From abb5070293636a827af2b4c3794bf993e7918e45 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Wed, 21 Aug 2024 12:49:23 +0100 Subject: [PATCH 01/11] Correct inaccuracies in documentation --- README-Kubernetes.md | 18 +++++++++--------- README.md | 23 +++++++++-------------- 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/README-Kubernetes.md b/README-Kubernetes.md index a534f53..38dc72f 100644 --- a/README-Kubernetes.md +++ b/README-Kubernetes.md @@ -2,7 +2,7 @@ 1. [Docker credentials](#docker-credentials) 2. [Routing](#routing) -2. [Instance setup](#instance-setup) +3. [Instance setup](#instance-setup) ## Pre-requisites @@ -33,7 +33,7 @@ web: ## Routing -Before installing you need to configure a few things in a +Before installing, you need to configure a few things in a `values-overrides.yaml` file. ```yaml @@ -43,11 +43,11 @@ ingress: The ingress is configured using the following variables: -Parameter | Description | Default -----------|-------------|-------- -`ingress.enabled` | Whether to enable ingress | `true` -`ingress.class` | Class of the ingress if enabled | `nginx-internal` -`ingress.sslSecretName` | The ingress ssl secret for HTTPS | `your-ssl-secret` +| Parameter | Description | Default | +|-------------------------|----------------------------------|-------------------| +| `ingress.enabled` | Whether to enable ingress | `true` | +| `ingress.class` | Class of the ingress if enabled | `nginx-internal` | +| `ingress.sslSecretName` | The ingress ssl secret for HTTPS | `your-ssl-secret` | ## Instance setup @@ -58,7 +58,7 @@ kubectl get pods --namespace invenio kubectl exec -it bash --namespace invenio # is found with the previous command ``` -Then you can run invenio commands and setup your instance +Then you can run invenio commands and set up your instance ```bash . scl_source enable rh-python36 @@ -66,7 +66,7 @@ invenio db init # If the db does not exist already invenio db create invenio index init invenio index queue init purge -invenio files location --default 'default-location' $(invenio shell --no-term-title -c "print(app.instance_path)")'/data' +invenio files location --default 'default-location' $(invenio shell --no-term-title -c "print(app.instance_path)")'/data' invenio roles create admin invenio access allow superuser-access role admin invenio rdm-records demo diff --git a/README.md b/README.md index ae53222..758a5ea 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ change. - The web/worker docker images. If you need credentials you can see how to set them up in [Kubernetes](README-Kubernetes/#docker-credentials). -``` yaml +```yaml host: yourhost.localhost web: @@ -52,21 +52,16 @@ invenio: demo_data: true # for a demo set of records default_users: # for creating users on install "user@example.com": "password" - secret-key: "my-very-safe-secret" + secret_key: "my-very-safe-secret" rabbitmq: - default_password: "mq_password" - # Edit the following URI with the values from just above - celery_broker_uri: "amqp://guest:mq_password@mq:5672/" + auth: + password: "mq_password" postgresql: - user: "invenio" - password: "db_password" - host: "db" - port: "5432" - database: "invenio" - # Edit the following URI with the values from just above - sqlalchemy_db_uri: "postgresql+psycopg2://invenio:db_password@db:5432/invenio" + auth: + password: "db_password" + ``` It's however **strongly advised** to override them either through a value file @@ -80,8 +75,8 @@ flags can be used in the same command. ```bash DB_PASSWORD=$(openssl rand -hex 8) helm install -f safe-values.yaml \ - --set search.password=$SEARCH_PASSWORD \ - --set postgresql.password=$DB_PASSWORD \ + --set rabbitmq.auth.password=$RABBITMQ_PASSWORD \ + --set postgresql.auth.password=$DB_PASSWORD \ invenio ./invenio-k8s --namespace invenio ``` From 3549a30e2e12adb0efb5c5468afb3e430a952ffe Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Wed, 21 Aug 2024 12:51:42 +0100 Subject: [PATCH 02/11] Mention and link chart dependencies --- README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 758a5ea..6dff080 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# [Beta] Invenio Helm Chart +# [Beta] Invenio Helm Chart v. 0.2.1 This repository contains the helm chart to deploy an Invenio instance. @@ -21,6 +21,16 @@ change. - [Kubernetes](README-Kubernetes.md) - [OpenShift](README-OpenShift.md) +## Dependencies +This Helm chart uses Bitnami charts as [dependencies](https://helm.sh/docs/chart_best_practices/dependencies/) +for the following exact pinned versions: +* Opensearch 1.0.0 ([values.yaml](https://github.com/bitnami/charts/blob/opensearch/1.0.0/bitnami/opensearch/values.yaml)) +* PostgreSQL 14.0.1 ([values.yaml](https://github.com/bitnami/charts/blob/postgresql/14.0.1/bitnami/postgresql/values.yaml)) +* RabbitMQ 12.9.3 ([values.yaml](https://github.com/bitnami/charts/blob/rabbitmq/12.9.3/bitnami/rabbitmq/values.yaml)) +* Redis 18.12.0 ([values.yaml](https://github.com/bitnami/charts/blob/redis/18.12.0/bitnami/redis/values.yaml)) + +Each one of them has a persistent volume claim for 8gb by default. Note that by default Redis will spin up 3 replicas. + ## Configuration :warning: Before installing you need to configure two things in your From 0c3d0b3be179a47d7194265d32b52b79723b8335 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Wed, 21 Aug 2024 12:53:33 +0100 Subject: [PATCH 03/11] Add persistence config to values.yaml --- charts/invenio/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index 25bb52d..3fcd4d1 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -185,6 +185,8 @@ redis: requests: cpu: 500m memory: 500Mi + persistence: + size: 8Gi rabbitmq: enabled: true @@ -197,6 +199,8 @@ rabbitmq: requests: cpu: "1" memory: 2Gi + persistence: + size: 8Gi rabbitmqExternal: {} @@ -220,11 +224,15 @@ postgresql: auth: username: invenio database: invenio + persistence: + size: 8Gi postgresqlExternal: {} opensearch: enabled: true + persistence: + size: 8Gi externalOpensearch: {} From 79b95ac7089d49469e8ff36f4e8ddae6d365df9c Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Mon, 26 Aug 2024 11:09:26 +0100 Subject: [PATCH 04/11] Confirm created users and add create fixtures option to init job --- charts/invenio/templates/install-init-job.yaml | 8 ++++++-- charts/invenio/values.yaml | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml index ca8a2e5..c2c1217 100644 --- a/charts/invenio/templates/install-init-job.yaml +++ b/charts/invenio/templates/install-init-job.yaml @@ -10,13 +10,17 @@ metadata: "helm.sh/hook": post-install "helm.sh/hook-weight": "1" {{/* "helm.sh/hook-delete-policy": hook-succeeded*/}} -{{- $cmd := "invenio db init && invenio db create && invenio index init && invenio index queue init purge && invenio files location --default 'default-location' $(invenio shell --no-term-title -c \"print(app.instance_path)\")'/data' && invenio roles create admin && invenio access allow superuser-access role admin" -}} + {{- $cmd := "invenio db init && invenio db create && invenio index init && invenio index queue init purge && invenio files location --default 'default-location' $(invenio shell --no-term-title -c \"print(app.instance_path)\")'/data' && invenio roles create admin && invenio access allow superuser-access role admin" -}} {{- range $usr, $pass := .Values.invenio.default_users -}} - {{- $cmd = printf "%s && invenio users create --active --password=%s %s" $cmd $pass $usr -}} + {{- $cmd = printf "%s && invenio users create --active --confirm --password=%s %s" $cmd $pass $usr -}} {{- end -}} {{- if and .Values.invenio.demo_data .Values.invenio.default_users -}} {{- $cmd = cat $cmd "&& invenio rdm-records demo" -}} {{- end -}} +{{- if .Values.invenio.create_fixtures -}} + {{- $cmd = cat $cmd "&& invenio rdm-records fixtures" -}} +{{- end -}} + spec: template: diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index 3fcd4d1..e5890e9 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -18,6 +18,7 @@ invenio: init: false default_users: [] # Requires invenio.init=true demo_data: false # Setting invenio.demo_data=true requires also setting default_users! + create_fixtures: false # Also requires invenio.init=true. Indexing can take several minutes!! sentry: enabled: false existing_secret: false From efec9ff0a9f085bb241d5d1e8507616cab8f1754 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Mon, 26 Aug 2024 11:16:11 +0100 Subject: [PATCH 05/11] Remove the disabling of dangerous commands for redis --- charts/invenio/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index e5890e9..2a2d3f5 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -169,7 +169,6 @@ redis: auth: enabled: false # Dangerous! This lets Invenio connect to Redis unauthenticated! master: - disableCommands: [] # Dangerous! This lets us run the `FLUSHALL` and `FLUSHDB` commands! Unfortunately, they are required by the wipe_recreate.sh script when installing Invenio. resources: limits: cpu: "1" @@ -178,7 +177,6 @@ redis: cpu: 500m memory: 500Mi replica: - disableCommands: [] # Dangerous! This lets us run the `FLUSHALL` and `FLUSHDB` commands! Unfortunately, they are required by the wipe_recreate.sh script when installing Invenio. resources: limits: cpu: "1" From 6f3c2dfd039867e72441906f0a1e039b2d8f0e90 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Mon, 26 Aug 2024 13:10:07 +0100 Subject: [PATCH 06/11] Wait for opensearch with initcontainer --- charts/invenio/templates/install-init-job.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml index c2c1217..8eff36c 100644 --- a/charts/invenio/templates/install-init-job.yaml +++ b/charts/invenio/templates/install-init-job.yaml @@ -25,6 +25,11 @@ metadata: spec: template: spec: + initContainers: + - name: wait-for-opensearch + image: busybox + command: [ "/bin/sh","-c" ] + args: [ "until echo 'Waiting for opensearch...' && nc -vz -w 5 {{ include "invenio.opensearch.hostname" $ }} 9200; do sleep 10; done;" ] containers: - name: install-init image: {{ required "Missing .Values.web.image" .Values.web.image }} From e832dd184d671118a987e3b42584c70f15ddbdd1 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Mon, 26 Aug 2024 13:10:46 +0100 Subject: [PATCH 07/11] Add worker initial delay as variable --- charts/invenio/templates/worker-beat-deployment.yaml | 2 +- charts/invenio/templates/worker-deployment.yaml | 2 +- charts/invenio/values.yaml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/invenio/templates/worker-beat-deployment.yaml b/charts/invenio/templates/worker-beat-deployment.yaml index 73a0021..e85b141 100644 --- a/charts/invenio/templates/worker-beat-deployment.yaml +++ b/charts/invenio/templates/worker-beat-deployment.yaml @@ -92,7 +92,7 @@ spec: - /bin/bash - -c - "celery -A {{ .Values.worker.app }} inspect ping" - initialDelaySeconds: 20 + initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds }} timeoutSeconds: 30 {{- if .Values.worker.resources }} resources: {{- toYaml .Values.workerBeat.resources | nindent 10 }} diff --git a/charts/invenio/templates/worker-deployment.yaml b/charts/invenio/templates/worker-deployment.yaml index c9ae703..5f2a320 100644 --- a/charts/invenio/templates/worker-deployment.yaml +++ b/charts/invenio/templates/worker-deployment.yaml @@ -97,7 +97,7 @@ spec: - /bin/bash - -c - "celery -A {{ .Values.worker.app }} inspect ping -d celery@$(hostname)" - initialDelaySeconds: 20 + initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds }} timeoutSeconds: 30 volumeMounts: {{- if .Values.persistence.enabled }} diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index 2a2d3f5..0625ea3 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -146,6 +146,8 @@ worker: memory: 1Gi volumes: enabled: false + livenessProbe: + initialDelaySeconds: 20 workerBeat: resources: From f4e8baf01c5600246c69c5bd694d9a3d28561527 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Mon, 26 Aug 2024 13:11:05 +0100 Subject: [PATCH 08/11] Add Azure storage class --- charts/invenio/templates/azure-file-sc.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 charts/invenio/templates/azure-file-sc.yaml diff --git a/charts/invenio/templates/azure-file-sc.yaml b/charts/invenio/templates/azure-file-sc.yaml new file mode 100644 index 0000000..b6e66f4 --- /dev/null +++ b/charts/invenio/templates/azure-file-sc.yaml @@ -0,0 +1,17 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: azure-invenio-storage-class +provisioner: file.csi.azure.com +allowVolumeExpansion: true +mountOptions: + - dir_mode=0777 + - file_mode=0777 + - uid=0 + - gid=0 + - mfsymlinks + - cache=strict + - actimeo=30 + - nobrl # disable sending byte range lock requests to the server and for applications which have challenges with posix locks +parameters: + skuName: Standard_LRS \ No newline at end of file From 7e86cd8ffeeb10f8e2e438404b19f79ab0e3dd56 Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Mon, 26 Aug 2024 13:16:32 +0100 Subject: [PATCH 09/11] Change timezone --- charts/invenio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index 0625ea3..b482f72 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -1,7 +1,7 @@ --- global: - timezone: "Europe/Zurich" + timezone: "Europe/London" ingress: annotations: {} From 4e4bd51f6f59c5047e922588c760f58e4cfa2d3f Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Tue, 27 Aug 2024 09:55:08 +0100 Subject: [PATCH 10/11] Toggle for importing ICL test data on initial deployment --- charts/invenio/templates/install-init-job.yaml | 5 ++++- charts/invenio/values.yaml | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml index 8eff36c..0b44db7 100644 --- a/charts/invenio/templates/install-init-job.yaml +++ b/charts/invenio/templates/install-init-job.yaml @@ -19,8 +19,11 @@ metadata: {{- end -}} {{- if .Values.invenio.create_fixtures -}} {{- $cmd = cat $cmd "&& invenio rdm-records fixtures" -}} -{{- end -}} + {{- if .Values.invenio.import_test_data -}} + {{- $cmd = cat $cmd "&& cd test_data && python download_test_data.py && python create_test_data_records.py" -}} + {{- end -}} +{{- end -}} spec: template: diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index b482f72..73b3512 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -19,6 +19,7 @@ invenio: default_users: [] # Requires invenio.init=true demo_data: false # Setting invenio.demo_data=true requires also setting default_users! create_fixtures: false # Also requires invenio.init=true. Indexing can take several minutes!! + import_test_data: false # Download and import Imperial test data. Requires create_fixtures. sentry: enabled: false existing_secret: false From 67f18f1333ba5857c3953161479dc1683505c47a Mon Sep 17 00:00:00 2001 From: Hrafn Malmquist Date: Tue, 27 Aug 2024 10:06:23 +0100 Subject: [PATCH 11/11] Add values overrides file --- charts/invenio/values-overrides-imperial.yaml | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 charts/invenio/values-overrides-imperial.yaml diff --git a/charts/invenio/values-overrides-imperial.yaml b/charts/invenio/values-overrides-imperial.yaml new file mode 100644 index 0000000..8c3d6fb --- /dev/null +++ b/charts/invenio/values-overrides-imperial.yaml @@ -0,0 +1,65 @@ + +invenio: + init: true # initiates db, index, and admin roles + hostname: "icl-invenio-dev.uksouth.cloudapp.azure.com" + secret_key: "REPLACE-ME" + security_login_salt: "REPLACE-ME" + csrf_secret_salt: "REPLACE-ME" + create_fixtures: true + import_test_data: true + +web: + image: "ghcr.io/imperialcollegelondon/fair-data-repository:develop" + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + startupProbe: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: + requests: + cpu: 750m + memory: 1Gi + limits: + cpu: 1000m + memory: 2Gi + +worker: + image: "ghcr.io/imperialcollegelondon/fair-data-repository:develop" + livenessProbe: + initialDelaySeconds: 120 + +persistence: + enabled: true + storage_class: "azure-invenio-storage-class" + +haproxy: + enabled: false + +flower: + enabled: false + +rabbitmq: + auth: + password: "REPLACE-ME" + +postgresql: + auth: + password: "REPLACE-ME" + +ingress: + enabled: true + class: "webapprouting.kubernetes.azure.com" + +# Certmanager +podLabels: + azure.workload.identity/use: "true" +serviceAccount: + labels: + azure.workload.identity/use: "true" \ No newline at end of file