From 2e54fe6b3a2fba0f25c03a64bcafb8fc74e83dea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andony=20N=C3=BA=C3=B1ez?= Date: Tue, 9 Jan 2024 14:08:53 -0600 Subject: [PATCH] [RND-676] Kubernetes Configuration for Meadowlark (#337) * [RND-676] Adding k8s files created with kompose * Removing metadata added by kompose in postgres deployments * Opensearch updates * Update api labels * Organize k8s files * Initial k8s readme * Restore services * Establishing connection between meadowlark-api and postgres * Rewrite of opensearch files for connection * [RND-676] Adding Documentation * Update diagram * Rename * Documentation updates * Adjustments after review * v0.4.1-pre.4 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Meadowlark-js/.env.example | 2 +- .../package.json | 6 +- .../meadowlark-mongodb-backend/package.json | 8 +- .../package.json | 6 +- .../package.json | 8 +- Meadowlark-js/lerna.json | 2 +- Meadowlark-js/package-lock.json | 50 +++---- .../meadowlark-authz-server/package.json | 4 +- .../packages/meadowlark-core/package.json | 4 +- .../meadowlark-utilities/package.json | 2 +- .../services/meadowlark-fastify/package.json | 8 +- Meadowlark-js/tests/e2e/package.json | 4 +- Meadowlark-js/tests/e2e/readme.md | 10 +- k8s/README.md | 93 +++++++++++++ k8s/app-configmap.yaml | 14 ++ k8s/app-secret.yaml | 7 + k8s/meadowlark-api-deployment.yaml | 126 ++++++++++++++++++ k8s/meadowlark-api-service.yaml | 15 +++ k8s/opensearch-deployment.yaml | 56 ++++++++ k8s/opensearch-persistentvolumeclaim.yaml | 13 ++ k8s/opensearch-service.yaml | 14 ++ k8s/postgres-deployment.yaml | 59 ++++++++ k8s/postgres-persistentvolumeclaim.yaml | 13 ++ k8s/postgres-service.yaml | 14 ++ 24 files changed, 481 insertions(+), 57 deletions(-) create mode 100644 k8s/README.md create mode 100644 k8s/app-configmap.yaml create mode 100644 k8s/app-secret.yaml create mode 100644 k8s/meadowlark-api-deployment.yaml create mode 100644 k8s/meadowlark-api-service.yaml create mode 100644 k8s/opensearch-deployment.yaml create mode 100644 k8s/opensearch-persistentvolumeclaim.yaml create mode 100644 k8s/opensearch-service.yaml create mode 100644 k8s/postgres-deployment.yaml create mode 100644 k8s/postgres-persistentvolumeclaim.yaml create mode 100644 k8s/postgres-service.yaml diff --git a/Meadowlark-js/.env.example b/Meadowlark-js/.env.example index fb2614a7..62c42c80 100644 --- a/Meadowlark-js/.env.example +++ b/Meadowlark-js/.env.example @@ -47,5 +47,5 @@ ALLOW__EXT_PROPERTY=true # if false, it returns an error message if the element is not part of the schema. ALLOW_OVERPOSTING=true -SAVE_LOG_TO_FILE=false +LOG_TO_FILE=false # LOG_FILE_LOCATION=c:/temp/ diff --git a/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json b/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json index c44f0cbc..edf27e77 100644 --- a/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-elasticsearch-backend", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark backend plugin for elasticsearch", "license": "Apache-2.0", "publishConfig": { @@ -19,8 +19,8 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@elastic/elasticsearch": "^8.10.0", "@elastic/transport": "^8.3.4" }, diff --git a/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json b/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json index 3128d867..f70d0b43 100644 --- a/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-mongodb-backend", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark backend plugin for MongoDB", "license": "Apache-2.0", "publishConfig": { @@ -19,9 +19,9 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.1-pre.3", - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-authz-server": "0.4.1-pre.4", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "async-retry": "^1.3.3", "mongodb": "^5.9.2", "ramda": "0.29.1" diff --git a/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json b/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json index f716d3f0..fb140d21 100644 --- a/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-opensearch-backend", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark backend plugin for OpenSearch", "license": "Apache-2.0", "publishConfig": { @@ -19,8 +19,8 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@opensearch-project/opensearch": "^2.4.0" }, "devDependencies": { diff --git a/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json b/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json index dd4d185a..8de98003 100644 --- a/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-postgresql-backend", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark backend plugin for PostgreSQL", "license": "Apache-2.0", "publishConfig": { @@ -19,9 +19,9 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.1-pre.3", - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-authz-server": "0.4.1-pre.4", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "pg": "^8.11.3", "pg-format": "^1.0.4", "ramda": "0.29.1" diff --git a/Meadowlark-js/lerna.json b/Meadowlark-js/lerna.json index 5915c0a0..aa8e377c 100644 --- a/Meadowlark-js/lerna.json +++ b/Meadowlark-js/lerna.json @@ -1,5 +1,5 @@ { "lerna": "8.0.2", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "npmClient": "npm" } diff --git a/Meadowlark-js/package-lock.json b/Meadowlark-js/package-lock.json index 3abef146..9fb442fb 100644 --- a/Meadowlark-js/package-lock.json +++ b/Meadowlark-js/package-lock.json @@ -54,11 +54,11 @@ }, "backends/meadowlark-elasticsearch-backend": { "name": "@edfi/meadowlark-elasticsearch-backend", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@elastic/elasticsearch": "^8.10.0", "@elastic/transport": "^8.3.4" }, @@ -72,12 +72,12 @@ }, "backends/meadowlark-mongodb-backend": { "name": "@edfi/meadowlark-mongodb-backend", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.1-pre.3", - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-authz-server": "0.4.1-pre.4", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "async-retry": "^1.3.3", "mongodb": "^5.9.2", "ramda": "0.29.1" @@ -90,11 +90,11 @@ }, "backends/meadowlark-opensearch-backend": { "name": "@edfi/meadowlark-opensearch-backend", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@opensearch-project/opensearch": "^2.4.0" }, "devDependencies": { @@ -107,12 +107,12 @@ }, "backends/meadowlark-postgresql-backend": { "name": "@edfi/meadowlark-postgresql-backend", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.1-pre.3", - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-authz-server": "0.4.1-pre.4", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "pg": "^8.11.3", "pg-format": "^1.0.4", "ramda": "0.29.1" @@ -17509,11 +17509,11 @@ }, "packages/meadowlark-authz-server": { "name": "@edfi/meadowlark-authz-server", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "ajv": "^8.12.0", "didyoumean2": "^6.0.1", "dotenv": "^16.3.1", @@ -17563,11 +17563,11 @@ }, "packages/meadowlark-core": { "name": "@edfi/meadowlark-core", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@isaacs/ttlcache": "^1.4.1", "ajv": "^8.12.0", "ajv-formats": "^2.1.1", @@ -17657,7 +17657,7 @@ }, "packages/meadowlark-utilities": { "name": "@edfi/meadowlark-utilities", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { "pino": "^8.15.7", @@ -17704,12 +17704,12 @@ }, "services/meadowlark-fastify": { "name": "@edfi/meadowlark-fastify", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.1-pre.3", - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-authz-server": "0.4.1-pre.4", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@fastify/rate-limit": "^6.0.1", "dotenv": "^16.3.1", "fastify": "^3.29.5" @@ -17722,10 +17722,10 @@ }, "tests/e2e": { "name": "@edfi/meadowlark-e2e-tests", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "license": "Apache-2.0", "devDependencies": { - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@testcontainers/mongodb": "^10.3.1", "@testcontainers/postgresql": "^10.3.1", "@types/chance": "^1.1.6", diff --git a/Meadowlark-js/packages/meadowlark-authz-server/package.json b/Meadowlark-js/packages/meadowlark-authz-server/package.json index 1aa63529..fea073d7 100644 --- a/Meadowlark-js/packages/meadowlark-authz-server/package.json +++ b/Meadowlark-js/packages/meadowlark-authz-server/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-authz-server", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark authorization server", "license": "Apache-2.0", "publishConfig": { @@ -14,7 +14,7 @@ ], "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "ajv": "^8.12.0", "didyoumean2": "^6.0.1", "dotenv": "^16.3.1", diff --git a/Meadowlark-js/packages/meadowlark-core/package.json b/Meadowlark-js/packages/meadowlark-core/package.json index a37e577b..7d80bb2b 100644 --- a/Meadowlark-js/packages/meadowlark-core/package.json +++ b/Meadowlark-js/packages/meadowlark-core/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-core", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark core functionality", "license": "Apache-2.0", "publishConfig": { @@ -14,7 +14,7 @@ ], "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@isaacs/ttlcache": "^1.4.1", "ajv": "^8.12.0", "ajv-formats": "^2.1.1", diff --git a/Meadowlark-js/packages/meadowlark-utilities/package.json b/Meadowlark-js/packages/meadowlark-utilities/package.json index 6f5abf66..cdeaf3f6 100644 --- a/Meadowlark-js/packages/meadowlark-utilities/package.json +++ b/Meadowlark-js/packages/meadowlark-utilities/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-utilities", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark shared utilities", "license": "Apache-2.0", "publishConfig": { diff --git a/Meadowlark-js/services/meadowlark-fastify/package.json b/Meadowlark-js/services/meadowlark-fastify/package.json index 7293e5f1..02ef31b0 100644 --- a/Meadowlark-js/services/meadowlark-fastify/package.json +++ b/Meadowlark-js/services/meadowlark-fastify/package.json @@ -1,6 +1,6 @@ { "name": "@edfi/meadowlark-fastify", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark service using Fastify", "license": "Apache-2.0", "publishConfig": { @@ -12,9 +12,9 @@ "/package.json" ], "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.1-pre.3", - "@edfi/meadowlark-core": "0.4.1-pre.3", - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-authz-server": "0.4.1-pre.4", + "@edfi/meadowlark-core": "0.4.1-pre.4", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@fastify/rate-limit": "^6.0.1", "dotenv": "^16.3.1", "fastify": "^3.29.5" diff --git a/Meadowlark-js/tests/e2e/package.json b/Meadowlark-js/tests/e2e/package.json index 7d54ee66..233fec94 100644 --- a/Meadowlark-js/tests/e2e/package.json +++ b/Meadowlark-js/tests/e2e/package.json @@ -1,13 +1,13 @@ { "name": "@edfi/meadowlark-e2e-tests", "main": "dist/index.js", - "version": "0.4.1-pre.3", + "version": "0.4.1-pre.4", "description": "Meadowlark Ed-Fi API end to end tests", "license": "Apache-2.0", "private": true, "files": [], "devDependencies": { - "@edfi/meadowlark-utilities": "0.4.1-pre.3", + "@edfi/meadowlark-utilities": "0.4.1-pre.4", "@testcontainers/mongodb": "^10.3.1", "@testcontainers/postgresql": "^10.3.1", "@types/chance": "^1.1.6", diff --git a/Meadowlark-js/tests/e2e/readme.md b/Meadowlark-js/tests/e2e/readme.md index d6f2c6f5..758af9fe 100644 --- a/Meadowlark-js/tests/e2e/readme.md +++ b/Meadowlark-js/tests/e2e/readme.md @@ -64,14 +64,14 @@ This is a special mode that will setup a group of containers in different ports (denoted with the names -test) and will not delete the containers after each run. -- To setup, run: `npm run test:e2e:dev:setup`. This will configure the test +* To setup, run: `npm run test:e2e:dev:setup`. This will configure the test containers -- Set the environment variable `DEVELOPER_MODE=true` -- Run `npm run test:e2e:jest:tc` to run the tests -- Save the Admin Key and Secret (as specified in +* Set the environment variable `DEVELOPER_MODE=true` +* Run `npm run test:e2e:jest:tc` to run the tests +* Save the Admin Key and Secret (as specified in [.env-e2e.example](./setup/.env-e2e.example)) to be able to run the tests without cleaning the environment -- When done, run: `npm run test:e2e:dev:exit` or execute the +* When done, run: `npm run test:e2e:dev:exit` or execute the `exit-dev-containers.ps1` script to clean the environment. > [!NOTE] diff --git a/k8s/README.md b/k8s/README.md new file mode 100644 index 00000000..e0ffb103 --- /dev/null +++ b/k8s/README.md @@ -0,0 +1,93 @@ +# Meadowlark Kubernetes Deployment + +This folder provides a basic setup of a set of +[Kubernetes](https://kubernetes.io/) files to setup a cluster. + +## Local Development + +For local development, you need to use +[minikube](https://minikube.sigs.k8s.io/docs/start/). + +* After installing, run `minikube start` to setup minikube in your local + environment. +* Set the terminal in the */k8s* folder. +* Run `kubectl apply -f .` to apply all or go file by file (`kubectl apply -f + {file-name}`). +* After done, inspect with `kubectl get pods`, and verify that all pods have + status **RUNNING** (This can take a couple of minutes). + +This will start the kubernetes infrastructure to run without exposing any +connection to the external network. When installing in a cloud provider the +clouds Load Balancing service will take care of making the connection to the +cluster, by opening a connection to the +[meadowlark-api-service](meadowlark-api-service.yaml). + +This container has the type LoadBalancer, meaning that this is the entry point +for the load balancer provider. + +To test this in the local environment, we need to open *tunnel* between the +local network and the Kubernetes cluster. To do so, run `minikube service +meadowlark-api --url`. + +Copy the URL and connect to Meadowlark. + +### View Logs + +To get the logs from Meadowlark, verify that the flag `LOG_TO_FILE` is set to +true. If saving to the default location, get the logs by: + +1. Get the pod id `kubectl get pods`. +2. Run `kubectl exec -it $POD_ID -- cat /var/log/meadowlark.log` + +### Useful commands + +| Command | Description | +| ----------------------------------------------- | ---------------------------- | +| `minikube start` | Start minikube cluster | +| `minikube delete` | Clean minikube cluster | +| `kubectl get pods` | Get all pods | +| `kubectl get deployments` | Get all deployments | +| `kubectl get services` | Get all services | +| `kubectl describe service postgres` | Get description of a service | +| `kubectl exec -it POD_NAME -- psql -U postgres` | Execute a command in a pod | + +> [!NOTE] +> In Kubernetes you can reference another pod by IP address or by hostname, +> where the host name is the name of the pod. + +## Kubernetes Architecture + +```mermaid +flowchart LR + subgraph Kubernetes Network + subgraph Configuration + CS[Secret] + CC[ConfigMap] + end + subgraph Pods + MP[Meadowlark API] + OP[OpenSearch] + PP[PostgreSQL] + end + subgraph Services + PS[PostgreSQL Service] + OS[OpenSearch Service] + MS[Meadowlark Service] + end + subgraph Persistent Volumes + PV[PostgreSQL Volume] + OV[OpenSearch Volume] + end + end + I[Internet] --> MS + MS --> MP + PS -- connects --> PP + OS -- connects --> OP + MP --> PS + MP --> OS + PP --> PV + OP --> OV + PP --> CC + OP --> CC + PP --> CS +``` diff --git a/k8s/app-configmap.yaml b/k8s/app-configmap.yaml new file mode 100644 index 00000000..89f22807 --- /dev/null +++ b/k8s/app-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: app-configmap +data: + postgres-user: postgres + postgres-host: postgres-service + postgres-port: "5432" + postgres-dbname: postgres + opensearch-user: admin + opensearch-password: admin + opensearch-endpoint: http://opensearch-service:9200 + oauth-key: meadowlark_verify-only_key_1 + oauth-secret: meadowlark_verify-only_secret_1 diff --git a/k8s/app-secret.yaml b/k8s/app-secret.yaml new file mode 100644 index 00000000..9aa38cb1 --- /dev/null +++ b/k8s/app-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: app-secret +type: Opaque +data: + postgres-password: dG9wc2VjdXJl diff --git a/k8s/meadowlark-api-deployment.yaml b/k8s/meadowlark-api-deployment.yaml new file mode 100644 index 00000000..3cd5c911 --- /dev/null +++ b/k8s/meadowlark-api-deployment.yaml @@ -0,0 +1,126 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serviceName: meadowlark-api + name: meadowlark-api +spec: + replicas: 1 + selector: + matchLabels: + serviceName: meadowlark-api + strategy: {} + template: + metadata: + labels: + io.kompose.network/meadowlark-js-default: "true" + serviceName: meadowlark-api + spec: + containers: + - name: meadowlark-api + image: edfialliance/meadowlark-ed-fi-api + ports: + - containerPort: 3000 + hostPort: 3000 + protocol: TCP + env: + - name: ALLOW_OVERPOSTING + value: "false" + - name: ALLOW_TYPE_COERCION + value: "true" + - name: ALLOW__EXT_PROPERTY + value: "true" + - name: AUTHORIZATION_STORE_PLUGIN + value: "@edfi/meadowlark-postgresql-backend" + - name: DOCUMENT_STORE_PLUGIN + value: "@edfi/meadowlark-postgresql-backend" + - name: LISTENER1_PLUGIN + value: "@edfi/meadowlark-opensearch-backend" + - name: QUERY_HANDLER_PLUGIN + value: "@edfi/meadowlark-opensearch-backend" + - name: BEGIN_ALLOWED_SCHOOL_YEAR + value: "2022" + - name: END_ALLOWED_SCHOOL_YEAR + value: "2034" + - name: FASTIFY_NUM_THREADS + value: "10" + - name: FASTIFY_PORT + value: "3000" + - name: FASTIFY_RATE_LIMIT + value: "false" + - name: LOG_LEVEL + value: info + - name: LOG_PRETTY_PRINT + value: "false" + - name: LOG_TO_FILE + value: "true" + - name: MEADOWLARK_STAGE + value: local + - name: OAUTH_HARD_CODED_CREDENTIALS_ENABLED + value: "true" + - name: OAUTH_SERVER_ENDPOINT_FOR_OWN_TOKEN_REQUEST + value: http://localhost:3000/local/oauth/token + - name: OAUTH_SERVER_ENDPOINT_FOR_TOKEN_VERIFICATION + value: http://localhost:3000/local/oauth/verify + - name: OAUTH_SIGNING_KEY + - name: OPENSEARCH_ENDPOINT + valueFrom: + configMapKeyRef: + name: app-configmap + key: opensearch-endpoint + - name: OPENSEARCH_PASSWORD + valueFrom: + configMapKeyRef: + name: app-configmap + key: opensearch-password + - name: OPENSEARCH_USERNAME + valueFrom: + configMapKeyRef: + name: app-configmap + key: opensearch-user + - name: OWN_OAUTH_CLIENT_ID_FOR_CLIENT_AUTH + valueFrom: + configMapKeyRef: + name: app-configmap + key: oauth-key + - name: OWN_OAUTH_CLIENT_SECRET_FOR_CLIENT_AUTH + valueFrom: + configMapKeyRef: + name: app-configmap + key: oauth-secret + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: app-secret + key: postgres-password + - name: POSTGRES_HOST + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-host + - name: MEADOWLARK_DATABASE_NAME + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-dbname + - name: POSTGRES_PORT + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-port + livenessProbe: + exec: + command: + - curl -s http://localhost:3000/local >/dev/null || exit 1 + failureThreshold: 50 + periodSeconds: 30 + timeoutSeconds: 10 + resources: {} + hostname: meadowlark-api + restartPolicy: Always +status: {} diff --git a/k8s/meadowlark-api-service.yaml b/k8s/meadowlark-api-service.yaml new file mode 100644 index 00000000..b39b2b61 --- /dev/null +++ b/k8s/meadowlark-api-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + serviceName: meadowlark-api + name: meadowlark-api +spec: + ports: + - port: 3000 + targetPort: 3000 + type: LoadBalancer + selector: + serviceName: meadowlark-api +status: + loadBalancer: {} diff --git a/k8s/opensearch-deployment.yaml b/k8s/opensearch-deployment.yaml new file mode 100644 index 00000000..514a4ed0 --- /dev/null +++ b/k8s/opensearch-deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serviceName: opensearch + name: opensearch +spec: + replicas: 1 + selector: + matchLabels: + serviceName: opensearch + strategy: + type: Recreate + template: + metadata: + labels: + serviceName: opensearch + spec: + containers: + - name: opensearch-node1 + image: opensearchproject/opensearch:2.7.0@sha256:55f1f67e7d3645aa838b63a589bce5645154ba275814e52d4638d371ca0f8cb5 + ports: + - containerPort: 9200 + env: + - name: DISABLE_INSTALL_DEMO_CONFIG + value: "true" + - name: DISABLE_SECURITY_PLUGIN + value: "true" + - name: OPENSEARCH_JAVA_OPTS + value: -Xms512m -Xmx512m + - name: bootstrap.memory_lock + value: "true" + - name: cluster.name + value: opensearch-cluster-ml-local + - name: discovery.type + value: single-node + livenessProbe: + exec: + command: + - curl -s http://localhost:9200/_cat/health >/dev/null || exit 1 + failureThreshold: 50 + periodSeconds: 30 + timeoutSeconds: 10 + resources: + limits: + memory: "2147483648" + volumeMounts: + - mountPath: /usr/share/opensearch/data + name: opensearch-data + hostname: opensearch + restartPolicy: Always + volumes: + - name: opensearch-data + persistentVolumeClaim: + claimName: opensearch-data +status: {} diff --git a/k8s/opensearch-persistentvolumeclaim.yaml b/k8s/opensearch-persistentvolumeclaim.yaml new file mode 100644 index 00000000..f27eb643 --- /dev/null +++ b/k8s/opensearch-persistentvolumeclaim.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + serviceName: opensearch-data + name: opensearch-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} diff --git a/k8s/opensearch-service.yaml b/k8s/opensearch-service.yaml new file mode 100644 index 00000000..51e9f172 --- /dev/null +++ b/k8s/opensearch-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + serviceName: opensearch-service + name: opensearch-service +spec: + ports: + - port: 9200 + targetPort: 9200 + selector: + serviceName: opensearch +status: + loadBalancer: {} diff --git a/k8s/postgres-deployment.yaml b/k8s/postgres-deployment.yaml new file mode 100644 index 00000000..94afc065 --- /dev/null +++ b/k8s/postgres-deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + serviceName: postgres + name: postgres +spec: + replicas: 1 + selector: + matchLabels: + serviceName: postgres + strategy: + type: Recreate + template: + metadata: + labels: + serviceName: postgres + spec: + containers: + - name: postgres-ml + image: postgres:14.3-alpine@sha256:84c6ea4333ae18f25ea0fb18bb142156f2a2e545e0a779d93bbf08079e56bdaf + ports: + - containerPort: 80 + env: + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: app-secret + key: postgres-password + - name: POSTGRES_HOST + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-host + - name: MEADOWLARK_DATABASE_NAME + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-dbname + - name: POSTGRES_PORT + valueFrom: + configMapKeyRef: + name: app-configmap + key: postgres-port + resources: {} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: pgsql-ml-data + restartPolicy: Always + volumes: + - name: pgsql-ml-data + persistentVolumeClaim: + claimName: pgsql-ml-data +status: {} diff --git a/k8s/postgres-persistentvolumeclaim.yaml b/k8s/postgres-persistentvolumeclaim.yaml new file mode 100644 index 00000000..dbd35150 --- /dev/null +++ b/k8s/postgres-persistentvolumeclaim.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + serviceName: pgsql-ml-data + name: pgsql-ml-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} diff --git a/k8s/postgres-service.yaml b/k8s/postgres-service.yaml new file mode 100644 index 00000000..fc0e3131 --- /dev/null +++ b/k8s/postgres-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: postgres-service + labels: + serviceName: postgres +spec: + selector: + serviceName: postgres + type: ClusterIP + ports: + - protocol: TCP + port: 5432 + targetPort: 5432