diff --git a/kubernetes/30-webapp.yml b/kubernetes/30-webapp.yml index 678aa06..da1fe16 100644 --- a/kubernetes/30-webapp.yml +++ b/kubernetes/30-webapp.yml @@ -1,345 +1,345 @@ --- apiVersion: v1 kind: ConfigMap metadata: name: webapp data: config.yml: | storage: cls: remote args: url: http://storage:5002/ timeout: 5 counters: cls: remote url: http://counters:5011/ timeout: 1 objstorage: cls: remote args: url: http://objstorage:5003/ indexer_storage: cls: remote args: url: http://idx-storage:5007/ scheduler: cls: remote args: url: http://scheduler:5008/ vault: cls: remote args: url: http://vault:5005/ # deposit: # private_api_url: https://deposit:5006/1/private/ # private_api_user: swhworker # private_api_password: '' # TODO: remove the * allowed_hosts: - "*" - appserver debug: yes serve_assets: yes history_counters_url: http://counters:5011/counters_history/history.json # TODO find a way to make this dynamic production_db: host: web-db port: 5432 name: swh-web user: swh password: swh throttling: cache_uri: memcached:11211 scopes: swh_api: limiter_rate: default: 120/h exempted_networks: - 0.0.0.0/0 swh_api_origin_search: limiter_rate: default: 70/m exempted_networks: - 0.0.0.0/0 swh_api_origin_visit_latest: limiter_rate: default: 700/m exempted_networks: - 0.0.0.0/0 swh_vault_cooking: limiter_rate: default: 120/h exempted_networks: - 0.0.0.0/0 swh_save_origin: limiter_rate: default: 120/h exempted_networks: - 0.0.0.0/0 search: cls: remote url: http://search:5010/ metadata_search_backend: swh-search counters_backend: swh-counters entrypoint-init.sh: | #!/bin/bash set -e source /srv/softwareheritage/utils/pgsql.sh create_admin_script=" from django.contrib.auth import get_user_model username = 'admin'; password = 'admin'; email = 'admin@swh-web.org'; User = get_user_model(); if not User.objects.filter(username = username).exists(): User.objects.create_superuser(username, email, password); " echo "waiting for database availability" wait_pgsql ${PGDATABASE} echo "Migrating db using ${DJANGO_SETTINGS_MODULE}" django-admin migrate --settings=${DJANGO_SETTINGS_MODULE} echo "Creating Django admin user" echo "$create_admin_script" | python3 -m swh.web.manage shell entrypoint.sh: | #!/bin/bash set -e echo "starting the swh-web server" exec gunicorn --bind 0.0.0.0:5004 \ --threads 2 \ --workers 2 \ --timeout 3600 \ --access-logfile '-' \ --config 'python:swh.web.gunicorn_config' \ 'django.core.wsgi:get_wsgi_application()' --- apiVersion: v1 kind: Service metadata: name: memcached spec: type: ClusterIP selector: app: memcached ports: - port: 11211 targetPort: 11211 --- apiVersion: apps/v1 kind: Deployment metadata: name: memcached labels: app: memcached spec: replicas: 1 selector: matchLabels: app: memcached template: metadata: labels: app: memcached spec: containers: - name: memcached image: memcached imagePullPolicy: Always resources: limits: memory: "128Mi" cpu: "100m" --- apiVersion: v1 kind: Service metadata: name: webapp spec: selector: app: webapp ports: - port: 5004 targetPort: 5004 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: webapp labels: name: webapp spec: rules: - host: webapp.default http: paths: - pathType: Prefix path: "/" backend: service: name: webapp port: number: 5004 --- apiVersion: apps/v1 kind: Deployment metadata: name: webapp spec: selector: matchLabels: app: webapp strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 template: metadata: labels: app: webapp spec: initContainers: - name: web-init image: swh/webapp:latest imagePullPolicy: Always command: - /entrypoint.sh env: - name: PGHOST value: "web-db" - name: PGUSER valueFrom: configMapKeyRef: name: web-db key: POSTGRES_USER - name: PGPASSWORD valueFrom: secretKeyRef: name: web-db key: POSTGRES_PASSWORD - name: PGDATABASE valueFrom: configMapKeyRef: name: web-db key: POSTGRES_DB - name: DJANGO_SETTINGS_MODULE value: swh.web.settings.production volumeMounts: - name: db-password mountPath: /run/secrets/postgres-password subPath: POSTGRES_PASSWORD readOnly: true - name: config mountPath: /entrypoint.sh subPath: entrypoint-init.sh readOnly: true containers: - name: webapp image: swh/webapp:latest imagePullPolicy: Always command: - /entrypoint.sh readinessProbe: httpGet: path: / port: 5004 scheme: "HTTP" initialDelaySeconds: 0 failureThreshold: 2 periodSeconds: 10 startupProbe: httpGet: path: / port: 5004 scheme: "HTTP" initialDelaySeconds: 5 failureThreshold: 30 periodSeconds: 1 resources: requests: memory: "196Mi" cpu: "50m" limits: memory: "256Mi" cpu: "512m" ports: - containerPort: 5004 env: - name: PORT value: "5004" - name: VERBOSITY value: "3" - name: DJANGO_SETTINGS_MODULE value: swh.web.settings.production - name: SWH_CONFIG_FILENAME value: /etc/softwareheritage/config.yml volumeMounts: - name: config mountPath: /etc/softwareheritage/config.yml subPath: config.yml readOnly: true - name: config mountPath: /entrypoint.sh subPath: entrypoint.sh readOnly: true volumes: - name: config configMap: name: webapp defaultMode: 0777 - name: db-password secret: secretName: web-db --- apiVersion: batch/v1beta1 kind: CronJob metadata: name: save-code-now-refresh-visit-status labels: app: webapp spec: schedule: "*/1 * * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 concurrencyPolicy: Forbid jobTemplate: spec: template: spec: + restartPolicy: Never containers: - name: save-code-now-refresh-visit-status - image: curlimages/curl + image: swh/webapp:latest imagePullPolicy: Always args: - - -v - - -f - - -X - - GET - - -H - - "Content-Type: application/json" - - "http://webapp:5004/api/1/origin/save/refresh/" - restartPolicy: Never + - django-admin + - refresh_savecodenow_statuses + env: + - name: DJANGO_SETTINGS_MODULE + value: swh.web.settings.production + - name: SWH_CONFIG_FILENAME + value: /etc/softwareheritage/config.yml