From 96e37f9eebe5f6857f89fb2cd5c5a7b756907020 Mon Sep 17 00:00:00 2001 From: Till Prochaska Date: Wed, 22 Nov 2023 09:17:39 +0100 Subject: [PATCH] Update K8s example (#3493) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update example values to work with current Postgres chart version * Add ingress class annotation to ensure the Nginx ingress doesn’t ignore the ingress resource * Use ES Helm chart for ES 7 Otherwise a Helm chart for ES 8 will be used, which by default installs ES 8 and has some breaking changes with regards to the structure of values. * Mark secret key ref for `SENTRY_DSN` as optional * Update K8s example This adjusts the example so that it can be easily run on a single-node K8s cluster provided by Docker Compose. I have also tweaked the default values to reduce the resources to a minimum and tried to make the example as easy to install as possible. * Emphasize that selecting the correct kubectl context may be necessary * Update default ingest-file version in Helm chart * Add note on Docker Desktop memory resource limits * Add note about `kubernetes.docker.internal` host * Add upgrade instructions * Simplify secrets setup * Document how to create a user, known issues * Fix typo * Replace deprecated `kubernetes.io/ingress.class` annotation As suggested by @stchris * Fix default ingest-file version in Helm chart (again…) --- .../aleph/templates/aleph-upgrade-job.yaml | 1 + helm/charts/aleph/templates/api.yaml | 1 + helm/charts/aleph/templates/ingest-file.yaml | 1 + helm/charts/aleph/templates/worker.yaml | 1 + helm/charts/aleph/values.yaml | 2 +- helm/examples/dev/.gitignore | 1 + helm/examples/dev/Chart.lock | 21 +++ helm/examples/dev/Chart.yaml | 30 +++++ helm/examples/dev/README.md | 95 ++++++++++++++ .../dev/secrets/aleph/ALEPH_DATABASE_URI | 1 + .../secrets}/aleph/ALEPH_OAUTH_SECRET | 0 .../secrets}/aleph/ALEPH_SECRET_KEY | 0 .../secrets}/aleph/AWS_ACCESS_KEY_ID | 0 .../secrets}/aleph/AWS_SECRET_ACCESS_KEY | 0 helm/examples/dev/secrets/aleph/FTM_STORE_URI | 1 + .../secrets/minio/accesskey} | 0 .../secrets/minio/secretkey} | 0 .../dev/secrets/postgresql/adminPassword | 1 + .../dev/secrets/postgresql/userPassword | 1 + .../templates/ingress.yaml} | 7 +- helm/examples/dev/values.yaml | 120 ++++++++++++++++++ helm/examples/kind/Makefile | 66 ---------- helm/examples/kind/README.md | 115 ----------------- helm/examples/kind/k8s/ingress.staging.yaml | 24 ---- helm/examples/kind/k8s/namespace.yaml | 13 -- helm/examples/kind/kind-config.yml | 62 --------- .../kind/secrets/dev/aleph/ALEPH_DATABASE_URI | 1 - .../kind/secrets/dev/aleph/FTM_STORE_URI | 1 - .../service-account-aleph.json | 0 .../secrets/staging/aleph/ALEPH_DATABASE_URI | 1 - .../secrets/staging/aleph/ALEPH_OAUTH_SECRET | 1 - .../secrets/staging/aleph/ALEPH_SECRET_KEY | 1 - .../kind/secrets/staging/aleph/FTM_STORE_URI | 1 - .../service-account-aleph.json | 0 helm/examples/kind/values/dev.yaml | 12 -- .../kind/values/elasticsearch-data.yml | 45 ------- .../kind/values/elasticsearch-master.yml | 45 ------- helm/examples/kind/values/postgres.yml | 3 - helm/examples/kind/values/redis.yml | 3 - helm/examples/kind/values/staging.yaml | 12 -- 40 files changed, 280 insertions(+), 410 deletions(-) create mode 100644 helm/examples/dev/.gitignore create mode 100644 helm/examples/dev/Chart.lock create mode 100644 helm/examples/dev/Chart.yaml create mode 100644 helm/examples/dev/README.md create mode 100644 helm/examples/dev/secrets/aleph/ALEPH_DATABASE_URI rename helm/examples/{kind/secrets/dev => dev/secrets}/aleph/ALEPH_OAUTH_SECRET (100%) rename helm/examples/{kind/secrets/dev => dev/secrets}/aleph/ALEPH_SECRET_KEY (100%) rename helm/examples/{kind/secrets/dev => dev/secrets}/aleph/AWS_ACCESS_KEY_ID (100%) rename helm/examples/{kind/secrets/dev => dev/secrets}/aleph/AWS_SECRET_ACCESS_KEY (100%) create mode 100644 helm/examples/dev/secrets/aleph/FTM_STORE_URI rename helm/examples/{kind/secrets/staging/aleph/AWS_ACCESS_KEY_ID => dev/secrets/minio/accesskey} (100%) rename helm/examples/{kind/secrets/staging/aleph/AWS_SECRET_ACCESS_KEY => dev/secrets/minio/secretkey} (100%) create mode 100644 helm/examples/dev/secrets/postgresql/adminPassword create mode 100644 helm/examples/dev/secrets/postgresql/userPassword rename helm/examples/{kind/k8s/ingress.dev.yaml => dev/templates/ingress.yaml} (80%) create mode 100644 helm/examples/dev/values.yaml delete mode 100644 helm/examples/kind/Makefile delete mode 100644 helm/examples/kind/README.md delete mode 100644 helm/examples/kind/k8s/ingress.staging.yaml delete mode 100644 helm/examples/kind/k8s/namespace.yaml delete mode 100644 helm/examples/kind/kind-config.yml delete mode 100644 helm/examples/kind/secrets/dev/aleph/ALEPH_DATABASE_URI delete mode 100644 helm/examples/kind/secrets/dev/aleph/FTM_STORE_URI delete mode 100644 helm/examples/kind/secrets/dev/service-accounts/service-account-aleph.json delete mode 100644 helm/examples/kind/secrets/staging/aleph/ALEPH_DATABASE_URI delete mode 100644 helm/examples/kind/secrets/staging/aleph/ALEPH_OAUTH_SECRET delete mode 100644 helm/examples/kind/secrets/staging/aleph/ALEPH_SECRET_KEY delete mode 100644 helm/examples/kind/secrets/staging/aleph/FTM_STORE_URI delete mode 100644 helm/examples/kind/secrets/staging/service-accounts/service-account-aleph.json delete mode 100644 helm/examples/kind/values/dev.yaml delete mode 100644 helm/examples/kind/values/elasticsearch-data.yml delete mode 100644 helm/examples/kind/values/elasticsearch-master.yml delete mode 100644 helm/examples/kind/values/postgres.yml delete mode 100644 helm/examples/kind/values/redis.yml delete mode 100644 helm/examples/kind/values/staging.yaml diff --git a/helm/charts/aleph/templates/aleph-upgrade-job.yaml b/helm/charts/aleph/templates/aleph-upgrade-job.yaml index 95e442da38..ef52f827f0 100644 --- a/helm/charts/aleph/templates/aleph-upgrade-job.yaml +++ b/helm/charts/aleph/templates/aleph-upgrade-job.yaml @@ -82,6 +82,7 @@ spec: secretKeyRef: name: aleph-secrets key: SENTRY_DSN + optional: true {{ if .Values.global.google }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/service-account.json diff --git a/helm/charts/aleph/templates/api.yaml b/helm/charts/aleph/templates/api.yaml index 25e959b316..608ec34c7a 100644 --- a/helm/charts/aleph/templates/api.yaml +++ b/helm/charts/aleph/templates/api.yaml @@ -91,6 +91,7 @@ spec: secretKeyRef: name: aleph-secrets key: SENTRY_DSN + optional: true {{ if .Values.global.google }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/service-account.json diff --git a/helm/charts/aleph/templates/ingest-file.yaml b/helm/charts/aleph/templates/ingest-file.yaml index edfdb704fd..82edaef3b8 100644 --- a/helm/charts/aleph/templates/ingest-file.yaml +++ b/helm/charts/aleph/templates/ingest-file.yaml @@ -62,6 +62,7 @@ spec: secretKeyRef: name: aleph-secrets key: SENTRY_DSN + optional: true {{ if .Values.global.google }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/service-account.json diff --git a/helm/charts/aleph/templates/worker.yaml b/helm/charts/aleph/templates/worker.yaml index f5b883105c..a286cf21c3 100644 --- a/helm/charts/aleph/templates/worker.yaml +++ b/helm/charts/aleph/templates/worker.yaml @@ -76,6 +76,7 @@ spec: secretKeyRef: name: aleph-secrets key: SENTRY_DSN + optional: true {{ if .Values.global.google }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/service-account.json diff --git a/helm/charts/aleph/values.yaml b/helm/charts/aleph/values.yaml index 3200b9d5f2..5965aab223 100644 --- a/helm/charts/aleph/values.yaml +++ b/helm/charts/aleph/values.yaml @@ -117,7 +117,7 @@ ingestfile: image: repository: ghcr.io/alephdata/ingest-file - tag: "3.18.4" + tag: "3.19.2" pullPolicy: Always containerSecurityContext: diff --git a/helm/examples/dev/.gitignore b/helm/examples/dev/.gitignore new file mode 100644 index 0000000000..ee3892e879 --- /dev/null +++ b/helm/examples/dev/.gitignore @@ -0,0 +1 @@ +charts/ diff --git a/helm/examples/dev/Chart.lock b/helm/examples/dev/Chart.lock new file mode 100644 index 0000000000..f60a4abd93 --- /dev/null +++ b/helm/examples/dev/Chart.lock @@ -0,0 +1,21 @@ +dependencies: +- name: aleph + repository: file://../../charts/aleph + version: 3.15.4 +- name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.8.3 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 12.10.1 +- name: elasticsearch + repository: https://helm.elastic.co + version: 7.17.3 +- name: minio + repository: https://helm.min.io/ + version: 8.0.10 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 18.0.2 +digest: sha256:cfaa9778a9da148217fe65d2bc9eebed248436f932e35b7ac9414321eb7e8f4d +generated: "2023-11-10T12:47:21.424991+01:00" diff --git a/helm/examples/dev/Chart.yaml b/helm/examples/dev/Chart.yaml new file mode 100644 index 0000000000..958ea39892 --- /dev/null +++ b/helm/examples/dev/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +type: application +name: aleph-dev +version: 0.1.0 +dependencies: + - name: aleph + repository: file://../../charts/aleph + version: 3.15.4 + condition: aleph.enabled + + - name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.8.3 + + - name: postgresql + repository: https://charts.bitnami.com/bitnami + version: v12.10.1 + + - name: elasticsearch + alias: elasticsearch + repository: https://helm.elastic.co + version: v7.17.3 + + - name: minio + repository: https://helm.min.io/ + version: v8.0.10 + + - name: redis + repository: https://charts.bitnami.com/bitnami + version: v18.0.2 diff --git a/helm/examples/dev/README.md b/helm/examples/dev/README.md new file mode 100644 index 0000000000..17bf1ad071 --- /dev/null +++ b/helm/examples/dev/README.md @@ -0,0 +1,95 @@ +# Kubernetes Development Environment + +The example in this directory shows how to install Aleph using Kubernetes on your development machine. + +## Prerequisites + +* You need to run a Kuberentes cluster on your development machine. A simple way to run a single-node Kubernetes cluster on Linux, macOS, and Windows is using Docker Desktop. Follow the steps outlined in the [Docker Desktop documentation](https://docs.docker.com/desktop/kubernetes/) to enable Kubernetes. + +* If you’re already using the `kubectl` CLI with other clusters, make sure to switch to the `docker-dekstop` context: + + ``` + kubectl config use-context docker-desktop + ``` + +* Running this example may require up to 8GB of memory, so make sure to [update the resource settings](https://docs.docker.com/desktop/settings/mac/#resources) in Docker Desktop if necessary. + +* You also need Helm, a tool for packaging Kubernetes resources. Please refer to the [Helm documentation](https://helm.sh/docs/intro/install/) for instructions on how to install Helm on your machine. + +## Installation + +Once you have installed Helm and have a Kubernetes cluster running on your machine, follow the following steps to install Aleph and dependent services in your cluster. + +### Create secrets + +Some sensitive configuration options should be stored using Kubernetes secrets. These configuration options are stored in files in the `secrets` directory. + +> [!IMPORTANT] +> In a production setting, you have to encrypt the secret files, e.g. using [git-crypt](https://github.com/AGWA/git-crypt). Alternatively, you can configure an external service to retrieve secrets from. For more information, refer to [Secrets Best Practices](https://kubernetes.io/docs/concepts/security/secrets-good-practices/). + +Use the `kubectl` CLI to create `Secret` objects based on the files in the `secrets` directory: + +``` +kubectl create secret generic aleph-secrets --from-file=./secrets/aleph +kubectl create secret generic postgresql-secrets --from-file=./secrets/postgresql +kubectl create secret generic minio-secrets --from-file=./secrets/minio +``` + +### Install services + +Aleph depends on a number of services, including PostgreSQL and Elasticsearch. Installing Aleph before these services are available will cause errors. Run the following command to install all services required by Aleph, but not Aleph itself: + +``` +helm install --dependency-update --set "aleph.enabled=false" aleph . +``` + +This command downloads Helm charts for dependencies listed in the `Chart.yaml` file in this directory and installs everything in your local Kubernetes cluster, except for Aleph itself. + +Once you’ve run the command above, you can run `watch kubectl get pods` to observe how Kubernetes pods for the multiple services are started. Wait until everything is running and ready. + +### Install Aleph + +Next, run the following command to install Aleph: + +``` +helm upgrade --set "aleph.enabled=true" aleph . +``` + +This will create all Kubernetes resources for Aleph itself and runs SQL and Elasticsearch migrations. This may take a few minutes. + +### Open the Aleph UI + +Wait until all pods are running and ready, then open `http://kubernetes.docker.internal` in your web browser. You should see the Aleph homepage. + +> [!NOTE] +> Usually Docker Desktop should automatically add an entry to `/etc/hosts` to resolve `kubernetes.docker.internal`. If `kubernetes.docker.internal` can’t be resolved, you may need to manually add an entry to `/etc/hosts`: +> +> ``` +> 127.0.0.1 kubernetes.docker.internal +> ``` + +## Upgrading + +In order to upgrade your installation after you’ve made changes to the Aleph Helm chart run: + +``` +helm upgrade --set "aleph.enabled=true" --dependency-update aleph . +``` + +## Creating a user + +Run the following command to open a shell inside of the Aleph API container: + +``` +kubectl exec -it svc/aleph-api -- bash +``` + +In order to create a new (admin) user run: + +``` +aleph createuser --name "Test User" --password "12345678" --admin mail@example.org +``` + +## Viewing and downloading files + +Because the MinIO endpoint is only accessible from within the cluster network, you won’t be able to preview or download files from the Aleph UI. diff --git a/helm/examples/dev/secrets/aleph/ALEPH_DATABASE_URI b/helm/examples/dev/secrets/aleph/ALEPH_DATABASE_URI new file mode 100644 index 0000000000..2135c14306 --- /dev/null +++ b/helm/examples/dev/secrets/aleph/ALEPH_DATABASE_URI @@ -0,0 +1 @@ +postgresql://aleph:aleph@aleph-postgresql.default.svc/aleph \ No newline at end of file diff --git a/helm/examples/kind/secrets/dev/aleph/ALEPH_OAUTH_SECRET b/helm/examples/dev/secrets/aleph/ALEPH_OAUTH_SECRET similarity index 100% rename from helm/examples/kind/secrets/dev/aleph/ALEPH_OAUTH_SECRET rename to helm/examples/dev/secrets/aleph/ALEPH_OAUTH_SECRET diff --git a/helm/examples/kind/secrets/dev/aleph/ALEPH_SECRET_KEY b/helm/examples/dev/secrets/aleph/ALEPH_SECRET_KEY similarity index 100% rename from helm/examples/kind/secrets/dev/aleph/ALEPH_SECRET_KEY rename to helm/examples/dev/secrets/aleph/ALEPH_SECRET_KEY diff --git a/helm/examples/kind/secrets/dev/aleph/AWS_ACCESS_KEY_ID b/helm/examples/dev/secrets/aleph/AWS_ACCESS_KEY_ID similarity index 100% rename from helm/examples/kind/secrets/dev/aleph/AWS_ACCESS_KEY_ID rename to helm/examples/dev/secrets/aleph/AWS_ACCESS_KEY_ID diff --git a/helm/examples/kind/secrets/dev/aleph/AWS_SECRET_ACCESS_KEY b/helm/examples/dev/secrets/aleph/AWS_SECRET_ACCESS_KEY similarity index 100% rename from helm/examples/kind/secrets/dev/aleph/AWS_SECRET_ACCESS_KEY rename to helm/examples/dev/secrets/aleph/AWS_SECRET_ACCESS_KEY diff --git a/helm/examples/dev/secrets/aleph/FTM_STORE_URI b/helm/examples/dev/secrets/aleph/FTM_STORE_URI new file mode 100644 index 0000000000..2135c14306 --- /dev/null +++ b/helm/examples/dev/secrets/aleph/FTM_STORE_URI @@ -0,0 +1 @@ +postgresql://aleph:aleph@aleph-postgresql.default.svc/aleph \ No newline at end of file diff --git a/helm/examples/kind/secrets/staging/aleph/AWS_ACCESS_KEY_ID b/helm/examples/dev/secrets/minio/accesskey similarity index 100% rename from helm/examples/kind/secrets/staging/aleph/AWS_ACCESS_KEY_ID rename to helm/examples/dev/secrets/minio/accesskey diff --git a/helm/examples/kind/secrets/staging/aleph/AWS_SECRET_ACCESS_KEY b/helm/examples/dev/secrets/minio/secretkey similarity index 100% rename from helm/examples/kind/secrets/staging/aleph/AWS_SECRET_ACCESS_KEY rename to helm/examples/dev/secrets/minio/secretkey diff --git a/helm/examples/dev/secrets/postgresql/adminPassword b/helm/examples/dev/secrets/postgresql/adminPassword new file mode 100644 index 0000000000..f77b00407e --- /dev/null +++ b/helm/examples/dev/secrets/postgresql/adminPassword @@ -0,0 +1 @@ +admin \ No newline at end of file diff --git a/helm/examples/dev/secrets/postgresql/userPassword b/helm/examples/dev/secrets/postgresql/userPassword new file mode 100644 index 0000000000..b02b132b9c --- /dev/null +++ b/helm/examples/dev/secrets/postgresql/userPassword @@ -0,0 +1 @@ +aleph \ No newline at end of file diff --git a/helm/examples/kind/k8s/ingress.dev.yaml b/helm/examples/dev/templates/ingress.yaml similarity index 80% rename from helm/examples/kind/k8s/ingress.dev.yaml rename to helm/examples/dev/templates/ingress.yaml index 5f1273b58e..b065122386 100644 --- a/helm/examples/kind/k8s/ingress.dev.yaml +++ b/helm/examples/dev/templates/ingress.yaml @@ -1,11 +1,12 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: aleph-ingress-dev - namespace: dev + name: aleph-ingress + namespace: default spec: + ingressClassName: "nginx" rules: - - host: aleph.devel + - host: kubernetes.docker.internal http: paths: - path: / diff --git a/helm/examples/dev/values.yaml b/helm/examples/dev/values.yaml new file mode 100644 index 0000000000..1e41776ecb --- /dev/null +++ b/helm/examples/dev/values.yaml @@ -0,0 +1,120 @@ +aleph: + global: + commonEnv: + REDIS_URL: redis://aleph-redis-master.default.svc.cluster.local:6379/0 + ARCHIVE_TYPE: s3 + ARCHIVE_BUCKET: aleph-archive + ARCHIVE_ENDPOINT_URL: http://aleph-minio.default.svc.cluster.local:9000 + env: + ALEPH_UI_URL: http://kubernetes.docker.internal/ + ALEPH_ELASTICSEARCH_URI: http://aleph-index-master.default.svc.cluster.local:9200 + + ui: + replicas: 1 + + api: + hpa: + minReplicas: 1 + maxReplicas: 1 + + containerResources: + requests: + memory: 1000Mi + limits: + memory: 1000Mi + + ingestfile: + hpa: + minReplicas: 1 + maxreplicas: 1 + + containerResources: + requests: + memory: 1000Mi + limits: + memory: 1000Mi + + worker: + replicas: 1 + + containerResources: + requests: + cpu: 30m + memory: 500Mi + limits: + memory: 500Mi + +postgresql: + auth: + database: aleph + username: aleph + existingSecret: postgresql-secrets + secretKeys: + adminPasswordKey: adminPassword + userPasswordKey: userPassword + + resources: + requests: + memory: 500Mi + limits: + memory: 500Mi + +elasticsearch: + clusterName: "aleph-index" + + replicas: 1 + minimumMasterNodes: 1 + + image: "ghcr.io/alephdata/aleph-elasticsearch" + imageTag: "3bb5dbed97cfdb9955324d11e5c623a5c5bbc410" + imagePullPolicy: "IfNotPresent" + + esJavaOpts: "-Xmx2g -Xms2g" + esConfig: + elasticsearch.yml: | + xpack: + graph: + enabled: "false" + ml: + enabled: "false" + security: + enabled: "false" + + resources: + requests: + cpu: 1000m + memory: 3Gi + limits: + memory: 3Gi + + volumeClaimTemplate: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 5Gi + + clusterHealthCheckParams: "wait_for_status=red&timeout=1s" + +minio: + mode: standalone + replicas: 1 + existingSecret: minio-secrets + + resources: + requests: + memory: 500Mi + limits: + memory: 500Mi + +redis: + architecture: standalone + + auth: + enabled: false + + resources: + requests: + memory: 500Mi + limits: + memory: 500Mi diff --git a/helm/examples/kind/Makefile b/helm/examples/kind/Makefile deleted file mode 100644 index c6b122fc6f..0000000000 --- a/helm/examples/kind/Makefile +++ /dev/null @@ -1,66 +0,0 @@ -ENV="staging" - -create-cluster: - @echo "🔴 Creating a k8s cluster ..." - kind create cluster --name alephlocal --config kind-config.yml - -setup-kubectl: - @echo "🔴 Setting kubectl context to the local k8s cluster" - kubectl config use-context kind-alephlocal - -delete-cluster: - @echo "🔴 Deleteing the k8s cluster ..." - kind delete cluster --name alephlocal - -add-helm-repo: - @echo "🔴 Adding helm repos ..." - helm repo add --force-update bitnami https://charts.bitnami.com/bitnami - helm repo add --force-update elastic https://helm.elastic.co - helm repo add --force-update minio https://helm.min.io/ - -update-helm: - @echo "🔴 Updating the helm repos ..." - helm repo update - -install-postgres: update-helm - @echo "🔴 Installing Postgres database ..." - helm install aleph-postgres bitnami/postgresql -f values/postgres.yml -n $(ENV) - -install-elasticsearch: update-helm - @echo "🔴 Installing Elasticsearch cluster ..." - helm install aleph-index-master elastic/elasticsearch -f values/elasticsearch-master.yml -n $(ENV) - helm install aleph-index-data elastic/elasticsearch -f values/elasticsearch-data.yml -n $(ENV) - -install-redis: update-helm - @echo "🔴 Installing Redis ..." - helm install aleph-redis bitnami/redis -f values/redis.yml -n $(ENV) - -install-minio: update-helm - @echo "🔴 Installing MinIO ..." - helm install aleph-minio minio/minio --set accessKey=myaccesskey,secretKey=mysecretkey -n $(ENV) - -install-ingress: - @echo "🔴 Installing Nginx Ingress ..." - kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml - kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=90s - - -create-secrets: - kubectl -n $(ENV) delete --ignore-not-found=true secret aleph-secrets - kubectl -n $(ENV) create secret generic aleph-secrets --from-file=secrets/$(ENV)/aleph - -create-service-accounts: - kubectl -n $(ENV) delete --ignore-not-found=true secret service-account-aleph - kubectl -n $(ENV) create secret generic service-account-aleph --from-file=service-account.json=secrets/$(ENV)/service-accounts/service-account-aleph.json - - -create-infra: create-cluster setup-kubectl add-helm-repo update-helm - -create-services: install-postgres install-elasticsearch install-redis install-minio - -install-aleph: - @echo "🔴 Installing Aleph ..." - helm install aleph ../../charts/aleph -f ./values/$(ENV).yaml -n $(ENV) --timeout 10m0s diff --git a/helm/examples/kind/README.md b/helm/examples/kind/README.md deleted file mode 100644 index 05aae86044..0000000000 --- a/helm/examples/kind/README.md +++ /dev/null @@ -1,115 +0,0 @@ -# Aleph in KIND - -# Creating the local cluster - -Create cluster - -``` -make create-infra -``` - -This creates a 7 node cluster named `alephlocal` using [`kind`](https://kind.sigs.k8s.io/). The configuration -of this cluster can be changed by editing [`kind-config.yml`](kind-config.yml) - -# Creating namespaces - -Create namespaces - -``` -kubectl create -f k8s/namespace.yaml -``` - -This creates 2 namespaces named `dev` and `staging` in the k8s cluster. - -# Setting up kubectl contexts - -Setup kubectl contexts - -``` -kubectl config set-context dev --namespace=dev --cluster=kind-alephlocal --user=kind-alephlocal -kubectl config set-context staging --namespace=staging --cluster=kind-alephlocal --user=kind-alephlocal -``` - -This creates 2 kubectl contexts named `dev` and `staging` which correspond to the 2 namespaces we created earlier. -We can operate within one particular namespace by activating the corresponding context. - -To use one particular context: - -``` -kubectl config use-context staging -``` - -This activates the `staging` context and all our operations will affect the `staging` namespace unless we specify another namespace explicitly. - -# Setting up backend services - -Set up services like Redis, Postgres, es. Also installs MinIO as a local S3 alternative. - -``` -make create-services ENV=staging -``` - -This creates Redis, Postgresql and Elasticsearch services using helm. The config for each of these services can be tweaked by changing values in `values/*.yaml` files. - -Wait until all the pods from these service have the status `Running`. This will take a few minutes. You can check their status by running - -``` -watch kubectl get pods -n staging -``` - -# Creating secrets - -Some configurations like Aleph's secret key, authorized database url etc should be kept secrets. These files are -stored in `secrets/` directory. **The contents of this directory should be encrypted using [`git-crypt`](https://github.com/AGWA/git-crypt).** - -Create secrets etc - -``` -make create-secrets ENV=staging -make create-service-accounts ENV=staging -``` - -If using Google services like storage, vision api, please save the service-account.json file to `secrets/$(ENV)/service-accounts/service-account-aleph.json`. - -If using AWS services, please save the access key and secret key to `secrets/$(ENV)/aleph/AWS_ACCESS_KEY_ID` and `secrets/$(ENV)/aleph/AWS_SECRET_ACCESS_KEY_ID`. - -# Install Aleph and included microservices - -Install Aleph and related services using the helm charts in this repo: - -``` -helm install aleph ../../charts/aleph -f ./values/staging.yaml -n staging --timeout 10m0s -``` - -Or using the helm repository: - -``` -helm repo add aleph https://aleph-helm-charts.storage.googleapis.com -helm repo update -helm install aleph -f ./values/staging.yaml -n staging --timeout 10m0s aleph/aleph -``` - -Configuration values for Aleph can be changed in `values/$(ENV).yaml` - -Checkout the [`README`](../../charts/aleph/README.md) for available options. - -# Install nginx-ingress - -Install ingress controller - -``` -make install-ingress -``` - -Install ingresses - -``` -kubectl apply -f k8s/ingress.dev.yaml -kubectl apply -f k8s/ingress.staging.yaml -``` - -You'll have to edit the hostnames and create appropriate DNS entries for the hostnames (in `/etc/hosts` in case of localhost). - -# Set up port forwarding for MinIO - -If using MinIO on a local cluster, you'll need to port forward the service to port 9000 and setup a `/etc/hosts` entry to make it accessible in the host machines browser to serve files directly. diff --git a/helm/examples/kind/k8s/ingress.staging.yaml b/helm/examples/kind/k8s/ingress.staging.yaml deleted file mode 100644 index 4b932470b6..0000000000 --- a/helm/examples/kind/k8s/ingress.staging.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: aleph-ingress-staging - namespace: staging -spec: - rules: - - host: aleph.staging - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: aleph-ui - port: - number: 80 - - path: /api - pathType: Prefix - backend: - service: - name: aleph-api - port: - number: 8000 diff --git a/helm/examples/kind/k8s/namespace.yaml b/helm/examples/kind/k8s/namespace.yaml deleted file mode 100644 index f797b8c1a9..0000000000 --- a/helm/examples/kind/k8s/namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ -"apiVersion": "v1" -"kind": "Namespace" -"metadata": - "name": "dev" - "labels": - "name": "dev" ---- -"apiVersion": "v1" -"kind": "Namespace" -"metadata": - "name": "staging" - "labels": - "name": "staging" diff --git a/helm/examples/kind/kind-config.yml b/helm/examples/kind/kind-config.yml deleted file mode 100644 index 28a27e2028..0000000000 --- a/helm/examples/kind/kind-config.yml +++ /dev/null @@ -1,62 +0,0 @@ -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -nodes: - - role: control-plane - kubeadmConfigPatches: - - | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" - extraPortMappings: - - containerPort: 80 - hostPort: 80 - protocol: TCP - - role: worker - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - # This adds to this worker two node labels. - node-labels: "tier=backend,lifespan=permanent" - - role: worker - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - # This adds to this worker two node labels. - node-labels: "tier=backend,lifespan=permanent" - - role: worker - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - # This adds to this worker two node labels. - node-labels: "tier=application,lifespan=permanent" - - role: worker - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - # This adds to this worker two node labels. - node-labels: "tier=application,lifespan=permanent" - - role: worker - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - # This adds to this worker two node labels. - node-labels: "tier=application,lifespan=transient" - - role: worker - kubeadmConfigPatches: - - | - kind: JoinConfiguration - nodeRegistration: - kubeletExtraArgs: - # This adds to this worker two node labels. - node-labels: "tier=application,lifespan=transient" diff --git a/helm/examples/kind/secrets/dev/aleph/ALEPH_DATABASE_URI b/helm/examples/kind/secrets/dev/aleph/ALEPH_DATABASE_URI deleted file mode 100644 index 8697be47f5..0000000000 --- a/helm/examples/kind/secrets/dev/aleph/ALEPH_DATABASE_URI +++ /dev/null @@ -1 +0,0 @@ -postgresql://aleph:aleph@aleph-postgres-postgresql.dev.svc/aleph \ No newline at end of file diff --git a/helm/examples/kind/secrets/dev/aleph/FTM_STORE_URI b/helm/examples/kind/secrets/dev/aleph/FTM_STORE_URI deleted file mode 100644 index 8697be47f5..0000000000 --- a/helm/examples/kind/secrets/dev/aleph/FTM_STORE_URI +++ /dev/null @@ -1 +0,0 @@ -postgresql://aleph:aleph@aleph-postgres-postgresql.dev.svc/aleph \ No newline at end of file diff --git a/helm/examples/kind/secrets/dev/service-accounts/service-account-aleph.json b/helm/examples/kind/secrets/dev/service-accounts/service-account-aleph.json deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/helm/examples/kind/secrets/staging/aleph/ALEPH_DATABASE_URI b/helm/examples/kind/secrets/staging/aleph/ALEPH_DATABASE_URI deleted file mode 100644 index c4a8d82de1..0000000000 --- a/helm/examples/kind/secrets/staging/aleph/ALEPH_DATABASE_URI +++ /dev/null @@ -1 +0,0 @@ -postgresql://aleph:aleph@aleph-postgres-postgresql.staging.svc/aleph \ No newline at end of file diff --git a/helm/examples/kind/secrets/staging/aleph/ALEPH_OAUTH_SECRET b/helm/examples/kind/secrets/staging/aleph/ALEPH_OAUTH_SECRET deleted file mode 100644 index ac8522fb58..0000000000 --- a/helm/examples/kind/secrets/staging/aleph/ALEPH_OAUTH_SECRET +++ /dev/null @@ -1 +0,0 @@ -xxx \ No newline at end of file diff --git a/helm/examples/kind/secrets/staging/aleph/ALEPH_SECRET_KEY b/helm/examples/kind/secrets/staging/aleph/ALEPH_SECRET_KEY deleted file mode 100644 index 568ef951de..0000000000 --- a/helm/examples/kind/secrets/staging/aleph/ALEPH_SECRET_KEY +++ /dev/null @@ -1 +0,0 @@ -SeCr3tK3Y \ No newline at end of file diff --git a/helm/examples/kind/secrets/staging/aleph/FTM_STORE_URI b/helm/examples/kind/secrets/staging/aleph/FTM_STORE_URI deleted file mode 100644 index c4a8d82de1..0000000000 --- a/helm/examples/kind/secrets/staging/aleph/FTM_STORE_URI +++ /dev/null @@ -1 +0,0 @@ -postgresql://aleph:aleph@aleph-postgres-postgresql.staging.svc/aleph \ No newline at end of file diff --git a/helm/examples/kind/secrets/staging/service-accounts/service-account-aleph.json b/helm/examples/kind/secrets/staging/service-accounts/service-account-aleph.json deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/helm/examples/kind/values/dev.yaml b/helm/examples/kind/values/dev.yaml deleted file mode 100644 index e6b3b2cbb5..0000000000 --- a/helm/examples/kind/values/dev.yaml +++ /dev/null @@ -1,12 +0,0 @@ -global: - google: false - commonEnv: - REDIS_URL: redis://aleph-redis-master.dev.svc.cluster.local:6379/0 - ARCHIVE_TYPE: s3 - ARCHIVE_BUCKET: aleph-archive - ARCHIVE_ENDPOINT_URL: http://aleph-minio.dev.svc.cluster.local:9000 - env: - ALEPH_APP_TITLE: "Aleph Dev" - ALEPH_APP_DESCRIPTION: "Dev archive of research material for investigative reporting." - ALEPH_UI_URL: http://aleph.devel - ALEPH_ELASTICSEARCH_URI: http://aleph-index-master.dev.svc.cluster.local:9200 diff --git a/helm/examples/kind/values/elasticsearch-data.yml b/helm/examples/kind/values/elasticsearch-data.yml deleted file mode 100644 index bf5743ad2e..0000000000 --- a/helm/examples/kind/values/elasticsearch-data.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -nodeGroup: "data" -masterService: "aleph-index-master" -clusterName: "aleph-index" - -roles: - master: "false" - ingest: "true" - data: "true" - ml: "false" - remote_cluster_client: "false" - -replicas: 3 - -image: "ghcr.io/alephdata/aleph-elasticsearch" -imageTag: "3bb5dbed97cfdb9955324d11e5c623a5c5bbc410" -imagePullPolicy: "IfNotPresent" - -esJavaOpts: "-Xmx2g -Xms2g" -esConfig: - elasticsearch.yml: | - xpack: - graph: - enabled: "false" - ml: - enabled: "false" - security: - enabled: "false" - -resources: - requests: - cpu: "500m" - memory: "2Gi" - limits: - cpu: "700m" - memory: "3Gi" - -volumeClaimTemplate: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: 10Gi - -antiAffinity: disable diff --git a/helm/examples/kind/values/elasticsearch-master.yml b/helm/examples/kind/values/elasticsearch-master.yml deleted file mode 100644 index 3fc0875f8b..0000000000 --- a/helm/examples/kind/values/elasticsearch-master.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -nodeGroup: "master" -masterService: "aleph-index-master" -clusterName: "aleph-index" - -roles: - master: "true" - ingest: "false" - data: "false" - ml: "false" - remote_cluster_client: "false" - -replicas: 2 - -image: "ghcr.io/alephdata/aleph-elasticsearch" -imageTag: "3bb5dbed97cfdb9955324d11e5c623a5c5bbc410" -imagePullPolicy: "IfNotPresent" - -esJavaOpts: "-Xmx1g -Xms1g" -esConfig: - elasticsearch.yml: | - xpack: - graph: - enabled: "false" - ml: - enabled: "false" - security: - enabled: "false" - -resources: - requests: - cpu: "300m" - memory: "1500Mi" - limits: - cpu: "600m" - memory: "2000Mi" - -volumeClaimTemplate: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: 1Gi - -antiAffinity: disable diff --git a/helm/examples/kind/values/postgres.yml b/helm/examples/kind/values/postgres.yml deleted file mode 100644 index 113bf6eca4..0000000000 --- a/helm/examples/kind/values/postgres.yml +++ /dev/null @@ -1,3 +0,0 @@ -postgresqlUsername: aleph -postgresqlPassword: aleph -postgresqlDatabase: aleph \ No newline at end of file diff --git a/helm/examples/kind/values/redis.yml b/helm/examples/kind/values/redis.yml deleted file mode 100644 index 4c6f48bf4d..0000000000 --- a/helm/examples/kind/values/redis.yml +++ /dev/null @@ -1,3 +0,0 @@ -architecture: standalone -auth: - enabled: false diff --git a/helm/examples/kind/values/staging.yaml b/helm/examples/kind/values/staging.yaml deleted file mode 100644 index 1a57ba04eb..0000000000 --- a/helm/examples/kind/values/staging.yaml +++ /dev/null @@ -1,12 +0,0 @@ -global: - google: false - commonEnv: - REDIS_URL: redis://aleph-redis-master.staging.svc.cluster.local:6379/0 - ARCHIVE_TYPE: s3 - ARCHIVE_BUCKET: aleph-archive - ARCHIVE_ENDPOINT_URL: http://aleph-minio.staging.svc.cluster.local:9000 - env: - ALEPH_APP_TITLE: "Aleph Staging" - ALEPH_APP_DESCRIPTION: "Staging archive of research material for investigative reporting." - ALEPH_UI_URL: http://aleph.staging - ALEPH_ELASTICSEARCH_URI: http://aleph-index-master.staging.svc.cluster.local:9200 \ No newline at end of file