Skip to content
This repository has been archived by the owner on Nov 1, 2024. It is now read-only.

[NOTASK] Deploy metabase from the monorepo #421

Merged
merged 11 commits into from
Sep 6, 2024
Merged

[NOTASK] Deploy metabase from the monorepo #421

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
1bba35f
feat(metabase): deploy from the monorepo
paulbes Sep 3, 2024
7eb38c1
chore(gha): new metabase version goes to dev on PR
paulbes Sep 3, 2024
1e9f871
chore(gha): only run deploy on changes to some paths
paulbes Sep 3, 2024
27eac44
chore(gha): also check for changes to vars.yaml
paulbes Sep 3, 2024
1cbd61c
chore(docs): add details on upgrading metabase
paulbes Sep 3, 2024
7edac2b
feat(gha): wait for nada-backend push before metabase deploy
paulbes Sep 3, 2024
7a3dcb2
feat(metabase): bump to version 1.50.23
paulbes Sep 3, 2024
ab67939
chore(bq): update patch for v1.50.24
paulbes Sep 6, 2024
b4fecc6
chore(gha): increa wait-interval to 4 min
paulbes Sep 6, 2024
5e7f69e
fix(integration): strip whitespace from .metabase_version
paulbes Sep 6, 2024
9bb93b7
chore(gha): lets just depend on the whole previous workflow
paulbes Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .github/workflows/build-and-deploy.yml → ...rkflows/build-and-deploy-nada-backend.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ jobs:
path: nada-backend

push:
name: Push backend image
permissions:
contents: write
id-token: write
Expand Down Expand Up @@ -183,7 +184,7 @@ jobs:
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: .nais/dev/nada-backend-config.yaml,.nais/dev/gcp.yaml
RESOURCE: .nais/dev/nada-backend/nada-backend-config.yaml,.nais/dev/nada-backend/gcp.yaml
VAR: image=${{ needs.push.outputs.image }}

deploy-prod:
Expand All @@ -199,5 +200,5 @@ jobs:
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: prod-gcp
RESOURCE: .nais/prod/nada-backend-config.yaml,.nais/prod/gcp.yaml
RESOURCE: .nais/prod/nada-backend/nada-backend-config.yaml,.nais/prod/nada-backend/gcp.yaml
VAR: image=${{ needs.push.outputs.image }}
53 changes: 53 additions & 0 deletions .github/workflows/deploy-metabase.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Deploy metabase

on:
workflow_run:
workflows: [ "Build and Deploy Nada Backend" ]
types:
- completed
branches:
- '*'
paths:
- '.metabase_version'
- '.nais/dev/metabase/**'
- '.nais/prod/metabase/**'
- '.nais/vars.yaml'

permissions:
contents: read
id-token: write

jobs:
deploy-dev:
name: Deploy to NAIS dev
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success'
steps:
- uses: actions/checkout@v4
- name: Read Metabase Version
id: read_metabase_version
run: echo "METABASE_VERSION=$(cat .metabase_version)" >> $GITHUB_ENV
- uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: .nais/dev/metabase/gcp.yaml
VAR: version=${{ env.METABASE_VERSION }}
VARS: .nais/vars.yaml

deploy-prod:
name: Deploy to NAIS prod
runs-on: ubuntu-latest
needs: deploy-dev
if: github.ref == 'refs/heads/main' && github.actor != 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success'
steps:
- uses: actions/checkout@v4
- name: Read Metabase Version
id: read_metabase_version
run: echo "METABASE_VERSION=$(cat .metabase_version)" >> $GITHUB_ENV
- uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: prod-gcp
RESOURCE: .nais/prod/metabase/gcp.yaml
VAR: version=${{ env.METABASE_VERSION }}
VARS: .nais/vars.yaml
TIMEOUT: 15m
2 changes: 1 addition & 1 deletion .metabase_version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.50.21
v1.50.24
94 changes: 94 additions & 0 deletions .nais/dev/metabase/gcp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
apiVersion: nais.io/v1alpha1
kind: Application
metadata:
labels:
team: nada
name: metabase
namespace: nada
annotations:
{{#each annotations}}
{{this.key}}: "{{this.value}}"
{{/each}}
spec:
prometheus:
enabled: true
path: /metrics
port: "9191"
env:
- name: JAVA_OPTS
value: "--XX:MaxRAMPercentage=75.0 -XX:+UseParallelGC -XX:ActiveProcessorCount=2"
- name: MB_PROMETHEUS_SERVER_PORT
value: "9191"
- name: MB_SITE_URL
value: https://metabase.ansatt.dev.nav.no
- name: MB_DB_USER
value: metabasedb
- name: MB_DB_HOST
value: "100.71.0.188"
{{#each envs}}
- name: {{this.name}}
value: "{{this.value}}"
{{/each}}
envFrom:
- secret: metabase
gcp:
sqlInstances:
- name: metabasedb
databases:
- name: metabase
type: POSTGRES_12
tier: db-custom-1-3840
flags:
- name: max_connections
value: "50"
diskAutoresize: true
image: metabase/metabase-enterprise:{{version}}
ingresses:
- https://metabase.ansatt.dev.nav.no
- https://metabase-inside.intern.dev.nav.no
liveness:
path: /api/health
startup:
initialDelay: 40
periodSeconds: 10
failureThreshold: 10
path: /api/health
readiness:
path: /api/health
port: 3000
replicas:
max: 2
min: 1
resources:
limits:
memory: 1536Mi
requests:
cpu: 20m
memory: 1024Mi
accessPolicy:
inbound:
rules:
- application: nada-backend
outbound:
external:
{{#externalhosts}}
- host: "{{ . }}"
{{/externalhosts}}
- host: smtp.adeo.no
ports:
- port: 26
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
return 301 https://metabase.ansatt.dev.nav.no$request_uri;
labels:
team: nada
name: metabase-redirect
namespace: nada
spec:
ingressClassName: nais-ingress
rules:
- host: metabase.intern.dev.nav.no
0 .nais/dev/gcp.yaml → .nais/dev/nada-backend/gcp.yaml
View file
Open in desktop
File renamed without changes.
0 .nais/dev/nada-backend-config.yaml → ...dev/nada-backend/nada-backend-config.yaml
View file
Open in desktop
File renamed without changes.
114 changes: 114 additions & 0 deletions .nais/prod/metabase/gcp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
apiVersion: nais.io/v1alpha1
kind: Application
metadata:
labels:
team: nada
name: metabase
namespace: nada
annotations:
{{#each annotations}}
{{this.key}}: "{{this.value}}"
{{/each}}
spec:
prometheus:
enabled: true
path: /metrics
port: "9191"
env:
- name: MB_PROMETHEUS_SERVER_PORT
value: "9191"
- name: MB_SITE_URL
value: https://metabase.ansatt.nav.no
- name: MB_DB_USER
value: metabase
- name: MB_DB_HOST
value: "127.0.0.1"
{{#each envs}}
- name: {{this.name}}
value: "{{this.value}}"
{{/each}}
envFrom:
- secret: metabase
gcp:
sqlInstances:
- databases:
- name: metabase
type: POSTGRES_12
flags:
- name: max_connections
value: "100"
tier: db-g1-small
image: metabase/metabase-enterprise:{{version}}
ingresses:
- https://metabase.ansatt.nav.no
- https://metabase-inside.intern.nav.no
liveness:
path: /api/health
startup:
initialDelay: 180
periodSeconds: 30
failureThreshold: 30
path: /api/health
readiness:
path: /api/health
port: 3000
replicas:
max: 4
min: 2
resources:
limits:
memory: 5Gi
requests:
cpu: 300m
memory: 2048Mi
accessPolicy:
inbound:
rules:
- application: nada-backend
outbound:
external:
{{#externalhosts}}
- host: "{{ . }}"
{{/externalhosts}}
- host: smtp.adeo.no
ports:
- port: 26

---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: metabase-alert
namespace: nada
labels:
team: nada
spec:
groups:
- name: metabase-alert
rules:
- alert: InstanceDown
expr: kube_deployment_status_replicas_available{namespace="nada", deployment="metabase"} == 0
for: 2m
annotations:
consequence: Metabase is unavailable
action: "`kubectl describe pod <podname>` -> `kubectl logs <podname>`"
summary: |-
No metabase pods are running in prod-gcp
labels:
namespace: nada
severity: critical
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
return 301 https://metabase.ansatt.nav.no$request_uri;
labels:
team: nada
name: metabase-redirect
namespace: nada
spec:
ingressClassName: nais-ingress-external
rules:
- host: metabase.intern.nav.no
0 .nais/prod/gcp.yaml → .nais/prod/nada-backend/gcp.yaml
View file
Open in desktop
File renamed without changes.
0 .nais/prod/nada-backend-config.yaml → ...rod/nada-backend/nada-backend-config.yaml
View file
Open in desktop
File renamed without changes.
59 changes: 59 additions & 0 deletions .nais/vars.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
annotations:
- key: config.linkerd.io/skip-outbound-ports
value: "26"
- key: nginx.ingress.kubernetes.io/proxy-body-size
value: "8m"
- key: nginx.ingress.kubernetes.io/proxy-read-timeout
value: "600"
envs:
- name: MB_DB_TYPE
value: postgres
- name: MB_DB_DBNAME
value: metabase
- name: MB_DB_PORT
value: "5432"
- name: JAVA_TIMEZONE
value: UTC+1
- name: MB_COLORIZE_LOGS
value: "false"
- name: MB_PLUGINS_DIR
value: "/tmp"
- name: MB_ADMIN_EMAIL
value: "[email protected]"
- name: MB_METABOT_ENABLED
value: "true"
- name: MB_SAML_ENABLED
value: "true"
- name: MB_SAML_GROUP_SYNC
value: "true"
- name: MB_SAML_ATTRIBUTE_GROUP
value: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
- name: MB_SAML_IDENTITY_PROVIDER_ISSUER
value: https://sts.windows.net/62366534-1ec3-4962-8869-9b5535279d0b/
- name: MB_SAML_IDENTITY_PROVIDER_URI
value: HTTPS://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b/saml2
- name: MB_ENABLE_PASSWORD_LOGIN
value: "true"
- name: MAX_SESSION_AGE
value: "1440"
- name: MB_SESSION_COOKIES
value: "true"
- name: MB_EMAIL_FROM_ADDRESS
value: "[email protected]"
- name: MB_EMAIL_SMTP_HOST
value: "smtp.adeo.no"
- name: MB_EMAIL_SMTP_PORT
value: "26"
- name: MB_EMAIL_SMTP_SECURITY
value: "none"
- name: MB_EMAIL_SMTP_USERNAME
value: "srvNada"
- name: MB_SEND_NEW_SSO_USER_ADMIN_EMAIL
value: "false"
- name: MB_HEALTH_CHECK_LOGGING_ENABLED
value: "false"
externalhosts:
- token-check.metabase.com
- slack.com
- files.slack.com
- metaboat.slack.com
Loading