From 79640fd21a27b7a6545ec2ce994bd177488c2faa Mon Sep 17 00:00:00 2001 From: Chris Marslender Date: Tue, 17 Sep 2024 19:56:18 -0500 Subject: [PATCH 1/2] Fix review apps --- .github/workflows/delete-review.yml | 21 ++++++--- .github/workflows/deploy-review.yml | 20 ++++---- helm/pub-metrics-grafana/templates/cert.yaml | 16 +++++++ .../templates/ingress.yaml | 47 +++---------------- helm/pub-metrics-grafana/values.yaml | 25 +++++----- helm/values.yaml.j2 | 16 ++----- 6 files changed, 61 insertions(+), 84 deletions(-) create mode 100644 helm/pub-metrics-grafana/templates/cert.yaml diff --git a/.github/workflows/delete-review.yml b/.github/workflows/delete-review.yml index ea35a5b..243eb48 100644 --- a/.github/workflows/delete-review.yml +++ b/.github/workflows/delete-review.yml @@ -13,7 +13,7 @@ concurrency: jobs: delete: - runs-on: [k8s-public] + runs-on: k8s-public-msp container: image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 steps: @@ -25,15 +25,22 @@ jobs: vault_url: ${{ secrets.VAULT_URL }} role_name: github-pub-metrics-grafana - - name: Get ephemeral aws credentials - uses: Chia-Network/actions/vault/aws-sts@main + - name: Get secrets from vault + uses: hashicorp/vault-action@v3 + with: + url: ${{ secrets.VAULT_URL }} + token: ${{ env.VAULT_TOKEN }} + secrets: | + secret/data/msp/k8s/k8s-msp api_server_url | K8S_API_SERVER_URL; + + - name: Login to k8s cluster + uses: Chia-Network/actions/vault/k8s-login@main with: vault_url: ${{ secrets.VAULT_URL }} vault_token: ${{ env.VAULT_TOKEN }} - role_name: pub-metrics-deploy - - - name: Log in to cluster - run: aws eks update-kubeconfig --name pub-metrics --region us-west-2 + backend_name: k8s-msp + role_name: github-actions + cluster_url: ${{ env.K8S_API_SERVER_URL }} - name: Helm Uninstall env: diff --git a/.github/workflows/deploy-review.yml b/.github/workflows/deploy-review.yml index abec17d..ad4662d 100644 --- a/.github/workflows/deploy-review.yml +++ b/.github/workflows/deploy-review.yml @@ -20,7 +20,7 @@ jobs: deploy: needs: - package - runs-on: [k8s-public] + runs-on: k8s-public-msp container: image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 environment: @@ -41,23 +41,23 @@ jobs: url: ${{ secrets.VAULT_URL }} token: ${{ env.VAULT_TOKEN }} secrets: | - secret/data/pub-metrics-eks/rds/rds-info db_host | BLOCK_METRICS_DB_HOST; - secret/data/pub-metrics-eks/rds/blocks-read-user username | BLOCK_METRICS_USER; - secret/data/pub-metrics-eks/rds/blocks-read-user password | BLOCK_METRICS_PASSWORD; + secret/data/msp/k8s/k8s-msp api_server_url | K8S_API_SERVER_URL; + secret/data/msp/mysql/db-info host | DB_HOST; + secret/data/msp/mysql/users/grafana-read-pub username | GRAFANA_PUB_READ_USERNAME; + secret/data/msp/mysql/users/grafana-read-pub password | GRAFANA_PUB_READ_PASSWORD; - name: Template grafana configs run: | j2 templates/datasources.yaml.j2 -o helm/pub-metrics-grafana/datasources - - name: Get ephemeral aws credentials - uses: Chia-Network/actions/vault/aws-sts@main + - name: Login to k8s cluster + uses: Chia-Network/actions/vault/k8s-login@main with: vault_url: ${{ secrets.VAULT_URL }} vault_token: ${{ env.VAULT_TOKEN }} - role_name: pub-metrics-deploy - - - name: Log in to cluster - run: aws eks update-kubeconfig --name pub-metrics --region us-west-2 + backend_name: k8s-msp + role_name: github-actions + cluster_url: ${{ env.K8S_API_SERVER_URL }} - uses: Chia-Network/actions/helm/deploy@main env: diff --git a/helm/pub-metrics-grafana/templates/cert.yaml b/helm/pub-metrics-grafana/templates/cert.yaml new file mode 100644 index 0000000..efd966a --- /dev/null +++ b/helm/pub-metrics-grafana/templates/cert.yaml @@ -0,0 +1,16 @@ +{{ if .Values.deployCert }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: grafana-star + labels: + {{- include "pub-metrics-grafana.labels" . | nindent 4 }} +spec: + secretName: grafana-star-tls + dnsNames: + - "dashboard.chia.net" + - "*.dashboard.chia.net" + issuerRef: + name: letsencrypt-cf + kind: ClusterIssuer +{{ end }} diff --git a/helm/pub-metrics-grafana/templates/ingress.yaml b/helm/pub-metrics-grafana/templates/ingress.yaml index f72696c..fdb81af 100644 --- a/helm/pub-metrics-grafana/templates/ingress.yaml +++ b/helm/pub-metrics-grafana/templates/ingress.yaml @@ -1,18 +1,6 @@ -{{- if .Values.ingress.enabled -}} {{- $fullName := include "pub-metrics-grafana.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- $servicePort := .Values.ingress.servicePort -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -23,39 +11,18 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} + - {{ .Values.ingress.hostname | quote }} + secretName: {{ .Values.ingress.tls.secretName }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ .Values.ingress.hostname | quote }} http: paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} + - pathType: Prefix + path: / backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }} port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} + name: {{ $servicePort }} diff --git a/helm/pub-metrics-grafana/values.yaml b/helm/pub-metrics-grafana/values.yaml index 80e8a66..50fde9f 100644 --- a/helm/pub-metrics-grafana/values.yaml +++ b/helm/pub-metrics-grafana/values.yaml @@ -45,21 +45,18 @@ service: port: 80 annotations: {} +# We'll deploy the cert from the main deployment +# and just use the secret thats already there from the review apps +deployCert: true + ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + hostname: dashboard.chia.net + annotations: + ingress.kubernetes.io/ssl-redirect: "true" + servicePort: http + tls: + enabled: true + secretName: grafana-star-tls resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/helm/values.yaml.j2 b/helm/values.yaml.j2 index 77d697e..f2482ad 100644 --- a/helm/values.yaml.j2 +++ b/helm/values.yaml.j2 @@ -4,20 +4,10 @@ image: pullPolicy: IfNotPresent tag: {{ IMAGE_TAG }} +deployCert: {{ HOSTNAME == 'dashboard.chia.net' }} + ingress: - enabled: true - className: nginx - annotations: - # Using cloudflare load balancers for routing, not normal DNS - external-dns.alpha.kubernetes.io/hostname: "" - hosts: - - host: {{ HOSTNAME }} - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - dashboard.chia.net + hostname: {{ HOSTNAME }} env: - name: GF_SERVER_ROOT_URL From 44a7c9f81bc97ef036d4fc7ee3470a5f5c981d78 Mon Sep 17 00:00:00 2001 From: Chris Marslender Date: Tue, 17 Sep 2024 20:02:47 -0500 Subject: [PATCH 2/2] Fix namespace --- .github/workflows/delete-review.yml | 2 +- .github/workflows/deploy-review.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/delete-review.yml b/.github/workflows/delete-review.yml index 243eb48..077e9a0 100644 --- a/.github/workflows/delete-review.yml +++ b/.github/workflows/delete-review.yml @@ -46,4 +46,4 @@ jobs: env: REVIEW_SLUG: ${{ github.event.pull_request.number }} run: | - helm uninstall -n "grafana" "grafana-$REVIEW_SLUG" + helm uninstall -n "grafana-pub" "grafana-$REVIEW_SLUG" diff --git a/.github/workflows/deploy-review.yml b/.github/workflows/deploy-review.yml index ad4662d..fac8b01 100644 --- a/.github/workflows/deploy-review.yml +++ b/.github/workflows/deploy-review.yml @@ -66,7 +66,7 @@ jobs: IMAGE_TAG: "sha-${{ github.sha }}" REVIEW_SLUG: ${{ github.event.pull_request.number }} with: - namespace: grafana + namespace: grafana-pub app_name: "grafana-${{ env.REVIEW_SLUG }}" helm_chart: "./helm/pub-metrics-grafana" helm_values: "./helm/values.yaml"