From 6bd59ec748053e30c60d7e57438b0f6e3768f0bf Mon Sep 17 00:00:00 2001 From: Privacy Sandbox Team Date: Mon, 26 Aug 2024 20:52:11 +0000 Subject: [PATCH] Release 0.17.1 (2024-08-26) ### Bug Fixes * Enable a second kv on aws deployment. * fix AppMesh health check. * Resolve proxy subnet resources collision issue. Bug: N/A Change-Id: I2323accde543a533a532207284b7728be90ff9e4 GitOrigin-RevId: ea94002425bb71aa2ec3d8641dbf7df7dca23630 --- CHANGELOG.md | 9 +++ docs/deployment/deploying_on_aws.md | 5 +- .../aws/data_server/ami/health.proto | 63 +++++++++++++++++++ .../aws/data_server/ami/image.pkr.hcl | 2 +- .../terraform/aws/environments/kv_server.tf | 1 + .../aws/environments/kv_server_variables.tf | 6 ++ .../terraform/aws/modules/kv_server/main.tf | 4 +- .../aws/modules/kv_server/variables.tf | 5 ++ .../terraform/gcp/services/networking/main.tf | 19 +++++- .../gcp/services/networking/outputs.tf | 2 +- version.txt | 2 +- 11 files changed, 111 insertions(+), 7 deletions(-) create mode 100644 production/packaging/aws/data_server/ami/health.proto diff --git a/CHANGELOG.md b/CHANGELOG.md index 07125613..76b12c7c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines. +## 0.17.1 (2024-08-26) + + +### Bug Fixes + +* Enable a second kv on aws deployment. +* fix AppMesh health check. +* Resolve proxy subnet resources collision issue. + ## 0.17.0 (2024-07-08) diff --git a/docs/deployment/deploying_on_aws.md b/docs/deployment/deploying_on_aws.md index f7f4818a..c8f9c424 100644 --- a/docs/deployment/deploying_on_aws.md +++ b/docs/deployment/deploying_on_aws.md @@ -274,8 +274,9 @@ curl ${KV_SERVER_URL}/v1/getvalues?keys=foo1 ``` Since 7.47.0. curl by default send request via HTTP/2 protocol -[curl-http2](https://curl.se/docs/http2.html). The terraform setup has the KV load balancer listen -to HTTP/2 on port 8443 and HTTP1.1 on port 443. To query the server using http1.1 request protocol: +[curl-http2](https://fuchsia.googlesource.com/third_party/curl/+/refs/heads/cobalt/docs/HTTP2.md). +The terraform setup has the KV load balancer listen to HTTP/2 on port 8443 and HTTP1.1 on port 443. +To query the server using http1.1 request protocol: ```sh KV_SERVER_URL="https://demo.kv-server.your-domain.example" diff --git a/production/packaging/aws/data_server/ami/health.proto b/production/packaging/aws/data_server/ami/health.proto new file mode 100644 index 00000000..4db5bc72 --- /dev/null +++ b/production/packaging/aws/data_server/ami/health.proto @@ -0,0 +1,63 @@ +// Copyright 2015 The gRPC Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// The canonical version of this proto can be found at +// https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto + +syntax = "proto3"; + +package grpc.health.v1; + +option csharp_namespace = "Grpc.Health.V1"; +option go_package = "google.golang.org/grpc/health/grpc_health_v1"; +option java_multiple_files = true; +option java_outer_classname = "HealthProto"; +option java_package = "io.grpc.health.v1"; + +message HealthCheckRequest { + string service = 1; +} + +message HealthCheckResponse { + enum ServingStatus { + UNKNOWN = 0; + SERVING = 1; + NOT_SERVING = 2; + SERVICE_UNKNOWN = 3; // Used only by the Watch method. + } + ServingStatus status = 1; +} + +service Health { + // If the requested service is unknown, the call will fail with status + // NOT_FOUND. + rpc Check(HealthCheckRequest) returns (HealthCheckResponse); + + // Performs a watch for the serving status of the requested service. + // The server will immediately send back a message indicating the current + // serving status. It will then subsequently send a new message whenever + // the service's serving status changes. + // + // If the requested service is unknown when the call is received, the + // server will send a message setting the serving status to + // SERVICE_UNKNOWN but will *not* terminate the call. If at some + // future point, the serving status of the service becomes known, the + // server will send a new message with the service's serving status. + // + // If the call terminates with status UNIMPLEMENTED, then clients + // should assume this method is not supported and should not retry the + // call. If the call terminates with any other status (including OK), + // clients should retry the call with appropriate exponential backoff. + rpc Watch(HealthCheckRequest) returns (stream HealthCheckResponse); +} diff --git a/production/packaging/aws/data_server/ami/image.pkr.hcl b/production/packaging/aws/data_server/ami/image.pkr.hcl index d22b995c..38ae72f9 100644 --- a/production/packaging/aws/data_server/ami/image.pkr.hcl +++ b/production/packaging/aws/data_server/ami/image.pkr.hcl @@ -130,7 +130,7 @@ build { destination = "/home/ec2-user/hc.bash" } provisioner "file" { - source = join("/", [var.workspace, "components/health_check/health.proto"]) + source = join("/", [var.workspace, "production/packaging/aws/data_server/ami/health.proto"]) destination = "/home/ec2-user/health.proto" } provisioner "shell" { diff --git a/production/terraform/aws/environments/kv_server.tf b/production/terraform/aws/environments/kv_server.tf index c5089963..cac8ce72 100644 --- a/production/terraform/aws/environments/kv_server.tf +++ b/production/terraform/aws/environments/kv_server.tf @@ -30,6 +30,7 @@ module "kv_server" { existing_vpc_operator = var.existing_vpc_operator existing_vpc_environment = var.existing_vpc_environment enable_external_traffic = var.enable_external_traffic + with_existing_kv = var.with_existing_kv # Variables related to EC2 instances. instance_type = var.instance_type diff --git a/production/terraform/aws/environments/kv_server_variables.tf b/production/terraform/aws/environments/kv_server_variables.tf index f857e0ac..23e7cf72 100644 --- a/production/terraform/aws/environments/kv_server_variables.tf +++ b/production/terraform/aws/environments/kv_server_variables.tf @@ -361,3 +361,9 @@ variable "enable_external_traffic" { description = "Whether to serve external traffic. If disabled, only internal traffic under existing VPC will be served." type = bool } + +variable "with_existing_kv" { + description = "In order to deploy this Key/Value server with existing Key/Value server(s) under the same VPC, you must set this var to true to avoid resource collision. In this case, use_existing_vpc must be true for all Key/Value servers under the same VPC." + default = false + type = bool +} diff --git a/production/terraform/aws/modules/kv_server/main.tf b/production/terraform/aws/modules/kv_server/main.tf index 90989a36..984d5d1c 100644 --- a/production/terraform/aws/modules/kv_server/main.tf +++ b/production/terraform/aws/modules/kv_server/main.tf @@ -77,6 +77,7 @@ module "security_groups" { } module "backend_services" { + count = var.with_existing_kv ? 0 : 1 source = "../../services/backend_services" region = var.region environment = var.environment @@ -226,6 +227,7 @@ module "parameter" { } module "security_group_rules" { + count = var.with_existing_kv ? 0 : 1 source = "../../services/security_group_rules" region = var.region service = local.service @@ -236,7 +238,7 @@ module "security_group_rules" { instances_security_group_id = module.security_groups.instance_security_group_id ssh_security_group_id = module.security_groups.ssh_security_group_id vpce_security_group_id = module.security_groups.vpc_endpoint_security_group_id - gateway_endpoints_prefix_list_ids = module.backend_services.gateway_endpoints_prefix_list_ids + gateway_endpoints_prefix_list_ids = module.backend_services[0].gateway_endpoints_prefix_list_ids ssh_source_cidr_blocks = var.ssh_source_cidr_blocks use_existing_vpc = var.use_existing_vpc } diff --git a/production/terraform/aws/modules/kv_server/variables.tf b/production/terraform/aws/modules/kv_server/variables.tf index 21345044..cdaf5293 100644 --- a/production/terraform/aws/modules/kv_server/variables.tf +++ b/production/terraform/aws/modules/kv_server/variables.tf @@ -356,3 +356,8 @@ variable "enable_external_traffic" { description = "Whether to serve external traffic. If disabled, only internal traffic under existing VPC will be served. " type = bool } + +variable "with_existing_kv" { + description = "In order to deploy this Key/Value server with existing Key/Value server(s) under the same VPC, you must set this var to true to avoid resource collision. In this case, use_existing_vpc must be true for all Key/Value servers under the same VPC." + type = bool +} diff --git a/production/terraform/gcp/services/networking/main.tf b/production/terraform/gcp/services/networking/main.tf index 754e45cf..19a3d3be 100644 --- a/production/terraform/gcp/services/networking/main.tf +++ b/production/terraform/gcp/services/networking/main.tf @@ -30,8 +30,25 @@ resource "google_compute_subnetwork" "kv_server" { ip_cidr_range = tolist(var.regions_cidr_blocks)[each.key] } +data "google_compute_network" "existing_vpc_data" { + count = (var.use_existing_vpc) ? 1 : 0 + name = split("/", var.existing_vpc_id)[length(split("/", var.existing_vpc_id)) - 1] +} + +data "google_compute_subnetwork" "all_subnetworks" { + for_each = (var.use_existing_vpc) ? { for v in data.google_compute_network.existing_vpc_data[0].subnetworks_self_links : v => v } : {} + self_link = each.value +} + +data "google_compute_subnetwork" "proxy_subnetworks" { + for_each = (var.use_existing_vpc) ? { for k, v in data.google_compute_subnetwork.all_subnetworks : k => v + if length(regexall(".*collector-proxy-subnet", v.name)) > 0 } : {} + name = each.value.name + region = each.value.region +} + resource "google_compute_subnetwork" "proxy_subnets" { - for_each = { for index, region in tolist(var.regions) : index => region } + for_each = (length(data.google_compute_subnetwork.proxy_subnetworks) != 0) ? {} : { for index, region in tolist(var.regions) : index => region } ip_cidr_range = "10.${139 + each.key}.0.0/23" name = "${var.service}-${var.environment}-${each.value}-collector-proxy-subnet" diff --git a/production/terraform/gcp/services/networking/outputs.tf b/production/terraform/gcp/services/networking/outputs.tf index e8ac484d..30d1f2e0 100644 --- a/production/terraform/gcp/services/networking/outputs.tf +++ b/production/terraform/gcp/services/networking/outputs.tf @@ -25,7 +25,7 @@ output "subnets" { output "proxy_subnets" { description = "All service proxy subnets." - value = google_compute_subnetwork.proxy_subnets + value = var.use_existing_vpc ? data.google_compute_subnetwork.proxy_subnetworks : google_compute_subnetwork.proxy_subnets } output "server_ip_address" { diff --git a/version.txt b/version.txt index 07feb823..14a8c245 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -0.17.0 \ No newline at end of file +0.17.1 \ No newline at end of file