From 265d9d11db10f8b2e28ec501940f40d4e6276cb1 Mon Sep 17 00:00:00 2001 From: Jusong Yu Date: Wed, 14 Feb 2024 04:17:48 +0100 Subject: [PATCH] Staging successful deployed --- .github/workflows/sync-staging.yml | 35 ++++++++++++++ README.md | 76 ++++++++++++++++++------------ basehub/values.yaml.j2 | 2 +- 3 files changed, 82 insertions(+), 31 deletions(-) create mode 100644 .github/workflows/sync-staging.yml diff --git a/.github/workflows/sync-staging.yml b/.github/workflows/sync-staging.yml new file mode 100644 index 0000000..1ecbdad --- /dev/null +++ b/.github/workflows/sync-staging.yml @@ -0,0 +1,35 @@ +--- +name: sync-staging + +on: + push: + branches: + - main + +jobs: + # after main updated (merge from staging), sync staging to main + sync-staging: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + fetch-depth: 0 + - run: | + git config user.name github-actions[bot] + git config user.email github-actions[bot]@users.noreply.github.com + + - name: Update Test Branch + run: | + git checkout main + git fetch origin + git checkout staging + git pull + git merge origin/main + + - name: Push changes + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: staging \ No newline at end of file diff --git a/README.md b/README.md index 8559cdd..fd3c1f9 100644 --- a/README.md +++ b/README.md @@ -25,16 +25,16 @@ ssh-keygen -f ssh-key-aiidalab-demo-server ## Create an auto-scaling Kubernetes cluster ```bash -az group create --name aiidalab_demo_server_marvel --location=switzerlandnorth --output table +az group create --name aiidalab-demo-server-rg --location=switzerlandnorth --output table ``` -- `aiidalab_demo_server_marvel` is the name of the resource group. +- `aiidalab-demo-server-rg` is the name of the resource group. Create networkpolicy for the pods to communicate with each other and to the internet. ```bash az network vnet create \ - --resource-group aiidalab_demo_server_marvel \ + --resource-group aiidalab-demo-server-rg \ --name aiidalab-vnet \ --address-prefixes 10.0.0.0/8 \ --subnet-name aiidalab-subnet \ @@ -45,12 +45,12 @@ We will now retrieve the application IDs of the VNet and subnet we just created ```bash VNET_ID=$(az network vnet show \ - --resource-group aiidalab_demo_server_marvel \ + --resource-group aiidalab-demo-server-rg \ --name aiidalab-vnet \ --query id \ --output tsv) SUBNET_ID=$(az network vnet subnet show \ - --resource-group aiidalab_demo_server_marvel \ + --resource-group aiidalab-demo-server-rg \ --vnet-name aiidalab-vnet \ --name aiidalab-subnet \ --query id \ @@ -68,7 +68,7 @@ SP_PASSWD=$(az ad sp create-for-rbac \ --output tsv) SP_ID=$(az ad app list \ --filter "displayname eq 'aiidalab-sp'" \ - --query [0].appId \ + --query "[0].appId" \ --output tsv) ``` @@ -77,7 +77,7 @@ Time to create the Kubernetes cluster, and enable the auto-scaler at the same ti ```bash az aks create \ --name demo-server \ - --resource-group aiidalab_demo_server_marvel \ + --resource-group aiidalab-demo-server-rg \ --ssh-key-value ssh-key-aiidalab-demo-server.pub \ --node-count 3 \ --node-vm-size Standard_D2s_v3 \ @@ -95,21 +95,48 @@ az aks create \ --output table ``` +```bash +CLUSTER_ID=$(az aks show \ + --resource-group aiidalab-demo-server-rg \ + --name demo-server \ + --query id \ + --output tsv) +``` + +Update the service principal to have access to the cluster. + +```bash +SP_PASSWD=$(az ad sp create-for-rbac \ + --name aiidalab-sp \ + --role Contributor \ + --scopes $CLUSTER_ID $VNET_ID \ + --query password \ + --output table) +``` + +```bash +az aks update-credentials \ + --resource-group aiidalab-demo-server-rg \ + --name demo-server \ + --reset-service-principal \ + --service-principal \ + --client-secret +``` + + The auto-scaler will scale the number of nodes in the cluster between 3 and 6, based on the CPU and memory usage of the pods. It can be updated later with the following command: ```bash az aks update \ --name demo-server \ - --resource-group aiidalab_demo_server_marvel \ + --resource-group aiidalab-demo-server-rg \ --update-cluster-autoscaler \ --min-count \ --max-count \ --output table ``` - - ### Customizing the auto-scaler The auto-scaler can be customized to scale based on different metrics, such as CPU or memory usage. @@ -124,16 +151,6 @@ These are two rules applied to the VMSS: The above setup in general is done once. But make sure the [Pre-requisites](#pre-requisites) are done before proceeding, to have `az` command available. -If the cluster is already created, the ssh-key can be update to the cluster with the following command: - -```bash -az aks update \ - --name demo-server \ - --resource-group aiidalab_demo_server_marvel \ - --ssh-key-value .pub -``` - -The command will update the key on all node pools. The following steps are for administrators/maintainers of the cluster to configure in their local machines. @@ -149,7 +166,7 @@ Get credentials from Azure for kubectl to work: ```bash az aks get-credentials \ --name demo-server \ - --resource-group aiidalab_demo_server_marvel \ + --resource-group aiidalab-demo-server-rg \ --output table ``` @@ -191,8 +208,8 @@ jinja2 --format=env basehub/values.yaml.j2 > basehub/values.yaml The following environment variables are required to be set: * `K8S_NAMESPACE`: The namespace where the JupyterHub will be installed, e.g. `production`, `staging`. -* `GITHUB_CLIENT_ID`: The client ID of the GitHub app. -* `GITHUB_CLIENT_SECRET`: The client secret of the GitHub app. +* `OAUTH_CLIENT_ID`: The client ID of the GitHub app. +* `OAUTH_CLIENT_SECRET`: The client secret of the GitHub app. * `OAUTH_CALLBACK_URL`: The callback URL of the GitHub app. We use GitHub oauthenticator, the users will be able to login with their GitHub account. @@ -206,6 +223,12 @@ To deploy the JupyterHub, run the following command: If the namespace does not exist, it will be created. +The IP address of proxy-public service can be retrieved with the following command: + +```bash +kubectl get svc proxy-public -n +``` + ## For maintainers @@ -221,10 +244,3 @@ On the GitHub repository, the secrets are set for `production` and `staging` env The `aiidalab-sp` was only assigned the Contributor role for the VNet, and it is not yet assigned to the resource group. This is to avoid the service principal to have too much access to the resources. To get the kube credentials, the `aiidalab-sp` should be assigned to cluster `demo-server` as well. - -```bash -az ad sp create-for-rbac \ - --name aiidalab-sp \ - --role Contributor \ - --scopes /subscriptions//resourcegroups/aiidalab_demo_server_marvel/providers/Microsoft.ContainerService/managedClusters/demo-server $VNET_ID \ -``` \ No newline at end of file diff --git a/basehub/values.yaml.j2 b/basehub/values.yaml.j2 index 253d93d..49397e8 100644 --- a/basehub/values.yaml.j2 +++ b/basehub/values.yaml.j2 @@ -55,11 +55,11 @@ jupyterhub: default_url: /lab environment: JUPYTERHUB_SINGLEUSER_APP: jupyter_server.serverapp.ServerApp - hub: db: pvc: storageClassName: default + storage: 1Gi extraConfig: 00-logo: | c.JupyterHub.logo_file = "/usr/local/share/jupyterhub/static/external/aiidalab-wide-logo.png"