huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ci(docker compose & helm chart): test deployment configuration in CI (#1881)

Browse Source
This commit is contained in:
Iain Sproat
2024-01-30 15:21:18 +00:00
committed by GitHub
parent b5f77f3921
commit 185d84530e
40 changed files with 857 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.circleci/config.yml
+157
View File
@@ -39,6 +39,54 @@ workflows:
- chromatic-ui-components
filters: *filters-allow-all
- deployment-testing-approval:
type: approval
filters: &filters-ignore-main-branch-or-all-tags
branches:
ignore:
- main
- frontend-2
tags:
ignore: /.*/
- deployment-test-docker-compose:
filters: &filters-deployment-testing
tags:
# run tests for any commit on any branch, including any tags
only: /.*/
requires:
- get-version
- pre-commit
- deployment-testing-approval
- test-frontend-2
- test-server
- docker-build-server
- docker-build-frontend
- docker-build-frontend-2
- docker-build-previews
- docker-build-webhooks
- docker-build-file-imports
- docker-build-test-container
- docker-build-monitor-container
- docker-build-docker-compose-ingress
- deployment-test-helm-chart:
filters: *filters-deployment-testing
requires:
- get-version
- pre-commit
- deployment-testing-approval
- test-frontend-2
- test-server
- docker-build-server
- docker-build-frontend
- docker-build-frontend-2
- docker-build-previews
- docker-build-webhooks
- docker-build-file-imports
- docker-build-test-container
- docker-build-monitor-container
- get-version:
filters: *filters-allow-all
@@ -232,6 +280,8 @@ workflows:
- docker-publish-server
- docker-publish-test-container
- docker-publish-webhooks
- deployment-test-docker-compose
- deployment-test-helm-chart
- get-version
- publish-approval
@@ -610,6 +660,113 @@ jobs:
additional-arguments: --yarn-workspaces --strict-out-of-sync=false
fail-on-issues: false
deployment-test-docker-compose:
machine:
image: ubuntu-2204:2023.02.1
docker_layer_caching: true
resource_class: large
working_directory: *work-dir
steps:
- checkout
- attach_workspace:
at: /tmp/ci/workspace
# create the nix folder with permissive write permissions
- run: |
sudo mkdir /nix
sudo chmod 777 /nix
- restore_cache:
keys:
- nix-{{ checksum "./.circleci/deployment/docker-compose-shell.nix" }}
- run:
name: Install the nix package manager
command: |
sh <(curl -L https://nixos.org/nix/install) --daemon --yes
echo "source /etc/bashrc" >> "${BASH_ENV}"
- run:
name: Initialize nix shell
command: |
nix-shell --run "echo Here, a nix shell for you" ./.circleci/deployment/docker-compose-shell.nix
- save_cache:
key: nix-{{ checksum "./.circleci/deployment/docker-compose-shell.nix" }}
paths:
- /nix
- run: cat workspace/env-vars >> $BASH_ENV
- run: nix-shell --run "tilt ci --file ./.circleci/deployment/Tiltfile.dockercompose" ./.circleci/deployment/docker-compose-shell.nix
deployment-test-helm-chart:
machine:
image: ubuntu-2204:2023.02.1
docker_layer_caching: true
resource_class: large
working_directory: *work-dir
steps:
- checkout
- attach_workspace:
at: /tmp/ci/workspace
# create the nix folder with permissive write permissions
- run: |
sudo mkdir /nix
sudo chmod 777 /nix
- restore_cache:
keys:
- nix-{{ checksum "./.circleci/deployment/helm-chart-shell.nix" }}
- run:
name: Install the nix package manager
command: |
sh <(curl -L https://nixos.org/nix/install) --daemon --yes
echo "source /etc/bashrc" >> "${BASH_ENV}"
- run:
name: Initialize nix shell
command: |
nix-shell \
--run "echo Here, a nix shell for you" \
./.circleci/deployment/helm-chart-shell.nix
- save_cache:
key: nix-{{ checksum "./.circleci/deployment/helm-chart-shell.nix" }}
paths:
- /nix
- run: cat workspace/env-vars >> $BASH_ENV
- run: echo "export KUBECONFIG=$(pwd)/.kube/config" >> "${BASH_ENV}"
- run: echo "${KUBECONFIG}"
- run:
name: Template Helm Chart
command: |
nix-shell \
--run "helm template speckle-server ./utils/helm/speckle-server" \
./.circleci/deployment/helm-chart-shell.nix
- run:
name: Add 127.0.0.1 domains to /etc/hosts
command: |
sudo tee -a /etc/hosts \<<<'127.0.0.1 speckle.internal'
cat /etc/hosts
- run:
name: Change directory permissions to allow kind to create directories
command: |
mkdir -p "./minio-data"
if [ "$(stat -f "%A" "./minio-data")" != "775" ]; then
echo "🔐 We need 'sudo' to set permissions on minio-data directory to 775"
sudo chmod 775 "./minio-data"
fi
mkdir -p "./postgres-data"
if [ "$(stat -f "%A" "./postgres-data")" != "775" ]; then
echo "🔐 We need 'sudo' to set permissions on postgres-data directory to 775"
sudo chmod 775 "./postgres-data"
fi
- run:
name: Deploy Kubernetes (kind) cluster
command: |
nix-shell \
--run "ctlptl apply --filename ./.circleci/deployment/cluster-config.yaml" \
./.circleci/deployment/helm-chart-shell.nix
- run:
name: Deploy Kubernetes resources to cluster
command: |
nix-shell \
--run "tilt ci --file ./.circleci/deployment/Tiltfile.helm --context kind-speckle-server --timeout 10m" \
./.circleci/deployment/helm-chart-shell.nix
docker-build: &build-job
docker: &docker-image
- image: cimg/python:3.9.15-node
.circleci/deployment/Tiltfile.ci
+41
View File
@@ -0,0 +1,41 @@
# In CI environment we expect the Images to exist as tarball files in the workspace
# We need to docker load them into the kind registry and reference these resources
# The referenced resources can then be deployed by the Helm Chart
load('ext://helm_resource', 'helm_resource', 'helm_repo')
def docker_load(name, filename=None, existing_ref=None, deps=None):
if not name:
fail('name must be specified')
if not filename:
fail('filename must be specified')
if not existing_ref:
fail('existing_tag must be specified')
return custom_build(name,
'echo "Loading {DOCKER_FILE_NAME} into local docker cache" && \
docker load --input "/tmp/ci/workspace/{DOCKER_FILE_NAME}" && \
echo "Tagging {EXISTING_REF} as $EXPECTED_REF" && \
docker tag "{EXISTING_REF}" "$EXPECTED_REF"'.format(DOCKER_FILE_NAME=filename, EXISTING_REF=existing_ref),
deps=deps)
def speckle_image(package):
if not package:
fail('package must be specified')
image_version_tag = os.getenv('IMAGE_VERSION_TAG')
if not image_version_tag:
image_version_tag=os.getenv('CIRCLE_SHA1')
if not image_version_tag:
fail('IMAGE_VERSION_TAG or CIRCLE_SHA1 must be specified.')
workspace='/tmp/ci/workspace'
docker_image_tag = 'speckle/speckle-{}'.format(package)
existing_ref = '{}:{}'.format(docker_image_tag, image_version_tag)
docker_file_name = "".join([ c if c.isalnum() or c=='-' or c=='_' or c=='.' else "_" for c in existing_ref.elems() ])
return docker_load(docker_image_tag,
filename=docker_file_name,
existing_ref=existing_ref,
deps=[workspace])
.circleci/deployment/Tiltfile.dockercompose
+41
View File
@@ -0,0 +1,41 @@
print('🚀 Deploying Speckle Server into Docker via Tilt...')
symbols = None
IS_CI = os.getenv('CI', "false") == "true"
if IS_CI:
symbols = load_dynamic('./Tiltfile.ci')
else:
symbols = load_dynamic('./Tiltfile.local')
# Prepare the Speckle images
# (loads the images from tgz file if CI, otherwise builds them or pulls them from remote as a fallback on non-amd64 machines)
speckle_image = symbols['speckle_image']
speckle_image('fileimport-service')
speckle_image('frontend-2')
speckle_image('docker-compose-ingress')
# speckle_image('monitor-deployment')
speckle_image('preview-service')
speckle_image('server')
speckle_image('test-deployment')
speckle_image('webhook-service')
# Prepare the dependencies
docker_compose('../../docker-compose-deps.yml')
dc_resource('postgres', labels=['dependencies'])
dc_resource('redis', labels=['dependencies'])
dc_resource('minio', labels=['dependencies'])
dc_resource('maildev', labels=['dependencies'])
dc_resource('postgres', labels=['dependencies'])
# Prepare the Speckle resources
docker_compose('../../docker-compose-speckle.yml')
dc_resource('speckle-server', resource_deps=['postgres', 'redis', 'minio', 'maildev'], labels=['speckle'])
dc_resource('speckle-frontend-2', resource_deps=[], labels=['speckle'])
dc_resource('speckle-ingress', resource_deps=[], labels=['speckle'])
dc_resource('preview-service', resource_deps=['postgres'], labels=['speckle'])
dc_resource('fileimport-service', resource_deps=[], labels=['speckle'])
dc_resource('webhook-service', resource_deps=['postgres'], labels=['speckle'])
# Test the Speckle resources
docker_compose('../../docker-compose-test.yml')
dc_resource('test', resource_deps=['speckle-server', 'speckle-frontend-2'], labels=['test']) # --exit-code-from test
.circleci/deployment/Tiltfile.helm
+148
View File
@@ -0,0 +1,148 @@
print('🚀 Deploying Speckle Server into a Kind Cluster via Tilt...')
# we limit tilt to run only on the kind cluster
allow_k8s_contexts(['kind-speckle-server'])
if k8s_context() != 'kind-speckle-server':
fail('Failing early as tilt should only ever connect to kind-speckle-server.')
# Install extensions
load('ext://helm_resource', 'helm_resource', 'helm_repo')
load('ext://k8s_yaml_glob', 'k8s_yaml_glob')
symbols = None
IS_CI = os.getenv('CI', "false") == "true"
if IS_CI:
symbols = load_dynamic('./Tiltfile.ci')
else:
symbols = load_dynamic('./Tiltfile.local')
# Prepare the Speckle images
# (loads the images from tgz file if CI, otherwise builds them or pulls them from remote as a fallback on non-amd64 machines)
speckle_image = symbols['speckle_image']
speckle_image('fileimport-service')
speckle_image('frontend-2')
speckle_image('monitor-deployment')
speckle_image('preview-service')
speckle_image('server')
speckle_image('test-deployment')
speckle_image('webhook-service')
# Create namespaces
k8s_yaml_glob('./manifests/*.namespace.yaml')
# Install volumes
k8s_yaml('./manifests/postgres.pv.yaml')
k8s_yaml('./manifests/postgres.pvc.yaml')
k8s_yaml('./manifests/minio.pv.yaml')
k8s_yaml('./manifests/minio.pvc.yaml')
# Update CoreDNS to allow for local resolution of services internally (i.e. speckle.internal will be routed to nginx)
local(command='./coredns-up.sh')
# Install speckle pod-priority and secrets
k8s_yaml('./manifests/priorityclass.yaml')
k8s_yaml('./manifests/speckle-server.secret.yaml')
# Install charts
helm_resource('postgresql',
release_name='postgresql',
namespace='postgres',
chart='oci://registry-1.docker.io/bitnamicharts/postgresql',
flags=['--version=^12.0.0',
'--values=./values/postgres.values.yaml',
'--kube-context=kind-speckle-server'],
labels=['speckle-dependencies'])
helm_resource('minio',
release_name='minio',
namespace='minio',
chart='oci://registry-1.docker.io/bitnamicharts/minio',
flags=['--version=^12.0.0',
'--values=./values/minio.values.yaml',
'--kube-context=kind-speckle-server'],
labels=['speckle-dependencies'])
helm_resource('redis',
release_name='redis',
namespace='redis',
chart='oci://registry-1.docker.io/bitnamicharts/redis',
flags=['--version=18.7.1',
'--values=./values/redis.values.yaml',
'--kube-context=kind-speckle-server'],
labels=['speckle-dependencies'])
#FIXME this helm chart does not deploy any containers, so tilt incorrectly believes it never gets to a final state
# helm_repo('prometheus-repo',
# 'https://prometheus-community.github.io/helm-charts')
# helm_resource('prometheus',
# release_name='prometheus-operator-crds',
# namespace='prometheus',
# resource_deps=['prometheus-repo'],
# chart='prometheus-repo/prometheus-operator-crds',
# flags=['--version=^7.0.0',
# '--values=./values/prometheus-operator-crds.values.yaml',
# '--kube-context=kind-speckle-server'])
helm_repo('ingress-nginx-repo',
'https://kubernetes.github.io/ingress-nginx')
#nginx should be deployed as the last dependency as it opens ports to services
#it expects these services to exist, which are created by the helm charts above
helm_resource('ingress-nginx',
release_name='ingress-nginx',
namespace='ingress-nginx',
chart='ingress-nginx-repo/ingress-nginx',
flags=['--version=^4.8.0',
'--values=./values/nginx.values.yaml',
'--kube-context=kind-speckle-server'],
resource_deps=['postgresql', 'minio', 'redis', 'ingress-nginx-repo'],
labels=['speckle-dependencies'])
# Uncomment the below, and comment out the other helm_resource('speckle-server'...) to use the speckle-server helm chart
# helm_repo('speckle-server-repo',
# 'https://specklesystems.github.io/helm')
# helm_resource('speckle-server',
# release_name='speckle-server',
# namespace='speckle-server',
# chart='speckle-server-repo/speckle-server',
# deps=['./values/speckle-server.values.yaml'],
# resource_deps=['postgresql', 'minio', 'redis', 'ingress-nginx','speckle-server-repo'],
# flags=['--values=./values/speckle-server.values.yaml', '--devel'],
# labels=['speckle-server'])
helm_resource('speckle-server',
release_name='speckle-server',
namespace='speckle-server',
chart='./../../utils/helm/speckle-server',
flags=['--values=./values/speckle-server.values.yaml',
'--kube-context=kind-speckle-server'],
image_deps=[
'speckle/speckle-fileimport-service',
'speckle/speckle-frontend-2',
'speckle/speckle-monitor-deployment',
'speckle/speckle-preview-service',
'speckle/speckle-server',
'speckle/speckle-test-deployment',
'speckle/speckle-webhook-service',
],
image_keys=[
'fileimport_service.image',
'frontend_2.image',
'monitor.image',
'preview_service.image',
'server.image',
'test.image',
'webhook_service.image',
],
deps=['../../utils/helm', './values/speckle-server.values.yaml'],
resource_deps=['postgresql', 'minio', 'redis', 'ingress-nginx'],
labels=['speckle-server'])
# TODO this is not yet working as it is expecting the updated version of the test container which is not yet released as of 2.17.16
# local_resource('speckle-server-helm-chart-test',
# # HACK until https://github.com/helm/helm/issues/11236 is fixed. Then replace with --logs flag.
# cmd='helm test speckle-server --namespace=speckle-server --kube-context=kind-speckle-server || \
# (kubectl describe pod --selector="job-name=speckle-test" --namespace speckle-server --context=kind-speckle-server && \
# kubectl logs -n speckle-server -l "job-name=speckle-test" -c test-deployment --context kind-speckle-server --since=0s && \
# exit 1)',
# resource_deps=['speckle-server'])
.circleci/deployment/Tiltfile.local
+11
View File
@@ -0,0 +1,11 @@
# Build each Dockerfile and reference resource for use in the primary Tiltfile
# The referenced resources can then be deployed by the Helm Chart
def speckle_image(package):
package_dir = 'packages/{}'.format(package)
if package == 'test-deployment' or package == 'monitor-deployment' or package == 'docker-compose-ingress':
package_dir = 'utils/{}'.format(package)
docker_build('speckle/speckle-{}'.format(package),
context='../..',
dockerfile='../../{}/Dockerfile'.format(package_dir),
platform='linux/amd64')
.circleci/deployment/cluster-config.yaml
+45
View File
@@ -0,0 +1,45 @@
apiVersion: ctlptl.dev/v1alpha1
kind: Registry
name: ctlptl-registry
port: 5000
---
apiVersion: ctlptl.dev/v1alpha1
kind: Cluster
product: kind
registry: ctlptl-registry
name: kind-speckle-server
kindV1Alpha4Cluster:
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraMounts:
- hostPath: ./postgres-data #FIXME the relative paths are liable to break
containerPath: /postgres-volume
- hostPath: ./minio-data #FIXME the relative paths are liable to break
containerPath: /minio-volume
extraPortMappings:
- containerPort: 80
hostPort: 80 # Docker requires privileged ports binding permissions https://docs.docker.com/desktop/mac/permission-requirements/#binding-privileged-ports
protocol: TCP
listenAddress: '127.0.0.1' #DO NOT REMOVE - this is required to prevent access from the local network or the world!!!
- containerPort: 443
hostPort: 443 # Docker requires privileged ports binding permissions https://docs.docker.com/desktop/mac/permission-requirements/#binding-privileged-ports
protocol: TCP
listenAddress: '127.0.0.1' #DO NOT REMOVE - this is required to prevent access from the local network or the world!!!
- containerPort: 5433
hostPort: 5433
protocol: TCP
listenAddress: '127.0.0.1' #DO NOT REMOVE - this is required to prevent access from the local network or the world!!!
- containerPort: 6380
hostPort: 6380
protocol: TCP
listenAddress: '127.0.0.1' #DO NOT REMOVE - this is required to prevent access from the local network or the world!!!
- containerPort: 9002
hostPort: 9002
protocol: TCP
listenAddress: '127.0.0.1' #DO NOT REMOVE - this is required to prevent access from the local network or the world!!!
.circleci/deployment/coredns-up.sh
Executable
+5
View File
@@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -eou pipefail
kubectl apply --filename="./manifests/coredns.configmap.yaml" --context="kind-speckle-server"
kubectl --context="kind-speckle-server" --namespace="kube-system" rollout restart deployment/coredns
kubectl --context="kind-speckle-server" --namespace="kube-system" rollout status deployment "coredns" --timeout=90s
.circleci/deployment/docker-compose-shell.nix
+8
View File
@@ -0,0 +1,8 @@
{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/5b7cd5c39befee629be284970415b6eb3b0ff000.tar.gz") {} }:
pkgs.mkShell {
buildInputs = [
pkgs.docker
pkgs.tilt
];
}
.circleci/deployment/helm-chart-shell.nix
+25
View File
@@ -0,0 +1,25 @@
{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/5b7cd5c39befee629be284970415b6eb3b0ff000.tar.gz") {} }:
let
corepack = pkgs.stdenv.mkDerivation {
name = "corepack";
buildInputs = [ pkgs.nodejs-18_x ];
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
corepack enable --install-directory=$out/bin
'';
};
in pkgs.mkShell {
buildInputs = [
pkgs.docker
pkgs.kind
pkgs.kubectl
pkgs.nodejs-18_x
pkgs.ctlptl
pkgs.crane
pkgs.kubernetes-helm
pkgs.tilt
corepack
];
}
.circleci/deployment/manifests/coredns.configmap.yaml
+28
View File
@@ -0,0 +1,28 @@
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
rewrite name speckle.internal ingress-nginx-controller.ingress-nginx.svc.cluster.local.
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
.circleci/deployment/manifests/ingress-nginx.namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: 'ingress-nginx'
.circleci/deployment/manifests/minio.namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: 'minio'
.circleci/deployment/manifests/minio.pv.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv
namespace: minio
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
capacity:
storage: 2Gi
hostPath:
path: /minio-volume
.circleci/deployment/manifests/minio.pvc.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: minio
spec:
volumeName: minio-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
.circleci/deployment/manifests/postgres.namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: 'postgres'
.circleci/deployment/manifests/postgres.pv.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-pv
namespace: postgres
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
capacity:
storage: 2Gi
hostPath:
path: /postgres-volume
.circleci/deployment/manifests/postgres.pvc.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: postgres
spec:
volumeName: postgres-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
.circleci/deployment/manifests/priorityclass.yaml
+23
View File
@@ -0,0 +1,23 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: high-priority
value: 100
globalDefault: false
description: 'High priority (100) for business-critical services'
---
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: medium-priority
value: 50
globalDefault: true
description: 'Medium priority (50) - dev/test services'
---
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: low-priority
value: -100
globalDefault: false
description: 'Low priority (-100) - Non-critical microservices'
.circleci/deployment/manifests/prometheus.namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: 'prometheus'
.circleci/deployment/manifests/redis.namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: 'redis'
.circleci/deployment/manifests/speckle-server.namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: 'speckle-server'
.circleci/deployment/manifests/speckle-server.secret.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: v1
data:
s3_secret_key: 'bWluaW9hZG1pbg=='
session_secret: 'c3BvcmtsZXNzcHJlY2tsZXNzcGVrbGU='
redis_url: 'cmVkaXM6Ly86cmVkaXNAcmVkaXMtbWFzdGVyLnJlZGlzLnN2Yy5jbHVzdGVyLmxvY2FsOjYzNzk='
postgres_url: 'cG9zdGdyZXNxbDovL3NwZWNrbGU6c3BlY2tsZUBwb3N0Z3Jlc3FsLnBvc3RncmVzLnN2Yy5jbHVzdGVyLmxvY2FsOjU0MzIvc3BlY2tsZQo='
kind: Secret
metadata:
name: server-vars
namespace: speckle-server
type: Opaque
.circleci/deployment/values/minio.values.yaml
+11
View File
@@ -0,0 +1,11 @@
defaultBuckets: 'speckle-server'
auth:
rootUser: minioadmin
rootPassword: minioadmin
image:
debug: true
persistence:
enabled: true
existingClaim: minio-pvc
volumePermissions:
enabled: true
.circleci/deployment/values/nginx.values.yaml
+9
View File
@@ -0,0 +1,9 @@
controller:
# We must set the kind cluster listen address for every port to '127.0.0.1' when hostNetwork is true, see ./deploy/local/cluster-config.yaml
hostNetwork: true
admissionWebhooks:
enabled: false
tcp:
5433: 'postgres/postgresql:5432'
6380: 'redis/redis-master:6379'
9002: 'minio/minio:9000'
.circleci/deployment/values/postgres.values.yaml
+37
View File
@@ -0,0 +1,37 @@
image:
debug: true
volumePermissions:
enabled: true
primary:
auth:
username: postgres
password: postgres
database: postgres
persistence:
enabled: true
existingClaim: postgres-pvc
initdb:
scripts:
00_speckleserver_database.sql: |
-- Speckle
CREATE USER speckle WITH PASSWORD 'speckle';
CREATE DATABASE speckle
WITH
OWNER = speckle;
GRANT ALL PRIVILEGES ON DATABASE speckle TO speckle;
GRANT ALL ON SCHEMA public TO speckle;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO speckle;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO speckle;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO speckle;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO speckle;
-- End Speckle
-- Speckle Server Tests
CREATE DATABASE speckle2_test
WITH
OWNER = speckle
ENCODING = 'UTF8'
LC_COLLATE = 'en_US.UTF-8'
LC_CTYPE = 'en_US.UTF-8'
TABLESPACE = pg_default
CONNECTION LIMIT = -1;
-- End Speckle Server Tests
.circleci/deployment/values/prometheus-operator-crds.values.yaml
View File
.circleci/deployment/values/redis.values.yaml
+3
View File
@@ -0,0 +1,3 @@
architecture: standalone
auth:
password: redis
.circleci/deployment/values/speckle-server.values.yaml
+55
View File
@@ -0,0 +1,55 @@
namespace: speckle-server
create_namespace: false
ssl_canonical_url: true
domain: speckle.internal
cert_manager_issuer: letsencrypt-staging
analytics:
enabled: false
tlsRejectUnauthorized: '0'
server:
replicas: 1
# session_secret: secret -> `session_secret`
auth:
local:
enabled: true
logLevel: debug
email:
enabled: false
speckleAutomateUrl: http://automate.speckle.internal # value is overridden when deployed with by ./scripts/local_deployment.sh
monitoring:
mp:
enabled: false
disable_tracking: true
disable_tracing: true
frontend_2:
enabled: true
preview_service:
replicas: 0
webhook_service:
replicas: 0
fileimport_service:
replicas: 0
monitoring:
replicas: 0
s3:
endpoint: 'http://minio.minio.svc.cluster.local:9000'
bucket: 'speckle-server'
access_key: minioadmin
# secret_key: secret -> s3_secret_key
#redis:
# redis_url: secret -> redis_url
db:
PGSSLMODE: 'disable'
helm_test_enabled: true
.gitguardian.yml
+4
View File
@@ -4,4 +4,8 @@ secret:
ignored-matches:
- match: acd87c5a50b56df91a795e999812a3a4
name: 'packages/frontend/src/bootstrapper.ts - mixpanel token'
- match: c7bf45ffe02afaae52c8e37cdb1ae33165370be3b44a5da43e8cba43c7da5f33
name: '.circleci/deployment/manifests/speckle-server.secret.yaml - test s3_secret_key'
- match: 9f1d96876edbf847bb792754025ed131374869e60866d5e9c349c9423b37dd09
name: '.circleci/deployment/manifests/speckle-server.secret.yaml - test session_secret'
version: 2
docker-compose-test.yml
+23
View File
@@ -0,0 +1,23 @@
version: '2.4'
services:
test:
build:
context: .
dockerfile: ./utils/test-deployment/Dockerfile
image: speckle/speckle-test-deployment:local
network_mode: 'host'
environment:
SPECKLE_SERVER: http://127.0.0.1 # this is the canonical url
SERVER_VERSION: 2
FRONTEND_VERSION: '2'
VERIFY_CERTIFICATE: '0'
restart: 'no'
# It wasn't clear that the test was just being deployed or was actually running to completion before docker compose up was exiting.
# This service is a hack to make docker compose wait for the test to finish before exiting.
confirm_test_finished:
image: busybox
command: sh -c "echo '✅ Deployment of test completed successfully!'"
depends_on:
test:
condition: service_completed_successfully
package.json
+5
View File
@@ -22,6 +22,11 @@
"dev:docker": "docker compose -f ./docker-compose-deps.yml",
"dev:docker:up": "docker compose -f ./docker-compose-deps.yml up -d",
"dev:docker:down": "docker compose -f ./docker-compose-deps.yml down",
"dev:kind:up": "ctlptl apply --filename ./.circleci/deployment/cluster-config.yaml",
"dev:kind:down": "ctlptl delete -f ./.circleci/deployment/cluster-config.yaml",
"dev:kind:helm:up": "yarn dev:kind:up && tilt up --file ./.circleci/deployment/Tiltfile.helm --context kind-speckle-server",
"dev:kind:helm:down": "tilt down --file ./.circleci/deployment/Tiltfile.helm --context kind-speckle-server",
"dev:kind:helm:ci": "tilt ci --file ./.circleci/deployment/Tiltfile.helm --context kind-speckle-server --timeout 10m",
"dev": "yarn workspaces foreach -piv -j unlimited run dev",
"dev:no-server": "yarn workspaces foreach --exclude @speckle/server -piv -j unlimited run dev",
"dev:minimal": "yarn workspaces foreach -piv -j unlimited --include '{@speckle/server,@speckle/frontend,@speckle/shared}' run dev",
utils/helm/speckle-server/templates/fileimport_service/deployment.yml
+1 -1
View File
@@ -21,7 +21,7 @@ spec:
spec:
containers:
- name: main
image: speckle/speckle-fileimport-service:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-fileimport-service:%s" .Values.docker_image_tag) .Values.fileimport_service.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
ports:
utils/helm/speckle-server/templates/frontend/deployment.yml
+1 -1
View File
@@ -21,7 +21,7 @@ spec:
spec:
containers:
- name: main
image: speckle/speckle-frontend:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-frontend:%s" .Values.docker_image_tag) .Values.frontend.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
ports:
utils/helm/speckle-server/templates/frontend_2/deployment.yml
+7 -4
View File
@@ -20,7 +20,7 @@ spec:
spec:
containers:
- name: main
image: speckle/speckle-frontend-2:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-frontend-2:%s" .Values.docker_image_tag) .Values.frontend_2.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
ports:
@@ -48,17 +48,20 @@ spec:
port: www
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health
port: www
failureThreshold: 1
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
env:
env:
- name: FILE_SIZE_LIMIT_MB
value: {{ .Values.file_size_limit_mb | quote }}
- name: NUXT_PUBLIC_API_ORIGIN
utils/helm/speckle-server/templates/monitoring/deployment.yml
+1 -1
View File
@@ -20,7 +20,7 @@ spec:
spec:
containers:
- name: main
image: speckle/speckle-monitor-deployment:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-monitor-deployment:%s" .Values.docker_image_tag) .Values.monitoring.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
ports:
utils/helm/speckle-server/templates/preview_service/deployment.yml
+1 -1
View File
@@ -20,7 +20,7 @@ spec:
spec:
containers:
- name: main
image: speckle/speckle-preview-service:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-preview-service:%s" .Values.docker_image_tag) .Values.preview_service.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
ports:
utils/helm/speckle-server/templates/server/deployment.yml
+1 -1
View File
@@ -20,7 +20,7 @@ spec:
spec:
containers:
- name: main
image: speckle/speckle-server:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-server:%s" .Values.docker_image_tag) .Values.server.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args: #overwrites the Dockerfile CMD statement
{{- if .Values.server.inspect.enabled }}
utils/helm/speckle-server/templates/tests/deployment.yml
+4 -4
View File
@@ -17,19 +17,19 @@ spec:
spec:
containers:
- name: test-deployment
image: speckle/speckle-test-deployment:{{ .Values.docker_image_tag }}
image: {{ default (printf "speckle/speckle-test-deployment:%s" .Values.docker_image_tag) .Values.test.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: SPECKLE_SERVER
value: https://{{ .Values.domain }}
- name: SERVER_VERSION
value: {{ .Values.docker_image_tag }}
value: {{ .Values.docker_image_tag | quote}}
- name: FRONTEND_VERSION
{{- if .Values.frontend_2.enabled }}
value: "2"
value: {{ "2" | quote }}
{{- else }}
value: "1"
value: {{ "1" | quote }}
{{- end }}
- name: VERIFY_CERTIFICATE
value: {{ (default "1" .Values.tlsRejectUnauthorized) | quote }}
utils/helm/speckle-server/values.schema.json
+40
View File
@@ -466,6 +466,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Server component. If blank, defaults to speckle/speckle-server:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"onboarding": {
"type": "object",
"properties": {
@@ -1217,6 +1222,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Frontend component. If blank, defaults to speckle/speckle-frontend:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"requests": {
"type": "object",
"properties": {
@@ -1294,6 +1304,11 @@
"frontend_2": {
"type": "object",
"properties": {
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Frontend 2 component. If blank, defaults to speckle/speckle-frontend-2:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"logClientApiToken": {
"type": "string",
"description": "SEQ API token",
@@ -1406,6 +1421,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Preview Service component. If blank, defaults to speckle/speckle-preview-service:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"requests": {
"type": "object",
"properties": {
@@ -1493,6 +1513,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Webhook Service component. If blank, defaults to speckle/speckle-webhook-service:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"requests": {
"type": "object",
"properties": {
@@ -1580,6 +1605,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle FileImport Service component. If blank, defaults to speckle/speckle-fileimport-service:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"requests": {
"type": "object",
"properties": {
@@ -1672,6 +1702,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Monitoring component. If blank, defaults to speckle/speckle-monitoring-deployment:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"requests": {
"type": "object",
"properties": {
@@ -1759,6 +1794,11 @@
"description": "The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent",
"default": "info"
},
"image": {
"type": "string",
"description": "The Docker image to be used for the Speckle Test component. If blank, defaults to speckle/speckle-test-deployment:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.",
"default": ""
},
"requests": {
"type": "object",
"properties": {
utils/helm/speckle-server/values.yaml
+37
View File
@@ -376,6 +376,11 @@ server:
## @param server.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param server.image The Docker image to be used for the Speckle Server component. If blank, defaults to speckle/speckle-server:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
onboarding:
## @param server.onboarding.stream_url The (cross-server) URL to the project/stream that should be used as the onboarding project base.
##
@@ -792,6 +797,11 @@ frontend:
## @param frontend.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param frontend.image The Docker image to be used for the Speckle Frontend component. If blank, defaults to speckle/speckle-frontend:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
requests:
## @param frontend.requests.cpu The CPU that should be available on a node when scheduling this pod.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -849,6 +859,9 @@ frontend:
## @descriptionEnd
##
frontend_2:
## @param frontend_2.image The Docker image to be used for the Speckle Frontend 2 component. If blank, defaults to speckle/speckle-frontend-2:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
## @param frontend_2.logClientApiToken SEQ API token
##
logClientApiToken: ''
@@ -927,6 +940,11 @@ preview_service:
## @param preview_service.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param preview_service.image The Docker image to be used for the Speckle Preview Service component. If blank, defaults to speckle/speckle-preview-service:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
requests:
## @param preview_service.requests.cpu The CPU that should be available on a node when scheduling this pod.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -990,6 +1008,10 @@ webhook_service:
## @param webhook_service.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param webhook_service.image The Docker image to be used for the Speckle Webhook Service component. If blank, defaults to speckle/speckle-webhook-service:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
requests:
## @param webhook_service.requests.cpu The CPU that should be available on a node when scheduling this pod.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -1053,6 +1075,11 @@ fileimport_service:
## @param fileimport_service.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param fileimport_service.image The Docker image to be used for the Speckle FileImport Service component. If blank, defaults to speckle/speckle-fileimport-service:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
requests:
## @param fileimport_service.requests.cpu The CPU that should be available on a node when scheduling this pod.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -1122,6 +1149,11 @@ monitoring:
## @param monitoring.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param monitoring.image The Docker image to be used for the Speckle Monitoring component. If blank, defaults to speckle/speckle-monitoring-deployment:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
requests:
## @param monitoring.requests.cpu The CPU that should be available on a node when scheduling this pod.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -1187,6 +1219,11 @@ test:
## @param test.logLevel The minimum level of logs which will be output. Suitable values are trace, debug, info, warn, error, fatal, or silent
##
logLevel: 'info'
## @param test.image The Docker image to be used for the Speckle Test component. If blank, defaults to speckle/speckle-test-deployment:{{ .Values.docker_image_tag }}. If provided, this value should be the full path including tag. The docker_image_tag value will be ignored.
##
image: ''
requests:
## @param test.requests.cpu The CPU that should be available on a node when scheduling this pod.
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/