Skip to content

Commit

Permalink
🔧 make all config dynamic, create taskfile and add index task
Browse files Browse the repository at this point in the history
  • Loading branch information
@georgepstaylor
georgepstaylor committed Sep 4, 2024
1 parent f34a8e7 commit 282ef4c
Show file tree
Hide file tree
Showing 7 changed files with 193 additions and 75 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ kustomize/base/charts/
kustomize/**/charts/
kustomize/**/output.yaml
kustomize/base/resources.yaml
jobs/reindex/values-reindex-*.yaml
169 changes: 169 additions & 0 deletions Taskfile.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
version: "3"

vars:
ENV: "{{.ENV}}"
NAMESPACE:
sh: echo "hmpps-delius-alfrsco-{{.ENV}}"
BUCKET_NAME:
sh: kubectl get secret s3-bucket-output -n {{.NAMESPACE}} -o jsonpath='{.data.BUCKET_NAME}' | base64 --decode
OPEN_SEARCH_PREFIX:
sh: kubectl get svc --namespace {{.NAMESPACE}} | grep 'opensearch-proxy-service-cloud-platform' | awk '{ print $1 }'
OPENSEARCH_HOST:
sh: echo "{{.OPEN_SEARCH_PREFIX}}.{{.NAMESPACE}}.svc.cluster.local"
ALLOWLIST:
sh: yq 'join(",")' ./kustomize/{{.ENV}}/allowlist.yaml
RDS_JDBC_URL:
sh: kubectl get secrets rds-instance-output --namespace {{.NAMESPACE}} -o json | jq -r ".data | map_values(@base64d) | .RDS_JDBC_URL"
DEBUG: "false"
DEBUG_FLAG:
sh: if [ "{{.DEBUG}}" = "true" ]; then echo "--debug"; else echo ""; fi
HELM_POST_RENDERER_ARGS:
sh: if [ "{{.DEBUG}}" = "true" ]; then echo "-d true"; else echo "-d false"; fi
ATOMIC: "true"
ATOMIC_FLAG:
sh: if [ "{{.ATOMIC}}" = "true" ]; then echo "--atomic"; else echo ""; fi
CHART_VERSION: "6.0.2"

tasks:
helm_upgrade:
cmds:
- echo "NAMESPACE set to {{.NAMESPACE}}"
- echo "BUCKET_NAME set to {{.BUCKET_NAME}}"
- echo "OPEN_SEARCH_PREFIX set to {{.OPEN_SEARCH_PREFIX}}"
- echo "OPENSEARCH_HOST set to {{.OPENSEARCH_HOST}}"
- echo "RDS_JDBC_URL set to {{.RDS_JDBC_URL}}"
- echo "DEBUG set to {{.DEBUG}}"
- task: helm_repo_add
- task: update_allowlist
- task: helm_upgrade_install
vars:
NAMESPACE: "{{.NAMESPACE}}"
BUCKET_NAME: "{{.BUCKET_NAME}}"
OPENSEARCH_HOST: "{{.OPENSEARCH_HOST}}"
RDS_JDBC_URL: "{{.RDS_JDBC_URL}}"
DEBUG_FLAG: "{{.DEBUG_FLAG}}"
ATOMIC_FLAG: "{{.ATOMIC_FLAG}}"
- task: reset_allowlist
silent: true

prepare_namespace:
internal: true
cmds:
- |
export BUCKET_NAME=$(kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)
if [ "${ENV}" = "poc" ]; then
export NAMESPACE=hmpps-delius-alfrsco-${ENV}
else
export NAMESPACE=hmpps-delius-alfresco-${ENV}
fi
export OPENSEARCH_PREFIX=$(kubectl get svc --namespace ${NAMESPACE} | grep 'opensearch-proxy-service-cloud-platform' | awk '{ print $1 }')
export OPENSEARCH_HOST=${OPENSEARCH_PREFIX}.${NAMESPACE}.svc.cluster.local
export RDS_JDBC_URL=$(kubectl get secrets rds-instance-output --namespace ${NAMESPACE} -o json | jq -r ".data | map_values(@base64d) | .RDS_JDBC_URL")
export EXTRACTED=$(yq 'join(",")' ./kustomize/${ENV}/allowlist.yaml)
echo "Using namespace: ${NAMESPACE}"
update_allowlist:
internal: true
dir: ./kustomize/{{.ENV}}
cmds:
- |
export ALLOWLIST={{.ALLOWLIST}}
yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = strenv(ALLOWLIST)' -i ./patch-ingress-repository.yaml
yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = strenv(ALLOWLIST)' -i ./patch-ingress-share.yaml
helm_repo_add:
internal: true
cmds:
- helm repo add alfresco https://kubernetes-charts.alfresco.com/stable --force-update

helm_upgrade_install:
internal: true
dir: ./kustomize/{{.ENV}}
cmds:
- |
helm upgrade --install alfresco-content-services alfresco/alfresco-content-services --version {{.CHART_VERSION}} --namespace {{.NAMESPACE}} \
--values=../base/values.yaml --values=values.yaml \
--set s3connector.config.bucketName={{.BUCKET_NAME}} \
--set database.url={{.RDS_JDBC_URL}} \
--set global.elasticsearch.host={{.OPENSEARCH_HOST}} \
--set alfresco-search-enterprise.searchIndex.host={{.OPENSEARCH_HOST}} \
--wait --timeout=20m \
--post-renderer ../kustomizer.sh --post-renderer-args "{{.HELM_POST_RENDERER_ARGS}}" \
{{.DEBUG_FLAG}} {{.ATOMIC_FLAG}}
reset_allowlist:
internal: true
dir: ./kustomize/{{.ENV}}
cmds:
- yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-repository.yaml
- yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-share.yaml

batch_reindex:
vars:
START: 0
END: 10050
CHUNK: 1000
CONCURRENCY: 5
HELM_ARRAY:
sh: |
yml=$(
for i in $(seq {{.START}} {{.CHUNK}} {{.END}}); do
new_start=$i
end=$((i + {{.CHUNK}} - 1))
if [ $end -gt {{.END}} ]; then
end={{.END}}
fi
cat << EOF
- fromId: ${new_start}
toId: ${end}
EOF
done
)
echo "$yml"
cmds:
- echo "Starting batch reindex from {{.START}} to {{.END}} in chunks of {{.CHUNK}}"
- task: run_reindex_batches
vars:
OPENSEARCH_HOST: "{{.OPENSEARCH_HOST}}"
NAMESPACE: "{{.NAMESPACE}}"
HELM_ARRAY: "{{.HELM_ARRAY}}"
CONCURRENCY: "{{.CONCURRENCY}}"

run_reindex_batches:
cmds:
- |
# Get the total number of items
export yaml_content="{{.HELM_ARRAY}}"
total_items=$(echo "$yaml_content" | yq eval 'length' -)
echo "Total items: $total_items"
# Loop through the items in batches of {{.CONCURRENCY}}
for ((i=0; i<total_items; i+={{.CONCURRENCY}})); do
echo "Batch $((i/{{.CONCURRENCY}} + 1)):"
yml_batch=$(echo "$yaml_content" | yq eval ".[$i:$((i+{{.CONCURRENCY}}))]" -)
echo "$yml_batch"
date=$(date '+%Y%m%d-%H%M%S')
release_name="reindex-$((i/{{.CONCURRENCY}} + 1))-${date}"
touch ./jobs/reindex/values-${release_name}.yaml
cat << EOF > ./jobs/reindex/values-${release_name}.yaml
reindex_batches:
$(echo "$yml_batch" | sed 's/^/ /' | sed 's/^ -/ -/')
EOF
cat ./jobs/reindex/values-${release_name}.yaml
echo "helm command: helm install $release_name jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "release_name=${release_name}" -f ./jobs/reindex/values.yaml -f ./jobs/reindex/values-${release_name}.yaml --namespace {{.NAMESPACE}}"
helm install "$release_name" jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "release_name=${release_name}" -f ./jobs/reindex/values.yaml -f ./jobs/reindex/values-${release_name}.yaml --namespace {{.NAMESPACE}}
kubectl wait --for=condition=complete jobs --namespace {{.NAMESPACE}} -l "reindex-job=$release_name" --timeout=600s
echo "Batch $((i/{{.CONCURRENCY}} + 1)) completed"
# Uninstall the job and remove the values file
helm uninstall "$release_name" --namespace {{.NAMESPACE}}
rm -f ./jobs/reindex/values-${release_name}.yaml
done
echo "All batches completed"
2 changes: 1 addition & 1 deletion jobs/reindex/templates/reindexing-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap
name: "{{ .Values.release_name }}-configmap"
data:
ELASTICSEARCH_INDEXNAME: "{{ .Values.indexName }}"
{{ template "alfresco-search-enterprise.config.spring" . }}
Expand Down
35 changes: 20 additions & 15 deletions jobs/reindex/templates/reindexing-job.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
{{- range .Values.reindex_batches }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: alfresco-content-services-alfresco-search-enterprise-reindexing
{{- range .Values.reindex_batches }}
---
name: reindexing-{{.fromId}}-{{.toId}}-{{ $.Values.release_name }}
labels:
reindex-job: {{ $.Values.release_name }}
spec:
template:
metadata:
{{- with .Values.podAnnotations }}
{{- with $.Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
Expand All @@ -22,12 +24,12 @@ spec:
supplementalGroups:
- 1
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
- name: {{ $.Values.imagePullSecrets }}
restartPolicy: Never
containers:
- name: alfresco-content-services-alfresco-search-enterprise-reindexing-{{.fromId}}-{{.toId}}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
- name: reindexing-{{.fromId}}-{{.toId}}-{{ $.Values.release_name }}
image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
imagePullPolicy: {{ $.Values.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand All @@ -36,26 +38,26 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
resources: {{- toYaml .Values.resources | nindent 12 }}
resources: {{- toYaml $.Values.resources | nindent 12 }}
volumeMounts:
- name: reindexing-prefixes-file-volume
mountPath: /alf/reindex.prefixes-file.json
subPath: reindex.prefixes-file.json
envFrom:
- configMapRef:
name: alfresco-content-services-alfresco-search-enterprise-reindexing-configmap
name: "{{ $.Values.release_name }}-configmap"
- secretRef:
name: {{ .Values.messageBroker.existingSecretName }} # Ensure this value is set correctly
name: {{ $.Values.messageBroker.existingSecretName }} # Ensure this value is set correctly
env:
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecretName }} # Ensure this value is set correctly
name: {{ $.Values.postgresql.existingSecretName }} # Ensure this value is set correctly
key: DATABASE_PASSWORD
- name: SPRING_DATASOURCE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecretName }} # Ensure this value is set correctly
name: {{ $.Values.postgresql.existingSecretName }} # Ensure this value is set correctly
key: DATABASE_USERNAME
{{- include "spring.activemq.env" . | nindent 12 }}
- name: ALFRESCO_REINDEX_PREFIXES_FILE
Expand All @@ -65,14 +67,16 @@ spec:
secretKeyRef:
name: rds-instance-output
key: RDS_JDBC_URL
- name: JAVA_OPTS
value: "-Dalfresco.reindex.fromId={{.fromId}} -Dalfresco.reindex.toId={{.toId}}"
ports:
- name: http
containerPort: 8080
protocol: TCP
volumes:
- name: reindexing-prefixes-file-volume
configMap:
name: reindexing-prefixes-file-configmap
name: "{{ $.Values.release_name }}-prefixes-configmap"
initContainers:
- name: wait-for-repository
image: curlimages/curl:7.79.1
Expand All @@ -82,10 +86,11 @@ spec:
runAsUser: 33000
seccompProfile:
type: RuntimeDefault
resources: {{- toYaml .Values.initcontainers.waitForRepository.resources | nindent 12 }}
resources: {{- toYaml $.Values.initcontainers.waitForRepository.resources | nindent 12 }}
env:
- name: ALFRESCO_REPOSITORY_URL
value: http://alfresco-content-services-alfresco-cs-repository/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready-
command: [ "/bin/sh","-c" ]
# Delay running the reindexing to give Alfresco Repository a chance to fully initialise
args: [ "while [ $(curl -sw '%{http_code}' $ALFRESCO_REPOSITORY_URL -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the Alfresco Repository...'; done; echo 'Alfresco is ready, delay reindexing to give a chance to fully initialise.'; sleep 30; echo 'Reindexing started!'" ]
{{- end }}
2 changes: 1 addition & 1 deletion jobs/reindex/templates/reindexing-prefixes-config-map.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: reindexing-prefixes-file-configmap
name: "{{ .Values.release_name }}-prefixes-configmap"
data:
reindex.prefixes-file.json: |
{
Expand Down
2 changes: 1 addition & 1 deletion jobs/reindex/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ messageBroker:
# -- Broker password
password: null
# -- Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys
existingSecretName: acs-alfresco-cs-brokersecret
existingSecretName: amazon-mq-broker-secret
global:
alfrescoRegistryPullSecrets: quay-registry-secret
# -- Shared connections details for Elasticsearch/Opensearch cluster
Expand Down
57 changes: 0 additions & 57 deletions makefile
View file

This file was deleted.

0 comments on commit 282ef4c

Please sign in to comment.