Skip to content

Commit

Permalink
Abacus: make k8s ready for DigitalOcean
Browse files Browse the repository at this point in the history 
This change kinda makes it broken for localhost BUT it makes it work on DigitalOcean (including database backups to S3) which is more important. I will improve the localhost experience later (either via Kustomize or Telepresence or both).
  • Loading branch information
@mrtnzlml @kodiakhq
mrtnzlml authored and kodiakhq[bot] committed Apr 30, 2021
1 parent b91860e commit ef86fa5
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 23 deletions.
4 changes: 3 additions & 1 deletion src/abacus-backoffice/src/constants.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
// @flow strict

export default {
graphqlServerURL: ((__DEV__ ? 'http://0.0.0.0:5000/graphql' : 'http://0.0.0.0/graphql'): string),
graphqlServerURL: ((__DEV__
? 'http://0.0.0.0:5000/graphql'
: 'http://abacus.kochka.com.mx/graphql'): string), // TODO: HTTPS, better "abacus" domain
googleClientID: '245356693889-63qeuc6183hab6be342blikbknsvqrhk.apps.googleusercontent.com',
};
3 changes: 2 additions & 1 deletion src/abacus/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,5 +134,6 @@ analyzers.remove('bigram');
✅ 007 - DB migrations
🚧 008 - queries whitelisting (persistent queries)
🚧 009 - explore WASM on server instead of Docker (https://github.com/deislabs/krustlet)
🚧 010 - ArangoDB database backups (k8s)
🚧 010 - ArangoDB database backups and restores (k8s)
🚧 011 - development k8s cluster + Telepresence (https://www.getambassador.io/docs/telepresence/latest/howtos/intercepts/)
```
31 changes: 30 additions & 1 deletion src/abacus/kubernetes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,12 @@
- https://www.arangodb.com/docs/stable/deployment-kubernetes.html
- https://www.arangodb.com/docs/stable/tutorials-kubernetes.html

The main Kubernetes cluster runs on DigitalOcean, see: https://cloud.digitalocean.com/kubernetes/clusters

# Deploying

First, make sure you are in the correct DigitalOcean/local context (`kubectl config get-contexts`).

```bash
(cd src/abacus/kubernetes && kubectl apply -f third_party/arangodb/)

Expand All @@ -20,7 +24,7 @@
- https://github.com/zegl/kube-score

```bash
docker run -v $(pwd):/project zegl/kube-score:v1.10.0 score src/abacus/kubernetes/abacus.yaml
docker run -v $(pwd):/project zegl/kube-score:v1.11.0 score src/abacus/kubernetes/abacus.yaml
```

# Kubernetes dashboard (development only)
Expand Down Expand Up @@ -92,3 +96,28 @@ Delete evicted/failed pods:
kubectl get pods --field-selector=status.phase=Failed
kubectl delete pods --field-selector=status.phase=Failed
```

# Creating necessary secrets

- https://kubernetes.io/docs/concepts/configuration/secret/
- https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/

```bash
kubectl create secret generic abacus-aws-secret
```

```bash
echo -n 'supersecret' | base64
```

```bash
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: abacus-aws-secret
data:
AWS_ACCESS_KEY_ID: supersecretbase64
AWS_SECRET_ACCESS_KEY: supersecretbase64
EOF
```
56 changes: 36 additions & 20 deletions src/abacus/kubernetes/abacus.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# https://www.arangodb.com/docs/stable/deployment-kubernetes-deployment-resource.html
apiVersion: 'database.arangodb.com/v1alpha'
kind: 'ArangoDeployment'
metadata:
Expand All @@ -9,28 +10,19 @@ spec:
caSecretName: None # TODO
auth:
jwtSecretName: None # TODO
externalAccess:
type: None
single:
storageClassName: my-local-ssd
overrideDetectedTotalMemory: True
storageClassName: do-block-storage # DigitalOcean Block Storage
resources:
requests:
cpu: 1
memory: 512M
storage: 1Gi
limits:
cpu: 2
memory: 1024M

---
apiVersion: 'storage.arangodb.com/v1alpha'
kind: 'ArangoLocalStorage'
metadata:
name: 'arangodb-single-server-storage'
spec:
storageClass:
name: my-local-ssd
isDefault: true
localPath:
- /Users/martinzlamal/Desktop/arango-storage # TODO
storage: 1Gi

---
apiVersion: 'batch/v1beta1'
Expand All @@ -47,7 +39,7 @@ spec:
# │ │ │ │ │
# │ │ │ │ │
schedule: '*/5 * * * *' # every 5 minutes
#schedule: '0 * * * *' # equivalent to `@hourly`
#schedule: '0 * * * *' # equivalent to `@hourly` # TODO
concurrencyPolicy: Forbid
jobTemplate:
spec:
Expand All @@ -59,10 +51,10 @@ spec:
image: 'arangodb/arangodb:3.7.9'
args:
- 'arangodump'
# https://<deployment-name>.<namespace>.svc:8529
# https://<deployment-name>.<namespace>.svc.cluster.local:8529
- '--server.endpoint=tcp://arangodb-single-server.default.svc.cluster.local:8529' # TODO: ssl://…
#- '--server.username=$(username)'
#- '--server.password=$(password)'
#- '--server.username=$(username)' # TODO
#- '--server.password=$(password)' # TODO
- '--server.authentication=false'
- '--server.database=abacus'
- '--output-directory=/tmp/dump'
Expand All @@ -74,8 +66,21 @@ spec:
- name: db-dump-upload
image: amazon/aws-cli:2.1.29
command: ['/bin/sh', '-c']
args: ['aws --help']
#args: ['aws s3 sync /tmp/dump s3://bucket/$(date -I)']
args:
[
'aws s3 sync /tmp/dump s3://abacus-arangodb-backup-38c739d1-9e39-4052-8746-b2f21523f6c0/$(date "+%Y-%m-%dT%H:%M:%S")',
]
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: abacus-aws-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: abacus-aws-secret
key: AWS_SECRET_ACCESS_KEY
volumeMounts:
- name: dump
mountPath: /tmp/dump
Expand Down Expand Up @@ -120,5 +125,16 @@ spec:
image: mrtnzlml/abacus
ports:
- containerPort: 5000
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: abacus-aws-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: abacus-aws-secret
key: AWS_SECRET_ACCESS_KEY
args:
- '--arangodb-url=http://arangodb-single-server.default.svc.cluster.local:8529' # TODO: https://…

0 comments on commit ef86fa5

Please sign in to comment.