Merge pull request #27 from oracle-devrel/improve-environment-automation

Improve Environment Automation

Author: peppertech

deploy/k8s/overlays/prod/kustomization.yaml.mustache

@@ -6,7 +6,7 @@ resources:
 images:
 - name: app
   newName: {{region_key}}.ocir.io/{{{tenancy_namespace}}}/{{{project_name}}}/app
-  newTag: {{{web_version}}}
+  newTag: {{{app_version}}}
 - name: backend
   newName: {{region_key}}.ocir.io/{{{tenancy_namespace}}}/{{{project_name}}}/backend
   newTag: {{{backend_version}}}

deploy/terraform/.terraform.lock.hcl

@@ -4,11 +4,8 @@ data "oci_identity_tenancy" "tenant_details" {
   provider = oci
 }
 
-data "oci_identity_regions" "home" {
-  filter {
-    name   = "key"
-    values = [data.oci_identity_tenancy.tenant_details.home_region_key]
-  }
+data "oci_identity_region_subscriptions" "region_subscriptions" {
+  tenancy_id = var.tenancy_ocid
 
   provider = oci
 }

deploy/terraform/data.tf

@@ -1,38 +1,8 @@
-locals {
-  model_collection = data.oci_generative_ai_models.genai_models.model_collection[0]
-  cohere_models = tolist([for each in local.model_collection.items : each
-    if contains(each.capabilities, "TEXT_GENERATION")
-  && each.vendor == "cohere"])
-}
 
 output "project" {
   value = "${var.project_name}${random_string.deploy_id.result}"
 }
 
-# output "load_balancer" {
-#   value = oci_core_public_ip.reserved_ip.ip_address
-# }
-
-# output "web_instances" {
-#   value = oci_core_instance.web[*].private_ip
-# }
-
-# output "backend_instances" {
-#   value = oci_core_instance.backend[*].private_ip
-# }
-
-output "cohere_model_id" {
-  value = local.cohere_models[0].id
-}
-
-# output "ssh_bastion_session_backend" {
-#   value = oci_bastion_session.backend_session.ssh_metadata.command
-# }
-
-# output "ssh_bastion_session_web" {
-#   value = oci_bastion_session.web_session.ssh_metadata.command
-# }
-
 output "db_service" {
   value = "${local.project_name}${local.deploy_id}"
 }

deploy/terraform/genai.tf

@@ -1,10 +1,17 @@
+locals {
+  home_region_key = [for key, value in data.oci_identity_region_subscriptions.region_subscriptions.region_subscriptions: key if value.is_home_region == true][0]
+  home_region = data.oci_identity_region_subscriptions.region_subscriptions.region_subscriptions[local.home_region_key]
+}
+
 provider "oci" {
-  tenancy_ocid = var.tenancy_ocid
-  region       = var.region
+  tenancy_ocid         = var.tenancy_ocid
+  region               = var.region
+  config_file_profile  = var.config_file_profile
 }
 
 provider "oci" {
-  alias        = "home"
-  tenancy_ocid = var.tenancy_ocid
-  region       = lookup(data.oci_identity_regions.home.regions[0], "name")
+  alias                 = "home"
+  tenancy_ocid          = var.tenancy_ocid
+  region                = local.home_region.region_name
+  config_file_profile   = var.config_file_profile
 }

deploy/terraform/outputs.tf

@@ -1,13 +1,8 @@
 region                        = "{{ regionName }}"
 tenancy_ocid                  = "{{ tenancyId }}"
+config_file_profile           = "{{ profile }}"
 compartment_ocid              = "{{ compartmentId }}"
 ssh_public_key                = "{{{ ssh_public_key }}}"
 ssh_private_key_path          = "{{{ ssh_private_key_path }}}"
 cert_fullchain                = "{{{ cert_fullchain }}}"
-cert_private_key              = "{{{ cert_private_key }}}"
-genai_endpoint                = "{{{ genai_endpoint }}}"
-
-# web_artifact_url              = ""
-# backend_artifact_url          = ""
-# ansible_web_artifact_url      = ""
-# ansible_backend_artifact_url  = ""
+cert_private_key              = "{{{ cert_private_key }}}"

deploy/terraform/provider.tf

@@ -7,6 +7,10 @@ variable "region" {
   default = "us-chicago-1"
 }
 
+variable "config_file_profile" {
+  type = string
+}
+
 variable "compartment_ocid" {
   type = string
 }
@@ -32,39 +36,7 @@ variable "project_name" {
   default = "genai"
 }
 
-# variable "web_artifact_url" {
-#   type = string
-# }
-
-# variable "backend_artifact_url" {
-#   type = string
-# }
-
-# variable "ansible_web_artifact_url" {
-#   type = string
-# }
-
-# variable "ansible_backend_artifact_url" {
-#   type = string
-# }
-
-# variable "instance_shape" {
-#   default = "VM.Standard.E4.Flex"
-# }
-
-# variable "web_node_count" {
-#   default = "1"
-# }
-
-# variable "backend_node_count" {
-#   default = "1"
-# }
-
 variable "artifacts_par_expiration_in_days" {
   type    = number
   default = 7
-}
-
-variable "genai_endpoint" {
-  type = string
 }

deploy/terraform/terraform.tfvars.mustache

@@ -36,6 +36,7 @@ console.log(`Files in ${chalk.green(walletK8sPath)} deleted`);
 // ${regionKey}.ocir.io/${namespace}/${projectName}/backend:${backendBersion}
 
 await $`rm -rf ./.artifacts`;
+await $`rm -rf ./.certs`;
 await $`rm -rf ./deploy/terraform/generated/wallet`;
 
 config.clear();

deploy/terraform/variables.tf

@@ -2,6 +2,8 @@
 import Configstore from "configstore";
 import clear from "clear";
 import Mustache from "mustache";
+import { parse, stringify } from "yaml";
+import { readFile, writeFile } from "node:fs/promises";
 import { getOutputValues } from "./lib/terraform.mjs";
 import { exitWithError } from "./lib/utils.mjs";
 
@@ -16,6 +18,7 @@ const config = new Configstore(projectName, { projectName });
 
 const compartmentId = config.get("compartmentId");
 const namespace = config.get("namespace");
+const profile = config.get("profile");
 const regionName = config.get("regionName");
 const regionKey = config.get("regionKey");
 const webVersion = config.get("webVersion");
@@ -28,6 +31,7 @@ const genAiModelSummarization = config.get("genAiModelSummarization");
 
 const { db_service, db_password } = await getOutputValues("./deploy/terraform");
 
+await addProfileToKubeconfig(profile);
 await createBackendProperties();
 await createProdKustomization();
 await copyCerts();
@@ -150,3 +154,25 @@ async function createRegistrySecret() {
     exitWithError(error.stderr);
   }
 }
+
+async function addProfileToKubeconfig(profile = "DEFAULT") {
+  if (profile === "DEFAULT") return;
+
+  const kubeconfigPath = "./deploy/terraform/generated/kubeconfig";
+
+  let yamlContent = await readFile(kubeconfigPath, {
+    encoding: "utf-8",
+  });
+
+  const profileFlag = "--profile";
+  const profileValue = profile;
+
+  const kubeconfig = parse(yamlContent);
+  const execArgs = kubeconfig.users[0].user.exec.args;
+  kubeconfig.users[0].user.exec.args = [...execArgs, profileFlag, profileValue];
+  const newKubeconfigContent = stringify(kubeconfig);
+
+  await writeFile(kubeconfigPath, newKubeconfigContent, {
+    encoding: "utf-8",
+  });
+}

scripts/clean.mjs

@@ -2,11 +2,12 @@
 import { exitWithError } from "./utils.mjs";
 import { where, max } from "underscore";
 
-export async function getRegions() {
+export async function getRegions(profile = "DEFAULT", tenancyId) {
   try {
-    const tenancyId = await getTenancyId();
     const output = (
-      await $`oci iam region-subscription list --tenancy-id ${tenancyId}`
+      await $`oci iam region-subscription list \
+              --tenancy-id ${tenancyId} \
+              --profile ${profile}`
     ).stdout.trim();
     const { data } = JSON.parse(output);
     return data
@@ -21,8 +22,8 @@ export async function getRegions() {
   }
 }
 
-export async function getNamespace() {
-  const output = (await $`oci os ns get`).stdout.trim();
+export async function getNamespace(profile) {
+  const output = (await $`oci os ns get --profile ${profile}`).stdout.trim();
   const { data } = JSON.parse(output);
   return data;
 }
@@ -96,16 +97,22 @@ export async function getTenancyId() {
   return tenancyId;
 }
 
-export async function searchCompartmentIdByName(compartmentName) {
+export async function searchCompartmentIdByName(
+  profile = "DEFAULT",
+  compartmentName
+) {
   if (!compartmentName) {
     exitWithError("Compartment name required");
   }
   if (compartmentName === "root") {
     return getTenancyId();
   }
   try {
-    const { stdout, exitCode, stderr } =
-      await $`oci iam compartment list --compartment-id-in-subtree true --name ${compartmentName} --query "data[].id"`;
+    const { stdout, exitCode, stderr } = await $`oci iam compartment list \
+                --compartment-id-in-subtree true \
+                --name ${compartmentName} \
+                --profile=${profile} \
+                --query "data[].id"`;
     if (exitCode !== 0) {
       exitWithError(stderr);
     }
@@ -339,6 +346,7 @@ export async function getBucket(compartmentId, name) {
 }
 
 export async function getLatestGenAIModels(
+  profile,
   compartmentId,
   regionName,
   vendor = "cohere",
@@ -354,6 +362,7 @@ export async function getLatestGenAIModels(
   try {
     const { stdout, stderr, exitCode } =
       await $`oci generative-ai model-collection list-models \
+    --profile ${profile} \
     --compartment-id ${compartmentId} \
     --region ${regionName}`;