justinthelaw
commented
2 weeks ago - corrects the order in which Supabase is deployed relative to Zarf packages with dependent SQL migrations
- fixes/adds docs to run new UDS Core 0.22.2 setup
Closed justinthelaw closed 2 weeks ago
justinthelaw
commented
2 weeks ago 
netlify[bot]
commented
2 weeks ago | Name | Link |
|---|---|
| Latest commit | 3099681ddba29a61b779059bddf7b9b7be575cee |
| Latest deploy log | https://app.netlify.com/sites/leapfrogai-docs/deploys/66704d527c141d0007b47c2d |
justinthelaw
commented
2 weeks ago The modified UDS bundle deployment seems to do well up until the final component, leapfrogai-ui.
To replicate:
LOCAL_VERSION=dev make build-cpucd uds-bundles/dev/cpu && uds create . --confirmuds deploy uds-bundle-leapfrogai-amd64-dev.tar.zst --confirmPod logs:
2024/06/14 21:57:16 PG Recv: {"Type":"RowDescription","Fields":[{"Name":"version","TableOID":17310,"TableAttributeNumber":1,"DataTypeOID":25,"DataTypeSize":-1,"TypeModifier":-1,"Format":0}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240322174520"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240419164109"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240502193159"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240516152530"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240522141100"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240603183253"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"DataRow","Values":[{"text":"20240610185420"}]}
2024/06/14 21:57:16 PG Recv: {"Type":"CommandComplete","CommandTag":"SELECT 7"}
2024/06/14 21:57:16 PG Recv: {"Type":"ReadyForQuery","TxStatus":"I"}
Remote migration versions not found in supabase/migrations directory.
Make sure your local git repo is up-to-date. If the error persists, try repairing the migration history table:
supabase migration repair --status reverted 20240322174520 20240419164109 20240502193159 20240516152530 20240522141100 20240603183253 20240610185420
And update local migrations to match remote database:
supabase db pullFinal YAML of the deployed ui-migrations-dev pod:
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/containerID: ae40ae2cb00a807cf665c05c246079caf0de32af640555e07bc9b38ed31d2a70
cni.projectcalico.org/podIP: 10.42.0.112/32
cni.projectcalico.org/podIPs: 10.42.0.112/32
istio.io/rev: default
kubectl.kubernetes.io/default-container: supabase-cli
kubectl.kubernetes.io/default-logs-container: supabase-cli
prometheus.io/path: /stats/prometheus
prometheus.io/port: "15020"
prometheus.io/scrape: "true"
sidecar.istio.io/status: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["workload-socket","credential-socket","workload-certs","istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}'
uds-core.pepr.dev/mutated: '["require-non-root-user","drop-all-capabilities"]'
uds-core.pepr.dev/uds-core-policies: succeeded
creationTimestamp: "2024-06-14T21:56:59Z"
finalizers:
- batch.kubernetes.io/job-tracking
generateName: ui-migrations-dev-
labels:
batch.kubernetes.io/controller-uid: c96f997c-5328-4294-8c60-0042a8d1618c
batch.kubernetes.io/job-name: ui-migrations-dev
controller-uid: c96f997c-5328-4294-8c60-0042a8d1618c
job-name: ui-migrations-dev
security.istio.io/tlsMode: istio
service.istio.io/canonical-name: ui-migrations-dev
service.istio.io/canonical-revision: latest
zarf-agent: patched
name: ui-migrations-dev-lfbs4
namespace: leapfrogai
ownerReferences:
- apiVersion: batch/v1
blockOwnerDeletion: true
controller: true
kind: Job
name: ui-migrations-dev
uid: c96f997c-5328-4294-8c60-0042a8d1618c
resourceVersion: "71782"
uid: 9182c5b4-cf5f-4656-9dbd-bc811f674068
spec:
containers:
- args:
- proxy
- sidecar
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --proxyLogLevel=warning
- --proxyComponentLogLevel=misc:error
- --log_output_level=default:info
env:
- name: JWT_POLICY
value: third-party-jwt
- name: PILOT_CERT_PROVIDER
value: istiod
- name: CA_ADDR
value: istiod.istio-system.svc:15012
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: ISTIO_CPU_LIMIT
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.cpu
- name: PROXY_CONFIG
value: |
{"gatewayTopology":{"forwardClientCertDetails":"SANITIZE"},"holdApplicationUntilProxyStarts":true}
- name: ISTIO_META_POD_PORTS
value: |-
[
]
- name: ISTIO_META_APP_CONTAINERS
value: supabase-cli
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.memory
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.cpu
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: ISTIO_META_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: ISTIO_META_INTERCEPTION_MODE
value: REDIRECT
- name: ISTIO_META_WORKLOAD_NAME
value: ui-migrations-dev
- name: ISTIO_META_OWNER
value: kubernetes://apis/batch/v1/namespaces/leapfrogai/jobs/ui-migrations-dev
- name: ISTIO_META_MESH_ID
value: cluster.local
- name: TRUST_DOMAIN
value: cluster.local
image: 127.0.0.1:31999/ironbank/tetrate/istio/proxyv2:1.21.2-tetratefips-v0-zarf-3754112098
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- pilot-agent
- wait
name: istio-proxy
ports:
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 4
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1337
runAsNonRoot: true
runAsUser: 1337
startupProbe:
failureThreshold: 600
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/workload-spiffe-uds
name: workload-socket
- mountPath: /var/run/secrets/credential-uds
name: credential-socket
- mountPath: /var/run/secrets/workload-spiffe-credentials
name: workload-certs
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /var/lib/istio/data
name: istio-data
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /var/run/secrets/tokens
name: istio-token
- mountPath: /etc/istio/pod
name: istio-podinfo
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-br5nj
readOnly: true
- args:
- -c
- supabase migration fetch --db-url="postgresql://supabase_admin:$POSTGRES_PASSWORD@$MIGRATION_SERVICE_NAME.$MIGRATION_NAMESPACE.svc.cluster.local:$MIGRATION_SERVICE_PORT/postgres"
--debug || true && supabase db push --db-url="postgresql://supabase_admin:$POSTGRES_PASSWORD@$MIGRATION_SERVICE_NAME.$MIGRATION_NAMESPACE.svc.cluster.local:$MIGRATION_SERVICE_PORT/postgres"
--include-all --debug
command:
- /bin/sh
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: supabase-postgresql
- name: MIGRATION_NAMESPACE
value: leapfrogai
- name: MIGRATION_SERVICE_NAME
value: supabase-postgresql
- name: MIGRATION_SERVICE_PORT
value: "5432"
image: 127.0.0.1:31999/defenseunicorns/leapfrogai/ui-migrations:dev-zarf-2195827556
imagePullPolicy: IfNotPresent
name: supabase-cli
resources: {}
securityContext:
capabilities:
drop:
- ALL
runAsGroup: 65532
runAsUser: 65532
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-br5nj
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
imagePullSecrets:
- name: private-registry
initContainers:
- args:
- istio-iptables
- -p
- "15001"
- -z
- "15006"
- -u
- "1337"
- -m
- REDIRECT
- -i
- '*'
- -x
- ""
- -b
- '*'
- -d
- 15090,15021,15020
- --log_output_level=default:info
image: 127.0.0.1:31999/ironbank/tetrate/istio/proxyv2:1.21.2-tetratefips-v0-zarf-3754112098
imagePullPolicy: IfNotPresent
name: istio-init
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-br5nj
readOnly: true
nodeName: law-laptop
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Never
schedulerName: default-scheduler
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- emptyDir: {}
name: workload-socket
- emptyDir: {}
name: credential-socket
- emptyDir: {}
name: workload-certs
- emptyDir:
medium: Memory
name: istio-envoy
- emptyDir: {}
name: istio-data
- downwardAPI:
defaultMode: 420
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.labels
path: labels
- fieldRef:
apiVersion: v1
fieldPath: metadata.annotations
path: annotations
name: istio-podinfo
- name: istio-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- configMap:
defaultMode: 420
name: istio-ca-root-cert
name: istiod-ca-cert
- name: kube-api-access-br5nj
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2024-06-14T21:57:02Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2024-06-14T21:57:17Z"
message: 'containers with unready status: [supabase-cli]'
reason: ContainersNotReady
status: "False"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2024-06-14T21:57:17Z"
message: 'containers with unready status: [supabase-cli]'
reason: ContainersNotReady
status: "False"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2024-06-14T21:56:59Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: containerd://d2fa2a023da5c8bd8884691c75c7d329689e1adcd5a1e188b8cc191fb445db6a
image: 127.0.0.1:31999/ironbank/tetrate/istio/proxyv2:1.21.2-tetratefips-v0-zarf-3754112098
imageID: 127.0.0.1:31999/ironbank/tetrate/istio/proxyv2@sha256:e59825f051bf273489d2915439539761c757ed52cdb0f7c64425b13d70e61bb9
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2024-06-14T21:57:03Z"
- containerID: containerd://8e4432c39302c1fc93d6c65f4b3fa4520fcd7398c88563db4583a01231fb9e82
image: 127.0.0.1:31999/defenseunicorns/leapfrogai/ui-migrations:dev-zarf-2195827556
imageID: 127.0.0.1:31999/defenseunicorns/leapfrogai/ui-migrations@sha256:1ecba5f4830b88ff2ae062b5c5969e14ddfd3b8e65e0e05539e3550f9bf18e72
lastState: {}
name: supabase-cli
ready: false
restartCount: 0
started: false
state:
terminated:
containerID: containerd://8e4432c39302c1fc93d6c65f4b3fa4520fcd7398c88563db4583a01231fb9e82
exitCode: 1
finishedAt: "2024-06-14T21:57:16Z"
reason: Error
startedAt: "2024-06-14T21:57:06Z"
hostIP: 192.168.1.129
initContainerStatuses:
- containerID: containerd://d5885b5f3723812dc5e12ba1e2bd0babd7f78a336d904db60f789d02c0049b0c
image: 127.0.0.1:31999/ironbank/tetrate/istio/proxyv2:1.21.2-tetratefips-v0-zarf-3754112098
imageID: 127.0.0.1:31999/ironbank/tetrate/istio/proxyv2@sha256:e59825f051bf273489d2915439539761c757ed52cdb0f7c64425b13d70e61bb9
lastState: {}
name: istio-init
ready: true
restartCount: 0
started: false
state:
terminated:
containerID: containerd://d5885b5f3723812dc5e12ba1e2bd0babd7f78a336d904db60f789d02c0049b0c
exitCode: 0
finishedAt: "2024-06-14T21:57:01Z"
reason: Completed
startedAt: "2024-06-14T21:57:01Z"
phase: Running
podIP: 10.42.0.112
podIPs:
- ip: 10.42.0.112
qosClass: Burstable
startTime: "2024-06-14T21:56:59Z"