Skip to content

DEPLOYMENT.md

Latest commit

 

History

History
66 lines (47 loc) · 2.88 KB

DEPLOYMENT.md

File metadata and controls

66 lines (47 loc) · 2.88 KB

TLM Deployment Guide

Requirements

  • Terraform CLI 
    brew install terraform
  • Azure CLI 
    brew install azure-cli
  • Helm 
    brew install helm
  • Azure account in Cleanlab's tenant
    • ask Kelsey if you need to be invited
  • Minimum required Azure role assignments:
    • Reader on the OpenAI service resource group tlm-staging-rg
    • Storage Blob Data Reader on the tlmtfstate storage account

Below are optional Azure roles to request on the Production subscription. Ask Kelsey if you want permissions.

  • Reader for global read access
  • Azure Kubernetes Service Contributor for access to live/historical container logs, kubectl usage, and more

Initial Setup

Import the existing resources to Terraform:

cd deploy/terraform/azure/app

cp staging.tfvars.example staging.tfvars

terraform import -var-file="staging.tfvars" 'module.app.azurerm_role_assignment.openai_identity_sa' "/subscriptions/a47bf188-5236-4db5-bde5-16655f9d07ec/resourceGroups/tlm-staging-rg/providers/Microsoft.CognitiveServices/accounts/tlm-openai/providers/Microsoft.Authorization/roleAssignments/5c088622-3f50-84c7-e52e-09d253ed0325"

terraform import -var-file="staging.tfvars" 'module.app.helm_release.this' tlm/tlm

Deploying to Azure staging environment

Follow these instructions to deploy TLM app changes through CLI. Note that after merging to main, you must wait for the Release TLM App / build-push-chat-backend-acr step to finish before starting the deployment process.

  1. Run az login and select the Production subscription

  2. Change your working directory: cd deploy/terraform/azure/app

  3. Set up your Terraform variables:

    • If this is your first time deploying, cp staging.tfvars.example staging.tfvars
    • Modify the .tfvars file by setting app_image_tag to the Git commit SHA that you want to deploy

  4. terraform init

  5. terraform plan -var-file="staging.tfvars" -out=tfplan.plan

    The plan should be 0 to add, 1 to change, 0 to destroy. It will only include modifying the Helm release resource module.app.helm_release.this to update the chat_backend.image.tag, plus modifying some metadata. If anything else is included in the plan, check that your branch has the latest version of the Terraform script, or reach out in #azure.

  6. If the plan looks good, apply the changes by running terraform apply tfplan.plan.

    Note that this will NOT prompt you to confirm the changes because they were already saved by the planning step, so be careful!

Debugging

If you encounter permission issues (4xx status codes) when running any of the terraform commands, try unsetting the ARM_* environment variables. These can interfere with Azure-related authentication when managing resources.

unset ARM_CLIENT_ID ARM_CLIENT_SECRET ARM_TENANT_ID ARM_SUBSCRIPTION_ID