forked from chloecrozier/runai_brev_launchable
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy_runai.sh
More file actions
executable file
·135 lines (116 loc) · 6.15 KB
/
deploy_runai.sh
File metadata and controls
executable file
·135 lines (116 loc) · 6.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
# Installs RunAI control plane + cluster. Run after setting RUNAI_JFROG_TOKEN.
set -euo pipefail
RUNAI_DOMAIN="${RUNAI_DOMAIN:-runai.brev.cloud}"
RUNAI_VERSION="${RUNAI_VERSION:-2.24.37}"
RUNAI_CERT_DIR="${RUNAI_CERT_DIR:-/tmp/runai-certs}"
RUNAI_CLUSTER_NAME="${RUNAI_CLUSTER_NAME:-brev-cluster}"
RUNAI_USERNAME="${RUNAI_USERNAME:-test@run.ai}"
RUNAI_PASSWORD="${RUNAI_PASSWORD:-Abcd!234}"
RUNAI_CURL_INSECURE="${RUNAI_CURL_INSECURE:-0}"
log() { echo "[$(date +'%H:%M:%S')] $*"; }
die() { echo "[$(date +'%H:%M:%S')] ERROR: $*" >&2; exit 1; }
curl_flags=(); [[ "${RUNAI_CURL_INSECURE}" == "1" ]] && curl_flags+=("--insecure")
# --- Pre-flight ---
command -v helm >/dev/null || die "helm not found. Did setup_prereqs.sh run?"
command -v jq >/dev/null || { sudo apt-get update -y >/dev/null && sudo apt-get install -y jq >/dev/null; }
[[ -n "${RUNAI_JFROG_TOKEN:-}" ]] || die "RUNAI_JFROG_TOKEN is not set. Run: export RUNAI_JFROG_TOKEN=\"your-token\""
[[ -f "${RUNAI_CERT_DIR}/ca.crt" ]] || die "CA cert not found at ${RUNAI_CERT_DIR}/ca.crt — setup_prereqs.sh may not have run."
log "=== Deploying RunAI (${RUNAI_VERSION}) ==="
# --- Registry secret ---
log "Creating registry secret..."
kubectl delete secret runai-reg-creds -n runai-backend 2>/dev/null || true
kubectl create secret docker-registry runai-reg-creds -n runai-backend \
--docker-server=runai.jfrog.io \
--docker-username=self-hosted-image-puller-prod \
--docker-password="${RUNAI_JFROG_TOKEN}" \
--docker-email=support@run.ai
# --- Control plane ---
log "Installing control plane..."
helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod 2>/dev/null || true
helm repo update >/dev/null 2>&1
helm upgrade -i runai-backend runai-backend/control-plane -n runai-backend \
--version "${RUNAI_VERSION}" \
--set "global.domain=${RUNAI_DOMAIN}" \
--set "global.customCA.enabled=true" \
--set-file "global.customCA.caPEM=${RUNAI_CERT_DIR}/ca.crt" \
--set "global.imagePullSecrets[0].name=runai-reg-creds" \
--wait --timeout=25m
# Restart control plane pods so they pick up the latest CA secret
log "Restarting control plane pods..."
kubectl rollout restart deployment -n runai-backend 2>/dev/null || true
kubectl rollout restart statefulset -n runai-backend 2>/dev/null || true
# --- Ensure host can resolve the domain ---
grep -q "${RUNAI_DOMAIN}" /etc/hosts 2>/dev/null || echo "127.0.0.1 ${RUNAI_DOMAIN}" | sudo tee -a /etc/hosts >/dev/null
# --- Auth token ---
log "Waiting for control plane to be ready..."
sleep 15
log "Obtaining auth token..."
token=$(curl -fsS "${curl_flags[@]}" --location \
--request POST "https://${RUNAI_DOMAIN}/auth/realms/runai/protocol/openid-connect/token" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=runai' \
--data-urlencode "username=${RUNAI_USERNAME}" \
--data-urlencode "password=${RUNAI_PASSWORD}" \
--data-urlencode 'scope=openid' \
--data-urlencode 'response_type=id_token' | jq -r .access_token)
[[ -n "${token}" && "${token}" != "null" ]] || die "Failed to get auth token."
# --- Create or find cluster ---
log "Creating cluster '${RUNAI_CLUSTER_NAME}'..."
create_response=$(curl -sS "${curl_flags[@]}" -w "\n%{http_code}" \
-X POST "https://${RUNAI_DOMAIN}/api/v1/clusters" \
-H "Authorization: Bearer ${token}" \
-H "Content-Type: application/json" \
-H "accept: application/json" \
-d "{\"name\":\"${RUNAI_CLUSTER_NAME}\",\"version\":\"${RUNAI_VERSION}\",\"domain\":\"${RUNAI_DOMAIN}\"}")
http_code=$(echo "${create_response}" | tail -1)
body=$(echo "${create_response}" | sed '$d')
if [[ "${http_code}" == "409" ]]; then
log "Cluster already exists, looking up UUID..."
uuid=$(curl -fsS "${curl_flags[@]}" \
"https://${RUNAI_DOMAIN}/api/v1/clusters" \
-H "Authorization: Bearer ${token}" \
-H "accept: application/json" \
| jq -r ".[] | select(.name==\"${RUNAI_CLUSTER_NAME}\") | .uuid")
else
uuid=$(echo "${body}" | jq -r .uuid)
fi
[[ -n "${uuid}" && "${uuid}" != "null" ]] || die "Failed to create or find cluster."
log "Cluster UUID: ${uuid}"
# --- Install cluster ---
log "Retrieving cluster install command..."
installationStr=$(curl -fsS "${curl_flags[@]}" \
"https://${RUNAI_DOMAIN}/api/v1/clusters/${uuid}/cluster-install-info?version=${RUNAI_VERSION}" \
-H 'accept: application/json' \
-H "Authorization: Bearer ${token}" \
-H 'Content-Type: application/json' | jq -r .installationStr)
[[ -n "${installationStr}" && "${installationStr}" != "null" ]] || die "Failed to get install string."
evalStr=$(echo "${installationStr}" | sed '1,2d' | sed ':a;N;$!ba;s/\n/ /g' | tr '\\' ' ')
# Normalize to "helm upgrade --install" so re-runs don't fail with "name still in use"
evalStr=$(echo "${evalStr}" | sed -E 's/helm (upgrade -i|upgrade --install|install) /helm upgrade --install /g')
[[ "${evalStr}" =~ ^helm[[:space:]] ]] || die "Invalid install command: ${evalStr}"
# The cluster chart reads the CA from a K8s secret (created by setup_prereqs).
# Set enabled + explicit secret name/key so the chart mounts the CA into all pods.
[[ "${evalStr}" == *"global.customCA.enabled"* ]] || evalStr="${evalStr} --set global.customCA.enabled=true"
evalStr="${evalStr} --set global.customCA.secret.name=runai-ca-cert --set global.customCA.secret.key=runai-ca.pem"
# Ensure the cluster chart repo exists (JFrog requires auth for cluster charts)
log "Adding RunAI cluster Helm repo..."
helm repo add runai https://runai.jfrog.io/artifactory/api/helm/run-ai-charts --force-update \
|| die "Failed to add runai Helm repo. Check RUNAI_JFROG_TOKEN and network."
helm repo update || die "Failed to update Helm repos."
log "Installing cluster..."
eval "${evalStr}"
PUBLIC_IP=$(curl -s ifconfig.me 2>/dev/null || echo "YOUR_PUBLIC_IP")
echo ""
echo "====================================================="
echo " Done! UI: https://${RUNAI_DOMAIN}"
echo " Login: ${RUNAI_USERNAME} / ${RUNAI_PASSWORD}"
echo "====================================================="
echo ""
echo "On your LOCAL machine, run:"
echo ""
echo " sudo bash -c 'echo \"${PUBLIC_IP} ${RUNAI_DOMAIN}\" >> /etc/hosts'"
echo ""
echo "Then open https://${RUNAI_DOMAIN} and accept the cert warning."
echo ""