From 26193e3d0ae979a97c7464e1f4898bc216696f59 Mon Sep 17 00:00:00 2001 From: Andy Chosak Date: Mon, 21 Oct 2024 17:04:40 -0400 Subject: [PATCH] Delete unused Kubernetes/Helm configuration This commit deletes all existing documentation and configuration around deploying cf.gov using Kubernetes and Helm. This configuration is currently unused and will be replaced in future with an alternate implementation (that will likely recreate some of these pieces). --- .dockerignore | 1 - .github/workflows/k8s/docker.yml | 37 -- .github/workflows/k8s/helm_lint.yml | 50 --- .github/workflows/k8s/publish_cfgov.yml | 58 --- .prettierignore | 1 - README.md | 42 +-- build-images.sh | 23 -- ct.yaml | 8 - docs/installation.md | 20 +- helm-install.sh | 125 ------- helm/.gitignore | 1 - helm/README.md | 336 ------------------ helm/cfgov/.helmignore | 23 -- helm/cfgov/Chart.lock | 18 - helm/cfgov/Chart.yaml | 52 --- helm/cfgov/templates/NOTES.txt | 24 -- helm/cfgov/templates/_helpers.tpl | 215 ----------- helm/cfgov/templates/cronjob.yaml | 75 ---- helm/cfgov/templates/deployment.yaml | 126 ------- helm/cfgov/templates/hpa.yaml | 28 -- helm/cfgov/templates/ingress-secret.yaml | 18 - helm/cfgov/templates/ingress.yaml | 61 ---- helm/cfgov/templates/mapping.yaml | 13 - helm/cfgov/templates/postgres-secret.yaml | 12 - helm/cfgov/templates/service.yaml | 15 - helm/cfgov/templates/serviceaccount.yaml | 12 - helm/cfgov/templates/tests/smoke-test.yaml | 37 -- .../templates/tests/test-connection.yaml | 15 - helm/cfgov/values.yaml | 293 --------------- helm/overrides/cfgov-lb.yaml | 3 - helm/overrides/dev-vars.yaml | 32 -- helm/overrides/eks.yaml | 2 - helm/overrides/ghcr.yaml | 3 - helm/overrides/init-sleep.yaml | 5 - helm/overrides/load-balancer.yaml | 16 - helm/overrides/local-dev.yaml | 65 ---- helm/overrides/local-prod.yaml | 59 --- helm/overrides/required.yaml | 29 -- helm/overrides/services.yaml | 99 ------ helm/overrides/sleep.yaml | 4 - 40 files changed, 14 insertions(+), 2042 deletions(-) delete mode 100644 .github/workflows/k8s/docker.yml delete mode 100644 .github/workflows/k8s/helm_lint.yml delete mode 100644 .github/workflows/k8s/publish_cfgov.yml delete mode 100755 build-images.sh delete mode 100644 ct.yaml delete mode 100755 helm-install.sh delete mode 100644 helm/.gitignore delete mode 100644 helm/README.md delete mode 100644 helm/cfgov/.helmignore delete mode 100644 helm/cfgov/Chart.lock delete mode 100644 helm/cfgov/Chart.yaml delete mode 100644 helm/cfgov/templates/NOTES.txt delete mode 100644 helm/cfgov/templates/_helpers.tpl delete mode 100644 helm/cfgov/templates/cronjob.yaml delete mode 100644 helm/cfgov/templates/deployment.yaml delete mode 100644 helm/cfgov/templates/hpa.yaml delete mode 100644 helm/cfgov/templates/ingress-secret.yaml delete mode 100644 helm/cfgov/templates/ingress.yaml delete mode 100644 helm/cfgov/templates/mapping.yaml delete mode 100644 helm/cfgov/templates/postgres-secret.yaml delete mode 100644 helm/cfgov/templates/service.yaml delete mode 100644 helm/cfgov/templates/serviceaccount.yaml delete mode 100644 helm/cfgov/templates/tests/smoke-test.yaml delete mode 100644 helm/cfgov/templates/tests/test-connection.yaml delete mode 100644 helm/cfgov/values.yaml delete mode 100644 helm/overrides/cfgov-lb.yaml delete mode 100644 helm/overrides/dev-vars.yaml delete mode 100644 helm/overrides/eks.yaml delete mode 100644 helm/overrides/ghcr.yaml delete mode 100644 helm/overrides/init-sleep.yaml delete mode 100644 helm/overrides/load-balancer.yaml delete mode 100644 helm/overrides/local-dev.yaml delete mode 100644 helm/overrides/local-prod.yaml delete mode 100644 helm/overrides/required.yaml delete mode 100644 helm/overrides/services.yaml delete mode 100644 helm/overrides/sleep.yaml diff --git a/.dockerignore b/.dockerignore index b3498a4d872..97d8388c98d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -5,7 +5,6 @@ !cfgov !config !esbuild -!helm !requirements !static.in !scripts diff --git a/.github/workflows/k8s/docker.yml b/.github/workflows/k8s/docker.yml deleted file mode 100644 index dfc593d3847..00000000000 --- a/.github/workflows/k8s/docker.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: docker - - # Disabled until needed - # on: merge_group - -env: - TEST_TAG: cfpb/consumerfinancegov:test - -jobs: - - zip_docker: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: dorny/paths-filter@v3.0.0 - id: filter - with: - filters: | - docker: - - 'docker/deployable-zipfile/Dockerfile' - - - name: Setup QEMU - if: steps.filter.outputs.docker == 'true' - uses: docker/setup-qemu-action@v3 - - - name: Setup Docker Buildx - if: steps.filter.outputs.docker == 'true' - uses: docker/setup-buildx-action@v3 - - - name: Build zipfile and export to Docker (not DockerHub) - if: steps.filter.outputs.docker == 'true' - uses: docker/build-push-action@v5 - with: - context: ./docker/deployable-zipfile/ - load: true - tag: ${{ env.TEST_TAG }} - build-args: FRONTEND_TARGET=production diff --git a/.github/workflows/k8s/helm_lint.yml b/.github/workflows/k8s/helm_lint.yml deleted file mode 100644 index 9889e5c8984..00000000000 --- a/.github/workflows/k8s/helm_lint.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: helmlint - # Disabled until needed - # on: pull_request - -jobs: - lint-test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: dorny/paths-filter@v3.0.0 - id: filter - with: - filters: | - helmlint: - - 'helm/cfgov/**.yaml' - - 'helm/cfgov/templates/**.tpl' - - 'helm/overrides/**' - - - name: Set up Helm - if: steps.filter.outputs.helmlint == 'true' - uses: azure/setup-helm@v3 - with: - version: v3.9.2 - - - name: Install Python3 - if: steps.filter.outputs.helmlint == 'true' - uses: actions/setup-python@v5 - with: - python-version: 3.8 - - - name: Update Dependencies - if: steps.filter.outputs.helmlint == 'true' - run: | - helm dependency update ./helm/cfgov - - - name: Set up chart-testing - if: steps.filter.outputs.helmlint == 'true' - uses: helm/chart-testing-action@v2 - - - name: Run chart-testing (lint) - if: steps.filter.outputs.helmlint == 'true' - run: ct lint --config ct.yaml - - - name: Helm template - if: steps.filter.outputs.helmlint == 'true' - run: | - helm template testtemplate helm/cfgov diff --git a/.github/workflows/k8s/publish_cfgov.yml b/.github/workflows/k8s/publish_cfgov.yml deleted file mode 100644 index 332858f833f..00000000000 --- a/.github/workflows/k8s/publish_cfgov.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Create Docker Image Package - -on: - # Disabled until needed - # push: - # branches: - # - main - # pull_request: - # release: - -jobs: - push: - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - env: - DOCKER_BUILDKIT: 1 - REF: ${{ github.ref }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 2 - - - name: Build Root Docker Image - run: docker build . --file Dockerfile --tag $(echo "${{ github.repository }}" | sed -e 's,.*/\(.*\),\1,') --label "runnumber=${GITHUB_RUN_ID}" --build-arg "FRONTEND_TARGET=production" - - - name: GitHub Container Registry Login - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin - - - name: Push Docker Image - run: | - IMAGE_NAME=$(echo "${{ github.repository }}" | sed -e 's,.*/\(.*\),\1,') - IMAGE_ID=ghcr.io/${{ github.repository }} - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - # Strip git ref prefix from version - VERSION=$(echo "$REF" | sed -e 's,.*/\(.*\),\1,') - # Extract PR Number if PR - [[ "$REF" == "refs/pull/"* ]] && VERSION=$(echo "$REF" | sed -e 's,refs/pull/\(.*\)/merge,pr-\1,') - # Strip "v" prefix from tag name if exists - [[ "$REF" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - # Use Docker `latest` convention - [ "$VERSION" == "master" ] || [ "$VERSION" == "main" ] && VERSION=latest - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - SHA=${{ github.sha }} - if [ ! -z $GITHUB_HEAD_REF ]; then - # This is done to get the branch commit SHA, not the PR merge SHA. - # We do this for better traceability and image:tag match up - echo "PR Build, pop commit SHA..." - SHA=$(git --no-pager log -n 2 --pretty="%H" | sed -n '2 p') - fi - echo "GitSHA: ${SHA}" - docker tag $IMAGE_NAME $IMAGE_ID:${SHA} - docker tag $IMAGE_NAME $IMAGE_ID:$VERSION - docker push $IMAGE_ID:${SHA} - docker push $IMAGE_ID:$VERSION diff --git a/.prettierignore b/.prettierignore index c68c66482a0..5dc3f7508a1 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,6 +1,5 @@ .github/ .tox/ -helm cfgov/agreements/static/agreements/js/chosen.jquery.js cfgov/agreements/static/agreements/js/jquery-3.5.1.min.js cfgov/alerts/tests/json/ diff --git a/README.md b/README.md index 32816b3cfc9..f32884d85b9 100755 --- a/README.md +++ b/README.md @@ -6,44 +6,26 @@ This Django project includes the front-end assets and build tools, code to configure our CMS, [Wagtail](https://wagtail.io/), and several standalone Django apps for specific parts of the site. -## Documentation - -Full documentation for this project is available in the [docs/](docs/) directory -and [online](https://cfpb.github.io/consumerfinance.gov/). - ## Quickstart +Full installation and usage instructions are available in +[our documentation](https://cfpb.github.io/consumerfinance.gov). + This quickstart requires a working Docker Desktop installation and git: - [Clone the repository](https://cfpb.github.io/consumerfinance.gov/installation/#clone-the-repository): ```shell - git clone https://github.com/cfpb/consumerfinance.gov.git - cd consumerfinance.gov + git clone https://github.com/cfpb/consumerfinance.gov.git + cd consumerfinance.gov ``` -- One of the following runtimes: - - - [Set up and run the Docker containers via docker-compose](https://cfpb.github.io/consumerfinance.gov/installation/#set-up-and-run-the-docker-containers): - - ```shell - docker-compose up - ``` - - - [Set up and run the Docker containers via Kubernetes via Helm](https://cfpb.github.io/consumerfinance.gov/installation/#set-up-and-run-the-docker-containers): +- [Set up and run the Docker containers](https://cfpb.github.io/consumerfinance.gov/installation/#set-up-and-run-the-docker-containers): - ```shell - ./build-images.sh && ./helm-install.sh - ``` - - if you see an error like: - - ``` - Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version": dial tcp [::1]:8080: connect: connection refused + ```shell + docker-compose up ``` - then you need to activate Kubernetes in your docker desktop settings! - This may take some time, as it will also [load initial data](https://cfpb.github.io/consumerfinance.gov/installation/#load-initial-data) and @@ -51,15 +33,15 @@ This quickstart requires a working Docker Desktop installation and git: consumerfinance.gov should now be available at . -Our documentation will be available at (docker-compose only). +Our documentation will be available at . The Wagtail admin area will be available at , which you can log into with the credentials `admin`/`admin`. -## Getting the package +## Documentation -Packages are tagged into one of three groups: main Branch -> latest, PRs -> pr-#, and Release -> major.minor.patch. The github SHA of the commit packaged should be listed as a label. -To see our Docker image packages you can vist [Packages page](https://github.com/cfpb/consumerfinance.gov/pkgs/container/consumerfinance.gov) +Full documentation for this project is available in the [docs/](docs/) directory +and [online](https://cfpb.github.io/consumerfinance.gov/). ## Getting help diff --git a/build-images.sh b/build-images.sh deleted file mode 100755 index 10e531b1306..00000000000 --- a/build-images.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -TAG=$1 -if [ -z "$TAG" ]; then - TAG="local" -fi - -case "$TAG" in - "local") - TARGET="dev" - ;; - "prod") - TARGET="prod" - ;; - *) - echo "Tag must be 'local' or 'prod'" - exit 2 -esac - -echo "Building cfgov_docs..." -docker build . -f docker/docs/Dockerfile -t cfgov_docs & -echo "Building cfgov_python:$TAG" -docker build . --target "cfgov-$TARGET" -t "cfgov_python:$TAG" diff --git a/ct.yaml b/ct.yaml deleted file mode 100644 index 4f317d1e531..00000000000 --- a/ct.yaml +++ /dev/null @@ -1,8 +0,0 @@ -helm-extra-args: --timeout 600s -chart-dirs: - - helm/ -target-branch: main -chart-repos: - - bitnami=https://charts.bitnami.com/bitnami - - elastic=https://helm.elastic.co/ - - opensearch=https://opensearch-project.github.io/helm-charts/ diff --git a/docs/installation.md b/docs/installation.md index b1e9cb9f1ef..9067124d900 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -204,9 +204,8 @@ yarn build ### Set up and run the Docker containers consumerfinance.gov depends on PostgreSQL database and Elasticsearch. -You can use either -[`docker-compose`](https://docs.docker.com/compose/) or -[Kubernetes](https://kubernetes.io/) via [Helm](https://helm.sh/) +You can use +[`docker-compose`](https://docs.docker.com/compose/) to run these services along side the consumerfinance.gov Django site. To build and run our Docker containers for the first time, run: @@ -217,21 +216,6 @@ To build and run our Docker containers for the first time, run: docker-compose up ``` -#### Kubernetes via Helm: - -```shell -./build-images.sh && ./helm-install.sh -``` - -Either approach will build and start our -PostgreSQL, Elasticsearch, and Python services. - -The first time this is run, it will -[load initial data](#load-initial-data) -and -[build the frontend](#build-the-frontend) -for you. - ### Load initial data Our `initial-data.sh` script can be used to initialize a new database to make diff --git a/helm-install.sh b/helm-install.sh deleted file mode 100755 index 01b1b4c5d7a..00000000000 --- a/helm-install.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# Flags -## Disable ES Chart Tests by default -ES_TEST_OVERRIDE="--set elasticsearch.tests.enabled=false" -if [ ! -z $ES_ENABLE_CHART_TESTS ]; then - ES_TEST_OVERRIDE="--set elasticsearch.tests.enabled=true" -fi - -## Option to skip --wait and set timeout -WAIT_TIMEOUT="--timeout=${WAIT_TIMEOUT:-10m0s}" -WAIT_OPT="--wait ${WAIT_TIMEOUT}" -if [ -z $RUN_CHART_TESTS ] && [ ! -z $SKIP_WAIT ]; then - echo "WARNING: Skipping --wait!" - WAIT_OPT="" -fi - -## Namespace -NAMESPACE_OPT="" -if [ ! -z $NAMESPACE ]; then - NAMESPACE_OPT="--namespace ${NAMESPACE}" - if [ ! -z $CREATE_NAMESPACE ]; then - NAMESPACE_OPT="${NAMESPACE_OPT} --create-namespace" - fi -fi - -## Image Option -if [ -z $IMAGE ]; then - IMAGE="" -else - IMAGE="--set image.repository=${IMAGE}" -fi - -## Tag Option -if [ -z $TAG ]; then - TAG="" -else - TAG="--set image.tag=${TAG}" -fi - -## Set release name -export RELEASE=${RELEASE:-cfgov} - -# Setup -## Get absolute path to helm-install.sh -realpath() { - [[ $1 = /* ]] && echo "$1" || echo "$PWD/${1#./}" -} -## Get Project Dir path containing helm-install.sh -export PROJECT_DIR="$(dirname "$(realpath "$0")")" -## Set Default Args -DEFAULT_ARGS="${PROJECT_DIR}/helm/overrides/local-dev.yaml ${PROJECT_DIR}/helm/overrides/dev-vars.yaml ${PROJECT_DIR}/helm/overrides/services.yaml ${PROJECT_DIR}/helm/overrides/required.yaml" -## Source .env, if it exists -if [ -f .env ]; then - source .env -fi - -# Prerequisites -## Ensure helm is installed and available via PATH -if ! command -v helm &> /dev/null; then - echo "Helm not found in PATH. Please install helm (brew install helm) or add it to PATH." - exit 1 -fi - -## Build Dependency Charts -if [ ! -d ./helm/cfgov/charts ]; then - echo "Building dependency charts..." - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add elastic https://helm.elastic.co/ - helm repo add opensearch https://opensearch-project.github.io/helm-charts/ - helm repo update - helm dependency build ./helm/cfgov -else - if [ -z $SKIP_DEP_UPDATE ]; then - helm dependency update ./helm/cfgov - fi -fi - -# Generate Overrides -## Parse overrides list -if [ $# -eq 0 ]; then - ARGS=${DEFAULT_ARGS} -else - ARGS="$@ ${PROJECT_DIR}/helm/overrides/required.yaml" -fi - -## Separate --set from files, substitute Environment Variables in override files -tempFiles=() -unset PENDING_SET -OVERRIDES="" -for i in $ARGS; do - if [ ! -z $PENDING_SET ]; then - OVERRIDES="${OVERRIDES} --set ${i}" - unset PENDING_SET - elif [ "${i}" == "--set" ]; then - PENDING_SET=true - else - tempFile=$(mktemp) - envsubst < ${i} > "$tempFile" - OVERRIDES="$OVERRIDES -f $tempFile" - tempFiles+=($tempFile) - fi -done - -# Execute -## Install/Upgrade cfgov release -helm upgrade --install ${WAIT_OPT} \ - "${RELEASE}" ${NAMESPACE_OPT} ${OVERRIDES} ${IMAGE} ${TAG} \ - ${PROJECT_DIR}/helm/cfgov - -# Add these in for local SSL. -# --set ingress.tls[0].secretName="${RELEASE}-tls" \ # local SSL -# --set ingress.tls[0].hosts[0]="${RELEASE}.localhost" \ # local SSL - -## Run chart tests, if RUN_CHART_TESTS is set -if [ ! -z $RUN_CHART_TESTS ]; then - echo "Running chart tests against ${RELEASE}..." - helm test "${RELEASE}" -fi - -# Cleanup -## Remove temp files -for i in "${tempFiles[@]}"; do - rm "$i" -done diff --git a/helm/.gitignore b/helm/.gitignore deleted file mode 100644 index ee3892e8794..00000000000 --- a/helm/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/helm/README.md b/helm/README.md deleted file mode 100644 index 56368f6b255..00000000000 --- a/helm/README.md +++ /dev/null @@ -1,336 +0,0 @@ -# CFGOV Helm Chart - -# build-images.sh - -In the main `consumerfinance.gov` directory, there is [`build-images.sh`](../build-images.sh). -This script will build the required images for Kubernetes. \*\*You must run this -script as a pre-requisite to `helm-install.sh`. `build-images.sh` takes 1 argument, -which is the tag. Valid values are `local` and `prod`. - -## Usage - - ./build-images.sh # Same as local - ./build-images.sh local - ./build-images.sh prod - -# helm-install.sh - -**NOTE:** It is _highly_ recommended to install `ingress-nginx` to gain -access to the application via `Ingress`. You can find instructions for this -at the bottom of the document under [`ingress-nginx`](#ingress-nginx). - -In the main `consumerfinance.gov` directory, -there is [`helm-install.sh`](../helm-install.sh). -This script is built to inject environment variables into the provided -override YAMLs in [`overrides`](overrides). - -## Flags and Environment Variables - -`helm-install.sh` is quite flexible in what you can configure via -Flags and Environment Variables. - -It is highly recommended to set these variables inline when calling -`helm-install.sh`, as follows: - - SKIP_WAIT=y ./helm-install.sh - -If you want to set a variable on your terminal session, you may: - - export SKIP_DEP_UPDATE=y - ./helm-install.sh - -You can clear a terminal session variable using `unset` - - unset SKIP_DEP_UPDATE - ./helm-install.sh - -**NOTE:** `helm-install.sh` will **ALWAYS** source `.env` if it exists. -If you have a variable set in `.env`, `unset` will not work for that variable. - -### Flags - -Flags are treated as `True` if the corresponding -Environment Variable is set to any value beyond empty string, -including `False`. Use `unset VARIABLE` to clear a set variable. - -| Variable | Description | -| ----------------------- | -------------------------------------------------------------------------- | -| `ES_ENABLE_CHART_TESTS` | Enable ElasticSearch Chart Tests | -| `SKIP_WAIT` | Skips `--wait` | -| `CREATE_NAMESPACE` | Create namespace if it doesn't exist. Used in conjunction with `NAMESPACE` | -| `RUN_CHART_TESTS` | Run `helm test ${RELEASE}` after deployment. Ignores `SKIP_WAIT`. | -| `SKIP_DEP_UPDATE` | Skip `helm dependency update` for faster iteration | - -### Environment Variables - -Environment Variables **need** a valid value to be set. - -| Variable | Description | -| -------------- | ------------------------------------------------ | -| `RELEASE` | Set the release name.
Default is `cfgov`. | -| `NAMESPACE` | Override the namespace for the release. | -| `IMAGE` | Set the `repository/image` for the release. | -| `TAG` | Set the image `tag` for the release. | -| `WAIT_TIMEOUT` | Set the `--wait` timeout.
Default is `10m0s` | - -## Usage - -In all cases, make sure you have built images via `build-images.sh`. -Arguments passed in to `helm-install.sh`, should be a spaced separated list -of paths to override YAMLs or `--set` overrides. - -If no arguments are provided, it includes -[`local-dev.yaml`](overrides/local-dev.yaml), -[`dev-vars.yaml`](overrides/dev-vars.yaml), and -[`services.yaml`](overrides/services.yaml). - -### Default Execution - -The following commands are equivalent - - ./helm-install.sh - ./helm-install.sh helm/overrides/local-dev.yaml helm/overrides/dev-vars.yaml helm/overrides/services.yaml - -If you provide any arguments, it will only include those provided. - -### Local (no services) - - ./helm-install.sh helm/overrides/local-dev.yaml helm/overrides/dev-vars.yaml - - # Using --set with override files - ./helm-install.sh helm/overrides/local-dev.yaml helm/overrides/dev-vars.yaml helm/overrides/services.yaml --set image.tag=my-image-tag - - # With LoadBalancer for cfgov service - ./helm-install.sh helm/overrides/local-dev.yaml helm/overrides/dev-vars.yaml helm/overrides/cfgov-lb.yaml - -### Local Prod (with Dev Vars and services) - - # ClusterIP - ./helm-install.sh helm/overrides/local-prod.yaml helm/overrides/dev-vars.yaml helm/overrides/services.yaml - - # LoadBalancer - CFGOV Port 8000, PSQL Port 5432, ES Port 9200, Kibana Port 5601 - ./helm-install.sh helm/overrides/local-prod.yaml helm/overrides/dev-vars.yaml helm/overrides/services.yaml helm/overrides/load-balancer.yaml - -### EKS (with Dev Vars, GHCR Image, and services) - - NAMESPACE=my-namespace IMAGE=ghcr.io/cfpb/consumerfinance.gov TAG=latest \ - ./helm-install.sh \ - helm/overrides/dev-vars.yaml \ - ./helm/overrides/services.yaml \ - ./helm/overrides/eks.yaml - -## Remove Helm Release - -To remove a cfgov release installed with [`./helm-install`](../helm-install.sh), -run the following command in the correct namespace - - helm uninstall cfgov - -## Provided Overrides - -- [`local-dev.yaml`](overrides/local-dev.yaml) - Local dev stack (minus services) -- [`local-prod.yaml`](overrides/local-prod.yaml) - Local Prod stack (minus services) -- [`dev-vars.yaml`](overrides/dev-vars.yaml) - Dev Environment Variables -- [`services.yaml`](overrides/services.yaml) - Services Stack (Postgres, ElasticSearch, Kibana) -- [`cfgov-lb.yaml`](overrides/cfgov-lb.yaml) - Sets CFGOV Service to LoadBalancer with Port 8000 -- [`load-balancer.yaml`](overrides/load-balancer.yaml) - Sets all service types to `LoadBalancer` (includes services, if enabled) -- [`init-sleep.yaml`](overrides/init-sleep.yaml) - Sleep cfgov initContainer to infinity (debug use) -- [`sleep.yaml`](overrides/sleep.yaml) - Sleep cfgov container to infinity (debug use) - -### Debug Examples - - # Sleep initContainer (use for makemigrations, migrations, etc) - ./helm-install.sh helm/overrides/local-dev.yaml helm/overrides/dev-vars.yaml helm/overrides/services.yaml helm/overrides/init-sleep.yaml - - # Prod and Services Stack with CFGOV LoadBalancer bound to port 8000 (Local Prod Testing) - ./helm-install.sh helm/overrides/local-prod.yaml helm/overrides/dev-vars.yaml helm/overrides/services.yaml helm/overrides/cfgov-lb.yaml helm/overrides/sleep.yaml - -# Chart Override Values - -The actual Chart Value overrides. -TODO: Add Table with commonly overridden values. - -# CronJobs - -To make a new -[Kubernetes CronJob](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/) -based on our [CronJob template](cfgov/templates/cronjob.yaml), -add a new item to the cronJobs mapping in -[`cfgov/values.yaml`](cfgov/values.yaml). - -For example, our Django -`clearsessions` management command runs in a cron job defined like this: - -```yaml -clear-sessions: - schedule: '@daily' - command: - - 'django-admin' - args: - - 'clearsessions' -``` - -The following shows the all the available values and default values -for a cronJob object. - -```yaml -example-job-name: # There is no default for name, this is required - enabled: true # default is true. If false, will not create the CronJob resource - includeEnv: true # includes the same volumes and environment variables as the main application container - image: # ONLY define if different from cfgov_python - repository: cfogv_python # default is the chart image repository - tag: '' # default is the chart image tag - successfulJobsHistoryLimit: 1 # default - failedJobsHistoryLimit: 1 # default - schedule: '@daily' # default - suspend: false # default - restartPolicy: OnFailure # default - command: # there is no default for command, this is required - - 'some-exec' - args: # there is no default for args, this is required - - 'space' - - 'separated' - - 'arguments' - env: # default is empty (not defined), but can define extra cronjob only environment variables as follows - - name: MY_CRONJOB_ENV - value: 'MY_CRONJOB_ENV_VALUE' -``` - -To test out a new cronjob, you can use OpenLens to trigger a cronJob by clicking on the Workloads->CronJobs menu and selecting the cronJob from the list. This is great for testing the job without having to mess with the scheduling value in the cronJob. Do note that helm test command does not test the cronJobs so its up to the person adding/changing the job to make sure it works before merging. - -# OpenLens - -We like to use OpenLens to manage the Kubernetes stack. -There is a more commonly known Lens app, but Lens requires an account to use. -Lens is the commercialized version built on top of the OpenLens source. - -To install OpenLens, create an alias in your shell profile. For example, -if using `zsh`, add it to `.zshrc`. This alias is used to install and to -update OpenLens. - - alias install_openlens="curl -o- https://gist.githubusercontent.com/jslay88/bf654c23eaaaed443bb8e8b41d02b2a9/raw/install_openlens.sh | bash" - -Source your shell profile or restart your terminal. Then run the alias. - - install_openlens - -# Manually Loading Data - -To manually load data (such as `test.sql.gz`), deploy the Helm chart as normal. -You can wait for it to finish deploying, or not. Scale the main deployment to 0. - - kubectl scale deployment --replicas=0 cfgov - -Once the main container has terminated, expose the Postgres and ElasticSearch -ports via port-forwarding. This is a blocking command, so you will need to -use multiple terminals (or use OpenLens). The will need to be exposed on their -respective ports (or update your `.env` accordingly). - - kubectl port-forward service/cfgov-postgresql 5432:5432 - kubectl port-forward service/cfgov-elasticsearch-master 9200:9200 - -Ensure you source your `.env` file, where it will set the `PG*` and `ES` -environment variables to `localhost`. Activate your virtual environment locally -as well. - - source .env # Source .env file - source venv/bin/activate # Activate your virtualenv (however you do it) - -Now you can run `./refresh-data.sh` to load your data. - - ./refresh-data.sh test.sql.gz - -Once this has completed, scale the main deployment back up. - - kubectl scale deployment --replicas=1 cfgov - -The main container should be created, and skip migrations -(assuming a user was created `SELECT COUNT(*) FROM auth_user`). -The main container should now be loaded with Postgres and ElasticSearch with -your manually loaded data. - -# `ingress-nginx` - -We use `ingress-nginx` as a cluster wide proxy to be able to map -`*.localhost` to multiple deployments (CFGOV, Grafana, etc) locally. To deploy -`ingress-nginx` to your local Kubernetes, run the following (change the ports -that the services binds to on localhost if needed, default is 80 and 443): - - helm upgrade --install ingress-nginx ingress-nginx \ - --set controller.service.ports.http=80 \ - --set controller.service.ports.https=443 \ - --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx --create-namespace - -This will allow us to access the application via -[http://\.localhost](http://.localhost). -This enables ingress to mimic Ambassador `Mapping`'s locally. - -_NOTE:_ You will need to add the http port to the URL if you change -from 80. - -Example: - -- default -> [http://cfgov.localhost](http://cfgov.localhost) -- RELEASE=my-test -> [http://my-test.localhost](http://my-test.localhost) - -# AWS CLI - -To use the AWS CLI, the chart must be deployed with `$HOME/.aws` mounted, -or with keys and tokens passed in via environment variables or mounted in -the correct files within `/root/.aws` for `local` image, or `/var/www/.aws` -for the `prod` image. You can also mount the secrets to a different path -and set `AWS_CONFIG_FILE` and `AWS_SHARED_CREDENTIALS_FILE` variables, -pointing to the appropriate files. Additionally, you must have the -`AWS_PROFILE` env variable set on your local AWS configuration in order for -the CLI to use your credentials within the container. More info on AWS CLI -Environment Variables can be found -[here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html). - -Currently, the `local-dev.yaml` override will mount your `.aws` directory -to the containers for local development. This directory is mounted to -`/var/run/secrets/.aws`, then `AWS_CONFIG_FILE` and -`AWS_SHARED_CREDENTIALS_FILE` are set to the appropriate files within that -directory. To make use of AWS CLI in the containers locally, you will need -to run your `gimme-aws-creds` in your local terminal to get valid credentials -locally. AWS CLI will then work within the containers. - -## Testing - -To run tests in helm use `helm test `. - -To add new tests, follow the template provided by Helm in the -[Example Test Section](https://helm.sh/docs/topics/chart_tests/#example-test) -of the [Helm Chart Tests](https://helm.sh/docs/topics/chart_tests/) -documentation. - -To exclude certain tests from running use -`helm test --filter strings name=`. However, you can disable tests -from within in the `values.yaml` but **only** for tests that the charts have -added (i.e. the ElasticSearch Chart and Postgres Chart). You will need to -look up that chart's respective documentation for how to do that. - -More can be found on Helm Chart Tests -[here](https://helm.sh/docs/topics/chart_tests/) or by running -`helm test --help`. - -## Linting - -To test out the yaml files used to create Helm resources you can run the Helm lint command: -`helm lint ` -if there are any formatting issues in the yaml files or helm patterns that are not being fallowed this command will notfiy you. - -There is also the Helm template command that will take in the chart and return a json of all the kubernetes values that will be creared once the chart is installed/updated. -`helm template