diff --git a/deployment/bin/deploy b/deployment/bin/deploy index 2e0b2e89..d3a2b386 100755 --- a/deployment/bin/deploy +++ b/deployment/bin/deploy @@ -135,17 +135,6 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then setup_helm - # Install cert-manager - - # echo "Installing cert-manager..." - - # helm upgrade --install \ - # cert-manager \ - # --namespace pc \ - # --create-namespace \ - # --version v1.6.0 \ - # --set installCRDs=true jetstack/cert-manager - echo "===================" echo "==== STAC API =====" echo "===================" @@ -183,12 +172,17 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then -f ${DEPLOY_VALUES_FILE} echo "Installing ingress-nginx..." - helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx \ + helm upgrade --install nginx-ingress helm/ingress-nginx-4.8.3.tgz \ -n pc \ --set controller.replicaCount=2 \ --set controller.service.externalTrafficPolicy="Local" \ --set controller.service.loadBalancerIP="${INGRESS_IP}" \ --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"="${DNS_LABEL}" \ + --set controller.image.registry="mcr.microsoft.com" \ + --set controller.image.image="oss/kubernetes/ingress/nginx-ingress-controller" \ + --set controller.image.tag="v1.9.6-patched" \ + --set controller.image.digest="sha256:2383717ea3edd1652b97e5b82adf15a3e7f091d0d5d0eceb8dce4410e3a6a292" \ + --version "4.8.3"\ --wait \ --timeout 2m0s \ -f bin/nginx-values.yaml diff --git a/deployment/bin/lib b/deployment/bin/lib index b931f1c8..329e682b 100755 --- a/deployment/bin/lib +++ b/deployment/bin/lib @@ -90,11 +90,6 @@ function cluster_login() { function setup_helm() { # Set the helm context to the same as the kubectl context export KUBE_CONTEXT=$(kubectl config current-context) - - # Add repos - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - helm repo add jetstack https://charts.jetstack.io - helm repo update } function full_setup() { diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index 81044367..1e20e1a0 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -11,7 +11,7 @@ services: - IMAGE_TAG - GIT_COMMIT - - ARM_SUBSCRIPTION_ID + - ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID:-a84a690d-585b-4c7c-80d9-851a48af5a50} - ARM_TENANT_ID - ARM_CLIENT_ID - ARM_USE_OIDC diff --git a/deployment/helm/ingress-nginx-4.8.3.tgz b/deployment/helm/ingress-nginx-4.8.3.tgz new file mode 100644 index 00000000..f2e3f3a0 Binary files /dev/null and b/deployment/helm/ingress-nginx-4.8.3.tgz differ diff --git a/deployment/terraform/resources/aks.tf b/deployment/terraform/resources/aks.tf index 23452424..109e69f2 100644 --- a/deployment/terraform/resources/aks.tf +++ b/deployment/terraform/resources/aks.tf @@ -3,7 +3,6 @@ resource "azurerm_kubernetes_cluster" "pc" { location = azurerm_resource_group.pc.location resource_group_name = azurerm_resource_group.pc.name dns_prefix = "${local.prefix}-cluster" - kubernetes_version = var.k8s_version key_vault_secrets_provider { secret_rotation_enabled = true @@ -18,15 +17,15 @@ resource "azurerm_kubernetes_cluster" "pc" { # https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-os-image node_os_channel_upgrade = "NodeImage" - image_cleaner_enabled = true + image_cleaner_enabled = true + image_cleaner_interval_hours = 24 default_node_pool { - name = "agentpool" - os_sku = "AzureLinux" - vm_size = "Standard_DS2_v2" - node_count = var.aks_node_count - vnet_subnet_id = azurerm_subnet.node_subnet.id - orchestrator_version = var.k8s_version + name = "agentpool" + os_sku = "AzureLinux" + vm_size = "Standard_DS2_v2" + node_count = var.aks_node_count + vnet_subnet_id = azurerm_subnet.node_subnet.id } identity { @@ -40,7 +39,7 @@ resource "azurerm_kubernetes_cluster" "pc" { maintenance_window { allowed { - day = "Saturday" + day = "Saturday" hours = [10, 11, 12, 13, 14, 15, 16, 17, 18] } # not_allowed { @@ -52,21 +51,21 @@ resource "azurerm_kubernetes_cluster" "pc" { # Recommendation is to make it at least 4 hours long # https://learn.microsoft.com/en-us/azure/aks/planned-maintenance?tabs=json-file#creating-a-maintenance-window maintenance_window_auto_upgrade { - frequency = "Weekly" + frequency = "Weekly" day_of_week = "Saturday" - interval = 1 - duration = 4 - utc_offset = "+00:00" - start_time = "10:00" # UTC + interval = 1 + duration = 4 + utc_offset = "+00:00" + start_time = "10:00" # UTC } maintenance_window_node_os { - frequency = "Weekly" + frequency = "Weekly" day_of_week = "Saturday" - interval = 1 - duration = 4 - utc_offset = "+00:00" - start_time = "14:00" # UTC + interval = 1 + duration = 4 + utc_offset = "+00:00" + start_time = "14:00" # UTC } tags = { diff --git a/deployment/terraform/resources/variables.tf b/deployment/terraform/resources/variables.tf index 51e83511..c760a708 100644 --- a/deployment/terraform/resources/variables.tf +++ b/deployment/terraform/resources/variables.tf @@ -46,10 +46,6 @@ variable "tiler_replica_count" { type = number } -variable "k8s_version" { - type = string -} - # -- Postgres variable "pg_host" { diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf index 359f899a..e58cc67a 100644 --- a/deployment/terraform/staging/main.tf +++ b/deployment/terraform/staging/main.tf @@ -4,8 +4,6 @@ module "resources" { environment = "staging" region = "West Europe" - k8s_version = "1.28.5" - cluster_cert_issuer = "letsencrypt" cluster_cert_server = "https://acme-v02.api.letsencrypt.org/directory" @@ -32,7 +30,7 @@ terraform { storage_account_name = "pctesttfstate" container_name = "pc-test-api" key = "pqe-apis.tfstate" - use_oidc = true + use_oidc = true } }