namespaces
hosts: all
gather_facts: yes
roles:
- role: roles/search-api-k8s
2 changes: 0 additions & 2 deletions ansible/requirements.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +0,0 @@
roles:
- src: epfl_si.ansible_module_openshift
2 changes: 0 additions & 2 deletions ansible/roles/search-api-k8s/meta/main.yml
View file

This file was deleted.

265 changes: 139 additions & 126 deletions ansible/roles/search-api-k8s/tasks/app.yml
View file
Original file line number Diff line number Diff line change
@@ -1,128 +1,141 @@
- name: SearchAPI - Deployment
openshift:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: '{{ app_name }}'
namespace: '{{ openshift_namespace }}'
labels:
app: '{{ app_name }}'
team: '{{ team }}'
spec:
replicas: 2
selector:
matchLabels:
app: '{{ app_name }}'
template:
metadata:
labels:
app: '{{ app_name }}'
team: '{{ team }}'
role: webserver
spec:
containers:
- env:
- name: SEARCH_API_ENABLE_CSE
value: '{{ searchapi_secrets.SEARCH_API_ENABLE_CSE |string }}'
- name: SEARCH_API_ENABLE_LDAP
value: '{{ searchapi_secrets.SEARCH_API_ENABLE_LDAP |string }}'
- name: SEARCH_API_ENABLE_ADDRESS
value: '{{ searchapi_secrets.SEARCH_API_ENABLE_ADDRESS |string }}'
- name: SEARCH_API_ENABLE_UNIT
value: '{{ searchapi_secrets.SEARCH_API_ENABLE_UNIT |string }}'
- name: SEARCH_API_ENABLE_GRAPHSEARCH
value: '{{ searchapi_secrets.SEARCH_API_ENABLE_GRAPHSEARCH |string }}'
- name: SEARCH_API_CSE_API_KEY
valueFrom:
secretKeyRef:
name: search-api-cse-secrets
key: SEARCH_API_CSE_API_KEY
- name: SEARCH_API_CSE_CX
value: '{{ searchapi_secrets.SEARCH_API_CSE_CX }}'
- name: SEARCH_API_CADIDB_HOST
value: '{{ searchapi_secrets.SEARCH_API_CADIDB_HOST }}'
- name: SEARCH_API_CADIDB_PORT
value: '{{ searchapi_secrets.SEARCH_API_CADIDB_PORT }}'
- name: SEARCH_API_CADIDB_DATABASE
value: '{{ searchapi_secrets.SEARCH_API_CADIDB_DATABASE }}'
- name: SEARCH_API_CADIDB_USER
valueFrom:
secretKeyRef:
name: search-api-cadidb-secrets
key: SEARCH_API_CADIDB_USER
- name: SEARCH_API_CADIDB_PASSWORD
valueFrom:
secretKeyRef:
name: search-api-cadidb-secrets
key: SEARCH_API_CADIDB_PASSWORD
- name: SEARCH_API_LDAP_URL
value: '{{ searchapi_secrets.SEARCH_API_LDAP_URL }}'
- name: SEARCH_API_LDAP_ROOTS_FILTER
value: '{{ searchapi_secrets.SEARCH_API_LDAP_ROOTS_FILTER }}'
- name: SEARCH_API_MD_BASE_URL
value: '{{ searchapi_secrets.SEARCH_API_MD_BASE_URL }}'
- name: SEARCH_API_MD_USER
valueFrom:
secretKeyRef:
name: search-api-md-secrets
key: SEARCH_API_MD_USER
- name: SEARCH_API_MD_PASSWORD
valueFrom:
secretKeyRef:
name: search-api-md-secrets
key: SEARCH_API_MD_PASSWORD
livenessProbe:
httpGet:
path: /healthz
port: 5555
initialDelaySeconds: 2
periodSeconds: 15
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /healthz
port: 5555
initialDelaySeconds: 2
periodSeconds: 15
timeoutSeconds: 5
name: '{{ app_name }}'
image: 'docker-registry.default.svc:5000/{{ openshift_namespace }}/search-api:latest'
imagePullPolicy: Always
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
- name: Search API - ServiceAccount
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: ServiceAccount
metadata:
name: '{{ app_name }}-service-account'
namespace: '{{ openshift_namespace }}'
imagePullSecrets:
- name: '{{ app_name }}-pull-secret'

- name: SearchAPI - Service
openshift:
state: latest
apiVersion: v1
kind: Service
metadata:
name: '{{ app_name }}'
namespace: '{{ openshift_namespace }}'
labels:
app: '{{ app_name }}'
team: '{{ team }}'
spec:
type: ClusterIP
ports:
- name: '80'
port: 80
protocol: TCP
targetPort: 5555
selector:
app: '{{ app_name }}'
role: webserver
- name: Search API - Service
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: '{{ app_name }}'
namespace: '{{ openshift_namespace }}'
labels:
app: '{{ app_name }}'
team: '{{ team }}'
spec:
type: ClusterIP
ports:
- name: '80'
port: 80
targetPort: 5555
selector:
app: '{{ app_name }}'

- name: SearchAPI - Restart
when: >-
('app.restart' in ansible_run_tags)
or
(_searchapi_push is changed)
local_action:
module: shell
cmd: >-
oc patch deployment/{{ app_name }} --namespace {{ openshift_namespace }} --patch \
'{"spec": {"template": {"metadata": {"annotations": {"last-restart": "{{ ansible_date_time.iso8601 }}"}}}}}'
tags: app.restart
- name: Search API - Deployment
kubernetes.core.k8s:
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ app_name }}'
namespace: '{{ openshift_namespace }}'
labels:
app: '{{ app_name }}'
team: '{{ team }}'
version: '{{ tag }}'
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app: '{{ app_name }}'
template:
metadata:
labels:
app: '{{ app_name }}'
team: '{{ team }}'
version: '{{ tag }}'
spec:
serviceAccountName: '{{ app_name }}-service-account'
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: '{{ app_name }}'
topologyKey: kubernetes.io/hostname
containers:
- name: '{{ app_name }}'
image: '{{ quay_registry }}/{{ app_name }}:{{ tag }}'
env:
- name: SEARCH_API_ENABLE_CSE
value: '{{ secrets.SEARCH_API_ENABLE_CSE | string }}'
- name: SEARCH_API_ENABLE_LDAP
value: '{{ secrets.SEARCH_API_ENABLE_LDAP | string }}'
- name: SEARCH_API_ENABLE_ADDRESS
value: '{{ secrets.SEARCH_API_ENABLE_ADDRESS | string }}'
- name: SEARCH_API_ENABLE_UNIT
value: '{{ secrets.SEARCH_API_ENABLE_UNIT | string }}'
- name: SEARCH_API_ENABLE_GRAPHSEARCH
value: '{{ secrets.SEARCH_API_ENABLE_GRAPHSEARCH | string }}'
- name: SEARCH_API_CSE_API_KEY
valueFrom:
secretKeyRef:
name: search-api-cse-secrets
key: SEARCH_API_CSE_API_KEY
- name: SEARCH_API_CSE_CX
value: '{{ secrets.SEARCH_API_CSE_CX }}'
- name: SEARCH_API_CADIDB_HOST
value: '{{ secrets.SEARCH_API_CADIDB_HOST }}'
- name: SEARCH_API_CADIDB_PORT
value: '{{ secrets.SEARCH_API_CADIDB_PORT }}'
- name: SEARCH_API_CADIDB_DATABASE
value: '{{ secrets.SEARCH_API_CADIDB_DATABASE }}'
- name: SEARCH_API_CADIDB_USER
valueFrom:
secretKeyRef:
name: search-api-cadidb-secrets
key: SEARCH_API_CADIDB_USER
- name: SEARCH_API_CADIDB_PASSWORD
valueFrom:
secretKeyRef:
name: search-api-cadidb-secrets
key: SEARCH_API_CADIDB_PASSWORD
- name: SEARCH_API_LDAP_URL
value: '{{ secrets.SEARCH_API_LDAP_URL }}'
- name: SEARCH_API_LDAP_ROOTS_FILTER
value: '{{ secrets.SEARCH_API_LDAP_ROOTS_FILTER }}'
- name: SEARCH_API_MD_BASE_URL
value: '{{ secrets.SEARCH_API_MD_BASE_URL }}'
- name: SEARCH_API_MD_USER
valueFrom:
secretKeyRef:
name: search-api-md-secrets
key: SEARCH_API_MD_USER
- name: SEARCH_API_MD_PASSWORD
valueFrom:
secretKeyRef:
name: search-api-md-secrets
key: SEARCH_API_MD_PASSWORD
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
livenessProbe:
httpGet:
path: /healthz
port: 5555
initialDelaySeconds: 2
periodSeconds: 15
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /healthz
port: 5555
initialDelaySeconds: 2
periodSeconds: 15
timeoutSeconds: 5
Loading

0 comments on commit 6c662cd

Please sign in to comment.