Add FwHeadless (renamed from CrdtMerge) deployment for k8s and GHA #1171
Conversation
|
If you end up not making a copy of develop-api.yaml and you want to filter based on paths changed you can use this action |
There was a problem hiding this comment.
Self-review completed. You might wonder if the SendReceiveConfig__Foo variables in k8s should be CrdtMergeConfig, but in fact the CrdtMerge code actually uses the name "SendReceiveConfig" when it binds to the app settings. I do think I should rename that to CrdtMergeConfig, but it's probably better to do that in a later PR after this one is merged, so that I can rename that app settings name everywhere all at once.
There was a problem hiding this comment.
Looks good, I left 2 comments to look at.
One issue that's not covered here, I'm not really sure where to cover it, is that by default this won't work on staging/develop/production because there's no auth for the S&R user. However we have the default password of our generated users, so for non production we can actually use username: 'admin' and the password from the secret 'db' key 'SEED_USER_PASSWORD'
I thought about using that and decided that perhaps a new secret was better, but on re-examination this is probably better because we won't need to make any changes to develop and staging. So I implemented this in commit 6028ea1. |
Instead of defining a new secret that will have to be added to develop and staging environments, we can reuse SEED_USER_PASSWORD and have things "just work". Then only prod will need a separate user account created and its credentials stored in a new secret.
rmunn
force-pushed
the
feat/deploy-crdtmerge
branch
from
cd2b7e7 to
6028ea1
Compare
|
@hahn-kev - Addressed your review comments, should be ready for re-review now. |
Also renamed SendReceiveConfig section of appsettings.json to FwHeadlessConfig so we get all the renames done at once.
rmunn
changed the title
|
Commit 140de48 has the big CrdtMerge -> FwHeadless rename. |
Will request: - 10Gi on GHA - 20Gi on local-dev - 20Gi on develop - 40Gi on staging - 80Gi on prod
This reverts commit acf0a27. We'll do this the simpler way.
Now we allocate 10 GiB everywhere, except 20 on staging and 150 GiB on production (similar size to hg-repos volume since we could potentially end up with copies of everything from hg-repos).
Chorus uses the XDG_DATA_HOME environment variable to save its settings. It doesn't exist in the base .NET SDK image, so we need to set it. We set it in the Dockerfile rather than in the k8s deployment because it should be the same everywhere.
Should make for cleaner shutdown and restart on deployment
Fix #1163.
This adds a new k8s deployment for FwHeadless (formerly called CrdtMerge) in its own pod, and adds GHA workflow steps to build and deploy it just like our other pods.
New secret named
fw-headlessshould be created in prod environment, containing the username and password of a user that will be allowed to Send/Receive any project. For local-dev, develop, and staging this should just be"admin"and the password from SEED_USER_PASSWORD, but for production we'll want a dedicated CrdtMerge user, so that if CrdtMerge credentials leak we can revoke that user's access and then set up a new one. (Or we could reuse the account that lfmerge is using, that would also work).