Use mcr for nginx-ingress (#213)

Also updates: - 24 hour image cleaner cycle - Don't specify k8s version; it's auto upgraded
2024-06-07 14:58:39 -04:00 · 2024-06-07 14:58:39 -04:00 · 34ebd993c7
--- a/deployment/bin/deploy
+++ b/deployment/bin/deploy
@ -135,17 +135,6 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then

    setup_helm

-    # Install cert-manager
-
-    # echo "Installing cert-manager..."
-
-    # helm upgrade --install \
-    #     cert-manager \
-    #     --namespace pc \
-    #     --create-namespace \
-    #     --version v1.6.0 \
-    #     --set installCRDs=true jetstack/cert-manager
-
    echo "==================="
    echo "==== STAC API ====="
    echo "==================="
@ -183,12 +172,17 @@ if [ "${BASH_SOURCE[0]}" = "${0}" ]; then
        -f ${DEPLOY_VALUES_FILE}

    echo "Installing ingress-nginx..."
-    helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx \
+    helm upgrade --install nginx-ingress helm/ingress-nginx-4.8.3.tgz \
        -n pc \
        --set controller.replicaCount=2 \
        --set controller.service.externalTrafficPolicy="Local" \
        --set controller.service.loadBalancerIP="${INGRESS_IP}" \
        --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"="${DNS_LABEL}" \
+        --set controller.image.registry="mcr.microsoft.com" \
+        --set controller.image.image="oss/kubernetes/ingress/nginx-ingress-controller" \
+        --set controller.image.tag="v1.9.6-patched" \
+        --set controller.image.digest="sha256:2383717ea3edd1652b97e5b82adf15a3e7f091d0d5d0eceb8dce4410e3a6a292" \
+        --version "4.8.3"\
        --wait \
        --timeout 2m0s \
        -f bin/nginx-values.yaml
--- a/deployment/bin/lib
+++ b/deployment/bin/lib
@ -90,11 +90,6 @@ function cluster_login() {
 function setup_helm() {
    # Set the helm context to the same as the kubectl context
    export KUBE_CONTEXT=$(kubectl config current-context)
-
-    # Add repos
-    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-    helm repo add jetstack https://charts.jetstack.io
-    helm repo update
 }

 function full_setup() {
--- a/deployment/docker-compose.yml
+++ b/deployment/docker-compose.yml
@ -11,7 +11,7 @@ services:
      - IMAGE_TAG
      - GIT_COMMIT

-      - ARM_SUBSCRIPTION_ID
+      - ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID:-a84a690d-585b-4c7c-80d9-851a48af5a50}
      - ARM_TENANT_ID
      - ARM_CLIENT_ID
      - ARM_USE_OIDC
--- a/deployment/helm/ingress-nginx-4.8.3.tgz
+++ b/deployment/helm/ingress-nginx-4.8.3.tgz
--- a/deployment/terraform/resources/aks.tf
+++ b/deployment/terraform/resources/aks.tf
@ -3,7 +3,6 @@ resource "azurerm_kubernetes_cluster" "pc" {
  location            = azurerm_resource_group.pc.location
  resource_group_name = azurerm_resource_group.pc.name
  dns_prefix          = "${local.prefix}-cluster"
-  kubernetes_version  = var.k8s_version

  key_vault_secrets_provider {
    secret_rotation_enabled = true
@ -18,15 +17,15 @@ resource "azurerm_kubernetes_cluster" "pc" {
  # https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-os-image
  node_os_channel_upgrade = "NodeImage"

-  image_cleaner_enabled = true
+  image_cleaner_enabled        = true
+  image_cleaner_interval_hours = 24

  default_node_pool {
-    name                 = "agentpool"
-    os_sku               = "AzureLinux"
-    vm_size              = "Standard_DS2_v2"
-    node_count           = var.aks_node_count
-    vnet_subnet_id       = azurerm_subnet.node_subnet.id
-    orchestrator_version = var.k8s_version
+    name           = "agentpool"
+    os_sku         = "AzureLinux"
+    vm_size        = "Standard_DS2_v2"
+    node_count     = var.aks_node_count
+    vnet_subnet_id = azurerm_subnet.node_subnet.id
  }

  identity {
@ -40,7 +39,7 @@ resource "azurerm_kubernetes_cluster" "pc" {

  maintenance_window {
    allowed {
-      day = "Saturday"
+      day   = "Saturday"
      hours = [10, 11, 12, 13, 14, 15, 16, 17, 18]
    }
    # not_allowed {
@ -52,21 +51,21 @@ resource "azurerm_kubernetes_cluster" "pc" {
  # Recommendation is to make it at least 4 hours long
  # https://learn.microsoft.com/en-us/azure/aks/planned-maintenance?tabs=json-file#creating-a-maintenance-window
  maintenance_window_auto_upgrade {
-    frequency = "Weekly"
+    frequency   = "Weekly"
    day_of_week = "Saturday"
-    interval = 1
-    duration = 4
-    utc_offset = "+00:00"
-    start_time = "10:00" # UTC
+    interval    = 1
+    duration    = 4
+    utc_offset  = "+00:00"
+    start_time  = "10:00" # UTC
  }

  maintenance_window_node_os {
-    frequency = "Weekly"
+    frequency   = "Weekly"
    day_of_week = "Saturday"
-    interval = 1
-    duration = 4
-    utc_offset = "+00:00"
-    start_time = "14:00" # UTC
+    interval    = 1
+    duration    = 4
+    utc_offset  = "+00:00"
+    start_time  = "14:00" # UTC
  }

  tags = {
--- a/deployment/terraform/resources/variables.tf
+++ b/deployment/terraform/resources/variables.tf
@ -46,10 +46,6 @@ variable "tiler_replica_count" {
  type = number
 }

-variable "k8s_version" {
-  type = string
-}
-
 # -- Postgres

 variable "pg_host" {
--- a/deployment/terraform/staging/main.tf
+++ b/deployment/terraform/staging/main.tf
@ -4,8 +4,6 @@ module "resources" {
  environment = "staging"
  region      = "West Europe"

-  k8s_version = "1.28.5"
-
  cluster_cert_issuer = "letsencrypt"
  cluster_cert_server = "https://acme-v02.api.letsencrypt.org/directory"

@ -32,7 +30,7 @@ terraform {
    storage_account_name = "pctesttfstate"
    container_name       = "pc-test-api"
    key                  = "pqe-apis.tfstate"
-    use_oidc = true
+    use_oidc             = true
  }
 }