helm-charts-azure issueshttps://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues2024-01-10T12:38:59Zhttps://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/32Update deployments to support PodDisruptionBudget & TopologySpreadConstraints...2024-01-10T12:38:59ZRitesh KoulUpdate deployments to support PodDisruptionBudget & TopologySpreadConstraints for airflowNeed to update airflow-8.5.2.tgz file to support **PodDisruptionBudget** & **TopologySpreadConstraints** features.
More details regarding implementation can be found under comments section given for an existing MR
**PodDisruptionBudget*...Need to update airflow-8.5.2.tgz file to support **PodDisruptionBudget** & **TopologySpreadConstraints** features.
More details regarding implementation can be found under comments section given for an existing MR
**PodDisruptionBudget** - https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/merge_requests/749#note_274646
**TopologySpreadConstraints** - https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/merge_requests/749#note_275017https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/30istio2023-11-15T09:30:33ZJANRAJ CJistiohttps://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/29Missing `helm dependency update` in Helm Chart for OSDU on Azure2023-09-18T15:40:58ZPaweł GrudzieńMissing `helm dependency update` in Helm Chart for OSDU on Azure**Description:**
The current instructions for deploying Helm charts do not include the essential step of updating dependencies using `helm dependency update`. This omission results in errors during chart deployment because dependencies ...**Description:**
The current instructions for deploying Helm charts do not include the essential step of updating dependencies using `helm dependency update`. This omission results in errors during chart deployment because dependencies are missing.
**Details:**
When attempting to deploy Helm charts using the provided instructions, the following error occurs:
```
Error: An error occurred while checking for chart dependencies. You may need to run `helm dependency build` to fetch missing dependencies: found in Chart.yaml, but missing in charts/ directory: unit, crs-catalog, crs-conversion, osdu-helm-library
```
Strangely enough I do not remember having that problem during the previous installation so I may assume that something changed in the code or my execution was a bit different. Nevertheless adding dep update should not break anything but instead add some quality to the instructions.
**Expected Behavior:**
The Helm chart should deploy successfully without dependency errors.
**Actual Behavior:**
The deployment fails due to missing chart dependencies.
**Steps to Reproduce:**
1. Follow the provided instructions to deploy Helm charts.
2. Observe the error indicating missing chart dependencies.
**Suggested Fix:**
Include the `helm dependency update` command before each `helm upgrade` command in the instructions:
```bash
# Ensure your context is set.
az aks get-credentials -n <your kubernetes service> --admin -g <resource group>
# Create Namespace
NAMESPACE=osdu-azure
kubectl create namespace $NAMESPACE && kubectl label namespace $NAMESPACE istio-injection=enabled
# Update dependencies and install charts
helm dependency update osdu-azure/osdu-partition_base
helm upgrade -i partition-services osdu-azure/osdu-partition_base -n $NAMESPACE -f osdu_azure_custom_values.yaml
helm dependency update osdu-azure/osdu-opa
helm upgrade -i opa osdu-azure/osdu-opa -n $NAMESPACE -f osdu_azure_custom_values.yaml --set global.replicaCount=3
helm dependency update osdu-azure/osdu-security_compliance
helm upgrade -i security-services osdu-azure/osdu-security_compliance -n $NAMESPACE -f osdu_azure_custom_values.yaml
helm dependency update osdu-azure/osdu-core_services
helm upgrade -i core-services osdu-azure/osdu-core_services -n $NAMESPACE -f osdu_azure_custom_values.yaml
helm dependency update osdu-azure/osdu-reference_helper
helm upgrade -i reference-services osdu-azure/osdu-reference_helper -n $NAMESPACE -f osdu_azure_custom_values.yaml
helm dependency update osdu-azure/osdu-ingest_enrich
helm upgrade -i ingest-services osdu-azure/osdu-ingest_enrich -n $NAMESPACE -f osdu_azure_custom_values.yaml
```https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/28Outdated Airflow create_user command in instructions (update for instructions)2023-09-18T15:23:17ZPaweł GrudzieńOutdated Airflow create_user command in instructions (update for instructions)**Title:** Outdated Airflow `create_user` command in instructions
**Description:**
The provided instructions for creating a user in Airflow use the old `create_user` command syntax. However, in the newer version of Airflow (Airflow 2),...**Title:** Outdated Airflow `create_user` command in instructions
**Description:**
The provided instructions for creating a user in Airflow use the old `create_user` command syntax. However, in the newer version of Airflow (Airflow 2), the correct command is `users create`.
**Details:**
The current documentation instructs users to utilize the following command:
```bash
airflow create_user \
--role Admin \
--username $USER_FIRST \
--firstname $USER_FIRST \
--lastname $USER_LAST \
--email $EMAIL \
--password $PASSWORD
```
This command is outdated and is not supported in Airflow 2.
**Expected Behavior:**
Instructions should utilize the updated command syntax compatible with Airflow 2:
```bash
airflow users create \
--role Admin \
--username $USER_FIRST \
--firstname $USER_FIRST \
--lastname $USER_LAST \
--email $EMAIL \
--password $PASSWORD
```
**Actual Behavior:**
Using the outdated command results in an error or unrecognized command in the Airflow 2 environment.
**Steps to Reproduce:**
1. Install Airflow 2.
2. Attempt to create a user using the provided `create_user` command.
3. Observe the error indicating the command is not recognized.
**Suggested Fix:**
Update the documentation to use the correct command syntax for creating a user in Airflow 2.https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/27Incorrect Kubernetes namespace in Airflow container retrieval instructions2023-09-18T12:37:46ZPaweł GrudzieńIncorrect Kubernetes namespace in Airflow container retrieval instructions**Title:** Incorrect Kubernetes namespace in Airflow container retrieval instructions
**Description:**
The provided instructions for accessing the Airflow web container refer to the wrong Kubernetes namespace. The documentation current...**Title:** Incorrect Kubernetes namespace in Airflow container retrieval instructions
**Description:**
The provided instructions for accessing the Airflow web container refer to the wrong Kubernetes namespace. The documentation currently indicates the namespace as `airflow` whereas the setup instructions establish it as `airflow2`. This is minor bug but gets me every time I try to deploy (and was not obvious the first time I deployed).
**Details:**
In the provided documentation, users are instructed to set up Airflow in the `airflow2` namespace:
```bash
# Create Namespace
NAMESPACE=airflow2
kubectl create namespace $NAMESPACE
```
However, subsequent instructions to retrieve the Airflow web container are using the `airflow` namespace:
```bash
# Get Airflow web container
AIRFLOW_WEB_CONTAINER=$(kubectl get pod -n airflow | grep "web" | cut -f 1 -d " ")
```
```
$ AIRFLOW_WEB_CONTAINER=$(kubectl get pod -n airflow | grep "web" | cut -f 1 -d " ")
No resources found in airflow namespace.
```
**Expected Behavior:**
The instructions should be consistent, with both referring to the same Kubernetes namespace.
**Actual Behavior:**
There's an inconsistency between setup instructions and the container retrieval instructions in terms of the namespace used.
**Steps to Reproduce:**
1. Follow the provided instructions to set up Airflow.
2. Attempt to retrieve the Airflow web container using the given command.
3. Observe the mismatch in namespace usage.
**Suggested Fix:**
Update the container retrieval instructions to use the `airflow2` namespace:
```bash
# Get Airflow web container
AIRFLOW_WEB_CONTAINER=$(kubectl get pod -n airflow2 | grep "web" | cut -f 1 -d " ")
```https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/26[ADR] Metadata deletion service in SDMS2023-08-24T14:54:45ZKonstantin Gukov[ADR] Metadata deletion service in SDMS# Status
* [x] Initiated
* [x] Proposed
* [ ] Under Review
* [ ] Approved
* [ ] Rejected
# Problem statement
SDMS needs a way to delete millions of datasets (including metadata and files). A single delete operation can include up to 5...# Status
* [x] Initiated
* [x] Proposed
* [ ] Under Review
* [ ] Approved
* [ ] Rejected
# Problem statement
SDMS needs a way to delete millions of datasets (including metadata and files). A single delete operation can include up to 50 million datasets and last multiple hours or even days.
The implementation of this bulk-delete operation is CSP-specific. For Azure, we need to delete metadata from CosmosDB and files from the BlobStorage.
# Proposed Solution
- Delegate deletion to the new **metadata deletion service**;
- Develop the metadata deletion service in the same .NET solution as the SDMS Sidecar, and similarly dockerize it.
- Deploy it to the same k8s cluster as SDMS API;
- Let the SDMS API and the metadata deletion service communicate via Redis:
- send deletion tasks as messages in a Redis list;
- track deletion job status in a Redis hash;
- Store the task queue and the deletion statuses in the same Redis instance that is currently used by SDMS API for creating metadata locks.
Related ADR in SDMS repo: https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/107
# Sequence diagrams
Performing deletion:
![deletion_diagram_osdu](/uploads/fc9f6b87f205919e2f80f6c19a8e02e9/deletion_diagram_osdu.png)
Keeping track of the deletion job progress:
![deletion_status_diagram](/uploads/acda6e046f848d5c57e30d6fd0248594/deletion_status_diagram.png)
# Rationale
## Reusing the same Redis instance that is currently used for the locks
This Redis is already provisioned and is immediately available to use.
We expect to consume almost no extra capacity in this Redis instance, because the bulk delete operations are infrequent.
Ballpark: creating ~10 small documents per day.
The new service will, however, regularly update the status of the job in Redis. These are atomic updates once a few seconds.
It shouldn't be
If, however, the separation of concerns is desirable, it will be very simple to migrate to another Redis instance in the future.
## Redis list as the task queue
Redis list can also be used as a [simple message queue](https://redis.com/glossary/redis-queue/),
and Redis is already available in SDMS API.
Ideally, we would use a proper message queue (such as a Service Bus queue) to schedule the bulk deletion jobs.
This would give us retryability and observability of the jobs out of the box.
We will explore this option in the next iterations of the deletion service.Konstantin GukovKonstantin Gukovhttps://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/25Istio version upgrade + health check2023-07-12T21:19:34ZArturo Hernandez [EPAM]Istio version upgrade + health checkIstio will not support newer Kubernetes versions. `1.25` it is the latest one for the Istio version that we currently are recommending to install `1.15`.
[Istio Releases](https://istio.io/latest/docs/releases/supported-releases/)
I wou...Istio will not support newer Kubernetes versions. `1.25` it is the latest one for the Istio version that we currently are recommending to install `1.15`.
[Istio Releases](https://istio.io/latest/docs/releases/supported-releases/)
I would recommend to start thinking about this upgrade, normally it is better to do it sooner rather than later.
The recommended Istio version would be **`1.18.x`**
Additionally we are still using some default pod to measure api gateway health check, MSFT team suggested to get rid of that as it is single point of failure for appgw, all services will be unavailable if default pod it is unavailable.
Recommended approach would be to redirect to the Istio gateway health-check, Istio gateway it is configured to scale automatically, meaning that if this health check fails, most likely Istio failed and this is an accurate health check.
cc. @lucynliu @nursheikh
Let me know if we can start working on this and donate this to community.Arturo Hernandez [EPAM]Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/24Airflow2 old apiResource not compatible with AKS 1.252023-06-19T22:27:58ZArturo Hernandez [EPAM]Airflow2 old apiResource not compatible with AKS 1.25Helm chart for airflow2 installation contains
[apiVersion: policy/v1beta1](https://github.com/airflow-helm/charts/blob/airflow-8.5.2/charts/airflow/templates/webserver/webserver-pdb.yaml#LL1C1-L1C1)
```yaml
apiVersion: policy/v1beta1 #...Helm chart for airflow2 installation contains
[apiVersion: policy/v1beta1](https://github.com/airflow-helm/charts/blob/airflow-8.5.2/charts/airflow/templates/webserver/webserver-pdb.yaml#LL1C1-L1C1)
```yaml
apiVersion: policy/v1beta1 # << Not existing anymore in AKS 1.25
```
Which it is not compatible with AKS 1.25.
To overcome this issue we can add following specs:
```yaml
airflow:
web:
podDisruptionBudget:
enabled: false
scheduler:
podDisruptionBudget:
enabled: false
workers:
podDisruptionBudget:
enabled: false
```
We can either add this in the documentation to overcome this issue or upgrade community airflow2 helm chart to a recent one [Recommended airflow-8.7.1](https://github.com/airflow-helm/charts/tree/airflow-8.7.1).
Or we can just change this apiVersion inside the tar file (easier option).
cc. @lucynliuArturo Hernandez [EPAM]Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/22Coupling Reservoir DDMS to all OSDU services2023-03-09T13:11:16ZFabien BosquetCoupling Reservoir DDMS to all OSDU servicesThe current OSDU deployment on Azure is not fully connected to to the entitlement ans storage service of OSDU.
To be fully complient the RDDMS open-etp-server should be satrted with the authZ delegated to OSDU.The current OSDU deployment on Azure is not fully connected to to the entitlement ans storage service of OSDU.
To be fully complient the RDDMS open-etp-server should be satrted with the authZ delegated to OSDU.M16 - Release 0.19https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/7Error installing Helm Chart for OSDU on Azure Airflow2021-11-24T08:30:02ZSergey ZemskovError installing Helm Chart for OSDU on Azure AirflowIt looks like commands in `yaml` is deprecated
After running this command `helm install airflow osdu-airflow -n $NAMESPACE -f osdu_airflow_custom_values.yaml` I get error:
```
W1123 16:50:24.601955 9797 warnings.go:70] rbac.authoriza...It looks like commands in `yaml` is deprecated
After running this command `helm install airflow osdu-airflow -n $NAMESPACE -f osdu_airflow_custom_values.yaml` I get error:
```
W1123 16:50:24.601955 9797 warnings.go:70] rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
W1123 16:50:24.769256 9797 warnings.go:70] rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
W1123 16:50:26.277249 9797 warnings.go:70] extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
W1123 16:50:28.803284 9797 warnings.go:70] rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
W1123 16:50:28.971781 9797 warnings.go:70] rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
W1123 16:50:29.706011 9797 warnings.go:70] extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Error: failed post-install: timed out waiting for the condition
```https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/5Updating Python SDK version for Airflow2021-09-07T10:07:17Zharshit aggarwalUpdating Python SDK version for AirflowIn this MR https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/merge_requests/76 we have upgraded the python sdk version used in Airflow Charts and also added a new dependency from [osdu-airflow-li...In this MR https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/merge_requests/76 we have upgraded the python sdk version used in Airflow Charts and also added a new dependency from [osdu-airflow-lib](https://community.opengroup.org/osdu/platform/data-flow/ingestion/osdu-airflow-lib)
The MR for change in Infra Repo is also merged
https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/merge_requests/475https://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/3SDMS Swagger URL Does Not Work2021-06-16T14:36:22ZJasonSDMS Swagger URL Does Not WorkThe Istio auth policy for SDMS is misconfigured such that the Swagger is not publicly accessible. Trying to access the Swagger URL at `https://${DNS_NAME}/seistore-svc/api/v3/swagger-ui.html/` will result in an "RBAC Access Denied" messa...The Istio auth policy for SDMS is misconfigured such that the Swagger is not publicly accessible. Trying to access the Swagger URL at `https://${DNS_NAME}/seistore-svc/api/v3/swagger-ui.html/` will result in an "RBAC Access Denied" message because the Istio policy has not whitelisted this endpoint.Release 0.8.0JasonJasonhttps://community.opengroup.org/osdu/platform/deployment-and-operations/helm-charts-azure/-/issues/2Incorrect chart for Policy Service2021-05-18T10:15:50ZAnkit Sharma [Microsoft]Incorrect chart for Policy ServiceCharts for policy service needs to be fixed.
It will install OPA but not policy service.Charts for policy service needs to be fixed.
It will install OPA but not policy service.Ankit Sharma [Microsoft]Ankit Sharma [Microsoft]