From 6250411d1ebf71411d038af00193c1587fc5b108 Mon Sep 17 00:00:00 2001
From: Goutham Pratapa <goutham@appsmith.com>
Date: Mon, 11 Sep 2023 16:24:17 +0530
Subject: [PATCH] update scripts to deploy dps with EFS (#26993)

Fixes: [322](https://github.com/appsmithorg/cloud-deployment/issues/322)
---
 .github/workflows/cleanup-dp.yml |  1 +
 scripts/cleanup_dp.sh            | 12 +++++-
 scripts/deploy_preview.sh        | 65 +++++++++++++++++++++-----------
 scripts/efs_guardian_job.json    | 36 ++++++++++++++++++
 4 files changed, 91 insertions(+), 23 deletions(-)
 create mode 100644 scripts/efs_guardian_job.json

diff --git a/.github/workflows/cleanup-dp.yml b/.github/workflows/cleanup-dp.yml
index e105c83789..6f4c4781e3 100644
--- a/.github/workflows/cleanup-dp.yml
+++ b/.github/workflows/cleanup-dp.yml
@@ -1,6 +1,7 @@
 name: Cleanup Deploy Previews
 
 on:
+  workflow_dispatch:
   schedule:
     - cron: 0 0 * * *
 
diff --git a/scripts/cleanup_dp.sh b/scripts/cleanup_dp.sh
index 47cb3e4b9a..a4c6c8b02d 100755
--- a/scripts/cleanup_dp.sh
+++ b/scripts/cleanup_dp.sh
@@ -8,10 +8,12 @@ aws_access_key_id = $AWS_ACCESS_KEY_ID
 aws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/credentials
 
 echo "[default]
+region = $region
+output = json
 [profile eksci]
 role_arn= $AWS_ROLE_ARN
 output = json
-region=ap-south-1
+region = $region
 source_profile = default" > ~/.aws/config
 
 sts_output=$(aws sts assume-role --role-arn env.AWS_ROLE_ARN --role-session-name ekscisession)
@@ -38,7 +40,13 @@ for i in $deployed_charts
     if [[ $pr_state == "MERGED" || $pr_state == "CLOSED" ]]
     then
       helm uninstall $i -n $i
-      kubectl delete ns $i || true
       mongosh "mongodb+srv://$DB_USERNAME:$DB_PASSWORD@$DB_URL/$i?retryWrites=true&minPoolSize=1&maxPoolSize=10&maxIdleTimeMS=900000&authSource=admin" --eval 'db.dropDatabase()'
+      pod_name=$(kubectl get pods -n $i -o json | jq '.items[0].metadata.name' | tr -d '"')
+      kubectl exec $pod_name -n $i -- bash -c "rm -rf /appsmith-stacks/*"
+      kubectl delete ns $i || true
+      kubectl patch pv $i-appsmith -p '{"metadata":{"finalizers":null}}' || true
+      kubectl delete pv $i-appsmith --grace-period=0 --force || true
+#      ACCESS_POINT_ID=$(aws efs describe-access-points --file-system-id "$DP_EFS_ID" | jq -r '.AccessPoints[] | select(.Name=="'"ce$pr"'") | .AccessPointId')
+#      aws efs delete-access-point --access-point-id $ACCESS_POINT_ID
     fi
   done
diff --git a/scripts/deploy_preview.sh b/scripts/deploy_preview.sh
index c8ba782fdd..822fac4257 100755
--- a/scripts/deploy_preview.sh
+++ b/scripts/deploy_preview.sh
@@ -5,26 +5,28 @@
 
 mkdir ~/.aws; touch ~/.aws/config
 
-echo "[default]
-aws_access_key_id = $AWS_ACCESS_KEY_ID
-aws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/credentials
-
-echo "[default]
-[profile eksci]
-role_arn= $AWS_ROLE_ARN
-output = json
-region=ap-south-1
-source_profile = default" > ~/.aws/config
+aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
+aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
 
 export region=ap-south-1
 export cluster_name=uat-cluster
 
+echo "[default]
+region = $region
+output = json
+[profile eksci]
+role_arn = $AWS_ROLE_ARN
+output = json
+region = $region
+source_profile = default" > ~/.aws/config
+
 echo "Region: $region"
 echo "Cluster name: $cluster_name"
 echo "Pull Request Number: $PULL_REQUEST_NUMBER"
 echo "DP_EFS_ID: $DP_EFS_ID"
 
-sts_output=$(aws sts assume-role --role-arn env.AWS_ROLE_ARN --role-session-name ekscisession)
+sts_output=$(aws sts assume-role --role-arn $AWS_ROLE_ARN --role-session-name ekscisession)
+
 export AWS_ACCESS_KEY_ID=$(echo $sts_output | jq -r '.Credentials''.AccessKeyId');\
 export AWS_SECRET_ACCESS_KEY=$(echo $sts_output | jq -r '.Credentials''.SecretAccessKey');\
 export AWS_SESSION_TOKEN=$(echo $sts_output | jq -r '.Credentials''.SessionToken');
@@ -35,8 +37,9 @@ export SECRET=ce"$PULL_REQUEST_NUMBER"
 export DBNAME=ce"$PULL_REQUEST_NUMBER"
 export DOMAINNAME=ce-"$PULL_REQUEST_NUMBER".dp.appsmith.com
 export HELMCHART="appsmith"
-export HELMCHART_URL="http://helm.appsmith.com"
-export HELMCHART_VERSION="2.0.2"
+export HELMCHART_URL="http://helm-ee.appsmith.com"
+export HELMCHART_VERSION="3.0.5"
+
 
 aws eks update-kubeconfig --region $region --name $cluster_name --profile eksci
 
@@ -48,10 +51,25 @@ kubectl get pods
 
 if [[ -n "${RECREATE-}" ]]
 then
-  kubectl delete ns $NAMESPACE || true
   mongosh "mongodb+srv://$DB_USERNAME:$DB_PASSWORD@$DB_URL/$DBNAME?retryWrites=true&minPoolSize=1&maxPoolSize=10&maxIdleTimeMS=900000&authSource=admin" --eval 'db.dropDatabase()'
+  pod_name=$(kubectl get pods -n $NAMESPACE -o json | jq '.items[0].metadata.name' | tr -d '"')
+  kubectl exec $pod_name -n $NAMESPACE -- bash -c "rm -rf /appsmith-stacks/*"
+  kubectl delete ns $NAMESPACE || true
+#  Placeholder to use access points more effectively
+  kubectl patch pv $NAMESPACE-appsmith -p '{"metadata":{"finalizers":null}}' || true
+  kubectl delete pv $NAMESPACE-appsmith --grace-period=0 --force || true
+#  Below lines are a placeholder to use access points more effectively
+#  echo "deleting Accessing points"
+#  ACCESS_POINT_ID=$(aws efs describe-access-points --file-system-id "$DP_EFS_ID" | jq -r '.AccessPoints[] | select(.Name=="'"ce$PULL_REQUEST_NUMBER"'") | .AccessPointId')
+#  echo "Deleting Accessing Point $ACCESS_POINT_ID"
+#  aws efs delete-access-point --access-point-id $ACCESS_POINT_ID
 fi
 
+#echo "Create Access Point and Access Point ID"
+### Use DP-EFS and create ACCESS_POINT
+#ACCESS_POINT=$(aws efs create-access-point --file-system-id $DP_EFS_ID --tags Key=Name,Value=ce$PULL_REQUEST_NUMBER)
+#ACCESS_POINT_ID=$(echo $ACCESS_POINT | jq -r '.AccessPointId');
+
 echo "Use kubernetes secret to Pull Image"
 kubectl create ns $NAMESPACE || true
 
@@ -60,18 +78,23 @@ kubectl create secret docker-registry $SECRET \
   --docker-username=$DOCKER_HUB_USERNAME \
   --docker-password=$DOCKER_HUB_ACCESS_TOKEN -n $NAMESPACE
 
-echo "Add appsmith-ce to helm repo"
-AWS_REGION=ap-south-1 helm repo add $HELMCHART $HELMCHART_URL
+echo "Add appsmith-ee to helm repo"
+AWS_REGION=us-east-2 helm repo add appsmith-ee $HELMCHART_URL;
+helm repo update;
 
 echo "Deploy appsmith helm chart"
-helm upgrade -i $CHARTNAME appsmith/appsmith -n $NAMESPACE \
-  --create-namespace --recreate-pods --set image.repository=$DOCKER_HUB_ORGANIZATION/appsmith-dp --set image.tag=$IMAGE_HASH \
-  --set image.pullSecrets=$SECRET --set redis.enabled=false --set mongodb.enabled=false --set ingress.enabled=true \
+helm upgrade -i $CHARTNAME appsmith-ee/$HELMCHART -n $NAMESPACE --create-namespace --recreate-pods \
+  --set _image.repository=$DOCKER_HUB_ORGANIZATION/appsmith-dp --set _image.tag=$IMAGE_HASH \
+  --set _image.pullPolicy="Always" \
+  --set image.pullSecrets=$SECRET --set autoscaling.enabled=true --set autoscaling.minReplicas=1 \
+  --set autoscaling.maxReplicas=1 --set redis.enabled=false --set postgresql.enabled=false --set mongodb.enabled=false --set ingress.enabled=true \
   --set "ingress.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-ssl-cert=$AWS_RELEASE_CERT" \
   --set "ingress.hosts[0].host=$DOMAINNAME, ingress.hosts[0].paths[0].path=/, ingress.hosts[0].paths[0].pathType=Prefix" \
-  --set ingress.className="nginx" \
-  --set image.pullPolicy="Always" --set autoupdate.enabled="true" --set persistence.size=2Gi \
+  --set autoupdate.enabled=false --set persistence.efs.enabled=true --set ingress.className="nginx" \
+  --set persistence.efs.driver=efs.csi.aws.com --set persistence.storageClass=efs-dp-appsmith \
+  --set persistence.efs.volumeHandle=$DP_EFS_ID:/ce/ce$PULL_REQUEST_NUMBER \
   --set applicationConfig.APPSMITH_SENTRY_DSN="https://abf15a075d1347969df44c746cca7eaa@o296332.ingest.sentry.io/1546547" \
   --set applicationConfig.APPSMITH_SENTRY_ENVIRONMENT="$NAMESPACE" \
   --set applicationConfig.APPSMITH_MONGODB_URI="mongodb+srv://$DB_USERNAME:$DB_PASSWORD@$DB_URL/$DBNAME?retryWrites=true&minPoolSize=1&maxPoolSize=10&maxIdleTimeMS=900000&authSource=admin" \
+  --set applicationConfig.APPSMITH_DISABLE_EMBEDDED_KEYCLOAK=\"1\" \
   --version $HELMCHART_VERSION
diff --git a/scripts/efs_guardian_job.json b/scripts/efs_guardian_job.json
new file mode 100644
index 0000000000..4746d4f393
--- /dev/null
+++ b/scripts/efs_guardian_job.json
@@ -0,0 +1,36 @@
+{
+  "apiVersion": "batch/v1",
+  "kind": "Job",
+  "metadata": {
+    "name": "appsmith-efs-guardian"
+  },
+  "spec": {
+    "template": {
+      "spec": {
+        "containers": [
+          {
+            "name": "appsmith-efs-guardian",
+            "image": "ubuntu",
+            "command": ["/bin/bash"],
+            "args": [],
+            "volumeMounts": [
+              {
+                "name": "appsmith-efs-dp-volume",
+                "mountPath": "/appsmith-stacks"
+              }
+            ]
+          }
+        ],
+        "restartPolicy": "OnFailure",
+        "volumes": [
+          {
+            "name": "appsmith-efs-dp-volume",
+            "persistentVolumeClaim": {
+              "claimName": "appsmith-efs-dp-guardian-claim"
+            }
+          }
+        ]
+      }
+    }
+  }
+}