Skip to content

Commit

Permalink
Fix review apps (#110)
Browse files Browse the repository at this point in the history
* Fix review apps

* Fix namespace
  • Loading branch information
cmmarslender authored Sep 18, 2024
1 parent 0408299 commit 04fc65c
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 86 deletions.
23 changes: 15 additions & 8 deletions .github/workflows/delete-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ concurrency:

jobs:
delete:
runs-on: [k8s-public]
runs-on: k8s-public-msp
container:
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3
steps:
Expand All @@ -25,18 +25,25 @@ jobs:
vault_url: ${{ secrets.VAULT_URL }}
role_name: github-pub-metrics-grafana

- name: Get ephemeral aws credentials
uses: Chia-Network/actions/vault/aws-sts@main
- name: Get secrets from vault
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ env.VAULT_TOKEN }}
secrets: |
secret/data/msp/k8s/k8s-msp api_server_url | K8S_API_SERVER_URL;
- name: Login to k8s cluster
uses: Chia-Network/actions/vault/k8s-login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
vault_token: ${{ env.VAULT_TOKEN }}
role_name: pub-metrics-deploy

- name: Log in to cluster
run: aws eks update-kubeconfig --name pub-metrics --region us-west-2
backend_name: k8s-msp
role_name: github-actions
cluster_url: ${{ env.K8S_API_SERVER_URL }}

- name: Helm Uninstall
env:
REVIEW_SLUG: ${{ github.event.pull_request.number }}
run: |
helm uninstall -n "grafana" "grafana-$REVIEW_SLUG"
helm uninstall -n "grafana-pub" "grafana-$REVIEW_SLUG"
22 changes: 11 additions & 11 deletions .github/workflows/deploy-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
deploy:
needs:
- package
runs-on: [k8s-public]
runs-on: k8s-public-msp
container:
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3
environment:
Expand All @@ -41,23 +41,23 @@ jobs:
url: ${{ secrets.VAULT_URL }}
token: ${{ env.VAULT_TOKEN }}
secrets: |
secret/data/pub-metrics-eks/rds/rds-info db_host | BLOCK_METRICS_DB_HOST;
secret/data/pub-metrics-eks/rds/blocks-read-user username | BLOCK_METRICS_USER;
secret/data/pub-metrics-eks/rds/blocks-read-user password | BLOCK_METRICS_PASSWORD;
secret/data/msp/k8s/k8s-msp api_server_url | K8S_API_SERVER_URL;
secret/data/msp/mysql/db-info host | DB_HOST;
secret/data/msp/mysql/users/grafana-read-pub username | GRAFANA_PUB_READ_USERNAME;
secret/data/msp/mysql/users/grafana-read-pub password | GRAFANA_PUB_READ_PASSWORD;
- name: Template grafana configs
run: |
j2 templates/datasources.yaml.j2 -o helm/pub-metrics-grafana/datasources
- name: Get ephemeral aws credentials
uses: Chia-Network/actions/vault/aws-sts@main
- name: Login to k8s cluster
uses: Chia-Network/actions/vault/k8s-login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
vault_token: ${{ env.VAULT_TOKEN }}
role_name: pub-metrics-deploy

- name: Log in to cluster
run: aws eks update-kubeconfig --name pub-metrics --region us-west-2
backend_name: k8s-msp
role_name: github-actions
cluster_url: ${{ env.K8S_API_SERVER_URL }}

- uses: Chia-Network/actions/helm/deploy@main
env:
Expand All @@ -66,7 +66,7 @@ jobs:
IMAGE_TAG: "sha-${{ github.sha }}"
REVIEW_SLUG: ${{ github.event.pull_request.number }}
with:
namespace: grafana
namespace: grafana-pub
app_name: "grafana-${{ env.REVIEW_SLUG }}"
helm_chart: "./helm/pub-metrics-grafana"
helm_values: "./helm/values.yaml"
16 changes: 16 additions & 0 deletions helm/pub-metrics-grafana/templates/cert.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{ if .Values.deployCert }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: grafana-star
labels:
{{- include "pub-metrics-grafana.labels" . | nindent 4 }}
spec:
secretName: grafana-star-tls
dnsNames:
- "dashboard.chia.net"
- "*.dashboard.chia.net"
issuerRef:
name: letsencrypt-cf
kind: ClusterIssuer
{{ end }}
47 changes: 7 additions & 40 deletions helm/pub-metrics-grafana/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,6 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "pub-metrics-grafana.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- $servicePort := .Values.ingress.servicePort -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
Expand All @@ -23,39 +11,18 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
- {{ .Values.ingress.hostname | quote }}
secretName: {{ .Values.ingress.tls.secretName }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
- host: {{ .Values.ingress.hostname | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
- pathType: Prefix
path: /
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
name: {{ $servicePort }}
25 changes: 11 additions & 14 deletions helm/pub-metrics-grafana/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,21 +45,18 @@ service:
port: 80
annotations: {}

# We'll deploy the cert from the main deployment
# and just use the secret thats already there from the review apps
deployCert: true

ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
hostname: dashboard.chia.net
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
servicePort: http
tls:
enabled: true
secretName: grafana-star-tls

resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
Expand Down
16 changes: 3 additions & 13 deletions helm/values.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,10 @@ image:
pullPolicy: IfNotPresent
tag: {{ IMAGE_TAG }}

deployCert: {{ HOSTNAME == 'dashboard.chia.net' }}

ingress:
enabled: true
className: nginx
annotations:
# Using cloudflare load balancers for routing, not normal DNS
external-dns.alpha.kubernetes.io/hostname: ""
hosts:
- host: {{ HOSTNAME }}
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- dashboard.chia.net
hostname: {{ HOSTNAME }}

env:
- name: GF_SERVER_ROOT_URL
Expand Down

0 comments on commit 04fc65c

Please sign in to comment.