Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for pinning the IP address of the load balancer via terraform overrides #1235

Merged
merged 3 commits into from
Apr 11, 2022

Conversation

aktech
Copy link
Member

@aktech aktech commented Apr 7, 2022

Fixes | Closes | Resolves #1210

Please remove anything marked as optional that you don't need to fill in.
Choose one of the keywords preceding to refer to the issue this PR solves, followed by the issue number (e.g Fixes # 666).
If there is no issue, remove the line. Remove this note after reading.

Changes introduced in this PR:

  • Adds support for terraform overrides in ingress's load balancer.

Types of changes

What types of changes does your PR introduce?

Put an x in the boxes that apply

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds a feature)
  • Breaking change (fix or feature that would cause existing features to not work as expected)
  • Documentation Update
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no API changes)
  • Build related changes
  • Other (please describe):

Testing

Requires testing

  • Yes
  • No

In case you checked yes, did you write tests?

  • Yes
  • No

Documentation

Does your contribution include breaking changes or deprecations?
If so have you updated the documentation?

  • Yes, docstrings
  • Yes, main documentation
  • Yes, deprecation notices

Further comments (optional)

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered and more.

@aktech aktech force-pushed the load-balancer-annotations branch 3 times, most recently from cc106d8 to 8245951 Compare April 7, 2022 03:06
@aktech aktech force-pushed the load-balancer-annotations branch from 3c0fcf2 to 700c5b4 Compare April 7, 2022 03:32
@aktech aktech requested a review from costrouc April 7, 2022 14:51
Copy link
Member

@costrouc costrouc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with all the terraform modifications. Would like the python side of things to be more flexible. This allows us keep the schema for qhub simpler.

qhub/schema.py Outdated


class Ingress(Base):
terraform_overrides: IngressTerraformOverrides
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer if this is terraform_overrides: Any and we defer to terraform for the checks.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So no need for the IngressTerraformOverrides

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem with this is, "Any" won't reach terraform, as we parse these in the input_vars.py, so anything other than this won't be passed, unless we pass them explicitly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see your comment below now.

@@ -152,6 +155,10 @@ def stage_04_kubernetes_ingress(stage_outputs, config):
"certificate-secret-name": config["certificate"]["secret_name"]
if config["certificate"]["type"] == "existing"
else None,
"load-balancer-annotations": ingress_terraform_overrides.get(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using what I showed above we just supply terraform_overrides e.g. **config.get("ingress", {}).get("terraform_overrides": {}). Terraform variables will do all the checking for us.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is, we need load-balancer-ip and load-balancer-annotations separately, to be passed to different variables, so that they can be used at their designated places:

In qhub/template/stages/04-kubernetes-ingress/modules/kubernetes/ingress/main.tf

spec:

  spec {
    selector = merge({
      "app.kubernetes.io/component" = "traefik-ingress"
    }, var.load-balancer-annotations)

and

    type = "LoadBalancer"
    load_balancer_ip = var.load-balancer-ip

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should work. Suppose

ingress:
  terraform_overrides:
      load-balancer-annotations:
           k1: v1
           k2: v2
      load-balancer-ip: 1.2.3.4

Then in input-vars.py we supply:

    return {
        "name": config["project_name"],
        "environment": config["namespace"],
        "node_groups": _calculate_note_groups(config),
        "enable-certificates": (config["certificate"]["type"] == "lets-encrypt"),
        "acme-email": config["certificate"].get("acme_email"),
        "acme-server": config["certificate"].get("acme_server"),
        "certificate-secret-name": config["certificate"]["secret_name"]
        if config["certificate"]["type"] == "existing"
        else None,
        **config.get("ingress", {}).get("terraform_overrides": {})
    }

This way terraform_overrides key can override any setting. Does this make sense?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This way terraform_overrides key can override any setting.

Yes, any variable present in the terraform. This makes more sense. I'll add this.

@costrouc costrouc merged commit 927d443 into main Apr 11, 2022
@costrouc costrouc deleted the load-balancer-annotations branch April 11, 2022 14:09
Adam-D-Lewis added a commit that referenced this pull request Apr 15, 2022
* Mdformat tables (#1186)

* Add mdformat-tables

* Run mdformat on all files

* mdformat only docs folder (restore .github md files)

* Fix some vale, restore README/RELEASE

* [ImgBot] Optimize images (#1187)

/docs/source/images/dev_postman_for_keycloak.png -- 298.79kb -> 270.60kb (9.44%)

Signed-off-by: ImgBotApp <[email protected]>

Co-authored-by: ImgBotApp <[email protected]>

* Bump conda-store version to 0.3.14 (#1192)

* Allow terraform init to upgrade providers within version specification (#1194)

* Allow terraform init to upgrade providers within version specification

Closes #1193

* Black formatting

* Adding missing __init__ files (#1196)

* Adding missing __init__ files

Closes #1195

* Explicitely using qhub for package

* Give hint on what to include

* Release 0.3.15 for Conda-Store (#1205)

* Profilegroups (#1203)

* Fix in case groups is None

* access all/keycloak/yaml

* jupyterlabproflies mapper

* Keycloak profiles working

* ignore changes to keycloak group attributes

* qhub upgrade for jupyterlab profiles

* docs for jupyterlabprofiles

* Renamed to jupyterlab_profiles

* Render `.gitignore`, black py files (#1206)

* Render .gitignore

* Render clean .gitignore

* Add unit test

* Upgrade black

* Upgrade black

* black format

* exclude qhub/_version.py from black

* Black what needs blackening

* Fix

* Fix

* Update qhub-dask version (#1224)

* Fix env doc links and add corresponding tests (#1216)

* Fix env doc links and add corresponding tests

* fix broken image link

* fix black formatting

* map(any) -> any (#1213)

* Update release notes - justification for changes in `v0.4.0`  (#1178)

* Update release notes

* Remove ref to cookiecutter

* Update link-checker version

* Fix

* Use lycee link-checker instead

* Remove lycee, update md config.json

* Revert version

* Release notes cleanup

* Rewording

* Add to vocab

* Fix table

* Add explicit warning about release

* Update README.md

Fixed some syntax/grammar issues.

* Minor updates

Co-authored-by: Christopher Ostrouchov <[email protected]>
Co-authored-by: Shannon <[email protected]>

* Merge spawner and profile env vars

* Support for pinning the IP address of the load balancer via terraform overrides (#1235)

* Suport adding load balancer annotations and ip via terraform overrides

* add documentation for terraform overrides

* make terraform overrides being able to override any variable

* Bump moment from 2.29.1 to 2.29.2 in /tests_e2e (#1241)

Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.2.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.29.1...2.29.2)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update cdsdashboards to 0.6.1, Voila to 0.3.5 (#1240)

* Update cdsdashboards to 0.6.1

* voila v0.3.5

* Bump minimist from 1.2.5 to 1.2.6 in /tests_e2e (#1208)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* output check fix (#1244)

Co-authored-by: Adam-D-Lewis <>

* Add auth to argo

* add argo_workflows value to qhub init command

* update black version

* update black in setup.cfg

Co-authored-by: Dan Lester <[email protected]>
Co-authored-by: imgbot[bot] <31301654+imgbot[bot]@users.noreply.github.com>
Co-authored-by: ImgBotApp <[email protected]>
Co-authored-by: Christopher Ostrouchov <[email protected]>
Co-authored-by: Amit Kumar <[email protected]>
Co-authored-by: Shannon <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Adam Lewis <[email protected]>
Co-authored-by: Adam-D-Lewis <>
iameskild added a commit that referenced this pull request May 26, 2022
* initial attempt to add argo-workflows

* add enable/disable argo functionality, comment out juptyerflow resources, add custom options for argo helm chart

* add value.yaml, add ingressroute to expose argo dashboard

* rename helm deployment

* add argo check and only check endpoint that are enabled

* reorder outputs

* add lots of comments for automatic pickup by prometheus and toggling rbac for individual argo workflows components

* cleanup comments, add emissary containerRuntime by default

* first pass at docs

* remove jupyterflow commented out resources

* Add auth to argo  (#1249)

* Mdformat tables (#1186)

* Add mdformat-tables

* Run mdformat on all files

* mdformat only docs folder (restore .github md files)

* Fix some vale, restore README/RELEASE

* [ImgBot] Optimize images (#1187)

/docs/source/images/dev_postman_for_keycloak.png -- 298.79kb -> 270.60kb (9.44%)

Signed-off-by: ImgBotApp <[email protected]>

Co-authored-by: ImgBotApp <[email protected]>

* Bump conda-store version to 0.3.14 (#1192)

* Allow terraform init to upgrade providers within version specification (#1194)

* Allow terraform init to upgrade providers within version specification

Closes #1193

* Black formatting

* Adding missing __init__ files (#1196)

* Adding missing __init__ files

Closes #1195

* Explicitely using qhub for package

* Give hint on what to include

* Release 0.3.15 for Conda-Store (#1205)

* Profilegroups (#1203)

* Fix in case groups is None

* access all/keycloak/yaml

* jupyterlabproflies mapper

* Keycloak profiles working

* ignore changes to keycloak group attributes

* qhub upgrade for jupyterlab profiles

* docs for jupyterlabprofiles

* Renamed to jupyterlab_profiles

* Render `.gitignore`, black py files (#1206)

* Render .gitignore

* Render clean .gitignore

* Add unit test

* Upgrade black

* Upgrade black

* black format

* exclude qhub/_version.py from black

* Black what needs blackening

* Fix

* Fix

* Update qhub-dask version (#1224)

* Fix env doc links and add corresponding tests (#1216)

* Fix env doc links and add corresponding tests

* fix broken image link

* fix black formatting

* map(any) -> any (#1213)

* Update release notes - justification for changes in `v0.4.0`  (#1178)

* Update release notes

* Remove ref to cookiecutter

* Update link-checker version

* Fix

* Use lycee link-checker instead

* Remove lycee, update md config.json

* Revert version

* Release notes cleanup

* Rewording

* Add to vocab

* Fix table

* Add explicit warning about release

* Update README.md

Fixed some syntax/grammar issues.

* Minor updates

Co-authored-by: Christopher Ostrouchov <[email protected]>
Co-authored-by: Shannon <[email protected]>

* Merge spawner and profile env vars

* Support for pinning the IP address of the load balancer via terraform overrides (#1235)

* Suport adding load balancer annotations and ip via terraform overrides

* add documentation for terraform overrides

* make terraform overrides being able to override any variable

* Bump moment from 2.29.1 to 2.29.2 in /tests_e2e (#1241)

Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.2.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.29.1...2.29.2)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update cdsdashboards to 0.6.1, Voila to 0.3.5 (#1240)

* Update cdsdashboards to 0.6.1

* voila v0.3.5

* Bump minimist from 1.2.5 to 1.2.6 in /tests_e2e (#1208)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* output check fix (#1244)

Co-authored-by: Adam-D-Lewis <>

* Add auth to argo

* add argo_workflows value to qhub init command

* update black version

* update black in setup.cfg

Co-authored-by: Dan Lester <[email protected]>
Co-authored-by: imgbot[bot] <31301654+imgbot[bot]@users.noreply.github.com>
Co-authored-by: ImgBotApp <[email protected]>
Co-authored-by: Christopher Ostrouchov <[email protected]>
Co-authored-by: Amit Kumar <[email protected]>
Co-authored-by: Shannon <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Adam Lewis <[email protected]>
Co-authored-by: Adam-D-Lewis <>

* remove comments

* Clean up argo auth

* Fix typo, add node-selector

* Fix, add argo to vocab

* fix bug and change argo health endpoint

* add overrides to argo workflows

* add some argo roles stuff

* fix cluster role names

* add overrides

* clean up

* Update readme

Co-authored-by: Adam-D-Lewis <>
Co-authored-by: eskild <[email protected]>
Co-authored-by: Dan Lester <[email protected]>
Co-authored-by: imgbot[bot] <31301654+imgbot[bot]@users.noreply.github.com>
Co-authored-by: ImgBotApp <[email protected]>
Co-authored-by: Christopher Ostrouchov <[email protected]>
Co-authored-by: Amit Kumar <[email protected]>
Co-authored-by: Shannon <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iameskild <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[ENH] - Support for pinning the IP address of the load balancer and ability to use internal VPC
2 participants