From 5be8b24d30886801ea31eb135f70fb85c76bffff Mon Sep 17 00:00:00 2001 From: Jusong Yu Date: Tue, 13 Feb 2024 10:46:22 +0100 Subject: [PATCH] az deploy CI 01 --- .github/workflows/deploy-to-aks.yml | 64 +++++++++++++++++++++++++++++ README.md | 20 ++++++++- 2 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/deploy-to-aks.yml diff --git a/.github/workflows/deploy-to-aks.yml b/.github/workflows/deploy-to-aks.yml new file mode 100644 index 0000000..758584d --- /dev/null +++ b/.github/workflows/deploy-to-aks.yml @@ -0,0 +1,64 @@ +--- +name: Deploy to AKS + +on: + push: + branches: + - main + +# OIDC token being allowed be generated +permissions: + id-token: write + contents: read + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + environment: production + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Azure Login + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Setup kubectl + uses: azure/setup-kubectl@v3 + with: + version: 'latest' + + - name: Setup Helm + uses: azure/setup-helm@v3 + with: + version: 'latest' + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Install tool for rendering templates + run: | + python3 -m pip install -r requirements.txt + + - name: Render values.yaml + run: | + jinja2 --format=env basehub/values.yaml.j2 > basehub/values.yaml + env: + OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }} + OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }} + OAUTH_CALLBACK_URL: ${{ secrets.OAUTH_CALLBACK_URL }} + + - name: Update values.yaml + + - name: Connect to AKS + run: az aks get-credentials --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --name ${{ secrets.AZURE_KUBERNETES_CLUSTER }} + + - name: Deploy to AKS + run: | + ./deploy.sh + env: + K8S_NAMESPACE: ${{ vars.K8S_NAMESPACE }} + + - name: Logout of Azure + run: az logout diff --git a/README.md b/README.md index 8a2a5b3..1fb5118 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,12 @@ source k8s-deploy-venv/bin/activate python3 -m pip install -r requirements.txt ``` +Render the `values.yaml` file with the following command: + +```bash +jinja2 --format=env basehub/values.yaml.j2 > basehub/values.yaml +``` + The following environment variables are required to be set: * `K8S_NAMESPACE`: The namespace where the JupyterHub will be installed, e.g. `production`, `staging`. @@ -198,4 +204,16 @@ To deploy the JupyterHub, run the following command: ./deploy.sh ``` -If the namespace does not exist, it will be created. \ No newline at end of file +If the namespace does not exist, it will be created. + + +## For maintainers + +### Automatic CI/CD deployment + +We simply run helm upgrade in CI workflow to deploy the JupyterHub. +The CI workflow requires login to the Azure account, and we use OpenID Connect to authenticate the user. + +Go to the entra.microsoft.com and navigate to the `aiidalab-sp` -> `Certificates & secrets` -> `Fedrated credentials`. Set credentials for the GitHub production and staging environments. + +On the GitHub repository, the secrets are set for `production` and `staging` environments respectively. \ No newline at end of file