Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9342540
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
13 KB
Subscribers
None
View Options
diff --git a/Dockerfile.vault b/Dockerfile.vault
new file mode 100644
index 0000000..6003b0e
--- /dev/null
+++ b/Dockerfile.vault
@@ -0,0 +1,7 @@
+ARG BASE
+
+FROM $BASE
+
+COPY swh-vault /app/swh-vault
+
+RUN pip install /app/swh-vault
diff --git a/kubernetes/81-vault.yml b/kubernetes/81-vault.yml
new file mode 100644
index 0000000..1080260
--- /dev/null
+++ b/kubernetes/81-vault.yml
@@ -0,0 +1,255 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: vault
+data:
+ config.yml: |
+ vault:
+ cls: local
+ db: postgresql:///?service=swh
+ cache:
+ cls: pathslicing
+ root: /srv/softwareheritage/vault
+ slicing: 0:5
+ storage:
+ cls: remote
+ url: http://storage:5002/
+ scheduler:
+ cls: remote
+ url: http://scheduler:5008/
+ entrypoint-init-db.sh: |
+ #!/bin/bash
+
+ set -e
+
+ source /srv/softwareheritage/utils/pgsql.sh
+ wait_pgsql ${PGDATABASE}
+
+ echo Init swh-vault database
+ echo Creating extensions...
+ swh db init-admin --db-name ${PGDATABASE} vault
+
+ echo Initializing the database...
+ swh db init --db-name ${PGDATABASE} vault
+
+ entrypoint.sh: |
+ #!/bin/bash
+
+ set -e
+
+ source /srv/softwareheritage/utils/pgsql.sh
+ setup_pgsql
+
+ echo Starting the swh-vault API server
+ exec swh vault rpc-serve -C ${SWH_CONFIG_FILENAME}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: vault-cache-pv
+spec:
+ capacity:
+ storage: 10Gi
+ volumeMode: Filesystem
+ accessModes:
+ - ReadWriteOnce
+ persistentVolumeReclaimPolicy: Delete
+ storageClassName: vault-cache-pv
+ local:
+ path: /srv/softwareheritage-kube/dev/vault-cache
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ # TODO adapt for your needs
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: vault-cache-pvc
+spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: vault-cache-pv
+ resources:
+ requests:
+ storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: vault
+ labels:
+ app: vault
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: vault
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: vault
+ spec:
+ initContainers:
+ - name: vault-init
+ image: swh/vault:latest
+ imagePullPolicy: Always
+ command:
+ - /entrypoint.sh
+ env:
+ - name: PGHOST
+ value: "vault-db"
+ - name: PGUSER
+ valueFrom:
+ configMapKeyRef:
+ name: vault-db
+ key: POSTGRES_USER
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: vault-db
+ key: POSTGRES_PASSWORD
+ - name: PGDATABASE
+ valueFrom:
+ configMapKeyRef:
+ name: vault-db
+ key: POSTGRES_DB
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/softwareheritage/config.yml
+ volumeMounts:
+ - name: db-password
+ mountPath: /run/secrets/postgres-password
+ subPath: POSTGRES_PASSWORD
+ readOnly: true
+ - name: config
+ mountPath: /etc/softwareheritage/config.yml
+ subPath: config.yml
+ readOnly: true
+ - name: config
+ mountPath: /entrypoint.sh
+ subPath: entrypoint-init-db.sh
+ readOnly: true
+ containers:
+ - name: vault
+ image: swh/vault:latest
+ imagePullPolicy: Always
+ command:
+ - /entrypoint.sh
+ ports:
+ - containerPort: 5005
+ readinessProbe:
+ httpGet:
+ path: /
+ port: 5005
+ scheme: "HTTP"
+ initialDelaySeconds: 0
+ failureThreshold: 2
+ periodSeconds: 10
+ startupProbe:
+ httpGet:
+ path: /
+ port: 5005
+ scheme: "HTTP"
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 1
+ env:
+ - name: PORT
+ value: "5005"
+ - name: STATSD_HOST
+ value: "prometheus-statsd-exporter"
+ - name: STATSD_PORT
+ value: "9125"
+ - name: POSTGRES_PASSWORD_FILE
+ value: "/run/secrets/postgres-password"
+ - name: PGHOST
+ value: "vault-db"
+ - name: PGUSER
+ valueFrom:
+ configMapKeyRef:
+ name: vault-db
+ key: POSTGRES_USER
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: vault-db
+ key: POSTGRES_PASSWORD
+ - name: PGDATABASE
+ valueFrom:
+ configMapKeyRef:
+ name: vault-db
+ key: POSTGRES_DB
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/softwareheritage/config.yml
+ volumeMounts:
+ - name: db-password
+ mountPath: /run/secrets/postgres-password
+ subPath: POSTGRES_PASSWORD
+ readOnly: true
+ - name: config
+ mountPath: /etc/softwareheritage/config.yml
+ subPath: config.yml
+ readOnly: true
+ - name: config
+ mountPath: /entrypoint.sh
+ subPath: entrypoint.sh
+ readOnly: true
+ - name: vault-cache-pvc
+ mountPath: "/srv/softwareheritage/vault"
+ resources:
+ requests:
+ memory: "512Mi"
+ cpu: "200m"
+ limits:
+ memory: "1536Mi"
+ cpu: "300m"
+ volumes:
+ - name: config
+ configMap:
+ name: vault
+ defaultMode: 0777
+ - name: db-password
+ secret:
+ secretName: vault-db
+ - name: vault-cache-pvc
+ persistentVolumeClaim:
+ claimName: vault-cache-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: vault
+spec:
+ type: ClusterIP
+ selector:
+ app: vault
+ ports:
+ - port: 5005
+ targetPort: 5005
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: vault
+spec:
+ rules:
+ - host: vault.default
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: vault
+ port:
+ number: 5005
diff --git a/kubernetes/Readme.md b/kubernetes/Readme.md
index e6879c1..ffd9172 100644
--- a/kubernetes/Readme.md
+++ b/kubernetes/Readme.md
@@ -1,113 +1,113 @@
## Prerequisite
### Directories
```
-sudo mkdir -p /srv/softwareheritage-kube/dev/{objects,storage-db,scheduler-db,kafka,web-db,prometheus,zookeeper/data,zookeeper/datalog,grafana,elasticsearch,redis,registry,idx-storage-db,vault-db}
-sudo chown 1000:1000 /srv/softwareheritage-kube/dev/{objects,elasticsearch}
+sudo mkdir -p /srv/softwareheritage-kube/dev/{objects,storage-db,scheduler-db,kafka,web-db,prometheus,zookeeper/data,zookeeper/datalog,grafana,elasticsearch,redis,registry,idx-storage-db,vault-db,vault-cache}
+sudo chown 1000:1000 /srv/softwareheritage-kube/dev/{objects,elasticsearch,vault-cache}
sudo chown -R 999:999 /srv/softwareheritage-kube/dev/*-db
sudo chown 472:0 /srv/softwareheritage-kube/dev/grafana
sudo chown nobody:nogroup /srv/softwareheritage-kube/dev/prometheus
```
### Registry
- Add the following line on your `/etc/hosts` file. It's needed to be able to
push the image to it from docker
```
127.0.0.1 registry.default
```
- Start the registry in kubernetes
```
kubectl apply -f kubernetes/registry/00-registry.yml
```
If you are using k3s, the registry must be declared on the
`/etc/rancher/k3s/registries.yaml` as it's insecure:
```
mirrors:
registry.default:
endpoint:
- "http://registry.default/v2/"
```
## Build the base image
```
cd docker
docker build --no-cache -t swh/stack .
docker tag swh/stack:latest registry.default/swh/stack:latest
docker push registry.default/swh/stack:latest
```
## Development
To access the services, they must be declared on the `/etc/hosts` file:
```
-127.0.0.1 objstorage.default storage.default webapp.default scheduler.default rabbitmq.default grafana.default prometheus.default counters.default registry-ui idx-storage.default
+127.0.0.1 objstorage.default storage.default webapp.default scheduler.default rabbitmq.default grafana.default prometheus.default counters.default registry-ui idx-storage.default vault.default
```
### Skaffold
To start the development environment using skaffold, use the following command:
```
skaffold --default-repo registry.default dev
```
It will build the images, deploy them on the local registry and start the services.
It will monitor the projects to detect the changes and restart the containers when needed
## Basic commands
Hint: Use tabulation to ease finding out new commands
- List pods:
```
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
registry-deployment-7595868dc8-657ps 1/1 Running 0 46m
objstorage-8587d58b68-76jbn 1/1 Running 0 12m
```
- List services:
```
$ kubectl get services objstorage
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
objstorage ClusterIP 10.43.185.191 <none> 5003/TCP 17m
```
- Check service is responding:
```
$ curl http://$(kubectl get services objstorage -o jsonpath='{.spec.clusterIP}'):5003
SWH Objstorage API server%
$ curl http://$(kubectl get services scheduler -o jsonpath='{.spec.clusterIP}'):5008
<html>
<head><title>Software Heritage scheduler RPC server</title></head>
<body>
<p>You have reached the
<a href="https://www.softwareheritage.org/">Software Heritage</a>
scheduler RPC server.<br />
See its
<a href="https://docs.softwareheritage.org/devel/swh-scheduler/">documentation
and API</a> for more information</p>
</body>
</html>%
```
- Force a pod to redeploy itself
```
kubectl delete pod storage-db-<tab>-<tab>
```
- Clean up registry due to too much disk space used
```
kubectl exec -ti $(kubectl get pods --no-headers -l app=registry | grep -i running | awk '{print $1}) -- /bin/registry garbage-collect -m /etc/docker/registry/config.yml
```
diff --git a/skaffold.yaml b/skaffold.yaml
index fedb693..9ae5940 100644
--- a/skaffold.yaml
+++ b/skaffold.yaml
@@ -1,99 +1,106 @@
apiVersion: skaffold/v2beta13
kind: Config
metadata:
name: swh-environment
build:
local:
useBuildkit: true
concurrency: 2
artifacts:
- image: swh/stack-base
context: docker
docker:
dockerfile: Dockerfile
- image: swh/objstorage
docker:
dockerfile: Dockerfile.objstorage
requires:
- image: swh/stack-base
alias: BASE
- image: swh/storage
docker:
dockerfile: Dockerfile.storage
requires:
- image: swh/stack-base
alias: BASE
- image: swh/scheduler
docker:
dockerfile: Dockerfile.scheduler
requires:
- image: swh/stack-base
alias: BASE
- image: swh/webapp
docker:
dockerfile: Dockerfile.webapp
requires:
- image: swh/stack-base
alias: BASE
- image: swh/loaders
docker:
dockerfile: Dockerfile.loaders
requires:
- image: swh/stack-base
alias: BASE
- image: swh/listers
docker:
dockerfile: Dockerfile.listers
requires:
- image: swh/stack-base
alias: BASE
- image: swh/grafana
docker:
dockerfile: Dockerfile.grafana
- image: swh/search
docker:
dockerfile: Dockerfile.search
requires:
- image: swh/stack-base
alias: BASE
- image: swh/counters
docker:
dockerfile: Dockerfile.counters
requires:
- image: swh/stack-base
alias: BASE
- image: swh/indexers
docker:
dockerfile: Dockerfile.indexers
requires:
- image: swh/stack-base
alias: BASE
+ - image: swh/vault
+ docker:
+ dockerfile: Dockerfile.vault
+ requires:
+ - image: swh/stack-base
+ alias: BASE
deploy:
kubectl:
manifests:
- kubernetes/01-journal.yml
- kubernetes/02-monitoring.yml
- kubernetes/05-storage-db.yml
- kubernetes/10-objstorage.yml
- kubernetes/11-storage.yml
- kubernetes/15-scheduler-db.yml
- kubernetes/16-rabbitmq.yml
- kubernetes/20-scheduler.yml
- kubernetes/21-scheduler-runner.yml
- kubernetes/22-scheduler-listener.yml
- kubernetes/23-scheduler-journal-client.yml
- kubernetes/29-web-db.yml
- kubernetes/30-webapp.yml
- kubernetes/40-loaders.yml
- kubernetes/45-listers.yml
- kubernetes/50-elasticsearch.yml
- kubernetes/55-search.yml
- kubernetes/56-search-journal-client.yml
- kubernetes/60-redis.yml
- kubernetes/61-counters.yml
- kubernetes/62-counters-journal-client.yml
- kubernetes/70-idx-storage-db.yml
- kubernetes/71-idx-storage.yml
- kubernetes/72-indexers.yml
- kubernetes/73-indexer-journal-client.yml
- kubernetes/80-vault-db.yml
+ - kubernetes/81-vault.yml
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Jul 4, 12:49 PM (2 w, 1 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3335331
Attached To
rDENV Development environment
Event Timeline
Log In to Comment