damondouglas commented on code in PR #23208: URL: https://github.com/apache/beam/pull/23208#discussion_r993912780
########## playground/infrastructure/helm-backend/templates/ingress.yml: ########## @@ -0,0 +1,79 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-playground + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ .Values.static_ip_name }} + networking.gke.io/managed-certificates: {{ .Values.project_id }} + networking.gke.io/v1beta1.FrontendConfig: pg-frontend + ingress.kubernetes.io/enable-cors: "true" + labels: + app: playground-go +spec: + rules: + - host: "go.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-go + port: + number: {{ .Values.service.port }} + - host: "java.{{ .Values.static_ip }}.nip.io" Review Comment: May need security review/approval. ########## .github/workflows/playground_deploy_infrastructure.yml: ########## @@ -0,0 +1,18 @@ +name: New environment creation +on: + workflow_dispatch: +jobs: + Infrastructure_deployment: + runs-on: ubuntu-latest + env: + PROJECT_ENV: beta + steps: + - name: git clone repo + uses: actions/checkout@v2 + - name: Setup GCP account + run: | + echo "${{ secrets.S3D_GCP_PLAYGROUND_SA_KEY }}" | base64 -d > /tmp/gcp_access.json Review Comment: uses your secret S3D ########## playground/terraform/README.md: ########## @@ -16,74 +16,114 @@ specific language governing permissions and limitations under the License. --> +# Here you will find the steps for deploying BEAM Playground on your project -# Requirements +## Prerequisites: -The following items need to be setup for the Playground cluster deployment on GCP: +### Before you will start with the installation steps, please read this carefully: +1. [How to create a new project in Google Cloud Platform](https://cloud.google.com/resource-manager/docs/creating-managing-projects/) _(Note: How to create a new project in Google Cloud Platform. It's strongly recommended to use the new Google Cloud Project for your new projects)_ -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) +2. [How to create a new service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) _(Note: You will find the instruction "How to create Service account" for your new project)_ -# Deployment steps +3. [How to create a JSON key for a Google Service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) _(Note: In this instruction will be explained how to create a JSON key for your service account. it will be required for authentication)_ -## 0. Create GCS bucket for state +4. [How to create a new bucket](https://cloud.google.com/storage/docs/creating-buckets) _(Note: Short instruction for bucket creation. You will need at least one bucket for file keeping)_ -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name -``` +5. [How to assign a new role for the service account](https://cloud.google.com/iam/docs/granting-changing-revoking-access) _(Note: It will explain how to assign required roles for your service account)_ -## 1. Create new environment +6. [How to install gcloud CLI to your local environment](https://cloud.google.com/sdk/docs/install?hl=en) _(Note: GCloud - Google command line interface, which will allow you to interact with the Google cloud platform thru the command line (https://en.wikipedia.org/wiki/Command-line_interface)_ -To provide information about the terraform backend, run the following commands +7. [What are Google Cloud Platform APIs](https://cloud.google.com/apis) _(Note: Short description of all Google Platform APIs)_ -* New environment folder +8. [Google Cloud Platform naming policy](https://cloud.google.com/compute/docs/naming-resources) _(Note: Describes the naming convention for Compute Engine resources)_ -```bash -mkdir /path/to/beam/playground/terraform/environment/{env-name} -``` +***Google Cloud preparation steps:*** +After you created or identified an existing project for deployment, add or select a service account with a JSON key, and add or select state_bucket for storing the Terraform state data according to the instructions above: + - App Engine Admin + - App Engine Creator + - Artifact Registry Administrator + - Cloud Memorystore Redis Admin + - Compute Admin + - Create Service Accounts + - Kubernetes Engine Admin + - Quota Administrator + - Role Administrator + - Security Admin + - Service Account User + - Storage Admin + - Cloud Datastore Index Admin -* Backend config +***Operation System preparation steps:*** -```bash -echo 'bucket = "put your state bucket name here"' > /path/to/beam/playground/terraform/environment/{env-name}/state.tfbackend -``` +During the Operation system preparation steps, you will need to install Java, HELM, GIT, Docker, GCloud, Terraform, Kubernetes command line interface -* Terraform variables config and provide necessary variables +* [Java](https://adoptopenjdk.net/) -```bash -touch /path/to/beam/playground/terraform/environment/{env-name}/terraform.tfvars -``` +* [Kubernetes Command Line Interface](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) -Then provide necessary variables. +* [HELM](https://helm.sh/docs/intro/install/) -## 2. Provision infrastructure - -To deploy Playground infrastructure run gradle task: - -```bash -./gradlew playground:terraform:InitInfrastructure -Pproject_environment="env-name" -``` +* [Docker](https://docs.docker.com/engine/install/) -## 3. Deploy application +* [Terraform](https://www.terraform.io/downloads) -To deploy application run following steps: +After installations of the required packages will be completed, you will need to download ***BEAM Playground*** from the repository. -* Authinticate in Artifact registry +Once downloading is completed you will find the "beam" folder on your disk (you can execute the `ls -la` command for Linux, or the `dir` command for Windows). Open that folder -```bash -gcloud auth configure-docker us-central1-docker.pkg.dev +It is possible to configure BEAM to work with the different versions of the environment (like staging, production, etc.), you will need to create a special folder in `playground/terraform/environment` and put all configuration files inside: +* File name - `terraform.tfvars`, items inside: ``` +network_name = "network_name" #Enter the network name - you can choose any name for the network according to the naming policy above +project_id = "project_id" #Enter the project ID - ID of created project +gke_name = "playground-backend" #Set the GKE name - you can choose any name for Google Kubernetes Engine according to the naming policy above +region = "us-east1" #Set the region - preferred region according to your needs +location = "us-east1-b" #Select the location - location should be in region you set before +state_bucket = "bucket_name" #Name of bucket - Google Cloud bucket where BEAM Playground will put temp files, [terraform state file] (https://spacelift.io/blog/terraform-state) +bucket_examples_name = "bucket_name-example" #Enter an example bucket name - bucket for some build-in examples for BEAM Playground +``` +* File name - `state.tfbackend`, item inside: +``` +bucket = "bucket_name" #input bucket name - will be used for terraform tfstate file +``` +Then, let's configure authentication for the Google Cloud Platform: -* Š’eploy backend services - -```bash -./gradlew playground:terraform:deployBackend -Pproject_environment="env-name" -Pdocker-tag="tag" +* The following command allows us to authenticate using JSON key file +``` + export GOOGLE_APPLICATION_CREDENTIALS=`your service account JSON key location` (absolute path) +``` +* Using the following command, we will activate the newly created service account: +``` + gcloud auth activate-service-account `full principal service account` --key-file=`your service account JSON key location` (absolute path) ``` -* Deploy frontend service +# Infrastructure deployment: +* To deploy the Infrastructure, use the following command (please be sure that you are in the "beam" folder): +``` +./gradlew playground:terraform:InitInfrastructure -Pproject_environment="env" (env - folder name which you created for configuration files) +``` +# Backend deployment: +Once the script was executed successfully, you will need to authenticate on Docker and Google Kubernetes Engine +The following command will authorize us in the Docker registry +``` + cat `your service account json key locaton` | docker login -u _json_key --password-stdin https://`chosen_region`-docker.pkg.dev +``` +* The following command will authenticate us in GKE +``` +gcloud container clusters get-credentials --region `chosen_pg_location` `gke_name` --project `project_id` +``` +* We need to create database indexes for BEAM playground examples by the following command: +``` +gcloud app deploy playground/index.yaml --project=`project_id` +``` +That's all, the configuration of the environment has been completed. For deploying the backend part to the Google cloud Kubernetes engine, please execute the following command (Ensure you are in the "beam" folder): +``` +./gradlew playground:terraform:gkebackend -Pproject_environment="env" -Pdocker-tag="tag" (env - folder name which you created for configuration files, tag - image tag for backend) Review Comment: Getting error: ``` Caused by: java.io.IOException: Cannot run program "helm" (in directory "<path to project>/playground/terraform"): error=2, No such file or directory at net.rubygrapefruit.platform.internal.DefaultProcessLauncher.start(DefaultProcessLauncher.java:25) ... 6 more Caused by: java.io.IOException: error=2, No such file or directory ... 7 more ``` When running, `helm version`, I see: ``` version.BuildInfo{Version:"v3.9.4", GitCommit:"dbc6d8e20fe1d58d50e6ed30f09a04a77e4c68db", GitTreeState:"clean", GoVersion:"go1.17.13"} ``` ########## playground/infrastructure/helm-backend/templates/ingress.yml: ########## @@ -0,0 +1,79 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-playground + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ .Values.static_ip_name }} + networking.gke.io/managed-certificates: {{ .Values.project_id }} + networking.gke.io/v1beta1.FrontendConfig: pg-frontend + ingress.kubernetes.io/enable-cors: "true" + labels: + app: playground-go +spec: + rules: + - host: "go.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-go + port: + number: {{ .Values.service.port }} + - host: "java.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-java + port: + number: {{ .Values.service.port }} + - host: "python.{{ .Values.static_ip }}.nip.io" Review Comment: May need security review/approval. ########## playground/infrastructure/helm-backend/templates/ingress.yml: ########## @@ -0,0 +1,79 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-playground + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ .Values.static_ip_name }} + networking.gke.io/managed-certificates: {{ .Values.project_id }} + networking.gke.io/v1beta1.FrontendConfig: pg-frontend + ingress.kubernetes.io/enable-cors: "true" + labels: + app: playground-go +spec: + rules: + - host: "go.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-go + port: + number: {{ .Values.service.port }} + - host: "java.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-java + port: + number: {{ .Values.service.port }} + - host: "python.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-python + port: + number: {{ .Values.service.port }} + - host: "router.{{ .Values.static_ip }}.nip.io" Review Comment: May need security review/approval. ########## playground/infrastructure/helm-backend/templates/managecert.yml: ########## @@ -0,0 +1,27 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ .Values.project_id }} +spec: + domains: + - go.{{ .Values.static_ip }}.nip.io + - java.{{ .Values.static_ip }}.nip.io + - python.{{ .Values.static_ip }}.nip.io + - router.{{ .Values.static_ip }}.nip.io + - scio.{{ .Values.static_ip }}.nip.io Review Comment: May need security review/approval. ########## playground/infrastructure/helm-backend/templates/ingress.yml: ########## @@ -0,0 +1,79 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-playground + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ .Values.static_ip_name }} + networking.gke.io/managed-certificates: {{ .Values.project_id }} + networking.gke.io/v1beta1.FrontendConfig: pg-frontend + ingress.kubernetes.io/enable-cors: "true" + labels: + app: playground-go +spec: + rules: + - host: "go.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-go + port: + number: {{ .Values.service.port }} + - host: "java.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-java + port: + number: {{ .Values.service.port }} + - host: "python.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-python + port: + number: {{ .Values.service.port }} + - host: "router.{{ .Values.static_ip }}.nip.io" + http: + paths: + - path: "/*" + pathType: ImplementationSpecific + backend: + service: + name: playground-router + port: + number: {{ .Values.service.port }} + - host: "scio.{{ .Values.static_ip }}.nip.io" Review Comment: May need security review/approval. ########## playground/infrastructure/helm-backend/templates/ingress.yml: ########## @@ -0,0 +1,79 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-playground + annotations: + kubernetes.io/ingress.global-static-ip-name: {{ .Values.static_ip_name }} + networking.gke.io/managed-certificates: {{ .Values.project_id }} + networking.gke.io/v1beta1.FrontendConfig: pg-frontend + ingress.kubernetes.io/enable-cors: "true" + labels: + app: playground-go +spec: + rules: + - host: "go.{{ .Values.static_ip }}.nip.io" Review Comment: @pabloem May need security review/approval. I've flagged the others below. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
