Issue #000 feat: updated content service helm charts

kubernetes/ansible/badger.yml

----
-- hosts: local
-  gather_facts: no
-  vars_files:
-    - "{{inventory_dir}}/secrets.yml"
-  environment:
-    KUBECONFIG: "{{ kubeconfig_path }}"
-  roles:
-    - deploy-badger

kubernetes/ansible/deploy_core_service.yml

@@ -7,3 +7,38 @@
     KUBECONFIG: "{{ kubeconfig_path }}"
   roles:
     - sunbird-deploy
+  tags:
+    - deploy-core
+
+- hosts: local
+  gather_facts: no
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  roles:
+    - deploy-player
+  tags:
+    - deploy-player
+
+- hosts: local
+  gather_facts: no
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  roles:
+    - deploy-content
+  tags:
+    - deploy-content
+
+- hosts: local
+  gather_facts: no
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  roles:
+    - deploy-badger
+  tags:
+    - deploy-badger
\ No newline at end of file

kubernetes/ansible/player.yml

----
-- hosts: local
-  gather_facts: no
-  vars_files:
-    - "{{inventory_dir}}/secrets.yml"
-  environment:
-    KUBECONFIG: "{{ kubeconfig_path }}"
-  roles:
-    - deploy-player

kubernetes/ansible/roles/deploy-content/tasks/main.yml

+- name: Create a directory if it does not exist
+  file:
+    path: /var/lib/jenkins/content_config
+    state: directory
+
+- name: copy new index file
+  template: src="application.conf" dest="/var/lib/jenkins/content_config/application.conf" mode=0644
+
+- name: remove whitespaces in index file
+  shell: 'sed -i s/\\s\\+$//e /var/lib/jenkins/content_config/application.conf'
+
+- name: Remove the existing content config
+  shell: "kubectl delete configmap content-config --namespace={{namespace}}"
+  ignore_errors: true
+
+- name: Create content service configmap
+  shell: "kubectl create configmap content-config --from-file=/var/lib/jenkins/content_config/application.conf --namespace={{namespace}}"
+
+- name: rename template
+  template:
+    src: "{{ chart_path }}/values.j2"
+    dest: "{{ chart_path }}/values.yaml"
+
+- name: helm install
+  shell: helm upgrade --install {{ release_name }} {{ chart_path }}
+  #shell: helm template {{ chart_path }} > /tmp/test.yaml
\ No newline at end of file

kubernetes/ansible/roles/deploy-content/templates/application.conf

+# This is the main configuration file for the application.
+# https://www.playframework.com/documentation/latest/ConfigFile
+# ~~~~~
+# Play uses HOCON as its configuration file format.  HOCON has a number
+# of advantages over other config formats, but there are two things that
+# can be used when modifying settings.
+#
+# You can include other configuration files in this main application.conf file:
+#include "extra-config.conf"
+#
+# You can declare variables and substitute for them:
+#mykey = ${some.value}
+#
+# And if an environment variable exists when there is no other substitution, then
+# HOCON will fall back to substituting environment variable:
+#mykey = ${JAVA_HOME}
+
+## Akka
+# https://www.playframework.com/documentation/latest/ScalaAkka#Configuration
+# https://www.playframework.com/documentation/latest/JavaAkka#Configuration
+# ~~~~~
+# Play uses Akka internally and exposes Akka Streams and actors in Websockets and
+# other streaming HTTP responses.
+akka {
+  # "akka.log-config-on-start" is extraordinarly useful because it log the complete
+  # configuration at INFO level, including defaults and overrides, so it s worth
+  # putting at the very top.
+  #
+  # Put the following in your conf/logback.xml file:
+  #
+  # <logger name="akka.actor" level="INFO" />
+  #
+  # And then uncomment this line to debug the configuration.
+  #
+  #log-config-on-start = true
+}
+
+## Secret key
+# http://www.playframework.com/documentation/latest/ApplicationSecret
+# ~~~~~
+# The secret key is used to sign Play's session cookie.
+# This must be changed for production, but we don't recommend you change it in this file.
+play.http.secret.key="{{ graph_passport_key }}"
+
+## Modules
+# https://www.playframework.com/documentation/latest/Modules
+# ~~~~~
+# Control which modules are loaded when Play starts.  Note that modules are
+# the replacement for "GlobalSettings", which are deprecated in 2.5.x.
+# Please see https://www.playframework.com/documentation/latest/GlobalSettings
+# for more information.
+#
+# You can also extend Play functionality by using one of the publically available
+# Play modules: https://playframework.com/documentation/latest/ModuleDirectory
+play.modules {
+  # By default, Play will load any class called Module that is defined
+  # in the root package (the "app" directory), or you can define them
+  # explicitly below.
+  # If there are any built-in modules that you want to enable, you can list them here.
+  #enabled += my.application.Module
+
+  # If there are any built-in modules that you want to disable, you can list them here.
+  #disabled += ""
+}
+
+## IDE
+# https://www.playframework.com/documentation/latest/IDE
+# ~~~~~
+# Depending on your IDE, you can add a hyperlink for errors that will jump you
+# directly to the code location in the IDE in dev mode. The following line makes
+# use of the IntelliJ IDEA REST interface:
+#play.editor="http://localhost:63342/api/file/?file=%s&line=%s"
+
+## Internationalisation
+# https://www.playframework.com/documentation/latest/JavaI18N
+# https://www.playframework.com/documentation/latest/ScalaI18N
+# ~~~~~
+# Play comes with its own i18n settings, which allow the user's preferred language
+# to map through to internal messages, or allow the language to be stored in a cookie.
+play.i18n {
+  # The application languages
+  langs = [ "en" ]
+
+  # Whether the language cookie should be secure or not
+  #langCookieSecure = true
+
+  # Whether the HTTP only attribute of the cookie should be set to true
+  #langCookieHttpOnly = true
+}
+
+## Play HTTP settings
+# ~~~~~
+play.http {
+  ## Router
+  # https://www.playframework.com/documentation/latest/JavaRouting
+  # https://www.playframework.com/documentation/latest/ScalaRouting
+  # ~~~~~
+  # Define the Router object to use for this application.
+  # This router will be looked up first when the application is starting up,
+  # so make sure this is the entry point.
+  # Furthermore, it's assumed your route file is named properly.
+  # So for an application router like `my.application.Router`,
+  # you may need to define a router file `conf/my.application.routes`.
+  # Default to Routes in the root package (aka "apps" folder) (and conf/routes)
+  #router = my.application.Router
+
+  ## Action Creator
+  # https://www.playframework.com/documentation/latest/JavaActionCreator
+  # ~~~~~
+  #actionCreator = null
+
+  ## ErrorHandler
+  # https://www.playframework.com/documentation/latest/JavaRouting
+  # https://www.playframework.com/documentation/latest/ScalaRouting
+  # ~~~~~
+  # If null, will attempt to load a class called ErrorHandler in the root package,
+  #errorHandler = null
+
+  ## Session & Flash
+  # https://www.playframework.com/documentation/latest/JavaSessionFlash
+  # https://www.playframework.com/documentation/latest/ScalaSessionFlash
+  # ~~~~~
+  session {
+    # Sets the cookie to be sent only over HTTPS.
+    #secure = true
+
+    # Sets the cookie to be accessed only by the server.
+    #httpOnly = true
+
+    # Sets the max-age field of the cookie to 5 minutes.
+    # NOTE: this only sets when the browser will discard the cookie. Play will consider any
+    # cookie value with a valid signature to be a valid session forever. To implement a server side session timeout,
+    # you need to put a timestamp in the session and check it at regular intervals to possibly expire it.
+    #maxAge = 300
+
+    # Sets the domain on the session cookie.
+    #domain = "example.com"
+  }
+
+  flash {
+    # Sets the cookie to be sent only over HTTPS.
+    #secure = true
+
+    # Sets the cookie to be accessed only by the server.
+    #httpOnly = true
+  }
+}
+
+play.http.parser.maxDiskBuffer = 10MB
+parsers.anyContent.maxLength = 10MB
+
+## Netty Provider
+# https://www.playframework.com/documentation/latest/SettingsNetty
+# ~~~~~
+play.server.netty {
+  # Whether the Netty wire should be logged
+  log.wire = true
+
+  # If you run Play on Linux, you can use Netty's native socket transport
+  # for higher performance with less garbage.
+  transport = "native"
+}
+
+## WS (HTTP Client)
+# https://www.playframework.com/documentation/latest/ScalaWS#Configuring-WS
+# ~~~~~
+# The HTTP client primarily used for REST APIs.  The default client can be
+# configured directly, but you can also create different client instances
+# with customized settings. You must enable this by adding to build.sbt:
+#
+# libraryDependencies += ws // or javaWs if using java
+#
+play.ws {
+  # Sets HTTP requests not to follow 302 requests
+  #followRedirects = false
+
+  # Sets the maximum number of open HTTP connections for the client.
+  #ahc.maxConnectionsTotal = 50
+
+  ## WS SSL
+  # https://www.playframework.com/documentation/latest/WsSSL
+  # ~~~~~
+  ssl {
+    # Configuring HTTPS with Play WS does not require programming.  You can
+    # set up both trustManager and keyManager for mutual authentication, and
+    # turn on JSSE debugging in development with a reload.
+    #debug.handshake = true
+    #trustManager = {
+    #  stores = [
+    #    { type = "JKS", path = "exampletrust.jks" }
+    #  ]
+    #}
+  }
+}
+
+## Cache
+# https://www.playframework.com/documentation/latest/JavaCache
+# https://www.playframework.com/documentation/latest/ScalaCache
+# ~~~~~
+# Play comes with an integrated cache API that can reduce the operational
+# overhead of repeated requests. You must enable this by adding to build.sbt:
+#
+# libraryDependencies += cache
+#
+play.cache {
+  # If you want to bind several caches, you can bind the individually
+  #bindCaches = ["db-cache", "user-cache", "session-cache"]
+}
+
+## Filter Configuration
+# https://www.playframework.com/documentation/latest/Filters
+# ~~~~~
+# There are a number of built-in filters that can be enabled and configured
+# to give Play greater security.
+#
+play.filters {
+
+  # Enabled filters are run automatically against Play.
+  # CSRFFilter, AllowedHostFilters, and SecurityHeadersFilters are enabled by default.
+  enabled = [filters.AccessLogFilter]
+
+  # Disabled filters remove elements from the enabled list.
+  # disabled += filters.CSRFFilter
+
+
+  ## CORS filter configuration
+  # https://www.playframework.com/documentation/latest/CorsFilter
+  # ~~~~~
+  # CORS is a protocol that allows web applications to make requests from the browser
+  # across different domains.
+  # NOTE: You MUST apply the CORS configuration before the CSRF filter, as CSRF has
+  # dependencies on CORS settings.
+  cors {
+    # Filter paths by a whitelist of path prefixes
+    #pathPrefixes = ["/some/path", ...]
+
+    # The allowed origins. If null, all origins are allowed.
+    #allowedOrigins = ["http://www.example.com"]
+
+    # The allowed HTTP methods. If null, all methods are allowed
+    #allowedHttpMethods = ["GET", "POST"]
+  }
+
+  ## Security headers filter configuration
+  # https://www.playframework.com/documentation/latest/SecurityHeaders
+  # ~~~~~
+  # Defines security headers that prevent XSS attacks.
+  # If enabled, then all options are set to the below configuration by default:
+  headers {
+    # The X-Frame-Options header. If null, the header is not set.
+    #frameOptions = "DENY"
+
+    # The X-XSS-Protection header. If null, the header is not set.
+    #xssProtection = "1; mode=block"
+
+    # The X-Content-Type-Options header. If null, the header is not set.
+    #contentTypeOptions = "nosniff"
+
+    # The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
+    #permittedCrossDomainPolicies = "master-only"
+
+    # The Content-Security-Policy header. If null, the header is not set.
+    #contentSecurityPolicy = "default-src 'self'"
+  }
+
+  ## Allowed hosts filter configuration
+  # https://www.playframework.com/documentation/latest/AllowedHostsFilter
+  # ~~~~~
+  # Play provides a filter that lets you configure which hosts can access your application.
+  # This is useful to prevent cache poisoning attacks.
+  hosts {
+    # Allow requests to example.com, its subdomains, and localhost:9000.
+    #allowed = [".example.com", "localhost:9000"]
+  }
+}
+
+play.http.parser.maxMemoryBuffer = 50MB
+akka.http.parsing.max-content-length = 50MB
+schema.base_path="https://{{ azure_account_name }}.blob.core.windows.net/{{ azure_public_container }}/schemas/"
+
+# Cassandra Configuration
+cassandra.lp.connection="{{ lp_cassandra_connection }}"
+cassandra.lpa.connection="{{ dp_cassandra_connection }}"
+
+# Redis Configuration
+redis.host=localhost
+redis.port=6379
+redis.maxConnections=128
+
+#--Maximum Content Package File Size Limit in Bytes (50 MB)
+MAX_CONTENT_PACKAGE_FILE_SIZE_LIMIT=52428800
+
+#--Maximum Asset File Size Limit in Bytes (20 MB)
+MAX_ASSET_FILE_SIZE_LIMIT=20971520
+
+#--No of Retry While File Download Fails
+RETRY_ASSET_DOWNLOAD_COUNT=1
+
+#Current environment
+cloud_storage.env="{{env}}"
+
+# Configuration
+graph.dir=/data/graphDB
+akka.request_timeout=30
+environment.id={{ environment_id }}
+graph.ids=["domain"]
+graph.passport.key.base="{{ graph_passport_key }}"
+route.domain="{{ learning_neo4j_bolt_url }}"
+route.bolt.write.domain="{{ learning_write_elb_url }}"
+route.bolt.read.domain="{{ learning_read_elb_url }}"
+route.all="{{ language_neo4j_bolt_url }}"
+route.bolt.write.all="{{ language_write_elb_url }}"
+route.bolt.read.all="{{ language_read_elb_url }}"
+
+shard.id={{ mw_shard_id }}
+platform.auth.check.enabled=false
+platform.cache.ttl=3600000
+
+#Top N Config for Search Telemetry
+telemetry_env="{{env}}"
+
+installation.id=ekstep
+
+channel.default=in.ekstep
+
+content.cache.ttl=86400
+content.cache.read=true
+content.cache.hierarchy=true
\ No newline at end of file

kubernetes/helm_charts/core/content/templates/configmap.yaml

-apiVersion: v1
-data:
-  {{- range $key, $val := .Values.contentenv }}
-  {{ $key }}: {{ $val }}
-  {{- end }}
-  graph.ids: {{ .Values.graph_ids | toJson }}
-kind: ConfigMap
-metadata:
-  creationTimestamp: null
-  name: {{ .Chart.Name }}-config
-  namespace: {{ .Values.namespace }}
-

kubernetes/helm_charts/core/content/templates/deployment.yaml

@@ -24,6 +24,10 @@ spec:
     spec:
       imagePullSecrets:
       - name: {{ .Values.imagepullsecrets }}
+      volumes:
+        - name: {{ .Chart.Name }}-config
+          configMap:
+            name: {{ .Chart.Name }}-config
       containers:
       - name: {{ .Chart.Name }}
         image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}"
@@ -34,6 +38,9 @@ spec:
 {{ toYaml .Values.resources | indent 10 }}
         ports:
         - containerPort: {{ .Values.network.port }}
+        volumeMounts:
+          - name: {{ .Chart.Name }}-config
+            mountPath: /home/sunbird/learning-service-1.0-SNAPSHOT/config/applicaton.conf
 
 ---
 apiVersion: v1

kubernetes/helm_charts/core/content/values.j2

@@ -22,34 +22,3 @@ strategy:
   maxsurge: 1
   maxunavailable: 0
 
-contentenv:
-  cassandra.lp.connection: {{ lp_cassandra_connection }}
-  cassandra.lpa.connection: {{ dp_cassandra_connection }}
-  redis.host: localhost
-  redis.port: '"6379"'
-  redis.maxConnections: '"128"'
-  MAX_CONTENT_PACKAGE_FILE_SIZE_LIMIT: '"52428800"'
-  MAX_ASSET_FILE_SIZE_LIMIT: '"20971520"'
-  RETRY_ASSET_DOWNLOAD_COUNT: '"1"'
-  cloud_storage.env: dev
-  graph.dir: /data/graphDB
-  akka.request_timeout: '"30"'
-  environment.id: '"{{ environment_id }}"'
-  graph.passport.key.base: {{ graph_passport_key }}
-  route.domain: {{ learning_neo4j_bolt_url }}
-  route.bolt.write.domain: {{ learning_write_elb_url }}
-  route.bolt.read.domain: {{ learning_read_elb_url }}
-  route.all: {{ language_neo4j_bolt_url }}
-  route.bolt.write.all: {{ language_write_elb_url }}
-  route.bolt.read.all: {{ language_read_elb_url }}
-  shard.id: '"{{ mw_shard_id }}"'
-  platform.auth.check.enabled: "'false'"
-  platform.cache.ttl: '"3600000"'
-  telemetry_env: dev
-  installation.id: ekstep
-  channel.default: in.ekstep
-  content.cache.ttl: '"86400"'
-  content.cache.read: "'true'"
-  content.cache.hierarchy: "'true'"
-
-graph_ids: '["domain"]'

kubernetes/pipelines/deploy_core/Jenkinsfile

@@ -11,7 +11,7 @@ node() {
             jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim().toLowerCase()
             currentWs = sh(returnStdout: true, script: 'pwd').trim()
             ansiblePlaybook = "$currentWs/kubernetes/ansible/deploy_core_service.yml"
-            ansibleExtraArgs = "--extra-vars \"chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName image_tag=$values.image_tag\" --vault-password-file /var/lib/jenkins/secrets/vault-pass"
+            ansibleExtraArgs = "--extra-vars \"chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName image_tag=$values.image_tag\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags deploy-core"
             values.put('currentWs', currentWs)
             values.put('ansiblePlaybook', ansiblePlaybook)
             values.put('ansibleExtraArgs', ansibleExtraArgs)

kubernetes/pipelines/deploy_core/Jenkinsfile.badger

@@ -10,8 +10,8 @@ node() {
             values = docker_params()
             jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim().toLowerCase()
             currentWs = sh(returnStdout: true, script: 'pwd').trim()
-            ansiblePlaybook = "$currentWs/kubernetes/ansible/badger.yml"
-            ansibleExtraArgs = "--extra-vars \"chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName image_tag=$values.image_tag\" --vault-password-file /var/lib/jenkins/secrets/vault-pass"
+            ansiblePlaybook = "$currentWs/kubernetes/ansible/deploy_core_service.yml"
+            ansibleExtraArgs = "--extra-vars \"chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName image_tag=$values.image_tag\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags deploy-badger"
             values.put('currentWs', currentWs)
             values.put('ansiblePlaybook', ansiblePlaybook)
             values.put('ansibleExtraArgs', ansibleExtraArgs)

kubernetes/pipelines/deploy_core/Jenkinsfile.content

+@Library('deploy-conf') _
+node() {
+    try {
+        stage('checkout public repo') {
+            cleanWs()
+            checkout scm
+        }
+
+        stage('deploy') {
+            values = docker_params()
+            jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim().toLowerCase()
+            currentWs = sh(returnStdout: true, script: 'pwd').trim()
+            ansiblePlaybook = "$currentWs/kubernetes/ansible/deploy_core_service.yml"
+            ansibleExtraArgs = "--extra-vars \"chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName image_tag=$values.image_tag\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags deploy-content"
+            values.put('currentWs', currentWs)
+            values.put('ansiblePlaybook', ansiblePlaybook)
+            values.put('ansibleExtraArgs', ansibleExtraArgs)
+            ansible_playbook_run(values)
+            archiveArtifacts 'metadata.json'
+            currentBuild.description = "Image: ${values.image_tag}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}"
+        }
+    }
+    catch (err) {
+        currentBuild.result = "FAILURE"
+        throw err
+    }
+    finally {
+        slack_notify(currentBuild.result)
+        email_notify()
+    }
+}

pipelines/deploy/player/Jenkinsfile

@@ -16,14 +16,14 @@ node() {
                 values = docker_params()
                 jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim().toLowerCase()
                 currentWs = sh(returnStdout: true, script: 'pwd').trim()
-                ansiblePlaybook = "$currentWs/kubernetes/ansible/player.yml"
+                ansiblePlaybook = "$currentWs/kubernetes/ansible/deploy_core_service.yml"
                 cdn_file_exists = new File("$currentWs/index_cdn.ejs")
                 if (cdn_file_exists.exists()) {
                     println(ANSI_BOLD + ANSI_GREEN + "Found index_cdn.ejs file. Deploying player with CDN.." + ANSI_NORMAL)
-                    ansibleExtraArgs = "--extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag cdn_file_path=$currentWs/index_cdn.ejs chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName\" --vault-password-file /var/lib/jenkins/secrets/vault-pass "
+                    ansibleExtraArgs = "--extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag cdn_file_path=$currentWs/index_cdn.ejs chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags deploy-player "
                 } else {
                     println(ANSI_BOLD + ANSI_YELLOW + "Could not find index_cdn.ejs file. Deploying player without CDN.." + ANSI_NORMAL)
-                    ansibleExtraArgs = "--extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName\" --vault-password-file /var/lib/jenkins/secrets/vault-pass "
+                    ansibleExtraArgs = "--extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags deploy-player "
                 }
                 values.put('currentWs', currentWs)
                 values.put('ansiblePlaybook', ansiblePlaybook)