diff --git a/swh/templates/loaders/configmap.yaml b/swh/templates/loaders/configmap.yaml index e29f8dc..a46768e 100644 --- a/swh/templates/loaders/configmap.yaml +++ b/swh/templates/loaders/configmap.yaml @@ -1,63 +1,91 @@ {{ if .Values.loaders.enabled -}} -{{- range $loader_type, $deployment_config := .Values.loaders.deployments -}} -{{- $loader_name := ( print "loader-" $loader_type ) -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: loader-utils + namespace: {{ $.Values.namespace }} +data: + pre-stop-idempotent.sh: | + #!/bin/bash + + # pre-stop hook can be triggered multiple times but we want it to be applied only + # once so container can warm-shutdown properly. + + # When celery receives multiple times the sigterm signal, this ends up doing an + # immediate shutdown which prevents long-standing tasks to finish properly. + + set -ex + + WITNESS_FILE=/tmp/already-stopped + + # to support near-immediate concurrent calls + sleep $(echo | awk '{print rand()}) + + if [ ! -e $WITNESS_FILE ]; then + touch $WITNESS_FILE + kill 1 + fi + +{{ range $loader_type, $deployment_config := .Values.loaders.deployments }} +{{ $loader_name := ( print "loader-" $loader_type ) }} --- apiVersion: v1 kind: ConfigMap metadata: name: {{ $loader_name }}-template namespace: {{ $.Values.namespace }} data: config.yml.template: | storage: cls: pipeline steps: - cls: buffer min_batch_size: content: 1000 content_bytes: 52428800 directory: 1000 directory_entries: 12000 revision: 1000 revision_parents: 2000 revision_bytes: 52428800 release: 1000 release_bytes: 52428800 extid: 1000 - cls: filter - cls: retry - cls: remote url: http://{{ $.Values.loaders.storage.host }}:{{ $.Values.loaders.storage.port }}/ {{- if $deployment_config.extraConfig -}} {{- range $option, $value := $deployment_config.extraConfig }} {{ $option }}: {{ toYaml $value | nindent 6 }} {{- end }} {{- end }} celery: task_broker: amqp://${AMQP_USERNAME}:${AMQP_PASSWORD}@{{ $.Values.loaders.amqp.host }}:{{ $.Values.loaders.amqp.port }}/ task_acks_late: {{ get $deployment_config "ackLate" | default false }} task_queues: {{- range $queue := get $deployment_config "queues" }} - {{ $queue }} {{- end }} metadata_fetcher_credentials: init-container-entrypoint.sh: | #!/bin/bash set -e CONFIG_FILE=/etc/swh/config.yml # substitute environment variables when creating the default config.yml eval echo \""$( $CONFIG_FILE CREDS_LISTER_PATH=/etc/credentials/metadata-fetcher/credentials [ -f $CREDS_LISTER_PATH ] && \ sed 's/^/ /g' $CREDS_LISTER_PATH >> $CONFIG_FILE exit 0 {{ end }} {{- end -}} diff --git a/swh/templates/loaders/deployment.yaml b/swh/templates/loaders/deployment.yaml index ffac064..b0810dc 100644 --- a/swh/templates/loaders/deployment.yaml +++ b/swh/templates/loaders/deployment.yaml @@ -1,163 +1,173 @@ {{ if .Values.loaders.enabled -}} {{- $configurationChecksum := include (print $.Template.BasePath "/loaders/configmap.yaml") . -}} {{- range $loader_type, $deployment_config := .Values.loaders.deployments -}} {{- $loader_name := ( print "loader-" $loader_type ) -}} # if defined at the "typed" loader level {{- $local_container_image_key := get $deployment_config "image" }} {{- $local_container_image := get $.Values $local_container_image_key }} {{- $local_container_image_version_key := ( print $local_container_image_key "_version" ) }} {{- $local_container_image_version := get $.Values $local_container_image_version_key }} # otherwise if the global image is defined {{- $image_name_key := ( print "swh_loader_" $loader_type "_image" ) -}} {{- $image_version_key := ( print $image_name_key "_version" ) -}} {{- $container_image := get $.Values $image_name_key }} {{- $container_image_version := get $.Values $image_version_key }} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ $loader_name }} namespace: {{ $.Values.namespace }} labels: app: {{ $loader_name }} spec: revisionHistoryLimit: 2 selector: matchLabels: app: {{ $loader_name }} strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 template: metadata: labels: app: {{ $loader_name }} annotations: # Force a rollout upgrade if the configuration changes checksum/config: {{ $configurationChecksum | sha256sum }} spec: {{- if $.Values.loaders.affinity }} affinity: {{ toYaml $.Values.loaders.affinity | nindent 8 }} {{- end }} terminationGracePeriodSeconds: 3600 initContainers: - name: prepare-configuration image: debian:bullseye imagePullPolicy: Always env: - name: AMQP_USERNAME valueFrom: secretKeyRef: name: common-secrets key: rabbitmq-amqp-username # 'name' secret must exist & include that ^ key optional: false - name: AMQP_PASSWORD valueFrom: secretKeyRef: name: common-secrets key: rabbitmq-amqp-password # 'name' secret must exist & include that ^ key optional: false command: - /entrypoint.sh volumeMounts: - name: configuration-template mountPath: /entrypoint.sh subPath: "init-container-entrypoint.sh" readOnly: true - name: configuration mountPath: /etc/swh - name: configuration-template mountPath: /etc/swh/configuration-template - name: metadata-fetcher-credentials mountPath: /etc/credentials/metadata-fetcher readOnly: true containers: - name: loaders {{ if $local_container_image -}} image: {{ $local_container_image }}:{{ $local_container_image_version }} {{ else if $container_image -}} image: {{ $container_image }}:{{ $container_image_version }} {{ else -}} image: {{ $.Values.swh_loaders_image }}:{{ $.Values.swh_loaders_image_version }} {{ end }} imagePullPolicy: Always command: - /opt/swh/entrypoint.sh resources: requests: memory: {{ get $deployment_config "requestedMemory" | default "512Mi" }} cpu: {{ get $deployment_config "requestedCpu" | default "500m" }} limits: memory: "4000Mi" cpu: "1200m" lifecycle: preStop: - exec: - command: ["kill", "1"] + exec: + command: ["/pre-stop.sh"] env: - name: STATSD_HOST value: {{ $.Values.statsdExternalHost | default "prometheus-statsd-exporter" }} - name: STATSD_PORT value: {{ $.Values.statsdPort | default "9125" | quote }} - name: MAX_TASKS_PER_CHILD value: {{ get $deployment_config "maxTasksPerChild" | default 10 | quote }} - name: LOGLEVEL value: {{ get $deployment_config "logLevel" | default "INFO" | quote }} - name: SWH_CONFIG_FILENAME value: /etc/swh/config.yml - name: SWH_SENTRY_ENVIRONMENT value: {{ $.Values.sentry.environment }} - name: SWH_MAIN_PACKAGE value: {{ get $deployment_config "sentrySwhPackage" }} - name: SWH_SENTRY_DSN valueFrom: secretKeyRef: name: common-secrets key: {{ $loader_name}}-sentry-dsn # 'name' secret must exist & include key "host" optional: false {{ if ( contains "deposit" $loader_name ) -}} - name: DEPOSIT_USERNAME valueFrom: secretKeyRef: name: common-secrets key: deposit-username # 'name' secret must exist & include key "host" optional: false - name: DEPOSIT_PASSWORD valueFrom: secretKeyRef: name: common-secrets key: deposit-username # 'name' secret must exist & include key "host" optional: false {{ end }} volumeMounts: + - name: loader-utils + mountPath: /pre-stop.sh + subPath: "pre-stop.sh" - name: configuration mountPath: /etc/swh - name: localstorage mountPath: /tmp volumes: - name: localstorage emptyDir: {} - name: configuration emptyDir: {} - name: configuration-template configMap: name: {{ $loader_name }}-template defaultMode: 0777 items: - key: "config.yml.template" path: "config.yml.template" - key: "init-container-entrypoint.sh" path: "init-container-entrypoint.sh" + - name: loader-utils + configMap: + name: loader-utils + defaultMode: 0777 + items: + - key: "pre-stop-idempotent.sh" + path: "pre-stop.sh" - name: metadata-fetcher-credentials secret: secretName: metadata-fetcher-credentials optional: true {{ end }} {{- end -}}