Use Kittyhawk for Deployment Config

.github/cdk/package.json

@@ -13,13 +13,13 @@
     "upgrade-cdk": "yarn upgrade cdkactions@latest cdkactions-cli@latest"
   },
   "dependencies": {
-    "@pennlabs/kraken": "^0.6.3",
+    "@pennlabs/kraken": "^0.8.6",
     "cdkactions": "^0.2.3",
-    "constructs": "^3.3.133"
+    "constructs": "^3.2.109"
   },
   "devDependencies": {
-    "@types/node": "^16.7.2",
+    "@types/node": "^17.0.23",
     "cdkactions-cli": "^0.2.3",
-    "typescript": "^4.4.2"
+    "typescript": "^4.6.3"
   }
 }

.github/cdk/yarn.lock

@@ -2,19 +2,19 @@
 # yarn lockfile v1
 
 
-"@pennlabs/kraken@^0.6.3":
-  version "0.6.3"
-  resolved "https://registry.yarnpkg.com/@pennlabs/kraken/-/kraken-0.6.3.tgz#d346daa36146ee969544939175352e7f7e8a630b"
-  integrity sha512-7xPn5hIPVsyCQO0DjAMAkotrz9+m6qIBoto/zs7zzuWCj/UlirPn2OphG2GNUnqiDEbQMIXoIPEt1wASUSvSgg==
+"@pennlabs/kraken@^0.8.6":
+  version "0.8.6"
+  resolved "https://registry.yarnpkg.com/@pennlabs/kraken/-/kraken-0.8.6.tgz#79a9d10bed36b699c526556cd69b6d81341847d1"
+  integrity sha512-aBblQa/661DJ2GP3Dq1KEzCZ72ZV/Jw7z4HNZoWPxGWn+tSPwvaPkSNDpK7tT+nJmu427giGU8DLyciU79hKbA==
   dependencies:
-    cdkactions "^0.2.0"
+    cdkactions "^0.2.3"
     constructs "^3.2.80"
-    dedent-js "^1.0.1"
+    ts-dedent "^2.2.0"
 
-"@types/node@^16.7.2":
-  version "16.7.2"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-16.7.2.tgz#0465a39b5456b61a04d98bd5545f8b34be340cb7"
-  integrity sha512-TbG4TOx9hng8FKxaVrCisdaxKxqEwJ3zwHoCWXZ0Jw6mnvTInpaB99/2Cy4+XxpXtjNv9/TgfGSvZFyfV/t8Fw==
+"@types/node@^17.0.23":
+  version "17.0.23"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.23.tgz#3b41a6e643589ac6442bdbd7a4a3ded62f33f7da"
+  integrity sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==
 
 ansi-regex@^5.0.0:
   version "5.0.0"
@@ -45,7 +45,7 @@ cdkactions-cli@^0.2.3:
     yaml "^1.10.0"
     yargs "^16.2.0"
 
-cdkactions@^0.2.0, cdkactions@^0.2.3:
+cdkactions@^0.2.3:
   version "0.2.3"
   resolved "https://registry.yarnpkg.com/cdkactions/-/cdkactions-0.2.3.tgz#aa27bf720962376d54f8ef95cdfb0ab46458b966"
   integrity sha512-/DYQ2qsT6fzgZB+cmQjtPqR4aAWCqAytWbFpJK+iJLQ4jQrl6l4uMf01TLiWY3mAILS0YGlwPcoBbGvq9Jnz5g==
@@ -74,16 +74,11 @@ color-name@~1.1.4:
   resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
   integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
 
-constructs@^3.2.109, constructs@^3.2.80, constructs@^3.3.133:
+constructs@^3.2.109, constructs@^3.2.80:
   version "3.3.133"
   resolved "https://registry.yarnpkg.com/constructs/-/constructs-3.3.133.tgz#06355ebc30ad02b46ec1434bb581aeca9b82c0ff"
   integrity sha512-f0HgM9tmmR66A9XrzDXS7kXRbB9Gazb+KPldP9RRIkrFGhHuGeII+2YyTxxzY15cDgU58NrLrac+gynhrLy6Uw==
 
-dedent-js@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/dedent-js/-/dedent-js-1.0.1.tgz#bee5fb7c9e727d85dffa24590d10ec1ab1255305"
-  integrity sha1-vuX7fJ5yfYXf+iRZDRDsGrElUwU=
-
 emoji-regex@^8.0.0:
   version "8.0.0"
   resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37"
@@ -158,15 +153,15 @@ strip-ansi@^6.0.0:
   dependencies:
     ansi-regex "^5.0.0"
 
-ts-dedent@^2.0.0:
+ts-dedent@^2.0.0, ts-dedent@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/ts-dedent/-/ts-dedent-2.2.0.tgz#39e4bd297cd036292ae2394eb3412be63f563bb5"
   integrity sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==
 
-typescript@^4.4.2:
-  version "4.4.2"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.4.2.tgz#6d618640d430e3569a1dfb44f7d7e600ced3ee86"
-  integrity sha512-gzP+t5W4hdy4c+68bfcv0t400HVJMMd2+H9B7gae1nQlBzCqvrXX+6GL/b3GAgyTH966pzrZ70/fRjwAtZksSQ==
+typescript@^4.6.3:
+  version "4.6.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.6.3.tgz#eefeafa6afdd31d725584c67a0eaba80f6fc6c6c"
+  integrity sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==
 
 universalify@^0.1.0:
   version "0.1.2"

.github/workflows/cdkactions_workflow.yaml

@@ -266,46 +266,40 @@ jobs:
           tags: pennlabs/pcx-landing:latest,pennlabs/pcx-landing:${{ github.sha }}
   deploy:
     runs-on: ubuntu-latest
-    container:
-      image: pennlabs/helm-tools:39b60af248944898fcbc58d1fe5b0f1995420aef
     if: github.ref == 'refs/heads/master'
     steps:
       - uses: actions/checkout@v2
-      - name: Deploy
+      - id: synth
+        name: Synth cdk8s manifests
         run: |-
-          aws eks --region us-east-1 update-kubeconfig --name production --role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/kubectl
+          cd k8s
+          yarn install --frozen-lockfile
 
           # get repo name (by removing owner/organization)
-          RELEASE_NAME=${REPOSITORY#*/}
+          export RELEASE_NAME=${REPOSITORY#*/}
+
+          # Export RELEASE_NAME as an output
+          echo "::set-output name=RELEASE_NAME::$RELEASE_NAME"
 
-          # this specifies what tag of icarus to pull down
-          DEPLOY_TAG=$(yq r k8s/values.yaml deploy_version)
-          if [ "$DEPLOY_TAG" = "null" ]; then
-              echo "Could not find deploy tag"
-              exit 1
-          fi
+          yarn build
+        env:
+          GIT_SHA: ${{ github.sha }}
+          REPOSITORY: ${{ github.repository }}
+          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      - name: Deploy
+        run: |-
+          aws eks --region us-east-1 update-kubeconfig --name production --role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/kubectl
 
-          helm repo add pennlabs https://helm.pennlabs.org/
-          for i in {1..10}; do
-            # This is bash soup, but it'll do.
-            # 1. Attempt to install with helm
-            # 2. If this succeeds, exit with a success status code
-            # 3. If it fails, mark the command as succeeded so that '-e' doesn't kick us out
-            # 4. Wait 10s and try again
-            helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version "${DEPLOY_TAG}" $RELEASE_NAME pennlabs/icarus && exit 0 || true
-            sleep 10s
-            echo "Retrying deploy for $i times"
-          done
+          # get repo name from synth step
+          RELEASE_NAME=${{ steps.synth.outputs.RELEASE_NAME }}
 
-          # If we get here, all helm installs failed so our command should fail
-          exit 1
+          # Deploy
+          kubectl apply -f k8s/dist/ -l app.kubernetes.io/component=certificate
+          kubectl apply -f k8s/dist/ --prune -l app.kubernetes.io/part-of=$RELEASE_NAME
         env:
-          IMAGE_TAG: ${{ github.sha }}
           AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
           AWS_ACCESS_KEY_ID: ${{ secrets.GH_AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.GH_AWS_SECRET_ACCESS_KEY }}
-          DO_AUTH_TOKEN: ${{ secrets.DO_AUTH_TOKEN }}
-          REPOSITORY: ${{ github.repository }}
     needs:
       - publish-backend
       - publish-frontend-pcp

backend/PennCourses/settings/base.py

@@ -16,7 +16,7 @@
 import dj_database_url
 
 
-DOMAIN = os.environ.get("DOMAIN", "example.com")
+DOMAINS = os.environ.get("DOMAINS", "example.com").split(",")
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))

backend/PennCourses/settings/production.py

@@ -13,11 +13,7 @@
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
 # Allow production host headers
-ALLOWED_HOSTS = [
-    "penncourseplan.com",
-    "penncoursealert.com",
-    "penncoursereview.com",
-]
+ALLOWED_HOSTS = DOMAINS
 
 # Sentry settings
 SENTRY_URL = os.environ.get("SENTRY_URL", "")

k8s/.gitignore

@@ -0,0 +1,4 @@
+*.d.ts
+*.js
+node_modules
+dist/

k8s/cdk8s.yaml

@@ -0,0 +1,2 @@
+language: typescript
+app: node main.js

k8s/main.ts

@@ -0,0 +1,89 @@
+import { Construct } from 'constructs';
+import { App } from 'cdk8s';
+import { CronJob, DjangoApplication, PennLabsChart, ReactApplication, RedisApplication } from '@pennlabs/kittyhawk';
+
+const cronTime = require('cron-time-generator');
+
+export class MyChart extends PennLabsChart {
+  constructor(scope: Construct) {
+    super(scope);
+
+    const backendImage = 'pennlabs/penn-courses-backend';
+    const secret = 'penn-courses';
+
+    new RedisApplication(this, 'redis', { deployment: { tag: '4.0' } });
+
+    new DjangoApplication(this, 'celery', {
+      deployment: {
+        image: backendImage,
+        secret: secret,
+        cmd: ['celery', 'worker', '-A', 'PennCourses', '-Q', 'alerts,celery', '-linfo'],
+      },
+      djangoSettingsModule: 'PennCourses.settings.production',
+    });
+
+    new DjangoApplication(this, 'backend', {
+      deployment: {
+        image: backendImage,
+        secret: secret,
+        cmd: ['celery', 'worker', '-A', 'PennCourses', '-Q', 'alerts,celery', '-linfo'],
+        replicas: 3,
+        env: [{ name: 'PORT', value: '80' }],
+      },
+      djangoSettingsModule: 'PennCourses.settings.production',
+      ingressProps: {
+        annotations: { ['ingress.kubernetes.io/content-security-policy']: "frame-ancestors 'none';" },
+      },
+      domains: [{ host: 'penncourseplan.com', paths: ["/api", "/admin", "/accounts", "/assets"] },
+      { host: 'penncoursealert.com', paths: ["/api", "/admin", "/accounts", "/assets", "/webhook"] },
+      { host: 'penncoursereview.com', paths: ["/api", "/admin", "/accounts", "/assets"] }],
+    });
+
+    new ReactApplication(this, 'landing', {
+      deployment: {
+        image: 'pennlabs/pcx-landing',
+      },
+      domain: { host: 'penncourses.org', paths: ['/'] },
+    });
+
+    new ReactApplication(this, 'plan', {
+      deployment: {
+        image: 'pennlabs/pcp-frontend',
+      },
+      domain: { host: 'penncourseplan.org', paths: ['/'] },
+    });
+
+    new ReactApplication(this, 'alert', {
+      deployment: {
+        image: 'pennlabs/pca-frontend',
+      },
+      domain: { host: 'penncoursealert.org', paths: ['/'] },
+    });
+
+    new ReactApplication(this, 'review', {
+      deployment: {
+        image: 'pennlabs/pcr-frontend',
+      },
+      domain: { host: 'penncoursereview.org', paths: ['/'] },
+    });
+
+    new CronJob(this, 'load-courses', {
+      schedule: cronTime.everyDayAt(3),
+      image: backendImage,
+      secret: secret,
+      cmd: ['python', 'manage.py', 'registrarimport'],
+    });
+
+    new CronJob(this, 'report-stats', {
+      schedule: cronTime.everyDayAt(20),
+      image: backendImage,
+      secret: secret,
+      cmd: ['python', 'manage.py', 'alertstats', '1', '--slack'],
+    });
+
+  }
+}
+
+const app = new App();
+new MyChart(app);
+app.synth();

k8s/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "k8s",
+  "version": "1.0.0",
+  "main": "main.js",
+  "types": "main.ts",
+  "license": "Apache-2.0",
+  "private": true,
+  "scripts": {
+    "import": "cdk8s import",
+    "synth": "cdk8s synth",
+    "compile": "tsc",
+    "watch": "tsc -w",
+    "build": "npm run compile && npm run synth",
+    "upgrade": "npm i cdk8s@latest cdk8s-cli@latest",
+    "upgrade:next": "npm i cdk8s@next cdk8s-cli@next"
+  },
+  "dependencies": {
+    "@pennlabs/kittyhawk": "^1.1.4",
+    "cdk8s": "^2.2.63",
+    "constructs": "^10.0.119"
+  },
+  "devDependencies": {
+    "@types/jest": "^26.0.24",
+    "@types/node": "^14.18.12",
+    "jest": "^26.6.3",
+    "ts-jest": "^26.5.6",
+    "typescript": "^4.6.3"
+  }
+}

k8s/tsconfig.json

@@ -0,0 +1,33 @@
+{
+  "compilerOptions": {
+    "alwaysStrict": true,
+    "charset": "utf8",
+    "declaration": true,
+    "experimentalDecorators": true,
+    "inlineSourceMap": true,
+    "inlineSources": true,
+    "lib": [
+      "es2016"
+    ],
+    "module": "CommonJS",
+    "noEmitOnError": true,
+    "noFallthroughCasesInSwitch": true,
+    "noImplicitAny": true,
+    "noImplicitReturns": true,
+    "noImplicitThis": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "resolveJsonModule": true,
+    "strict": true,
+    "strictNullChecks": true,
+    "strictPropertyInitialization": true,
+    "stripInternal": true,
+    "target": "ES2017"
+  },
+  "include": [
+    "**/*.ts"
+  ],
+  "exclude": [
+    "node_modules"
+  ]
+}