Release 0.17.1 (2024-08-26)

### Bug Fixes * Enable a second kv on aws deployment. * fix AppMesh health check. * Resolve proxy subnet resources collision issue. Bug: N/A Change-Id: I2323accde543a533a532207284b7728be90ff9e4 GitOrigin-RevId: ea94002425bb71aa2ec3d8641dbf7df7dca23630
privacysandbox · Sep 16, 2024 · 6bd59ec · 6bd59ec
1 parent 5d586e0
commit 6bd59ec
Show file tree

Hide file tree

Showing 11 changed files with 111 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## 0.17.1 (2024-08-26)
+
+
+### Bug Fixes
+
+* Enable a second kv on aws deployment.
+* fix AppMesh health check.
+* Resolve proxy subnet resources collision issue.
+
 ## 0.17.0 (2024-07-08)
 
 

diff --git a/docs/deployment/deploying_on_aws.md b/docs/deployment/deploying_on_aws.md
@@ -274,8 +274,9 @@ curl ${KV_SERVER_URL}/v1/getvalues?keys=foo1
 ```
 
 Since 7.47.0. curl by default send request via HTTP/2 protocol
-[curl-http2](https://curl.se/docs/http2.html). The terraform setup has the KV load balancer listen
-to HTTP/2 on port 8443 and HTTP1.1 on port 443. To query the server using http1.1 request protocol:
+[curl-http2](https://fuchsia.googlesource.com/third_party/curl/+/refs/heads/cobalt/docs/HTTP2.md).
+The terraform setup has the KV load balancer listen to HTTP/2 on port 8443 and HTTP1.1 on port 443.
+To query the server using http1.1 request protocol:
 
 ```sh
 KV_SERVER_URL="https://demo.kv-server.your-domain.example"

diff --git a/production/packaging/aws/data_server/ami/health.proto b/production/packaging/aws/data_server/ami/health.proto
@@ -0,0 +1,63 @@
+// Copyright 2015 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto
+
+syntax = "proto3";
+
+package grpc.health.v1;
+
+option csharp_namespace = "Grpc.Health.V1";
+option go_package = "google.golang.org/grpc/health/grpc_health_v1";
+option java_multiple_files = true;
+option java_outer_classname = "HealthProto";
+option java_package = "io.grpc.health.v1";
+
+message HealthCheckRequest {
+  string service = 1;
+}
+
+message HealthCheckResponse {
+  enum ServingStatus {
+    UNKNOWN = 0;
+    SERVING = 1;
+    NOT_SERVING = 2;
+    SERVICE_UNKNOWN = 3; // Used only by the Watch method.
+  }
+  ServingStatus status = 1;
+}
+
+service Health {
+  // If the requested service is unknown, the call will fail with status
+  // NOT_FOUND.
+  rpc Check(HealthCheckRequest) returns (HealthCheckResponse);
+
+  // Performs a watch for the serving status of the requested service.
+  // The server will immediately send back a message indicating the current
+  // serving status.  It will then subsequently send a new message whenever
+  // the service's serving status changes.
+  //
+  // If the requested service is unknown when the call is received, the
+  // server will send a message setting the serving status to
+  // SERVICE_UNKNOWN but will *not* terminate the call.  If at some
+  // future point, the serving status of the service becomes known, the
+  // server will send a new message with the service's serving status.
+  //
+  // If the call terminates with status UNIMPLEMENTED, then clients
+  // should assume this method is not supported and should not retry the
+  // call.  If the call terminates with any other status (including OK),
+  // clients should retry the call with appropriate exponential backoff.
+  rpc Watch(HealthCheckRequest) returns (stream HealthCheckResponse);
+}
diff --git a/production/packaging/aws/data_server/ami/image.pkr.hcl b/production/packaging/aws/data_server/ami/image.pkr.hcl
@@ -130,7 +130,7 @@ build {
     destination = "/home/ec2-user/hc.bash"
   }
   provisioner "file" {
-    source      = join("/", [var.workspace, "components/health_check/health.proto"])
+    source      = join("/", [var.workspace, "production/packaging/aws/data_server/ami/health.proto"])
     destination = "/home/ec2-user/health.proto"
   }
   provisioner "shell" {

diff --git a/production/terraform/aws/environments/kv_server.tf b/production/terraform/aws/environments/kv_server.tf
@@ -30,6 +30,7 @@ module "kv_server" {
   existing_vpc_operator    = var.existing_vpc_operator
   existing_vpc_environment = var.existing_vpc_environment
   enable_external_traffic  = var.enable_external_traffic
+  with_existing_kv         = var.with_existing_kv
 
   # Variables related to EC2 instances.
   instance_type   = var.instance_type

diff --git a/production/terraform/aws/environments/kv_server_variables.tf b/production/terraform/aws/environments/kv_server_variables.tf
@@ -361,3 +361,9 @@ variable "enable_external_traffic" {
   description = "Whether to serve external traffic. If disabled, only internal traffic under existing VPC will be served."
   type        = bool
 }
+
+variable "with_existing_kv" {
+  description = "In order to deploy this Key/Value server with existing Key/Value server(s) under the same VPC, you must set this var to true to avoid resource collision. In this case, use_existing_vpc must be true for all Key/Value servers under the same VPC."
+  default     = false
+  type        = bool
+}
diff --git a/production/terraform/aws/modules/kv_server/main.tf b/production/terraform/aws/modules/kv_server/main.tf
@@ -77,6 +77,7 @@ module "security_groups" {
 }
 
 module "backend_services" {
+  count                        = var.with_existing_kv ? 0 : 1
   source                       = "../../services/backend_services"
   region                       = var.region
   environment                  = var.environment
@@ -226,6 +227,7 @@ module "parameter" {
 }
 
 module "security_group_rules" {
+  count                             = var.with_existing_kv ? 0 : 1
   source                            = "../../services/security_group_rules"
   region                            = var.region
   service                           = local.service
@@ -236,7 +238,7 @@ module "security_group_rules" {
   instances_security_group_id       = module.security_groups.instance_security_group_id
   ssh_security_group_id             = module.security_groups.ssh_security_group_id
   vpce_security_group_id            = module.security_groups.vpc_endpoint_security_group_id
-  gateway_endpoints_prefix_list_ids = module.backend_services.gateway_endpoints_prefix_list_ids
+  gateway_endpoints_prefix_list_ids = module.backend_services[0].gateway_endpoints_prefix_list_ids
   ssh_source_cidr_blocks            = var.ssh_source_cidr_blocks
   use_existing_vpc                  = var.use_existing_vpc
 }

diff --git a/production/terraform/aws/modules/kv_server/variables.tf b/production/terraform/aws/modules/kv_server/variables.tf
@@ -356,3 +356,8 @@ variable "enable_external_traffic" {
   description = "Whether to serve external traffic. If disabled, only internal traffic under existing VPC will be served. "
   type        = bool
 }
+
+variable "with_existing_kv" {
+  description = "In order to deploy this Key/Value server with existing Key/Value server(s) under the same VPC, you must set this var to true to avoid resource collision. In this case, use_existing_vpc must be true for all Key/Value servers under the same VPC."
+  type        = bool
+}
diff --git a/production/terraform/gcp/services/networking/main.tf b/production/terraform/gcp/services/networking/main.tf
@@ -30,8 +30,25 @@ resource "google_compute_subnetwork" "kv_server" {
   ip_cidr_range = tolist(var.regions_cidr_blocks)[each.key]
 }
 
+data "google_compute_network" "existing_vpc_data" {
+  count = (var.use_existing_vpc) ? 1 : 0
+  name  = split("/", var.existing_vpc_id)[length(split("/", var.existing_vpc_id)) - 1]
+}
+
+data "google_compute_subnetwork" "all_subnetworks" {
+  for_each  = (var.use_existing_vpc) ? { for v in data.google_compute_network.existing_vpc_data[0].subnetworks_self_links : v => v } : {}
+  self_link = each.value
+}
+
+data "google_compute_subnetwork" "proxy_subnetworks" {
+  for_each = (var.use_existing_vpc) ? { for k, v in data.google_compute_subnetwork.all_subnetworks : k => v
+  if length(regexall(".*collector-proxy-subnet", v.name)) > 0 } : {}
+  name   = each.value.name
+  region = each.value.region
+}
+
 resource "google_compute_subnetwork" "proxy_subnets" {
-  for_each = { for index, region in tolist(var.regions) : index => region }
+  for_each = (length(data.google_compute_subnetwork.proxy_subnetworks) != 0) ? {} : { for index, region in tolist(var.regions) : index => region }
 
   ip_cidr_range = "10.${139 + each.key}.0.0/23"
   name          = "${var.service}-${var.environment}-${each.value}-collector-proxy-subnet"

diff --git a/production/terraform/gcp/services/networking/outputs.tf b/production/terraform/gcp/services/networking/outputs.tf
@@ -25,7 +25,7 @@ output "subnets" {
 
 output "proxy_subnets" {
   description = "All service proxy subnets."
-  value       = google_compute_subnetwork.proxy_subnets
+  value       = var.use_existing_vpc ? data.google_compute_subnetwork.proxy_subnetworks : google_compute_subnetwork.proxy_subnets
 }
 
 output "server_ip_address" {

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.17.0
+0.17.1