ci: k8s fixup (#7401)

* ci: remove stray serviceName

* ci: volumeClaimTemplate name -> volumeMount, not volume

* ci: datatracker listens on containerPort 8000

* ci: services/containers have dt- prefix

* chore: adjust indent for k8s yaml

* ci: use a secret for CELERY_PASSWORD

* fix: touched wrong CELERY_PASSWORD setting

* ci: get rid of the celery pw secretGenerator

* ci: use DB_PASS instead of DBPASS (etc) for k8s

* ci: Fill in django-config.yaml from env vars

* ci: add vault-mappings.txt

* ci: use $CELERY_PASSWORD in rabbitmq.yaml

* ci: moving vault-mappings.txt out of this repo

* Revert "ci: Fill in django-config.yaml from env vars"

This reverts commit 75cd181deb390d3ab21d6887b091d66c80e1d18e.

* Revert "ci: use $CELERY_PASSWORD in rabbitmq.yaml"

This reverts commit f251f9920d07c65413f72fd165cc06acd562c2c7.

* ci: parameterize db OPTIONS setting

.editorconfig

@@ -56,3 +56,9 @@ insert_final_newline = false
 # Use 2-space indents
 [helm/**.yaml]
 indent_size = 2
+
+# Settings for Kubernetes yaml
+# ---------------------------------------------------------
+# Use 2-space indents
+[k8s/**.yaml]
+indent_size = 2

k8s/datatracker.yaml

@@ -41,7 +41,7 @@ spec:
           image: "ghcr.io/ietf-tools/datatracker:$APP_IMAGE_TAG"
           imagePullPolicy: Always
           ports:
-            - containerPort: 80
+            - containerPort: 8000
               name: http
               protocol: TCP
           volumeMounts:

k8s/django-config.yaml

@@ -15,11 +15,11 @@ data:
   # DATATRACKER_DATATRACKER_DEBUG: "false"
   
   # DB access details - needs to be filled in
-  # DATATRACKER_DBHOST: "db"
-  # DATATRACKER_DBPORT: "5432"
-  # DATATRACKER_DBNAME: "datatracker"
-  # DATATRACKER_DBUSER: "django"  # secret
-  # DATATRACKER_DBPASS: "RkTkDPFnKpko"  # secret
+  # DATATRACKER_DB_HOST: "db"
+  # DATATRACKER_DB_PORT: "5432"
+  # DATATRACKER_DB_NAME: "datatracker"
+  # DATATRACKER_DB_USER: "django"  # secret
+  # DATATRACKER_DB_PASS: "RkTkDPFnKpko"  # secret
   
   DATATRACKER_DJANGO_SECRET_KEY: "PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHk"  # secret
 

k8s/memcached.yaml

@@ -5,7 +5,6 @@ metadata:
 spec:
   replicas: 1
   revisionHistoryLimit: 2
-  serviceName: memcached
   selector:
     matchLabels:
       app: memcached

k8s/rabbitmq.yaml

@@ -5,7 +5,6 @@ metadata:
 spec:
   replicas: 1
   revisionHistoryLimit: 2
-  serviceName: rabbitmq
   selector:
     matchLabels:
       app: rabbitmq
@@ -52,6 +51,9 @@ spec:
               mountPath: /tmp
             - name: rabbitmq-config
               mountPath: "/etc/rabbitmq"
+          env:
+            - name: "CELERY_PASSWORD"
+              value: "this-is-a-secret"
           livenessProbe:
             exec:
               command: ["rabbitmq-diagnostics", "-q", "ping"]
@@ -75,9 +77,6 @@ spec:
             runAsUser: 100
             runAsGroup: 101
       volumes:
-        - name: rabbitmq-data
-          persistentVolumeClaim:
-            claimName: "rabbitmq-data-vol"
         - name: rabbitmq-tmp
           emptyDir:
             sizeLimit: "50Mi"
@@ -89,7 +88,7 @@ spec:
       terminationGracePeriodSeconds: 30
   volumeClaimTemplates:
   - metadata:
-      name: rabbitmq-data-vol
+      name: rabbitmq-data
     spec:
       accessModes:
       - ReadWriteOnce

k8s/settings_local.py

@@ -87,12 +87,13 @@ if _allowed_hosts_str is not None:
 
 DATABASES = {
     "default": {
-        "HOST": os.environ.get("DATATRACKER_DBHOST", "db"),
-        "PORT": os.environ.get("DATATRACKER_DBPORT", "5432"),
-        "NAME": os.environ.get("DATATRACKER_DBNAME", "datatracker"),
+        "HOST": os.environ.get("DATATRACKER_DB_HOST", "db"),
+        "PORT": os.environ.get("DATATRACKER_DB_PORT", "5432"),
+        "NAME": os.environ.get("DATATRACKER_DB_NAME", "datatracker"),
         "ENGINE": "django.db.backends.postgresql",
-        "USER": os.environ.get("DATATRACKER_DBUSER", "django"),
-        "PASSWORD": os.environ.get("DATATRACKER_DBPASS", ""),
+        "USER": os.environ.get("DATATRACKER_DB_USER", "django"),
+        "PASSWORD": os.environ.get("DATATRACKER_DB_PASS", ""),
+        "OPTIONS": json.loads(os.environ.get("DATATRACKER_DB_OPTS_JSON", "{}")),
     },
 }
 
@@ -111,7 +112,7 @@ _celery_password = os.environ.get("CELERY_PASSWORD", None)
 if _celery_password is None:
     raise RuntimeError("CELERY_PASSWORD must be set")
 CELERY_BROKER_URL = "amqp://datatracker:{password}@{host}/{queue}".format(
-    host=os.environ.get("RABBITMQ_HOSTNAME", "rabbitmq"),
+    host=os.environ.get("RABBITMQ_HOSTNAME", "dt-rabbitmq"),
     password=_celery_password,
     queue=os.environ.get("RABBITMQ_QUEUE", "dt")
 )
@@ -212,8 +213,8 @@ DE_GFM_BINARY = "/usr/local/bin/de-gfm"
 IDSUBMIT_IDNITS_BINARY = "/usr/local/bin/idnits"
 
 # Duplicating production cache from settings.py and using it whether we're in production mode or not
-MEMCACHED_HOST = os.environ.get("MEMCACHED_SERVICE_HOST", "127.0.0.1")
-MEMCACHED_PORT = os.environ.get("MEMCACHED_SERVICE_PORT", "11211")
+MEMCACHED_HOST = os.environ.get("DT_MEMCACHED_SERVICE_HOST", "127.0.0.1")
+MEMCACHED_PORT = os.environ.get("DT_MEMCACHED_SERVICE_PORT", "11211")
 from ietf import __version__
 CACHES = {
     "default": {