From 400f06726fb255ebd65219df4b4ee1e3f592ce2c Mon Sep 17 00:00:00 2001 From: David Gauldie Date: Fri, 10 May 2024 13:35:14 -0400 Subject: [PATCH 1/5] bump beaker version --- .../overlays/prod/overlays/askem-production/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml index 3c14d5a5..8ed3ac59 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml @@ -73,7 +73,7 @@ images: # Jupyter LLM service - name: beaker-image newName: ghcr.io/darpa-askem/beaker-kernel - newTag: 'chi-demo-2' + newTag: '1.4.0' # Skema - name: skema-py-image From c6e20d0e6d6f6ef478fa18f0b45fa5a6fbc249e3 Mon Sep 17 00:00:00 2001 From: David Gauldie Date: Mon, 13 May 2024 10:16:38 -0400 Subject: [PATCH 2/5] move staging to new rabbit MQ. (#402) --- .../pyciemss-api-deployment.yaml | 15 ++++++++--- .../pyciemss-worker-deployment.yaml | 15 ++++++++--- .../sciml-service-deployment.yaml | 10 ++++++++ .../secrets/secrets-mq-creds.enc.yaml | 25 ++++++++++--------- .../pyciemss-api-deployment.yaml | 6 ++--- .../pyciemss-worker-deployment.yaml | 6 ++--- .../sciml-service-deployment.yaml | 4 --- .../secrets/secrets-mq-creds.enc.yaml | 25 ++++++++++--------- .../pyciemss-api-deployment.yaml | 6 ++--- .../pyciemss-worker-deployment.yaml | 6 ++--- .../sciml-service-deployment.yaml | 6 +---- 11 files changed, 67 insertions(+), 57 deletions(-) diff --git a/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-api-deployment.yaml b/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-api-deployment.yaml index 76e7c431..9ef4c97e 100755 --- a/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-api-deployment.yaml +++ b/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-api-deployment.yaml @@ -27,16 +27,23 @@ spec: value: 'False' - name: PYCIEMSS_OUTPUT_FILEPATH value: result.csv + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: mq-creds + key: host + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: mq-creds + key: port - name: RABBITMQ_USERNAME valueFrom: secretKeyRef: name: mq-creds - key: - username + key: username - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: mq-creds key: password - - name: RABBITMQ_SSL - value: 'True' diff --git a/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-worker-deployment.yaml b/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-worker-deployment.yaml index eb74b8ff..b94fc9c8 100755 --- a/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-worker-deployment.yaml +++ b/kubernetes/overlays/prod/base/services/pyciemss-service/pyciemss-worker-deployment.yaml @@ -28,16 +28,23 @@ spec: value: 'False' - name: PYCIEMSS_OUTPUT_FILEPATH value: result.csv + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: mq-creds + key: host + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: mq-creds + key: port - name: RABBITMQ_USERNAME valueFrom: secretKeyRef: name: mq-creds - key: - username + key: username - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: mq-creds key: password - - name: RABBITMQ_SSL - value: 'True' diff --git a/kubernetes/overlays/prod/base/services/sciml-service/sciml-service-deployment.yaml b/kubernetes/overlays/prod/base/services/sciml-service/sciml-service-deployment.yaml index 91f83fdb..615762ac 100755 --- a/kubernetes/overlays/prod/base/services/sciml-service/sciml-service-deployment.yaml +++ b/kubernetes/overlays/prod/base/services/sciml-service/sciml-service-deployment.yaml @@ -25,6 +25,16 @@ spec: key: service_password - name: SIMSERVICE_RABBITMQ_ENABLED value: 'true' + - name: SIMSERVICE_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: mq-creds + key: host + - name: SIMSERVICE_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: mq-creds + key: port - name: SIMSERVICE_RABBITMQ_LOGIN valueFrom: secretKeyRef: diff --git a/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml b/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml index bda94643..98c06df9 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml @@ -1,14 +1,15 @@ ---- apiVersion: v1 kind: Secret metadata: name: mq-creds type: Opaque data: - username: ENC[AES256_GCM,data:Ux/E2pjQplaZOeOr,iv:kQsem4vt1kzNhK8dt95EC9uRDjxnZfvrsVWg90UW9NA=,tag:NaisgkCBmrYzCiphf4D6lA==,type:str] - password: ENC[AES256_GCM,data:NE+CtAeZQU0JlNWn61c1oZaLp2af/sGwwRlPBGBfB7yH17/AljLFF6sGFlmbQ13w,iv:Wi57XWVk8Qn03drI0ispQS32AoGo68C63ro/Hs9eLpA=,tag:8oILs/PxxbdSbVgdpZ7ZDw==,type:str] - address: ENC[AES256_GCM,data:uceWMmksKsoRuMSOtR6Hj2a8mK6/fuz2RbZ9x3DABtGg/x+vpscZa2/dv642h+R9Jn//kIAS3bZWzPdk4L1Ox20+RW2e000fNrxVHdHzI9afxMXAkb4+1ucNip7jq/f+2O8ZAWXr4e4=,iv:6DE1bitC/y5/mfu9+omMlI8Ha0OHpY57TrqSNBC4TU8=,tag:bv6rnpPpwBfPL9AV6acdkQ==,type:str] - url: ENC[AES256_GCM,data:QOr+8rIK6SiXZMKGJk+nZESBO6mzEfNwOLNgiFF9bMNke/ZxAHJzlhaVYTF4cUslRE3J+qgj0fbvax+xEabet+cngS0hprKW7+9UeE8iQuWTopDtoRheEh9SYTVkfEuZ0n8UGQ==,iv:MJRERV9UgAk94v9e+dxZHPXNv6uOZJK1W+bFvXP6ju8=,tag:rxZADUL5qbepu+FTA9sbUg==,type:str] + username: ENC[AES256_GCM,data:Nz9JnQEsP6w1C39/,iv:1antdu3yBoKw3UrJcv7mn8VIb+qUN185upP3B/bWalU=,tag:XX7G6vW7Q1LGhu8h9zi5ng==,type:str] + password: ENC[AES256_GCM,data:OqdIzHQcatRiA2isSq95/mQuM8uFOXnne94B1VlFoBk3TWdlfyu1IXdgksHTmOUb,iv:HlYjQzrNibJEvJLm/OwOaaMiF3K0OPbVF7xoVqylD0A=,tag:1W6FbwdtGBF3e9Xm1lsrmQ==,type:str] + host: ENC[AES256_GCM,data:LfF9YzT+wpyz868UhgbUrTai1uYocBPaEDBbyiw1igZAWuakGJWXC/fSrVl0oN8+heyxS5hVx2DUucuqb7EfmdquYkVCP/CaiDtLxwMCf2VpGif6+45aEg==,iv:DKS8EE7F8aaKJ0ztpFBGlbdwkMQDDymRyOcZyXLnXB0=,tag:tYpmw0jFj7d4vxojuKRP2w==,type:str] + port: ENC[AES256_GCM,data:ctj3jZg0BbE=,iv:H5neniwFjBR7uKYKgj7OLhdwZieIiV0ST9/li9Stzls=,tag:MCOmzh8HVdEvxRmxExpyvg==,type:str] + address: ENC[AES256_GCM,data:a6NUYzfyNmjn7IPUgxNJC7tDmpuc54FKRDiBuFHrm+kSGhFQEhH9CtrTBVjrkyqXHZjWxSvOXDTapXM6YqtaknCv82rgOWtaMOHiaYI2poskSnDQ7ik2PxO0pbly6pScNSGwRipM1aE=,iv:5M8zRc+be9X6Lsw3Dj2vPezfN+1k+Gy3/wPdzA1gYqQ=,tag:2ww/dfjaaxQC1jU5soE4Og==,type:str] + url: ENC[AES256_GCM,data:WxaUa5PIMyqhYUfsOHk/8vKL/EWrn4lz+LMGvRGEWxroyPRsxsCm5keB12j4Xu0eONLqod6NxplYTAf8yzIgFU/NtLKhe2PYLsJzYlMb/ewKZg7gIXS6m0AOmJ4LGXNwAWDHkg==,iv:kTdiM9ViHMai67zngiwsgkjaLngGQ0RTQ5oUCV0lb5E=,tag:Kn9NeMjqA0iRsDuoArLCxw==,type:str] sops: kms: [] gcp_kms: [] @@ -18,14 +19,14 @@ sops: - recipient: age1q5q7lt6twttye7h5dx4zu0eek04pu6szqfx28w00vq3z6nmlc9dq7md4xd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpd25BK0ptakljYVhFNUJ3 - cVFzbUNMbmY5M2duc0VmRHhLdTBqcTN5SG04CkdUZVhGU0llbWdOK2phNDV3c2RW - K2hobEY2aFNXMUh3U2liak90cG93bHcKLS0tIEdiNit3N3hLemRiSmgrWkl4WFFO - UmswOWwvckhYdldBQUFLK2M4am5hNTAKmdkZm+UEulABYh2HAtMLg1cPIOD3iOVJ - YzBCYhqwpdquTk4c3Jj9/fO3X4C1QAoydc9aNwkRJF9CTFjbrdlxkA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0K25zK2RIOC9XM25HVDVI + K1QwWFVNM1pZUFhMeWlKVUg5eFRMQ0xXUXhBCmJQTUFYYyswOWErVjRFUFI4dWx1 + SlB5THhEeXBhTUJoSE9WeVdpSnpIQWMKLS0tIFZrYzZLdDI4TmlGdy9kWXllS1F4 + d1Z1dkJTWjYzTUE0K2hiTTcvbmxlVjAKqeUKFPbC4cPoAhHYQjh+QM8/LHYvVAcM + vfn9qBsvZmR7V/2cegaVfoSWQta7DuHWPx47ghoU/KYLpN32yDYzlQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-21T14:39:19Z" - mac: ENC[AES256_GCM,data:UlR8G+zmay6430ijtxrnYHTkZdTRNfxuT+5Y/UF4fpSngXKUMTWPsbnK8JLJdcSJqudNm2gUBs1Ui7/P24A85CzTirUsZlM5kziI3t7PIJOsTcmmOuBpRGULWP44P41a7U/9fdkgMVOji0uPNz5AJULEvC4AaTfLsICFEipVUNw=,iv:elbT/Ear4yI/7DLrlBg3it613iTWMvpJV4NMJ1Doww4=,tag:RaHtfHuCJLHJvdnD3KsZWA==,type:str] + lastmodified: "2024-05-07T17:41:33Z" + mac: ENC[AES256_GCM,data:9rWiU9nekR162OUZJnwUxHoaExt9DaNRdcVM/pSb5K0z4sR5HfGJTrebxaQZYmgFpu9lEyUUI2ayrtpRCr0kDJoOrq9ucMY2seUWGNdnwYX6htDR4ntszKSUnkOGtcAQXQrKVVbPEv8QoXE7lvkuF5hwTJBxCbungeZNjLyIpt0=,iv:iR6qY3Qk3jHiCeqsTjg4idiyZEkbCY7emHn4jH57zhU=,tag:KkNAx4M8DbqetcLOpWuasA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1 diff --git a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml index 70bf208a..042379ad 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml @@ -13,7 +13,5 @@ spec: value: redis.terarium.ai - name: REDIS_PORT value: '6379' - - name: RABBITMQ_HOST - value: 'b-68052fee-712b-461b-81c3-7a82a8112d50.mq.us-east-1.amazonaws.com' - - name: RABBITMQ_PORT - value: '5671' + - name: RABBITMQ_SSL + value: 'True' diff --git a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml index 30ddab7b..584c89e1 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml @@ -13,7 +13,5 @@ spec: value: redis.terarium.ai - name: REDIS_PORT value: '6379' - - name: RABBITMQ_HOST - value: 'b-68052fee-712b-461b-81c3-7a82a8112d50.mq.us-east-1.amazonaws.com' - - name: RABBITMQ_PORT - value: '5671' + - name: RABBITMQ_SSL + value: 'True' diff --git a/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml index 2c9ddbbf..5e01864e 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml @@ -11,9 +11,5 @@ spec: containers: - name: sciml-service env: - - name: SIMSERVICE_RABBITMQ_HOST - value: 'b-68052fee-712b-461b-81c3-7a82a8112d50.mq.us-east-1.amazonaws.com' - - name: SIMSERVICE_RABBITMQ_PORT - value: '5671' - name: SIMSERVICE_RABBITMQ_SSL value: 'true' diff --git a/kubernetes/overlays/prod/overlays/askem-staging/secrets/secrets-mq-creds.enc.yaml b/kubernetes/overlays/prod/overlays/askem-staging/secrets/secrets-mq-creds.enc.yaml index 80df5bbf..a8b3aee9 100644 --- a/kubernetes/overlays/prod/overlays/askem-staging/secrets/secrets-mq-creds.enc.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/secrets/secrets-mq-creds.enc.yaml @@ -1,14 +1,15 @@ ---- apiVersion: v1 kind: Secret metadata: name: mq-creds type: Opaque data: - username: ENC[AES256_GCM,data:mI9dJYmgEa/XM1L1,iv:H4qh0ytz7E3SvVjj6DE4HpNrr8oqZdDawJx0WhKfWMc=,tag:AAnReUMjU0W4xLDBVroEKQ==,type:str] - password: ENC[AES256_GCM,data:mNt6wm//oEPKXzlL1ZXbQ5gpAL2GN0LJUbfKUoxeWf+3BN6lBiVeYkwPuIIZPzL1,iv:wk1Mu/j1cgW1QgOHgW97O6vvCgG7HAYvXPG8l0cwo1E=,tag:e1eL9v/4OKOhWKrcQyi1WQ==,type:str] - address: ENC[AES256_GCM,data:waCiL7zU2TcICiBpF3i8j1I6uKlWjWd1Xy8i4iB64ZQUnMvQ2hgYhcp7vyUapTvAC57f8+gD5zYUQbf+giCF8DEIh3yaE3XgworzyOwehwcim9xADcBLcE62d4dVcptLP6QwFoDowk8=,iv:R6/pw40vVk5CcxWh82wmWEVphDfb9Sp1m/kHNZ6EQ38=,tag:Iz4cKmVB4Cl2iNP0LM5afA==,type:str] - url: ENC[AES256_GCM,data:INEgiBcJXi09JxxSfHNJUFBouRWN3jd9eoSIFrX4lQCNEDedTgCcs7AepQRH/1HR33WcuKK+hFf5eouDQzIBGiBfKuCD3SXYkLBO2mvpVFbSotZMl4J1NMyl9QgyszxB/h+Thw==,iv:5ulgInf7cV+lc1/5l1Yzmbqgp3ElktAig2MJJH1a/gU=,tag:t71iQv0zKstqGDHdlqwoIQ==,type:str] + username: ENC[AES256_GCM,data:352n30H0fezJEj7d,iv:2K4vftCWkW2FlQoJ3mFpUu+XairmZg8wSVRyQanceds=,tag:PqCc2XMfEg7GsyAytIdt/g==,type:str] + password: ENC[AES256_GCM,data:qQqPb0YNHYgZVdUskDRHvKzfQx0NDWkIsGs4Og==,iv:2CK+mE8ixMsce+zYjwxTnPWdUg/KLSdINXjIjjTrWNg=,tag:pgXqqZm9hh24LCijXmIspA==,type:str] + host: ENC[AES256_GCM,data:hBStO9XQBzAaOGazQyuheMdHjGcWpvf8Y4trP024Pu2aH7Bf2sXqqw==,iv:JrspeTdWupW88dSBKTWMvvWr0ys9YoGssV5b9Crkxmk=,tag:KD7kI6XUy+4Si4D3Pom/Rw==,type:str] + port: ENC[AES256_GCM,data:gbaS2VrWpjU=,iv:D1a3s/FL985xicdHVwOWA+FFOU5izNebVOKyBJvfACI=,tag:G/mz2a4iylSskTAXA4xawA==,type:str] + address: ENC[AES256_GCM,data:FcpQWi+k8tYpRBtyNSRZia+DvrKW/EttcLAgYY940Rt/atIB9q/eNpfZvK9gkVBoAxVL+QZCSwY=,iv:jtBPMoPCq1NcYW3Mq3tP52awHnMx/0fP3KnivOJhb/Q=,tag:khhB/RdxaSV0wjyi5rSV0A==,type:str] + url: ENC[AES256_GCM,data:gHeBbuRnITBosnPZl7gYtbXI0gl90bHeHg8Bz3KGn0Smeb5tbwYGO3HC8aJ1mm4pQOkrJABklWI=,iv:G9sOIuPVd7FMH50ri5erAGS3PKFwyR2PHMSf1HTY2rM=,tag:qxuvrGgicOGrqdtdLWthbg==,type:str] sops: kms: [] gcp_kms: [] @@ -18,14 +19,14 @@ sops: - recipient: age1q5q7lt6twttye7h5dx4zu0eek04pu6szqfx28w00vq3z6nmlc9dq7md4xd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3L2xpQjNWeFFHQUxHd0ZN - YlFRakt6dDdrMjFzLzAyOXRVUFdIOXNlZkIwCmlIU3dtUGxvell6NUtYb0ZTbnU3 - UStHamxkL2RXSm8xQTI4TXBydGxTREkKLS0tIDdpSlBpZE5ScDJxOHpxSm9vYlF2 - SklpYzhHOEJSaENTYUxpOEc0eCtIMnMKpJxoOTbxidFP0mw/zsWXd0/JEYvW8OMl - qoo+L/XEL4gi24uuEXu5fwvTDsHkE2jE6fjkL6KCevpoPl+DA8s63w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV3k0YWFqc3RtZlhBRGFG + RSs1NW5hWHFGcFZzbmx4b3FhZC9tVWhqV3d3CisyVDV4S0V0STh4UUczTVpSaXRP + Rjl3Nzc2amxuVmRlYlZPSUlSZ3NJQncKLS0tIHA0THB5VFYxUEkwbkUrenR2aHdn + NE1TRWRjUWt2eUZOTzQydTZZMG50WmsKkZO7llflm2uGu+AH4Fu4s2Ssv5J+hUqI + Wa1GG6IPOw62qJWbxFHy1+zP15vOBLSe+EQc52IgTBxP1hAZXn74rg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-21T14:31:30Z" - mac: ENC[AES256_GCM,data:hUMUIz5h+EMP6aQb6D6Rq1aIvzlS4gOwoXUyStWv1Xh499Rd3M0DmOBMAQipc/2T5FA5exZj5OJNWx23q0w0HDNTAm1J5u/rCckQvi/x8gTQmm7vyQhhiD63rGQbYl6V8jrTvONIQ+IE1x/rdcxI4lGZ9xnE6d8jgpYze3vghgU=,iv:K+J6wgA8zOiZlndp3/xozRA7bmSFi6l4IpiFhAHGpfQ=,tag:HM0wNRDHKPWHX52aRy1EdA==,type:str] + lastmodified: "2024-05-08T19:32:00Z" + mac: ENC[AES256_GCM,data:UdMjHV0aqkpY9crHJLKhoVFQqGy4M3Ehj8hdjz2RBzJT4hCxMkVjaQGNq9x4nEh4Jop5Slw86406d/yCusCtY2Uhs7syujEld51qSaWZmUPhZVvRyPRiQmweQ4VusbqS1k28g7R763/33pEI1XSI4n2SIkRVqPZx3j+b0zfrHPg=,iv:DrAZXtzmzrPFdrc8t7o9sUFoPJaQFZwFgw57XECz6oo=,tag:y6/xW5p6/TCAmewbERqSTA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1 diff --git a/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-api-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-api-deployment.yaml index d16962a8..2e8da792 100755 --- a/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-api-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-api-deployment.yaml @@ -13,7 +13,5 @@ spec: value: redis.staging.terarium.ai - name: REDIS_PORT value: '6379' - - name: RABBITMQ_HOST - value: 'b-1cb71505-9454-4d81-8ca0-a0ee6faf5770.mq.us-east-1.amazonaws.com' - - name: RABBITMQ_PORT - value: '5671' + - name: RABBITMQ_SSL + value: 'False' diff --git a/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-worker-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-worker-deployment.yaml index c74c73cd..483c5db9 100755 --- a/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-worker-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/services/pyciemss-service/pyciemss-worker-deployment.yaml @@ -13,7 +13,5 @@ spec: value: redis.staging.terarium.ai - name: REDIS_PORT value: '6379' - - name: RABBITMQ_HOST - value: 'b-1cb71505-9454-4d81-8ca0-a0ee6faf5770.mq.us-east-1.amazonaws.com' - - name: RABBITMQ_PORT - value: '5671' + - name: RABBITMQ_SSL + value: 'False' diff --git a/kubernetes/overlays/prod/overlays/askem-staging/services/sciml-service/sciml-service-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-staging/services/sciml-service/sciml-service-deployment.yaml index b7a61e54..7b967def 100755 --- a/kubernetes/overlays/prod/overlays/askem-staging/services/sciml-service/sciml-service-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/services/sciml-service/sciml-service-deployment.yaml @@ -11,9 +11,5 @@ spec: containers: - name: sciml-service env: - - name: SIMSERVICE_RABBITMQ_HOST - value: 'b-1cb71505-9454-4d81-8ca0-a0ee6faf5770.mq.us-east-1.amazonaws.com' - - name: SIMSERVICE_RABBITMQ_PORT - value: '5671' - name: SIMSERVICE_RABBITMQ_SSL - value: 'true' + value: 'false' From ef052fa87cc0ec25b8dc5fa02dec72494f3a69f2 Mon Sep 17 00:00:00 2001 From: David Gauldie Date: Wed, 15 May 2024 16:46:21 -0400 Subject: [PATCH 3/5] point production to new rabbit mq (#406) --- .../hmi/server/hmi-server-deployment.yaml | 4 +-- .../secrets/secrets-mq-creds.enc.yaml | 26 +++++++++---------- .../pyciemss-api-deployment.yaml | 2 +- .../pyciemss-worker-deployment.yaml | 2 +- .../sciml-service-deployment.yaml | 2 +- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/kubernetes/overlays/prod/overlays/askem-production/hmi/server/hmi-server-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/hmi/server/hmi-server-deployment.yaml index b9cd4b36..aca95486 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/hmi/server/hmi-server-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/hmi/server/hmi-server-deployment.yaml @@ -10,9 +10,9 @@ spec: - name: hmi-server env: - name: TGPT_BASE_URL - value: "https://app.terarium.ai/beaker/" + value: "/beaker/" - name: TGPT_APP_URL - value: "https://app.terarium.ai/beaker/" + value: "/beaker/" - name: TGPT_WS_URL value: "wss://app.terarium.ai/beaker_ws/" - name: TERARIUM_KEYCLOAK_URL diff --git a/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml b/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml index 98c06df9..228a64ed 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/secrets/secrets-mq-creds.enc.yaml @@ -4,12 +4,12 @@ metadata: name: mq-creds type: Opaque data: - username: ENC[AES256_GCM,data:Nz9JnQEsP6w1C39/,iv:1antdu3yBoKw3UrJcv7mn8VIb+qUN185upP3B/bWalU=,tag:XX7G6vW7Q1LGhu8h9zi5ng==,type:str] - password: ENC[AES256_GCM,data:OqdIzHQcatRiA2isSq95/mQuM8uFOXnne94B1VlFoBk3TWdlfyu1IXdgksHTmOUb,iv:HlYjQzrNibJEvJLm/OwOaaMiF3K0OPbVF7xoVqylD0A=,tag:1W6FbwdtGBF3e9Xm1lsrmQ==,type:str] - host: ENC[AES256_GCM,data:LfF9YzT+wpyz868UhgbUrTai1uYocBPaEDBbyiw1igZAWuakGJWXC/fSrVl0oN8+heyxS5hVx2DUucuqb7EfmdquYkVCP/CaiDtLxwMCf2VpGif6+45aEg==,iv:DKS8EE7F8aaKJ0ztpFBGlbdwkMQDDymRyOcZyXLnXB0=,tag:tYpmw0jFj7d4vxojuKRP2w==,type:str] - port: ENC[AES256_GCM,data:ctj3jZg0BbE=,iv:H5neniwFjBR7uKYKgj7OLhdwZieIiV0ST9/li9Stzls=,tag:MCOmzh8HVdEvxRmxExpyvg==,type:str] - address: ENC[AES256_GCM,data:a6NUYzfyNmjn7IPUgxNJC7tDmpuc54FKRDiBuFHrm+kSGhFQEhH9CtrTBVjrkyqXHZjWxSvOXDTapXM6YqtaknCv82rgOWtaMOHiaYI2poskSnDQ7ik2PxO0pbly6pScNSGwRipM1aE=,iv:5M8zRc+be9X6Lsw3Dj2vPezfN+1k+Gy3/wPdzA1gYqQ=,tag:2ww/dfjaaxQC1jU5soE4Og==,type:str] - url: ENC[AES256_GCM,data:WxaUa5PIMyqhYUfsOHk/8vKL/EWrn4lz+LMGvRGEWxroyPRsxsCm5keB12j4Xu0eONLqod6NxplYTAf8yzIgFU/NtLKhe2PYLsJzYlMb/ewKZg7gIXS6m0AOmJ4LGXNwAWDHkg==,iv:kTdiM9ViHMai67zngiwsgkjaLngGQ0RTQ5oUCV0lb5E=,tag:Kn9NeMjqA0iRsDuoArLCxw==,type:str] + username: ENC[AES256_GCM,data:i06tSs63DlrD5ZQJ,iv:5KIl4X1Mg+rEDAHcqF/bDzWQySXKRTM9HzgWgq/tFPs=,tag:tK4KmdB2ytRCChzufWbFjQ==,type:str] + password: ENC[AES256_GCM,data:9tEpjYDcOy5x518lmBXs68ULQNF2BiBBfiZFyw==,iv:BfGtAwgaUoi6tB9/YFrOE+5B6JLnWbQPIOnyFdk5jYI=,tag:YScwLuqpBVpchkzFjmTURA==,type:str] + host: ENC[AES256_GCM,data:gghPnS/CGyHl/46zOV4O3wRTy9NtCTTo5JECBw==,iv:kcKfSQrzrfHxyZpQ/B5cV3gPWPvT71v9doXKXR4U4EA=,tag:KipW8oROmA974SQd4KfmVw==,type:str] + port: ENC[AES256_GCM,data:yzah4/TEj60=,iv:B19JpjV87I/5+bsdZn/40ILdZUOpZSfgUXImadI4les=,tag:zYSlR9lAw7duRvgcNgkKjg==,type:str] + address: ENC[AES256_GCM,data:VmR2rdoE7TGbE5Q0ydm5JNVxWAp94BjESQFdrpJfVEKVC7nPfJsnUV++M8I=,iv:EABohmM4ipnUnJqxxViioJ3JOJpe6UZk9PQTxVRsXn8=,tag:UsmqrVV2TQT5pgQzZCJsww==,type:str] + url: ENC[AES256_GCM,data:nB0diRB/JSY0iSck7dEETOoFMmGUSpw5EIND06aYil1nZQnpDrsPGhNsvhF0AAcu,iv:xw+25P/4TY26iqhgfKpqLZ/jLwXXxFy38pvq6jCT1qU=,tag:6AUucXrdxK+BXGwn9FDoCQ==,type:str] sops: kms: [] gcp_kms: [] @@ -19,14 +19,14 @@ sops: - recipient: age1q5q7lt6twttye7h5dx4zu0eek04pu6szqfx28w00vq3z6nmlc9dq7md4xd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0K25zK2RIOC9XM25HVDVI - K1QwWFVNM1pZUFhMeWlKVUg5eFRMQ0xXUXhBCmJQTUFYYyswOWErVjRFUFI4dWx1 - SlB5THhEeXBhTUJoSE9WeVdpSnpIQWMKLS0tIFZrYzZLdDI4TmlGdy9kWXllS1F4 - d1Z1dkJTWjYzTUE0K2hiTTcvbmxlVjAKqeUKFPbC4cPoAhHYQjh+QM8/LHYvVAcM - vfn9qBsvZmR7V/2cegaVfoSWQta7DuHWPx47ghoU/KYLpN32yDYzlQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRXFPNDF5VW9STXhWajU4 + S1lVallaMndkZnluOW9IZjRweDl1UFNURFZVCmNWRTJNcGFEdnZvY292MFpmNjBl + WTZPUkg5SFRNWWEzbTZnY2dXMnppL2MKLS0tIHp5cmNhQkdyQklBbEVtK2lHTFFM + YUZsWGZXUXoxSE1LVWtBRTh6UHArT1kKEm/8AWUlrbL7UvteZC707uHdk1CrzYsG + 7YdmaxucFv0mYXcsSALah1WRKk/r+ZRy8ljzWVjS1TdITymVauMFHA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-07T17:41:33Z" - mac: ENC[AES256_GCM,data:9rWiU9nekR162OUZJnwUxHoaExt9DaNRdcVM/pSb5K0z4sR5HfGJTrebxaQZYmgFpu9lEyUUI2ayrtpRCr0kDJoOrq9ucMY2seUWGNdnwYX6htDR4ntszKSUnkOGtcAQXQrKVVbPEv8QoXE7lvkuF5hwTJBxCbungeZNjLyIpt0=,iv:iR6qY3Qk3jHiCeqsTjg4idiyZEkbCY7emHn4jH57zhU=,tag:KkNAx4M8DbqetcLOpWuasA==,type:str] + lastmodified: "2024-05-15T20:41:48Z" + mac: ENC[AES256_GCM,data:e3kLoBslspaCzJxKg9hd9spWbzgU56hh3qDwsneH3daaX+hu5iYSl69U8R38FlXEmrbMAfubpHykFSoMAuvA/za7yXKrXqV6EJ9ChVvI8mDmMX5R0J2fxU2zuVovgAUx8to7h8Ph3pq7pdSJNWneKh1KsCarnE6N99Sl2RceLps=,iv:PiYRrNp/At06GXDnkMnj0uBe9X6imNE+PP7o5TOoMtA=,tag:YwPEdklED3nlJBU2EAdDFA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1 diff --git a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml index 042379ad..108c2d56 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-api-deployment.yaml @@ -14,4 +14,4 @@ spec: - name: REDIS_PORT value: '6379' - name: RABBITMQ_SSL - value: 'True' + value: 'False' diff --git a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml index 584c89e1..6f802949 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/services/pyciemss-service/pyciemss-worker-deployment.yaml @@ -14,4 +14,4 @@ spec: - name: REDIS_PORT value: '6379' - name: RABBITMQ_SSL - value: 'True' + value: 'False' diff --git a/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml index 5e01864e..7b967def 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/services/sciml-service/sciml-service-deployment.yaml @@ -12,4 +12,4 @@ spec: - name: sciml-service env: - name: SIMSERVICE_RABBITMQ_SSL - value: 'true' + value: 'false' From 4cf4eb6b94797c0eb009927277b458de486ee853 Mon Sep 17 00:00:00 2001 From: David Gauldie Date: Fri, 17 May 2024 12:43:15 -0400 Subject: [PATCH 4/5] update production tags --- .../overlays/askem-production/kustomization.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml index 8ed3ac59..43d08a56 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml @@ -54,13 +54,13 @@ images: # Terarium HMI - name: hmi-client-image newName: ghcr.io/darpa-askem/hmi-client - newTag: 'chi-demo-2' + newTag: '2.11.0' - name: terarium-docs-image newName: ghcr.io/darpa-askem/terarium-docs newTag: 'latest' - name: hmi-server-image newName: ghcr.io/darpa-askem/hmi-server - newTag: 'chi-demo-2' + newTag: '2.11.0' - name: spicedb-image newName: ghcr.io/authzed/spicedb newTag: 'v1.24.0' @@ -102,15 +102,15 @@ images: # PyCIEMSS service - name: pyciemss-api-image newName: ghcr.io/darpa-askem/pyciemss-api - newTag: '1.8.0' + newTag: '1.9.0' - name: pyciemss-worker-image newName: ghcr.io/darpa-askem/pyciemss-worker - newTag: '1.8.0' + newTag: '1.9.0' # GoLLM service - name: gollm-taskrunner-image newName: ghcr.io/darpa-askem/gollm-taskrunner - newTag: 'chi-demo-2' + newTag: '2.11.0' # Integration Dashboard - name: integration-dashboard-image @@ -125,9 +125,9 @@ images: # mira taskrunner - name: mira-taskrunner-image newName: ghcr.io/darpa-askem/mira-taskrunner - newTag: 'chi-demo-2' + newTag: '2.11.0' # funman taskrunner - name: funman-taskrunner-image newName: ghcr.io/darpa-askem/funman-taskrunner - newTag: 'chi-demo-2' + newTag: '2.11.0' From 5f255c9e069406c0212190bd195dc42c6730e4da Mon Sep 17 00:00:00 2001 From: Charles Coleman Date: Wed, 22 May 2024 11:05:16 -0400 Subject: [PATCH 5/5] add new env vars (#408) --- .../prod/base/services/beaker/beaker-deployment.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kubernetes/overlays/prod/base/services/beaker/beaker-deployment.yaml b/kubernetes/overlays/prod/base/services/beaker/beaker-deployment.yaml index 6fa8c604..330fb749 100644 --- a/kubernetes/overlays/prod/base/services/beaker/beaker-deployment.yaml +++ b/kubernetes/overlays/prod/base/services/beaker/beaker-deployment.yaml @@ -14,6 +14,12 @@ spec: - mountPath: "/home/jupyter/workspace" name: beaker-pv-storage env: + - name: TOOL_ENABLED_ASK_USER + value: "false" + - name: TOOL_ENABLED_RUN_CODE + value: "false" + - name: ENABLE_CHECKPOINTS + value: "false" - name: SIMULATION_SCHEDULER_URL value: http://sciml-service:3030 - name: HMI_SERVER_URL