altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 4 Packages Projects Releases Wiki Activity

ci: nearly deployable helm chart (wip) (#7176)

Browse source 
* style: CRLF -> LF

* build: Use AppVersion for image

* chore: Helm YAML indent_size = 2

* ci: Deploy settings_local.py via helm

* ci: misc progress on the helm chart (WIP)

* ci: move configmap to env in values.yaml

* ci: Refactor env and configmap formats

* ci: merge fixup + helm debugging

* ci: Fix rabbitmq.yaml and its values

* ci: fix up other deployments

* ci: fix copy error in beat.yaml and celery.yaml

* ci: install correct images and volumes
This commit is contained in:
Jennifer Richards 2024-03-12 18:40:07 -03:00 committed by Nicolas Giard
parent bf74f2db31
commit 6ed19bb2ab
16 changed files with 437 additions and 196 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.editorconfig
View file

@ -50,3 +50,9 @@ indent_size = 2
[ietf/**.html]
insert_final_newline = false
# Settings for Helm chart yaml
# ---------------------------------------------------------
# Use 2-space indents
[helm/**.yaml]
indent_size = 2

121
helm/settings_local.py Normal file
View file

@ -0,0 +1,121 @@
# Copyright The IETF Trust 2007-2024, All Rights Reserved
# -*- coding: utf-8 -*-
from ietf.settings import * # pyflakes:ignore
ALLOWED_HOSTS = ['*']
DATABASES = {
"default": {
"HOST": os.environ.get("DBHOST", "db"),
"PORT": os.environ.get("DBPORT", "5432"),
"NAME": os.environ.get("DBNAME", "datatracker"),
"ENGINE": "django.db.backends.postgresql",
"USER": os.environ.get("DBUSER", "django"),
"PASSWORD": os.environ.get("DBPASS", ""),
},
}
SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY")
CELERY_BROKER_URL = os.environ.get("CELERY_BROKER_URL")
IDSUBMIT_IDNITS_BINARY = "/usr/local/bin/idnits"
IDSUBMIT_REPOSITORY_PATH = "/test/id/"
IDSUBMIT_STAGING_PATH = "/test/staging/"
AGENDA_PATH = "/assets/www6s/proceedings/"
MEETINGHOST_LOGO_PATH = AGENDA_PATH
USING_DEBUG_EMAIL_SERVER=True
EMAIL_HOST= "localhost"
EMAIL_PORT=2025
MEDIA_BASE_DIR = "/assets"
MEDIA_ROOT = MEDIA_BASE_DIR + "/media/"
MEDIA_URL = "/media/"
PHOTOS_DIRNAME = "photo"
PHOTOS_DIR = MEDIA_ROOT + PHOTOS_DIRNAME
SUBMIT_YANG_CATALOG_MODEL_DIR = "/assets/ietf-ftp/yang/catalogmod/"
SUBMIT_YANG_DRAFT_MODEL_DIR = "/assets/ietf-ftp/yang/draftmod/"
SUBMIT_YANG_INVAL_MODEL_DIR = "/assets/ietf-ftp/yang/invalmod/"
SUBMIT_YANG_IANA_MODEL_DIR = "/assets/ietf-ftp/yang/ianamod/"
SUBMIT_YANG_RFC_MODEL_DIR = "/assets/ietf-ftp/yang/rfcmod/"
# Set INTERNAL_IPS for use within Docker. See https://knasmueller.net/fix-djangos-debug-toolbar-not-showing-inside-docker
import socket
hostname, _, ips = socket.gethostbyname_ex(socket.gethostname())
INTERNAL_IPS = [".".join(ip.split(".")[:-1] + ["1"]) for ip in ips]
# DEV_TEMPLATE_CONTEXT_PROCESSORS = [
# 'ietf.context_processors.sql_debug',
# ]
DOCUMENT_PATH_PATTERN = "/assets/ietfdata/doc/{doc.type_id}/"
INTERNET_DRAFT_PATH = "/assets/ietf-ftp/internet-drafts/"
RFC_PATH = "/assets/ietf-ftp/rfc/"
CHARTER_PATH = "/assets/ietf-ftp/charter/"
BOFREQ_PATH = "/assets/ietf-ftp/bofreq/"
CONFLICT_REVIEW_PATH = "/assets/ietf-ftp/conflict-reviews/"
STATUS_CHANGE_PATH = "/assets/ietf-ftp/status-changes/"
INTERNET_DRAFT_ARCHIVE_DIR = "/assets/archive/id"
INTERNET_ALL_DRAFTS_ARCHIVE_DIR = "/assets/archive/id"
BIBXML_BASE_PATH = "/assets/ietfdata/derived/bibxml"
IDSUBMIT_REPOSITORY_PATH = INTERNET_DRAFT_PATH
NOMCOM_PUBLIC_KEYS_DIR = "data/nomcom_keys/public_keys/"
SLIDE_STAGING_PATH = "/test/staging/"
# todo check that de-gfm is in place
DE_GFM_BINARY = "/usr/local/bin/de-gfm"
# OIDC configuration
SITE_URL = os.environ.get("OIDC_SITE_URL")
# todo: parameterize memcached url in settings.py
MEMCACHED_HOST = os.environ.get("DTH_DATATRACKER_MEMCACHED_SERVICE_HOST", "127.0.0.1")
MEMCACHED_PORT = os.environ.get("DTH_DATATRACKER_MEMCACHED_SERVICE_PORT", "11211")
from ietf import __version__
CACHES = {
"default": {
"BACKEND": "ietf.utils.cache.LenientMemcacheCache",
"LOCATION": f"{MEMCACHED_HOST}:{MEMCACHED_PORT}",
"VERSION": __version__,
"KEY_PREFIX": "ietf:dt",
"KEY_FUNCTION": lambda key, key_prefix, version: (
f"{key_prefix}:{version}:{sha384(str(key).encode('utf8')).hexdigest()}"
),
},
"sessions": {
"BACKEND": "ietf.utils.cache.LenientMemcacheCache",
"LOCATION": f"{MEMCACHED_HOST}:{MEMCACHED_PORT}",
# No release-specific VERSION setting.
"KEY_PREFIX": "ietf:dt",
},
"htmlized": {
"BACKEND": "django.core.cache.backends.filebased.FileBasedCache",
"LOCATION": "/a/cache/datatracker/htmlized",
"OPTIONS": {
"MAX_ENTRIES": 100000, # 100,000
},
},
"pdfized": {
"BACKEND": "django.core.cache.backends.filebased.FileBasedCache",
"LOCATION": "/a/cache/datatracker/pdfized",
"OPTIONS": {
"MAX_ENTRIES": 100000, # 100,000
},
},
"slowpages": {
"BACKEND": "django.core.cache.backends.filebased.FileBasedCache",
"LOCATION": "/a/cache/datatracker/slowpages",
"OPTIONS": {
"MAX_ENTRIES": 5000,
},
},
}
# Normally only set for debug, but needed until we have a real FS
DJANGO_VITE_MANIFEST_PATH = os.path.join(BASE_DIR, 'static/dist-neue/manifest.json')

2
helm/templates/_helpers.tpl
View file

@ -176,4 +176,4 @@ Create the name of the service account to use
{{- else -}}
{{ default "default" .Values.serviceAccounts.memcached.name }}
{{- end -}}
{{- end }}
{{- end }}

7
helm/templates/configmap.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: django-configmap
data:
settings_local.py: |-
{{- .Files.Get "settings_local.py" | indent 4 }}

139
helm/templates/deployments/beat.yaml
View file

@ -1,67 +1,72 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datatracker.fullname" . }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "datatracker.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "datatracker.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
env:
CONTAINER_ROLE: beat
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8000
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
startupProbe:
{{- toYaml .Values.startupProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datatracker.beat.fullname" . }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
spec:
{{- $podValues := .Values.beat }}
replicas: {{ $podValues.replicaCount }}
revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "datatracker.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "datatracker.selectorLabels" . | nindent 8 }}
spec:
{{- with $podValues.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datatracker.serviceAccountName.beat" . }}
securityContext:
{{- toYaml $podValues.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml $podValues.securityContext | nindent 12 }}
image: "{{ $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}"
imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }}
env:
- name: "CONTAINER_ROLE"
value: "beat"
{{- if .Values.env }}
{{- range $key, $val := .Values.env }}
- name: {{ $key | quote }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- with $podValues.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8000
protocol: TCP
livenessProbe:
{{- toYaml $podValues.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml $podValues.readinessProbe | nindent 12 }}
startupProbe:
{{- toYaml $podValues.startupProbe | nindent 12 }}
resources:
{{- toYaml $podValues.resources | nindent 12 }}
{{- with $podValues.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $podValues.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $podValues.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $podValues.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

45
helm/templates/deployments/celery.yaml
View file

@ -1,12 +1,13 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datatracker.fullname" . }}
name: {{ include "datatracker.celery.fullname" . }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- $podValues := .Values.celery }}
replicas: {{ $podValues.replicaCount }}
revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "datatracker.selectorLabels" . | nindent 6 }}
@ -15,25 +16,29 @@ spec:
labels:
{{- include "datatracker.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
{{- with $podValues.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
serviceAccountName: {{ include "datatracker.serviceAccountName.celery" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- toYaml $podValues.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
{{- toYaml $podValues.securityContext | nindent 12 }}
image: "{{ $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}"
imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }}
env:
CONTAINER_ROLE: celery
- name: "CONTAINER_ROLE"
value: "celery"
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
{{- range $key, $val := .Values.env }}
- name: {{ $key | quote }}
value: {{ $val | quote }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- end }}
{{- with $podValues.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -42,26 +47,26 @@ spec:
containerPort: 8000
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- toYaml $podValues.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- toYaml $podValues.readinessProbe | nindent 12 }}
startupProbe:
{{- toYaml .Values.startupProbe | nindent 12 }}
{{- toYaml $podValues.startupProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
{{- toYaml $podValues.resources | nindent 12 }}
{{- with $podValues.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with $podValues.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with $podValues.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
{{- with $podValues.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

47
helm/templates/deployments/datatracker.yaml
View file

@ -1,12 +1,13 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datatracker.fullname" . }}
name: {{ include "datatracker.datatracker.fullname" . }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- $podValues := .Values.datatracker }}
replicas: {{ $podValues.replicaCount }}
revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "datatracker.selectorLabels" . | nindent 6 }}
@ -15,25 +16,29 @@ spec:
labels:
{{- include "datatracker.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
{{- with $podValues.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
serviceAccountName: {{ include "datatracker.serviceAccountName.datatracker" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- toYaml $podValues.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
{{- toYaml $podValues.securityContext | nindent 12 }}
image: "{{ $podValues.image.repository }}:{{ default .Chart.AppVersion $podValues.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }}
env:
CONTAINER_ROLE: datatracker
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
- name: "CONTAINER_ROLE"
value: "datatracker"
{{- if $.Values.env }}
{{- range $key, $val := $.Values.env }}
- name: {{ $key | quote }}
value: {{ $val | quote }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- end }}
{{- with $podValues.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -42,26 +47,26 @@ spec:
containerPort: 8000
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- toYaml $podValues.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- toYaml $podValues.readinessProbe | nindent 12 }}
startupProbe:
{{- toYaml .Values.startupProbe | nindent 12 }}
{{- toYaml $podValues.startupProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
{{- toYaml $podValues.resources | nindent 12 }}
{{- with $podValues.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with $podValues.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with $podValues.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
{{- with $podValues.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

43
helm/templates/deployments/memcached.yaml
View file

@ -1,12 +1,13 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datatracker.fullname" . }}
name: {{ include "datatracker.memcached.fullname" . }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- $podValues := .Values.memcached }}
replicas: {{ $podValues.replicaCount }}
revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "datatracker.selectorLabels" . | nindent 6 }}
@ -15,25 +16,27 @@ spec:
labels:
{{- include "datatracker.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
{{- with $podValues.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
serviceAccountName: {{ include "datatracker.serviceAccountName.memcached" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- toYaml $podValues.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
{{- toYaml $podValues.securityContext | nindent 12 }}
image: "{{ $podValues.image.repository }}:{{ default "latest" $podValues.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }}
env:
CONTAINER_ROLE: beat
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
{{- range $key, $val := .Values.env }}
- name: {{ $key | quote }}
value: {{ $val | quote }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- end }}
{{- with $podValues.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -42,26 +45,26 @@ spec:
containerPort: 8000
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- toYaml $podValues.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- toYaml $podValues.readinessProbe | nindent 12 }}
startupProbe:
{{- toYaml .Values.startupProbe | nindent 12 }}
{{- toYaml $podValues.startupProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
{{- toYaml $podValues.resources | nindent 12 }}
{{- with $podValues.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with $podValues.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with $podValues.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
{{- with $podValues.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

43
helm/templates/deployments/rabbitmq.yaml
View file

@ -1,12 +1,13 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datatracker.fullname" . }}
name: {{ include "datatracker.rabbitmq.fullname" . }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- $podValues := .Values.rabbitmq }}
replicas: {{ $podValues.replicaCount }}
revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "datatracker.selectorLabels" . | nindent 6 }}
@ -15,25 +16,27 @@ spec:
labels:
{{- include "datatracker.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
{{- with $podValues.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
serviceAccountName: {{ include "datatracker.serviceAccountName.rabbitmq" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- toYaml $podValues.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
{{- toYaml $podValues.securityContext | nindent 12 }}
image: "{{ $podValues.image.repository }}:{{ default "latest" $podValues.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" $podValues.image.pullPolicy }}
env:
CONTAINER_ROLE: beat
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
{{- range $key, $val := .Values.env }}
- name: {{ $key | quote }}
value: {{ $val | quote }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- end }}
{{- with $podValues.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -42,26 +45,26 @@ spec:
containerPort: 8000
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
{{- toYaml $podValues.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
{{- toYaml $podValues.readinessProbe | nindent 12 }}
startupProbe:
{{- toYaml .Values.startupProbe | nindent 12 }}
{{- toYaml $podValues.startupProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
{{- toYaml $podValues.resources | nindent 12 }}
{{- with $podValues.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with $podValues.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with $podValues.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
{{- with $podValues.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}

4
helm/templates/ingress.yaml
View file

@ -1,6 +1,6 @@
{{- if .Values.datatracker.ingress.enabled -}}
{{- $fullName := include "datatracker.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- $svcPort := .Values.datatracker.service.port -}}
{{- if and .Values.datatracker.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.datatracker.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.datatracker.ingress.annotations "kubernetes.io/ingress.class" .Values.datatracker.ingress.className}}
@ -58,4 +58,4 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

4
helm/templates/rbac/beat-serviceaccount.yaml
View file

@ -4,9 +4,9 @@ kind: ServiceAccount
metadata:
name: {{ include "datatracker.serviceAccountName.beat" . }}
labels:
{{- include "datatracker.beat.labels" . | nindent 4 }}
{{- include "datatracker.labels" . | nindent 4 }}
{{- with .Values.serviceAccounts.beat.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
{{- end -}}

4
helm/templates/rbac/celery-serviceaccount.yaml
View file

@ -4,9 +4,9 @@ kind: ServiceAccount
metadata:
name: {{ include "datatracker.serviceAccountName.celery" . }}
labels:
{{- include "datatracker.celery.labels" . | nindent 4 }}
{{- include "datatracker.labels" . | nindent 4 }}
{{- with .Values.serviceAccounts.celery.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
{{- end -}}

4
helm/templates/rbac/datatracker-serviceaccount.yaml
View file

@ -4,9 +4,9 @@ kind: ServiceAccount
metadata:
name: {{ include "datatracker.serviceAccountName.datatracker" . }}
labels:
{{- include "datatracker.datatracker.labels" . | nindent 4 }}
{{- include "datatracker.labels" . | nindent 4 }}
{{- with .Values.serviceAccounts.datatracker.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
{{- end -}}

4
helm/templates/rbac/memcached-serviceaccount.yaml
View file

@ -4,9 +4,9 @@ kind: ServiceAccount
metadata:
name: {{ include "datatracker.serviceAccountName.memcached" . }}
labels:
{{- include "datatracker.memcached.labels" . | nindent 4 }}
{{- include "datatracker.labels" . | nindent 4 }}
{{- with .Values.serviceAccounts.memcached.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
{{- end -}}

4
helm/templates/rbac/rabbitmq-serviceaccount.yaml
View file

@ -4,9 +4,9 @@ kind: ServiceAccount
metadata:
name: {{ include "datatracker.serviceAccountName.rabbitmq" . }}
labels:
{{- include "datatracker.rabbitmq.labels" . | nindent 4 }}
{{- include "datatracker.labels" . | nindent 4 }}
{{- with .Values.serviceAccounts.rabbitmq.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
{{- end -}}

156
helm/values.yaml
View file

@ -7,23 +7,23 @@
serviceAccounts:
datatracker:
create: true
name:
name: datatracker
annotations: {}
celery:
create: true
name:
name: celery
annotations: {}
beat:
create: true
name:
name: beat
annotations: {}
rabbitmq:
create: true
name:
name: rabbitmq
annotations: {}
memcached:
create: true
name:
name: memcached
annotations: {}
# -------------------------------------------------------------
@ -31,6 +31,7 @@ serviceAccounts:
# -------------------------------------------------------------
datatracker:
name: datatracker
image:
repository: "ghcr.io/ietf-tools/datatracker"
pullPolicy: IfNotPresent
@ -59,7 +60,8 @@ datatracker:
livenessProbe:
httpGet:
path: /health
# /submit/tool-instructions/ just happens to be cheap until we get a real health endpoint
path: /submit/tool-instructions/
port: http
podAnnotations: {}
@ -68,10 +70,11 @@ datatracker:
podSecurityContext: {}
# fsGroup: 2000
readinessProbe:
httpGet:
path: /health
port: http
#readinessProbe:
# httpGet:
# # /submit/tool-instructions/ just happens to be cheap until we get a real health endpoint
# path: /submit/tool-instructions/
# port: http
replicaCount: 1
@ -117,18 +120,36 @@ datatracker:
successThreshold: 1
failureThreshold: 60
httpGet:
path: /health
# /submit/tool-instructions/ just happens to be cheap until we get a real health endpoint
path: /submit/tool-instructions/
port: http
# Additional volumes on the output Deployment definition.
volumes: []
volumes:
- name: settings-local-volume
configMap:
name: django-configmap
- name: cache-volume
emptyDir:
sizeLimit: 1Gi
- name: staging-volume
emptyDir:
sizeLimit: 1Gi
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
volumeMounts:
- name: settings-local-volume
mountPath: /workspace/ietf/settings_local.py
subPath: settings_local.py
readOnly: true
- name: cache-volume
mountPath: "/a/cache"
- name: staging-volume
mountPath: "/test/staging"
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
@ -144,6 +165,7 @@ datatracker:
# -------------------------------------------------------------
celery:
name: celery
image:
repository: "ghcr.io/ietf-tools/datatracker"
pullPolicy: IfNotPresent
@ -156,7 +178,10 @@ celery:
livenessProbe:
exec:
command: celery inspect ping
command:
- celery
- inspect
- ping
periodSeconds: 30
timeoutSeconds: 5
@ -210,17 +235,37 @@ celery:
successThreshold: 1
failureThreshold: 60
exec:
command: celery inspect ping
command:
- celery
- inspect
- ping
# Additional volumes on the output Deployment definition.
volumes: []
volumes:
- name: settings-local-volume
configMap:
name: django-configmap
- name: cache-volume
emptyDir:
sizeLimit: 1Gi
- name: staging-volume
emptyDir:
sizeLimit: 1Gi
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
volumeMounts:
- name: settings-local-volume
mountPath: /workspace/ietf/settings_local.py
subPath: settings_local.py
readOnly: true
- name: cache-volume
mountPath: "/a/cache"
- name: staging-volume
mountPath: "/test/staging"
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
@ -236,6 +281,7 @@ celery:
# -------------------------------------------------------------
beat:
name: beat
image:
repository: "ghcr.io/ietf-tools/datatracker"
pullPolicy: IfNotPresent
@ -248,7 +294,10 @@ beat:
livenessProbe:
exec:
command: celery inspect ping
command:
- celery
- inspect
- ping
periodSeconds: 30
timeoutSeconds: 5
@ -302,17 +351,37 @@ beat:
successThreshold: 1
failureThreshold: 60
exec:
command: celery inspect ping
command:
- celery
- inspect
- ping
# Additional volumes on the output Deployment definition.
volumes: []
volumes:
- name: settings-local-volume
configMap:
name: django-configmap
- name: cache-volume
emptyDir:
sizeLimit: 1Gi
- name: staging-volume
emptyDir:
sizeLimit: 1Gi
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
volumeMounts:
- name: settings-local-volume
mountPath: /workspace/ietf/settings_local.py
subPath: settings_local.py
readOnly: true
- name: cache-volume
mountPath: "/a/cache"
- name: staging-volume
mountPath: "/test/staging"
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
@ -328,6 +397,7 @@ beat:
# -------------------------------------------------------------
rabbitmq:
name: rabbitmq
image:
repository: "ghcr.io/ietf-tools/datatracker-mq"
pullPolicy: IfNotPresent
@ -339,7 +409,10 @@ rabbitmq:
livenessProbe:
exec:
command: rabbitmq-diagnostics -q ping
command:
- rabbitmq-diagnostics
- -q
- ping
periodSeconds: 30
timeoutSeconds: 5
@ -393,20 +466,23 @@ rabbitmq:
successThreshold: 1
failureThreshold: 60
exec:
command: rabbitmq-diagnostics -q ping
command:
- rabbitmq-diagnostics
- -q
- ping
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
tolerations: []
@ -419,10 +495,11 @@ rabbitmq:
# -------------------------------------------------------------
memcached:
name: memcached
image:
repository: "memcached"
pullPolicy: IfNotPresent
tag: "latest"
tag: "1.6-alpine"
imagePullSecrets: []
nameOverride: ""
@ -458,7 +535,7 @@ memcached:
service:
type: ClusterIP
port: 80
port: 11211
serviceAccount:
# Specifies whether a service account should be created
@ -486,4 +563,13 @@ autoscaling:
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
env:
# n.b., these are debug values / non-secret secrets
# DBHOST: "host.minikube.internal"
# DBPORT: "5432"
DBNAME: "datatracker"
DBUSER: "django"
DBPASS: "RkTkDPFnKpko"
DJANGO_SECRET_KEY: "PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHk"