Merge branch 'tanners-initial-k8' into KubernetesExperimentation

Signed-off-by: Greg Schohn <[email protected]> # Conflicts: # deployment/k8/migration-assistant/Chart.yaml
opensearch-project · Jan 9, 2025 · 9443402 · 9443402
2 parents 290edd0 + 5fd0b96
commit 9443402
Show file tree

Hide file tree

Showing 8 changed files with 388 additions and 12 deletions.
diff --git a/deployment/k8/README.md b/deployment/k8/README.md
@@ -41,8 +41,8 @@ A convenience script `minikubeLocal.sh` is located in this directory which wraps
 
 ## Deploying
 
-### Full environment
-Guide for deploying a complete environment helm chart comprised of many Migration service helm charts
+### Migration Assistant environment
+Guide for deploying a complete Migration Assistant environment helm chart, with the ability to enabled/disable different Migration services and clusters as needed
 
 The full environment helm charts consists of:
 * Source cluster
@@ -51,26 +51,20 @@ The full environment helm charts consists of:
 
 **Note**: For first-time deployments and deployments after changes have been made to a dependent helm package, such as the `migration-console` chart, the following command is needed to update dependent charts
 ```shell
-helm dependency update environments/full-environment
+helm dependency update migration-assistant
 ```
 
 The full environment helm chart can be deployed with the helm command
 ```shell
-helm install local environments/full-environment
+helm install ma migration-assistant
 ```
 
 ### Specific services
 Guide for deploying an individual Migration service helm chart
 
-Most migration services have a dependency on Persistent Volumes that can be installed to the Kubernetes cluster using the following commands
-```shell
-helm install shared-logs shared/shared-logs-vol
-helm install snapshot-vol shared/snapshot-vol
-```
-
 A particular service could then be deployed with a command similar to the below.
 ```shell
-helm install migration-console migration-console
+helm install migration-console services/migration-console
 ```
 
 ## Uninstalling
@@ -83,3 +77,54 @@ To uninstall a particular helm deployment
 ```shell
 helm uninstall <deployment_name>
 ```
+
+### AWS Initial Setup
+#### Setting up EBS driver to dynamically provision PVs
+```shell
+# To check if any IAM OIDC provider is configured:
+aws iam list-open-id-connect-providers
+# If none exist, create one:
+eksctl utils associate-iam-oidc-provider --cluster <cluster_name> --approve
+# Create IAM role for service account in order to use EBS CSI driver in EKS
+# This currently creates a CFN stack and may 
+eksctl create iamserviceaccount \
+    --name ebs-csi-controller-sa \
+    --namespace kube-system \
+    --cluster <cluster_name> \
+    --role-name AmazonEKS_EBS_CSI_DriverRole \
+    --role-only \
+    --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
+    --approve
+# Install add-on to EKS cluster using the created IAM role for the service account
+eksctl create addon --cluster <cluster_name> --name aws-ebs-csi-driver --version latest --service-account-role-arn <role_arn> --force
+# Create StorageClass to dynamically provision persistent volumes (PV)
+kubectl apply -f aws/storage-class-ebs.yml
+```
+#### Setting up EFS driver to dynamically provision PVs
+```shell
+export cluster_name=<cluster_name>
+export role_name=AmazonEKS_EFS_CSI_DriverRole
+eksctl create iamserviceaccount \
+    --name efs-csi-controller-sa \
+    --namespace kube-system \
+    --cluster $cluster_name \
+    --role-name $role_name \
+    --role-only \
+    --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy \
+    --approve
+TRUST_POLICY=$(aws iam get-role --role-name $role_name --query 'Role.AssumeRolePolicyDocument' | \
+    sed -e 's/efs-csi-controller-sa/efs-csi-*/' -e 's/StringEquals/StringLike/')
+aws iam update-assume-role-policy --role-name $role_name --policy-document "$TRUST_POLICY"
+eksctl create addon --cluster $cluster_name --name aws-efs-csi-driver --version latest --service-account-role-arn <role_arn> --force
+kubectl apply -f aws/storage-class-efs.yml
+```
+
+Create an ECR to store images
+```shell
+./buildDockerImagesMini.sh --create-ecr
+```
+
+Build images and push to ECR
+```shell
+./buildDockerImagesMini.sh --sync-ecr
+```
diff --git a/deployment/k8/aws/storage-class-ebs.yml b/deployment/k8/aws/storage-class-ebs.yml
@@ -0,0 +1,8 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ebs-sc
+provisioner: ebs.csi.aws.com
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  encrypted: "true"
diff --git a/deployment/k8/aws/storage-class-efs.yml b/deployment/k8/aws/storage-class-efs.yml
@@ -0,0 +1,16 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: efs-sc
+provisioner: efs.csi.aws.com
+parameters:
+  provisioningMode: efs-ap
+  fileSystemId: "fs-0bc6e04752a510618"
+  directoryPerms: "700"
+  #gidRangeStart: "1000"
+  #gidRangeEnd: "2000"
+  #basePath: "/dynamic_provisioning"
+#mountOptions:
+#  - tls
+#reclaimPolicy: Retain
+volumeBindingMode: Immediate
diff --git a/deployment/k8/aws/values/migration-assistant-aws.yml b/deployment/k8/aws/values/migration-assistant-aws.yml
@@ -0,0 +1,161 @@
+# Define all enabled/disabled migration services
+migration-console-enabled: true
+capture-proxy-enabled: true
+replayer-enabled: false
+kafka-op-enabled: true
+reindex-from-snapshot-enabled: false
+elasticsearch-searchguard-enabled: true
+opensearch-helm-enabled: true
+
+# Define specific dependency configuration
+opensearch-helm:
+  fullnameOverride: "opensearch"
+  image:
+    tag: "2.17.0"
+  replicas: 1
+  singleNode: true
+  config:
+    discovery.type: single-node
+  extraEnvs:
+    - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
+      value: myStrongPassword123!
+  service:
+    type: LoadBalancer
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
+      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+  persistence:
+    enabled: true
+    storageClass: "ebs-sc"
+    size: "30Gi"
+
+kafka-op:
+  clusterName: kafka-cluster
+  kafkaVersion: 3.8.0
+  kafkaMetadataVersion: 3.8-IV0
+  nodePool:
+    replicas: 1
+    volume:
+      size: 10Gi
+      class: "ebs-sc"
+      deleteClaim: true
+
+elasticsearch:
+  replicaCount: 1
+  image:
+    repository: 977363099154.dkr.ecr.us-east-1.amazonaws.com/migrations-local-repo
+    pullPolicy: IfNotPresent
+    tag: "elasticsearch_searchguard-latest"
+  service:
+    type: ClusterIP
+    port: 19200 # Port exposed to external
+    targetPort: 9200 # Container port
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+  env:
+    - name: path.repo
+      value: "/storage/snapshot"
+  volumes:
+    - name: snapshot-vol
+      persistentVolumeClaim:
+        claimName: snapshot-vol-pvc
+  volumeMounts:
+    - name: snapshot-vol
+      mountPath: /storage
+  snapshot-vol:
+    volume:
+      volumeName: snapshot-vol
+      mountPath: /storage # Path inside the container where the volume should be mounted
+      # Persistent volume claim settings
+      pvcClaimName: snapshot-vol-pvc
+      storageClass: "efs-sc"
+      accessMode: ReadWriteOnce
+      size: 5Gi
+
+migration-console:
+  replicaCount: 1
+  image:
+    repository: 977363099154.dkr.ecr.us-east-1.amazonaws.com/migrations-local-repo
+    pullPolicy: IfNotPresent
+    tag: "migration_console-latest"
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+  env:
+    - name: SHARED_LOGS_DIR_PATH
+      value: /shared-logs-output/traffic-replayer-default
+    - name: STAGE
+      configMapKeyRef:
+        name: test-env
+        key: STAGE
+  volumes:
+    - name: services-yaml
+      configMap:
+        name: services-yaml-config-map
+    - name: shared-logs
+      persistentVolumeClaim:
+        claimName: shared-logs-pvc
+    - name: snapshot-vol
+      persistentVolumeClaim:
+        claimName: snapshot-vol-pvc
+  volumeMounts:
+    - name: services-yaml
+      mountPath: /etc/migration-config
+    - name: shared-logs
+      mountPath: /shared-logs-output
+    - name: snapshot-vol
+      mountPath: /storage
+  snapshot-vol:
+    volume:
+      volumeName: snapshot-vol
+      mountPath: /storage # Path inside the container where the volume should be mounted
+      # Persistent volume claim settings
+      pvcClaimName: snapshot-vol-pvc
+      storageClass: "efs-sc"
+      accessMode: ReadWriteOnce
+      size: 5Gi
+  shared-logs-vol:
+    volume:
+      volumeName: shared-logs
+      mountPath: /shared-logs-output # Path inside the container where the volume should be mounted
+      # Persistent volume claim settings
+      pvcClaimName: shared-logs-pvc
+      storageClass: "efs-sc"
+      accessMode: ReadWriteOnce
+      size: 10Gi
+
+capture-proxy:
+  replicaCount: 1
+  image:
+    repository: 977363099154.dkr.ecr.us-east-1.amazonaws.com/migrations-local-repo
+    pullPolicy: IfNotPresent
+    tag: "capture_proxy-latest"
+  service:
+    type: ClusterIP
+    port: 9201 # Port exposed to external
+    targetPort: 9200 # Container port
+  container:
+    command: >
+      /runJavaWithClasspath.sh org.opensearch.migrations.trafficcapture.proxyserver.CaptureProxy
+      --kafkaConnection kafka-cluster-kafka-bootstrap:9092
+      --destinationUri  https://elasticsearch:19200
+      --insecureDestination
+      --listenPort 9200
+      --sslConfigFile /usr/share/elasticsearch/config/proxy_tls.yml
+  #--otelCollectorEndpoint http://localhost:4317
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi