From 1a6f2143bdcbc194da521bc7ba44f718544472c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoann=20Rodi=C3=A8re?= Date: Thu, 15 Feb 2024 11:32:16 +0100 Subject: [PATCH 1/3] Use quarkus-helm for deployment To set different OpenShift config for staging and prod. --- .github/workflows/deploy.yml | 40 +++++++++- Dockerfile | 3 + README.adoc | 10 +-- pom.xml | 7 +- src/main/helm/values.prod.yaml | 0 src/main/helm/values.staging.yaml | 0 src/main/kubernetes/openshift.yml | 93 ++--------------------- src/main/resources/application.properties | 4 +- 8 files changed, 58 insertions(+), 99 deletions(-) create mode 100644 src/main/helm/values.prod.yaml create mode 100644 src/main/helm/values.staging.yaml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2de6c958..d013dbff 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -25,6 +25,10 @@ jobs: runs-on: ubuntu-latest + env: + QUARKUS_PROFILE: ${{ github.ref == 'refs/heads/production' && 'prod' || 'staging' }} + TAG: ${{ github.sha }} + steps: - uses: actions/checkout@v2 @@ -34,6 +38,11 @@ jobs: distribution: temurin java-version: 17 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: 'v3.13.3' + - name: Log in to OpenShift (Dev) if: ${{ github.ref == 'refs/heads/main' }} uses: redhat-actions/oc-login@v1 @@ -50,8 +59,31 @@ jobs: openshift_token: ${{ secrets.OPENSHIFT_TOKEN_PROD }} namespace: ${{ env.OPENSHIFT_NAMESPACE_PROD }} - - name: Delete problematic image - run: oc delete is ubi-quarkus-native-binary-s2i || true + - name: Create ImageStreams + run: | + oc create imagestream search-quarkus-io || true + oc create imagestream opensearch-custom || true + # https://docs.openshift.com/container-platform/4.14/openshift_images/using-imagestreams-with-kube-resources.html + oc set image-lookup search-quarkus-io + oc set image-lookup opensearch-custom + + - name: Log in to OpenShift container registry + run: docker login -u "$(oc whoami)" -p "$(oc whoami --show-token)" "$(oc registry info)" + + - name: Build container images and Helm charts, push app container image + run: | + ./mvnw clean package \ + -Drevision="$TAG" \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.push=true \ + -Dquarkus.container-image.registry="$(oc registry info)" \ + -Dquarkus.container-image.group="$(oc project --short)" + + - name: Push OpenSearch container image + run: | + docker push "opensearch-custom:latest" "$(oc registry info)/$(oc project --short)/opensearch-custom:latest" - - name: Build and deploy - run: mvn clean package -Dquarkus.kubernetes.deploy=true -Dquarkus.native.container-build=true -Drevision=${{ github.sha }} + - name: Deploy Helm charts + run: | + helm upgrade --install search-quarkus-io ./target/helm/openshift/search-quarkus-io \ + -f ./src/main/helm/values.$QUARKUS_PROFILE.yaml \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 4dd42773..b9886869 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ FROM opensearchproject/opensearch:2.11.0 +# Workaround for https://github.com/opensearch-project/opensearch-devops/issues/97 +RUN chmod -R go=u /usr/share/opensearch + RUN /usr/share/opensearch/bin/opensearch-plugin install --batch analysis-kuromoji RUN /usr/share/opensearch/bin/opensearch-plugin install --batch analysis-smartcn RUN /usr/share/opensearch/bin/opensearch-plugin install --batch analysis-icu \ No newline at end of file diff --git a/README.adoc b/README.adoc index d12373bf..2720f248 100644 --- a/README.adoc +++ b/README.adoc @@ -128,9 +128,9 @@ If you want to start a (production) container locally with podman, you can build [source,shell] ---- -quarkus build -DskipTests -Dquarkus.container-image.build=true -Dquarkus.container-image.builder=jib +quarkus build -DskipTests -Dquarkus.container-image.build=true # OR -./mvnw install -DskipTests -Dquarkus.container-image.build=true -Dquarkus.container-image.builder=jib +./mvnw install -DskipTests -Dquarkus.container-image.build=true ---- Then start it this way: @@ -147,7 +147,7 @@ podman container run -d --name search-backend-0 --pod search.quarkus.io \ -e "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" \ -e "DISABLE_SECURITY_PLUGIN=true" \ -e "cluster.routing.allocation.disk.threshold_enabled=false" \ - opensearch-custom-plugin:2.11.0 + opensearch-custom:2.11.0 podman container run -d --name search-backend-1 --pod search.quarkus.io \ --cpus=2 --memory=2g \ -e "node.name=search-backend-1" \ @@ -156,7 +156,7 @@ podman container run -d --name search-backend-1 --pod search.quarkus.io \ -e "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" \ -e "DISABLE_SECURITY_PLUGIN=true" \ -e "cluster.routing.allocation.disk.threshold_enabled=false" \ - opensearch-custom-plugin:2.11.0 + opensearch-custom:2.11.0 podman container run -d --name search-backend-2 --pod search.quarkus.io \ --cpus=2 --memory=2g \ -e "node.name=search-backend-2" \ @@ -165,7 +165,7 @@ podman container run -d --name search-backend-2 --pod search.quarkus.io \ -e "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" \ -e "DISABLE_SECURITY_PLUGIN=true" \ -e "cluster.routing.allocation.disk.threshold_enabled=false" \ - opensearch-custom-plugin:2.11.0 + opensearch-custom:2.11.0 # Then the app; this will fetch the actual data on startup (might take a while): podman container run -it --rm --name search.quarkus.io --pod search.quarkus.io search-quarkus-io:999-SNAPSHOT # OR, if you already have locals clones of *.quarkus.io: diff --git a/pom.xml b/pom.xml index a4207d6a..aa804606 100644 --- a/pom.xml +++ b/pom.xml @@ -161,6 +161,11 @@ io.quarkus quarkus-hibernate-validator + + io.quarkiverse.helm + quarkus-helm + 1.2.1 + io.quarkus quarkus-junit5 @@ -308,7 +313,7 @@ - opensearch-custom-plugin + opensearch-custom ${project.basedir}/Dockerfile diff --git a/src/main/helm/values.prod.yaml b/src/main/helm/values.prod.yaml new file mode 100644 index 00000000..e69de29b diff --git a/src/main/helm/values.staging.yaml b/src/main/helm/values.staging.yaml new file mode 100644 index 00000000..e69de29b diff --git a/src/main/kubernetes/openshift.yml b/src/main/kubernetes/openshift.yml index d907ce77..ceec36b0 100644 --- a/src/main/kubernetes/openshift.yml +++ b/src/main/kubernetes/openshift.yml @@ -1,73 +1,3 @@ -apiVersion: image.openshift.io/v1 -kind: "ImageStream" -metadata: - name: opensearch - annotations: - openshift.io/display-name: opensearch - labels: - app.kubernetes.io/name: search-backend - app.kubernetes.io/component: datastore - app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus -spec: - lookupPolicy: - local: true - tags: - - name: current - from: - kind: DockerImage - name: docker.io/opensearchproject/opensearch:2.11.0 ---- -apiVersion: image.openshift.io/v1 -kind: "ImageStream" -metadata: - name: opensearch-fixed - annotations: - openshift.io/display-name: opensearch-fixed - labels: - app.kubernetes.io/name: search-backend - app.kubernetes.io/component: datastore - app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus -spec: - lookupPolicy: - local: true ---- -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - name: opensearch-fixed-build - labels: - app.kubernetes.io/name: search-backend - app.kubernetes.io/component: datastore - app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus -spec: - triggers: - - type: ConfigChange - - type: ImageChange - imageChange: - from: - kind: ImageStreamTag - name: opensearch:current - source: - # Workaround for https://github.com/opensearch-project/opensearch-devops/issues/97 - dockerfile: |- - FROM opensearch:current - RUN chmod -R go=u /usr/share/opensearch - RUN /usr/share/opensearch/bin/opensearch-plugin install --batch analysis-kuromoji - RUN /usr/share/opensearch/bin/opensearch-plugin install --batch analysis-smartcn - RUN /usr/share/opensearch/bin/opensearch-plugin install --batch analysis-icu - strategy: - type: Docker - dockerStrategy: - from: - kind: ImageStreamTag - name: opensearch:current - output: - to: - kind: ImageStreamTag - name: opensearch-fixed:current --- apiVersion: v1 kind: Service @@ -78,7 +8,6 @@ metadata: app.kubernetes.io/name: search-backend app.kubernetes.io/component: datastore app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus spec: ports: - name: http @@ -103,7 +32,6 @@ metadata: app.kubernetes.io/name: search-backend app.kubernetes.io/component: datastore app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus # See https://www.hafifbilgiler.com/hafif-bilgiler/elasticsearch-installation-on-openshift/ spec: serviceName: search-backend @@ -118,11 +46,13 @@ spec: app.kubernetes.io/name: search-backend app.kubernetes.io/component: datastore app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus + annotations: + alpha.image.policy.openshift.io/resolve-names: '*' spec: containers: - name: opensearch - image: opensearch-fixed:current + # The image gets pushed manually as part of the "deploy" workflow. + image: opensearch-custom:latest imagePullPolicy: Always resources: limits: @@ -171,7 +101,7 @@ spec: # and we can't run with user 1000 on OpenShift. # See also: # - https://github.com/opensearch-project/opensearch-devops/issues/97 - # - BuildConfig opensearch-fixed-build + # - Dockerfile in this git repo - name: DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI value: 'true' - name: DISABLE_INSTALL_DEMO_CONFIG @@ -195,20 +125,9 @@ spec: app.kubernetes.io/name: search-backend app.kubernetes.io/component: datastore app.kubernetes.io/part-of: search-quarkus-io - app.kubernetes.io/managed-by: quarkus spec: accessModes: [ "ReadWriteOnce" ] storageClassName: "gp2" resources: requests: - storage: 5Gi - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - search-backend - from: - kind: ImageStreamTag - name: opensearch-fixed:current \ No newline at end of file + storage: 5Gi \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index f010bdf5..bdde947c 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -61,7 +61,7 @@ quarkus.datasource.jdbc.max-size=100 quarkus.datasource.jdbc.min-size=0 ## Hibernate Search quarkus.hibernate-search-orm.elasticsearch.version=opensearch:2.11 -quarkus.elasticsearch.devservices.image-name=opensearch-custom-plugin:2.11.0 +quarkus.elasticsearch.devservices.image-name=opensearch-custom:2.11.0 ## Limit parallelism of indexing, because OpenSearch can only handle so many documents in its buffers. ## This leads to at most 12*20=240 documents being indexed in parallel, which should be plenty ## given how large our documents can be. @@ -131,7 +131,7 @@ quarkus.swagger-ui.always-include=true quarkus.swagger-ui.title=Quarkus Search API # Deployment to OpenShift -quarkus.container-image.builder=openshift +quarkus.container-image.builder=jib quarkus.openshift.part-of=search-quarkus-io # See src/main/kubernetes/openshift.yml for the search-backend StatefulSet definition # Rely on OpenShift's internal DNS to resolve the IP to search-backend nodes From f15eba4d14e29f8529aa8a0dd358b837cbedc733 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoann=20Rodi=C3=A8re?= Date: Thu, 15 Feb 2024 19:26:31 +0100 Subject: [PATCH 2/3] Set lower resource requirements on staging Because the cluster is kind of overloaded right now. --- src/main/helm/values.prod.yaml | 1 + src/main/helm/values.staging.yaml | 18 ++++++++++++++++++ src/main/kubernetes/openshift.yml | 10 +++++----- src/main/resources/application.properties | 18 +++++++++++++++--- 4 files changed, 39 insertions(+), 8 deletions(-) diff --git a/src/main/helm/values.prod.yaml b/src/main/helm/values.prod.yaml index e69de29b..ddc176b2 100644 --- a/src/main/helm/values.prod.yaml +++ b/src/main/helm/values.prod.yaml @@ -0,0 +1 @@ +# Prod values are the defaults \ No newline at end of file diff --git a/src/main/helm/values.staging.yaml b/src/main/helm/values.staging.yaml index e69de29b..ab43437a 100644 --- a/src/main/helm/values.staging.yaml +++ b/src/main/helm/values.staging.yaml @@ -0,0 +1,18 @@ +app: + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 400m + memory: 500Mi +opensearch: + envs: + OPENSEARCH_JAVA_OPTS: ' -Xms500m -Xmx500m ' + resources: + limits: + cpu: 1000m + memory: 1.5Gi + requests: + cpu: 500m + memory: 1Gi \ No newline at end of file diff --git a/src/main/kubernetes/openshift.yml b/src/main/kubernetes/openshift.yml index ceec36b0..85300d84 100644 --- a/src/main/kubernetes/openshift.yml +++ b/src/main/kubernetes/openshift.yml @@ -56,11 +56,11 @@ spec: imagePullPolicy: Always resources: limits: - cpu: 2000m - memory: 3Gi + cpu: '{{ .Values.opensearch.resources.limits.cpu }}' + memory: '{{ .Values.opensearch.resources.limits.memory }}' requests: - cpu: 1000m - memory: 2Gi + cpu: '{{ .Values.opensearch.resources.requests.cpu }}' + memory: '{{ .Values.opensearch.resources.requests.memory }}' readinessProbe: httpGet: scheme: HTTP @@ -94,7 +94,7 @@ spec: value: "false" # OpenSearch doesn't seem to automatically adapt -Xmx to available memory, for some reason - name: OPENSEARCH_JAVA_OPTS - value: -Xms1g -Xmx1g + value: '{{ .Values.opensearch.envs.OPENSEARCH_JAVA_OPTS }}' # This is necessary to avoid OpenSearch trying to install various things on startup, # which leads to filesystem operations (chmod/chown) that won't work # because only user 1000 has the relevant permissions, diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index bdde947c..10d5b5f9 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -130,7 +130,7 @@ mp.openapi.extensions.smallrye.info.contact.url=https://github.com/quarkusio/sea quarkus.swagger-ui.always-include=true quarkus.swagger-ui.title=Quarkus Search API -# Deployment to OpenShift +# OpenShift - App config quarkus.container-image.builder=jib quarkus.openshift.part-of=search-quarkus-io # See src/main/kubernetes/openshift.yml for the search-backend StatefulSet definition @@ -147,11 +147,15 @@ quarkus.openshift.env.vars.home=/tmp quarkus.openshift.annotations."kubernetes.io/tls-acme"=true quarkus.openshift.env.configmaps=search-quarkus-io-config quarkus.openshift.env.secrets=search-quarkus-io-secrets -# Declare resource requirements +# Resource requirements (overridden for staging, see src/main/helm) quarkus.openshift.resources.limits.cpu=1000m quarkus.openshift.resources.requests.cpu=400m quarkus.openshift.resources.limits.memory=2Gi quarkus.openshift.resources.requests.memory=1Gi +quarkus.helm.values."resources.limits.cpu".paths=spec.template.spec.containers.resources.limits.cpu +quarkus.helm.values."resources.requests.cpu".paths=spec.template.spec.containers.resources.requests.cpu +quarkus.helm.values."resources.limits.memory".paths=spec.template.spec.containers.resources.limits.memory +quarkus.helm.values."resources.requests.memory".paths=spec.template.spec.containers.resources.requests.memory # Initial indexing may take a while, especially the quarkus.io Git cloning quarkus.openshift.startup-probe.initial-delay=30S quarkus.openshift.startup-probe.period=15S @@ -161,4 +165,12 @@ quarkus.openshift.ports."management".container-port=9000 quarkus.openshift.ports."management".host-port=90 # Don't use the version in (service) selectors, # otherwise a rollback to an earlier version (due to failing startup) makes the service unavailable -quarkus.openshift.add-version-to-label-selectors=false \ No newline at end of file +quarkus.openshift.add-version-to-label-selectors=false + +# OpenShift - Backend config +# Resource requirements (overridden for staging, see src/main/helm) +quarkus.helm.values."@.opensearch.envs.OPENSEARCH_JAVA_OPTS".value=\ -Xms1g -Xmx1g +quarkus.helm.values."@.opensearch.resources.limits.cpu".value=2000m +quarkus.helm.values."@.opensearch.resources.requests.cpu".value=1000m +quarkus.helm.values."@.opensearch.resources.limits.memory".value=3Gi +quarkus.helm.values."@.opensearch.resources.requests.memory".value=2Gi From 6c5217d790b9e4ac4250fa7839dbe7799e273c88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoann=20Rodi=C3=A8re?= Date: Thu, 15 Feb 2024 12:01:52 +0100 Subject: [PATCH 3/3] Control the OpenSearch version through Maven properties --- pom.xml | 8 ++++++-- .../main/docker/opensearch-custom.Dockerfile | 3 ++- src/main/kubernetes/openshift.yml | 2 +- src/main/resources/application.properties | 4 ++-- 4 files changed, 11 insertions(+), 6 deletions(-) rename Dockerfile => src/main/docker/opensearch-custom.Dockerfile (81%) diff --git a/pom.xml b/pom.xml index aa804606..f54ab4d0 100644 --- a/pom.xml +++ b/pom.xml @@ -23,6 +23,7 @@ 3.12.1 + ${version.opensearch} 17 UTF-8 UTF-8 @@ -36,6 +37,7 @@ 0.44.0 2.23.0 1.9.0 + 2.11.0 @@ -210,6 +212,7 @@ ${test.jvm.args} ${project.basedir}/src/test/resources + ${version.opensearch} @@ -234,6 +237,7 @@ org.jboss.logmanager.LogManager ${maven.home} ${project.basedir}/src/test/resources + ${version.opensearch} true @@ -315,9 +319,9 @@ opensearch-custom - ${project.basedir}/Dockerfile + ${project.basedir}/src/main/docker/opensearch-custom.Dockerfile - 2.11.0 + ${version.opensearch} diff --git a/Dockerfile b/src/main/docker/opensearch-custom.Dockerfile similarity index 81% rename from Dockerfile rename to src/main/docker/opensearch-custom.Dockerfile index b9886869..5538c62b 100644 --- a/Dockerfile +++ b/src/main/docker/opensearch-custom.Dockerfile @@ -1,4 +1,5 @@ -FROM opensearchproject/opensearch:2.11.0 +ARG OPENSEARCH_VERSION= +FROM opensearchproject/opensearch:${OPENSEARCH_VERSION} # Workaround for https://github.com/opensearch-project/opensearch-devops/issues/97 RUN chmod -R go=u /usr/share/opensearch diff --git a/src/main/kubernetes/openshift.yml b/src/main/kubernetes/openshift.yml index 85300d84..446cfa44 100644 --- a/src/main/kubernetes/openshift.yml +++ b/src/main/kubernetes/openshift.yml @@ -101,7 +101,7 @@ spec: # and we can't run with user 1000 on OpenShift. # See also: # - https://github.com/opensearch-project/opensearch-devops/issues/97 - # - Dockerfile in this git repo + # - src/main/docker/opensearch-custom.Dockerfile - name: DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI value: 'true' - name: DISABLE_INSTALL_DEMO_CONFIG diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 10d5b5f9..30886422 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -60,8 +60,8 @@ quarkus.datasource.jdbc.max-size=100 ## But we don't need it to be that large after indexing. quarkus.datasource.jdbc.min-size=0 ## Hibernate Search -quarkus.hibernate-search-orm.elasticsearch.version=opensearch:2.11 -quarkus.elasticsearch.devservices.image-name=opensearch-custom:2.11.0 +quarkus.hibernate-search-orm.elasticsearch.version=opensearch:${maven.version.opensearch} +quarkus.elasticsearch.devservices.image-name=opensearch-custom:${maven.version.opensearch} ## Limit parallelism of indexing, because OpenSearch can only handle so many documents in its buffers. ## This leads to at most 12*20=240 documents being indexed in parallel, which should be plenty ## given how large our documents can be.