diff --git a/.editorconfig b/.editorconfig index d6eafe8d8..35c9168a2 100644 --- a/.editorconfig +++ b/.editorconfig @@ -50,3 +50,9 @@ indent_size = 2 [ietf/**.html] insert_final_newline = false + +# Settings for Helm chart yaml +# --------------------------------------------------------- +# Use 2-space indents +[helm/**.yaml] +indent_size = 2 \ No newline at end of file diff --git a/helm/settings_local.py b/helm/settings_local.py new file mode 100644 index 000000000..3434b5420 --- /dev/null +++ b/helm/settings_local.py @@ -0,0 +1,121 @@ +# Copyright The IETF Trust 2007-2024, All Rights Reserved +# -*- coding: utf-8 -*- + +from ietf.settings import * # pyflakes:ignore + +ALLOWED_HOSTS = ['*'] + +DATABASES = { + "default": { + "HOST": os.environ.get("DBHOST", "db"), + "PORT": os.environ.get("DBPORT", "5432"), + "NAME": os.environ.get("DBNAME", "datatracker"), + "ENGINE": "django.db.backends.postgresql", + "USER": os.environ.get("DBUSER", "django"), + "PASSWORD": os.environ.get("DBPASS", ""), + }, +} + +SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY") + +CELERY_BROKER_URL = os.environ.get("CELERY_BROKER_URL") + +IDSUBMIT_IDNITS_BINARY = "/usr/local/bin/idnits" +IDSUBMIT_REPOSITORY_PATH = "/test/id/" +IDSUBMIT_STAGING_PATH = "/test/staging/" + +AGENDA_PATH = "/assets/www6s/proceedings/" +MEETINGHOST_LOGO_PATH = AGENDA_PATH + +USING_DEBUG_EMAIL_SERVER=True +EMAIL_HOST= "localhost" +EMAIL_PORT=2025 + +MEDIA_BASE_DIR = "/assets" +MEDIA_ROOT = MEDIA_BASE_DIR + "/media/" +MEDIA_URL = "/media/" + +PHOTOS_DIRNAME = "photo" +PHOTOS_DIR = MEDIA_ROOT + PHOTOS_DIRNAME + +SUBMIT_YANG_CATALOG_MODEL_DIR = "/assets/ietf-ftp/yang/catalogmod/" +SUBMIT_YANG_DRAFT_MODEL_DIR = "/assets/ietf-ftp/yang/draftmod/" +SUBMIT_YANG_INVAL_MODEL_DIR = "/assets/ietf-ftp/yang/invalmod/" +SUBMIT_YANG_IANA_MODEL_DIR = "/assets/ietf-ftp/yang/ianamod/" +SUBMIT_YANG_RFC_MODEL_DIR = "/assets/ietf-ftp/yang/rfcmod/" + +# Set INTERNAL_IPS for use within Docker. See https://knasmueller.net/fix-djangos-debug-toolbar-not-showing-inside-docker +import socket +hostname, _, ips = socket.gethostbyname_ex(socket.gethostname()) +INTERNAL_IPS = [".".join(ip.split(".")[:-1] + ["1"]) for ip in ips] + +# DEV_TEMPLATE_CONTEXT_PROCESSORS = [ +# 'ietf.context_processors.sql_debug', +# ] + +DOCUMENT_PATH_PATTERN = "/assets/ietfdata/doc/{doc.type_id}/" +INTERNET_DRAFT_PATH = "/assets/ietf-ftp/internet-drafts/" +RFC_PATH = "/assets/ietf-ftp/rfc/" +CHARTER_PATH = "/assets/ietf-ftp/charter/" +BOFREQ_PATH = "/assets/ietf-ftp/bofreq/" +CONFLICT_REVIEW_PATH = "/assets/ietf-ftp/conflict-reviews/" +STATUS_CHANGE_PATH = "/assets/ietf-ftp/status-changes/" +INTERNET_DRAFT_ARCHIVE_DIR = "/assets/archive/id" +INTERNET_ALL_DRAFTS_ARCHIVE_DIR = "/assets/archive/id" +BIBXML_BASE_PATH = "/assets/ietfdata/derived/bibxml" +IDSUBMIT_REPOSITORY_PATH = INTERNET_DRAFT_PATH + +NOMCOM_PUBLIC_KEYS_DIR = "data/nomcom_keys/public_keys/" +SLIDE_STAGING_PATH = "/test/staging/" + +# todo check that de-gfm is in place +DE_GFM_BINARY = "/usr/local/bin/de-gfm" + +# OIDC configuration +SITE_URL = os.environ.get("OIDC_SITE_URL") + +# todo: parameterize memcached url in settings.py +MEMCACHED_HOST = os.environ.get("DTH_DATATRACKER_MEMCACHED_SERVICE_HOST", "127.0.0.1") +MEMCACHED_PORT = os.environ.get("DTH_DATATRACKER_MEMCACHED_SERVICE_PORT", "11211") +from ietf import __version__ +CACHES = { + "default": { + "BACKEND": "ietf.utils.cache.LenientMemcacheCache", + "LOCATION": f"{MEMCACHED_HOST}:{MEMCACHED_PORT}", + "VERSION": __version__, + "KEY_PREFIX": "ietf:dt", + "KEY_FUNCTION": lambda key, key_prefix, version: ( + f"{key_prefix}:{version}:{sha384(str(key).encode('utf8')).hexdigest()}" + ), + }, + "sessions": { + "BACKEND": "ietf.utils.cache.LenientMemcacheCache", + "LOCATION": f"{MEMCACHED_HOST}:{MEMCACHED_PORT}", + # No release-specific VERSION setting. + "KEY_PREFIX": "ietf:dt", + }, + "htmlized": { + "BACKEND": "django.core.cache.backends.filebased.FileBasedCache", + "LOCATION": "/a/cache/datatracker/htmlized", + "OPTIONS": { + "MAX_ENTRIES": 100000, # 100,000 + }, + }, + "pdfized": { + "BACKEND": "django.core.cache.backends.filebased.FileBasedCache", + "LOCATION": "/a/cache/datatracker/pdfized", + "OPTIONS": { + "MAX_ENTRIES": 100000, # 100,000 + }, + }, + "slowpages": { + "BACKEND": "django.core.cache.backends.filebased.FileBasedCache", + "LOCATION": "/a/cache/datatracker/slowpages", + "OPTIONS": { + "MAX_ENTRIES": 5000, + }, + }, +} + +# Normally only set for debug, but needed until we have a real FS +DJANGO_VITE_MANIFEST_PATH = os.path.join(BASE_DIR, 'static/dist-neue/manifest.json') diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 0f6d45585..4da0ff5df 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -176,4 +176,4 @@ Create the name of the service account to use {{- else -}} {{ default "default" .Values.serviceAccounts.memcached.name }} {{- end -}} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml new file mode 100644 index 000000000..904efe862 --- /dev/null +++ b/helm/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap +data: + settings_local.py: |- + {{- .Files.Get "settings_local.py" | indent 4 }} diff --git a/helm/templates/deployments/beat.yaml b/helm/templates/deployments/beat.yaml index 41f76b7f4..bfb3e99b1 100644 --- a/helm/templates/deployments/beat.yaml +++ b/helm/templates/deployments/beat.yaml @@ -1,67 +1,72 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "datatracker.fullname" . }} - labels: - {{- include "datatracker.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "datatracker.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "datatracker.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "datatracker.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} - env: - CONTAINER_ROLE: beat - {{- if .Values.env }} - {{- toYaml .Values.env | nindent 12 }} - {{- end }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 8000 - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - startupProbe: - {{- toYaml .Values.startupProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "datatracker.beat.fullname" . }} + labels: + {{- include "datatracker.labels" . | nindent 4 }} +spec: + {{- $podValues := .Values.beat }} + replicas: {{ $podValues.replicaCount }} + revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "datatracker.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "datatracker.selectorLabels" . | nindent 8 }} + spec: + {{- with $podValues.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "datatracker.serviceAccountName.beat" . }} + securityContext: + {{- toYaml $podValues.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml $podValues.securityContext | nindent 12 }} + image: "{{ $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}" + imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }} + env: + - name: "CONTAINER_ROLE" + value: "beat" + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + {{- with $podValues.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + livenessProbe: + {{- toYaml $podValues.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml $podValues.readinessProbe | nindent 12 }} + startupProbe: + {{- toYaml $podValues.startupProbe | nindent 12 }} + resources: + {{- toYaml $podValues.resources | nindent 12 }} + {{- with $podValues.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $podValues.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $podValues.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $podValues.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/templates/deployments/celery.yaml b/helm/templates/deployments/celery.yaml index f34678307..ab12ce66e 100644 --- a/helm/templates/deployments/celery.yaml +++ b/helm/templates/deployments/celery.yaml @@ -1,12 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "datatracker.fullname" . }} + name: {{ include "datatracker.celery.fullname" . }} labels: {{- include "datatracker.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- $podValues := .Values.celery }} + replicas: {{ $podValues.replicaCount }} + revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }} selector: matchLabels: {{- include "datatracker.selectorLabels" . | nindent 6 }} @@ -15,25 +16,29 @@ spec: labels: {{- include "datatracker.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with $podValues.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "datatracker.serviceAccountName" . }} + serviceAccountName: {{ include "datatracker.serviceAccountName.celery" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $podValues.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + {{- toYaml $podValues.securityContext | nindent 12 }} + image: "{{ $podValues.image.repository }}:{{ default .Chart.AppVersion (default $.Values.datatracker.image.tag $podValues.image.tag) }}" + imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }} env: - CONTAINER_ROLE: celery + - name: "CONTAINER_ROLE" + value: "celery" {{- if .Values.env }} - {{- toYaml .Values.env | nindent 12 }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} {{- end }} - {{- with .Values.volumeMounts }} + {{- end }} + {{- with $podValues.volumeMounts }} volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} @@ -42,26 +47,26 @@ spec: containerPort: 8000 protocol: TCP livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- toYaml $podValues.livenessProbe | nindent 12 }} readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- toYaml $podValues.readinessProbe | nindent 12 }} startupProbe: - {{- toYaml .Values.startupProbe | nindent 12 }} + {{- toYaml $podValues.startupProbe | nindent 12 }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml $podValues.resources | nindent 12 }} + {{- with $podValues.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $podValues.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $podValues.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volumes }} + {{- with $podValues.volumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/templates/deployments/datatracker.yaml b/helm/templates/deployments/datatracker.yaml index 1f403787e..1ee4a7b6d 100644 --- a/helm/templates/deployments/datatracker.yaml +++ b/helm/templates/deployments/datatracker.yaml @@ -1,12 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "datatracker.fullname" . }} + name: {{ include "datatracker.datatracker.fullname" . }} labels: {{- include "datatracker.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- $podValues := .Values.datatracker }} + replicas: {{ $podValues.replicaCount }} + revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }} selector: matchLabels: {{- include "datatracker.selectorLabels" . | nindent 6 }} @@ -15,25 +16,29 @@ spec: labels: {{- include "datatracker.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with $podValues.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "datatracker.serviceAccountName" . }} + serviceAccountName: {{ include "datatracker.serviceAccountName.datatracker" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $podValues.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + {{- toYaml $podValues.securityContext | nindent 12 }} + image: "{{ $podValues.image.repository }}:{{ default .Chart.AppVersion $podValues.image.tag }}" + imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }} env: - CONTAINER_ROLE: datatracker - {{- if .Values.env }} - {{- toYaml .Values.env | nindent 12 }} + - name: "CONTAINER_ROLE" + value: "datatracker" + {{- if $.Values.env }} + {{- range $key, $val := $.Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} {{- end }} - {{- with .Values.volumeMounts }} + {{- end }} + {{- with $podValues.volumeMounts }} volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} @@ -42,26 +47,26 @@ spec: containerPort: 8000 protocol: TCP livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- toYaml $podValues.livenessProbe | nindent 12 }} readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- toYaml $podValues.readinessProbe | nindent 12 }} startupProbe: - {{- toYaml .Values.startupProbe | nindent 12 }} + {{- toYaml $podValues.startupProbe | nindent 12 }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml $podValues.resources | nindent 12 }} + {{- with $podValues.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $podValues.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $podValues.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volumes }} + {{- with $podValues.volumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/templates/deployments/memcached.yaml b/helm/templates/deployments/memcached.yaml index 41f76b7f4..02d440183 100644 --- a/helm/templates/deployments/memcached.yaml +++ b/helm/templates/deployments/memcached.yaml @@ -1,12 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "datatracker.fullname" . }} + name: {{ include "datatracker.memcached.fullname" . }} labels: {{- include "datatracker.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- $podValues := .Values.memcached }} + replicas: {{ $podValues.replicaCount }} + revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }} selector: matchLabels: {{- include "datatracker.selectorLabels" . | nindent 6 }} @@ -15,25 +16,27 @@ spec: labels: {{- include "datatracker.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with $podValues.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "datatracker.serviceAccountName" . }} + serviceAccountName: {{ include "datatracker.serviceAccountName.memcached" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $podValues.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + {{- toYaml $podValues.securityContext | nindent 12 }} + image: "{{ $podValues.image.repository }}:{{ default "latest" $podValues.image.tag }}" + imagePullPolicy: {{ default "IfNotPresent" $podValues.image.imagePullPolicy }} env: - CONTAINER_ROLE: beat {{- if .Values.env }} - {{- toYaml .Values.env | nindent 12 }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} {{- end }} - {{- with .Values.volumeMounts }} + {{- end }} + {{- with $podValues.volumeMounts }} volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} @@ -42,26 +45,26 @@ spec: containerPort: 8000 protocol: TCP livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- toYaml $podValues.livenessProbe | nindent 12 }} readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- toYaml $podValues.readinessProbe | nindent 12 }} startupProbe: - {{- toYaml .Values.startupProbe | nindent 12 }} + {{- toYaml $podValues.startupProbe | nindent 12 }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml $podValues.resources | nindent 12 }} + {{- with $podValues.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $podValues.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $podValues.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volumes }} + {{- with $podValues.volumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/templates/deployments/rabbitmq.yaml b/helm/templates/deployments/rabbitmq.yaml index 41f76b7f4..bf72d5b4b 100644 --- a/helm/templates/deployments/rabbitmq.yaml +++ b/helm/templates/deployments/rabbitmq.yaml @@ -1,12 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "datatracker.fullname" . }} + name: {{ include "datatracker.rabbitmq.fullname" . }} labels: {{- include "datatracker.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- $podValues := .Values.rabbitmq }} + replicas: {{ $podValues.replicaCount }} + revisionHistoryLimit: {{ $podValues.revisionHistoryLimit }} selector: matchLabels: {{- include "datatracker.selectorLabels" . | nindent 6 }} @@ -15,25 +16,27 @@ spec: labels: {{- include "datatracker.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with $podValues.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "datatracker.serviceAccountName" . }} + serviceAccountName: {{ include "datatracker.serviceAccountName.rabbitmq" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $podValues.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + {{- toYaml $podValues.securityContext | nindent 12 }} + image: "{{ $podValues.image.repository }}:{{ default "latest" $podValues.image.tag }}" + imagePullPolicy: {{ default "IfNotPresent" $podValues.image.pullPolicy }} env: - CONTAINER_ROLE: beat {{- if .Values.env }} - {{- toYaml .Values.env | nindent 12 }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} {{- end }} - {{- with .Values.volumeMounts }} + {{- end }} + {{- with $podValues.volumeMounts }} volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} @@ -42,26 +45,26 @@ spec: containerPort: 8000 protocol: TCP livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- toYaml $podValues.livenessProbe | nindent 12 }} readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- toYaml $podValues.readinessProbe | nindent 12 }} startupProbe: - {{- toYaml .Values.startupProbe | nindent 12 }} + {{- toYaml $podValues.startupProbe | nindent 12 }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml $podValues.resources | nindent 12 }} + {{- with $podValues.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $podValues.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $podValues.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volumes }} + {{- with $podValues.volumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml index 68034601a..be9207658 100644 --- a/helm/templates/ingress.yaml +++ b/helm/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.datatracker.ingress.enabled -}} {{- $fullName := include "datatracker.fullname" . -}} -{{- $svcPort := .Values.service.port -}} +{{- $svcPort := .Values.datatracker.service.port -}} {{- if and .Values.datatracker.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.datatracker.ingress.annotations "kubernetes.io/ingress.class") }} {{- $_ := set .Values.datatracker.ingress.annotations "kubernetes.io/ingress.class" .Values.datatracker.ingress.className}} @@ -58,4 +58,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/templates/rbac/beat-serviceaccount.yaml b/helm/templates/rbac/beat-serviceaccount.yaml index f9fa5830c..85331d76d 100644 --- a/helm/templates/rbac/beat-serviceaccount.yaml +++ b/helm/templates/rbac/beat-serviceaccount.yaml @@ -4,9 +4,9 @@ kind: ServiceAccount metadata: name: {{ include "datatracker.serviceAccountName.beat" . }} labels: - {{- include "datatracker.beat.labels" . | nindent 4 }} + {{- include "datatracker.labels" . | nindent 4 }} {{- with .Values.serviceAccounts.beat.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/helm/templates/rbac/celery-serviceaccount.yaml b/helm/templates/rbac/celery-serviceaccount.yaml index 267d1dce3..8f8876f08 100644 --- a/helm/templates/rbac/celery-serviceaccount.yaml +++ b/helm/templates/rbac/celery-serviceaccount.yaml @@ -4,9 +4,9 @@ kind: ServiceAccount metadata: name: {{ include "datatracker.serviceAccountName.celery" . }} labels: - {{- include "datatracker.celery.labels" . | nindent 4 }} + {{- include "datatracker.labels" . | nindent 4 }} {{- with .Values.serviceAccounts.celery.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/helm/templates/rbac/datatracker-serviceaccount.yaml b/helm/templates/rbac/datatracker-serviceaccount.yaml index 8f37799ba..67b38cf0f 100644 --- a/helm/templates/rbac/datatracker-serviceaccount.yaml +++ b/helm/templates/rbac/datatracker-serviceaccount.yaml @@ -4,9 +4,9 @@ kind: ServiceAccount metadata: name: {{ include "datatracker.serviceAccountName.datatracker" . }} labels: - {{- include "datatracker.datatracker.labels" . | nindent 4 }} + {{- include "datatracker.labels" . | nindent 4 }} {{- with .Values.serviceAccounts.datatracker.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/helm/templates/rbac/memcached-serviceaccount.yaml b/helm/templates/rbac/memcached-serviceaccount.yaml index ba150a406..6674dccff 100644 --- a/helm/templates/rbac/memcached-serviceaccount.yaml +++ b/helm/templates/rbac/memcached-serviceaccount.yaml @@ -4,9 +4,9 @@ kind: ServiceAccount metadata: name: {{ include "datatracker.serviceAccountName.memcached" . }} labels: - {{- include "datatracker.memcached.labels" . | nindent 4 }} + {{- include "datatracker.labels" . | nindent 4 }} {{- with .Values.serviceAccounts.memcached.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/helm/templates/rbac/rabbitmq-serviceaccount.yaml b/helm/templates/rbac/rabbitmq-serviceaccount.yaml index c9ce12748..e0b81d11f 100644 --- a/helm/templates/rbac/rabbitmq-serviceaccount.yaml +++ b/helm/templates/rbac/rabbitmq-serviceaccount.yaml @@ -4,9 +4,9 @@ kind: ServiceAccount metadata: name: {{ include "datatracker.serviceAccountName.rabbitmq" . }} labels: - {{- include "datatracker.rabbitmq.labels" . | nindent 4 }} + {{- include "datatracker.labels" . | nindent 4 }} {{- with .Values.serviceAccounts.rabbitmq.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/helm/values.yaml b/helm/values.yaml index 31f5e25cf..2c549382b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -7,23 +7,23 @@ serviceAccounts: datatracker: create: true - name: + name: datatracker annotations: {} celery: create: true - name: + name: celery annotations: {} beat: create: true - name: + name: beat annotations: {} rabbitmq: create: true - name: + name: rabbitmq annotations: {} memcached: create: true - name: + name: memcached annotations: {} # ------------------------------------------------------------- @@ -31,6 +31,7 @@ serviceAccounts: # ------------------------------------------------------------- datatracker: + name: datatracker image: repository: "ghcr.io/ietf-tools/datatracker" pullPolicy: IfNotPresent @@ -59,7 +60,8 @@ datatracker: livenessProbe: httpGet: - path: /health + # /submit/tool-instructions/ just happens to be cheap until we get a real health endpoint + path: /submit/tool-instructions/ port: http podAnnotations: {} @@ -68,10 +70,11 @@ datatracker: podSecurityContext: {} # fsGroup: 2000 - readinessProbe: - httpGet: - path: /health - port: http +#readinessProbe: +# httpGet: +# # /submit/tool-instructions/ just happens to be cheap until we get a real health endpoint +# path: /submit/tool-instructions/ +# port: http replicaCount: 1 @@ -117,18 +120,36 @@ datatracker: successThreshold: 1 failureThreshold: 60 httpGet: - path: /health + # /submit/tool-instructions/ just happens to be cheap until we get a real health endpoint + path: /submit/tool-instructions/ port: http # Additional volumes on the output Deployment definition. - volumes: [] + volumes: + - name: settings-local-volume + configMap: + name: django-configmap + - name: cache-volume + emptyDir: + sizeLimit: 1Gi + - name: staging-volume + emptyDir: + sizeLimit: 1Gi # - name: foo # secret: # secretName: mysecret # optional: false # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] + volumeMounts: + - name: settings-local-volume + mountPath: /workspace/ietf/settings_local.py + subPath: settings_local.py + readOnly: true + - name: cache-volume + mountPath: "/a/cache" + - name: staging-volume + mountPath: "/test/staging" # - name: foo # mountPath: "/etc/foo" # readOnly: true @@ -144,6 +165,7 @@ datatracker: # ------------------------------------------------------------- celery: + name: celery image: repository: "ghcr.io/ietf-tools/datatracker" pullPolicy: IfNotPresent @@ -156,7 +178,10 @@ celery: livenessProbe: exec: - command: celery inspect ping + command: + - celery + - inspect + - ping periodSeconds: 30 timeoutSeconds: 5 @@ -210,17 +235,37 @@ celery: successThreshold: 1 failureThreshold: 60 exec: - command: celery inspect ping + command: + - celery + - inspect + - ping # Additional volumes on the output Deployment definition. - volumes: [] + volumes: + - name: settings-local-volume + configMap: + name: django-configmap + - name: cache-volume + emptyDir: + sizeLimit: 1Gi + - name: staging-volume + emptyDir: + sizeLimit: 1Gi # - name: foo # secret: # secretName: mysecret # optional: false # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] + volumeMounts: + - name: settings-local-volume + mountPath: /workspace/ietf/settings_local.py + subPath: settings_local.py + readOnly: true + - name: cache-volume + mountPath: "/a/cache" + - name: staging-volume + mountPath: "/test/staging" # - name: foo # mountPath: "/etc/foo" # readOnly: true @@ -236,6 +281,7 @@ celery: # ------------------------------------------------------------- beat: + name: beat image: repository: "ghcr.io/ietf-tools/datatracker" pullPolicy: IfNotPresent @@ -248,7 +294,10 @@ beat: livenessProbe: exec: - command: celery inspect ping + command: + - celery + - inspect + - ping periodSeconds: 30 timeoutSeconds: 5 @@ -302,17 +351,37 @@ beat: successThreshold: 1 failureThreshold: 60 exec: - command: celery inspect ping + command: + - celery + - inspect + - ping # Additional volumes on the output Deployment definition. - volumes: [] + volumes: + - name: settings-local-volume + configMap: + name: django-configmap + - name: cache-volume + emptyDir: + sizeLimit: 1Gi + - name: staging-volume + emptyDir: + sizeLimit: 1Gi # - name: foo # secret: # secretName: mysecret # optional: false # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] + volumeMounts: + - name: settings-local-volume + mountPath: /workspace/ietf/settings_local.py + subPath: settings_local.py + readOnly: true + - name: cache-volume + mountPath: "/a/cache" + - name: staging-volume + mountPath: "/test/staging" # - name: foo # mountPath: "/etc/foo" # readOnly: true @@ -328,6 +397,7 @@ beat: # ------------------------------------------------------------- rabbitmq: + name: rabbitmq image: repository: "ghcr.io/ietf-tools/datatracker-mq" pullPolicy: IfNotPresent @@ -339,7 +409,10 @@ rabbitmq: livenessProbe: exec: - command: rabbitmq-diagnostics -q ping + command: + - rabbitmq-diagnostics + - -q + - ping periodSeconds: 30 timeoutSeconds: 5 @@ -393,20 +466,23 @@ rabbitmq: successThreshold: 1 failureThreshold: 60 exec: - command: rabbitmq-diagnostics -q ping + command: + - rabbitmq-diagnostics + - -q + - ping # Additional volumes on the output Deployment definition. volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false - - # Additional volumeMounts on the output Deployment definition. + # - name: foo + # secret: + # secretName: mysecret + # optional: false + + # Additional volumeMounts on the output Deployment definition. volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true + # - name: foo + # mountPath: "/etc/foo" + # readOnly: true tolerations: [] @@ -419,10 +495,11 @@ rabbitmq: # ------------------------------------------------------------- memcached: + name: memcached image: repository: "memcached" pullPolicy: IfNotPresent - tag: "latest" + tag: "1.6-alpine" imagePullSecrets: [] nameOverride: "" @@ -458,7 +535,7 @@ memcached: service: type: ClusterIP - port: 80 + port: 11211 serviceAccount: # Specifies whether a service account should be created @@ -486,4 +563,13 @@ autoscaling: minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 \ No newline at end of file + # targetMemoryUtilizationPercentage: 80 + +env: + # n.b., these are debug values / non-secret secrets + # DBHOST: "host.minikube.internal" + # DBPORT: "5432" + DBNAME: "datatracker" + DBUSER: "django" + DBPASS: "RkTkDPFnKpko" + DJANGO_SECRET_KEY: "PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHk"