Feature/101 create clustered deployment (#105)

* added cosmos-based transfer process store

* added barebones cosmos-db-based transferprocess store

* fixed GH actions config error

* fixed missing line breaks

* fixed serialization problems with TransferProcesses

* made DataEntry non-generic

* fixed i-tests

* added more tests for the CosmosDbStore

* re-enabled terraform plan

* re-enabled terraform plan

* really reenabled...

* disabled wronly enabled test

* replaced nextForState with a transfaction-safe storedProcedure

* removed explicit lock/unlock feature

* only run test in CI

* fixed terraform format, removed secret

* same connector should be able to renew the lease

* deploy the connector instance only after the storage account is ready

* code cosmetics

* try to run terraform after docker images are built

* removed branch restriction

* disabled azure vault tests

* removed commented code

* reenabled terraform

* re-enabled taint and apply steps on pushes on main

* added lease/break-lease behaviour to all modifying calls

* code cleanup. added a retry policy that retries after request throttling

* added unique connectorId to the lease mechanism

* fixed CI switch

* PR updates

* created a simple kubernetes yaml to deploy the connector

* create AKS cluster for the connector

* deploy the connector using a load balancer

* deploy app and ingress controller via K8s manifest

* ingress is now provisioned with TF

* deploy connector app via TF

* replaced single-instance connector deployment with clustered deployment

* moved config for the certificate storage to variables

Co-authored-by: Paul Latzelsperger <[email protected]>

Author: paullatzelsperger

integration/integration-core/src/test/java/ClientRunner.java

@@ -39,7 +39,7 @@
 @ExtendWith(DagxExtension.class)
 @Disabled
 public class ClientRunner {
-    private static final String PROVIDER_CONNECTOR = "http://dev-dagx.westeurope.azurecontainer.io:8181";
+    private static final String PROVIDER_CONNECTOR = "http://dev-connector.westeurope.cloudapp.azure.com/";
     private static final TokenResult US_TOKEN = TokenResult.Builder.newInstance().token("mock-us").build();
     private static final TokenResult EU_TOKEN = TokenResult.Builder.newInstance().token("mock-eu").build();
     private static final DataEntry EU_ARTIFACT = DataEntry.Builder.newInstance().id("test123").build();

scripts/aks-cluster/main.tf

@@ -21,7 +21,7 @@ resource "azurerm_resource_group" "clusterrg" {
 resource "azurerm_public_ip" "aks-cluster-public-ip" {
   resource_group_name = azurerm_kubernetes_cluster.default.node_resource_group
   location            = azurerm_resource_group.clusterrg.location
-  domain_name_label   = var.dns
+  domain_name_label   = var.dnsPrefix
   allocation_method   = "Static"
   name                = "dagxPublicIp"
   sku                 = "Standard"

scripts/aks-cluster/variables.tf

@@ -1,4 +1,3 @@
-
 variable "kubernetes_version" {
   default = "1.19"
 }
@@ -11,6 +10,6 @@ variable "location" {
   type = string
 }
 
-variable "dns" {
-  type=string
+variable "dnsPrefix" {
+  type = string
 }

scripts/connector-deployment/connector-ingress.tf

@@ -0,0 +1,81 @@
+//resource "tls_private_key" "connector-ingress-pk" {
+//  algorithm = "ECDSA"
+//}
+//
+//resource "tls_self_signed_cert" "connector-ingress-cert" {
+//  allowed_uses = [
+//    "server_auth",
+//    "digital_signature"
+//  ]
+//  key_algorithm         = tls_private_key.connector-ingress-pk.algorithm
+//  private_key_pem       = tls_private_key.connector-ingress-pk.private_key_pem
+//  validity_period_hours = 72
+//  early_renewal_hours   = 12
+//  subject {
+//    common_name  = var.public-ip.fqdn
+//    organization = "Gaia-X Data Appliance"
+//  }
+//  dns_names = [
+//    var.public-ip.fqdn]
+//}
+//
+//resource "kubernetes_secret" "connector-ingress-secret" {
+//  metadata {
+//    namespace = kubernetes_namespace.connector.metadata[0].name
+//    name      = var.connector_ingress_cert_name
+//  }
+//  data = {
+//    "tls.crt" = tls_private_key.connector-ingress-pk.public_key_pem
+//    "tls.key" = tls_private_key.connector-ingress-pk.private_key_pem
+//  }
+//}
+//
+resource "kubernetes_ingress" "connector-ingress-route" {
+  metadata {
+    name      = "connector-ingress"
+    namespace = kubernetes_namespace.connector.metadata[0].name
+    annotations = {
+      "kubernetes.io/ingress.class": "nginx"
+      "nginx.ingress.kubernetes.io/ssl-redirect" : "false"
+      "nginx.ingress.kubernetes.io/use-regex" : "true"
+      "nginx.ingress.kubernetes.io/rewrite-target" : "/$1"
+    }
+  }
+  spec {
+    rule {
+      http {
+        path {
+          path = "/(.*)"
+          backend {
+            service_name = var.connector_service_name
+            service_port = 8181
+          }
+        }
+      }
+    }
+//    tls {
+//      hosts       = [var.public-ip.fqdn]
+//      secret_name = kubernetes_secret.connector-ingress-secret.metadata[0].name
+//    }
+  }
+}
+
+resource "helm_release" "ingress-controller" {
+  chart      = "ingress-nginx"
+  name       = "connector-ingress-controller"
+  namespace  = kubernetes_namespace.connector.metadata[0].name
+  repository = "https://kubernetes.github.io/ingress-nginx"
+
+  set {
+    name  = "controller.replicaCount"
+    value = "1"
+  }
+  set {
+    name  = "controller.service.loadBalancerIP"
+    value = var.public-ip.ip_address
+  }
+  set {
+    name  = "controller.service.annotations.service.beta.kubernetes.io/azure-dns-label-name"
+    value = var.public-ip.domain_name_label
+  }
+}

scripts/connector-deployment/main.tf

@@ -0,0 +1,144 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+      version = ">= 2.62.1"
+    }
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = ">= 2.0.3"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.1.0"
+    }
+    tls = {
+
+    }
+  }
+}
+
+resource "tls_private_key" "connector-ingress-key" {
+  algorithm = "ECDSA"
+}
+
+resource "kubernetes_namespace" "connector" {
+  metadata {
+    name = "${var.resourcesuffix}-cons"
+  }
+}
+
+resource "local_file" "kubeconfig" {
+  content = var.kubeconfig
+  filename = "${path.root}/kubeconfig"
+}
+
+resource "kubernetes_secret" "connector-cert-secret" {
+  metadata {
+    name = "blobstore-key"
+    namespace = kubernetes_namespace.connector.metadata[0].name
+  }
+  type = "Opaque"
+  data = {
+    azurestorageaccountname = var.certificate_mount_config.accountName
+    azurestorageaccountkey = var.certificate_mount_config.accountKey
+  }
+}
+
+resource "kubernetes_deployment" "connector-deployment" {
+  metadata {
+    name = var.connector_service_name
+    namespace = kubernetes_namespace.connector.id
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        app: var.connector_service_name
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app: var.connector_service_name
+        }
+      }
+      spec {
+        container {
+          name = "connector"
+          image = "ghcr.io/microsoft/data-appliance-gx/dagx-demo:latest"
+          image_pull_policy = "Always"
+          env {
+            name = "CLIENTID"
+            value = var.container_environment.clientId
+          }
+          env {
+            name = "TENANTID"
+            value = var.container_environment.tenantId
+          }
+          env {
+            name = "VAULTNAME"
+            value = var.container_environment.vaultName
+          }
+          env {
+            name = "ATLAS_URL"
+            value = var.container_environment.atlasUrl
+          }
+          env {
+            name = "NIFI_URL"
+            value = var.container_environment.nifiUrl
+          }
+          env {
+            name = "NIFI_FLOW_URL"
+            value = var.container_environment.nifiFlowUrl
+          }
+          env {
+            name = "COSMOS_ACCOUNT"
+            value = var.container_environment.cosmosAccount
+          }
+          env {
+            name = "COSMOS_DB"
+            value = var.container_environment.cosmosDb
+          }
+          port {
+            container_port = 8181
+            host_port = 8181
+            protocol = "TCP"
+          }
+          volume_mount {
+            mount_path = "/cert"
+            name = "certificates"
+            read_only = true
+          }
+        }
+        volume {
+          name = "certificates"
+          azure_file {
+            secret_name = kubernetes_secret.connector-cert-secret.metadata[0].name
+            share_name = "certificates"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "connector-cluster-ip" {
+  metadata {
+    name = var.connector_service_name
+    namespace = kubernetes_namespace.connector.id
+  }
+  spec {
+    type = "ClusterIP"
+    port {
+      port = 8181
+    }
+    selector = {
+      app: var.connector_service_name
+    }
+  }
+}
+
+output "connector-cluster-namespace" {
+  value = kubernetes_namespace.connector.metadata[0].name
+}

scripts/connector-deployment/variables.tf

@@ -0,0 +1,62 @@
+variable "kubernetes-namespace" {
+  description = "The namespace for the kubernetes deployment"
+  default = "dagx"
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+variable "kubeconfig" {
+  type = string
+}
+
+variable "resourcesuffix" {
+  type = string
+}
+
+variable "location" {
+  type = string
+  default = "westeurope"
+}
+
+variable "tenant_id" {
+  type = string
+}
+
+variable "connector_service_name" {
+  type = string
+  default = "connector-demo"
+}
+
+variable "connector_ingress_cert_name" {
+  default = "connector-ingress-tls"
+}
+variable "container_environment" {
+  type = object({
+    clientId = string
+    tenantId = string
+    vaultName = string
+    atlasUrl = string
+    nifiUrl = string
+    nifiFlowUrl = string
+    cosmosAccount = string
+    cosmosDb = string
+  })
+}
+
+variable "certificate_mount_config"{
+  type = object({
+    accountName = string
+    accountKey  = string
+  })
+  
+}
+
+variable "public-ip" {
+  type = object({
+    ip_address = string
+    fqdn = string
+    domain_name_label = string
+  })
+}