Merge branch 'aws-integration' into 'master'

Adding Scaling to AWS OPA Deployment See merge request !237

Merge branch 'aws-integration' into 'master'
e2513aea · Marc Burnie [AWS] · a67135ad · 2be06757 · e2513aea · e2513aea
Commit e2513aea authored 2 years ago by Marc Burnie [AWS]
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,7 +3,7 @@ variables:
  PYTHONPATH: app
  PYTEST_DIR: app/tests/unit

-  AWS_BUILD_SUBDIR: app
+  AWS_BUILD_SUBDIR: build/aws/build-aws
  # AWS_TEST_SUBDIR: testing/storage-test-aws
  AWS_SERVICE: policy
  AWS_SERVICE_NAMESPACE: osdu-services

--- a/NOTICE
+++ b/NOTICE
@@ -74,7 +74,7 @@ The following software have components provided under the terms of this license:
 - protobuf (from https://developers.google.com/protocol-buffers/)
 - pycparser (from https://github.com/eliben/pycparser)
 - pyparsing (from http://pyparsing.wikispaces.com/)
- pyrsistent (from http://github.com/tobgu/pyrsistent/)
+- pyrsistent (from http://github.com/tobgu/pyrsistent/, https://github.com/tobgu/pyrsistent/)
 - python-dateutil (from https://github.com/dateutil/dateutil)
 - sniffio (from https://github.com/python-trio/sniffio)
 - starlette (from https://github.com/encode/starlette, https://pypi.org/project/starlette/0.21.0/)
@@ -162,7 +162,7 @@ The following software have components provided under the terms of this license:
 - coverage (from https://github.com/nedbat/coveragepy)
 - ecdsa (from http://github.com/tlsfuzzer/python-ecdsa)
 - exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.0/, https://pypi.org/project/exceptiongroup/1.0.0rc9/)
- fastapi (from https://pypi.org/project/fastapi/0.85.0/, https://pypi.org/project/fastapi/0.85.1/)
+- fastapi (from https://pypi.org/project/fastapi/0.85.0/, https://pypi.org/project/fastapi/0.85.1/, https://pypi.org/project/fastapi/0.85.2/)
 - h11
 - humanfriendly (from https://humanfriendly.readthedocs.io)
 - iniconfig (from http://github.com/RonnyPfannschmidt/iniconfig)
@@ -176,7 +176,7 @@ The following software have components provided under the terms of this license:
 - py (from https://py.readthedocs.io/)
 - pydantic (from https://github.com/pydantic/pydantic, https://github.com/samuelcolvin/pydantic)
 - pyparsing (from http://pyparsing.wikispaces.com/)
- pyrsistent (from http://github.com/tobgu/pyrsistent/)
+- pyrsistent (from http://github.com/tobgu/pyrsistent/, https://github.com/tobgu/pyrsistent/)
 - pytest (from http://pytest.org, https://docs.pytest.org/en/latest/)
 - pytest-cov (from https://github.com/pytest-dev/pytest-cov)
 - pytest-httpx (from https://colin-b.github.io/pytest_httpx/)

--- a/build/aws/build-aws/Dockerfile
+++ b/build/aws/build-aws/Dockerfile
 # This Dockerfile assumes you used "make build" to convert the AdminUI to static files in frontend/adminui/dist/policyservice
-FROM python:3.9-slim-buster
+FROM public.ecr.aws/docker/library/python:3.9-slim-buster

 # set environment variables
 # PYTHONDONTWRITEBYTECODE - Prevents Python from writing pyc files to disc (equivalent to python -B option)
 ENV PYTHONDONTWRITEBYTECODE 1
 # PYTHONUNBUFFERED - Prevents Python from buffering stdout and stderr (equivalent to python -u option)
 ENV PYTHONUNBUFFERED 1
+EXPOSE 8080/tcp

 WORKDIR /opt
 COPY ./app /opt

--- a/build/aws/build-aws/buildspec.yaml
+++ b/build/aws/build-aws/buildspec.yaml
@@ -22,23 +22,26 @@ env:
    DOCKER_PASSWORD: /osdu/devops/docker_credentials:password
 phases:
  install:
+    runtime-versions:
+      nodejs: 12
    commands:
     - if [ $(echo $CODEBUILD_SOURCE_VERSION | grep -c  ^refs/heads.*) -eq 1 ]; then echo "Branch name found"; else echo "This build only supports branch builds" && exit 1; fi
     - apt-get update -y
     # Install git secrets
+     #TODO temporarily adding hotfix, due to https://github.com/awslabs/git-secrets/issues/220
+     - export SAY_LOCATION=`ln -s "$(which echo)" say`
+     - export PATH="$PATH:$SAY_LOCATION"
+
     - git clone https://github.com/awslabs/git-secrets.git
     - cd git-secrets && make install && cd ..
     - git secrets --install && git secrets --register-aws
     - npm cache clean -f
-     - n stable
     - npm --version
+     - n 16
     - npm install -g @angular/cli
-  pre_build:
-    commands:
-      - echo "Logging in to Amazon ECR..."
-      - $(aws ecr get-login --no-include-email --region $AWS_REGION) # authenticate with ECR via the AWS CLI
  build:
    commands:
+      - export AWS_ACCOUNT_ID=`aws sts get-caller-identity --query Account --output text`
      - export REPO_NAME=${PWD##*/}
      - export OUTPUT_DIR="dist"
      - export BRANCH_NAME=`echo ${CODEBUILD_SOURCE_VERSION} | awk '{gsub("refs/heads/","");gsub("\\.","-");gsub("[[:space:]]","-")}1' | sed 's/\//-/g' | awk '{print tolower($0)}'`
@@ -57,7 +60,7 @@ phases:
      - printenv

      - cd app
-      - make build
+      - make build_adminui
      - cd ..

      - GIT_SECRETS_SCAN_RESULT=$(git secrets --scan 2> ${OUTPUT_DIR}/git_secrets.out.txt && echo OK || echo FAILED)
@@ -69,10 +72,10 @@ phases:
      - echo "--Copying Helm Charts to ${OUTPUT_DIR:-dist}--"
      - rsync -r devops/aws/* "${OUTPUT_DIR:-dist}"

-      - echo "Logging into Docker Hub..."
-      - docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
+      - echo "Logging in to Amazon ECR..."
+      - aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com # authenticate with ECR via the AWS CLI
      - echo "Building docker image..."
-      - docker build -f app/Dockerfile -t ${ECR_IMAGE} .
+      - docker build -f build/aws/build-aws/Dockerfile -t ${ECR_IMAGE} .
      - docker tag  ${ECR_IMAGE} ${ECR_IMAGE_BRANCH_LATEST}
      - echo "Pushing docker image..."
      - docker push ${ECR_IMAGE}

--- a/devops/aws/opa/templates/scaledobject.yaml
+++ b/devops/aws/opa/templates/scaledobject.yaml
+{{- template "common.scaledobject" (list . "os-entitlements.scaledobject") -}}
+{{- define "os-entitlements.scaledobject" -}}
+## Define overrides for the service's scaled object resource here
+{{- end -}}
\ No newline at end of file
--- a/devops/aws/opa/values.yaml
+++ b/devops/aws/opa/values.yaml
@@ -20,13 +20,21 @@ podAnnotations:
  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"

 # Resource Config
-replicaCount: 2
+maxConnections: 200
+replicaCount: 1
 resources:
  limits:
    memory: 200M
  requests:
    cpu: 500m
    memory: 100M
+autoscaling:
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 90
+  coolDownPeriod: 120
+  ServiceRequestCountThreshold: 25
+  ServiceRequestDurationAverage: 500

 # Security Config
 serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/osdu-{{ .Values.global.resourcePrefix }}-{{ .Values.global.region }}-{{ include "common.name" . }}