Merge pull request #100 from lsst-sqre/u/jsickcodes/deploy-2-0

jonathansick · web-flow · commit 69330acb8f90 · 2022-03-07T14:58:53.000-05:00
Prepare Kubernetes deployment for v2
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,6 +1,19 @@
 name: CI
 
-"on": [push]
+'on':
+  push:
+    branches-ignore:
+      # These should always correspond to pull requests, so ignore them for
+      # the push trigger and let them be triggered by the pull_request
+      # trigger, avoiding running the workflow twice.  This is a minor
+      # optimization so there's no need to ensure this is comprehensive.
+      - 'dependabot/**'
+      - 'renovate/**'
+      - 'tickets/**'
+      - 'u/**'
+    tags:
+      - '*'
+  pull_request: {}
 
 jobs:
   lint:
@@ -60,18 +73,20 @@ jobs:
           LTD_KEEPER_TEST_AWS_ID: ${{ secrets.LTD_KEEPER_TEST_AWS_ID }}
           LTD_KEEPER_TEST_AWS_SECRET: ${{ secrets.LTD_KEEPER_TEST_AWS_SECRET }}
           LTD_KEEPER_TEST_BUCKET: ${{ secrets.LTD_KEEPER_TEST_BUCKET }}
-        run: tox -e typing,${{matrix.db}},coverage-report  # run tox using Python in path
+        run: tox -e typing,${{matrix.db}},coverage-report # run tox using Python in path
 
       - name: Run tox without external services
         if: ${{ !(matrix.python != 3.9 && matrix.db != 'postgres') }}
-        run: tox -e typing,${{matrix.db}},coverage-report  # run tox using Python in path
+        run: tox -e typing,${{matrix.db}},coverage-report # run tox using Python in path
 
   docs:
     runs-on: ubuntu-latest
     needs: [lint]
 
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Set up Python
         uses: actions/setup-python@v2
@@ -106,15 +121,18 @@ jobs:
     needs: [test]
 
     # Only do Docker builds of ticket branches and tagged releases, as well
-    # as JSick Codes branches.
-    if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/tickets/') || startsWith(github.ref, 'refs/heads/u/jsickcodes/')
+    # as J.Sick Codes branches.
+    # if: >
+    #  (startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/tickets/')) || startsWith(github.ref, 'refs/heads/u/jsickcodes/')
 
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Define the Docker tag
         id: vars
-        run: echo ::set-output name=tag::$(bin/docker-tag.sh "$GITHUB_REF")
+        run: echo ::set-output name=tag::$(bin/docker-tag.sh)
 
       - name: Print the tag
         id: print
@@ -123,33 +141,26 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Cache Docker layers
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys:
-            ${{ runner.os }}-buildx-
-
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and push
         uses: docker/build-push-action@v2
         with:
           context: .
           push: true
-          tags: lsstsqre/ltdkeeper:${{ steps.vars.outputs.tag }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
-
-      # Temp fix
-      # https://github.com/docker/build-push-action/issues/252
-      # https://github.com/moby/buildkit/issues/1896
-      - name: Move cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          tags: |
+            lsstsqre/ltdkeeper:${{ steps.vars.outputs.tag }}
+            ghcr.io/lsst-sqre/ltd-keeper:${{ steps.vars.outputs.tag }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -54,11 +54,14 @@ WORKDIR /home/appuser
 ENV PATH="/opt/venv/bin:$PATH"
 
 COPY --from=install-image /opt/venv /opt/venv
-COPY uwsgi.ini bin migrations ./
+COPY bin uwsgi.ini ./
+ADD migrations ./migrations
 
 # Switch to non-root user
 USER appuser
 
 EXPOSE 3031
 
-CMD ["uwsgi", "uwsgi.ini"]
+ENV FLASK_APP="keeper"
+
+CMD ["./start-api.bash"]
diff --git a/bin/docker-tag.sh b/bin/docker-tag.sh
@@ -1,13 +1,14 @@
 #!/bin/bash
 
-# Determine the tag for Docker images.  Takes the Git ref as its only
-# argument.
+# Determine the tag for Docker images based on GitHub Actions environment
+# variables.
 
 set -eo pipefail
 
-if [ -z "$1" ]; then
-    echo 'Usage: scripts/docker-tag.sh $GITHUB_REF' >&2
-    exit 1
+if [ -n "$GITHUB_HEAD_REF" ]; then
+    # For pull requests
+    echo ${GITHUB_HEAD_REF} | sed -E 's,/,-,g'
+else
+    # For push events
+    echo ${GITHUB_REF} | sed -E 's,refs/(heads|tags)/,,' | sed -E 's,/,-,g'
 fi
-
-echo "$1" | sed -E 's,refs/(heads|tags)/,,' | sed -E 's,/,-,g'
diff --git a/bin/install-base-packages.sh b/bin/install-base-packages.sh
@@ -29,7 +29,7 @@ apt-get -y upgrade
 # Install system packages
 # - build-essentiall needed for uwsgi
 # - git needed for setuptools_scm
-apt-get -y install --no-install-recommends git build-essential
+apt-get -y install --no-install-recommends git build-essential redis-server dnsutils wget
 
 # Delete cached files we don't need anymore:
 apt-get clean
diff --git a/bin/start-api.bash b/bin/start-api.bash
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -eu
+
+echo $PATH
+pwd
+ls migrations
+
+flask createdb migrations/alembic.ini
+flask init
+uwsgi uwsgi.ini
diff --git a/keeper/cli.py b/keeper/cli.py
@@ -6,7 +6,6 @@
 
 from __future__ import annotations
 
-import os
 from typing import TYPE_CHECKING
 
 import alembic
@@ -39,15 +38,16 @@ def add_app_commands(app: Flask) -> None:
 
 
 @click.command("createdb")
+@click.argument("alembicconf")
 @with_appcontext
-def createdb_command() -> None:
+def createdb_command(alembicconf: str) -> None:
     """Deploy the current schema in a new database.
 
     This database is 'stamped' as having the current alembic schema version.
 
     Normally, in a new installation, run::
 
-        flask createdb
+        flask createdb migrations/alembic.ini
         flask init
 
     This creates the tables and an initial user.
@@ -57,10 +57,7 @@ def createdb_command() -> None:
     db.create_all()
 
     # stamp tables with latest schema version
-    config_path = os.path.abspath(
-        os.path.join(os.path.dirname(__file__), "..", "migrations/alembic.ini")
-    )
-    alembic_cfg = alembic.config.Config(config_path)
+    alembic_cfg = alembic.config.Config(alembicconf)
     alembic.command.stamp(alembic_cfg, "head")
 
 
diff --git a/manifests/base/keeper-cm.yaml b/manifests/base/keeper-cm.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ltd-keeper
+data:
+  LTD_KEEPER_PROFILE: 'production'
+  LTD_KEEPER_URL_SCHEME: 'https'
+  LTD_KEEPER_BOOTSTRAP_USER: 'admin'
+  LTD_KEEPER_DB_URL: ''
+  REDIS_URL: ''
+  LTD_KEEPER_ENABLE_V1: '1'
+  LTD_KEEPER_ENABLE_V2: '1'
+  LTD_KEEPER_PROXY_FIX: '0'
+  LTD_KEEPER_X_FOR: '1'
+  LTD_KEEPER_X_PROTO: '1'
+  LTD_KEEPER_X_HOST: '1'
+  LTD_KEEPER_X_PORT: '0'
+  LTD_KEEPER_X_PREFIX: '0'
+  LTD_KEEPER_ENABLE_TASKS: '0'
diff --git a/manifests/base/keeper-deployment.yaml b/manifests/base/keeper-deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ltd-keeper-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: ltd-keeper-api
+  template:
+    metadata:
+      labels:
+        name: ltd-keeper-api
+    spec:
+      containers:
+        - name: app
+          imagePullPolicy: 'Always'
+          image: 'ghcr.io/lsst-sqre/ltd-keeper:latest'
+          ports:
+            - containerPort: 3031
+              name: api
+          envFrom:
+            - configMapRef:
+                name: ltd-keeper
+
+---
+# Deployment of celery workers for keeper
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ltd-keeper-worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: ltd-keeper-worker
+  template:
+    metadata:
+      labels:
+        name: ltd-keeper-worker
+    spec:
+      containers:
+        - name: app
+          imagePullPolicy: 'Always'
+          image: 'ghcr.io/lsst-sqre/ltd-keeper:latest'
+          command: ['/bin/bash']
+          args: ['-c', '/home/appuser/run-celery-worker.bash']
+          envFrom:
+            - configMapRef:
+                name: ltd-keeper
diff --git a/manifests/base/keeper-service.yaml b/manifests/base/keeper-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ltd-keeper
+  labels:
+    name: ltd-keeper
+spec:
+  ports:
+    - name: ltd-keeper-http
+      protocol: TCP
+      port: 8080
+      targetPort: api
+  selector:
+    name: ltd-keeper-api
diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml
@@ -3,11 +3,9 @@ kind: Kustomization
 
 resources:
   - keeper-cm.yaml
-  - redis-deployment.yaml
-  - redis-service.yaml
   - keeper-deployment.yaml
   - keeper-service.yaml
 
 images:
-  - name: lsstsqre/ltd-keeper
-    newTag: 1.20.3
+  - name: 'lsstsqre/ltd-keeper:latest'
+    newTag: u-jsickcodes-deploy-2-0
diff --git a/manifests/keeper-cm.yaml b/manifests/keeper-cm.yaml
diff --git a/manifests/keeper-deployment.yaml b/manifests/keeper-deployment.yaml
diff --git a/manifests/keeper-service.yaml b/manifests/keeper-service.yaml
diff --git a/manifests/redis-deployment.yaml b/manifests/redis-deployment.yaml
diff --git a/manifests/redis-service.yaml b/manifests/redis-service.yaml
