-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Future-Playground] Adding future playground to deployment pipeline (#…
…214) * add future playground Signed-off-by: Tao Liu <liutaoaz@amazon.com> * add future yml file Signed-off-by: Tao Liu <liutaoaz@amazon.com> --------- Signed-off-by: Tao Liu <liutaoaz@amazon.com>
- Loading branch information
1 parent
ee48bf2
commit 21c8187
Showing
4 changed files
with
1,522 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
name: Future Playground Deployment | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
deploy_fresh: | ||
required: false | ||
type: boolean | ||
description: 'Fresh Deploy OpenSearch and OpenSearch Dashboards' | ||
default: false | ||
deploy_upgrade: | ||
required: false | ||
type: boolean | ||
description: 'Upgrade OpenSearch and OpenSearch Dashboards' | ||
default: true | ||
osd_image_tag: | ||
required: true | ||
type: string | ||
description: 'Image tag for OpenSearch Dashboards' | ||
default: '3.0.0-8219474312' | ||
osd_image_repo: | ||
required: true | ||
type: string | ||
description: 'Image repo for OpenSearch Dashboards' | ||
default: 'public.ecr.aws/y0r0d3v8/actionrunner' | ||
os_image_tag: | ||
required: false | ||
type: string | ||
description: 'Image tag for OpenSearch' | ||
default: '3.0.0' | ||
os_image_repo: | ||
required: false | ||
type: string | ||
description: 'Image repo for OpenSearch' | ||
default: 'opensearchstaging/opensearch' | ||
|
||
jobs: | ||
|
||
Future-OS-OSD-Deployment: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Replace Tokens for opensearch-dashboards.yml | ||
uses: cschleiden/replace-tokens@v1 | ||
with: | ||
files: '["${{ github.workspace }}/config/playground/helm/future/helm-opensearch-dashboards.yaml"]' | ||
tokenPrefix: '${' | ||
tokenSuffix: '}' | ||
env: | ||
OPENID_CLIENT_ID: ${{ secrets.OPENID_CLIENT_ID_FUTURE }} | ||
OPENID_CLIENT_SECRET: ${{ secrets.OPENID_CLIENT_SECRET_FUTURE }} | ||
OPENID_BASE_REDIRECT_URL: ${{ secrets.OPENID_BASE_REDIRECT_URL_FUTURE }} | ||
OPENID_LOGOUT_URL: ${{ secrets.OPENID_LOGOUT_URL_FUTURE }} | ||
GA_TRACKING_ID: ${{ secrets.GA_TRACKING_ID_FUTURE }} | ||
CERTIFICATE_ARN: ${{ secrets.CERTIFICATE_ARN_FUTURE }} | ||
KIBANASERVER: ${{ secrets.KIBANASERVER }} | ||
OSD_IMAGE_TAG: ${{ inputs.osd_image_tag }} | ||
OSD_IMAGE_REPO: ${{ inputs.osd_image_repo }} | ||
- name: Replace Token in opensearch.yml | ||
uses: cschleiden/replace-tokens@v1 | ||
with: | ||
files: '["${{ github.workspace }}/config/playground/helm/future/helm-opensearch.yaml"]' | ||
tokenPrefix: '${' | ||
tokenSuffix: '}' | ||
env: | ||
ESNODE_CERT: ${{ secrets.esnode_cert }} | ||
ESNODE_KEY_CERT: ${{ secrets.esnode_key_cert }} | ||
ROOT_CA_CERT: ${{ secrets.root_ca_cert }} | ||
OS_IMAGE_TAG: ${{ inputs.os_image_tag }} | ||
OS_IMAGE_REPO: ${{ inputs.os_image_repo }} | ||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v2 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PINK }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PINK }} | ||
aws-region: ${{ secrets.AWS_REGION_PINK }} | ||
- name: Fresh Deploy OpenSearch and OpenSearch Dashboards By Helm Chart | ||
if: ${{ inputs.deploy_fresh }} | ||
uses: elastic-analytics/dashboards-action@main | ||
env: | ||
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA_PINK }} | ||
with: | ||
plugins: "" # optional, list of Helm plugins. eg. helm-secrets or helm-diff. | ||
# Teardown the current OS and OSD and then install the lastest version | ||
# of OS and OSD as it only takes 23 seconds for the process, will add | ||
# blue/green deployment later. | ||
command: | | ||
helm uninstall opensearch --namespace default | ||
helm uninstall dashboards --namespace default | ||
kubectl get pvc | grep opensearch-cluster-leader-opensearch-cluster-leader- | awk '{print $1}'| xargs kubectl delete pvc | ||
helm install opensearch opensearch/opensearch -f config/playground/helm/future/helm-opensearch.yaml | ||
helm install dashboards opensearch/opensearch-dashboards -f config/playground/helm/future/helm-opensearch-dashboards.yaml | ||
- name: Upgrade Deploy OpenSearch/OpenSearch Dashboards By Helm Chart | ||
if: ${{ inputs.deploy_upgrade }} | ||
uses: elastic-analytics/dashboards-action@main | ||
env: | ||
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA_PINK }} | ||
with: | ||
plugins: "" # optional, list of Helm plugins. eg. helm-secrets or helm-diff. | ||
# Teardown the current OS and OSD and then install the lastest version | ||
# of OS and OSD as it only takes 23 seconds for the process, will add | ||
# blue/green deployment later. | ||
command: | | ||
helm upgrade opensearch opensearch/opensearch -f config/playground/helm/future/helm-opensearch.yaml | ||
helm upgrade dashboards opensearch/opensearch-dashboards -f config/playground/helm/future/helm-opensearch-dashboards.yaml | ||
246 changes: 246 additions & 0 deletions
246
config/playground/helm/future/helm-opensearch-dashboards.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,246 @@ | ||
# Copyright OpenSearch Contributors | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
# Default values for opensearch-dashboards. | ||
# This is a YAML-formatted file. | ||
# Declare variables to be passed into your templates. | ||
|
||
opensearchHosts: "https://opensearch-cluster-leader:9200" | ||
replicaCount: 2 | ||
|
||
image: | ||
repository: ${OSD_IMAGE_REPO} | ||
# override image tag, which is .Chart.AppVersion by default | ||
tag: ${OSD_IMAGE_TAG} | ||
pullPolicy: "Always" | ||
|
||
startupProbe: | ||
tcpSocket: | ||
port: 5601 | ||
periodSeconds: 10 | ||
timeoutSeconds: 5 | ||
failureThreshold: 20 | ||
successThreshold: 1 | ||
initialDelaySeconds: 10 | ||
|
||
livenessProbe: | ||
tcpSocket: | ||
port: 5601 | ||
periodSeconds: 20 | ||
timeoutSeconds: 5 | ||
failureThreshold: 10 | ||
successThreshold: 1 | ||
initialDelaySeconds: 10 | ||
|
||
readinessProbe: | ||
tcpSocket: | ||
port: 5601 | ||
periodSeconds: 20 | ||
timeoutSeconds: 5 | ||
failureThreshold: 10 | ||
successThreshold: 1 | ||
initialDelaySeconds: 10 | ||
|
||
imagePullSecrets: [] | ||
nameOverride: "" | ||
fullnameOverride: "" | ||
|
||
serviceAccount: | ||
# Specifies whether a service account should be created | ||
create: true | ||
# Annotations to add to the service account | ||
annotations: {} | ||
# The name of the service account to use. | ||
# If not set and create is true, a name is generated using the fullname template | ||
name: "" | ||
|
||
rbac: | ||
create: true | ||
|
||
# A list of secrets and their paths to mount inside the pod | ||
# This is useful for mounting certificates for security and for mounting | ||
# the X-Pack license | ||
secretMounts: [] | ||
|
||
podAnnotations: {} | ||
|
||
extraEnvs: [] | ||
|
||
envFrom: [] | ||
|
||
extraVolumes: [] | ||
|
||
extraVolumeMounts: [] | ||
|
||
extraInitContainers: "" | ||
|
||
extraContainers: "" | ||
|
||
podSecurityContext: {} | ||
|
||
securityContext: | ||
capabilities: | ||
drop: | ||
- ALL | ||
# readOnlyRootFilesystem: true | ||
runAsNonRoot: true | ||
runAsUser: 1000 | ||
|
||
config: | ||
# Default OpenSearch Dashboards configuration from docker image of Dashboards | ||
opensearch_dashboards.yml: | ||
opensearch.hosts: [https://localhost:9200] | ||
opensearch.ssl.verificationMode: none | ||
opensearch.username: kibanaserver | ||
opensearch.password: ${KIBANASERVER} | ||
opensearch.requestHeadersWhitelist: [authorization, securitytenant] | ||
opensearch_security.auth.anonymous_auth_enabled: true | ||
opensearch_security.multitenancy.enabled: true | ||
opensearch_security.multitenancy.tenants.enable_global: true | ||
opensearch_security.multitenancy.tenants.enable_private: true | ||
opensearch_security.multitenancy.tenants.preferred: [Global, Private] | ||
opensearch_security.readonly_mode.roles: [kibana_read_only] | ||
# Use this setting if you are running opensearch-dashboards without https | ||
opensearch_security.cookie.secure: false | ||
server.host: '0.0.0.0' | ||
# Use the consolidated menu and global header bar | ||
opensearchDashboards.branding.useExpandedHeader: false | ||
# Enable multiple datasource | ||
data_source.enabled: true | ||
data_source.endpointDeniedIPs: [ | ||
'127.0.0.0/8', | ||
'::1/128', | ||
'169.254.0.0/16', | ||
'fe80::/10', | ||
'10.0.0.0/8', | ||
'172.16.0.0/12', | ||
'192.168.0.0/16', | ||
'fc00::/7', | ||
'0.0.0.0/8', | ||
'100.64.0.0/10', | ||
'192.0.0.0/24', | ||
'192.0.2.0/24', | ||
'198.18.0.0/15', | ||
'192.88.99.0/24', | ||
'198.51.100.0/24', | ||
'203.0.113.0/24', | ||
'224.0.0.0/4', | ||
'240.0.0.0/4', | ||
'255.255.255.255/32', | ||
'::/128', | ||
'2001:db8::/32', | ||
'ff00::/8', | ||
] | ||
# Enable ml_commons_dashboards | ||
# ml_commons_dashboards.enabled: true | ||
# Content security policy(csp) settings | ||
csp.rules: [ "connect-src 'self' www.google-analytics.com vectors.maps.opensearch.org tiles.maps.opensearch.org maps.opensearch.org;" ] | ||
csp.warnLegacyBrowsers: false | ||
google_analytics_plugin.trackingID: ${GA_TRACKING_ID} | ||
|
||
# security plugin for openid | ||
opensearch_security.auth.type: ['Basicauth','openid'] | ||
opensearch_security.auth.multiple_auth_enabled: true | ||
opensearch_security.ui.openid.login.buttonname: "Log in with Google account" | ||
opensearch_security.ui.openid.login.brandimage: "https://opensearch.org/assets/brand/PNG/Mark/opensearch_mark_default.png" | ||
opensearch_security.ui.openid.login.showbrandimage: true | ||
opensearch_security.openid.base_redirect_url: ${OPENID_REDIRECT_URL} | ||
opensearch_security.openid.scope: 'openid profile email' | ||
opensearch_security.openid.verify_hostnames: false | ||
opensearch_security.openid.refresh_tokens: false | ||
|
||
opensearch_security.openid.connect_url: "https://accounts.google.com/.well-known/openid-configuration" | ||
opensearch_security.openid.client_id: ${OPENID_CLIENT_ID} | ||
opensearch_security.openid.client_secret: ${OPENID_CLIENT_SECRET} | ||
opensearch_security.openid.logout_url: ${OPENID_LOGOUT_URL} | ||
|
||
uiSettings: | ||
overrides: | ||
"theme:next": true | ||
"theme:darkMode": false | ||
|
||
priorityClassName: "" | ||
|
||
opensearchAccount: | ||
secret: "" | ||
keyPassphrase: | ||
enabled: false | ||
|
||
labels: {} | ||
|
||
hostAliases: [] | ||
|
||
serverHost: "0.0.0.0" | ||
|
||
service: | ||
type: NodePort | ||
# The IP family and IP families options are to set the behaviour in a dual-stack environment | ||
# Omitting these values will let the service fall back to whatever the CNI dictates the defaults | ||
# should be | ||
# | ||
# ipFamilyPolicy: SingleStack | ||
# ipFamilies: | ||
# - IPv4 | ||
port: 5601 | ||
#targetPort: 5601 | ||
loadBalancerIP: "" | ||
nodePort: "" | ||
labels: {} | ||
annotations: {} | ||
loadBalancerSourceRanges: [] | ||
# 0.0.0.0/0 | ||
httpPortName: http | ||
|
||
ingress: | ||
enabled: true | ||
ingressClassName: alb | ||
annotations: | ||
alb.ingress.kubernetes.io/scheme: internet-facing | ||
alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN} | ||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' | ||
alb.ingress.kubernetes.io/target-type: ip | ||
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' | ||
labels: {} | ||
hosts: | ||
- host: future.playground.opensearch.org | ||
paths: | ||
- path: / | ||
backend: | ||
service: | ||
name: "dashboards-opensearch-dashboards" | ||
port: | ||
number: 5601 | ||
tls: [] | ||
|
||
resources: | ||
requests: | ||
cpu: "1" | ||
memory: "8G" | ||
limits: | ||
cpu: "3" | ||
memory: "24G" | ||
|
||
autoscaling: | ||
# This requires metrics server to be installed, to install use kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml | ||
# See https://github.com/kubernetes-sigs/metrics-server | ||
enabled: false | ||
minReplicas: 2 | ||
maxReplicas: 10 | ||
targetCPUUtilizationPercentage: 80 | ||
|
||
updateStrategy: | ||
type: "Recreate" | ||
|
||
nodeSelector: {} | ||
|
||
tolerations: [] | ||
|
||
affinity: {} | ||
|
||
# -- Array of extra K8s manifests to deploy | ||
extraObjects: [] | ||
|
||
# specify the external plugins to install | ||
plugins: | ||
enabled: true | ||
installList: ["https://github.com/BionIT/google-analytics-plugin/releases/download/3.0.0/googleAnalytics-3.0.0.zip"] |
Oops, something went wrong.