diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml index 4ba560d..625ea7a 100644 --- a/.github/workflows/apply.yml +++ b/.github/workflows/apply.yml @@ -39,7 +39,6 @@ jobs: - name: prep applications run: | ./app-setup-eks.sh - ./app-setup-solr.sh ./app-setup-solrcloud.sh ./app-setup-smtp.sh - name: terraform apply (staging) @@ -89,7 +88,6 @@ jobs: - name: prep applications run: | ./app-setup-eks.sh - ./app-setup-solr.sh ./app-setup-solrcloud.sh ./app-setup-smtp.sh - name: terraform apply (production) diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml index 323adf1..2dfb4ea 100644 --- a/.github/workflows/commit.yml +++ b/.github/workflows/commit.yml @@ -53,7 +53,6 @@ jobs: - name: prep applications run: | ./app-setup-eks.sh - ./app-setup-solr.sh ./app-setup-solrcloud.sh ./app-setup-smtp.sh diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml index 854c9e8..891c77c 100644 --- a/.github/workflows/plan.yml +++ b/.github/workflows/plan.yml @@ -37,7 +37,6 @@ jobs: - name: prep applications run: | ./app-setup-eks.sh - ./app-setup-solr.sh ./app-setup-solrcloud.sh ./app-setup-smtp.sh - name: terraform plan (staging) @@ -77,7 +76,6 @@ jobs: - name: prep applications run: | ./app-setup-eks.sh - ./app-setup-solr.sh ./app-setup-solrcloud.sh ./app-setup-smtp.sh - name: terraform plan (production) diff --git a/app-setup-solr.sh b/app-setup-solr.sh deleted file mode 100755 index 74ed77d..0000000 --- a/app-setup-solr.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/bash -set -ex - -CSB_VERSION="0.4.1" -DATAGOV_BROKERPAK_SOLR_VERSION="0.20.2" - -# TODO: Check sha256 sums -HELM_VERSION="3.7.1" -KUBECTL_VERSION="1.22.3" - -BASE_URL="https://get.helm.sh" -TAR_FILE="helm-v${HELM_VERSION}-linux-amd64.tar.gz" - -# Set up an app dir and bin dir -mkdir -p app-solr/bin - -# Generate a .profile to be run at startup for mapping VCAP_SERVICES to needed -# environment variables -cat > app-solr/.profile << 'EOF' -# Locate additional binaries needed by the deployed brokerpaks -export PATH="$PATH:${PWD}/bin" - -# Export credentials for the k8s cluster and namespace where the Solr brokerpak -# should manage instances of SolrCloud. We get these from the binding directly. -export SOLR_SERVER=$(echo $VCAP_SERVICES | jq -r '.["aws-eks-service"][] | .credentials.server') -export SOLR_CLUSTER_CA_CERTIFICATE=$(echo $VCAP_SERVICES | jq -r '.["aws-eks-service"][] | .credentials.certificate_authority_data') -export SOLR_TOKEN=$(echo $VCAP_SERVICES | jq -r '.["aws-eks-service"][] | .credentials.token') -export SOLR_NAMESPACE=$(echo $VCAP_SERVICES | jq -r '.["aws-eks-service"][] | .credentials.namespace') -export SOLR_DOMAIN_NAME=$(echo $VCAP_SERVICES | jq -r '.["aws-eks-service"][] | .credentials.domain_name') -EOF -chmod +x app-solr/.profile - -# Add the cloud-service-broker binary -(cd app-solr && curl -f -L -o cloud-service-broker https://github.com/cloudfoundry-incubator/cloud-service-broker/releases/download/${CSB_VERSION}/cloud-service-broker.linux) && \ - chmod +x app-solr/cloud-service-broker - -# Add the brokerpak(s) -(cd app-solr && curl -f -LO https://github.com/GSA/datagov-brokerpak-solr/releases/download/${DATAGOV_BROKERPAK_SOLR_VERSION}/datagov-services-pak-${DATAGOV_BROKERPAK_SOLR_VERSION}.brokerpak) - -# Install the Helm binary -curl -f -L ${BASE_URL}/${TAR_FILE} |tar xvz && \ - mv linux-amd64/helm app-solr/bin/helm && \ - chmod +x app-solr/bin/helm && \ - rm -rf linux-amd64 - -# Install kubectl -curl -f -LO https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ - mv kubectl app-solr/bin/kubectl && \ - chmod +x app-solr/bin/kubectl - -# Create a manifest for pushing by hand, if necessary -cat > manifest-solr.yml << MANIFEST ---- -# Make a copy of vars-solr-template.yml for each deployment target, editing the -# values to match your expectations. Then push with -# cf push ssb-solr -f manifest-solr.yml --vars-file vars-solr-ENV_NAME -applications: -- name: ssb-solr - path: app-solr - buildpacks: - - binary_buildpack - command: source .profile && ./cloud-service-broker serve - instances: 1 - memory: 256M - disk_quota: 2G - routes: - - route: ssb-solr-((ORG))-((SPACE)).app.cloud.gov - env: - SECURITY_USER_NAME: ((SECURITY_USER_NAME)) - SECURITY_USER_PASSWORD: ((SECURITY_USER_PASSWORD)) - AWS_ACCESS_KEY_ID: ((AWS_ACCESS_KEY_ID)) - AWS_SECRET_ACCESS_KEY: ((AWS_SECRET_ACCESS_KEY)) - AWS_DEFAULT_REGION: ((AWS_DEFAULT_REGION)) - DB_TLS: "skip-verify" - GSB_COMPATIBILITY_ENABLE_CATALOG_SCHEMAS: true - GSB_COMPATIBILITY_ENABLE_CF_SHARING: true - AWS_ZONE: ((AWS_ZONE)) -MANIFEST -cat > vars-solr-template.yml << VARS -AWS_ACCESS_KEY_ID: your-key-id -AWS_SECRET_ACCESS_KEY: your-key-secret -AWS_DEFAULT_REGION: us-west-2 -AWS_ZONE: your-ssb-zone -SECURITY_USER_NAME: your-broker-username -SECURITY_USER_PASSWORD: your-broker-password -ORG: gsa-datagov -SPACE: your-space -VARS diff --git a/application-boundary.tf b/application-boundary.tf index 1254cc1..7045e7e 100644 --- a/application-boundary.tf +++ b/application-boundary.tf @@ -12,7 +12,7 @@ module "broker_eks" { client_spaces = var.client_spaces enable_ssh = var.enable_ssh memory = 1024 - instances = 2 + instances = 1 aws_access_key_id = module.ssb-eks-broker-user.iam_access_key_id aws_secret_access_key = module.ssb-eks-broker-user.iam_access_key_secret aws_zone = var.broker_zone @@ -31,12 +31,18 @@ module "broker_smtp" { aws_zone = var.broker_zone } -# This is the back-end k8s instance to be used by the ssb-solr app -resource "cloudfoundry_service_instance" "k8s_cluster" { - name = "ssb-solr-k8s" +# For now we are using a hand-provisioned user-provided service, not managed by Terraform +data "cloudfoundry_space" "broker-space" { + name = var.broker_space.space + org_name = var.broker_space.org +} + +resource "cloudfoundry_service_instance" "solrcloud_broker_k8s_cluster" { + name = "ssb-solrcloud-k8s" space = data.cloudfoundry_space.broker_space.id service_plan = module.broker_eks.plans["aws-eks-service/raw"] tags = ["k8s"] + json_params = "{\"mng_min_capacity\": 1, \"mng_max_capacity\": 1, \"mng_desired_capacity\": 1, \"mng_instance_types\": [\"t2.small\"]}" timeouts { create = "60m" update = "90m" # in case of an EKS destroy/create @@ -47,32 +53,6 @@ resource "cloudfoundry_service_instance" "k8s_cluster" { ] } -# resource "cloudfoundry_service_instance" "solrcloud_broker_k8s_cluster" { -# name = "ssb-solrcloud-k8s" -# space = data.cloudfoundry_space.broker_space.id -# service_plan = module.broker_eks.plans["aws-eks-service/raw"] -# tags = ["k8s"] -# json_params = "{\"mng_min_capacity\": 8, \"mng_max_capacity\": 12, \"mng_desired_capacity\": 10}" -# timeouts { -# create = "60m" -# update = "90m" # in case of an EKS destroy/create -# delete = "40m" -# } -# depends_on = [ -# module.broker_eks -# ] -# } - -# For now we are using a hand-provisioned user-provided service, not managed by Terraform -data "cloudfoundry_space" "broker-space" { - name = var.broker_space.space - org_name = var.broker_space.org -} -data "cloudfoundry_user_provided_service" "ssb-solrcloud-k8s" { - name = "ssb-solrcloud-k8s" - space = data.cloudfoundry_space.broker-space.id -} - module "broker_solrcloud" { source = "./broker" @@ -82,17 +62,5 @@ module "broker_solrcloud" { client_spaces = var.client_spaces enable_ssh = var.enable_ssh memory = 1024 - # services = [cloudfoundry_service_instance.solrcloud_broker_k8s_cluster.id] - services = [data.cloudfoundry_user_provided_service.ssb-solrcloud-k8s.id] -} - -module "broker_solr" { - source = "./broker" - - name = "ssb-solr" - path = "./app-solr" - broker_space = var.broker_space - client_spaces = var.client_spaces - enable_ssh = var.enable_ssh - services = [cloudfoundry_service_instance.k8s_cluster.id] + services = [cloudfoundry_service_instance.solrcloud_broker_k8s_cluster.id] }