ci: k8s fixup (#7401)

* ci: remove stray serviceName * ci: volumeClaimTemplate name -> volumeMount, not volume * ci: datatracker listens on containerPort 8000 * ci: services/containers have dt- prefix * chore: adjust indent for k8s yaml * ci: use a secret for CELERY_PASSWORD * fix: touched wrong CELERY_PASSWORD setting * ci: get rid of the celery pw secretGenerator * ci: use DB_PASS instead of DBPASS (etc) for k8s * ci: Fill in django-config.yaml from env vars * ci: add vault-mappings.txt * ci: use $CELERY_PASSWORD in rabbitmq.yaml * ci: moving vault-mappings.txt out of this repo * Revert "ci: Fill in django-config.yaml from env vars" This reverts commit 75cd181deb390d3ab21d6887b091d66c80e1d18e. * Revert "ci: use $CELERY_PASSWORD in rabbitmq.yaml" This reverts commit f251f9920d07c65413f72fd165cc06acd562c2c7. * ci: parameterize db OPTIONS setting
2024-05-09 15:24:39 -03:00 · 2024-05-09 15:24:39 -03:00 · 867360e96f
parent d075404fdb
commit 867360e96f
9 changed files with 294 additions and 289 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -56,3 +56,9 @@ insert_final_newline = false
 # Use 2-space indents
 [helm/**.yaml]
 indent_size = 2
+
+# Settings for Kubernetes yaml
+# ---------------------------------------------------------
+# Use 2-space indents
+[k8s/**.yaml]
+indent_size = 2
--- a/k8s/datatracker.yaml
+++ b/k8s/datatracker.yaml
@ -41,7 +41,7 @@ spec:
          image: "ghcr.io/ietf-tools/datatracker:$APP_IMAGE_TAG"
          imagePullPolicy: Always
          ports:
-            - containerPort: 80
+            - containerPort: 8000
              name: http
              protocol: TCP
          volumeMounts:
--- a/k8s/django-config.yaml
+++ b/k8s/django-config.yaml
@ -15,11 +15,11 @@ data:
  # DATATRACKER_DATATRACKER_DEBUG: "false"
  
  # DB access details - needs to be filled in
-  # DATATRACKER_DBHOST: "db"
-  # DATATRACKER_DBPORT: "5432"
-  # DATATRACKER_DBNAME: "datatracker"
-  # DATATRACKER_DBUSER: "django"  # secret
-  # DATATRACKER_DBPASS: "RkTkDPFnKpko"  # secret
+  # DATATRACKER_DB_HOST: "db"
+  # DATATRACKER_DB_PORT: "5432"
+  # DATATRACKER_DB_NAME: "datatracker"
+  # DATATRACKER_DB_USER: "django"  # secret
+  # DATATRACKER_DB_PASS: "RkTkDPFnKpko"  # secret
  
  DATATRACKER_DJANGO_SECRET_KEY: "PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHk"  # secret

--- a/k8s/memcached.yaml
+++ b/k8s/memcached.yaml
@ -5,7 +5,6 @@ metadata:
 spec:
  replicas: 1
  revisionHistoryLimit: 2
-  serviceName: memcached
  selector:
    matchLabels:
      app: memcached
--- a/k8s/rabbitmq.yaml
+++ b/k8s/rabbitmq.yaml
@ -5,7 +5,6 @@ metadata:
 spec:
  replicas: 1
  revisionHistoryLimit: 2
-  serviceName: rabbitmq
  selector:
    matchLabels:
      app: rabbitmq
@ -52,6 +51,9 @@ spec:
              mountPath: /tmp
            - name: rabbitmq-config
              mountPath: "/etc/rabbitmq"
+          env:
+            - name: "CELERY_PASSWORD"
+              value: "this-is-a-secret"
          livenessProbe:
            exec:
              command: ["rabbitmq-diagnostics", "-q", "ping"]
@ -75,9 +77,6 @@ spec:
            runAsUser: 100
            runAsGroup: 101
      volumes:
-        - name: rabbitmq-data
-          persistentVolumeClaim:
-            claimName: "rabbitmq-data-vol"
        - name: rabbitmq-tmp
          emptyDir:
            sizeLimit: "50Mi"
@ -89,7 +88,7 @@ spec:
      terminationGracePeriodSeconds: 30
  volumeClaimTemplates:
  - metadata:
-      name: rabbitmq-data-vol
+      name: rabbitmq-data
    spec:
      accessModes:
      - ReadWriteOnce
--- a/k8s/settings_local.py
+++ b/k8s/settings_local.py
@ -87,12 +87,13 @@ if _allowed_hosts_str is not None:

 DATABASES = {
    "default": {
-        "HOST": os.environ.get("DATATRACKER_DBHOST", "db"),
-        "PORT": os.environ.get("DATATRACKER_DBPORT", "5432"),
-        "NAME": os.environ.get("DATATRACKER_DBNAME", "datatracker"),
+        "HOST": os.environ.get("DATATRACKER_DB_HOST", "db"),
+        "PORT": os.environ.get("DATATRACKER_DB_PORT", "5432"),
+        "NAME": os.environ.get("DATATRACKER_DB_NAME", "datatracker"),
        "ENGINE": "django.db.backends.postgresql",
-        "USER": os.environ.get("DATATRACKER_DBUSER", "django"),
-        "PASSWORD": os.environ.get("DATATRACKER_DBPASS", ""),
+        "USER": os.environ.get("DATATRACKER_DB_USER", "django"),
+        "PASSWORD": os.environ.get("DATATRACKER_DB_PASS", ""),
+        "OPTIONS": json.loads(os.environ.get("DATATRACKER_DB_OPTS_JSON", "{}")),
    },
 }

@ -111,7 +112,7 @@ _celery_password = os.environ.get("CELERY_PASSWORD", None)
 if _celery_password is None:
    raise RuntimeError("CELERY_PASSWORD must be set")
 CELERY_BROKER_URL = "amqp://datatracker:{password}@{host}/{queue}".format(
-    host=os.environ.get("RABBITMQ_HOSTNAME", "rabbitmq"),
+    host=os.environ.get("RABBITMQ_HOSTNAME", "dt-rabbitmq"),
    password=_celery_password,
    queue=os.environ.get("RABBITMQ_QUEUE", "dt")
 )
@ -212,8 +213,8 @@ DE_GFM_BINARY = "/usr/local/bin/de-gfm"
 IDSUBMIT_IDNITS_BINARY = "/usr/local/bin/idnits"

 # Duplicating production cache from settings.py and using it whether we're in production mode or not
-MEMCACHED_HOST = os.environ.get("MEMCACHED_SERVICE_HOST", "127.0.0.1")
-MEMCACHED_PORT = os.environ.get("MEMCACHED_SERVICE_PORT", "11211")
+MEMCACHED_HOST = os.environ.get("DT_MEMCACHED_SERVICE_HOST", "127.0.0.1")
+MEMCACHED_PORT = os.environ.get("DT_MEMCACHED_SERVICE_PORT", "11211")
 from ietf import __version__
 CACHES = {
    "default": {