Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helm chart for cht sync #90

Merged
merged 22 commits into from
Jul 19, 2024
Merged
Show file tree
Hide file tree
Changes from 11 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 44 additions & 19 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,25 +1,50 @@
name: Build cht-sync containers

on: [push, pull_request]
on: [push]

jobs:

build:
name: Compile the app
runs-on: ubuntu-22.04

runs-on: ubuntu-latest
outputs:
BRANCH: ${{ steps.output_branch.outputs.BRANCH }}
steps:
- name: Get Docker Hub username
id: get-docker-hub-username
run: echo '::set-output name=dockerhub_username::${{ secrets.DOCKERHUB_USERNAME }}'
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: steps.get-docker-hub-username.outputs.dockerhub_username
- uses: actions/checkout@v2
- name: Docker Build
run: docker-compose build
- name: Docker Push
run: docker-compose push
- name: Checkout
uses: actions/checkout@v3

- name: Extract branch name
shell: bash
run: echo "BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
id: extract_branch

- id: output_branch
run: echo "::set-output name=BRANCH::${{ env.BRANCH }}"

- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push logstash
uses: docker/build-push-action@v4
with:
context: ./logstash
file: ./logstash/Dockerfile
push: true
tags: medicmobile/cht-logstash-couchdb:${{ env.BRANCH }}

- name: Build and push dataemon
uses: docker/build-push-action@v4
with:
context: ./dbt
file: ./dbt/Dockerfile
push: true
tags: medicmobile/dataemon:${{ env.BRANCH }}

- name: Build and push redis-worker
uses: docker/build-push-action@v4
with:
context: ./redis-worker
file: ./redis-worker/Dockerfile
push: true
tags: dockermedic/cht-sync-redis-worker:${{ env.BRANCH }}
12 changes: 11 additions & 1 deletion dbt/dbt-run.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,17 @@ def connection():
with conn.cursor() as cur:
cur.execute(f"""
CREATE SCHEMA IF NOT EXISTS
{os.getenv('POSTGRES_SCHEMA')}
{os.getenv('POSTGRES_SCHEMA')};

CREATE TABLE IF NOT EXISTS {os.getenv('POSTGRES_SCHEMA')}.{os.getenv('POSTGRES_TABLE')} (
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should totally aim not not create tables and such in code. I believe the whole allure of dbt is that you can have these versioned clean schema files, but here we're just inlining the table create in python?
Is there a way we can use dbt to create these and keep the schema in its own file?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, how is this connected to the helm chart?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

its not related to the the helm chart and was already merged to main separately.
dbt mainly creates tables by wrapping select from existing tables in create table statements, the assumption is that there's some source db that dbt is not managing.

but it is possible to just run raw sql, including ddl and yea i agree in this case probably makes more sense to do that instead of creating the table here. Also then could just have one "root" table instead of two.

related to medic/cht-pipeline#84

"@version" TEXT,
"@timestamp" TIMESTAMP,
"_id" TEXT,
"_rev" TEXT,
doc jsonb,
doc_as_upsert BOOLEAN,
UNIQUE ("_id", "_rev")
);
""")
conn.commit()

Expand Down
24 changes: 24 additions & 0 deletions deploy/cht_sync/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: cht_sync
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.1.0"
42 changes: 42 additions & 0 deletions deploy/cht_sync/templates/dbt.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cht-sync-dbt
spec:
replicas: 1
selector:
matchLabels:
app: cht-sync
template:
metadata:
labels:
app: cht-sync
spec:

Check warning

Code scanning / SonarCloud

Service account tokens should not be mounted in pods Medium

Set automountServiceAccountToken to false for this specification of kind Deployment. See more on SonarCloud
automountServiceAccountToken: false
containers:
- name: dbt

Check warning

Code scanning / SonarCloud

CPU limits should be enforced Medium

Specify a CPU limit for this container. See more on SonarCloud

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarCloud
image: medicmobile/dataemon:{{ .Values.image_tag | default "latest" }}
resources:
limits:
cpu: {{ (.Values.dbt).cpu_limit | default "500m" }}
memory: {{ (.Values.dbt).memory_limit | default "1Gi" }}
env:
- name: POSTGRES_HOST
value: {{ .Values.postgres.host | default "postgres" }}
- name: POSTGRES_USER
value: {{ .Values.postgres.user }}
- name: POSTGRES_PORT
value: {{ .Values.postgres.port | default "5432" | quote }}
- name: POSTGRES_PASSWORD
value: {{ .Values.postgres.password }}
- name: POSTGRES_DB
value: {{ .Values.postgres.db }}
- name: POSTGRES_TABLE
value: {{ .Values.postgres.table }}
- name: POSTGRES_SCHEMA
value: {{ .Values.postgres.schema }}
- name: ROOT_POSTGRES_SCHEMA
value: {{ .Values.postgres.schema }}
- name: CHT_PIPELINE_BRANCH_URL
value: {{ .Values.cht_pipeline_branch_url }}

45 changes: 45 additions & 0 deletions deploy/cht_sync/templates/logstash.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# templates/logstash.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: cht-sync-logstash
spec:
replicas: 1
selector:
matchLabels:
app: cht-sync
template:
metadata:
labels:
app: cht-sync
spec:

Check warning

Code scanning / SonarCloud

Service account tokens should not be mounted in pods Medium

Set automountServiceAccountToken to false for this specification of kind Deployment. See more on SonarCloud
automountServiceAccountToken: false
containers:
- name: logstash

Check warning

Code scanning / SonarCloud

CPU limits should be enforced Medium

Specify a CPU limit for this container. See more on SonarCloud

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarCloud
image: medicmobile/cht-logstash-couchdb:{{ .Values.image_tag | default "latest" }}
resources:
limits:
cpu: {{ (.Values.logstash).cpu_limit | default "2" }}
memory: {{ (.Values.logstash).memory_limit | default "2Gi" }}
env:
- name: COUCHDB_USER
value: {{ .Values.couchdb.user }}
- name: COUCHDB_PASSWORD
value: {{ .Values.couchdb.password }}
- name: COUCHDB_HOST
value: {{ .Values.couchdb.host }}
- name: COUCHDB_DBS
value: {{ .Values.couchdb.dbs }}
- name: COUCHDB_PORT
value: {{ .Values.couchdb.port | quote }}
- name: COUCHDB_SECURE
value: {{ .Values.couchdb.secure | default "false" | quote }}
- name: COUCHDB_SEQ # don't allow this to be changed
value: "/tmp/couchdb/sequence_path.txt"
- name: REDIS_HOST
value: "redis"
- name: REDIS_PORT
value: "6379"
- name: REDIS_KEY
value: {{ (.Values.redis).key | default "couchdb" }}
13 changes: 13 additions & 0 deletions deploy/cht_sync/templates/postgres-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{- if .Values.postgres.enabled }}
apiVersion: v1
kind: Service
metadata:
name: postgres
spec:
selector:
inner.service: postgres
ports:
- protocol: TCP
port: {{ .Values.postgres.port | default "5432" }}
targetPort: 5432
{{- end }}
47 changes: 47 additions & 0 deletions deploy/cht_sync/templates/postgres.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# templates/postgres.yaml

{{- if .Values.postgres.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cht-sync-postgres
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
app: cht-sync
inner.service: postgres
template:
metadata:
labels:
app: cht-sync
inner.service: postgres
spec:
automountServiceAccountToken: false
containers:
- name: postgres-c
image: postgres:13
resources:
limits:
cpu: {{ (.Values.postgres).cpu_limit | default "1000m" }}
memory: {{ (.Values.postgres).memory_limit | default "2Gi" }}
env:
- name: POSTGRES_USER
value: {{ .Values.postgres.user }}
- name: POSTGRES_PASSWORD
value: {{ .Values.postgres.password }}
- name: POSTGRES_DB
value: {{ .Values.postgres.db }}
ports:
- containerPort: {{ .Values.postgres.port | default "5432" }}

volumeClaimTemplates:
- metadata:
name: postgres-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.postgres.storageSize | default "1Gi" }}
{{- end }}
10 changes: 10 additions & 0 deletions deploy/cht_sync/templates/postgrest-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: postgrest
spec:
selector:
inner.service: postgrest
ports:
- protocol: TCP
port: 3000
39 changes: 39 additions & 0 deletions deploy/cht_sync/templates/postgrest.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# templates/postgrest.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: cht-sync-postgrest
spec:
replicas: 1
selector:
matchLabels:
app: cht-sync
inner.service: postgrest
template:
metadata:
labels:
app: cht-sync
inner.service: postgrest
spec:

Check warning

Code scanning / SonarCloud

Service account tokens should not be mounted in pods Medium

Set automountServiceAccountToken to false for this specification of kind Deployment. See more on SonarCloud
automountServiceAccountToken: false
containers:
- name: postgrest

Check warning

Code scanning / SonarCloud

CPU limits should be enforced Medium

Specify a CPU limit for this container. See more on SonarCloud

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarCloud
image: postgrest/postgrest
resources:
limits:
cpu: {{ (.Values.postgrest).cpu_limit | default "1000m" }}
memory: {{ (.Values.postgrest).memory_limit | default "500Mi" }}
env:
- name: PGRST_DB_URI
value: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This causes the error below. Setting the value to {{ printf "postgres://%s:%s@%s:5432/%s" .Values.postgres.user .Values.postgres.password .Values.postgres.host .Values.postgres.db }} works though.

{"code":"PGRST000","details":"connection to server at \"postgres\" (172.20.202.161), port 5432 failed: FATAL:  database \"data\n\" does not exist\n","hint":null,"message":"Database connection error. Retrying the connection."}

{{ printf "postgres://%s:%s@%s:%d/%s"
.Values.postgres.user
.Values.postgres.password
( .Values.postgres.host | default "postgres" )
(int .Values.postgres.port | default 5432)
.Values.postgres.db }}
- name: PGRST_DB_SCHEMA
value: {{ .Values.postgres.schema }}
- name: PGRST_DB_ANON_ROLE
value: {{ .Values.postgres.user }}
11 changes: 11 additions & 0 deletions deploy/cht_sync/templates/redis-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
selector:
inner.service: redis
ports:
- protocol: TCP
port: 6379
targetPort: 6379
35 changes: 35 additions & 0 deletions deploy/cht_sync/templates/redis-worker.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# templates/postgrest.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: cht-sync-redis-worker
spec:
replicas: 1
selector:
matchLabels:
app: cht-sync
template:
metadata:
labels:
app: cht-sync
spec:
automountServiceAccountToken: false
containers:
- name: redis-worker
image: dockermedic/cht-sync-redis-worker:{{ .Values.image_tag | default "latest" }}
resources:
limits:
cpu: {{ (.Values.redis_worker).cpu_limit | default "500m" }}
memory: {{ (.Values.redis_worker).memory_limit | default "500Mi" }}
env:
- name: REDIS_HOST
value: "redis"
- name: REDIS_PORT
value: "6739"
- name: REDIS_KEY
value: {{ (.Values.redis).key | default "couchdb" }}
- name: POSTGREST_ENDPOINT
value: "postgrest:3000"
- name: REDIS_BATCH_SIZE
value: {{ (.Values.redis).batch_size | default "100" | quote }}
35 changes: 35 additions & 0 deletions deploy/cht_sync/templates/redis.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# templates/postgrest.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cht-sync-redis
spec:
serviceName: redis
replicas: 1
selector:
matchLabels:
app: cht-sync
inner.service: redis
template:
metadata:
labels:
app: cht-sync
inner.service: redis
spec:
automountServiceAccountToken: false
containers:
- name: redis
image: redis:latest
resources:
limits:
cpu: {{ (.Values.redis).cpu_limit | default "500m" }}
memory: {{ (.Values.redis).memory_limit | default "2Gi" }}
volumeClaimTemplates:
- metadata:
name: redis-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ (.Values.redis).storageSize | default "1Gi" }}
Loading
Loading