Merge pull request #5 from code-kern-ai/perf-reload-secrets

perf: add k8s reload secrets workflow

Author: andhreljaKern

.github/workflows/k8s_reload_secrets.yml

@@ -0,0 +1,64 @@
+name: 'K8: Reload Secrets'
+
+on:
+  workflow_call:
+    inputs:
+      deployment_name:
+        description: 'Deployment Name'
+        required: true
+        type: string
+
+# Special permissions required for OIDC authentication
+permissions:
+  id-token: write
+  contents: read
+  actions: read
+
+jobs:
+  k8-reload-secrets:
+    name: 'K8: Reload Secrets'
+    runs-on: [self-hosted, dev]
+    environment: dev
+    env:
+      KUBELOGIN_VERSION: "v0.0.25"
+      KUBERNETES_CLUSTER_NAME: "${{ vars.KUBERNETES_CLUSTER_NAME }}"
+      KUBERNETES_NAMESPACE: "${{ vars.KUBERNETES_NAMESPACE }}"
+      AZURE_RESOURCE_GROUP: "${{ vars.AZURE_RESOURCE_GROUP }}"
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: GitHub Configuration
+      run: git config --global url."https://oauth2:${{ secrets.GH_TOKEN }}@github.com".insteadOf https://github.com
+
+    - name: Clone cicd-deployment-scripts
+      run: git clone https://github.com/code-kern-ai/cicd-deployment-scripts.git
+
+    # Install the latest version of Kubernetes CLI and configure the Kubernetes CLI configuration file with a Kubernetes Cloud user API token
+    - name: Azure Cloud Login
+      uses: azure/login@v2
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    # Use kubelogin to configure your kubeconfig for Azure auth
+    - name: Set up kubelogin for non-interactive login
+      uses: azure/use-kubelogin@v1
+      with:
+        kubelogin-version: ${{ env.KUBELOGIN_VERSION }}
+
+    - uses: azure/aks-set-context@v3
+      with:
+        resource-group: ${{ env.AZURE_RESOURCE_GROUP }}
+        cluster-name: ${{ env.KUBERNETES_CLUSTER_NAME }}
+        admin: 'false'
+        use-kubelogin: 'true'
+    
+    - name: Run Secret Reload
+      shell: bash
+      run: |
+        bash cicd-deployment-scripts/k8s/reload_secrets.sh \
+          -n ${{ env.KUBERNETES_NAMESPACE }} \
+          -d ${{ inputs.deployment_name }}

k8s/reload_secrets.sh

@@ -0,0 +1,43 @@
+# !/bin/bash
+set -e
+
+KUBERNETES_NAMESPACE=""
+KUBERNETES_DEPLOYMENT_NAME=""
+
+while getopts n:d: flag
+do
+    case "${flag}" in
+        n) KUBERNETES_NAMESPACE=${OPTARG};;
+        d) KUBERNETES_DEPLOYMENT_NAME=${OPTARG};;
+    esac
+done
+
+declare -A secret_rename_mapping=( \
+    ["cognition-gateway"]="cg-gateway" \
+    ["cognition-pdf2md"]="cg-gateway" \
+    ["cognition-task-master"]="cg-task-master" \
+    ["gates-gateway"]="gt-gateway" \
+    ["platform-monitoring"]="plfm-monitor" \
+    ["refinery-commercial-proxy"]="rf-comm-proxy" \
+    ["refinery-config"]="rf-config" \
+    ["refinery-doc-ock"]="rf-doc-ock" \
+    ["refinery-embedder"]="rf-embedder" \
+    ["refinery-gateway"]="rf-gateway" \
+    ["refinery-gateway-proxy"]="rf-gw-proxy" \
+    ["refinery-model-provider"]="rf-mdl-prvd" \
+    ["refinery-neural-search"]="rf-nrl-search" \
+    ["refinery-tokenizer"]="rf-tokenizer" \
+    ["refinery-updater"]="rf-updater" \
+    ["refinery-weak-supervisor"]="rf-weak-supvsr" \
+    ["refinery-websocket"]="rf-websocket" \
+    ["refinery-zero-shot"]="rf-zero-shot" \
+)
+
+kubectl config set-context --current --namespace=$KUBERNETES_NAMESPACE
+echo "Context set to namespace: \"$KUBERNETES_NAMESPACE\""
+
+kubectl delete secret ${secret_rename_mapping[$KUBERNETES_DEPLOYMENT_NAME]}
+kubectl rollout restart deployment ${KUBERNETES_DEPLOYMENT_NAME}
+kubectl rollout status deployment ${KUBERNETES_DEPLOYMENT_NAME}
+
+echo "::notice::Reloaded ${KUBERNETES_DEPLOYMENT_NAME} secret (${secret_rename_mapping[$KUBERNETES_DEPLOYMENT_NAME]}) successfully"