From 446130d1113c989fcdd71c87c30c24420632928d Mon Sep 17 00:00:00 2001 From: greg pereira Date: Fri, 6 Dec 2024 12:53:23 -0800 Subject: [PATCH 1/7] kind docs, umami manifests, argocd app-of-apps plus umami app Signed-off-by: greg pereira --- .gitignore | 1 + argocd/overlays/applicaitons/app-of-apps.yaml | 19 +++++ .../overlays/applicaitons/kustomization.yaml | 7 ++ argocd/overlays/applicaitons/prod.yaml | 2 +- argocd/overlays/applicaitons/umami.yaml | 17 ++++ deploy/k8s/base/umami/deployment.yaml | 79 +++++++++++++++++++ deploy/k8s/base/umami/kustomization.yaml | 9 +++ deploy/k8s/base/umami/namespace.yaml | 6 ++ deploy/k8s/base/umami/postgresql-pvc.yaml | 13 +++ deploy/k8s/base/umami/postgresql-service.yaml | 13 +++ deploy/k8s/base/umami/umami-service.yaml | 15 ++++ deploy/k8s/overlays/kind/README.md | 25 ++++++ deploy/k8s/overlays/kind/umami/README.md | 17 ++++ .../kind/umami/example.umami-secret.yaml | 15 ++++ .../overlays/kind/umami/kustomization.yaml | 7 ++ .../overlays/kind/umami/umami-ingress.yaml | 20 +++++ .../openshift/umami/kustomization.yaml | 8 ++ .../overlays/openshift/umami/umami-route.yaml | 18 +++++ .../openshift/umami/umami.sealedsecret.yaml | 25 ++++++ 19 files changed, 315 insertions(+), 1 deletion(-) create mode 100644 argocd/overlays/applicaitons/app-of-apps.yaml create mode 100644 argocd/overlays/applicaitons/kustomization.yaml create mode 100644 argocd/overlays/applicaitons/umami.yaml create mode 100644 deploy/k8s/base/umami/deployment.yaml create mode 100644 deploy/k8s/base/umami/kustomization.yaml create mode 100644 deploy/k8s/base/umami/namespace.yaml create mode 100644 deploy/k8s/base/umami/postgresql-pvc.yaml create mode 100644 deploy/k8s/base/umami/postgresql-service.yaml create mode 100644 deploy/k8s/base/umami/umami-service.yaml create mode 100644 deploy/k8s/overlays/kind/README.md create mode 100644 deploy/k8s/overlays/kind/umami/README.md create mode 100644 deploy/k8s/overlays/kind/umami/example.umami-secret.yaml create mode 100644 deploy/k8s/overlays/kind/umami/kustomization.yaml create mode 100644 deploy/k8s/overlays/kind/umami/umami-ingress.yaml create mode 100644 deploy/k8s/overlays/openshift/umami/kustomization.yaml create mode 100644 deploy/k8s/overlays/openshift/umami/umami-route.yaml create mode 100644 deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml diff --git a/.gitignore b/.gitignore index 62dc0faa..e0a05489 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ npm-debug.log !mock-cert.pem .env *.env +!example.umami-secret.env coverage lib taxonomy diff --git a/argocd/overlays/applicaitons/app-of-apps.yaml b/argocd/overlays/applicaitons/app-of-apps.yaml new file mode 100644 index 00000000..06c0cf75 --- /dev/null +++ b/argocd/overlays/applicaitons/app-of-apps.yaml @@ -0,0 +1,19 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: app-of-apps-ilab +spec: + destination: + namespace: openshift-gitpos + name: in-cluster + project: default + source: + path: argocd/overlays/applicaitons + repoURL: https://github.com/instructlab/ui.git + targetRevision: HEAD + syncPolicy: + syncOptions: + - Validate=false + - ApplyOutOfSyncOnly=true + # automated: + # selfHeal: true diff --git a/argocd/overlays/applicaitons/kustomization.yaml b/argocd/overlays/applicaitons/kustomization.yaml new file mode 100644 index 00000000..69d1d6bb --- /dev/null +++ b/argocd/overlays/applicaitons/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: openshift-gitops +resources: + # - prod.yaml # currently not deployed via argo + - qa.yaml + - umami.yaml diff --git a/argocd/overlays/applicaitons/prod.yaml b/argocd/overlays/applicaitons/prod.yaml index 067e0753..f787d5f6 100644 --- a/argocd/overlays/applicaitons/prod.yaml +++ b/argocd/overlays/applicaitons/prod.yaml @@ -4,7 +4,7 @@ metadata: name: ilab-ui-stack-production spec: destination: - name: in-cluster + name: in-cluster # THIS NEEDS TO CHANGE once we get prod on ARGO namespace: instructlab project: default source: diff --git a/argocd/overlays/applicaitons/umami.yaml b/argocd/overlays/applicaitons/umami.yaml new file mode 100644 index 00000000..e0b4c2a5 --- /dev/null +++ b/argocd/overlays/applicaitons/umami.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: umami +spec: + project: default + source: + repoURL: https://github.com/instructlab/ui.git + path: deploy/k8s/overlays/openshift/umami + targetRevision: main + destination: + namespace: umami + name: in-cluster + syncPolicy: + automated: + selfHeal: true + diff --git a/deploy/k8s/base/umami/deployment.yaml b/deploy/k8s/base/umami/deployment.yaml new file mode 100644 index 00000000..8d7ee15f --- /dev/null +++ b/deploy/k8s/base/umami/deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: umami + labels: + app: umami +spec: + replicas: 1 + selector: + matchLabels: + app: umami + template: + metadata: + labels: + app: umami + spec: + containers: + - name: postgresql + image: registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 + env: + - name: POSTGRESQL_DATABASE + valueFrom: + secretKeyRef: + name: umami-secret + key: POSTGRESQL_DATABASE + - name: POSTGRESQL_USER + valueFrom: + secretKeyRef: + name: umami-secret + key: POSTGRESQL_USER + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: umami-secret + key: POSTGRESQL_PASSWORD + ports: + - containerPort: 5432 + name: postgres + livenessProbe: + exec: + command: ["pg_isready"] + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + exec: + command: ["pg_isready"] + initialDelaySeconds: 5 + periodSeconds: 10 + volumeMounts: + - name: db-data + mountPath: /var/lib/postgresql/data + - name: umami + image: ghcr.io/umami-software/umami:postgresql-latest + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: umami-secret + key: DATABASE_URL + - name: DATABASE_TYPE + value: postgresql + - name: APP_SECRET + valueFrom: + secretKeyRef: + name: umami-secret + key: APP_SECRET + - name: HASH_SALT + valueFrom: + secretKeyRef: + name: umami-secret + key: HASH_SALT + - name: PORT + value: "3001" + ports: + - containerPort: 3001 + volumes: + - name: db-data + persistentVolumeClaim: + claimName: umami-postgresql-db-data diff --git a/deploy/k8s/base/umami/kustomization.yaml b/deploy/k8s/base/umami/kustomization.yaml new file mode 100644 index 00000000..89967049 --- /dev/null +++ b/deploy/k8s/base/umami/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: umami +resources: + - deployment.yaml + - namespace.yaml + - postgresql-pvc.yaml + - postgresql-service.yaml + - umami-service.yaml diff --git a/deploy/k8s/base/umami/namespace.yaml b/deploy/k8s/base/umami/namespace.yaml new file mode 100644 index 00000000..170ed2db --- /dev/null +++ b/deploy/k8s/base/umami/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: umami + labels: + name: umami diff --git a/deploy/k8s/base/umami/postgresql-pvc.yaml b/deploy/k8s/base/umami/postgresql-pvc.yaml new file mode 100644 index 00000000..3ffa7397 --- /dev/null +++ b/deploy/k8s/base/umami/postgresql-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: umami-postgresql-db-data + labels: + app: umami +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + volumeMode: Filesystem diff --git a/deploy/k8s/base/umami/postgresql-service.yaml b/deploy/k8s/base/umami/postgresql-service.yaml new file mode 100644 index 00000000..6cd17d10 --- /dev/null +++ b/deploy/k8s/base/umami/postgresql-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: umami-db + labels: + app: umami + component: db +spec: + ports: + - port: 5432 + name: postgres + selector: + app: umami diff --git a/deploy/k8s/base/umami/umami-service.yaml b/deploy/k8s/base/umami/umami-service.yaml new file mode 100644 index 00000000..f7268d15 --- /dev/null +++ b/deploy/k8s/base/umami/umami-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: umami + labels: + app: umami + component: web +spec: + ports: + - name: web + port: 3001 + selector: + app: umami + type: ClusterIP diff --git a/deploy/k8s/overlays/kind/README.md b/deploy/k8s/overlays/kind/README.md new file mode 100644 index 00000000..c222aff7 --- /dev/null +++ b/deploy/k8s/overlays/kind/README.md @@ -0,0 +1,25 @@ +# Introduction + +Kind is a tool that can allow you to emulate a local kuberenetes cluster. These manifests will help you provision a correctly configured kind cluster and apply the resources. + +# Usage + +## Building the cluster + +You can either create a default cluster, or use the setup we have to mimic our openshift dpeloyment more closely: `kind create cluster --config kind.yaml`. + +## Applying the kind-ingress manifests + +If you dont care about using an ingress and choose to hit the services directly, use host networking on your container runtime on which you are using kind, or some other +edge case which would remove the necesity of ingresses, you can simple ignore the [kind-ingress.yaml](./kind-ingress.yaml). However if you do want to use ingresses +(which are a part of both the default UI stack and the umami metrics stack), then you should deploy the kind ingress: `kubectl create -f kind-ingress.yaml`. +This will take some time to deploy, so now we can simply wait for it: +```bash +kubectl wait --namespace ingress-nginx \ + --for=condition=ready pod \ + --selector=app.kubernetes.io/component=controller \ + --timeout=90s +``` + +Once this goes through, you should review a message similar to the following letting you know you can proceed: +`pod/ingress-nginx-controller-68c4c94464-jvnjf condition met`. diff --git a/deploy/k8s/overlays/kind/umami/README.md b/deploy/k8s/overlays/kind/umami/README.md new file mode 100644 index 00000000..dc831a8a --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/README.md @@ -0,0 +1,17 @@ +# Notes + +To try to deploy Umami via kind you must first create and apply the manifests 1 directory up. After that, creating umami within kind is very straightforward. +Simply set your `.umami-secret.env` with your values from the template `example.umami-secret.env` in this directory. After this, we need to import the +container image that we use for the Umami postgresql database. + +To do this, we first start by pulling down the image +```bash +PSQL_IMAGE="registry.redhat.io/rhel9/postgresql-15:9.5-1733127512" +docker pull ${PSQL_IMAGE} +``` + +If you provisioned a default kind cluster, you can load your image onto it as follows: `kind load docker-image ${PSQL_IMAGE}`. +However if you provisioned a kind cluster with the [kind.yaml](../kind.yaml) configuration we provided in the directory above this, then you will need to +specify the name of the cluster as well: `kind load docker-image ${PSQL_IMAGE} --name instructlab-ui` + +After that you can apply the Umami manifests: `kustomize build . | kubectl apply -f -`. diff --git a/deploy/k8s/overlays/kind/umami/example.umami-secret.yaml b/deploy/k8s/overlays/kind/umami/example.umami-secret.yaml new file mode 100644 index 00000000..d0ddb7d7 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/example.umami-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: umami-secret + labels: + app: umami +type: Opaque +stringData: + DATABASE_TYPE: postgresql + POSTGRESQL_DATABASE: umami + POSTGRESQL_USER: umami + POSTGRESQL_PASSWORD: umami + APP_SECRET: app_secret + HASH_SALT: hash_salt + DATABASE_URL: postgresql://umami:umami@umami-db:5432/umami diff --git a/deploy/k8s/overlays/kind/umami/kustomization.yaml b/deploy/k8s/overlays/kind/umami/kustomization.yaml new file mode 100644 index 00000000..7e956512 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: umami +resources: + - ../../../base/umami + - umami-ingress.yaml + - example.umami-secret.yaml diff --git a/deploy/k8s/overlays/kind/umami/umami-ingress.yaml b/deploy/k8s/overlays/kind/umami/umami-ingress.yaml new file mode 100644 index 00000000..dcb3a787 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/umami-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: umami-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + rules: + - host: umami.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: umami + port: + number: 3001 diff --git a/deploy/k8s/overlays/openshift/umami/kustomization.yaml b/deploy/k8s/overlays/openshift/umami/kustomization.yaml new file mode 100644 index 00000000..b1d8690e --- /dev/null +++ b/deploy/k8s/overlays/openshift/umami/kustomization.yaml @@ -0,0 +1,8 @@ +# Umami will be deployed on the QA cluster but host metrics for both prod and QA +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: umami +resources: + - ../../../base/umami + - umami.sealedsecret.yaml + - umami-route.yaml diff --git a/deploy/k8s/overlays/openshift/umami/umami-route.yaml b/deploy/k8s/overlays/openshift/umami/umami-route.yaml new file mode 100644 index 00000000..8a7111b9 --- /dev/null +++ b/deploy/k8s/overlays/openshift/umami/umami-route.yaml @@ -0,0 +1,18 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: umami + labels: + name: umami +spec: + host: umami.qa.instructlab.ui + port: + targetPort: 3001 + tls: + termination: edge + to: + kind: Service + name: umami + weight: 100 + wildcardPolicy: None + diff --git a/deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml b/deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml new file mode 100644 index 00000000..f7a8df9d --- /dev/null +++ b/deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml @@ -0,0 +1,25 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: umami-secret + namespace: umami +spec: + encryptedData: + ADMIN_PASSWORD: AgCKiqvuCtrkZW/NjwU+bNcnYGmSoLkqRB/Y+JUJA+HLUuJdBep4yi2z2eSOWbjOhPfE20g2LmCG2DcRi8+RgTbJIihHkLfmIQsnM9K3XIWj6EGke5Qjh/GfWiF1p2idJM63YD6eInCBm2HimjdDkTr8v6JQ2aU918sSntgFGs5g6RVtZ8BC1EB+hvFW00CIDRWExdGTfBqIgR8Z5bVMK3cVT1HdZj6AklUBp2iR2aCWN4KCsAWVh2jmzkXdmg0Id2c9phsfI11GxLFIWwou3VcfdbCCRnN3n+jU+CkCfJ3dDYUGFbQTQPcNI47joiLN3bAT4UNG8XhSBMq7ZmOBOK6vKy6bDfa0+KN8IKwGajZd+cGZ3jgTuQ9bmpwqztdnpgSaVx8bTSUo9yMfgcuMHlGezxzwGQdnOfRlAryq3NTqGuUJkgyxEyM2w1iGaTFOvD9j0W1tIl5JbExz0Jp5ObNYDeSrnjWA+O7zthE5oKaNsPPfU4y6IGGyWYV40X3wuZpBtJkdPu3nFLVqZUCKoiB7pT554/fqtqgGip/1dD+Q0eCkRszS9G140ZTGv9wjel3yvfR1C0jxM1gpeI4NMZArvd2Fzn6iNoCharzfqVnIAAqmeKkpGU/YEmgTxqoLIT3R6+okWIdt8QgcJpU3oKIxmoo1BNSBtJe+46jO290W87oEvOYlASNi4b0jpSQJroso/hIWJzDEvYrdxaQpknVP8mErBDbWmG1Cl+KuJw== + APP_SECRET: AgCIg+JyWbM5O0oB/4h3/KVdVlLYU7HnbRz6WsCnriPAVlhs2rRwObNVPHuWxYrKbng6ihCZftxgdIKQhrY73v0cYKyEQlK3zmpeIktT+YXctLhLqrVYPU8pc34hh5DvFvYDzvRwYg8rBAR6gasPlnHQ/u3vL+wsRmb9Rf5Oeu1NQz0NdGv7wU4ZkRB0ZfZ0vBwYYJHRgXA6YKbNKzZVKbjQZdjL6i5ZmgiJ9goKnoE1kKdM6HcLhiOjQFyzlMu3ZG6om3hU+7FUCarakuRkaMqFl5OIi/rfFd3YY9b6E+lLsOhKqKgLnxS3w1uYXZrDDPAjadns0neLzHRmN7ACgzt9sync3f8tw9qUMAC0/nmZbHUcSltiEYfu3ZEiR1o69+MvjA7xwa17XnuCjsZvx0hp+I/vumsh3smiyiiYWAvOdbE66mh3NCENBBQIcWBFxpGBIhswJL1SWsvw2yb4rzTBm0hiL7weha6tqm11ioauWBDK2bznzBVh/qU+1yAV1XrIcPeKgosDlECOWYHWs4tmPOnOwyINgAnZtyHLOgT+Oh5F+qkh6U1pXMTAkVRIJNTAYTPGf1p026NfiGnglVSk5XfeRxsi0m9qaPSb4ULjDcPKJl+jxNbxTR2veiiAP6RwLqM1WpRE8rWaaqmZiH5JWFnOtkamuRwh2MVqpmB1gj1OzoywvuAN9uouLFg/T5853gm1FHt5z1wB5X9w + DATABASE_TYPE: AgARB8z2qrRjbj+oK9f5povXhCW4pvivcH4L9qfLN0KEobSIT8Eh2aGimvTvX5tMQ5Sr12og8x5oe1x7Xs3mwZvZLNKaS3gAGKPEjiJSXmb8Fm0Sjm6XQ0IgX4PMfnwqGaVA7CMRpGwOjOxHur91TnIffQsZYDXVxD9Qw3WkW6lvtMAxnIXp0fuKlWVcNkuEPY9dsk6s00pjA+/VN/5pjJemZkc0czcO5jZQ8pN606gSuhFdg4KZO9fPs286NHHbU/oMLFkxzLAGISvnQrLnVMrqnW7XV9J6Weo+4rB9ok5a3iodoQ9JBQBlvNipto35VEUpRQNDyMRxkzQUtK8kro9OmW1wTTGZsTffKsxHN0Jge3dw2/qOi0MBjX8QViN9/Mv2uyDB2Wa07i7hnEjrba4tgqoABoskittk18DJ1uctMIXFml14P9nKsQ9NN8E1Oyo8X6cVzBi5KIwDJhFx8SQzKklFRD284eP/trzjKHcqY4F+P0WylAYflcpwL0BshEi3VPIiZyAfQczaesGClMeglPnCJ8zFE7OPXvn633sIwo2TByO3r7RLl0ZRBzmy19+/UKAMyFXacolKclvsC9wUP1tzcRxPyzRzMlEDV+6cn0MBNoWgNpw9Rr7JJoEMlWRyHErq3Xy5bJRuzfuDmtIXzgckpWoPg9hTimE91E9xf2N1g9ovlrws+tYpkTFQkzuxsNHXd+1k21YxmA== + DATABASE_URL: AgCexLYEJnWkklIhAJX35KrrBH/OT+vi4hJBpQv/mOxoK7iCUllRKK1y3iNGmggvL9PBvDFH9YJRQ+/Yd9ufhrpc/a8/BI+oSrjtLNuwF4QFaQFBqz1DoN2jX/wbuJAgn87DJ81RRugPgwvrub8OF1OA9g4vdja+0RvUl9m3TwfaAyHnOq5IMwVMgUGu9h6WWhMvhmt3ROEDoASSAfLNGkeOoYbxboX2gllgBis3sU5jBJ2d+iddkUpniD/lGlmLqDUUm44l2BovwaJ4M2i13RmZC12e4kY83tQFVEqDqT+P63FmIVBd1nLpdBujN2E1Krrac0fLa+H1GX2k1XQ0ao6d+72pJHL5f9882RDD/y448L+6fTN6CCkDqfVT1VQy08jNyHHZP3MMN3Q9psn4Ey+CKKt/t+1Puyo1IEXBspO4dAa4qHEjLJYJO1eMCfpez2E2XysdJvFJ/FqFXnT9EJAyRwUK16HNK6dbFR8sHU2jQhoRqmyjy5DXu0LS+eCPMHyLwtVkBn0TZJqnYv3HHgJQVI5al8QWwRJq7fYU8NMWe/8HF3aBUmVDY/ACVqgoLKFrfls9pcr8ENKG+HRy6gwhqISbFDhQjl1uyEJDZ+OqnaP1q9B+nzujCystaDTd1x7Y0NbN/jdWEY8SlGhee6+jH9fQSCvQQbdAdcoik4HlxpOr+mWT5bVJvgoPrrNSCR9sI64Vl9n6cUctzCjDKWqlNxCO1gaNuQp8QPJ/Lpj3GidL6sssGl+xV+IVAlR9 + HASH_SALT: AgCGet4Cbyhhh56K3a32s8XGTQa8LZiJFEdXMON+NqknJXXcMlYBeeM26I/Id1frRKZyQ0CrhJVXmvHi9UcB9GeGmJqMsIsZ19rH3CCMDgRXf98h0ickhkJyyGKXb4pxSGQuHJ6KNwKuhWLGX6BHP9ZyeFm6P698ThUa4RFireugKTpHcdGl/MFVXwDNgBi8761Ku0FCU+zTfXwsZCTRqC0NGa9lahrTDiW47VSRg+YE6xfRH9ib5UXUBTQwrFXb/zpsHe+4WAt9Ffe2xj3Lg1Ug33e5ukkRuYyqSXN6nX80u+9uavE+ugW/DRGrFSVyyb7vptQcQ76KU31wRyG+D7UnqkMKFY3Dze+cwvOYtwGdBbwJIL6xm5piuKMGQY12dEvf3u+XRgCMKjx4G9tBqfnd4LeQ/CCN034r0A94bt9ClvYpMogEyNMRk5g27ubGRFOT69akIUaQF7toD/otM+5AquvuUhvFdt1M9q6MaAq1bOqhanRy2It4iLsnGOliAJKqAJi67o77RFM0zIeDUBCBWzj3x4uS/BSBNfTh5Blf3Pr06mbhx/zaHJCKBXIVBNIvV5lSvDBfG5zYAvJszWSuv48AbeN0JlqhCfJ1IBWwK/IoyUbHYDPkHHlaJ8ViQi2RZXHk9jZG72mgetSARZ+HuMr/kX0Z3jQBF+zKov+/pNLiJmhVgQznR64bvU+5td4KU2NbluGbhEgg2x4= + POSTGRESQL_DATABASE: AgBnyQJFdd2JRibSUnOLx3DxQUI5LLnpropRC1CygcI43vZ/mwCa82xW8e4XCKuxoWweFVjadDHZ8VZCEMdmoUHRttgVzwY1JqvlwjnbnAilPUjqgppdBc7zp1cv7eIpywapXNCjd8Axnp9vCITFR9R0chAXmf//NB69oDJZOUvS1U0TDvG6QVkhMuwQfy+iQ/WWzOUP3msr8Klnepdvg5lyE5Dtibl567dJ+TLCs8lJCD4Q8/IXQhonGBekBlkm2AZCSkvWbRH2cruvHM35qBtN1HZxiEqbCOr0SAjD2vsvPPBPjyIVg1aORPiO6A2pzfp7UJx7R/4HCCLQw8TYuOfloqC0qm4Mu2JT/o/qVQkNBBElz4+x+YWiU/eNF+P6u9xOfLaaIxkSgZC+uYLSv8D76lI3moSZBxKPbvHO85r7kZfzApc0+R3VhcX+cTHmOjfC7dOsB8Af+tSR1cEMHX1HDIcLOsViA3k9BvA+tNwmxu/vRCSuS9WaPnnyVMUye/e4duEjrYcDr9F2Aj28mPDo1ty76n+XTg15bypK5dfl+HwXclinj7FSCwWXuRpFC50qQn4Zng2wBygccNm5XlM2P41Hs2oRKd2EwVe/FuQZxN9cLswKIRfucsNv4BH6i0BXP4nNyq969VBM3E7baPvtg71MeCOf9GGpt3fxYNH48tpgJpS1ma4JpLm+F14nS+k/4Wubcw== + POSTGRESQL_PASSWORD: AgB3KVdEMngd+Ztm3htZvcUsO3a+KqtO/LEX1b8NOymtbTBr6oWM1y1h6v2Le+CK7M2ExghnMPmDdQOXeWgWeSY1cNMoTDIS8EzbAd9XzNr3gYpWXCTopLFXTbPst0gEgP2dUcJS59jxC6r0JIYbzxP8G+wAPtFym1T7D4Ik6bf6LrQ9kQHGtnZHBz4q/fRuSk4hbIjHZ4OXNyjJ4ZKffOXcmdGsv0+dhLUzNS+c2/yQRx+m0NFJZkP49v/yIgkGw5GaqwtYswfVlhsjI+Biw/0H9wZUM9WMkuX1BwIBp/f5942rga9rv+whZmAT2MS4h7UJAwoyCbiV/PG/NOXXKiJA7nC6HZKZqxu/NBHrLKFVLX1ZXVKd6T0zMHmhFnpqvMJkKPPBduU0nn9nIdzldj+QOl263WCLjCcdUXe82UFC5Lzc4zmJL2sBc0j+pyuWJYYqUI8v1x0qxcsbZFbEeDbazj3GY7eixs/mFQX4YC6ZJKUlXUXK9mV3FvyDjC7hp8YNSrw85w4xnmaY37TdiQT5jxsTzZSgY7mLRaB7RU0AahC3ZCAe0kCKmsM2JJdtXwARJ1RDSV4t7zmXsXTpZHu2hwkPBiENswJ7DvcLdjfmUKc3rQGKI7PiK5h7/csLfEN6Q4c1oSW3d5pYJpMvquRdr1PsBctDBPwTIKevOkyEsM/ueC6r3d7S1LSJhVkXEuFLeG7TSw== + POSTGRESQL_USER: AgCaanMEfhIe8LtCi01R6GSPT+A1lOaoDaLaZ5JS/8Ar7vmCUbrT+pG20Q+DKsUOcP/ke8r29Zpr1ZBl8lLKWFp8PaC9jw1KP3s/zcukKuLwEhNs73ldu4U757g6xLwB8+zYcgCWQA9J6flKq+9HLREki7CORtJT9BPo75TxIOBH8Ya/kT8u/+nlYqvDxAWsPeWCBljzeiKUtoLkXySCl5qhRwwyvUsuffMTHIouOtY/Y1OEuIhSvCi01A1kL5/vddAUtJYxvp+Kh2TuEU//g0kjXTUo8sCbnoj36I/trFplSZTe9680k1rhYK4H2Cca98t0JzPuwHUlg4akm5JORZ/BxQMKDCcuaESZIn4bC4Yoq7LUPrDhJpGqgiZSHFlqLs46UPg/534sc1HacmVr2qprHWNEqkwVHoej28YqWTJlP4XEqTnPQK645wMBvyhCKXrwod6pUmAaQZS7KA7giFCAlZxyVJXpp2bvTpG36H9BG/5FwzC8jIZKzZj9yFmkdKiI6CyMDuDrVA7qbpvVprmtqE2kRRgxOTEazgThMYMnLt9hdJiRIAv4JE+rwk8n07W+cOsfxAXLwaAGcQvZPOhQKnB2Rb2hWa7SYmJt3GJV64LrkUpYtRWQ204xhY8DIYVzXGQ8GY6ziFkrZe0TCdVeWbxLdB01rXWKXnb1chfCB2GVD0ZUuUmVL250a9MOwhTy31zzOw== + template: + metadata: + creationTimestamp: null + labels: + app: umami + name: umami-secret + namespace: umami + type: Opaque + From 3f15cb763fd28ee8b38db6b5cf27c6b2e0668efe Mon Sep 17 00:00:00 2001 From: greg pereira Date: Fri, 6 Dec 2024 14:30:53 -0800 Subject: [PATCH 2/7] kind makefile changes, better labels in base manifests, md linting Signed-off-by: greg pereira --- .gitignore | 4 ++-- Makefile | 13 ++++++++++++- deploy/k8s/base/umami/deployment.yaml | 16 +++------------- deploy/k8s/base/umami/kustomization.yaml | 8 ++++++++ deploy/k8s/base/umami/namespace.yaml | 2 -- deploy/k8s/base/umami/postgresql-pvc.yaml | 2 -- deploy/k8s/base/umami/postgresql-service.yaml | 1 - deploy/k8s/base/umami/umami-service.yaml | 1 - deploy/k8s/overlays/kind/README.md | 14 +++++++++----- deploy/k8s/overlays/kind/umami/README.md | 7 ++++--- 10 files changed, 38 insertions(+), 30 deletions(-) diff --git a/.gitignore b/.gitignore index e0a05489..cb3645fd 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,6 @@ npm-debug.log !mock-cert.pem .env *.env -!example.umami-secret.env coverage lib taxonomy @@ -27,5 +26,6 @@ pathservice.pid /playwright-report/ /blob-report/ /playwright/.cache/ - playwright/.auth +deploy/k8s/overlays/kind/umami/umami-secret.yaml +deploy/k8s/overlays/openshift/umami/umami-secret.yaml diff --git a/Makefile b/Makefile index d812a972..9a107ed8 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,7 @@ ILAB_KUBE_CLUSTER_NAME?=instructlab-ui CONTAINER_ENGINE?=docker DEVCONTAINER_BINARY_EXISTS ?= $(shell command -v devcontainer) TAG=$(shell git rev-parse HEAD) +UMAMI_KUBE_NAMESPACE?=umami ##@ Development - Helper commands for development .PHONY: md-lint md-lint: ## Lint markdown files @@ -113,7 +114,10 @@ check-kubectl: .PHONY: load-images load-images: ## Load images onto Kind cluster + $(CMD_PREFIX) docker pull ghcr.io/instructlab/ui/ui:main + $(CMD_PREFIX) docker pull registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image ghcr.io/instructlab/ui/ui:main + $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 .PHONY: stop-dev-kind stop-dev-kind: check-kind ## Stop the Kind cluster to destroy the development environment @@ -140,10 +144,16 @@ deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a k $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) port-forward -n $(UMAMI_KUBE_NAMESPACE) service/umami 3001:3001 + + .PHONY: redeploy redeploy: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(UMAMI_KUBE_NAMESPACE) rollout restart deploy/umami .PHONY: undeploy undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster @@ -151,9 +161,10 @@ undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster rm ./deploy/k8s/overlays/kind/.env ; \ fi $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(ILAB_KUBE_NAMESPACE) + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(UMAMI_KUBE_NAMESPACE) .PHONY: start-dev-kind ## Run the development environment on Kind cluster -start-dev-kind: setup-kind deploy ## Setup a Kind cluster and deploy InstructLab UI on it +start-dev-kind: setup-kind load-images deploy ## Setup a Kind cluster and deploy InstructLab UI on it ##@ OpenShift - UI prod and qa deployment on OpenShift .PHONY: deploy-qa-openshift diff --git a/deploy/k8s/base/umami/deployment.yaml b/deploy/k8s/base/umami/deployment.yaml index 8d7ee15f..b18f9cc2 100644 --- a/deploy/k8s/base/umami/deployment.yaml +++ b/deploy/k8s/base/umami/deployment.yaml @@ -2,17 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: umami - labels: - app: umami spec: replicas: 1 - selector: - matchLabels: - app: umami + strategy: + type: RollingUpdate template: - metadata: - labels: - app: umami spec: containers: - name: postgresql @@ -64,15 +58,11 @@ spec: secretKeyRef: name: umami-secret key: APP_SECRET - - name: HASH_SALT - valueFrom: - secretKeyRef: - name: umami-secret - key: HASH_SALT - name: PORT value: "3001" ports: - containerPort: 3001 + restartPolicy: Always volumes: - name: db-data persistentVolumeClaim: diff --git a/deploy/k8s/base/umami/kustomization.yaml b/deploy/k8s/base/umami/kustomization.yaml index 89967049..afa29a2e 100644 --- a/deploy/k8s/base/umami/kustomization.yaml +++ b/deploy/k8s/base/umami/kustomization.yaml @@ -7,3 +7,11 @@ resources: - postgresql-pvc.yaml - postgresql-service.yaml - umami-service.yaml +labels: + - includeSelectors: true + pairs: + app: umami + app.kubernetes.io/component: umami + app.kubernetes.io/instance: umami + app.kubernetes.io/name: umami + app.kubernetes.io/part-of: umami diff --git a/deploy/k8s/base/umami/namespace.yaml b/deploy/k8s/base/umami/namespace.yaml index 170ed2db..196046b9 100644 --- a/deploy/k8s/base/umami/namespace.yaml +++ b/deploy/k8s/base/umami/namespace.yaml @@ -2,5 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: umami - labels: - name: umami diff --git a/deploy/k8s/base/umami/postgresql-pvc.yaml b/deploy/k8s/base/umami/postgresql-pvc.yaml index 3ffa7397..3eaa5a4a 100644 --- a/deploy/k8s/base/umami/postgresql-pvc.yaml +++ b/deploy/k8s/base/umami/postgresql-pvc.yaml @@ -2,8 +2,6 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: umami-postgresql-db-data - labels: - app: umami spec: accessModes: - ReadWriteOnce diff --git a/deploy/k8s/base/umami/postgresql-service.yaml b/deploy/k8s/base/umami/postgresql-service.yaml index 6cd17d10..e4e88fb0 100644 --- a/deploy/k8s/base/umami/postgresql-service.yaml +++ b/deploy/k8s/base/umami/postgresql-service.yaml @@ -3,7 +3,6 @@ kind: Service metadata: name: umami-db labels: - app: umami component: db spec: ports: diff --git a/deploy/k8s/base/umami/umami-service.yaml b/deploy/k8s/base/umami/umami-service.yaml index f7268d15..47078319 100644 --- a/deploy/k8s/base/umami/umami-service.yaml +++ b/deploy/k8s/base/umami/umami-service.yaml @@ -4,7 +4,6 @@ kind: Service metadata: name: umami labels: - app: umami component: web spec: ports: diff --git a/deploy/k8s/overlays/kind/README.md b/deploy/k8s/overlays/kind/README.md index c222aff7..baddfb3f 100644 --- a/deploy/k8s/overlays/kind/README.md +++ b/deploy/k8s/overlays/kind/README.md @@ -1,19 +1,23 @@ -# Introduction +# Kind deployment Kind is a tool that can allow you to emulate a local kuberenetes cluster. These manifests will help you provision a correctly configured kind cluster and apply the resources. -# Usage +## Usage -## Building the cluster +The easiest way is to use the predefined `make` targets at the root of the repo, such as `make start-dev-kind`. However this document will also explain the process of +deploying from the manifests themselves. + +### Building the cluster You can either create a default cluster, or use the setup we have to mimic our openshift dpeloyment more closely: `kind create cluster --config kind.yaml`. -## Applying the kind-ingress manifests +### Applying the kind-ingress manifests If you dont care about using an ingress and choose to hit the services directly, use host networking on your container runtime on which you are using kind, or some other -edge case which would remove the necesity of ingresses, you can simple ignore the [kind-ingress.yaml](./kind-ingress.yaml). However if you do want to use ingresses +edge case which would remove the necesity of ingresses, you can simple ignore the [kind-ingress.yaml](./kind-ingress.yaml). However if you do want to use ingresses (which are a part of both the default UI stack and the umami metrics stack), then you should deploy the kind ingress: `kubectl create -f kind-ingress.yaml`. This will take some time to deploy, so now we can simply wait for it: + ```bash kubectl wait --namespace ingress-nginx \ --for=condition=ready pod \ diff --git a/deploy/k8s/overlays/kind/umami/README.md b/deploy/k8s/overlays/kind/umami/README.md index dc831a8a..30cc66cb 100644 --- a/deploy/k8s/overlays/kind/umami/README.md +++ b/deploy/k8s/overlays/kind/umami/README.md @@ -1,10 +1,11 @@ # Notes To try to deploy Umami via kind you must first create and apply the manifests 1 directory up. After that, creating umami within kind is very straightforward. -Simply set your `.umami-secret.env` with your values from the template `example.umami-secret.env` in this directory. After this, we need to import the +Simply set your `.umami-secret.env` with your values from the template `example.umami-secret.env` in this directory. After this, we need to import the container image that we use for the Umami postgresql database. -To do this, we first start by pulling down the image +To do this, we first start by pulling down the image: + ```bash PSQL_IMAGE="registry.redhat.io/rhel9/postgresql-15:9.5-1733127512" docker pull ${PSQL_IMAGE} @@ -14,4 +15,4 @@ If you provisioned a default kind cluster, you can load your image onto it as fo However if you provisioned a kind cluster with the [kind.yaml](../kind.yaml) configuration we provided in the directory above this, then you will need to specify the name of the cluster as well: `kind load docker-image ${PSQL_IMAGE} --name instructlab-ui` -After that you can apply the Umami manifests: `kustomize build . | kubectl apply -f -`. +After that you can apply the Umami manifests: `kustomize build . | kubectl apply -f -`. From ee35f3f8274843b0358c04e75096e7248e8159d9 Mon Sep 17 00:00:00 2001 From: greg pereira Date: Sun, 8 Dec 2024 10:35:42 -0800 Subject: [PATCH 3/7] makefile implementations, static secret to dynamic creation from env, secret template, secrets applied individually Signed-off-by: greg pereira --- Makefile | 68 ++++++++++++++++++- ...y-umami-openshift-env-secret-conversion.sh | 60 ++++++++++++++++ .../overlays/kind/umami/kustomization.yaml | 1 - .../overlays/kind/umami/umami-ingress.yaml | 2 +- .../kind/umami/umami-secret.template.yaml | 15 ++++ .../openshift/umami/kustomization.yaml | 1 - ...et.yaml => umami-secret.sealedsecret.yaml} | 1 - 7 files changed, 141 insertions(+), 7 deletions(-) create mode 100644 deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh create mode 100644 deploy/k8s/overlays/kind/umami/umami-secret.template.yaml rename deploy/k8s/overlays/openshift/umami/{umami.sealedsecret.yaml => umami-secret.sealedsecret.yaml} (99%) diff --git a/Makefile b/Makefile index 9a107ed8..616f6102 100644 --- a/Makefile +++ b/Makefile @@ -115,8 +115,8 @@ check-kubectl: .PHONY: load-images load-images: ## Load images onto Kind cluster $(CMD_PREFIX) docker pull ghcr.io/instructlab/ui/ui:main - $(CMD_PREFIX) docker pull registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image ghcr.io/instructlab/ui/ui:main + $(CMD_PREFIX) docker pull registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 .PHONY: stop-dev-kind @@ -163,6 +163,28 @@ undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(ILAB_KUBE_NAMESPACE) $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(UMAMI_KUBE_NAMESPACE) +.PHONY: deploy-umami-kind +deploy-umami-kind: wait-for-readiness load-images + $(CMD_PREFIX) if [ ! -f .env ]; then \ + echo "Please create a .env file in the root of the project." ; \ + exit 1 ; \ + fi + $(CMD_PREFIX) bash -c "source .env && \ + deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh KIND $(UMAMI_KUBE_NAMESPACE)" + + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + $(CMD_PREFIX) kubectl create -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami + + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) port-forward -n $(UMAMI_KUBE_NAMESPACE) service/umami 3001:3001 + +.PHONY: undeploy-umami-kind +undeploy-umami-kind: + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -k ./deploy/k8s/overlays/kind/umami + .PHONY: start-dev-kind ## Run the development environment on Kind cluster start-dev-kind: setup-kind load-images deploy ## Setup a Kind cluster and deploy InstructLab UI on it @@ -173,7 +195,6 @@ deploy-qa-openshift: ## Deploy QA stack of the InstructLab UI on OpenShift echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi - $(CMD_PREFIX) yes | cp -rf .env ./deploy/k8s/overlays/openshift/qa/.env $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/qa $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m @@ -183,7 +204,6 @@ redeploy-qa-openshift: ## Redeploy QA stack of the InstructLab UI on OpenShift $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice - .PHONY: undeploy-qa-openshift undeploy-qa-openshift: ## Undeploy QA stack of the InstructLab UI on OpenShift $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/qa @@ -191,6 +211,26 @@ undeploy-qa-openshift: ## Undeploy QA stack of the InstructLab UI on OpenShift rm ./deploy/k8s/overlays/openshift/qa/.env ; \ fi +.PHONY: deploy-umami-qa-openshift +deploy-umami-qa-openshift: + $(CMD_PREFIX) if [ ! -f .env ]; then \ + echo "Please create a .env file in the root of the project." ; \ + exit 1 ; \ + fi + $(CMD_PREFIX) source .env && \ + deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh OPENSHIFT $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - + $(CMD_PREFIX) oc apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + + $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/umami + $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + +.PHONY: undeploy-umami-qa-openshift +undeploy-umami-qa-openshift: + $(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami + .PHONY: deploy-prod-openshift deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenShift $(CMD_PREFIX) if [ ! -f .env ]; then \ @@ -215,6 +255,28 @@ undeploy-prod-openshift: ## Undeploy production stack of the InstructLab UI on O rm ./deploy/k8s/overlays/openshift/prod/.env ; \ fi +.PHONY: deploy-umami-prod-openshift +deploy-umami-prod-openshift: check-kubeseal + $(CMD_PREFIX) if [ ! -f .env ]; then \ + echo "Please create a .env file in the root of the project." ; \ + exit 1 ; \ + fi + $(CMD_PREFIX) source .env && \ + deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh "OPENSHIFT" $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) cat deploy/k8s/overlays/openshift/umami/umami-secret.yaml | kubeseal \ + --controller-name=sealed-secrets-controller \ + --controller-namespace=kube-system \ + --format yaml > ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - + $(CMD_PREFIX) oc apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) oc apply -k deploy/k8s/overlays/openshift/umami + +.PHONY: undeploy-umami-prod-openshift +undeploy-umami-prod-openshift: + $(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami + .PHONY: check-dev-container-installed check-dev-container-installed: @if [ -z "${DEVCONTAINER_BINARY_EXISTS}" ]; then \ diff --git a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh new file mode 100644 index 00000000..5d761d2c --- /dev/null +++ b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh @@ -0,0 +1,60 @@ +#!/bin/bash +# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*- + +# Helper script to filter out `.env`` values related to umami deployment, and generate the secret manifest from that + +source .env + +if [ "$#" -ne 2 ]; then + echo "USAGE: $0 TARGET NAMESPACE + TARGET: The deployment target. Options: [\"OPENSHIFT\", \"KIND\"] + NAMESPACE: The namespace where you want to deploy the umami-secret." 1>&2 + exit 1 +fi + +TARGET="$1" +NAMESPACE="$2" + + +if [ "${TARGET}" == "OPENSHIFT" ]; then + UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/openshift/umami/umami-secret.yaml" +elif [ "${TARGET}" == "KIND" ]; then + UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/kind/umami/umami-secret.yaml" +else + echo "Error, \$TARGET ${TARGET} not recongnized. + TARGET options: [\"OPENSHIFT\", \"KIND\"]" + exit 1 +fi + +required_vars=("DATABASE_TYPE" "POSTGRESQL_DATABASE" "POSTGRESQL_USER" "POSTGRESQL_PASSWORD" "UMAMI_APP_SECRET" "DATABASE_URL") + +missing_vars=() + +for var in "${required_vars[@]}"; do + if [[ -z "${!var}" ]]; then + missing_vars+=("$var") + fi +done + +if [[ ${#missing_vars[@]} -gt 0 ]]; then + echo "The following environment variables are missing:" + for var in "${missing_vars[@]}"; do + echo " - $var" + done + echo "Please add these variables to your .env file." + exit 1 +fi + +# Note: `.env` value UMAMI_APP_SECRET is re-routed to APP_SECRET intentionally +kubectl create secret generic umami-secret \ + --from-literal DATABASE_TYPE=${DATABASE_TYPE} \ + --from-literal POSTGRESQL_DATABASE=${POSTGRESQL_DATABASE} \ + --from-literal POSTGRESQL_USER=${POSTGRESQL_USER} \ + --from-literal POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD} \ + --from-literal APP_SECRET=${UMAMI_APP_SECRET} \ + --from-literal DATABASE_URL=${DATABASE_URL} \ + --namespace ${NAMESPACE} \ + --dry-run=client \ + -o yaml > ${UMAMI_SECRET_FILE_PATH} + +echo "Secret manifest has been created: ${UMAMI_SECRET_FILE_PATH}." diff --git a/deploy/k8s/overlays/kind/umami/kustomization.yaml b/deploy/k8s/overlays/kind/umami/kustomization.yaml index 7e956512..4f6bce68 100644 --- a/deploy/k8s/overlays/kind/umami/kustomization.yaml +++ b/deploy/k8s/overlays/kind/umami/kustomization.yaml @@ -4,4 +4,3 @@ namespace: umami resources: - ../../../base/umami - umami-ingress.yaml - - example.umami-secret.yaml diff --git a/deploy/k8s/overlays/kind/umami/umami-ingress.yaml b/deploy/k8s/overlays/kind/umami/umami-ingress.yaml index dcb3a787..c6b2da28 100644 --- a/deploy/k8s/overlays/kind/umami/umami-ingress.yaml +++ b/deploy/k8s/overlays/kind/umami/umami-ingress.yaml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: umami.local + - host: umami.localhost http: paths: - path: / diff --git a/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml new file mode 100644 index 00000000..09488789 --- /dev/null +++ b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: umami-secret + labels: + app: umami +type: Opaque +stringData: + DATABASE_TYPE: postgresql # Options: ["postgresql", "mysql"] + POSTGRESQL_DATABASE: db-name + POSTGRESQL_USER: db-user + POSTGRESQL_PASSWORD: db-pass + APP_SECRET: app_secret # Functions as hash_salt, see: https://github.com/umami-software/umami/commit/7bbed0e12bb36b410ca03261757465167828b09b#diff-65e615806187cb0aef26259e5f071afc5271919039bc05c57cea796f5d56b4eeL7 + DATABASE_URL: postgresql://db-user:db-pass@umami-db:5432/db-name + # ://:@:5432/ diff --git a/deploy/k8s/overlays/openshift/umami/kustomization.yaml b/deploy/k8s/overlays/openshift/umami/kustomization.yaml index b1d8690e..584f4cd3 100644 --- a/deploy/k8s/overlays/openshift/umami/kustomization.yaml +++ b/deploy/k8s/overlays/openshift/umami/kustomization.yaml @@ -4,5 +4,4 @@ kind: Kustomization namespace: umami resources: - ../../../base/umami - - umami.sealedsecret.yaml - umami-route.yaml diff --git a/deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml similarity index 99% rename from deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml rename to deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml index f7a8df9d..a648b9cc 100644 --- a/deploy/k8s/overlays/openshift/umami/umami.sealedsecret.yaml +++ b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml @@ -22,4 +22,3 @@ spec: name: umami-secret namespace: umami type: Opaque - From 6230ff3ef8e927a73e41a5d21284aa3a912edebe Mon Sep 17 00:00:00 2001 From: greg pereira Date: Mon, 9 Dec 2024 11:51:59 -0800 Subject: [PATCH 4/7] updating conversion script, docs and deployment Signed-off-by: greg pereira --- Makefile | 72 +++++++++------ ...y-umami-openshift-env-secret-conversion.sh | 6 ++ deploy/k8s/base/umami/deployment.yaml | 5 -- .../overlays/openshift/umami/umami-route.yaml | 1 - .../umami/umami-secret.sealedsecret.yaml | 18 ++-- docs/umami_metrics.md | 90 +++++++++++++++++++ 6 files changed, 151 insertions(+), 41 deletions(-) mode change 100644 => 100755 deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh create mode 100644 docs/umami_metrics.md diff --git a/Makefile b/Makefile index 616f6102..351d102f 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,8 @@ CONTAINER_ENGINE?=docker DEVCONTAINER_BINARY_EXISTS ?= $(shell command -v devcontainer) TAG=$(shell git rev-parse HEAD) UMAMI_KUBE_NAMESPACE?=umami +SEALED_SECRETS_CONTROLLER_NAMESPACE=kube-system +SEALED_SECRETS_CONTROLLER_NAME=sealed-secrets-controller ##@ Development - Helper commands for development .PHONY: md-lint md-lint: ## Lint markdown files @@ -90,7 +92,6 @@ start-dev-podman: ## Start UI development stack in podman echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi - $(CMD_PREFIX) yes | cp -rf .env ./deploy/compose/.env $(CMD_PREFIX) podman-compose -f ./deploy/compose/ui-compose.yml up -d $(CMD_PREFIX) echo "Development environment started." @@ -112,6 +113,31 @@ check-kubectl: exit 1 ; \ fi +.PHONY: check-kubeseal +check-kubeseal: + $(CMD_PREFIX) if [ -z "$(shell which kubeseal)" ]; then \ + echo "Please install kubeseal" ; \ + echo "https://github.com/bitnami-labs/sealed-secrets?tab=readme-ov-file#kubeseal" ; \ + exit 1 ; \ + fi + +.PHONY: check-sealed-secrets-controller +check-sealed-secrets-controller: + $(CMD_PREFIX) kubectl get deployment ${SEALED_SECRETS_CONTROLLER_NAME} -n ${SEALED_SECRETS_CONTROLLER_NAMESPACE} > /dev/null 2>&1 || { \ + echo "Error: Could not find the Sealed Secrets controller deployment named '${SEALED_SECRETS_CONTROLLER_NAME}' in namespace '${SEALED_SECRETS_CONTROLLER_NAMESPACE}'."; \ + echo "Please update SEALED_SECRETS_CONTROLLER_NAME and SEALED_SECRETS_CONTROLLER_NAMESPACE at the top of the Makefile"; \ + echo "to match your deployment, or see https://github.com/bitnami-labs/sealed-secrets#controller for information on installing it."; \ + exit 1; \ + } + +.PHONY: check-yq +check-yq: + $(CMD_PREFIX) if ! command -v yq >/dev/null 2>&1; then \ + echo "Error: 'yq' is not installed."; \ + echo "Please visit https://github.com/mikefarah/yq#install for installation instructions."; \ + exit 1; \ + fi + .PHONY: load-images load-images: ## Load images onto Kind cluster $(CMD_PREFIX) docker pull ghcr.io/instructlab/ui/ui:main @@ -144,11 +170,6 @@ deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a k $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) port-forward -n $(UMAMI_KUBE_NAMESPACE) service/umami 3001:3001 - - .PHONY: redeploy redeploy: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui @@ -169,15 +190,14 @@ deploy-umami-kind: wait-for-readiness load-images echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi + $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - $(CMD_PREFIX) bash -c "source .env && \ deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh KIND $(UMAMI_KUBE_NAMESPACE)" - - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - $(CMD_PREFIX) kubectl create -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) port-forward -n $(UMAMI_KUBE_NAMESPACE) service/umami 3001:3001 + @umami_ingress=$$(kubectl get ingress umami-ingress -n umami -o jsonpath='{.spec.rules[*].host}') ; \ + echo "Umami ingress deployed to: $$umami_ingress" .PHONY: undeploy-umami-kind undeploy-umami-kind: @@ -217,13 +237,14 @@ deploy-umami-qa-openshift: echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi + $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - $(CMD_PREFIX) source .env && \ deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh OPENSHIFT $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - $(CMD_PREFIX) oc apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml - $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/umami $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + @umami_route=$$(oc get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ + echo "Umami route deployed to: $$umami_route" .PHONY: undeploy-umami-qa-openshift undeploy-umami-qa-openshift: @@ -237,7 +258,6 @@ deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenS echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi - $(CMD_PREFIX) yes | cp -rf .env ./deploy/k8s/overlays/openshift/prod/.env $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/prod $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m @@ -256,20 +276,22 @@ undeploy-prod-openshift: ## Undeploy production stack of the InstructLab UI on O fi .PHONY: deploy-umami-prod-openshift -deploy-umami-prod-openshift: check-kubeseal +deploy-umami-prod-openshift: check-kubeseal check-sealed-secrets-controller $(CMD_PREFIX) if [ ! -f .env ]; then \ echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi + $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - $(CMD_PREFIX) source .env && \ deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh "OPENSHIFT" $(UMAMI_KUBE_NAMESPACE) $(CMD_PREFIX) cat deploy/k8s/overlays/openshift/umami/umami-secret.yaml | kubeseal \ - --controller-name=sealed-secrets-controller \ - --controller-namespace=kube-system \ + --controller-name=${SEALED_SECRETS_CONTROLLER_NAME} \ + --controller-namespace=${SEALED_SECRETS_CONTROLLER_NAMESPACE} \ --format yaml > ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml - $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - $(CMD_PREFIX) oc apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml $(CMD_PREFIX) oc apply -k deploy/k8s/overlays/openshift/umami + @umami_route=$$(oc get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ + echo "Umami route deployed to: $$umami_route" .PHONY: undeploy-umami-prod-openshift undeploy-umami-prod-openshift: @@ -280,8 +302,8 @@ undeploy-umami-prod-openshift: .PHONY: check-dev-container-installed check-dev-container-installed: @if [ -z "${DEVCONTAINER_BINARY_EXISTS}" ]; then \ - echo "You do not have devcontainer installed, please isntall it!"; \ - exit 1; \ + echo "You do not have devcontainer installed, please isntall it!" ; \ + exit 1 ; \ fi; .PHONY: build-dev-container @@ -306,12 +328,12 @@ cycle-dev-container: CONTAINER_IDS=$(shell ${CONTAINER_ENGINE} ps -a | grep "quay.io/instructlab-ui/devcontainer" | awk '{print $$1}') && \ if [ -n "$$CONTAINER_IDS" ]; then \ for CONTAINER_ID in "$$CONTAINER_IDS"; do \ - echo "Stopping and removing container $$CONTAINER_ID of imageid $$image_id..."; \ - ${CONTAINER_ENGINE} rm "$$CONTAINER_ID" -f; \ - done; \ - fi; \ - echo "removing image with id $$image_id and all containers using that image ..."; \ - ${CONTAINER_ENGINE} rmi $$image_id -f; \ + echo "Stopping and removing container $$CONTAINER_ID of imageid $$image_id..." ; \ + ${CONTAINER_ENGINE} rm "$$CONTAINER_ID" -f ; \ + done ; \ + fi ; \ + echo "removing image with id $$image_id and all containers using that image ..." ; \ + ${CONTAINER_ENGINE} rmi $$image_id -f ; \ fi; $(MAKE) build-dev-container $(MAKE) start-dev-container diff --git a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh old mode 100644 new mode 100755 index 5d761d2c..cf67d7cf --- a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh +++ b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh @@ -3,6 +3,8 @@ # Helper script to filter out `.env`` values related to umami deployment, and generate the secret manifest from that +# Requires: kubectl, yq + source .env if [ "$#" -ne 2 ]; then @@ -45,6 +47,8 @@ if [[ ${#missing_vars[@]} -gt 0 ]]; then exit 1 fi +cluster_domain=$(kubectl cluster-info | grep 'Kubernetes control plane' | awk -F// '{print $2}' | awk -F: '{print $1}') + # Note: `.env` value UMAMI_APP_SECRET is re-routed to APP_SECRET intentionally kubectl create secret generic umami-secret \ --from-literal DATABASE_TYPE=${DATABASE_TYPE} \ @@ -57,4 +61,6 @@ kubectl create secret generic umami-secret \ --dry-run=client \ -o yaml > ${UMAMI_SECRET_FILE_PATH} +yq eval ".metadata.labels.cluster_domain = \"${cluster_domain}\"" -i ${UMAMI_SECRET_FILE_PATH} + echo "Secret manifest has been created: ${UMAMI_SECRET_FILE_PATH}." diff --git a/deploy/k8s/base/umami/deployment.yaml b/deploy/k8s/base/umami/deployment.yaml index b18f9cc2..8d21f4e5 100644 --- a/deploy/k8s/base/umami/deployment.yaml +++ b/deploy/k8s/base/umami/deployment.yaml @@ -35,11 +35,6 @@ spec: command: ["pg_isready"] initialDelaySeconds: 5 periodSeconds: 10 - readinessProbe: - exec: - command: ["pg_isready"] - initialDelaySeconds: 5 - periodSeconds: 10 volumeMounts: - name: db-data mountPath: /var/lib/postgresql/data diff --git a/deploy/k8s/overlays/openshift/umami/umami-route.yaml b/deploy/k8s/overlays/openshift/umami/umami-route.yaml index 8a7111b9..bc4e5c49 100644 --- a/deploy/k8s/overlays/openshift/umami/umami-route.yaml +++ b/deploy/k8s/overlays/openshift/umami/umami-route.yaml @@ -5,7 +5,6 @@ metadata: labels: name: umami spec: - host: umami.qa.instructlab.ui port: targetPort: 3001 tls: diff --git a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml index a648b9cc..6984d861 100644 --- a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml +++ b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml @@ -6,19 +6,17 @@ metadata: namespace: umami spec: encryptedData: - ADMIN_PASSWORD: AgCKiqvuCtrkZW/NjwU+bNcnYGmSoLkqRB/Y+JUJA+HLUuJdBep4yi2z2eSOWbjOhPfE20g2LmCG2DcRi8+RgTbJIihHkLfmIQsnM9K3XIWj6EGke5Qjh/GfWiF1p2idJM63YD6eInCBm2HimjdDkTr8v6JQ2aU918sSntgFGs5g6RVtZ8BC1EB+hvFW00CIDRWExdGTfBqIgR8Z5bVMK3cVT1HdZj6AklUBp2iR2aCWN4KCsAWVh2jmzkXdmg0Id2c9phsfI11GxLFIWwou3VcfdbCCRnN3n+jU+CkCfJ3dDYUGFbQTQPcNI47joiLN3bAT4UNG8XhSBMq7ZmOBOK6vKy6bDfa0+KN8IKwGajZd+cGZ3jgTuQ9bmpwqztdnpgSaVx8bTSUo9yMfgcuMHlGezxzwGQdnOfRlAryq3NTqGuUJkgyxEyM2w1iGaTFOvD9j0W1tIl5JbExz0Jp5ObNYDeSrnjWA+O7zthE5oKaNsPPfU4y6IGGyWYV40X3wuZpBtJkdPu3nFLVqZUCKoiB7pT554/fqtqgGip/1dD+Q0eCkRszS9G140ZTGv9wjel3yvfR1C0jxM1gpeI4NMZArvd2Fzn6iNoCharzfqVnIAAqmeKkpGU/YEmgTxqoLIT3R6+okWIdt8QgcJpU3oKIxmoo1BNSBtJe+46jO290W87oEvOYlASNi4b0jpSQJroso/hIWJzDEvYrdxaQpknVP8mErBDbWmG1Cl+KuJw== - APP_SECRET: AgCIg+JyWbM5O0oB/4h3/KVdVlLYU7HnbRz6WsCnriPAVlhs2rRwObNVPHuWxYrKbng6ihCZftxgdIKQhrY73v0cYKyEQlK3zmpeIktT+YXctLhLqrVYPU8pc34hh5DvFvYDzvRwYg8rBAR6gasPlnHQ/u3vL+wsRmb9Rf5Oeu1NQz0NdGv7wU4ZkRB0ZfZ0vBwYYJHRgXA6YKbNKzZVKbjQZdjL6i5ZmgiJ9goKnoE1kKdM6HcLhiOjQFyzlMu3ZG6om3hU+7FUCarakuRkaMqFl5OIi/rfFd3YY9b6E+lLsOhKqKgLnxS3w1uYXZrDDPAjadns0neLzHRmN7ACgzt9sync3f8tw9qUMAC0/nmZbHUcSltiEYfu3ZEiR1o69+MvjA7xwa17XnuCjsZvx0hp+I/vumsh3smiyiiYWAvOdbE66mh3NCENBBQIcWBFxpGBIhswJL1SWsvw2yb4rzTBm0hiL7weha6tqm11ioauWBDK2bznzBVh/qU+1yAV1XrIcPeKgosDlECOWYHWs4tmPOnOwyINgAnZtyHLOgT+Oh5F+qkh6U1pXMTAkVRIJNTAYTPGf1p026NfiGnglVSk5XfeRxsi0m9qaPSb4ULjDcPKJl+jxNbxTR2veiiAP6RwLqM1WpRE8rWaaqmZiH5JWFnOtkamuRwh2MVqpmB1gj1OzoywvuAN9uouLFg/T5853gm1FHt5z1wB5X9w - DATABASE_TYPE: AgARB8z2qrRjbj+oK9f5povXhCW4pvivcH4L9qfLN0KEobSIT8Eh2aGimvTvX5tMQ5Sr12og8x5oe1x7Xs3mwZvZLNKaS3gAGKPEjiJSXmb8Fm0Sjm6XQ0IgX4PMfnwqGaVA7CMRpGwOjOxHur91TnIffQsZYDXVxD9Qw3WkW6lvtMAxnIXp0fuKlWVcNkuEPY9dsk6s00pjA+/VN/5pjJemZkc0czcO5jZQ8pN606gSuhFdg4KZO9fPs286NHHbU/oMLFkxzLAGISvnQrLnVMrqnW7XV9J6Weo+4rB9ok5a3iodoQ9JBQBlvNipto35VEUpRQNDyMRxkzQUtK8kro9OmW1wTTGZsTffKsxHN0Jge3dw2/qOi0MBjX8QViN9/Mv2uyDB2Wa07i7hnEjrba4tgqoABoskittk18DJ1uctMIXFml14P9nKsQ9NN8E1Oyo8X6cVzBi5KIwDJhFx8SQzKklFRD284eP/trzjKHcqY4F+P0WylAYflcpwL0BshEi3VPIiZyAfQczaesGClMeglPnCJ8zFE7OPXvn633sIwo2TByO3r7RLl0ZRBzmy19+/UKAMyFXacolKclvsC9wUP1tzcRxPyzRzMlEDV+6cn0MBNoWgNpw9Rr7JJoEMlWRyHErq3Xy5bJRuzfuDmtIXzgckpWoPg9hTimE91E9xf2N1g9ovlrws+tYpkTFQkzuxsNHXd+1k21YxmA== - DATABASE_URL: AgCexLYEJnWkklIhAJX35KrrBH/OT+vi4hJBpQv/mOxoK7iCUllRKK1y3iNGmggvL9PBvDFH9YJRQ+/Yd9ufhrpc/a8/BI+oSrjtLNuwF4QFaQFBqz1DoN2jX/wbuJAgn87DJ81RRugPgwvrub8OF1OA9g4vdja+0RvUl9m3TwfaAyHnOq5IMwVMgUGu9h6WWhMvhmt3ROEDoASSAfLNGkeOoYbxboX2gllgBis3sU5jBJ2d+iddkUpniD/lGlmLqDUUm44l2BovwaJ4M2i13RmZC12e4kY83tQFVEqDqT+P63FmIVBd1nLpdBujN2E1Krrac0fLa+H1GX2k1XQ0ao6d+72pJHL5f9882RDD/y448L+6fTN6CCkDqfVT1VQy08jNyHHZP3MMN3Q9psn4Ey+CKKt/t+1Puyo1IEXBspO4dAa4qHEjLJYJO1eMCfpez2E2XysdJvFJ/FqFXnT9EJAyRwUK16HNK6dbFR8sHU2jQhoRqmyjy5DXu0LS+eCPMHyLwtVkBn0TZJqnYv3HHgJQVI5al8QWwRJq7fYU8NMWe/8HF3aBUmVDY/ACVqgoLKFrfls9pcr8ENKG+HRy6gwhqISbFDhQjl1uyEJDZ+OqnaP1q9B+nzujCystaDTd1x7Y0NbN/jdWEY8SlGhee6+jH9fQSCvQQbdAdcoik4HlxpOr+mWT5bVJvgoPrrNSCR9sI64Vl9n6cUctzCjDKWqlNxCO1gaNuQp8QPJ/Lpj3GidL6sssGl+xV+IVAlR9 - HASH_SALT: AgCGet4Cbyhhh56K3a32s8XGTQa8LZiJFEdXMON+NqknJXXcMlYBeeM26I/Id1frRKZyQ0CrhJVXmvHi9UcB9GeGmJqMsIsZ19rH3CCMDgRXf98h0ickhkJyyGKXb4pxSGQuHJ6KNwKuhWLGX6BHP9ZyeFm6P698ThUa4RFireugKTpHcdGl/MFVXwDNgBi8761Ku0FCU+zTfXwsZCTRqC0NGa9lahrTDiW47VSRg+YE6xfRH9ib5UXUBTQwrFXb/zpsHe+4WAt9Ffe2xj3Lg1Ug33e5ukkRuYyqSXN6nX80u+9uavE+ugW/DRGrFSVyyb7vptQcQ76KU31wRyG+D7UnqkMKFY3Dze+cwvOYtwGdBbwJIL6xm5piuKMGQY12dEvf3u+XRgCMKjx4G9tBqfnd4LeQ/CCN034r0A94bt9ClvYpMogEyNMRk5g27ubGRFOT69akIUaQF7toD/otM+5AquvuUhvFdt1M9q6MaAq1bOqhanRy2It4iLsnGOliAJKqAJi67o77RFM0zIeDUBCBWzj3x4uS/BSBNfTh5Blf3Pr06mbhx/zaHJCKBXIVBNIvV5lSvDBfG5zYAvJszWSuv48AbeN0JlqhCfJ1IBWwK/IoyUbHYDPkHHlaJ8ViQi2RZXHk9jZG72mgetSARZ+HuMr/kX0Z3jQBF+zKov+/pNLiJmhVgQznR64bvU+5td4KU2NbluGbhEgg2x4= - POSTGRESQL_DATABASE: AgBnyQJFdd2JRibSUnOLx3DxQUI5LLnpropRC1CygcI43vZ/mwCa82xW8e4XCKuxoWweFVjadDHZ8VZCEMdmoUHRttgVzwY1JqvlwjnbnAilPUjqgppdBc7zp1cv7eIpywapXNCjd8Axnp9vCITFR9R0chAXmf//NB69oDJZOUvS1U0TDvG6QVkhMuwQfy+iQ/WWzOUP3msr8Klnepdvg5lyE5Dtibl567dJ+TLCs8lJCD4Q8/IXQhonGBekBlkm2AZCSkvWbRH2cruvHM35qBtN1HZxiEqbCOr0SAjD2vsvPPBPjyIVg1aORPiO6A2pzfp7UJx7R/4HCCLQw8TYuOfloqC0qm4Mu2JT/o/qVQkNBBElz4+x+YWiU/eNF+P6u9xOfLaaIxkSgZC+uYLSv8D76lI3moSZBxKPbvHO85r7kZfzApc0+R3VhcX+cTHmOjfC7dOsB8Af+tSR1cEMHX1HDIcLOsViA3k9BvA+tNwmxu/vRCSuS9WaPnnyVMUye/e4duEjrYcDr9F2Aj28mPDo1ty76n+XTg15bypK5dfl+HwXclinj7FSCwWXuRpFC50qQn4Zng2wBygccNm5XlM2P41Hs2oRKd2EwVe/FuQZxN9cLswKIRfucsNv4BH6i0BXP4nNyq969VBM3E7baPvtg71MeCOf9GGpt3fxYNH48tpgJpS1ma4JpLm+F14nS+k/4Wubcw== - POSTGRESQL_PASSWORD: AgB3KVdEMngd+Ztm3htZvcUsO3a+KqtO/LEX1b8NOymtbTBr6oWM1y1h6v2Le+CK7M2ExghnMPmDdQOXeWgWeSY1cNMoTDIS8EzbAd9XzNr3gYpWXCTopLFXTbPst0gEgP2dUcJS59jxC6r0JIYbzxP8G+wAPtFym1T7D4Ik6bf6LrQ9kQHGtnZHBz4q/fRuSk4hbIjHZ4OXNyjJ4ZKffOXcmdGsv0+dhLUzNS+c2/yQRx+m0NFJZkP49v/yIgkGw5GaqwtYswfVlhsjI+Biw/0H9wZUM9WMkuX1BwIBp/f5942rga9rv+whZmAT2MS4h7UJAwoyCbiV/PG/NOXXKiJA7nC6HZKZqxu/NBHrLKFVLX1ZXVKd6T0zMHmhFnpqvMJkKPPBduU0nn9nIdzldj+QOl263WCLjCcdUXe82UFC5Lzc4zmJL2sBc0j+pyuWJYYqUI8v1x0qxcsbZFbEeDbazj3GY7eixs/mFQX4YC6ZJKUlXUXK9mV3FvyDjC7hp8YNSrw85w4xnmaY37TdiQT5jxsTzZSgY7mLRaB7RU0AahC3ZCAe0kCKmsM2JJdtXwARJ1RDSV4t7zmXsXTpZHu2hwkPBiENswJ7DvcLdjfmUKc3rQGKI7PiK5h7/csLfEN6Q4c1oSW3d5pYJpMvquRdr1PsBctDBPwTIKevOkyEsM/ueC6r3d7S1LSJhVkXEuFLeG7TSw== - POSTGRESQL_USER: AgCaanMEfhIe8LtCi01R6GSPT+A1lOaoDaLaZ5JS/8Ar7vmCUbrT+pG20Q+DKsUOcP/ke8r29Zpr1ZBl8lLKWFp8PaC9jw1KP3s/zcukKuLwEhNs73ldu4U757g6xLwB8+zYcgCWQA9J6flKq+9HLREki7CORtJT9BPo75TxIOBH8Ya/kT8u/+nlYqvDxAWsPeWCBljzeiKUtoLkXySCl5qhRwwyvUsuffMTHIouOtY/Y1OEuIhSvCi01A1kL5/vddAUtJYxvp+Kh2TuEU//g0kjXTUo8sCbnoj36I/trFplSZTe9680k1rhYK4H2Cca98t0JzPuwHUlg4akm5JORZ/BxQMKDCcuaESZIn4bC4Yoq7LUPrDhJpGqgiZSHFlqLs46UPg/534sc1HacmVr2qprHWNEqkwVHoej28YqWTJlP4XEqTnPQK645wMBvyhCKXrwod6pUmAaQZS7KA7giFCAlZxyVJXpp2bvTpG36H9BG/5FwzC8jIZKzZj9yFmkdKiI6CyMDuDrVA7qbpvVprmtqE2kRRgxOTEazgThMYMnLt9hdJiRIAv4JE+rwk8n07W+cOsfxAXLwaAGcQvZPOhQKnB2Rb2hWa7SYmJt3GJV64LrkUpYtRWQ204xhY8DIYVzXGQ8GY6ziFkrZe0TCdVeWbxLdB01rXWKXnb1chfCB2GVD0ZUuUmVL250a9MOwhTy31zzOw== + APP_SECRET: AgCk8bGHst7vsQFfqj38WehgWJCuKDYFmL4OWCUu1IQBRPlUYWZgow9/r6O3AE9cUhktTbTU83z23S+Yu+EKS/c3Bn4DYjvZt04tIE71+znlxlOO1Yoj54H5hmGcw17PN1nxH9eFICZUhBk+hjDorGC62bH5Ax21agu+T9Szpp+lcFqjHpDV4qscrJ4JCiSB1JR2pLBVxHyUFzY3oPigRXduZCFkNhrixGgK5fnhI+SV1QcFWtITCAWtS2AkjQl/tyLDsWgWK2rn4K42o1R51WaDo9Dq+9ogUJbt1EPTSJZF4TG325vWtTW+CuRXaOQAqJNazd4dfdg9FvMeaI1+pNVYf4FBOai5NA39WGrSwinXWf8xnO4yEt0VlqCQTYn20noI5BrF6EPMRT8APCUG2x3Ts8/PRfNeQFOT4CrjKCm1OH6Wi24Ok2CZRFV0kuQSz/Idyt8pDe3gspkiOdS+9PW1nLd8txVJNS7j6hbcgZ5rY8iWLX8ELkfnC1wqn8K+hp/4OAUEUKSVyrDNowCj2zRUe+32ytD5q6wY3IfsqzTdiszJLFFEH78OEcQu0VHOzWaOp5VXE4fjWix0jyFkHNB1cTtISkLyYodq/ZaHi8KKdTkv78+GOngs74dPbAd69y2w9YGTa26+lrPQUGvrRsb3mBqPRURZsd1jxvS3/khqSSNCCNyuDi6leHxEan0IpcoQ4bUnM/+xjAoI + DATABASE_TYPE: AgAS6EszX7MgRZ+gEaAPuUE71AvGn9uFQQU9fwWENlIpIFKkQAMeXN8yCWBwfyj1PEZS5raHkaZDzfv3ZWISZHzQxB8pyqSO8yKEJTmrW0JW2A9lHE5pxhcHj1DKsRDNun8dUkt5rgWWfqZ/IvwZrWMrn0c9+ak0TRaHScCaPARuevOq+0x2lz2NlII7H1Q9ppUr4fGA9sh14lCIjNIfo9Z+YeqOVs/Wu/PKQq3AnStQ/YGLgtWEXZHc2QO+Dtv7cGoH5Y42i9TyIoFpPZTXjRcdipi9u/bbLfLDlK0MyukIceG4iA2Kl43T7hL7zwlNIR+amttKgsDRuLl1AXqUOzFutHxrUgs/UH+qdjscLKuyAwHzxiCGrEgE+5CLsJgM/AXNiw1r3C6h3+zXlKXhUaY/ZGad/GwYGI+Cc5RbJExP9bwdN5sg1GovfY+MH0GKrrET5ku0zAEVVuvy+7yR3BIaM0Hbdxi05hdQcjGVT2hNaysJgI31Sol3lK+F/1YsgB8NBo/MAX8372YCa3QjoyG5yoI5Je/UFv0hE8iyFCvZ3OKVkSzWoXo6jGjzmK9dRnaOpcTI6gNZFJtjazj58OL8cb4x7vTsW3tY+zXmonxsR+JsmoKq3Un89/FixJBH2jlCTtdYKTwdiE0rTor3yaSVeSiUBlSRlcmfB7zMtIYSilvDZyc1JvsotrR/EiGoInge/PQysHjoee9K + DATABASE_URL: AgCiVHD+NF8Xf5004mzBl4pDg8pzqA2rvcB8ivagR6rb7/tqlcQG6UfUtvWnUQVqmJ9dpUCgTsyh41R7/zY/rD09hu/TvP5O2L6jxiHmJ2YJEfFlfkzga1HHZUzFQxAJJjtB/EF8zjO1hfOO3t0iDSZvJDlH0UFQuaObozUa+TDVXV6267PupnUXlbbRvCVT/5Tw8cGn/YAt4GEHUplaoZYkmUPFr+OZN0wcFYLqIbe+V9MTfrp81kWx9JFa65m/DYXxu/KdOtd8AQMaAvT8ZpZaba6hIPOJ1sAyjEcN0X4bWlOPXV+9uhbpQGFERYSdEOMXm0vKsAHMGUy9wxGk9eQtQBiv9RhKrL99/Ls6pwCfA7JtJpxK7JUd9VigXUk+YkS9sgm8PK6RnZgRxwHY50XPLyF+bQGx4kQIbAZ1Z0mPulGk8ubBmzhgdc7AC3qswuqQZq76CbiY/fC5LA3Op6vrJq3xUc3TpRPg3n7zLcmjdpa3SCBO0iqyBmDm/06uYHUkmxTPoSNZyhT9HSFKgGHcbV0XPk7yPHj+SqPdhfj0ONk1ts+oxMYZ24p+ZBSryBwKu7tRzCc1dJlMrT8iBY3e9ydxeTwZC3sTNspj5IzSmG0v8Jd3L2RDc1AH2DIwD7kMnNY7cWRMzY+4ZoMy6Ce7Y9AgreWZwR28mXGmQ/fv5//4/iuVDuCzfG6BUm/CUkQ+XhgqX996ZZy7wNfJdk5ma0M55OXFHkHNYSfd9XRuziuSQDWe1D8Oru0MaQ== + POSTGRESQL_DATABASE: AgANc7kk+35HxT2nyk9Vg1FtoBmPm/UXdg/KUjYFstX4jGRDW6JXFq+S5Y71onsUKFNzM0oJeDQehv7rKMjfgO22gEFkWTO620okEzOdAW8I2qYauvCQcgvoIywDLdwwqwya9ZUJRkU/rjNreEV5hXXGScyY1tYJqr29g4wuvzJGaXPE+Xhbynxmx5obE1iVJiOKMww10ns2a4snU855tQ5k6gN/38SshZassPxCR4Q0FLDuIsqKfhfSj8qk41wEa3PjGTeja/Mh9aVJ26bbjDUhgXJ4OCqRtUbgEIMqmgRbVRahsNTFdl4DuV5P/6SngF2Jnd8d9y66ZIO03KKSjuDOuextGzUdgcEreGn5+8GFjnC8+aR8RzlfZIUybYuqQbPqHTDHkgKLM8BX6bZO6o2oegcyjJUk/Urz20+KtrwaQ6f8ijEJ9TIhEV4JfVOJQyE2WWnK+4YI4LOmN9pdwkmI82MHk4Ey5HdrtGM9iGuecI/Q2dJztFelap4X0H1pquUDihLEq+mGVfApQuzL+hvPopAD6M/PtCz5k5+A8RLA7IxP+3TGBb7rJAZiDRT/iGU6pFtbJC/HiT2w+BqMPvrL4l2EAaunXEhvMgoBp0xIPxrsrufsOakq3W+ZMBuxA5eG5jICvfEH8Th5zoIgBMbBjrH1ZUgbfsCcpzBnLr/LAVhPJ+EnoZXp4lBbRCT1VqK1MUjLqQ== + POSTGRESQL_PASSWORD: AgA4wSsnFCZDDTvBlJ98vh8QOze/o1TWFbRdNm7KZWTwxXhoKOhC/Zgmt3JskjJx2MSOtU0O8iSaa5vsRRJubi33JM8+PLcfiJteuvNws4212Kmc+EV67omd1p3PQejv894lGlK9OCBi5rl412DHB7hy9T9rmxK1lG8Q9Y2lSCVbCwWgzYO/ioV2h3PS/Byu6miRj2ZMvmXYeRRlJa7FHSXppjEg7VyjFY2lOofctMjmYODRlDj6HfV71rWWGvPElsOVZ7LKfofDu4If7IUO+b7k9/++WRzjnDIMFHK5Usnd2uNnewn3unjAOB1iEjRxD/kW3X1cipoJVYdvV4gvePZhbg6lFxLyIbjATMuT8+Hq0hg+2oVcfz5zLyuSAwvSubjLALvuL45sdwn5a9flvRmFEDrw1nAp0WaJ2aqpJcWjUsSp2Y+E8b5e/YG4mg45/VUNiZKBbZo2bKHcbcDs/b3zHfOcNsvVXD1JLr1IvxP4r57q+fD9SD38FTE5IBx/MAH1V8278w4fMMhonZXr1/8qJsbZXLcQQNAbmgmeUuMEf4AesvsMql0axhuqJng/RalvuSEdpM62Gg7DQX9zpPnAMnob7M4Cu6/hoV4PXlq0ZR9yFe4hxWBv1GqCgUi5XFINmvF+esTPOPi1rnGRPI/5hDctwSzENEHsISjjwB/eWO3yBdK0GW01me1vtqT6rPjuT2spGQ== + POSTGRESQL_USER: AgCIbQfaa8OD0x+ScOfcjInZs0jtP1k7Sfgo0kq6bc4kxHnwbg4EWl5NXNjjW2EHb5ZKNIZJ2dy+NrLM31v+/FmF6FLNmPHM0ck7iWsjx4IfGf7stRw2rJqdRDBq5eAzcjEyUO+POmtb2KgJjHjRAULnH4nKXMQGbUgghoLGS8nWmF2huGCsmUDat7DRzUgmS6Iaz+1klRy7y/G4HimjiGp2gLpf5M/9+kr+KlifvYwA2XPGii2ftpv4tMj/cz0iyDjAVkvhAfLmFYXfznDikbQK9MeQye6Kj1OIz3TWlL9nW6xwEGFRPPj2Dh46YF2By9/OEKWqs2a1YiceswRf6Z3Mck9n817U579LGn6TT7diyH3hupjc8Dg/+sI+Q8O6VvhCP0d6n+6Bw+/r8t6VyP87sR4l0+6OTJGRDhSwpUDftLUtZwdVrjoyCvkJO9XwIx/AH8h6xy/nQPT1USqEiJcVrlv3E7qRw8asnhLV+BkUbCtcxArquCTcnOSwDJRa7wzraDBxvhzHB+pB71/xZxDrFHWACZ7jFharHyJnUjkau312i4wI13ckek8hB/VyiDwXTDFOMPJCRDdCuhLlm0wnxJq8BoHokmjLbF7oid+I4tlAej5OmcNEsJSD8+RR/owSdSmnnU3jFVx41mTcLZs/CTCgYHvQthoFa8EpFYB3PvuKE6Qm5kbaS+KAllklB84/AOK26w== template: metadata: creationTimestamp: null labels: - app: umami + cluster_domain: api.platform-sts.pcbk.p1.openshiftapps.com name: umami-secret namespace: umami - type: Opaque + diff --git a/docs/umami_metrics.md b/docs/umami_metrics.md new file mode 100644 index 00000000..84bc1d26 --- /dev/null +++ b/docs/umami_metrics.md @@ -0,0 +1,90 @@ +# Umami metrics + +Introduction + +## Deployment + +Umami is meant to work with either a `mysql` or `postgresql` DB backend. For now we only provide manifests and options for PostgreSQL, +but if the need arises we will extend this to work with either. + +### Required ENV values + +To deploy the stack, there are some ENV values you must set. Technically speaking the `UMAMI_APP_SECRET` is not required, because the stack +[will use the `DATABASE_URL` instead](https://github.com/umami-software/umami/blob/master/src/lib/crypto.ts#L6) if an `APP_SECRET` is not provided +but best security practices are to set it. + +Also, we have chosen to use `UMAMI_APP_SECRET` in the `.env` file but in the deployment process this gets mapped to `APP_SECRET`. We chose this +pattern because it brings clarity to what the variable does in the context of the `.env` file. + +|---------------------|---------------------------------------------------------------------------|----------------------------------------------------| +| Variable | Description | Example Value | +|---------------------|---------------------------------------------------------------------------|----------------------------------------------------| +| UMAMI_APP_SECRET | Used as Hash Salt for the Database | YbSbtb | +| DATABASE_TYPE | Type of Database to use with Umami. Only `postgresql` currently supported | postgresql | +| POSTGRESQL_DATABASE | Name of the database backend for Umami | db-name | +| POSTGRESQL_USER | Name of the user of the database for Umami | db-user | +| POSTGRESQL_PASSWORD | Password for the user of the database for Umami | db-pass | +| DATABASE_URL | The URL the Umami pod will use to access the DB | postgresql://db-user:db-pass@umami-db:5432/db-name | +|---------------------|---------------------------------------------------------------------------|----------------------------------------------------| + +> [!IMPORTANT] +> The `DATABASE_URL` is derrived from the other variables plus the [name of the service](../deploy/k8s/base/umami/postgresql-service.yaml#L4) used in deployment. + +Place those required variables in the `.env` file in the root of the repo. + +### Deployment Manifest Notes + +In the [base deployment mainfest](../deploy/k8s/base/umami/deployment.yaml) the command is provided to the `umami` container to delay its start. This is +because the `umami` container crashloops while it waits for the `postgresql` container to come online. Ideally it woudl use a `livelinessProbe` or +`readinessProbe` but the `umami` container lacks proper networking tools, and there are no endpoints for `/health` or `/metrics` on that contianer to do +a vanila `curl`. In my testing with this `sleep` there are no crashes, but if your cluster is slower this may restart once or twice. In future we should +create our own image from the `ghcr.io/umami-software/umami:postgresql-latest` and add networking tools to detect if the psql container is up to avoid +annoying restart crashloops. + +### Make Targets + +Make targets are our prefered method of deployment. + +This section will cover how the make targets work and how they differ per environment. The umami deployment `make` targets for all 3 environments use a +[conversion script](./deploy/k8s/overlays/kind/umami/umami-secret.yaml) to parse values out of the `.env` file, into their own secret created in the +respective overlay directory (`deploy/k8s/overlays`). These secrets will be ignored in `git` and are not included in their respective `kustomization.yaml` +overlay files - they must be applied indivdually. This is done because for the Ilab-teams hosted deployments (https://ui.instructlab.ai/ and https://qa.ui.instructlab.ai/) +we want to track those manifests in `git` via an encrypted sealed-secret, but also allow the deployment to work out of the box for people trying to self-deploy the stack. +This creates a straightforward experience for both developers and maintainers. + +#### Kind + +Pre-requisite: `make setup-kind` +Command: `make deploy-umami-kind` + +After your kind cluster has been started (`make setup-kind`), you can use `make deploy-umami-kind`, which will take care of everything. +The umami-secret will be created at path `deploy/k8s/overlays/kind/umami/umami-secret.yaml`, and deploy it, along with the `./deploy/k8s/overlays/kind/umami` +overlay manifests. Finally it will wait for the pods to rollout and then preform portforwarding on port `3001` for the Umami service. + +#### QA + +Command: `make deploy-umami-qa-openshift` + +This will create the umami-secret at path `deploy/k8s/overlays/openshift/umami/umami-secret.yaml`. This is very similar to the `kind` umami deployment target +except that it will deploy a `route` instead of an ingress. + +#### Prod + +Command: `make deploy-umami-prod-openshift` + +This will use the same secret path as QA `deploy/k8s/overlays/openshift/umami/umami-secret.yaml`. However, instead of applying the secret, it will pipe +that secret to the `kubeseal` binary, which will pass it to the sealed secrets operator deployed in the cluster. If you have a custom namespace or sealed +secrets controller name, make sure to update the `SEALED_SECRETS_CONTROLLER_NAMESPACE` and `SEALED_SECRETS_CONTROLLER_NAME` values at the top of the +[Makefile](../Makefile#L27-28). If successful, this will encrypt the secret to create the +[umami-secret.sealedsecret.yaml](../deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml) which can safely get tracked in `git`. Finally, +it will apply the sealed secret and the rest of the manifests. + +## Administration + +When Umami gets deployed, it will have no configurations. The admin will have to login with the default Umami credentials, setup users and teams for access, +and change the default admin password. For information on how this works, refer to [that section of the Umami docs](https://umami.is/docs/login). Currently +there is no way to apply manifests for operations and configurations like this, so this is a manual process, and would need to be redone if the deployment +goes down. + +Once teams and users are properly setup, setup a `site` for each environment we want to deploy. Once created it will provision a script tag to inject +into the typescript code to start tracking metrics. From 5c7ecc1160c4faefa85fa79f361a09d9c46edf7d Mon Sep 17 00:00:00 2001 From: greg pereira Date: Tue, 10 Dec 2024 13:00:28 -0800 Subject: [PATCH 5/7] allias oc back to kubectl if it doesn't exist Signed-off-by: greg pereira --- Makefile | 55 ++++++++++--------- .../umami/umami-secret.sealedsecret.yaml | 12 ++-- 2 files changed, 36 insertions(+), 31 deletions(-) diff --git a/Makefile b/Makefile index 351d102f..dd94043d 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,8 @@ else PIPE_DEV_NULL= endif +#add an alias between kubectl and oc +OC := $(shell command -v oc 2>/dev/null || echo kubectl) ILAB_KUBE_CONTEXT?=kind-instructlab-ui ILAB_KUBE_NAMESPACE?=instructlab ILAB_KUBE_CLUSTER_NAME?=instructlab-ui @@ -216,17 +218,17 @@ deploy-qa-openshift: ## Deploy QA stack of the InstructLab UI on OpenShift exit 1 ; \ fi $(CMD_PREFIX) yes | cp -rf .env ./deploy/k8s/overlays/openshift/qa/.env - $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/qa - $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m + $(CMD_PREFIX) $(OC) apply -k ./deploy/k8s/overlays/openshift/qa + $(CMD_PREFIX) $(OC) wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m .PHONY: redeploy-qa-openshift redeploy-qa-openshift: ## Redeploy QA stack of the InstructLab UI on OpenShift - $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui - $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice + $(CMD_PREFIX) $(OC) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui + $(CMD_PREFIX) $(OC) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice .PHONY: undeploy-qa-openshift undeploy-qa-openshift: ## Undeploy QA stack of the InstructLab UI on OpenShift - $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/qa + $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/qa $(CMD_PREFIX) if [ -f ./deploy/k8s/overlays/openshift/qa/.env ]; then \ rm ./deploy/k8s/overlays/openshift/qa/.env ; \ fi @@ -237,20 +239,21 @@ deploy-umami-qa-openshift: echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi - $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - + $(CMD_PREFIX) $(OC) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | $(OC) apply -f - $(CMD_PREFIX) source .env && \ deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh OPENSHIFT $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) oc apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml - $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/umami - $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m - @umami_route=$$(oc get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ + $(CMD_PREFIX) $(OC) apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + $(CMD_PREFIX) $(OC) apply -k ./deploy/k8s/overlays/openshift/umami + echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." + $(CMD_PREFIX) $(OC) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + @umami_route=$$($(OC) get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ echo "Umami route deployed to: $$umami_route" .PHONY: undeploy-umami-qa-openshift undeploy-umami-qa-openshift: - $(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml - $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami + $(CMD_PREFIX) $(OC) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) $(OC) delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/umami .PHONY: deploy-prod-openshift deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenShift @@ -259,18 +262,18 @@ deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenS exit 1 ; \ fi $(CMD_PREFIX) yes | cp -rf .env ./deploy/k8s/overlays/openshift/prod/.env - $(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/prod - $(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m + $(CMD_PREFIX) $(OC) apply -k ./deploy/k8s/overlays/openshift/prod + $(CMD_PREFIX) $(OC) wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m .PHONY: redeploy-prod-openshift redeploy-prod-openshift: ## Redeploy production stack of the InstructLab UI on OpenShift - $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui - $(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice + $(CMD_PREFIX) $(OC) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui + $(CMD_PREFIX) $(OC) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice .PHONY: undeploy-prod-openshift undeploy-prod-openshift: ## Undeploy production stack of the InstructLab UI on OpenShift - $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/prod + $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/prod $(CMD_PREFIX) if [ -f ./deploy/k8s/overlays/openshift/prod/.env ]; then \ rm ./deploy/k8s/overlays/openshift/prod/.env ; \ fi @@ -281,23 +284,25 @@ deploy-umami-prod-openshift: check-kubeseal check-sealed-secrets-controller echo "Please create a .env file in the root of the project." ; \ exit 1 ; \ fi - $(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f - + $(CMD_PREFIX) $(OC) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | $(OC) apply -f - $(CMD_PREFIX) source .env && \ deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh "OPENSHIFT" $(UMAMI_KUBE_NAMESPACE) $(CMD_PREFIX) cat deploy/k8s/overlays/openshift/umami/umami-secret.yaml | kubeseal \ --controller-name=${SEALED_SECRETS_CONTROLLER_NAME} \ --controller-namespace=${SEALED_SECRETS_CONTROLLER_NAMESPACE} \ --format yaml > ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml - $(CMD_PREFIX) oc apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml - $(CMD_PREFIX) oc apply -k deploy/k8s/overlays/openshift/umami - @umami_route=$$(oc get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ + $(CMD_PREFIX) $(OC) apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) $(OC) apply -k deploy/k8s/overlays/openshift/umami + echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." + $(CMD_PREFIX) $(OC) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m + @umami_route=$$($(OC) get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ echo "Umami route deployed to: $$umami_route" .PHONY: undeploy-umami-prod-openshift undeploy-umami-prod-openshift: - $(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml - $(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami + $(CMD_PREFIX) $(OC) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + $(CMD_PREFIX) $(OC) delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/umami .PHONY: check-dev-container-installed check-dev-container-installed: diff --git a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml index 6984d861..65ed7201 100644 --- a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml +++ b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml @@ -6,12 +6,12 @@ metadata: namespace: umami spec: encryptedData: - APP_SECRET: AgCk8bGHst7vsQFfqj38WehgWJCuKDYFmL4OWCUu1IQBRPlUYWZgow9/r6O3AE9cUhktTbTU83z23S+Yu+EKS/c3Bn4DYjvZt04tIE71+znlxlOO1Yoj54H5hmGcw17PN1nxH9eFICZUhBk+hjDorGC62bH5Ax21agu+T9Szpp+lcFqjHpDV4qscrJ4JCiSB1JR2pLBVxHyUFzY3oPigRXduZCFkNhrixGgK5fnhI+SV1QcFWtITCAWtS2AkjQl/tyLDsWgWK2rn4K42o1R51WaDo9Dq+9ogUJbt1EPTSJZF4TG325vWtTW+CuRXaOQAqJNazd4dfdg9FvMeaI1+pNVYf4FBOai5NA39WGrSwinXWf8xnO4yEt0VlqCQTYn20noI5BrF6EPMRT8APCUG2x3Ts8/PRfNeQFOT4CrjKCm1OH6Wi24Ok2CZRFV0kuQSz/Idyt8pDe3gspkiOdS+9PW1nLd8txVJNS7j6hbcgZ5rY8iWLX8ELkfnC1wqn8K+hp/4OAUEUKSVyrDNowCj2zRUe+32ytD5q6wY3IfsqzTdiszJLFFEH78OEcQu0VHOzWaOp5VXE4fjWix0jyFkHNB1cTtISkLyYodq/ZaHi8KKdTkv78+GOngs74dPbAd69y2w9YGTa26+lrPQUGvrRsb3mBqPRURZsd1jxvS3/khqSSNCCNyuDi6leHxEan0IpcoQ4bUnM/+xjAoI - DATABASE_TYPE: AgAS6EszX7MgRZ+gEaAPuUE71AvGn9uFQQU9fwWENlIpIFKkQAMeXN8yCWBwfyj1PEZS5raHkaZDzfv3ZWISZHzQxB8pyqSO8yKEJTmrW0JW2A9lHE5pxhcHj1DKsRDNun8dUkt5rgWWfqZ/IvwZrWMrn0c9+ak0TRaHScCaPARuevOq+0x2lz2NlII7H1Q9ppUr4fGA9sh14lCIjNIfo9Z+YeqOVs/Wu/PKQq3AnStQ/YGLgtWEXZHc2QO+Dtv7cGoH5Y42i9TyIoFpPZTXjRcdipi9u/bbLfLDlK0MyukIceG4iA2Kl43T7hL7zwlNIR+amttKgsDRuLl1AXqUOzFutHxrUgs/UH+qdjscLKuyAwHzxiCGrEgE+5CLsJgM/AXNiw1r3C6h3+zXlKXhUaY/ZGad/GwYGI+Cc5RbJExP9bwdN5sg1GovfY+MH0GKrrET5ku0zAEVVuvy+7yR3BIaM0Hbdxi05hdQcjGVT2hNaysJgI31Sol3lK+F/1YsgB8NBo/MAX8372YCa3QjoyG5yoI5Je/UFv0hE8iyFCvZ3OKVkSzWoXo6jGjzmK9dRnaOpcTI6gNZFJtjazj58OL8cb4x7vTsW3tY+zXmonxsR+JsmoKq3Un89/FixJBH2jlCTtdYKTwdiE0rTor3yaSVeSiUBlSRlcmfB7zMtIYSilvDZyc1JvsotrR/EiGoInge/PQysHjoee9K - DATABASE_URL: AgCiVHD+NF8Xf5004mzBl4pDg8pzqA2rvcB8ivagR6rb7/tqlcQG6UfUtvWnUQVqmJ9dpUCgTsyh41R7/zY/rD09hu/TvP5O2L6jxiHmJ2YJEfFlfkzga1HHZUzFQxAJJjtB/EF8zjO1hfOO3t0iDSZvJDlH0UFQuaObozUa+TDVXV6267PupnUXlbbRvCVT/5Tw8cGn/YAt4GEHUplaoZYkmUPFr+OZN0wcFYLqIbe+V9MTfrp81kWx9JFa65m/DYXxu/KdOtd8AQMaAvT8ZpZaba6hIPOJ1sAyjEcN0X4bWlOPXV+9uhbpQGFERYSdEOMXm0vKsAHMGUy9wxGk9eQtQBiv9RhKrL99/Ls6pwCfA7JtJpxK7JUd9VigXUk+YkS9sgm8PK6RnZgRxwHY50XPLyF+bQGx4kQIbAZ1Z0mPulGk8ubBmzhgdc7AC3qswuqQZq76CbiY/fC5LA3Op6vrJq3xUc3TpRPg3n7zLcmjdpa3SCBO0iqyBmDm/06uYHUkmxTPoSNZyhT9HSFKgGHcbV0XPk7yPHj+SqPdhfj0ONk1ts+oxMYZ24p+ZBSryBwKu7tRzCc1dJlMrT8iBY3e9ydxeTwZC3sTNspj5IzSmG0v8Jd3L2RDc1AH2DIwD7kMnNY7cWRMzY+4ZoMy6Ce7Y9AgreWZwR28mXGmQ/fv5//4/iuVDuCzfG6BUm/CUkQ+XhgqX996ZZy7wNfJdk5ma0M55OXFHkHNYSfd9XRuziuSQDWe1D8Oru0MaQ== - POSTGRESQL_DATABASE: AgANc7kk+35HxT2nyk9Vg1FtoBmPm/UXdg/KUjYFstX4jGRDW6JXFq+S5Y71onsUKFNzM0oJeDQehv7rKMjfgO22gEFkWTO620okEzOdAW8I2qYauvCQcgvoIywDLdwwqwya9ZUJRkU/rjNreEV5hXXGScyY1tYJqr29g4wuvzJGaXPE+Xhbynxmx5obE1iVJiOKMww10ns2a4snU855tQ5k6gN/38SshZassPxCR4Q0FLDuIsqKfhfSj8qk41wEa3PjGTeja/Mh9aVJ26bbjDUhgXJ4OCqRtUbgEIMqmgRbVRahsNTFdl4DuV5P/6SngF2Jnd8d9y66ZIO03KKSjuDOuextGzUdgcEreGn5+8GFjnC8+aR8RzlfZIUybYuqQbPqHTDHkgKLM8BX6bZO6o2oegcyjJUk/Urz20+KtrwaQ6f8ijEJ9TIhEV4JfVOJQyE2WWnK+4YI4LOmN9pdwkmI82MHk4Ey5HdrtGM9iGuecI/Q2dJztFelap4X0H1pquUDihLEq+mGVfApQuzL+hvPopAD6M/PtCz5k5+A8RLA7IxP+3TGBb7rJAZiDRT/iGU6pFtbJC/HiT2w+BqMPvrL4l2EAaunXEhvMgoBp0xIPxrsrufsOakq3W+ZMBuxA5eG5jICvfEH8Th5zoIgBMbBjrH1ZUgbfsCcpzBnLr/LAVhPJ+EnoZXp4lBbRCT1VqK1MUjLqQ== - POSTGRESQL_PASSWORD: AgA4wSsnFCZDDTvBlJ98vh8QOze/o1TWFbRdNm7KZWTwxXhoKOhC/Zgmt3JskjJx2MSOtU0O8iSaa5vsRRJubi33JM8+PLcfiJteuvNws4212Kmc+EV67omd1p3PQejv894lGlK9OCBi5rl412DHB7hy9T9rmxK1lG8Q9Y2lSCVbCwWgzYO/ioV2h3PS/Byu6miRj2ZMvmXYeRRlJa7FHSXppjEg7VyjFY2lOofctMjmYODRlDj6HfV71rWWGvPElsOVZ7LKfofDu4If7IUO+b7k9/++WRzjnDIMFHK5Usnd2uNnewn3unjAOB1iEjRxD/kW3X1cipoJVYdvV4gvePZhbg6lFxLyIbjATMuT8+Hq0hg+2oVcfz5zLyuSAwvSubjLALvuL45sdwn5a9flvRmFEDrw1nAp0WaJ2aqpJcWjUsSp2Y+E8b5e/YG4mg45/VUNiZKBbZo2bKHcbcDs/b3zHfOcNsvVXD1JLr1IvxP4r57q+fD9SD38FTE5IBx/MAH1V8278w4fMMhonZXr1/8qJsbZXLcQQNAbmgmeUuMEf4AesvsMql0axhuqJng/RalvuSEdpM62Gg7DQX9zpPnAMnob7M4Cu6/hoV4PXlq0ZR9yFe4hxWBv1GqCgUi5XFINmvF+esTPOPi1rnGRPI/5hDctwSzENEHsISjjwB/eWO3yBdK0GW01me1vtqT6rPjuT2spGQ== - POSTGRESQL_USER: AgCIbQfaa8OD0x+ScOfcjInZs0jtP1k7Sfgo0kq6bc4kxHnwbg4EWl5NXNjjW2EHb5ZKNIZJ2dy+NrLM31v+/FmF6FLNmPHM0ck7iWsjx4IfGf7stRw2rJqdRDBq5eAzcjEyUO+POmtb2KgJjHjRAULnH4nKXMQGbUgghoLGS8nWmF2huGCsmUDat7DRzUgmS6Iaz+1klRy7y/G4HimjiGp2gLpf5M/9+kr+KlifvYwA2XPGii2ftpv4tMj/cz0iyDjAVkvhAfLmFYXfznDikbQK9MeQye6Kj1OIz3TWlL9nW6xwEGFRPPj2Dh46YF2By9/OEKWqs2a1YiceswRf6Z3Mck9n817U579LGn6TT7diyH3hupjc8Dg/+sI+Q8O6VvhCP0d6n+6Bw+/r8t6VyP87sR4l0+6OTJGRDhSwpUDftLUtZwdVrjoyCvkJO9XwIx/AH8h6xy/nQPT1USqEiJcVrlv3E7qRw8asnhLV+BkUbCtcxArquCTcnOSwDJRa7wzraDBxvhzHB+pB71/xZxDrFHWACZ7jFharHyJnUjkau312i4wI13ckek8hB/VyiDwXTDFOMPJCRDdCuhLlm0wnxJq8BoHokmjLbF7oid+I4tlAej5OmcNEsJSD8+RR/owSdSmnnU3jFVx41mTcLZs/CTCgYHvQthoFa8EpFYB3PvuKE6Qm5kbaS+KAllklB84/AOK26w== + APP_SECRET: AgCE+7Eixsai1AygkDFCzPoqLRnTeQ2GrACxudqqb4jlhKf81GQ52jOMxBYInx7TW+wL7Gjhq/Vt3jl6nNnOyLrjRlXwxgg+jGhSEurx8QtO63uYshewzQIPxkNtvtRJOWx4z5Uu5VFH0O/fLIwHsuRELDwDvdw+A6MfTsVGh1NpAU6py5UwGhdXMbbYwmTx9rPI57ItsV4WXq8li/kClimwrPK85HOKWQEcE95HtgDp6Uh5FxG7Zy6TqZVobuYbAWJQ8vVTQHMHrYGr84efE6JdFDB01X7s3XEepZzBvF2o8vDlBTASdo+lUSI9W75sMyeH2LRGa5YAM+SLUq8pNJziAp4rWHJGIWz+wt22MariXyDIEHvClr6832b6NNVx/vkwjwQiRGyKdAW77rJENgmObjbvINHQYuerYayT548L3cJgILJRL0StNJ6sMGDopfZZmKWVB2bRcCFAFGr7BiV7/2SPQhWfV+OI+js7UyUbodbPMi/Mrcddpfsy16T/FIjB6QfXOwFwPPNl/+lav/x9PV2r0OnIqkdQyBj7TH7VnHsesU+I27IwxzVFN400grq6Jgff7ds03pG2cyuV0OKMpgBCJWClIkq2gI6LmUDj8vmV7BuWmKUGu7SI6mUXYXXqmoWicRO1Qgd3lxOY2kTAb7+ZPuhBO1AQv8lxyYKhXO1XqYlMpcMMhp9qHR/oGCjJCEp8GGVTa5zy + DATABASE_TYPE: AgCsKSdIyUSJjCJ/hgT1BsoQzOg1Fs83r+0/u8We7DvCEOCBmNsGt1nFnSI1RkViI2IbkEo0LdoGEeag54LWNWFMSKIrEVVtQpxx5WUcaL1muBWHx1pqynN4nnMrjabN7V439UIKQFdCDpMlf1Q2zA6/MBnbDY1NHeB7SSO7wmaIAEGCGwbB7tGR6x16gpc3Jpd2sb+e1jjvoxYbuYHm8se2NgQM6uQfBj0OxjbEglZoXi9MBEx9DLt4hp7pu/vuR8VOT4L33DXtPhF+qnQ8Tm0HG8xCy8ljE/nmjPmyHBIbmX7+IzybdGIMt1faswRcN3QmG2/lU2q3T2I8aBRFpoVkppCiUBBcB6YL/+7/5u8D37cGdJ89fVYxwCA/UggkO/kU4JLsbeYljl7rePwaZg64Z882m/yozRbXgdE+/vCg9wq2RBT+UOu8a1ejwVme9tcA/tvdtufDYgVVIpWHqXHYkzDLngK5afMhNy5syS2qefYNpYeNv1Pfh+xQowdcHdFf6rgSyhlOzXgSg4b3ujNqE7pTC7BDTyln6tn1OGMVNCBuLLRfhPq1d8YXcj/vqWQdsxlTeGs1F5jyftNCwi4eDWEbbaOyRY6rpcYmfw/4I7FyGDXMri2D2vFzCN4znmuNxgxYBRvyGpUR8x24rtzT+DiMxxF7dMDm5a4Il+qNFBBCKw1MYChukU3gE2nUJ6gvMJ6dRu3LCCMu + DATABASE_URL: AgAmNq4Ke1I8rQcvt+r1Chm7k4ykecVGIfMJOpgtGIygWROOg3GNZ+jz57KQXjZht3UBf7nbyRrFOl6N2oTUSHgJ4s67ziMhyJKLIOzr4goW+zN7jkUdoHlC2PXhyRzwT9DLpG2Fr1VZoh9mp9QaX0z67rm9+b9GzXQQNBUhYoHCTfRUvip6f4VUI6IRIthjkDuhjE50iMvDhEpAALrGAfWMXUqVh/ca8iKcknOywtcfYyPTvsj7HdmlD9TPEPCI5ktFw17HKshtKLYd7WQ1jXVQFj+vVPZlKogfrb7VLteoYAKEvYHuqdI8eHJpU4Sv0WraY6+lyT8J0uDF5UqVBs6rmSF5N66k14MsZF/u8DyNGAKbpC+goTvd9OB173sH7bPvClj6WTeKD/Xdtn/WTJQtyeZDWjXtjl7PTVsYu5X9enRfwn2Oi+QSBpSxbfVPIY364DCNbAnl9yAhaHsAm0uhz0sN7WO9xtCAELFjpRLIdBi5Q2Zz/CGC7Bu4JRPejmzaCbXf4jkZc1zgWjdS6EhqPg4P8VeZojahBX+p8pwLXqIBfH7iSFhLpCG/3tX8VmbmryauagvCMtogFad8W1h65QkIE6hm4U+LXCdu9Acf1so/to/pqZVUVAkouYFX6/P7628NIzBSM6sIqhuK3Buz4KR8xFI6qtD/jJG0Ym8gJPgA7z+8bbNhND/J6Onl5ykwYpsHi65XYMMaQXXG6F6ovK76rzTQq8e6WAb04WhdRB9zAmiXEs2MpseZUQ== + POSTGRESQL_DATABASE: AgCJICVtigyezJSDnTsgjw3pgcp6kgk7JVqcPhvK+3qGTTXTBC5pl9OORdVhd1XjNIE/BWCji8VpKMnKZJVbHO4oLadRhf2jfrjZ9hHKtXC3dfAFaKz1NRHs9MVZ+Qd9N6LhlbyOMvSidw01+5m2o8A0GOIeXOGMOREWR41onN5jU/USUa9bvO9n8MncdL5DjDlG9pfB78V87NgeZkrjOWDkNd6Y8dmwYt7/vYzmbkNgGqmHoptWLnaiF92zs3vvFN9SUcJxNPq26NcoumYs1dpUtSI3nf9i5Xr3VNTfDgw7wTv6NysBCABA2RIygqQcfdGrzGmXvccYPjdmiRG38MYeEyVK/SHf57DCmg0FuOmQAySYQJ3hCQJpvAbPuwQCXm1cKxtYQtpouxqbnSJBJqUK8TXqfoE8QZT0s4oeYb2wZN4vAC864IfjL0Akqm9fQUdfr5CEAMrZwXv1X/eM+EzJPgU1itYsmjGtIyjq2Ye+TqekS6z2OWii/w2g0k/bcf8m65XBvgFmXVUrDe3sC6DmxpqarAw0+koL7p436FtrtcUsRM4d8h7FN/2L9v+Dxwk1yUxpxI/mQlttZXF80Nqe8f9VMpGEfbOksojPCk4v4rpyym6xOTT5n5vC+fFNkVFtJKHeiiSPLHXtYhyxl6fV9u4dFeDuxMqRQOnV/vcrtASy3pnIOxSMGT3r3W78G6fzVcDThg== + POSTGRESQL_PASSWORD: AgA5aaIJphZMo/cctEvq5PgaJd8f+6AFqN2HKMNquf8B6iUy9RTnzznRHSbo5OKj5OW7Ub4E1B+aAVWNyqmJKXPB2HacnEmvE5WRi0V3iB87EMy9zY7I5HlVa/bqPvU8YH/W3WgVJi/5szfi7tAcU7kxQ2o0HZmK25Xk7S5UWV4E6uYXKqi9FnRc+SX0/T/4e227LWF8Kc63yc+PT7sqwPoezRf5I/O/+J8Y7tklssffOiWKsubQvmzfh3JLXRjQ7s1+RIhh4rPYKLOGfOgWgVsAcoN5Sc+rmHt5NON//OuznX5nKiqD8Hg2rEM+oIb1/SlmGSC55H8kNRf3LZ073ym6HeM9fJxL1JsCPw6gq3LWxBloyjwoLsg0bCiQhZPF7mFmq9tGdRx0iPV7L9kdRMChLkGdRitFnSE+pDAVLhyER0PmtgXeaIgM38qqxPm9JbE+LhnWTro16jY5X7zSOXvmuqUfA5uESvdynBQDbPlx8+IDXcWDYBAhLcZTZq9a96686cdxDG/G8aqkhKJakiijrs9y34OCtpgYHD3RWIRy9MpGRcHXymsH+yD8Mw7pPLEjEpDw7ms3NzB6ph2F4Z78v9sv3KEyFHdk8Nwvy85ht/nr56bG6GpG51BB+X/toZ+RSItv4cy0CTjWmzuswJrogPYjfHWf801DVmcgeJBPv6TGHEsvtzN7I5xQ/WX/3nVUViRFUg== + POSTGRESQL_USER: AgBiglE0TmO0zxCJLKRibgCGa1XrlcjuJOmrP6b8cvXzFhs/X84z3FFvdmCwZBF0XN17S7B61fNVfoC514ptZmIZGeyBXpbokEVir/NSazBmd7yvH0zq9lAU0hE+eeAB6DOiC0Bv2uPe4ftFuUiK/MRAxQegz4o7eUnz8/RVS/XMkFhhwt1oruKhj0UVX6ZVlrraPRgrkzum/ZGVnjMC91AhYul6FA7aqj3mgexmT8pI8xBlgO+HRew01lINGbVAyYo2mWVphBcNO3okT7k+kO5bStyTbKWuGCFFYjXwkK3H2lmRcmKdrSIwE9OGQTvjgrE0YZsVJZh1qc3acsLPUo9qdOXBsEbteVSGSL62GmV9yK5iARY1jTM7mf1XR0o1yBEkjUFRTgbVDcKzAkLIrtX3J7r1KuIUZDI0UwYTy9UXlz5p2705KMyXolvFO5yoZAnDsvztWGSoAF3EnKEuI3UaJSke1Q0mtQNvO97Sri1RMdHSZNd4SIkvgaoTCm29cFrhSztmlK15ynXrRjwkGUfUdOQOOU4aVmF6cHZm+VT0gweRjMhTA6xyqJzrOLoItY9Dn5hqYxs2xyS59aIZo/2STuHImV8kqY/zuw9yRS0dPpNRnEIPlwkFzUYAwtg3jBb8pH2VWSzaiu3BwjTlxOK5lZY0tCvtzbgf7wc0uVQ9qcd91dUB+k8vCQKzafUHcQ7XQzI15w== template: metadata: creationTimestamp: null From f130f4ca52df893a989dab79f52d7b89bd42e452 Mon Sep 17 00:00:00 2001 From: greg pereira Date: Tue, 10 Dec 2024 15:12:01 -0800 Subject: [PATCH 6/7] more general db names and have default as kind with openshift overlays Signed-off-by: greg pereira --- .gitignore | 4 ++ Makefile | 36 ++++++++--------- ...y-umami-openshift-env-secret-conversion.sh | 19 ++++++--- deploy/k8s/base/umami/deployment.yaml | 14 +++---- .../kind/umami/umami-secret.template.yaml | 6 +-- .../openshift/umami/kustomization.yaml | 26 ++++++++++++ .../umami/umami-secret.sealedsecret.yaml | 14 +++---- docs/umami_metrics.md | 40 ++++++++++++------- 8 files changed, 103 insertions(+), 56 deletions(-) diff --git a/.gitignore b/.gitignore index cb3645fd..ae34018e 100644 --- a/.gitignore +++ b/.gitignore @@ -27,5 +27,9 @@ pathservice.pid /blob-report/ /playwright/.cache/ playwright/.auth +# dont track secrets in git deploy/k8s/overlays/kind/umami/umami-secret.yaml deploy/k8s/overlays/openshift/umami/umami-secret.yaml +# for dubgging kustomize builds +*/tmp.yaml +*/tmp.yml diff --git a/Makefile b/Makefile index dd94043d..f7ab8b1b 100644 --- a/Makefile +++ b/Makefile @@ -144,8 +144,8 @@ check-yq: load-images: ## Load images onto Kind cluster $(CMD_PREFIX) docker pull ghcr.io/instructlab/ui/ui:main $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image ghcr.io/instructlab/ui/ui:main - $(CMD_PREFIX) docker pull registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 - $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 + $(CMD_PREFIX) docker pull postgres:15-alpine + $(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image postgres:15-alpine .PHONY: stop-dev-kind stop-dev-kind: check-kind ## Stop the Kind cluster to destroy the development environment @@ -197,15 +197,16 @@ deploy-umami-kind: wait-for-readiness load-images deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh KIND $(UMAMI_KUBE_NAMESPACE)" $(CMD_PREFIX) kubectl create -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami + $(CMD_PREFIX) echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m - @umami_ingress=$$(kubectl get ingress umami-ingress -n umami -o jsonpath='{.spec.rules[*].host}') ; \ - echo "Umami ingress deployed to: $$umami_ingress" + $(CMD_PREFIX) umami_ingress=$$(kubectl get ingress umami-ingress -n umami -o jsonpath='{.spec.rules[*].host}') ; \ + echo "Umami ingress deployed to: $$umami_ingress" .PHONY: undeploy-umami-kind undeploy-umami-kind: - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -k ./deploy/k8s/overlays/kind/umami + -$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + -$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml + -$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -k ./deploy/k8s/overlays/kind/umami .PHONY: start-dev-kind ## Run the development environment on Kind cluster start-dev-kind: setup-kind load-images deploy ## Setup a Kind cluster and deploy InstructLab UI on it @@ -244,16 +245,16 @@ deploy-umami-qa-openshift: deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh OPENSHIFT $(UMAMI_KUBE_NAMESPACE) $(CMD_PREFIX) $(OC) apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml $(CMD_PREFIX) $(OC) apply -k ./deploy/k8s/overlays/openshift/umami - echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." + $(CMD_PREFIX) echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." $(CMD_PREFIX) $(OC) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m - @umami_route=$$($(OC) get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ + $(CMD_PREFIX) umami_route=$$($(OC) get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ echo "Umami route deployed to: $$umami_route" .PHONY: undeploy-umami-qa-openshift undeploy-umami-qa-openshift: - $(CMD_PREFIX) $(OC) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) $(OC) delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml - $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/umami + -$(CMD_PREFIX) $(OC) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + -$(CMD_PREFIX) $(OC) delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml + -$(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/umami .PHONY: deploy-prod-openshift deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenShift @@ -270,7 +271,6 @@ redeploy-prod-openshift: ## Redeploy production stack of the InstructLab UI on O $(CMD_PREFIX) $(OC) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui $(CMD_PREFIX) $(OC) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice - .PHONY: undeploy-prod-openshift undeploy-prod-openshift: ## Undeploy production stack of the InstructLab UI on OpenShift $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/prod @@ -293,16 +293,16 @@ deploy-umami-prod-openshift: check-kubeseal check-sealed-secrets-controller --format yaml > ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml $(CMD_PREFIX) $(OC) apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml $(CMD_PREFIX) $(OC) apply -k deploy/k8s/overlays/openshift/umami - echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." + $(CMD_PREFIX) echo "Waiting for Umami Deployment (pods: postgresql and umami) ..." $(CMD_PREFIX) $(OC) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m - @umami_route=$$($(OC) get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ + $(CMD_PREFIX) umami_route=$$($(OC) get route umami -n $(UMAMI_KUBE_NAMESPACE) | tail -n 1 | awk '{print $$2}') ; \ echo "Umami route deployed to: $$umami_route" .PHONY: undeploy-umami-prod-openshift undeploy-umami-prod-openshift: - $(CMD_PREFIX) $(OC) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) - $(CMD_PREFIX) $(OC) delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml - $(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/umami + -$(CMD_PREFIX) $(OC) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE) + -$(CMD_PREFIX) $(OC) delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml + -$(CMD_PREFIX) $(OC) delete -k ./deploy/k8s/overlays/openshift/umami .PHONY: check-dev-container-installed check-dev-container-installed: diff --git a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh index cf67d7cf..870eace1 100755 --- a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh +++ b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh @@ -5,7 +5,9 @@ # Requires: kubectl, yq -source .env +if [ -f ".env" ]; then + source .env +fi if [ "$#" -ne 2 ]; then echo "USAGE: $0 TARGET NAMESPACE @@ -17,18 +19,23 @@ fi TARGET="$1" NAMESPACE="$2" - if [ "${TARGET}" == "OPENSHIFT" ]; then UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/openshift/umami/umami-secret.yaml" + UMAMI_DATABASE_NAME_KEY_NAME=POSTGRESQL_DATABASE + UMAMI_DATABASE_USER_KEY_NAME=POSTGRESQL_USER + UMAMI_DATABASE_PASSWORD_KEY_NAME=POSTGRESQL_PASSWORD elif [ "${TARGET}" == "KIND" ]; then UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/kind/umami/umami-secret.yaml" + UMAMI_DATABASE_NAME_KEY_NAME=POSTGRES_DB + UMAMI_DATABASE_USER_KEY_NAME=POSTGRES_USER + UMAMI_DATABASE_PASSWORD_KEY_NAME=POSTGRES_PASSWORD else echo "Error, \$TARGET ${TARGET} not recongnized. TARGET options: [\"OPENSHIFT\", \"KIND\"]" exit 1 fi -required_vars=("DATABASE_TYPE" "POSTGRESQL_DATABASE" "POSTGRESQL_USER" "POSTGRESQL_PASSWORD" "UMAMI_APP_SECRET" "DATABASE_URL") +required_vars=("DATABASE_TYPE" "UMAMI_DATABASE_NAME" "UMAMI_DATABASE_USER" "UMAMI_DATABASE_PASSWORD" "UMAMI_APP_SECRET" "DATABASE_URL") missing_vars=() @@ -52,9 +59,9 @@ cluster_domain=$(kubectl cluster-info | grep 'Kubernetes control plane' | awk -F # Note: `.env` value UMAMI_APP_SECRET is re-routed to APP_SECRET intentionally kubectl create secret generic umami-secret \ --from-literal DATABASE_TYPE=${DATABASE_TYPE} \ - --from-literal POSTGRESQL_DATABASE=${POSTGRESQL_DATABASE} \ - --from-literal POSTGRESQL_USER=${POSTGRESQL_USER} \ - --from-literal POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD} \ + --from-literal ${UMAMI_DATABASE_NAME_KEY_NAME}=${UMAMI_DATABASE_NAME} \ + --from-literal ${UMAMI_DATABASE_USER_KEY_NAME}=${UMAMI_DATABASE_USER} \ + --from-literal ${UMAMI_DATABASE_PASSWORD_KEY_NAME}=${UMAMI_DATABASE_PASSWORD} \ --from-literal APP_SECRET=${UMAMI_APP_SECRET} \ --from-literal DATABASE_URL=${DATABASE_URL} \ --namespace ${NAMESPACE} \ diff --git a/deploy/k8s/base/umami/deployment.yaml b/deploy/k8s/base/umami/deployment.yaml index 8d21f4e5..5fc0e8aa 100644 --- a/deploy/k8s/base/umami/deployment.yaml +++ b/deploy/k8s/base/umami/deployment.yaml @@ -10,23 +10,23 @@ spec: spec: containers: - name: postgresql - image: registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 + image: postgres:15-alpine env: - - name: POSTGRESQL_DATABASE + - name: POSTGRES_DB valueFrom: secretKeyRef: name: umami-secret - key: POSTGRESQL_DATABASE - - name: POSTGRESQL_USER + key: POSTGRES_DB + - name: POSTGRES_USER valueFrom: secretKeyRef: name: umami-secret - key: POSTGRESQL_USER - - name: POSTGRESQL_PASSWORD + key: POSTGRES_USER + - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: umami-secret - key: POSTGRESQL_PASSWORD + key: POSTGRES_PASSWORD ports: - containerPort: 5432 name: postgres diff --git a/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml index 09488789..7cf0acd0 100644 --- a/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml +++ b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml @@ -7,9 +7,9 @@ metadata: type: Opaque stringData: DATABASE_TYPE: postgresql # Options: ["postgresql", "mysql"] - POSTGRESQL_DATABASE: db-name - POSTGRESQL_USER: db-user - POSTGRESQL_PASSWORD: db-pass + POSTGRES_DATABASE: db-name + POSTGRES_USER: db-user + POSTGRES_PASSWORD: db-pass APP_SECRET: app_secret # Functions as hash_salt, see: https://github.com/umami-software/umami/commit/7bbed0e12bb36b410ca03261757465167828b09b#diff-65e615806187cb0aef26259e5f071afc5271919039bc05c57cea796f5d56b4eeL7 DATABASE_URL: postgresql://db-user:db-pass@umami-db:5432/db-name # ://:@:5432/ diff --git a/deploy/k8s/overlays/openshift/umami/kustomization.yaml b/deploy/k8s/overlays/openshift/umami/kustomization.yaml index 584f4cd3..20b76a85 100644 --- a/deploy/k8s/overlays/openshift/umami/kustomization.yaml +++ b/deploy/k8s/overlays/openshift/umami/kustomization.yaml @@ -5,3 +5,29 @@ namespace: umami resources: - ../../../base/umami - umami-route.yaml +patches: + - target: + kind: Deployment + name: umami + patch: |- + - op: replace + path: /spec/template/spec/containers/0/image + value: registry.redhat.io/rhel9/postgresql-15:9.5-1733127512 + - op: replace + path: /spec/template/spec/containers/0/env/0/name + value: POSTGRESQL_DATABASE + - op: replace + path: /spec/template/spec/containers/0/env/0/valueFrom/secretKeyRef/key + value: POSTGRESQL_DATABASE + - op: replace + path: /spec/template/spec/containers/0/env/1/name + value: POSTGRESQL_USER + - op: replace + path: /spec/template/spec/containers/0/env/1/valueFrom/secretKeyRef/key + value: POSTGRESQL_USER + - op: replace + path: /spec/template/spec/containers/0/env/2/name + value: POSTGRESQL_PASSWORD + - op: replace + path: /spec/template/spec/containers/0/env/2/valueFrom/secretKeyRef/key + value: POSTGRESQL_PASSWORD diff --git a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml index 65ed7201..7b14c242 100644 --- a/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml +++ b/deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml @@ -6,17 +6,17 @@ metadata: namespace: umami spec: encryptedData: - APP_SECRET: AgCE+7Eixsai1AygkDFCzPoqLRnTeQ2GrACxudqqb4jlhKf81GQ52jOMxBYInx7TW+wL7Gjhq/Vt3jl6nNnOyLrjRlXwxgg+jGhSEurx8QtO63uYshewzQIPxkNtvtRJOWx4z5Uu5VFH0O/fLIwHsuRELDwDvdw+A6MfTsVGh1NpAU6py5UwGhdXMbbYwmTx9rPI57ItsV4WXq8li/kClimwrPK85HOKWQEcE95HtgDp6Uh5FxG7Zy6TqZVobuYbAWJQ8vVTQHMHrYGr84efE6JdFDB01X7s3XEepZzBvF2o8vDlBTASdo+lUSI9W75sMyeH2LRGa5YAM+SLUq8pNJziAp4rWHJGIWz+wt22MariXyDIEHvClr6832b6NNVx/vkwjwQiRGyKdAW77rJENgmObjbvINHQYuerYayT548L3cJgILJRL0StNJ6sMGDopfZZmKWVB2bRcCFAFGr7BiV7/2SPQhWfV+OI+js7UyUbodbPMi/Mrcddpfsy16T/FIjB6QfXOwFwPPNl/+lav/x9PV2r0OnIqkdQyBj7TH7VnHsesU+I27IwxzVFN400grq6Jgff7ds03pG2cyuV0OKMpgBCJWClIkq2gI6LmUDj8vmV7BuWmKUGu7SI6mUXYXXqmoWicRO1Qgd3lxOY2kTAb7+ZPuhBO1AQv8lxyYKhXO1XqYlMpcMMhp9qHR/oGCjJCEp8GGVTa5zy - DATABASE_TYPE: AgCsKSdIyUSJjCJ/hgT1BsoQzOg1Fs83r+0/u8We7DvCEOCBmNsGt1nFnSI1RkViI2IbkEo0LdoGEeag54LWNWFMSKIrEVVtQpxx5WUcaL1muBWHx1pqynN4nnMrjabN7V439UIKQFdCDpMlf1Q2zA6/MBnbDY1NHeB7SSO7wmaIAEGCGwbB7tGR6x16gpc3Jpd2sb+e1jjvoxYbuYHm8se2NgQM6uQfBj0OxjbEglZoXi9MBEx9DLt4hp7pu/vuR8VOT4L33DXtPhF+qnQ8Tm0HG8xCy8ljE/nmjPmyHBIbmX7+IzybdGIMt1faswRcN3QmG2/lU2q3T2I8aBRFpoVkppCiUBBcB6YL/+7/5u8D37cGdJ89fVYxwCA/UggkO/kU4JLsbeYljl7rePwaZg64Z882m/yozRbXgdE+/vCg9wq2RBT+UOu8a1ejwVme9tcA/tvdtufDYgVVIpWHqXHYkzDLngK5afMhNy5syS2qefYNpYeNv1Pfh+xQowdcHdFf6rgSyhlOzXgSg4b3ujNqE7pTC7BDTyln6tn1OGMVNCBuLLRfhPq1d8YXcj/vqWQdsxlTeGs1F5jyftNCwi4eDWEbbaOyRY6rpcYmfw/4I7FyGDXMri2D2vFzCN4znmuNxgxYBRvyGpUR8x24rtzT+DiMxxF7dMDm5a4Il+qNFBBCKw1MYChukU3gE2nUJ6gvMJ6dRu3LCCMu - DATABASE_URL: AgAmNq4Ke1I8rQcvt+r1Chm7k4ykecVGIfMJOpgtGIygWROOg3GNZ+jz57KQXjZht3UBf7nbyRrFOl6N2oTUSHgJ4s67ziMhyJKLIOzr4goW+zN7jkUdoHlC2PXhyRzwT9DLpG2Fr1VZoh9mp9QaX0z67rm9+b9GzXQQNBUhYoHCTfRUvip6f4VUI6IRIthjkDuhjE50iMvDhEpAALrGAfWMXUqVh/ca8iKcknOywtcfYyPTvsj7HdmlD9TPEPCI5ktFw17HKshtKLYd7WQ1jXVQFj+vVPZlKogfrb7VLteoYAKEvYHuqdI8eHJpU4Sv0WraY6+lyT8J0uDF5UqVBs6rmSF5N66k14MsZF/u8DyNGAKbpC+goTvd9OB173sH7bPvClj6WTeKD/Xdtn/WTJQtyeZDWjXtjl7PTVsYu5X9enRfwn2Oi+QSBpSxbfVPIY364DCNbAnl9yAhaHsAm0uhz0sN7WO9xtCAELFjpRLIdBi5Q2Zz/CGC7Bu4JRPejmzaCbXf4jkZc1zgWjdS6EhqPg4P8VeZojahBX+p8pwLXqIBfH7iSFhLpCG/3tX8VmbmryauagvCMtogFad8W1h65QkIE6hm4U+LXCdu9Acf1so/to/pqZVUVAkouYFX6/P7628NIzBSM6sIqhuK3Buz4KR8xFI6qtD/jJG0Ym8gJPgA7z+8bbNhND/J6Onl5ykwYpsHi65XYMMaQXXG6F6ovK76rzTQq8e6WAb04WhdRB9zAmiXEs2MpseZUQ== - POSTGRESQL_DATABASE: AgCJICVtigyezJSDnTsgjw3pgcp6kgk7JVqcPhvK+3qGTTXTBC5pl9OORdVhd1XjNIE/BWCji8VpKMnKZJVbHO4oLadRhf2jfrjZ9hHKtXC3dfAFaKz1NRHs9MVZ+Qd9N6LhlbyOMvSidw01+5m2o8A0GOIeXOGMOREWR41onN5jU/USUa9bvO9n8MncdL5DjDlG9pfB78V87NgeZkrjOWDkNd6Y8dmwYt7/vYzmbkNgGqmHoptWLnaiF92zs3vvFN9SUcJxNPq26NcoumYs1dpUtSI3nf9i5Xr3VNTfDgw7wTv6NysBCABA2RIygqQcfdGrzGmXvccYPjdmiRG38MYeEyVK/SHf57DCmg0FuOmQAySYQJ3hCQJpvAbPuwQCXm1cKxtYQtpouxqbnSJBJqUK8TXqfoE8QZT0s4oeYb2wZN4vAC864IfjL0Akqm9fQUdfr5CEAMrZwXv1X/eM+EzJPgU1itYsmjGtIyjq2Ye+TqekS6z2OWii/w2g0k/bcf8m65XBvgFmXVUrDe3sC6DmxpqarAw0+koL7p436FtrtcUsRM4d8h7FN/2L9v+Dxwk1yUxpxI/mQlttZXF80Nqe8f9VMpGEfbOksojPCk4v4rpyym6xOTT5n5vC+fFNkVFtJKHeiiSPLHXtYhyxl6fV9u4dFeDuxMqRQOnV/vcrtASy3pnIOxSMGT3r3W78G6fzVcDThg== - POSTGRESQL_PASSWORD: AgA5aaIJphZMo/cctEvq5PgaJd8f+6AFqN2HKMNquf8B6iUy9RTnzznRHSbo5OKj5OW7Ub4E1B+aAVWNyqmJKXPB2HacnEmvE5WRi0V3iB87EMy9zY7I5HlVa/bqPvU8YH/W3WgVJi/5szfi7tAcU7kxQ2o0HZmK25Xk7S5UWV4E6uYXKqi9FnRc+SX0/T/4e227LWF8Kc63yc+PT7sqwPoezRf5I/O/+J8Y7tklssffOiWKsubQvmzfh3JLXRjQ7s1+RIhh4rPYKLOGfOgWgVsAcoN5Sc+rmHt5NON//OuznX5nKiqD8Hg2rEM+oIb1/SlmGSC55H8kNRf3LZ073ym6HeM9fJxL1JsCPw6gq3LWxBloyjwoLsg0bCiQhZPF7mFmq9tGdRx0iPV7L9kdRMChLkGdRitFnSE+pDAVLhyER0PmtgXeaIgM38qqxPm9JbE+LhnWTro16jY5X7zSOXvmuqUfA5uESvdynBQDbPlx8+IDXcWDYBAhLcZTZq9a96686cdxDG/G8aqkhKJakiijrs9y34OCtpgYHD3RWIRy9MpGRcHXymsH+yD8Mw7pPLEjEpDw7ms3NzB6ph2F4Z78v9sv3KEyFHdk8Nwvy85ht/nr56bG6GpG51BB+X/toZ+RSItv4cy0CTjWmzuswJrogPYjfHWf801DVmcgeJBPv6TGHEsvtzN7I5xQ/WX/3nVUViRFUg== - POSTGRESQL_USER: AgBiglE0TmO0zxCJLKRibgCGa1XrlcjuJOmrP6b8cvXzFhs/X84z3FFvdmCwZBF0XN17S7B61fNVfoC514ptZmIZGeyBXpbokEVir/NSazBmd7yvH0zq9lAU0hE+eeAB6DOiC0Bv2uPe4ftFuUiK/MRAxQegz4o7eUnz8/RVS/XMkFhhwt1oruKhj0UVX6ZVlrraPRgrkzum/ZGVnjMC91AhYul6FA7aqj3mgexmT8pI8xBlgO+HRew01lINGbVAyYo2mWVphBcNO3okT7k+kO5bStyTbKWuGCFFYjXwkK3H2lmRcmKdrSIwE9OGQTvjgrE0YZsVJZh1qc3acsLPUo9qdOXBsEbteVSGSL62GmV9yK5iARY1jTM7mf1XR0o1yBEkjUFRTgbVDcKzAkLIrtX3J7r1KuIUZDI0UwYTy9UXlz5p2705KMyXolvFO5yoZAnDsvztWGSoAF3EnKEuI3UaJSke1Q0mtQNvO97Sri1RMdHSZNd4SIkvgaoTCm29cFrhSztmlK15ynXrRjwkGUfUdOQOOU4aVmF6cHZm+VT0gweRjMhTA6xyqJzrOLoItY9Dn5hqYxs2xyS59aIZo/2STuHImV8kqY/zuw9yRS0dPpNRnEIPlwkFzUYAwtg3jBb8pH2VWSzaiu3BwjTlxOK5lZY0tCvtzbgf7wc0uVQ9qcd91dUB+k8vCQKzafUHcQ7XQzI15w== + APP_SECRET: AgAqI0ncJPD7kW3hjNvw+y7O1nwqugOZ/0lAfpQPw/bTQEdmc6TLDO3jsaPqMqibE9rgCc9bqwUst7ftadbEEgaiy5n6dm7K5FlsdqskG5sRLYAtNjEOEGgdV09hAc5oQPFTI65BVlrebk+brfRrnlN1ugrYBtDbxs9SW36Vz+wLNYM3bG9LlViOag30xVCJSA8a/GLNh2eUiHppjvV4SIvOrrgN8wp9RaiVUoDoRpwOiGeiBNhLkpC6R9CcS0aUSbIp2inSMLnjJ7gOSKblxDcV1GN+yTNOedmAQDGhx1KiKUPhokE6FTG/v++ALcBz4LbJvCMyXiDWHuP1YIPhOyXFmHaS+EclOJ6a8+NJbs/tRnhngHLT5vcY0I8QLHL8n5eMcEeNt9DbS3B7j+ytbvZZydeIo4u2wCotu+wz33UlnSaOvmEvgZKIAVF7Yt9qg7NvHlWfHb2BP7Cu8lDAGvItpD5V4GnfvmzaNe3DvMYz0/IzEBA6YJpv9OK5P8Vlc/waj0+6e+MctzFPo3adICV5uqOITQ95fzyvuaaEhZX3ktj8M3diqUTWujvl2fYAMT8SU933UUI1HbNpugMa4MRgim+7C7zJ0XYONS6bFNYjls56L7DW3WcZda4lqMA4bfli1jH+rAdpZcXZ6iYpmA0Uga4LUT/Kr5iiVIfu5llgriHP9DABbV5zLcpKBtX5kqrQpNi+zmqNQsV3 + DATABASE_TYPE: AgANKG5Gvz0dgHBf15dBEdGNomCIPgPRhuNvDzmj6j/6LWeBIAAFNLS+zwsSr0FvVIkc5a3ruTf2fBj0wrL0xrshKaTq03UXdJJtAESYRV/whsU9ldfXEXtcsux8jMbFIaI17PFDP9KRh6MwhtI4TJfruyiQbPlVr4a2qxoDxQvj6iLV80INaQs1lO+DTJc0nKStJMzhdpqpAmEZW6JEl5N9r/y3IDhHK3Jz13LNHyeIfIfFVBJ51cAkCJZV2alFA0jRTLhBn/YSBiZy9a0fIQzooBxO+1kTCl2OzZKH3wYHb2ZS5RmIa5lwHnTiGFzgc5L8T1N3zt4cTYhVIYEF/8mL/GXZxEKYOJuBLSnPzwUGE/dRlgnFbqtW6aoDDDj3Ma1iqh2GhRPjSviYXmL5Iwi4bj279yU/YCI3y0LZBYNKrYjAoY9rMdNoFOxPpIqna3g2gAmzsTba9YbzJUAnQYkSjgT6wT5/jUIO+ierWdHsWi/sw+0v4DWed0ERC8TKf9F70o+5ET62NMVjeqpSG7S9k7mbCf9PeObc15eYLwbC29pnBBzJv077TKE7tVu7PpwbSK37mGg+YB5AIMPmVgIVByqko7sW00KnWLcwt50/mYsoaVtzdNNKTGj+j8tXXijQx3csT7hzM1aWOltvgd38vZiGgA+Hm1S9HVLjpdig6F0mjwe9Ft//Jlvsp6ebxhuPJZGAp6uSbMNk + DATABASE_URL: AgAmHPfviY9wE4aFtZD1RWuz2hkx27B2oNyQP9SWPuhOA18nNL479a3ECMfOp9jSNVjn7YABYq044bolLDgnZx6R8rsPLp6Uf1Mr0ifCFxZcz0Whn8rDtbzV1sq2Ef9xiW/4OpxQmxEYQpg5aDgnE3GmoDb+22ry0l1B48tD2aOIn4rhI6MOxG3LtLeuP78dxozGVFBwGc3zqgXYaxVSwg26ZVQoMbNgAkEdxHgthmVlBapktsPtEgrskVUTsFWX3TsoPwts3+YmiyaUYxf/Rjy9CMjJbvxf98z3nhW33R1p+YgjvexeVSSDcJcZoFmpViLZbO+I1coe/xmn3iaKqKcVp3cpz/4SX8NIipFvIvvlcwQR9wPTV04PO9OukkyYCY740FYk+4KBfAzw/9NmrIkrAB/lNkanGXoHA+QqfGRXyqUm5LJ4M+nNbXP1ewY/8tQvC1dohig9WiSPv1njnQT3LbAbr3WK6vMKGjhscXv6c4CfM0iPf+5DR+yIwL9///9I21SMTLGLVWS192NPaLda5zqDuvvdRQzsW6B99BvXRd1x6pJX6TOVG/Ar51SgR9vYdMuca0xw8FlMvFqx8jvfPrvwgB65FLFCic2PXplhs7TCARCB+YYZfZQxhqfXbImCg2R+cgq2qCeqGLSOxQ4dddtXP3sJV4NH2j4k5Fbx0JR36FAb3eN2qhT+jsDT98TkyZNsUWMbG9a5nRE3QMfC1TM4hgqWvekUm/gqwkIY7cXJOh9o79i5XI4fag== + POSTGRESQL_DATABASE: AgBKzY68zFlxv0tBV/yBvbGlkYz8zqCHnDojFoCwfQ5QChJyTk6sIHFbarfRIPA2Mset8SXMXtchAfPauTmLfqiM+x+Sb48L+A8eTiIg+YUeeRWF+GsPBgxAiA3HS1nBDrfjQgl8YYjBhaEfSDKWuHIeP34vFcuLi3M6yzjIbOXQOeLfX+L9QGgB6vhgeAU5zAnU115Dw9d+MAfqaK5heeFgn2WSoZs6cTuFjFRg+paZpiE78dLd5fIcVA5dptDvFZv/P4pOhX4klshQB9cn9CBharbNJ5QPWkUyEewD5yXGhVPFPIjCD95RYQFVsRhB9q5QZ0nKgdHxPAjJDY92m2Ks3XF14mLMIl+T40nwaNZpNrlxT99feRSlkzvVUHGggbVdxTvieIfDmcED8lcek0RKnkYd/DAYDPhEA+Zbgl+YHVyiO9KKcrq1Vs2zmkA1nwjRTDMcgTcAmwHZhQqwipU8SxzU0PFHxBlVuCe5+lYXzzXbolfEH14fQMbge5SVufqUBH35k8vu/u4aAvEhRmcy8TzPdYFR5F0h3YccRzI0Crj7fzUIV2jg4ThEo64OQzVR0qNKQeuR+Naplo4J3Whr9WYdac3X8A5gasTz/kwMyFfntReRgrq5BWetM8lcpkoCmqI/jEFL9gsKT1MbeDcRDOiU4tvCnhMxu9tUFvptHQ9MFEO+6vqF0ULqrW04wT2VbnHF8w== + POSTGRESQL_PASSWORD: AgBHJCdFNapk+siNYrXrg0DhUEW6vflZMfD64g2rjZy0Mv5GSWQzGM9L6bs596CEb5dzP7D63B4sfDhAA5ikrSTj0Hcr0QtByRCTouRl6X2XqaIIO2DednTe0CFmQISrdw38D8zYBTe2aHyEHgh/d/BeJlVsPvzqyYRXg1LKzozC2rz/B8GEnqRy1iZnprt7Y5BDtUiWnqlRUhrB2i6oOVXqptF1uIgBLqGqllofqG2U2BFWmYYzj/0tvttMj65THufCkJ88SLaQk5lo1h9i6DEPdSly8n942pDtn9ivpQ2pCoxx6U3j0XPWeJh6kmR0c5aTrZGH4BBQb8FGKkLCorcIwJXGGakcXcqAKLBHxmRd5XWT7LuVUWJkwp5FmqBDoc1RQdzLIPAdg3c8V8Cg2ouLrNue+jtVkKWgiKJBs5R05bjJ/umjKS6MUpqmXYbBjfyLUBrmQgf+v9IimnJC3nAEX+Z3TgEmSDv4du4r4f1i8VFknOWHe51+Ocdo2n4+TVuS2YrAN7P/Q8bGmgUEgLs/Qpg44ikEqMwmd9g7mlUnDZrBXD3OMN6XfwtPOaSbC8kzYmEkCMY5r0D7FpW49kNSZzdksnzv726MqJlekZ4XTjGOmVRi0Nu59Ck+Y698cELhkPBNnFuSiT8sWQLQ0sKUo21yrzqnT30pLinR/Rs1VODkpaPNAtWWdMQQGAVUJmveUbF1qw== + POSTGRESQL_USER: AgBP0Ecq1alJMZ8jkT8C1RaEX5euu4wnXoRr433sCXGICLjvhHNHp7qgXxJ5R9R3RWFxl/cyWyySm5hEtVgBQMJDKBfMWwLrK/qYywVlC2UzHXHzpHE9OmaKb014GlnQPAHw4s40bOmBUvXM0eC7m630TQgYTAqWoHHgReSVpvQvyBs6aP/E1BW+vb0bRxYmNqDWJrG5wIiPhHjD0ipLE1cOvyaCFmYaGcdTiMaAu4bBdMkGn7D6lvqMvKfzEON+1tw+FPWubfVgnx90oGOehsAtzU1UcCK2LXfGauoTHhqZqPwA32h2tnmf8CQ8ZNN4cXAeWKyq8xFbHhDktA7ev7d7ObMZLH5OLIIZd+gtV0q80TMG5vhRemDFs8AL19FkGsGZEdQISBfmGiCU8AQ5xKuYI8UnsHaDN8uhUhUdsJ7xKi8FOzWW1rQu1eRYCjTnccX85AoPBg9fZBPoCE1FRDZK72jZMXD+DHHVxWjSsuSt870N+e6aqB0Sia3Bq13n/Z71Datb1hgo1epbKCrbS7azUh3tlaZKUtOhAyTLcm6jwW5V6tqPaqhWz+XVLFglNwIBXcmjC3BjNhBAgi2m+OQsKnZb280GBn9+v0EkYKPY6Jmo5D0vdjPjIkXIZGYbTQZyEv0iZqT6R/dESLrAqwMq9ycR5QNsHdw/im+6Ci02dbi+fbM7zBNhRcI/OYBIWDt3uqAKqw== template: metadata: creationTimestamp: null labels: - cluster_domain: api.platform-sts.pcbk.p1.openshiftapps.com + cluster_domain: c130-e.us-south.containers.cloud.ibm.com name: umami-secret namespace: umami diff --git a/docs/umami_metrics.md b/docs/umami_metrics.md index 84bc1d26..054316f1 100644 --- a/docs/umami_metrics.md +++ b/docs/umami_metrics.md @@ -5,7 +5,7 @@ Introduction ## Deployment Umami is meant to work with either a `mysql` or `postgresql` DB backend. For now we only provide manifests and options for PostgreSQL, -but if the need arises we will extend this to work with either. +but if the need arises we will extend this to work with either. ### Required ENV values @@ -16,21 +16,25 @@ but best security practices are to set it. Also, we have chosen to use `UMAMI_APP_SECRET` in the `.env` file but in the deployment process this gets mapped to `APP_SECRET`. We chose this pattern because it brings clarity to what the variable does in the context of the `.env` file. -|---------------------|---------------------------------------------------------------------------|----------------------------------------------------| -| Variable | Description | Example Value | -|---------------------|---------------------------------------------------------------------------|----------------------------------------------------| -| UMAMI_APP_SECRET | Used as Hash Salt for the Database | YbSbtb | -| DATABASE_TYPE | Type of Database to use with Umami. Only `postgresql` currently supported | postgresql | -| POSTGRESQL_DATABASE | Name of the database backend for Umami | db-name | -| POSTGRESQL_USER | Name of the user of the database for Umami | db-user | -| POSTGRESQL_PASSWORD | Password for the user of the database for Umami | db-pass | -| DATABASE_URL | The URL the Umami pod will use to access the DB | postgresql://db-user:db-pass@umami-db:5432/db-name | -|---------------------|---------------------------------------------------------------------------|----------------------------------------------------| + +| Variable | Description | Example Value | +|-------------------------|---------------------------------------------------------------------------|----------------------------------------------------| +| UMAMI_APP_SECRET | Used as Hash Salt for the Database | YbSbtb | +| DATABASE_TYPE | Type of Database to use with Umami. Only `postgresql` currently supported | postgresql | +| UMAMI_DATABASE_NAME | Name of the database backend for Umami | db-name | +| UMAMI_DATABASE_USER | Name of the user of the database for Umami | db-user | +| UMAMI_DATABASE_PASSWORD | Password for the user of the database for Umami | db-pass | +| DATABASE_URL | The URL the Umami pod will use to access the DB | postgresql://db-user:db-pass@umami-db:5432/db-name | + > [!IMPORTANT] > The `DATABASE_URL` is derrived from the other variables plus the [name of the service](../deploy/k8s/base/umami/postgresql-service.yaml#L4) used in deployment. +> The env variables `UMAMI_DATABASE_NAME`, `UMAMI_DATABASE_USER` and `UMAMI_DATABASE_PASSWORD` get mapped to the environment variables for the container image +> used based the environment. +> For `kind` these are `POSTGRES_DB`, `POSTGRES_USER` and `POSTGRES_PASSWORD` respectively. +> For `openshift` environment these are `POSTGRESQL_DATABASE`, `POSTGRESQL_NAME` and `POSTGRESQL_PASSWORD` respectively. -Place those required variables in the `.env` file in the root of the repo. +Place those required variables in the `.env` file in the root of the repo. ### Deployment Manifest Notes @@ -48,9 +52,9 @@ Make targets are our prefered method of deployment. This section will cover how the make targets work and how they differ per environment. The umami deployment `make` targets for all 3 environments use a [conversion script](./deploy/k8s/overlays/kind/umami/umami-secret.yaml) to parse values out of the `.env` file, into their own secret created in the respective overlay directory (`deploy/k8s/overlays`). These secrets will be ignored in `git` and are not included in their respective `kustomization.yaml` -overlay files - they must be applied indivdually. This is done because for the Ilab-teams hosted deployments (https://ui.instructlab.ai/ and https://qa.ui.instructlab.ai/) -we want to track those manifests in `git` via an encrypted sealed-secret, but also allow the deployment to work out of the box for people trying to self-deploy the stack. -This creates a straightforward experience for both developers and maintainers. +overlay files - they must be applied indivdually. This is done because for the Ilab-teams hosted deployments ([ui.instructlab.ai](https://ui.instructlab.ai/) +and [qa.ui.instructlab.ai](https://qa.ui.instructlab.ai/)) we want to track those manifests in `git` via an encrypted sealed-secret, but also allow the +deployment to work out of the box for people trying to self-deploy the stack.This creates a straightforward experience for both developers and maintainers. #### Kind @@ -61,6 +65,8 @@ After your kind cluster has been started (`make setup-kind`), you can use `make The umami-secret will be created at path `deploy/k8s/overlays/kind/umami/umami-secret.yaml`, and deploy it, along with the `./deploy/k8s/overlays/kind/umami` overlay manifests. Finally it will wait for the pods to rollout and then preform portforwarding on port `3001` for the Umami service. +It should be noted that `kind` deployment uses the base manifest's `postgres:15-alpine` database image, with its respective `env` values: `POSTGRES_DB`, `POSTGRES_USER`, and `POSTGRES_PASSWORD`. + #### QA Command: `make deploy-umami-qa-openshift` @@ -68,6 +74,8 @@ Command: `make deploy-umami-qa-openshift` This will create the umami-secret at path `deploy/k8s/overlays/openshift/umami/umami-secret.yaml`. This is very similar to the `kind` umami deployment target except that it will deploy a `route` instead of an ingress. +It should be noted that `qa-openshift` deployment uses the base manifest's `registry.redhat.io/rhel9/postgresql-15:9.5-1733127512` database image, with its respective `env` values: `POSTGRESQL_DATABASE`, `POSTGRESQL_NAME`, and `POSTGRESQL_PASSWORD`. + #### Prod Command: `make deploy-umami-prod-openshift` @@ -79,6 +87,8 @@ secrets controller name, make sure to update the `SEALED_SECRETS_CONTROLLER_NAME [umami-secret.sealedsecret.yaml](../deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml) which can safely get tracked in `git`. Finally, it will apply the sealed secret and the rest of the manifests. +It should be noted that `prod-openshift` deployment uses the base manifest's `registry.redhat.io/rhel9/postgresql-15:9.5-1733127512` database image, with its respective `env` values: `POSTGRESQL_DATABASE`, `POSTGRESQL_NAME`, and `POSTGRESQL_PASSWORD`. + ## Administration When Umami gets deployed, it will have no configurations. The admin will have to login with the default Umami credentials, setup users and teams for access, From ac980b241e38b3dccab02bc57677cb3f2873f31c Mon Sep 17 00:00:00 2001 From: greg pereira Date: Tue, 10 Dec 2024 15:16:41 -0800 Subject: [PATCH 7/7] linting Signed-off-by: greg pereira --- .github/workflows/lint-jobs.yml | 3 ++ .gitignore | 3 -- Makefile | 2 -- ...y-umami-openshift-env-secret-conversion.sh | 21 +++++++++----- deploy/k8s/overlays/kind/README.md | 29 ------------------- deploy/k8s/overlays/kind/umami/README.md | 18 ------------ .../kind/umami/example.umami-secret.yaml | 15 ---------- .../kind/umami/umami-secret.template.yaml | 15 ---------- docs/umami_metrics.md | 6 ++-- 9 files changed, 19 insertions(+), 93 deletions(-) delete mode 100644 deploy/k8s/overlays/kind/README.md delete mode 100644 deploy/k8s/overlays/kind/umami/README.md delete mode 100644 deploy/k8s/overlays/kind/umami/example.umami-secret.yaml delete mode 100644 deploy/k8s/overlays/kind/umami/umami-secret.template.yaml diff --git a/.github/workflows/lint-jobs.yml b/.github/workflows/lint-jobs.yml index 94858b08..3388fca1 100644 --- a/.github/workflows/lint-jobs.yml +++ b/.github/workflows/lint-jobs.yml @@ -22,6 +22,9 @@ jobs: - uses: actions/checkout@v4 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master + env: + SHELLCHECK_OPTS: "-e SC1091" # ignores using .env for source as issue + markdown-lint: runs-on: ubuntu-latest steps: diff --git a/.gitignore b/.gitignore index ae34018e..d9f26242 100644 --- a/.gitignore +++ b/.gitignore @@ -30,6 +30,3 @@ playwright/.auth # dont track secrets in git deploy/k8s/overlays/kind/umami/umami-secret.yaml deploy/k8s/overlays/openshift/umami/umami-secret.yaml -# for dubgging kustomize builds -*/tmp.yaml -*/tmp.yml diff --git a/Makefile b/Makefile index f7ab8b1b..e45d387f 100644 --- a/Makefile +++ b/Makefile @@ -176,7 +176,6 @@ deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a k redeploy: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(UMAMI_KUBE_NAMESPACE) rollout restart deploy/umami .PHONY: undeploy undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster @@ -184,7 +183,6 @@ undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster rm ./deploy/k8s/overlays/kind/.env ; \ fi $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(ILAB_KUBE_NAMESPACE) - $(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(UMAMI_KUBE_NAMESPACE) .PHONY: deploy-umami-kind deploy-umami-kind: wait-for-readiness load-images diff --git a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh index 870eace1..b1b89625 100755 --- a/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh +++ b/deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh @@ -56,15 +56,20 @@ fi cluster_domain=$(kubectl cluster-info | grep 'Kubernetes control plane' | awk -F// '{print $2}' | awk -F: '{print $1}') -# Note: `.env` value UMAMI_APP_SECRET is re-routed to APP_SECRET intentionally +# Note: `.env` values get rerouted to their correct image target +# Prod uses: `POSTGRESQL_DATABASE`,`POSTGRESQL_USER`, and `POSTGRESQL_PASSWORD` +# Stage uses: `POSTGRES_DB`, `POSTGRES_USER` and `POSTGRES_PASSWORD` +# This different is due to the differences in the `postgresql:15-alpine` image and the `registry.redhat.io/rhel9/postgresql-15:9.5-1733127512` image +# Both map `UMAMI_APP_SECRET` to `APP_SECRET` + kubectl create secret generic umami-secret \ - --from-literal DATABASE_TYPE=${DATABASE_TYPE} \ - --from-literal ${UMAMI_DATABASE_NAME_KEY_NAME}=${UMAMI_DATABASE_NAME} \ - --from-literal ${UMAMI_DATABASE_USER_KEY_NAME}=${UMAMI_DATABASE_USER} \ - --from-literal ${UMAMI_DATABASE_PASSWORD_KEY_NAME}=${UMAMI_DATABASE_PASSWORD} \ - --from-literal APP_SECRET=${UMAMI_APP_SECRET} \ - --from-literal DATABASE_URL=${DATABASE_URL} \ - --namespace ${NAMESPACE} \ + --from-literal "DATABASE_TYPE=${DATABASE_TYPE}" \ + --from-literal "${UMAMI_DATABASE_NAME_KEY_NAME}=${UMAMI_DATABASE_NAME}" \ + --from-literal "${UMAMI_DATABASE_USER_KEY_NAME}=${UMAMI_DATABASE_USER}" \ + --from-literal "${UMAMI_DATABASE_PASSWORD_KEY_NAME}=${UMAMI_DATABASE_PASSWORD}" \ + --from-literal "APP_SECRET=${UMAMI_APP_SECRET}" \ + --from-literal "DATABASE_URL=${DATABASE_URL}" \ + --namespace "${NAMESPACE}" \ --dry-run=client \ -o yaml > ${UMAMI_SECRET_FILE_PATH} diff --git a/deploy/k8s/overlays/kind/README.md b/deploy/k8s/overlays/kind/README.md deleted file mode 100644 index baddfb3f..00000000 --- a/deploy/k8s/overlays/kind/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Kind deployment - -Kind is a tool that can allow you to emulate a local kuberenetes cluster. These manifests will help you provision a correctly configured kind cluster and apply the resources. - -## Usage - -The easiest way is to use the predefined `make` targets at the root of the repo, such as `make start-dev-kind`. However this document will also explain the process of -deploying from the manifests themselves. - -### Building the cluster - -You can either create a default cluster, or use the setup we have to mimic our openshift dpeloyment more closely: `kind create cluster --config kind.yaml`. - -### Applying the kind-ingress manifests - -If you dont care about using an ingress and choose to hit the services directly, use host networking on your container runtime on which you are using kind, or some other -edge case which would remove the necesity of ingresses, you can simple ignore the [kind-ingress.yaml](./kind-ingress.yaml). However if you do want to use ingresses -(which are a part of both the default UI stack and the umami metrics stack), then you should deploy the kind ingress: `kubectl create -f kind-ingress.yaml`. -This will take some time to deploy, so now we can simply wait for it: - -```bash -kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=90s -``` - -Once this goes through, you should review a message similar to the following letting you know you can proceed: -`pod/ingress-nginx-controller-68c4c94464-jvnjf condition met`. diff --git a/deploy/k8s/overlays/kind/umami/README.md b/deploy/k8s/overlays/kind/umami/README.md deleted file mode 100644 index 30cc66cb..00000000 --- a/deploy/k8s/overlays/kind/umami/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Notes - -To try to deploy Umami via kind you must first create and apply the manifests 1 directory up. After that, creating umami within kind is very straightforward. -Simply set your `.umami-secret.env` with your values from the template `example.umami-secret.env` in this directory. After this, we need to import the -container image that we use for the Umami postgresql database. - -To do this, we first start by pulling down the image: - -```bash -PSQL_IMAGE="registry.redhat.io/rhel9/postgresql-15:9.5-1733127512" -docker pull ${PSQL_IMAGE} -``` - -If you provisioned a default kind cluster, you can load your image onto it as follows: `kind load docker-image ${PSQL_IMAGE}`. -However if you provisioned a kind cluster with the [kind.yaml](../kind.yaml) configuration we provided in the directory above this, then you will need to -specify the name of the cluster as well: `kind load docker-image ${PSQL_IMAGE} --name instructlab-ui` - -After that you can apply the Umami manifests: `kustomize build . | kubectl apply -f -`. diff --git a/deploy/k8s/overlays/kind/umami/example.umami-secret.yaml b/deploy/k8s/overlays/kind/umami/example.umami-secret.yaml deleted file mode 100644 index d0ddb7d7..00000000 --- a/deploy/k8s/overlays/kind/umami/example.umami-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: umami-secret - labels: - app: umami -type: Opaque -stringData: - DATABASE_TYPE: postgresql - POSTGRESQL_DATABASE: umami - POSTGRESQL_USER: umami - POSTGRESQL_PASSWORD: umami - APP_SECRET: app_secret - HASH_SALT: hash_salt - DATABASE_URL: postgresql://umami:umami@umami-db:5432/umami diff --git a/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml b/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml deleted file mode 100644 index 7cf0acd0..00000000 --- a/deploy/k8s/overlays/kind/umami/umami-secret.template.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: umami-secret - labels: - app: umami -type: Opaque -stringData: - DATABASE_TYPE: postgresql # Options: ["postgresql", "mysql"] - POSTGRES_DATABASE: db-name - POSTGRES_USER: db-user - POSTGRES_PASSWORD: db-pass - APP_SECRET: app_secret # Functions as hash_salt, see: https://github.com/umami-software/umami/commit/7bbed0e12bb36b410ca03261757465167828b09b#diff-65e615806187cb0aef26259e5f071afc5271919039bc05c57cea796f5d56b4eeL7 - DATABASE_URL: postgresql://db-user:db-pass@umami-db:5432/db-name - # ://:@:5432/ diff --git a/docs/umami_metrics.md b/docs/umami_metrics.md index 054316f1..45cb73eb 100644 --- a/docs/umami_metrics.md +++ b/docs/umami_metrics.md @@ -1,6 +1,8 @@ # Umami metrics -Introduction +Umami is an open-source, privacy-focused web analytics tool that serves as an alternative to Google Analytics. It provides essential insights into website traffic, +user behavior, and performance, all while prioritizing data privacy. We chose to use Umami as our perfered method of metrics collection and visualisation due to +ability to support for self-hosted deployments, open-source nature, and ease of use. Check out [their docs](https://umami.is/docs) for more information. ## Deployment @@ -16,7 +18,6 @@ but best security practices are to set it. Also, we have chosen to use `UMAMI_APP_SECRET` in the `.env` file but in the deployment process this gets mapped to `APP_SECRET`. We chose this pattern because it brings clarity to what the variable does in the context of the `.env` file. - | Variable | Description | Example Value | |-------------------------|---------------------------------------------------------------------------|----------------------------------------------------| | UMAMI_APP_SECRET | Used as Hash Salt for the Database | YbSbtb | @@ -26,7 +27,6 @@ pattern because it brings clarity to what the variable does in the context of th | UMAMI_DATABASE_PASSWORD | Password for the user of the database for Umami | db-pass | | DATABASE_URL | The URL the Umami pod will use to access the DB | postgresql://db-user:db-pass@umami-db:5432/db-name | - > [!IMPORTANT] > The `DATABASE_URL` is derrived from the other variables plus the [name of the service](../deploy/k8s/base/umami/postgresql-service.yaml#L4) used in deployment. > The env variables `UMAMI_DATABASE_NAME`, `UMAMI_DATABASE_USER` and `UMAMI_DATABASE_PASSWORD` get mapped to the environment variables for the container image