(jc-operator) Jcloud operator manual deployment #510
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "(jc-operator) Jcloud operator manual deployment" | |
on: | |
workflow_dispatch: | |
inputs: | |
branch: | |
description: Pass the jina-operator branch | |
required: true | |
default: main | |
deploy_token: | |
description: Deploy Token | |
default: "" | |
required: true | |
environment: | |
type: choice | |
description: Deploy Environment | |
required: true | |
options: | |
- ci | |
- dev | |
- prod | |
eks_region: | |
description: EKS Region | |
default: "us-east-1" | |
required: true | |
workflow_call: | |
inputs: | |
branch: | |
required: true | |
type: string | |
deploy_token: | |
required: true | |
type: string | |
environment: | |
required: true | |
type: string | |
eks_region: | |
required: true | |
type: string | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
jobs: | |
token-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/github-script@v3 | |
with: | |
script: | | |
core.setFailed('token are not equivalent!') | |
if: github.event.inputs.deploy_token != env.deploy_token | |
env: | |
deploy_token: ${{ secrets.JCLOUD_DEPLOY_TOKEN }} | |
build-operator: | |
needs: token-check | |
runs-on: ubuntu-latest | |
outputs: | |
sha: ${{ steps.build_image.outputs.sha }} | |
env: | |
ENVIRONMENT: ${{ github.event.inputs.environment }} | |
steps: | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- uses: actions/checkout@v3 | |
with: | |
repository: jina-ai/jina-operator | |
ref: ${{ github.event.inputs.branch }} | |
token: ${{ secrets.JINA_DEV_BOT }} | |
- name: Set up Golang 1.19 | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Run setup script for Operator | |
run: | | |
# cd is a hack to work with other branches (remove later) | |
if [ -d "$GITHUB_WORKSPACE/operator/config/scripts/setup" ]; then | |
cd $GITHUB_WORKSPACE/operator/config/scripts/setup | |
go mod tidy | |
go run setup.go | |
fi | |
env: | |
MONGO_URI: ${{ secrets.JC_CI_MONGO_URI }} | |
if: github.event.inputs.environment != 'prod' | |
- name: Set environment variables | |
run: | | |
# Short name for current branch. For PRs, use target branch (base ref) | |
GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}} | |
echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV | |
- name: Build Image | |
id: build_image | |
run: | | |
cd $GITHUB_WORKSPACE | |
if [[ $GIT_BRANCH == 'main' ]]; then | |
TAG="latest" | |
else | |
if [[ "${{ github.event.inputs.branch }}" == "" ]]; then | |
TAG="${{ env.GIT_BRANCH }}" | |
else | |
TAG="${{ github.event.inputs.branch }}" | |
fi | |
fi | |
bash ./deployment/scripts/docker-build-push.sh 253352124568.dkr.ecr.us-east-2.amazonaws.com jcloud-operator:${TAG} operator/ | |
image_fullname=`docker inspect --format='{{index .RepoDigests 0}}' 253352124568.dkr.ecr.us-east-2.amazonaws.com/jcloud-operator:${TAG}` | |
sha=`echo ${image_fullname}|cut -d @ -f 2` | |
echo "sha=${sha#sha256:}" >> $GITHUB_OUTPUT | |
build-api-manager: | |
needs: token-check | |
runs-on: ubuntu-latest | |
outputs: | |
sha: ${{ steps.build_image.outputs.sha }} | |
env: | |
ENVIRONMENT: ${{ github.event.inputs.environment }} | |
steps: | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- uses: actions/checkout@v3 | |
with: | |
repository: jina-ai/jina-operator | |
ref: ${{ github.event.inputs.branch }} | |
token: ${{ secrets.JINA_DEV_BOT }} | |
- name: Set up Golang 1.19 | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Run setup script for API | |
run: | | |
# cd is a hack to work with other branches (remove later) | |
if [ -d "$GITHUB_WORKSPACE/api/test/scripts" ]; then | |
cd $GITHUB_WORKSPACE/api/test/scripts | |
go mod tidy | |
go run setup.go | |
fi | |
env: | |
MONGO_URI: ${{ secrets.JC_CI_MONGO_URI }} | |
if: github.event.inputs.environment != 'prod' | |
- name: Set environment variables | |
run: | | |
# Short name for current branch. For PRs, use target branch (base ref) | |
GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}} | |
echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV | |
- name: Build Image | |
id: build_image | |
run: | | |
cd $GITHUB_WORKSPACE | |
if [[ $GIT_BRANCH == 'main' ]]; then | |
TAG="latest" | |
else | |
if [[ "${{ github.event.inputs.branch }}" == "" ]]; then | |
TAG="${{ env.GIT_BRANCH }}" | |
else | |
TAG="${{ github.event.inputs.branch }}" | |
fi | |
fi | |
bash ./deployment/scripts/docker-build-push.sh 253352124568.dkr.ecr.us-east-2.amazonaws.com jcloud-api-manager:${TAG} api/ | |
image_fullname=`docker inspect --format='{{index .RepoDigests 0}}' 253352124568.dkr.ecr.us-east-2.amazonaws.com/jcloud-api-manager:${TAG}` | |
sha=`echo ${image_fullname}|cut -d @ -f 2` | |
echo "sha=${sha#sha256:}" >> $GITHUB_OUTPUT | |
terraform-deploy: | |
runs-on: ubuntu-latest | |
if: ${{ github.event.inputs.environment == 'ci' }} | |
steps: | |
- name: wait for dispatch finish | |
shell: bash | |
run: | | |
rs=$(curl -H "Authorization: token ${{ secrets.JINA_DEV_BOT }}" \ | |
https://api.github.com/repos/jina-ai/jina-infra/actions/workflows \ | |
|jq ".workflows |sort_by(.id)[]| .path=\".github/workflows/jcloud-deploy.yml\""|jq -n '[inputs][-1]') | |
id=$(echo $rs|jq ".id") | |
create_at=$(echo $rs|jq -r ".created_at") | |
if [[ ! -z ${id} ]]; then | |
for i in {1..180} | |
do | |
unfinish_id=$(curl -H "Authorization: token ${{ secrets.JINA_DEV_BOT }}" \ | |
https://api.github.com/repos/jina-ai/jina-infra/actions/workflows/${id}/runs \ | |
|jq ".workflow_runs|sort_by(.id)[]|select(.status!=\"completed\")|.id") | |
echo "latest retrive workflow id ${id} status ${unfinish_id}, ${i}" | |
if [[ ${#a} -gt 0 ]]; then | |
echo "wait for pevious job to finish" | |
sleep 6 | |
if [[ ${i} -eq 180 ]];then | |
echo "wait timeout, quit" | |
exit 0 | |
fi | |
else | |
exit 0 | |
fi | |
done | |
fi | |
exit 0 | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v2 | |
id: dispatch | |
with: | |
token: ${{ secrets.JINA_DEV_BOT }} | |
repository: jina-ai/jina-infra | |
event-type: jcloud-infra-deploy | |
client-payload: '{"release_token": "${{ secrets.WOLF_INFRA_TOKEN }}", "env": "ci", "destroy_cluster": "false"}' | |
- name: wait for dispatch finish | |
shell: bash | |
run: | | |
sleep 3 | |
rs=$(curl -H "Authorization: token ${{ secrets.JINA_DEV_BOT }}" \ | |
https://api.github.com/repos/jina-ai/jina-infra/actions/workflows \ | |
|jq ".workflows |sort_by(.id)[]| .path=\".github/workflows/jcloud-deploy.yml\""|jq -n '[inputs][-1]') | |
id=$(echo $rs|jq ".id") | |
create_at=$(echo $rs|jq -r ".created_at") | |
if [[ $(expr $(date +%s) - $(data -d ${create_at} +%s)) -le 60 ]]; then | |
if [[ ! -z ${id} ]]; then | |
for i in {1..300} | |
do | |
conclusion=$(curl -H "Authorization: token ${{ secrets.JINA_DEV_BOT }}" \ | |
https://api.github.com/repos/jina-ai/jina-infra/actions/workflows/${id}/runs \ | |
|jq ".workflow_runs|sort_by(.id)[]"|jq -nr '[inputs][-1].conclusion') | |
echo "latest retrive workflow id ${id} conclusion ${conclusion}, ${i}" | |
if [[ ${conclusion} == "success" ]]; then | |
exit 0 | |
elif [[ ${conclusion} == "failure" ]]; then | |
echo "job failure" | |
exit 1 | |
fi | |
sleep 6 | |
done | |
fi | |
fi | |
failed to get dispatched job, please check the status of workflow jcloud-deploy.yml in jina-infra repo | |
exit 1 | |
deployment-ci: | |
needs: [build-api-manager, build-operator, terraform-deploy] | |
runs-on: ubuntu-latest | |
if: ${{ github.event.inputs.environment == 'ci' }} | |
env: | |
ENVIRONMENT: ${{ github.event.inputs.environment }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
repository: jina-ai/jina-operator | |
ref: ${{ github.event.inputs.branch }} | |
token: ${{ secrets.JINA_DEV_BOT }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::458227521111:role/github-reader-jina-infra | |
role-session-name: jinainfraapply | |
aws-region: us-east-1 | |
- name: Get remote state | |
uses: dflook/terraform-remote-state@v1 | |
id: remote-state | |
with: | |
backend_type: s3 | |
backend_config: | | |
bucket=jina-infra-terraform-state | |
key=jcloud/ci/eks | |
region=us-east-1 | |
- name: Set environment variables | |
run: | | |
# Short name for current branch. For PRs, use target branch (base ref) | |
GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}} | |
echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV | |
- name: helm clean | |
run: | | |
aws eks update-kubeconfig --region ${{ steps.remote-state.outputs.region }} --name ${{ steps.remote-state.outputs.cluster_name }} | |
if helm list -n jcloud | grep -q jcloud-operator; then | |
helm uninstall -n jcloud jcloud-operator | |
fi | |
kubectl delete -f $GITHUB_WORKSPACE/deployment/charts/jcloud-operator/crds/ || true | |
if: github.event.inputs.environment != 'prod' | |
- name: "Update Helm Charts Image sha" | |
run: | | |
sudo snap install yq | |
yq -i ".apimanager.image.sha=\"${{needs.build-api-manager.outputs.sha}}\"" .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
yq -i ".operator.image.sha=\"${{needs.build-operator.outputs.sha}}\"" .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
cat .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
- name: helm deploy | |
if: ${{ github.event.inputs.env == 'CI' }} | |
shell: bash | |
run: | | |
cd $GITHUB_WORKSPACE | |
if [[ ${{ github.event.inputs.env }} == 'CI' ]]; then | |
kubectl create ns jcloud || true | |
kubectl delete secret regcred -n jcloud || true | |
echo "$WOLF_DOCKER_AUTH" > config.json | |
kubectl create secret generic regcred \ | |
--from-file=.dockerconfigjson=config.json \ | |
--type=kubernetes.io/dockerconfigjson -n jcloud | |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out ci.crt -subj "/O=*.ci.wolf.jina.ai/CN=*.ci.wolf.jina.ai" -addext "subjectAltName = DNS:*.ci.wolf.jina.ai" | |
kubectl delete secret ci-wolf-tls -n jcloud || true | |
kubectl create secret tls ci-wolf-tls --key key.pem --cert ci.crt -n jcloud | |
sudo cp ci.crt /etc/ssl/certs/ | |
fi | |
if [[ -f "$GITHUB_WORKSPACE/api/internals/instances/instances.yml" ]]; then | |
kubectl delete configmap jcloud-instances -n jcloud || true | |
kubectl create configmap jcloud-instances --from-file=instances.yml=$GITHUB_WORKSPACE/api/internals/instances/instances.yml -n jcloud | |
fi | |
kubectl apply -f deployment/charts/jcloud-operator/crds/ | |
kubectl delete secret jcloud-ecr-secret -n jcloud || true | |
kubectl create secret docker-registry jcloud-ecr-secret \ | |
--docker-server=253352124568.dkr.ecr.us-east-2.amazonaws.com \ | |
--docker-username=AWS \ | |
--docker-password=$(aws ecr get-login-password --region ${{ steps.remote-state.outputs.region }}) \ | |
-n jcloud | |
helm upgrade --install jcloud-operator deployment/charts/jcloud-operator/ \ | |
--set "operator.customResources.deployment=true" \ | |
--set "operator.customResources.flow=true" \ | |
--set "apimanager.image.repository=253352124568.dkr.ecr.us-east-2.amazonaws.com/jcloud-api-manager" \ | |
--set "operator.image.repository=253352124568.dkr.ecr.us-east-2.amazonaws.com/jcloud-operator" \ | |
--set "apimanager.image.tag=${{ github.event.inputs.branch }}" \ | |
--set "operator.image.tag=${{ github.event.inputs.branch }}" \ | |
--set "apimanager.ingress.hosts[0]=api.ci.wolf.jina.ai" \ | |
--set "operator.config.operator.storage.efs.handler=${{ steps.remote-state.outputs.efs_id }}" \ | |
--set "apimanager.image.pullSecrets[0]=jcloud-ecr-secret" \ | |
--set "operator.image.pullSecrets[0]=jcloud-ecr-secret" \ | |
--set "apimanager.ingress.tls[0].secretName=ci-wolf-tls" \ | |
--set "apimanager.ingress.tls[0].hosts[0]=*.ci.wolf.jina.ai" \ | |
--set-file "operator.trustCA.ci\.crt=ci.crt" \ | |
-f .github/ci/CI-values.yaml \ | |
-n jcloud | |
kubectl set env deploy/deployment-jcloud-operator -n jcloud MONGO_URI="${{ env.MONGO_URI }}" | |
kubectl set env deploy/flow-jcloud-operator -n jcloud MONGO_URI="${{ env.MONGO_URI }}" | |
kubectl set env deploy/jcloud-operator-api-manager -n jcloud MONGO_URI="${{ env.MONGO_URI }}" LIST_USER_TOKEN="${{ env.LIST_USER_TOKEN }}" GRAFANA_AUTH_TOKEN="${{ env.GRAFANA_AUTH_TOKEN }}" JCLOUD_M2M_TOKEN="${{ env.JCLOUD_M2M_TOKEN }}" | |
env: | |
WOLF_DOCKER_AUTH: ${{ secrets.WOLF_DOCKER_AUTH }} | |
MONGO_URI: ${{ secrets.JC_CI_MONGO_URI }} | |
LIST_USER_TOKEN: ${{ secrets.LIST_USER_TOKEN }} | |
GRAFANA_AUTH_TOKEN: ${{ secrets.GRAFANA_AUTH_TOKEN }} | |
JCLOUD_M2M_TOKEN: ${{ secrets.JCLOUD_M2M_TOKEN }} | |
deployment: | |
needs: [build-api-manager, build-operator] | |
runs-on: ubuntu-latest | |
if: ${{ github.event.inputs.environment == 'dev' }} | |
env: | |
ENVIRONMENT: ${{ github.event.inputs.environment }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
repository: jina-ai/jina-operator | |
ref: ${{ github.event.inputs.branch }} | |
token: ${{ secrets.JINA_DEV_BOT }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.WOLF_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.WOLF_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Get remote state | |
uses: dflook/terraform-remote-state@v1 | |
id: remote-state | |
with: | |
backend_type: s3 | |
backend_config: | | |
bucket=jina-terraform-state | |
key=jcloud/${{ github.event.inputs.environment }}/eks/${{ github.event.inputs.eks_region }} | |
region=us-east-2 | |
- name: Set environment variables | |
run: | | |
# Short name for current branch. For PRs, use target branch (base ref) | |
GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}} | |
echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
if: ${{ github.event.inputs.environment == 'prod' }} | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::317254068723:role/jcloud-deploy-role | |
role-session-name: jcloud-deploy | |
aws-region: us-east-1 | |
- name: helm clean | |
run: | | |
aws eks update-kubeconfig --region ${{ steps.remote-state.outputs.region }} --name ${{ steps.remote-state.outputs.cluster_name }} | |
if helm list -n jcloud | grep -q jcloud-operator; then | |
helm uninstall -n jcloud jcloud-operator | |
fi | |
kubectl delete -f $GITHUB_WORKSPACE/deployment/charts/jcloud-operator/crds/ || true | |
if: github.event.inputs.environment != 'prod' | |
- name: "Update Helm Charts Image sha" | |
run: | | |
sudo snap install yq | |
yq -i ".apimanager.image.sha=\"${{needs.build-api-manager.outputs.sha}}\"" .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
yq -i ".operator.image.sha=\"${{needs.build-operator.outputs.sha}}\"" .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
cat .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
- name: helm deploy | |
run: | | |
cd $GITHUB_WORKSPACE | |
aws eks update-kubeconfig --region ${{ steps.remote-state.outputs.region }} --name ${{ steps.remote-state.outputs.cluster_name }} | |
if [[ -f "$GITHUB_WORKSPACE/api/internals/instances/instances.yml" ]]; then | |
set +e | |
kubectl get configmap jcloud-instances -n jcloud | |
if [[ $? -eq 0 ]]; then | |
kubectl delete configmap jcloud-instances -n jcloud | |
fi | |
kubectl create configmap jcloud-instances --from-file=instances.yml=$GITHUB_WORKSPACE/api/internals/instances/instances.yml -n jcloud | |
fi | |
set -e | |
kubectl apply -f deployment/charts/jcloud-operator/crds/ | |
if [[ $GIT_BRANCH == 'main' ]]; then | |
bash ./deployment/scripts/deploy.sh -r ${{ steps.remote-state.outputs.region }} -n ${{ steps.remote-state.outputs.cluster_name }} \ | |
-f .github/ci/${{ github.event.inputs.environment }}-values.yaml \ | |
--registry 253352124568.dkr.ecr.us-east-2.amazonaws.com --tag latest | |
else | |
if [[ "${{ github.event.inputs.branch }}" == "" ]]; then | |
bash ./deployment/scripts/deploy.sh -r ${{ steps.remote-state.outputs.region }} -n ${{ steps.remote-state.outputs.cluster_name }} \ | |
-f .github/ci/${{ github.event.inputs.environment }}-values.yaml \ | |
--registry 253352124568.dkr.ecr.us-east-2.amazonaws.com --tag latest | |
else | |
bash ./deployment/scripts/deploy.sh -r ${{ steps.remote-state.outputs.region }} -n ${{ steps.remote-state.outputs.cluster_name }} \ | |
-f .github/ci/${{ github.event.inputs.environment }}-values.yaml \ | |
--registry 253352124568.dkr.ecr.us-east-2.amazonaws.com --tag ${{ github.event.inputs.branch }} | |
fi | |
fi | |
- name: check if certificate exists | |
id: check_cert | |
if: ${{ github.event.inputs.environment }} == "dev" || ${{ github.event.inputs.environment }} == "prod" | |
run: | | |
cert_name=$([[ "${{ github.event.inputs.environment }}" == "prod" ]] && echo "wolf-tls" || echo "wolf-dev-tls" ) | |
echo "cert=`kubectl get cert -n jcloud $cert_name -o name`" >> $GITHUB_OUTPUT | |
- name: deploy certificate | |
if: steps.check_cert.outputs.cert == '' | |
run: | | |
cert_name=$([[ "${{ github.event.inputs.environment }}" == "prod" ]] && echo "wolf-tls" || echo "wolf-dev-tls" ) | |
dns_name=$([[ "${{ github.event.inputs.environment }}" == "prod" ]] && echo "*.wolf.jina.ai" || echo "*.dev.wolf.jina.ai" ) | |
cat <<EOF | kubectl apply -f - | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: $cert_name | |
namespace: jcloud | |
spec: | |
dnsNames: | |
- '$dns_name' | |
issuerRef: | |
group: cert-manager.io | |
kind: ClusterIssuer | |
name: letsencrypt-$cert_name | |
secretName: $cert_name | |
usages: | |
- digital signature | |
- key encipherment | |
EOF | |
- name: set env | |
run: | | |
if [[ ${{ github.event.inputs.environment }} != "prod" ]]; then | |
kubectl set env deploy/jcloud-operator-api-manager -n jcloud MONGO_URI="${{ secrets.JC_CI_MONGO_URI }}" LIST_USER_TOKEN="${{ secrets.LIST_USER_TOKEN }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/flow-jcloud-operator -n jcloud MONGO_URI="${{ secrets.JC_CI_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/deployment-jcloud-operator -n jcloud MONGO_URI="${{ secrets.JC_CI_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
else | |
kubectl set env deploy/jcloud-operator-api-manager -n jcloud MONGO_URI="${{ secrets.PROD_MONGO_URI }}" LIST_USER_TOKEN="${{ secrets.LIST_USER_TOKEN }}" GRAFANA_AUTH_TOKEN="${{ secrets.GRAFANA_AUTH_TOKEN }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/flow-jcloud-operator -n jcloud MONGO_URI="${{ secrets.PROD_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/deployment-jcloud-operator -n jcloud MONGO_URI="${{ secrets.PROD_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
fi | |
deployment-prod: | |
needs: [build-api-manager, build-operator] | |
runs-on: ubuntu-latest | |
if: ${{ github.event.inputs.environment == 'prod' }} | |
env: | |
ENVIRONMENT: ${{ github.event.inputs.environment }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
repository: jina-ai/jina-operator | |
ref: ${{ github.event.inputs.branch }} | |
token: ${{ secrets.JINA_DEV_BOT }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::317254068723:role/github-reader-jina-infra | |
role-session-name: jinainfraapply | |
aws-region: us-east-1 | |
- name: Get remote state | |
uses: dflook/terraform-remote-state@v1 | |
id: remote-state | |
with: | |
backend_type: s3 | |
backend_config: | | |
bucket=jina-prod-infra-terraform-state | |
key=jcloud/prod/eks/us-east-1 | |
region=us-east-1 | |
- name: Set environment variables | |
run: | | |
# Short name for current branch. For PRs, use target branch (base ref) | |
GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}} | |
echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::317254068723:role/jcloud-deploy-role | |
unset-current-credentials: true | |
role-session-name: jcloud-deploy | |
aws-region: us-east-1 | |
- name: helm clean | |
run: | | |
aws eks update-kubeconfig --region ${{ steps.remote-state.outputs.region }} --name ${{ steps.remote-state.outputs.cluster_name }} | |
if helm list -n jcloud | grep -q jcloud-operator; then | |
helm uninstall -n jcloud jcloud-operator | |
fi | |
kubectl delete -f $GITHUB_WORKSPACE/deployment/charts/jcloud-operator/crds/ || true | |
if: github.event.inputs.environment != 'prod' | |
- name: "Update Helm Charts Image sha" | |
run: | | |
sudo snap install yq | |
yq -i ".apimanager.image.sha=\"${{needs.build-api-manager.outputs.sha}}\"" .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
yq -i ".operator.image.sha=\"${{needs.build-operator.outputs.sha}}\"" .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
cat .github/ci/${{ github.event.inputs.environment }}-values.yaml | |
- name: helm deploy | |
run: | | |
cd $GITHUB_WORKSPACE | |
aws eks update-kubeconfig --region ${{ steps.remote-state.outputs.region }} --name ${{ steps.remote-state.outputs.cluster_name }} | |
if [[ -f "$GITHUB_WORKSPACE/api/internals/instances/instances.yml" ]]; then | |
set +e | |
kubectl get configmap jcloud-instances -n jcloud | |
if [[ $? -eq 0 ]]; then | |
kubectl delete configmap jcloud-instances -n jcloud | |
fi | |
kubectl create configmap jcloud-instances --from-file=instances.yml=$GITHUB_WORKSPACE/api/internals/instances/instances.yml -n jcloud | |
fi | |
set -e | |
kubectl apply -f deployment/charts/jcloud-operator/crds/ | |
if [[ $GIT_BRANCH == 'main' ]]; then | |
bash ./deployment/scripts/deploy.sh -r ${{ steps.remote-state.outputs.region }} -n ${{ steps.remote-state.outputs.cluster_name }} \ | |
-f .github/ci/${{ github.event.inputs.environment }}-values.yaml \ | |
--registry 253352124568.dkr.ecr.us-east-2.amazonaws.com --tag latest | |
else | |
if [[ "${{ github.event.inputs.branch }}" == "" ]]; then | |
bash ./deployment/scripts/deploy.sh -r ${{ steps.remote-state.outputs.region }} -n ${{ steps.remote-state.outputs.cluster_name }} \ | |
-f .github/ci/${{ github.event.inputs.environment }}-values.yaml \ | |
--registry 253352124568.dkr.ecr.us-east-2.amazonaws.com --tag latest | |
else | |
bash ./deployment/scripts/deploy.sh -r ${{ steps.remote-state.outputs.region }} -n ${{ steps.remote-state.outputs.cluster_name }} \ | |
-f .github/ci/${{ github.event.inputs.environment }}-values.yaml \ | |
--registry 253352124568.dkr.ecr.us-east-2.amazonaws.com --tag ${{ github.event.inputs.branch }} | |
fi | |
fi | |
- name: check if certificate exists | |
id: check_cert | |
if: ${{ github.event.inputs.environment }} == "dev" || ${{ github.event.inputs.environment }} == "prod" | |
run: | | |
cert_name=$([[ "${{ github.event.inputs.environment }}" == "prod" ]] && echo "wolf-tls" || echo "wolf-dev-tls" ) | |
echo "cert=`kubectl get cert -n jcloud $cert_name -o name`" >> $GITHUB_OUTPUT | |
- name: deploy certificate | |
if: steps.check_cert.outputs.cert == '' | |
run: | | |
cert_name=$([[ "${{ github.event.inputs.environment }}" == "prod" ]] && echo "wolf-tls" || echo "wolf-dev-tls" ) | |
dns_name=$([[ "${{ github.event.inputs.environment }}" == "prod" ]] && echo "*.wolf.jina.ai" || echo "*.dev.wolf.jina.ai" ) | |
cat <<EOF | kubectl apply -f - | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: $cert_name | |
namespace: jcloud | |
spec: | |
dnsNames: | |
- '$dns_name' | |
issuerRef: | |
group: cert-manager.io | |
kind: ClusterIssuer | |
name: letsencrypt-$cert_name | |
secretName: $cert_name | |
usages: | |
- digital signature | |
- key encipherment | |
EOF | |
- name: set env | |
run: | | |
if [[ ${{ github.event.inputs.environment }} != "prod" ]]; then | |
kubectl set env deploy/jcloud-operator-api-manager -n jcloud MONGO_URI="${{ secrets.JC_CI_MONGO_URI }}" LIST_USER_TOKEN="${{ secrets.LIST_USER_TOKEN }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/flow-jcloud-operator -n jcloud MONGO_URI="${{ secrets.JC_CI_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/deployment-jcloud-operator -n jcloud MONGO_URI="${{ secrets.JC_CI_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
else | |
kubectl set env deploy/jcloud-operator-api-manager -n jcloud MONGO_URI="${{ secrets.PROD_MONGO_URI }}" LIST_USER_TOKEN="${{ secrets.LIST_USER_TOKEN }}" GRAFANA_AUTH_TOKEN="${{ secrets.GRAFANA_AUTH_TOKEN }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/flow-jcloud-operator -n jcloud MONGO_URI="${{ secrets.PROD_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
kubectl set env deploy/deployment-jcloud-operator -n jcloud MONGO_URI="${{ secrets.PROD_MONGO_URI }}" JCLOUD_M2M_TOKEN="${{ secrets.JCLOUD_M2M_TOKEN }}" | |
fi |