From 4a6749b5a6a96aaae0267ccec1091c8d7ffbda36 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Tue, 9 Jul 2024 11:51:57 -0300
Subject: [PATCH] ci: add auth pod
---
k8s/auth.yaml | 116 +++++++++++++++++++++++++++++++++++++++++
k8s/kustomization.yaml | 1 +
2 files changed, 117 insertions(+)
create mode 100644 k8s/auth.yaml
diff --git a/k8s/auth.yaml b/k8s/auth.yaml
new file mode 100644
index 000000000..8aa1d53cb
--- /dev/null
+++ b/k8s/auth.yaml
@@ -0,0 +1,116 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 2
+ selector:
+ matchLabels:
+ app: auth
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: auth
+ spec:
+ securityContext:
+ runAsNonRoot: true
+ containers:
+ # -----------------------------------------------------
+ # ScoutAPM Container
+ # -----------------------------------------------------
+ - name: scoutapm
+ image: "scoutapp/scoutapm:version-1.4.0"
+ imagePullPolicy: IfNotPresent
+ # Replace command with one that will shut down on a TERM signal
+ # The ./core-agent start command line is from the scoutapm docker image
+ command:
+ - "sh"
+ - "-c"
+ - >-
+ trap './core-agent shutdown --tcp 0.0.0.0:6590' TERM;
+ ./core-agent start --daemonize false --log-level debug --tcp 0.0.0.0:6590 &
+ wait $!
+ livenessProbe:
+ exec:
+ command:
+ - "sh"
+ - "-c"
+ - "./core-agent probe --tcp 0.0.0.0:6590 | grep -q 'Agent found'"
+ securityContext:
+ readOnlyRootFilesystem: true
+ runAsUser: 65534 # "nobody" user by default
+ runAsGroup: 65534 # "nogroup" group by default
+ # -----------------------------------------------------
+ # Datatracker Container
+ # -----------------------------------------------------
+ - name: datatracker
+ image: "ghcr.io/ietf-tools/datatracker:$APP_IMAGE_TAG"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8000
+ name: http
+ protocol: TCP
+ volumeMounts:
+ - name: dt-vol
+ mountPath: /a
+ - name: dt-tmp
+ mountPath: /tmp
+ - name: dt-home
+ mountPath: /home/datatracker
+ - name: dt-xml2rfc-cache
+ mountPath: /var/cache/xml2rfc
+ - name: dt-cfg
+ mountPath: /workspace/ietf/settings_local.py
+ subPath: settings_local.py
+ env:
+ - name: "CONTAINER_ROLE"
+ value: "datatracker"
+ # ensures the pod gets recreated on every deploy:
+ - name: "DEPLOY_UID"
+ value: "$DEPLOY_UID"
+ envFrom:
+ - configMapRef:
+ name: django-config
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsUser: 1000
+ runAsGroup: 1000
+ volumes:
+ # To be overriden with the actual shared volume
+ - name: dt-vol
+ - name: dt-tmp
+ emptyDir:
+ sizeLimit: "2Gi"
+ - name: dt-xml2rfc-cache
+ emptyDir:
+ sizeLimit: "2Gi"
+ - name: dt-home
+ emptyDir:
+ sizeLimit: "2Gi"
+ - name: dt-cfg
+ configMap:
+ name: files-cfgmap
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ terminationGracePeriodSeconds: 60
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: auth
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: auth
diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml
index e618bb630..cfc17f35d 100644
--- a/k8s/kustomization.yaml
+++ b/k8s/kustomization.yaml
@@ -5,6 +5,7 @@ configMapGenerator:
files:
- settings_local.py
resources:
+ - auth.yaml
- beat.yaml
- celery.yaml
- datatracker.yaml