deploy to k8s

Author: Evgeny Shvarov

.github/workflows/workflow.yaml

@@ -0,0 +1,119 @@
+name: Build DC-analytics image, deploy it to GCR. Run GKE. Run DC-analytics in GKE
+
+on:
+  push:
+    branches:
+      - master
+    
+
+# Environment variables.
+# ${{ secrets }} are taken from GitHub -> Settings -> Secrets
+# ${{ github.sha }} is the commit hash
+env:
+  PROJECT_ID: iris-community-demos
+  SERVICE_ACCOUNT_KEY: ${{ secrets.SERVICE_ACCOUNT_KEY }}
+  GOOGLE_CREDENTIALS: ${{ secrets.TF_SERVICE_ACCOUNT_KEY }}
+  GITHUB_SHA: ${{ github.sha }}
+  GCR_LOCATION: eu.gcr.io
+  IMAGE_NAME: dc-analytics-image
+  GKE_CLUSTER: dc-analytics-cluster
+  GKE_ZONE: europe-west1-b
+  K8S_NAMESPACE: iris
+  STATEFULSET_NAME: dc-analytics
+
+jobs:
+  gcloud-setup-and-build-and-publish-to-GCR:
+    name: Setup gcloud utility, Build DC-ANALYTICS image and Publish it to Container Registry
+    runs-on: ubuntu-18.04
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup gcloud cli
+      uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
+      with:
+        version: '275.0.0'
+        service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY }}
+
+    - name: Configure docker to use the gcloud as a credential helper
+      run: |
+        gcloud auth configure-docker
+
+    - name: Build DC-ANALYTICS image
+      run: |
+        docker build -t ${GCR_LOCATION}/${PROJECT_ID}/${IMAGE_NAME}:${GITHUB_SHA} .
+
+    - name: Publish DC-ANALYTICS image to Google Container Registry
+      run: |
+        docker push ${GCR_LOCATION}/${PROJECT_ID}/${IMAGE_NAME}:${GITHUB_SHA}
+
+  gke-provisioner:
+    # Inspired by:
+    ## https://www.terraform.io/docs/github-actions/getting-started.html
+    ## https://github.com/hashicorp/terraform-github-actions
+    name: Provision GKE cluster
+    runs-on: ubuntu-18.04
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Terraform init
+      uses: hashicorp/terraform-github-actions@master
+      with:
+        tf_actions_version: 0.12.17
+        tf_actions_subcommand: 'init'
+        tf_actions_working_dir: 'terraform'
+
+    - name: Terraform validate
+      uses: hashicorp/terraform-github-actions@master
+      with:
+        tf_actions_version: 0.12.17
+        tf_actions_subcommand: 'validate'
+        tf_actions_working_dir: 'terraform'
+
+    - name: Terraform plan
+      uses: hashicorp/terraform-github-actions@master
+      with:
+        tf_actions_version: 0.12.17
+        tf_actions_subcommand: 'plan'
+        tf_actions_working_dir: 'terraform'
+
+    - name: Terraform apply
+      uses: hashicorp/terraform-github-actions@master
+      with:
+        tf_actions_version: 0.12.17
+        tf_actions_subcommand: 'apply'
+        tf_actions_working_dir: 'terraform'
+
+  kubernetes-deploy:
+    name: Deploy Kubernetes manifests to GKE cluster
+    needs:
+    - gcloud-setup-and-build-and-publish-to-GCR
+    - gke-provisioner
+    runs-on: ubuntu-18.04
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Replace placeholders with values in statefulset template
+      working-directory: ./k8s/
+      run: |
+        cat statefulset.tpl |\
+        sed "s|DOCKER_REPO_NAME|${GCR_LOCATION}/${PROJECT_ID}/${IMAGE_NAME}|" |\
+        sed "s|DOCKER_IMAGE_TAG|${GITHUB_SHA}|" > statefulset.yaml
+        cat statefulset.yaml
+
+    - name: Setup gcloud cli
+      uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
+      with:
+        version: '275.0.0'
+        service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY }}
+
+    - name: Apply Kubernetes manifests
+      working-directory: ./k8s/
+      run: |
+        gcloud container clusters get-credentials ${GKE_CLUSTER} --zone ${GKE_ZONE} --project ${PROJECT_ID}
+        kubectl apply -f namespace.yaml
+        kubectl apply -f service.yaml
+        kubectl apply -f statefulset.yaml
+        kubectl -n ${K8S_NAMESPACE} rollout status statefulset/${STATEFULSET_NAME}

dev.md

@@ -17,5 +17,11 @@ docker-compose exec iris iris session iris -U IRISAPP
 ```
 
 ## global export
+```
  $System.OBJ.Export("GlobalName.GBL","/irisdev/app/src/gbl/globalname.xml")
+```
+
+## service account key base64 command
+```
+$ base64 iris-community-demos-09899421cfc4.json | tr -d '\n'
 ```

k8s/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: iris

k8s/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: dc-analytics
+  namespace: iris
+spec:
+  selector:
+    app: dc-analytics
+  ports:
+  - name: web
+    protocol: TCP
+    port: 52773
+    targetPort: 52773
+  - name: super
+    protocol: TCP
+    port: 51773
+    targetPort: 51773
+  type: LoadBalancer

k8s/statefulset.tpl

@@ -0,0 +1,67 @@
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+  name: dc-analytics
+  namespace: iris
+spec:
+  serviceName: dc-analytics
+  replicas: 1
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: dc-analytics
+  template:
+    metadata:
+      labels:
+        app: dc-analytics
+    spec:
+
+      initContainers:
+      - name: dc-volume-change-owner-hack
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          chown -R 51773:52773 /opt/dcanalytics/DCANALYTICS-DATA
+          chmod g+w /opt/dcanalytics/DCANALYTICS-DATA
+          echo -e "zn \"%sys\"\nif (##class(SYS.Database).%ExistsId(\"/opt/dcanalytics/DCANALYTICS-DATA\")) { halt }\nset db=##class(SYS.Database).%New()\nset db.Directory=\"/opt/dcanalytics/DCANALYTICS-DATA\"\nset db.ResourceName=\"%DB_DCANALYTICS\"\nwrite db.%Save()\nhalt" > /mount-helper/mount_dcanalytics_data
+        volumeMounts:
+        - mountPath: /opt/dcanalytics/DCANALYTICS-DATA
+          name: dc-volume
+        - mountPath: /mount-helper
+          name: mount-helper
+      volumes:
+      - emptyDir: {}
+        name: mount-helper
+      containers:
+      - image: DOCKER_REPO_NAME:DOCKER_IMAGE_TAG
+        name: dc-analytics
+        lifecycle:
+          postStart:
+            exec:
+              command:
+              - /bin/bash
+              - -c
+              - |
+                sleep 30
+                iris session iris < /mount-helper/mount_dcanalytics_data
+        ports:
+        - containerPort: 52773
+          name: web
+        volumeMounts:
+        - mountPath: /opt/dcanalytics/DCANALYTICS-DATA
+          name: dc-volume
+        - mountPath: /mount-helper
+          name: mount-helper
+  volumeClaimTemplates:
+  - metadata:
+      name: dc-volume
+      namespace: iris
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi

src/cls/Community/Utils.cls

@@ -75,7 +75,7 @@ ClassMethod UpdateCubes(verbose = 1) As %Status
 		#; if (cube="POST") continue
 		quit:cube=""
 
-		Set st1 = ##class(%DeepSee.Utils).%BuildCube(cube, $$$YES, verbose)
+		Set st1 = ##class(%DeepSee.Utils).%BuildCube(cube, $$$YES, verbose,,10000)
 
 		set st = $$$ADDSC(st, st1) 
 	}

terraform/main.tf

@@ -0,0 +1,81 @@
+/*
+  It's a Terraform file from article https://community.intersystems.com/post/automating-gke-creation-circleci-builds
+  Several placeholders are used here. See below their meaning:
+
+  ---------------------------------------------------------------------------------------------------
+  Placeholder       | Meaning                                           | Example
+  ---------------------------------------------------------------------------------------------------
+  <PROJECT_ID>      | GCP project ID                                    | possible-symbol-254507  
+  <BUCKET_NAME>     | Storage for Terraform state/lock—should be unique | circleci-gke-terraform-demo
+  <REGION>          | Region where resources will be created            | europe-west1
+  <LOCATION>        | Zone where resources will be created              | europe-west1-b
+  <CLUSTER_NAME>    | GKE cluster name                                  | dev-cluster
+  <NODES_POOL_NAME> | GKE worker nodes pool name                        | dev-cluster-node-pool 
+  ---------------------------------------------------------------------------------------------------
+*/
+
+/*
+  Also, please note that Terraform uses remote bucket. This bucket should be initially created
+  The following commands could be useful for that:
+
+  Check <BUCKET_NAME> availability:
+  $ gsutil acl get gs://<BUCKET_NAME>
+
+  Good answer:
+  BucketNotFoundException: 404 gs://<BUCKET_NAME> bucket does not exist
+
+  "Busy" answer:
+  AccessDeniedException: 403 <YOUR_ACCOUNT> does not have storage.buckets.get access to <BUCKET_NAME>
+
+  Create bucket with versioning:
+  $ gsutil mb -l EU gs://<BUCKET_NAME>
+  
+  $ gsutil versioning get gs://<BUCKET_NAME>
+  gs://<BUCKET_NAME>: Suspended
+
+  $ gsutil versioning set on gs://<BUCKET_NAME>
+
+  $ gsutil versioning get gs://<BUCKET_NAME>
+  gs://<BUCKET_NAME>: Enabled
+
+*/
+
+terraform {
+  required_version = "~> 0.12"
+  backend "gcs" {
+    bucket      = "dc-analytics"
+    prefix      = "terraform/state"
+  }
+}
+
+provider "google" {
+  project     = "iris-community-demos"
+  region      = "europe-west1"
+}
+
+resource "google_container_cluster" "gke-cluster" {
+  name                     = "dc-analytics-cluster"
+  location                 = "europe-west1-b"
+  remove_default_node_pool = true
+  # In regional cluster (location is region, not zone) this is a number of nodes per zone
+  initial_node_count = 1
+}
+
+resource "google_container_node_pool" "preemptible_node_pool" {
+  name     = "dc-analytics-node-pool"
+  location = "europe-west1-b"
+  cluster  = google_container_cluster.gke-cluster.name
+  # In regional cluster (location is region, not zone) this is a number of nodes per zone
+  node_count = 1
+
+  node_config {
+    preemptible  = true
+    machine_type = "n1-standard-1"
+    oauth_scopes = [
+      "storage-ro",
+      "logging-write",
+      "monitoring"
+    ]
+  }
+}
+