diff --git a/.github/helm-values/dev-eu-central-1-alpha.pg-sni-router.yaml b/.github/helm-values/dev-eu-central-1-alpha.pg-sni-router.yaml new file mode 100644 index 0000000000..a80423b12d --- /dev/null +++ b/.github/helm-values/dev-eu-central-1-alpha.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.alpha.eu-central-1.internal.aws.neon.build" + +settings: + domain: "*.snirouter.alpha.eu-central-1.internal.aws.neon.build" + sentryEnvironment: "staging" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/dev-eu-west-1-zeta.pg-sni-router.yaml b/.github/helm-values/dev-eu-west-1-zeta.pg-sni-router.yaml new file mode 100644 index 0000000000..c9c628af0c --- /dev/null +++ b/.github/helm-values/dev-eu-west-1-zeta.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.zeta.eu-west-1.internal.aws.neon.build" + +settings: + domain: "*.snirouter.zeta.eu-west-1.internal.aws.neon.build" + sentryEnvironment: "staging" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/dev-us-east-2-beta.pg-sni-router.yaml b/.github/helm-values/dev-us-east-2-beta.pg-sni-router.yaml new file mode 100644 index 0000000000..68ad096df7 --- /dev/null +++ b/.github/helm-values/dev-us-east-2-beta.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.beta.us-east-2.internal.aws.neon.build" + +settings: + domain: "*.snirouter.beta.us-east-2.internal.aws.neon.build" + sentryEnvironment: "staging" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/prod-ap-southeast-1-epsilon.pg-sni-router.yaml b/.github/helm-values/prod-ap-southeast-1-epsilon.pg-sni-router.yaml new file mode 100644 index 0000000000..478ad5631c --- /dev/null +++ b/.github/helm-values/prod-ap-southeast-1-epsilon.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.epsilon.ap-southeast-1.internal.aws.neon.tech" + +settings: + domain: "*.snirouter.epsilon.ap-southeast-1.internal.aws.neon.tech" + sentryEnvironment: "production" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/prod-eu-central-1-gamma.pg-sni-router.yaml b/.github/helm-values/prod-eu-central-1-gamma.pg-sni-router.yaml new file mode 100644 index 0000000000..08a0a163bc --- /dev/null +++ b/.github/helm-values/prod-eu-central-1-gamma.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.gamma.eu-central-1.internal.aws.neon.tech" + +settings: + domain: "*.snirouter.gamma.eu-central-1.internal.aws.neon.tech" + sentryEnvironment: "production" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/prod-us-east-1-theta.pg-sni-router.yaml b/.github/helm-values/prod-us-east-1-theta.pg-sni-router.yaml new file mode 100644 index 0000000000..ab308131bc --- /dev/null +++ b/.github/helm-values/prod-us-east-1-theta.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.theta.us-east-1.internal.aws.neon.tech" + +settings: + domain: "*.snirouter.theta.us-east-1.internal.aws.neon.tech" + sentryEnvironment: "production" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/prod-us-east-2-delta.pg-sni-router.yaml b/.github/helm-values/prod-us-east-2-delta.pg-sni-router.yaml new file mode 100644 index 0000000000..ecb3f156ec --- /dev/null +++ b/.github/helm-values/prod-us-east-2-delta.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.delta.us-east-2.internal.aws.neon.tech" + +settings: + domain: "*.snirouter.delta.us-east-2.internal.aws.neon.tech" + sentryEnvironment: "production" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/helm-values/prod-us-west-2-eta.pg-sni-router.yaml b/.github/helm-values/prod-us-west-2-eta.pg-sni-router.yaml new file mode 100644 index 0000000000..942250c419 --- /dev/null +++ b/.github/helm-values/prod-us-west-2-eta.pg-sni-router.yaml @@ -0,0 +1,19 @@ +useCertManager: true + +replicaCount: 3 + +exposedService: + # exposedService.port -- Exposed Service proxy port + port: 4432 + annotations: + external-dns.alpha.kubernetes.io/hostname: "*.snirouter.eta.us-west-2.internal.aws.neon.tech" + +settings: + domain: "*.snirouter.eta.us-west-2.internal.aws.neon.tech" + sentryEnvironment: "production" + +imagePullSecrets: + - name: docker-hub-neon + +metrics: + enabled: false diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 5d1c6e0e16..f37e1b344d 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -27,6 +27,11 @@ on: required: true type: boolean default: true + deployPgSniRouter: + description: 'Deploy pg-sni-router' + required: true + type: boolean + default: true env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_DEV }} @@ -227,3 +232,49 @@ jobs: - name: Cleanup helm folder run: rm -rf ~/.cache + + deploy-pg-sni-router: + runs-on: [ self-hosted, gen3, small ] + container: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/ansible:pinned + if: inputs.deployPgSniRouter + defaults: + run: + shell: bash + strategy: + matrix: + include: + - target_region: us-east-2 + target_cluster: dev-us-east-2-beta + - target_region: eu-west-1 + target_cluster: dev-eu-west-1-zeta + - target_region: eu-central-1 + target_cluster: dev-eu-central-1-alpha + environment: + name: dev-${{ matrix.target_region }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + fetch-depth: 0 + ref: ${{ inputs.branch }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + role-to-assume: arn:aws:iam::369495373322:role/github-runner + aws-region: eu-central-1 + role-skip-session-tagging: true + role-duration-seconds: 1800 + + - name: Configure environment + run: | + helm repo add neondatabase https://neondatabase.github.io/helm-charts + aws --region ${{ matrix.target_region }} eks update-kubeconfig --name ${{ matrix.target_cluster }} + + - name: Deploy pg-sni-router + run: + helm upgrade neon-pg-sni-router neondatabase/neon-pg-sni-router --namespace neon-pg-sni-router --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.pg-sni-router.yaml --set image.tag=${{ inputs.dockerTag }} --set settings.sentryUrl=${{ secrets.SENTRY_URL_BROKER }} --wait --timeout 15m0s + + - name: Cleanup helm folder + run: rm -rf ~/.cache diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 9fa31b3225..c5d690db3a 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -27,6 +27,11 @@ on: required: true type: boolean default: true + deployPgSniRouter: + description: 'Deploy pg-sni-router' + required: true + type: boolean + default: true disclamerAcknowledged: description: 'I confirm that there is an emergency and I can not use regular release workflow' required: true @@ -171,3 +176,42 @@ jobs: - name: Deploy storage-broker run: helm upgrade neon-storage-broker-lb neondatabase/neon-storage-broker --namespace neon-storage-broker-lb --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.neon-storage-broker.yaml --set image.tag=${{ inputs.dockerTag }} --set settings.sentryUrl=${{ secrets.SENTRY_URL_BROKER }} --wait --timeout 5m0s + + deploy-pg-sni-router: + runs-on: prod + container: 093970136003.dkr.ecr.eu-central-1.amazonaws.com/ansible:latest + if: inputs.deployPgSniRouter && inputs.disclamerAcknowledged + defaults: + run: + shell: bash + strategy: + matrix: + include: + - target_region: us-east-2 + target_cluster: prod-us-east-2-delta + - target_region: us-west-2 + target_cluster: prod-us-west-2-eta + - target_region: eu-central-1 + target_cluster: prod-eu-central-1-gamma + - target_region: ap-southeast-1 + target_cluster: prod-ap-southeast-1-epsilon + - target_region: us-east-1 + target_cluster: prod-us-east-1-theta + environment: + name: prod-${{ matrix.target_region }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + fetch-depth: 0 + ref: ${{ inputs.branch }} + + - name: Configure environment + run: | + helm repo add neondatabase https://neondatabase.github.io/helm-charts + aws --region ${{ matrix.target_region }} eks update-kubeconfig --name ${{ matrix.target_cluster }} + + - name: Deploy pg-sni-router + run: + helm upgrade neon-pg-sni-router neondatabase/neon-pg-sni-router --namespace neon-pg-sni-router --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.pg-sni-router.yaml --set image.tag=${{ inputs.dockerTag }} --set settings.sentryUrl=${{ secrets.SENTRY_URL_BROKER }} --wait --timeout 15m0s