Mrc-4908 k8s setup #1
Conversation
README.md
Outdated
|
|
||
| ### Prerequisites | ||
|
|
||
| A production kubernetes cluster using k3s is needed to be setup first. To setup a k8s cluster follow the guide [here](https://mrc-ide.myjetbrains.com/youtrack/articles/RESIDE-A-31/Setting-up-Kubernetes-k8s-Cluster). Note: If using dev cluster (KIND), the storageClassName: local-path & longhorn is unavailable and you will need to provision own storage class and persistant volume. |
There was a problem hiding this comment.
What does the recommended setup look like for developing this locally? or on a staging machine (separate from the shiny staging, which is really for the users)? Do we need a second cluster somewhere that we use?
There was a problem hiding this comment.
the link shows the dev and prod setup and they both can be used locally... for staging, we can use the same cluster and just do another deployment and rename the deployment to something else... But if you wanted a seperate machine for just staging spinning up another cluster might be easiest
k8s/base/deployment.yaml
Outdated
| mountPath: /shiny | ||
| containers: | ||
| - name: shiny | ||
| image: absternator/shiny-server:dev # todo: change to actual one!!! mrcide- |
There was a problem hiding this comment.
What changes did you make here? Can we get the image build script/Dockerfile here and building on BK?
There was a problem hiding this comment.
I just changed the image so it has an image to pull from the docker hub... i can add the docker build & push step to the startup script? is that you want? ps.. sorry whats BK?
There was a problem hiding this comment.
BK=BuildKite, where we have some non-gha CI builds running,
k8s/base/deployment.yaml
Outdated
| volumeMounts: | ||
| - name: shiny-data | ||
| mountPath: /shiny | ||
| # todo: create appropriate resource requests and limits |
There was a problem hiding this comment.
What is the consequence of these limits? Are they speculative (affecting scheduling) or caps (meaning the scheduler kills processes that exceed them)?
There was a problem hiding this comment.
Have updated comments but i think usually requests are set or nothing is fine most of the time ... the most common is to set up requests so that each pod has allocated specific resources before being scheduled...
| annotations: | ||
| nginx.ingress.kubernetes.io/affinity: "cookie" | ||
| nginx.ingress.kubernetes.io/session-cookie-name: "shinycookie" | ||
| nginx.ingress.kubernetes.io/session-cookie-expires: "172800" |
There was a problem hiding this comment.
Is this in seconds? 48 hours? Seems reasonable
There was a problem hiding this comment.
yup in seconds... 48 hours
README.md
Outdated
| @@ -33,7 +33,7 @@ Some applications (copied over from the original deployment are in `apps`). Thes | |||
|
|
|||
| ## Bringing the bits up | |||
|
|
|||
| ``` | |||
| ```bash | |||
There was a problem hiding this comment.
Suggest you remove the docker instructions and the haproxy/httpd bits entirely
k8s/krsync
Outdated
| @@ -0,0 +1,26 @@ | |||
| #!/usr/bin/env bash | |||
|
|
|||
There was a problem hiding this comment.
I suggest some hardening of your bash scripts (basically any time you write one). In general we end up with:
set -eu
which will cause the script to fail if any line errors or if you reference an undefined variable.
k8s/krsync
Outdated
| shift | ||
| fi | ||
|
|
||
| # customise this to cluster needs!! |
There was a problem hiding this comment.
What sort of customisation is expected here?
There was a problem hiding this comment.
loose comment when i first did have now removed
| @@ -0,0 +1,12 @@ | |||
| apiVersion: kustomize.config.k8s.io/v1beta1 | |||
| kind: Kustomization | |||
| @@ -0,0 +1,12 @@ | |||
| apiVersion: kustomize.config.k8s.io/v1beta1 | |||
There was a problem hiding this comment.
We probably will need a name for what the users think of staging that won't confuse us - preview or testing perhaps?
There was a problem hiding this comment.
have changed naming to testing... because you are right we dont have a specific staging k8s cluster
| @@ -0,0 +1,11 @@ | |||
| #!/usr/bin/env bash | |||
There was a problem hiding this comment.
So this is just a temporary thing until we have the management bit working?
There was a problem hiding this comment.
yup temporary until we sort the management side
There was a problem hiding this comment.
Haven't tried running this up, will do so tomorrow, just a couple of initial questions, and typos.
Can we make a gha to test this cluster? Something like here?
What's the implication for haproxy of Ingress doing the load balancing and sticky cookies? Do we even still need haproxy? Or do we keep it as the entry point to the system from httpd?
README.md
Outdated
|
|
||
| ### apache | ||
| The following is guide to run the shiny server in kubernetes. They are based on running a Kind cluster. The configuration may | ||
| nee to be adjusted for other k8s clusters. |
There was a problem hiding this comment.
| nee to be adjusted for other k8s clusters. | |
| need to be adjusted for other k8s clusters. |
README.md
Outdated
|
|
||
| ### haproxy | ||
| A production kubernetes cluster using k3s is needed to be setup first. To setup a k8s cluster follow the guide [here](https://mrc-ide.myjetbrains.com/youtrack/articles/RESIDE-A-31/Setting-up-Kubernetes-k8s-Cluster). Note: If using dev cluster (KIND), the storageClassName: local-path & longhorn is unavailable and you will need to provision own storage class and persistant volume. |
There was a problem hiding this comment.
| A production kubernetes cluster using k3s is needed to be setup first. To setup a k8s cluster follow the guide [here](https://mrc-ide.myjetbrains.com/youtrack/articles/RESIDE-A-31/Setting-up-Kubernetes-k8s-Cluster). Note: If using dev cluster (KIND), the storageClassName: local-path & longhorn is unavailable and you will need to provision own storage class and persistant volume. | |
| A production kubernetes cluster using k8s is needed to be setup first. To setup a k8s cluster follow the guide [here](https://mrc-ide.myjetbrains.com/youtrack/articles/RESIDE-A-31/Setting-up-Kubernetes-k8s-Cluster). Note: If using dev cluster (KIND), the storageClassName: local-path & longhorn is unavailable and you will need to provision own storage class and persistent volume. |
README.md
Outdated
|
|
||
| Build the image with `./haproxy/build` which builds `mrcide/haproxy` with a configuration that can be seen in [`haproxy/haproxy.cfg`](haproxy/haproxy.cfg) and some utilities which enable some degree of dynamic scaling of shiny servers. | ||
| Run `start-k8s-shiny <env>` to run the shint server in k8s. |
There was a problem hiding this comment.
| Run `start-k8s-shiny <env>` to run the shint server in k8s. | |
| Run `./start-k8s-shiny <env>` to run the shiny server in k8s. |
k8s/base/ingress.yaml
Outdated
| ingressClassName: nginx | ||
| tls: | ||
| - hosts: | ||
| - shiny-dev.dide.ic.ac.uk |
There was a problem hiding this comment.
So we'll need to update this setting for prod, and for running locally?
k8s/base/kustomization.yaml
Outdated
| namespace: twinkle # assume this namespace exists | ||
|
|
||
| resources: | ||
| - persistance.yaml |
There was a problem hiding this comment.
| - persistance.yaml | |
| - persistence.yaml |
README.md
Outdated
|
|
||
| ### haproxy | ||
| A production kubernetes cluster using k3s is needed to be setup first. To setup a k8s cluster follow the guide [here](https://mrc-ide.myjetbrains.com/youtrack/articles/RESIDE-A-31/Setting-up-Kubernetes-k8s-Cluster). Note: If using dev cluster (KIND), the storageClassName: local-path & longhorn is unavailable and you will need to provision own storage class and persistant volume. |
There was a problem hiding this comment.
storageClassName: local-path & longhorn is unavailable and you will need to provision own storage class and persistant volume.
Sorry, don't really understand this. Why aren't these available? You talk about using local-path below, in persistance.yaml.
There was a problem hiding this comment.
have updated to avoid confusion
k8s/base/deployment.yaml
Outdated
| mountPath: /shiny | ||
| containers: | ||
| - name: shiny | ||
| image: absternator/shiny-server:dev # todo: change to actual one!!! mrcide- |
There was a problem hiding this comment.
BK=BuildKite, where we have some non-gha CI builds running,
|
@EmmaLRussell have added GHA to add shiny server image to build and push... also removed haproxy and apache server and fixed typos.. will seee the testing stuff as linked for testing cluster in another PR...as this needs more thought around what really needs to be tested |
This PR is the k8s version of setting up and running the shiny server. Follow the readme kubernetes section to set up if wanted. The current shiny server can be reached on https://shiny-dev.dide.ic.ac.uk/ (must be in dide network)
The following is done in this PR: