olehborysevych commented on code in PR #23208: URL: https://github.com/apache/beam/pull/23208#discussion_r981084865
########## .github/workflows/playground_deploy_backend_gke.yml: ########## @@ -0,0 +1,65 @@ +name: kuber-bkend +on: + push: + +env: + BEAM_ROOT_DIR: ../../ + BEAM_EXAMPLE_CATEGORIES: ../categories.yaml + BEAM_VERSION: 2.40.0 + K8S_NAMESPACE: playground-backend Review Comment: why this is still hardcoded here? this should depend on environment i guess ########## playground/infrastructure/helm-backend/values.yaml: ########## @@ -0,0 +1,36 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +replicaCount: 1 +image: + java_image: beam_playground-backend-java + go_image: beam_playground-backend-go + router_image: beam_playground-backend-router + scio_image: beam_playground-backend-scio + python_image: beam_playground-backend-python + pullPolicy: Always + tag: "beta" Review Comment: @MakarkinSAkvelon this is somewhat unclear. I know this is how it is done now but still... ########## playground/terraform/infrastructure/gke/variables.tf: ########## @@ -42,7 +42,6 @@ variable "name" { variable "location" { description = "Location of GKE cluster" - default = "us-central1-a" Review Comment: @MakarkinSAkvelon also please note that location is still hardcoded for container registry. It's not present in PR but i think it's a bad idea to potentially have registry in different location ########## playground/terraform/environment/beta/state.tfbackend: ########## @@ -17,4 +17,4 @@ # under the License. # -bucket = "beam_playground_terraform" +bucket = "pg-second" Review Comment: @MakarkinSAkvelon is this needed at all? ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created +* Service account with the following roles should be created: + - App Engine Admin + - App Engine Creator + - Artifact Registry Administrator + - Cloud Memorystore Redis Admin + - Compute Admin + - Create Service Accounts + - Kubernetes Engine Admin + - Quota Administrator + - Role Administrator + - Security Admin + - Service Account User + - Storage Admin + - Cloud Datastore Index Admin +* Following APIs should be enabled: + - Identity and Access Management (IAM) + - Compute Engine API + - App Engine Admin API + - Cloud Resource Manager API + +* Make necessary changes in `playground/terraform/environment/beta/terraform.tfvars` file: ``` - -## 1. Create new environment - -To provide information about the terraform backend, run the following commands - -* New environment folder - -```bash -mkdir /path/to/beam/playground/terraform/environment/{env-name} +network_name = "network_name" #Choose network name +project_id = "project_id" #Input project ID +gke_name = "playground-backend" #Define GKE name +region = "us-east1" #Choose region +pg_location = "us-east1-b" #Choose location (should be in the region) +state_bucket = "bucket_name" #Input bucket name +bucket_examples_name = "bucket_name-example" #Input example bucket name ``` - -* Backend config - -```bash -echo 'bucket = "put your state bucket name here"' > /path/to/beam/playground/terraform/environment/{env-name}/state.tfbackend +* Make necessary changes in `playground/terraform/environment/beta/state.tfbackend` file: ``` - -* Terraform variables config and provide necessary variables - -```bash -touch /path/to/beam/playground/terraform/environment/{env-name}/terraform.tfvars +bucket = "bucket_name" #input bucket name (will be used for tfstate file) ``` - -Then provide necessary variables. - -## 2. Provision infrastructure - -To deploy Playground infrastructure run gradle task: - -```bash -./gradlew playground:terraform:InitInfrastructure -Pproject_environment="env-name" +* Export GOOGLE_APPLICATION_CREDENTIALS using following command: ``` - -## 3. Deploy application - -To deploy application run following steps: - -* Authinticate in Artifact registry - -```bash -gcloud auth configure-docker us-central1-docker.pkg.dev + export GOOGLE_APPLICATION_CREDENTIALS=`your json key locaton` ``` - -* Вeploy backend services - -```bash -./gradlew playground:terraform:deployBackend -Pproject_environment="env-name" -Pdocker-tag="tag" +* Activate created service account using following command: +``` + gcloud auth activate-service-account `full principal service account` --key-file=`your json key locaton` Review Comment: we need service account name here? actually if we are using json key the service account name could be omited ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created +* Service account with the following roles should be created: + - App Engine Admin + - App Engine Creator + - Artifact Registry Administrator + - Cloud Memorystore Redis Admin + - Compute Admin + - Create Service Accounts + - Kubernetes Engine Admin + - Quota Administrator + - Role Administrator + - Security Admin + - Service Account User + - Storage Admin + - Cloud Datastore Index Admin +* Following APIs should be enabled: + - Identity and Access Management (IAM) + - Compute Engine API + - App Engine Admin API + - Cloud Resource Manager API + +* Make necessary changes in `playground/terraform/environment/beta/terraform.tfvars` file: ``` - -## 1. Create new environment - -To provide information about the terraform backend, run the following commands - -* New environment folder - -```bash -mkdir /path/to/beam/playground/terraform/environment/{env-name} +network_name = "network_name" #Choose network name +project_id = "project_id" #Input project ID +gke_name = "playground-backend" #Define GKE name +region = "us-east1" #Choose region +pg_location = "us-east1-b" #Choose location (should be in the region) +state_bucket = "bucket_name" #Input bucket name +bucket_examples_name = "bucket_name-example" #Input example bucket name ``` - -* Backend config - -```bash -echo 'bucket = "put your state bucket name here"' > /path/to/beam/playground/terraform/environment/{env-name}/state.tfbackend +* Make necessary changes in `playground/terraform/environment/beta/state.tfbackend` file: ``` - -* Terraform variables config and provide necessary variables - -```bash -touch /path/to/beam/playground/terraform/environment/{env-name}/terraform.tfvars +bucket = "bucket_name" #input bucket name (will be used for tfstate file) ``` - -Then provide necessary variables. - -## 2. Provision infrastructure - -To deploy Playground infrastructure run gradle task: - -```bash -./gradlew playground:terraform:InitInfrastructure -Pproject_environment="env-name" +* Export GOOGLE_APPLICATION_CREDENTIALS using following command: ``` - -## 3. Deploy application - -To deploy application run following steps: - -* Authinticate in Artifact registry - -```bash -gcloud auth configure-docker us-central1-docker.pkg.dev + export GOOGLE_APPLICATION_CREDENTIALS=`your json key locaton` ``` - -* Вeploy backend services - -```bash -./gradlew playground:terraform:deployBackend -Pproject_environment="env-name" -Pdocker-tag="tag" +* Activate created service account using following command: +``` + gcloud auth activate-service-account `full principal service account` --key-file=`your json key locaton` +``` +* Install kubectl: +``` + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" &&\ + chmod +x kubectl &&\ + mv kubectl /usr/local/bin/ +``` +* Install Helm: +``` + curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 &&\ + chmod 700 get_helm.sh &&\ + ./get_helm.sh +``` +# Infrastructure deployment: +* Run following command for infrastructure deployment (please be sure that you are in the "beam" folder): +``` +./gradlew playground:terraform:InitInfrastructure -Pproject_environment="beta" +``` +# Backend deployment: +* Login to Docker registry: +``` + cat `your json key locaton` | docker login -u _json_key --password-stdin https://`chosen_region`-docker.pkg.dev +``` +* Login to GKE +``` +gcloud container clusters get-credentials --region `chosen_pg_location` `gke_name` --project `project_id` +``` +* Database index creation: +``` +gcloud app deploy playground/index.yaml --project=`project_id` +``` +* Run following command for backend deployment (please be sure that you are in the "beam" folder): +``` +./gradlew playground:terraform:gkebackend -Pproject_environment="beta" -Pdocker-tag="beta" Review Comment: do we need both parameters? Does it make sense to pass different values here? ########## .github/workflows/playground_deploy_backend_gke.yml: ########## @@ -0,0 +1,65 @@ +name: kuber-bkend +on: + push: Review Comment: @MakarkinSAkvelon maybe we need to switch to manual event? ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created +* Service account with the following roles should be created: + - App Engine Admin + - App Engine Creator + - Artifact Registry Administrator + - Cloud Memorystore Redis Admin + - Compute Admin + - Create Service Accounts + - Kubernetes Engine Admin + - Quota Administrator + - Role Administrator + - Security Admin + - Service Account User + - Storage Admin + - Cloud Datastore Index Admin +* Following APIs should be enabled: + - Identity and Access Management (IAM) + - Compute Engine API + - App Engine Admin API + - Cloud Resource Manager API + +* Make necessary changes in `playground/terraform/environment/beta/terraform.tfvars` file: ``` - -## 1. Create new environment - -To provide information about the terraform backend, run the following commands - -* New environment folder - -```bash -mkdir /path/to/beam/playground/terraform/environment/{env-name} +network_name = "network_name" #Choose network name +project_id = "project_id" #Input project ID +gke_name = "playground-backend" #Define GKE name +region = "us-east1" #Choose region +pg_location = "us-east1-b" #Choose location (should be in the region) +state_bucket = "bucket_name" #Input bucket name +bucket_examples_name = "bucket_name-example" #Input example bucket name ``` - -* Backend config - -```bash -echo 'bucket = "put your state bucket name here"' > /path/to/beam/playground/terraform/environment/{env-name}/state.tfbackend +* Make necessary changes in `playground/terraform/environment/beta/state.tfbackend` file: ``` - -* Terraform variables config and provide necessary variables - -```bash -touch /path/to/beam/playground/terraform/environment/{env-name}/terraform.tfvars +bucket = "bucket_name" #input bucket name (will be used for tfstate file) Review Comment: why do we have to provide this bucket name twice? ########## playground/terraform/infrastructure/appengine/main.tf: ########## @@ -0,0 +1,52 @@ +resource "google_app_engine_application" "app_playground" { + project = var.project_id + location_id = var.region + database_type = "CLOUD_DATASTORE_COMPATIBILITY" +} + +resource "google_project_service" "firestore" { + project = var.project_id + service = "firestore.googleapis.com" + disable_dependent_services = true + depends_on = [ + google_app_engine_application.app_playground + ] +} + +resource "google_app_engine_flexible_app_version" "default_app" { Review Comment: @MakarkinSAkvelon not sure we need this ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created Review Comment: Please add some info regarding what is the purpose of this bucket ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created +* Service account with the following roles should be created: + - App Engine Admin + - App Engine Creator + - Artifact Registry Administrator + - Cloud Memorystore Redis Admin + - Compute Admin + - Create Service Accounts + - Kubernetes Engine Admin + - Quota Administrator + - Role Administrator + - Security Admin + - Service Account User + - Storage Admin + - Cloud Datastore Index Admin +* Following APIs should be enabled: + - Identity and Access Management (IAM) + - Compute Engine API + - App Engine Admin API + - Cloud Resource Manager API + +* Make necessary changes in `playground/terraform/environment/beta/terraform.tfvars` file: ``` - -## 1. Create new environment - -To provide information about the terraform backend, run the following commands - -* New environment folder - -```bash -mkdir /path/to/beam/playground/terraform/environment/{env-name} +network_name = "network_name" #Choose network name +project_id = "project_id" #Input project ID +gke_name = "playground-backend" #Define GKE name +region = "us-east1" #Choose region +pg_location = "us-east1-b" #Choose location (should be in the region) +state_bucket = "bucket_name" #Input bucket name +bucket_examples_name = "bucket_name-example" #Input example bucket name ``` - -* Backend config - -```bash -echo 'bucket = "put your state bucket name here"' > /path/to/beam/playground/terraform/environment/{env-name}/state.tfbackend +* Make necessary changes in `playground/terraform/environment/beta/state.tfbackend` file: ``` - -* Terraform variables config and provide necessary variables - -```bash -touch /path/to/beam/playground/terraform/environment/{env-name}/terraform.tfvars +bucket = "bucket_name" #input bucket name (will be used for tfstate file) ``` - -Then provide necessary variables. - -## 2. Provision infrastructure - -To deploy Playground infrastructure run gradle task: - -```bash -./gradlew playground:terraform:InitInfrastructure -Pproject_environment="env-name" +* Export GOOGLE_APPLICATION_CREDENTIALS using following command: ``` - -## 3. Deploy application - -To deploy application run following steps: - -* Authinticate in Artifact registry - -```bash -gcloud auth configure-docker us-central1-docker.pkg.dev + export GOOGLE_APPLICATION_CREDENTIALS=`your json key locaton` Review Comment: need to add some link to how can we obtain credentials and for which account Also please add if this should be a absolute or relative path ########## playground/infrastructure/helm-backend/values.yaml: ########## @@ -0,0 +1,36 @@ + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +replicaCount: 1 +image: + java_image: beam_playground-backend-java + go_image: beam_playground-backend-go + router_image: beam_playground-backend-router + scio_image: beam_playground-backend-scio + python_image: beam_playground-backend-python + pullPolicy: Always + tag: "beta" + +service: + type: NodePort + targetPort: 8080 + port: 443 + +autoscaling: + enabled: false Review Comment: @MakarkinSAkvelon why aren't we enabling scaling? ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created +* Service account with the following roles should be created: + - App Engine Admin + - App Engine Creator + - Artifact Registry Administrator + - Cloud Memorystore Redis Admin + - Compute Admin + - Create Service Accounts + - Kubernetes Engine Admin + - Quota Administrator + - Role Administrator + - Security Admin + - Service Account User + - Storage Admin + - Cloud Datastore Index Admin +* Following APIs should be enabled: + - Identity and Access Management (IAM) + - Compute Engine API + - App Engine Admin API + - Cloud Resource Manager API + +* Make necessary changes in `playground/terraform/environment/beta/terraform.tfvars` file: ``` - -## 1. Create new environment - -To provide information about the terraform backend, run the following commands - -* New environment folder - -```bash -mkdir /path/to/beam/playground/terraform/environment/{env-name} +network_name = "network_name" #Choose network name +project_id = "project_id" #Input project ID +gke_name = "playground-backend" #Define GKE name +region = "us-east1" #Choose region +pg_location = "us-east1-b" #Choose location (should be in the region) +state_bucket = "bucket_name" #Input bucket name +bucket_examples_name = "bucket_name-example" #Input example bucket name ``` - -* Backend config - -```bash -echo 'bucket = "put your state bucket name here"' > /path/to/beam/playground/terraform/environment/{env-name}/state.tfbackend +* Make necessary changes in `playground/terraform/environment/beta/state.tfbackend` file: ``` - -* Terraform variables config and provide necessary variables - -```bash -touch /path/to/beam/playground/terraform/environment/{env-name}/terraform.tfvars +bucket = "bucket_name" #input bucket name (will be used for tfstate file) ``` - -Then provide necessary variables. - -## 2. Provision infrastructure - -To deploy Playground infrastructure run gradle task: - -```bash -./gradlew playground:terraform:InitInfrastructure -Pproject_environment="env-name" +* Export GOOGLE_APPLICATION_CREDENTIALS using following command: ``` - -## 3. Deploy application - -To deploy application run following steps: - -* Authinticate in Artifact registry - -```bash -gcloud auth configure-docker us-central1-docker.pkg.dev + export GOOGLE_APPLICATION_CREDENTIALS=`your json key locaton` ``` - -* Вeploy backend services - -```bash -./gradlew playground:terraform:deployBackend -Pproject_environment="env-name" -Pdocker-tag="tag" +* Activate created service account using following command: +``` + gcloud auth activate-service-account `full principal service account` --key-file=`your json key locaton` +``` +* Install kubectl: +``` + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" &&\ + chmod +x kubectl &&\ + mv kubectl /usr/local/bin/ +``` +* Install Helm: +``` + curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 &&\ + chmod 700 get_helm.sh &&\ + ./get_helm.sh +``` +# Infrastructure deployment: +* Run following command for infrastructure deployment (please be sure that you are in the "beam" folder): +``` +./gradlew playground:terraform:InitInfrastructure -Pproject_environment="beta" +``` +# Backend deployment: +* Login to Docker registry: +``` + cat `your json key locaton` | docker login -u _json_key --password-stdin https://`chosen_region`-docker.pkg.dev Review Comment: For me "gcloud auth configure-docker" was needed prior to this step ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created +* Service account with the following roles should be created: Review Comment: Looks like we also need appengine.deployer role ########## playground/terraform/environment/beta/state.tfbackend: ########## @@ -17,4 +17,4 @@ # under the License. # -bucket = "beam_playground_terraform" +bucket = "pg-second" Review Comment: @MakarkinSAkvelon can we have a meaningful name here? ########## playground/terraform/README.md: ########## @@ -17,73 +17,89 @@ under the License. --> -# Requirements - -The following items need to be setup for the Playground cluster deployment on GCP: - -* [GCP account](https://cloud.google.com/) -* [`gcloud` command-line tool](https://cloud.google.com/sdk/gcloud) and required setup i.e. login -* [Terraform](https://www.terraform.io/downloads.html) tool -* [Docker](https://www.docker.com/get-started) - -# Deployment steps - -## 0. Create GCS bucket for state - -```bash -$ gsutil mb -p ${PROJECT_ID} gs://state-bucket-name -$ gsutil versioning set on gs://state-bucket-name +# Prerequisit: + +* GCP project should be created +* Bucket should be created Review Comment: If this is a bucket for terraform state - could you please describe that local terraform backend can be used if applicable. Also we should at least point to some doc describing best settings for bucket (versioning, region...) ########## playground/terraform/variables.tf: ########## @@ -85,10 +85,9 @@ variable "repository_id" { default = "playground-repository" } -variable "repository_location" { - description = "Location of Artifact Registry" - default = "us-central1" -} +# variable "repository_location" { Review Comment: @MakarkinSAkvelon please remove comments -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
