diff --git a/Dockerfile.deposit b/Dockerfile.deposit new file mode 100644 index 0000000..e713a01 --- /dev/null +++ b/Dockerfile.deposit @@ -0,0 +1,6 @@ +ARG BASE + +FROM $BASE + +COPY swh-deposit /app/swh-deposit +RUN pip install /app/swh-deposit diff --git a/kubernetes/91-deposit.yml b/kubernetes/91-deposit.yml new file mode 100644 index 0000000..040cc1e --- /dev/null +++ b/kubernetes/91-deposit.yml @@ -0,0 +1,259 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: deposit +data: + config.yml: | + scheduler: + cls: remote + url: http://scheduler:5008 + + storage: + cls: remote + url: http://storage:5002/ + + storage_metadata: + cls: remote + url: http://storage:5002/ + + allowed_hosts: + - '*' + + private: + secret_key: prod-in-kube + db: + host: deposit-db + port: 5432 + name: swh + user: swh + password: swh + media_root: /tmp/swh-deposit/uploads + + authentication_provider: basic + + extraction_dir: "/srv/softwareheritage/deposit-archive/" + + swh_authority_url: http://deposit.swh.example/ + entrypoint-init.sh: | + #!/bin/bash + + set -e + + source /srv/softwareheritage/utils/pgsql.sh + wait_pgsql ${PGDATABASE} + + echo "Migrating db using ${DJANGO_SETTINGS_MODULE}" + django-admin migrate --settings=${DJANGO_SETTINGS_MODULE} + + swh-deposit admin user exists test || \ + swh-deposit admin user create \ + --username test \ + --password test \ + --provider-url https://softwareheritage.org \ + --domain softwareheritage.org + + entrypoint.sh: | + #!/bin/bash + + set -e + + echo "starting the swh-deposit server" + exec gunicorn --bind 0.0.0.0:5006 \ + --reload \ + --threads 2 \ + --workers 2 \ + --log-level ${LOGLEVEL} \ + --timeout 3600 \ + --access-logfile '-' \ + --config 'python:swh.deposit.gunicorn_config' \ + 'django.core.wsgi:get_wsgi_application()' +--- +apiVersion: v1 +kind: Service +metadata: + name: deposit +spec: + selector: + app: deposit + ports: + - port: 5006 + targetPort: 5006 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: deposit + labels: + name: deposit +spec: + rules: + - host: deposit.default + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: deposit + port: + number: 5006 +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: deposit-cache-pv +spec: + capacity: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Delete + storageClassName: deposit-cache-pv + local: + path: /srv/softwareheritage-kube/dev/deposit-cache + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + # TODO adapt for your needs + - key: kubernetes.io/os + operator: In + values: + - linux +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: deposit-cache-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: deposit-cache-pv + resources: + requests: + storage: 10Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deposit +spec: + selector: + matchLabels: + app: deposit + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + template: + metadata: + labels: + app: deposit + spec: + initContainers: + - name: deposit-init + image: swh/deposit:latest + imagePullPolicy: Always + command: + - /entrypoint.sh + env: + - name: PGHOST + value: "deposit-db" + - name: PGUSER + valueFrom: + configMapKeyRef: + name: deposit-db + key: POSTGRES_USER + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: deposit-db + key: POSTGRES_PASSWORD + - name: PGDATABASE + valueFrom: + configMapKeyRef: + name: deposit-db + key: POSTGRES_DB + - name: DJANGO_SETTINGS_MODULE + value: swh.deposit.settings.production + - name: SWH_CONFIG_FILENAME + value: /etc/softwareheritage/config.yml + volumeMounts: + - name: db-password + mountPath: /run/secrets/postgres-password + subPath: POSTGRES_PASSWORD + readOnly: true + - name: config + mountPath: /entrypoint.sh + subPath: entrypoint-init.sh + readOnly: true + - name: config + mountPath: /etc/softwareheritage/config.yml + subPath: config.yml + readOnly: true + containers: + - name: deposit + image: swh/deposit:latest + imagePullPolicy: Always + command: + - /entrypoint.sh + readinessProbe: + httpGet: + path: / + port: 5006 + scheme: "HTTP" + initialDelaySeconds: 0 + failureThreshold: 2 + periodSeconds: 10 + startupProbe: + httpGet: + path: / + port: 5006 + scheme: "HTTP" + initialDelaySeconds: 5 + failureThreshold: 30 + periodSeconds: 1 + resources: + requests: + memory: "196Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "512m" + ports: + - containerPort: 5006 + env: + - name: PORT + value: "5006" + - name: VERBOSITY + value: "3" + - name: DJANGO_SETTINGS_MODULE + value: swh.deposit.settings.production + - name: SWH_CONFIG_FILENAME + value: /etc/softwareheritage/config.yml + - name: LOGLEVEL + value: INFO + volumeMounts: + - name: config + mountPath: /etc/softwareheritage/config.yml + subPath: config.yml + readOnly: true + - name: config + mountPath: /entrypoint.sh + subPath: entrypoint.sh + readOnly: true + - name: deposit-cache-pvc + mountPath: /srv/softwareheritage/deposit-archive/ + volumes: + - name: config + configMap: + name: deposit + defaultMode: 0777 + - name: db-password + secret: + secretName: deposit-db + - name: deposit-cache-pvc + persistentVolumeClaim: + claimName: deposit-cache-pvc diff --git a/kubernetes/Readme.md b/kubernetes/Readme.md index 151bfdf..556ffc3 100644 --- a/kubernetes/Readme.md +++ b/kubernetes/Readme.md @@ -1,113 +1,113 @@ ## Prerequisite ### Directories ``` -sudo mkdir -p /srv/softwareheritage-kube/dev/{objects,storage-db,scheduler-db,kafka,web-db,prometheus,zookeeper/data,zookeeper/datalog,grafana,elasticsearch,redis,registry,idx-storage-db,vault-db,vault-cache,deposit-db} -sudo chown 1000:1000 /srv/softwareheritage-kube/dev/{objects,elasticsearch,vault-cache} +sudo mkdir -p /srv/softwareheritage-kube/dev/{objects,storage-db,scheduler-db,kafka,web-db,prometheus,zookeeper/data,zookeeper/datalog,grafana,elasticsearch,redis,registry,idx-storage-db,vault-db,vault-cache,deposit-db,deposit-cache} +sudo chown 1000:1000 /srv/softwareheritage-kube/dev/{objects,elasticsearch,vault-cache,deposit-cache} sudo chown -R 999:999 /srv/softwareheritage-kube/dev/*-db sudo chown 472:0 /srv/softwareheritage-kube/dev/grafana sudo chown nobody:nogroup /srv/softwareheritage-kube/dev/prometheus ``` ### Registry - Add the following line on your `/etc/hosts` file. It's needed to be able to push the image to it from docker ``` 127.0.0.1 registry.default ``` - Start the registry in kubernetes ``` kubectl apply -f kubernetes/registry/00-registry.yml ``` If you are using k3s, the registry must be declared on the `/etc/rancher/k3s/registries.yaml` as it's insecure: ``` mirrors: registry.default: endpoint: - "http://registry.default/v2/" ``` ## Build the base image ``` cd docker docker build --no-cache -t swh/stack . docker tag swh/stack:latest registry.default/swh/stack:latest docker push registry.default/swh/stack:latest ``` ## Development To access the services, they must be declared on the `/etc/hosts` file: ``` -127.0.0.1 objstorage.default storage.default webapp.default scheduler.default rabbitmq.default grafana.default prometheus.default counters.default registry-ui idx-storage.default vault.default +127.0.0.1 objstorage.default storage.default webapp.default scheduler.default rabbitmq.default grafana.default prometheus.default counters.default registry-ui idx-storage.default vault.default deposit.default ``` ### Skaffold To start the development environment using skaffold, use the following command: ``` skaffold --default-repo registry.default dev ``` It will build the images, deploy them on the local registry and start the services. It will monitor the projects to detect the changes and restart the containers when needed ## Basic commands Hint: Use tabulation to ease finding out new commands - List pods: ``` $ kubectl get pods NAME READY STATUS RESTARTS AGE registry-deployment-7595868dc8-657ps 1/1 Running 0 46m objstorage-8587d58b68-76jbn 1/1 Running 0 12m ``` - List services: ``` $ kubectl get services objstorage NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE objstorage ClusterIP 10.43.185.191 5003/TCP 17m ``` - Check service is responding: ``` $ curl http://$(kubectl get services objstorage -o jsonpath='{.spec.clusterIP}'):5003 SWH Objstorage API server% $ curl http://$(kubectl get services scheduler -o jsonpath='{.spec.clusterIP}'):5008 Software Heritage scheduler RPC server

You have reached the Software Heritage scheduler RPC server.
See its documentation and API for more information

% ``` - Force a pod to redeploy itself ``` kubectl delete pod storage-db-- ``` - Clean up registry due to too much disk space used ``` kubectl exec -ti $(kubectl get pods --no-headers -l app=registry | grep -i running | awk '{print $1}) -- /bin/registry garbage-collect -m /etc/docker/registry/config.yml ``` diff --git a/skaffold.yaml b/skaffold.yaml index 96904bb..d81151e 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -1,108 +1,115 @@ apiVersion: skaffold/v2beta13 kind: Config metadata: name: swh-environment build: local: useBuildkit: true concurrency: 2 artifacts: - image: swh/stack-base context: docker docker: dockerfile: Dockerfile - image: swh/objstorage docker: dockerfile: Dockerfile.objstorage requires: - image: swh/stack-base alias: BASE - image: swh/storage docker: dockerfile: Dockerfile.storage requires: - image: swh/stack-base alias: BASE - image: swh/scheduler docker: dockerfile: Dockerfile.scheduler requires: - image: swh/stack-base alias: BASE - image: swh/webapp docker: dockerfile: Dockerfile.webapp requires: - image: swh/stack-base alias: BASE - image: swh/loaders docker: dockerfile: Dockerfile.loaders requires: - image: swh/stack-base alias: BASE - image: swh/listers docker: dockerfile: Dockerfile.listers requires: - image: swh/stack-base alias: BASE - image: swh/grafana docker: dockerfile: Dockerfile.grafana - image: swh/search docker: dockerfile: Dockerfile.search requires: - image: swh/stack-base alias: BASE - image: swh/counters docker: dockerfile: Dockerfile.counters requires: - image: swh/stack-base alias: BASE - image: swh/indexers docker: dockerfile: Dockerfile.indexers requires: - image: swh/stack-base alias: BASE - image: swh/vault docker: dockerfile: Dockerfile.vault requires: - image: swh/stack-base alias: BASE + - image: swh/deposit + docker: + dockerfile: Dockerfile.deposit + requires: + - image: swh/stack-base + alias: BASE deploy: kubectl: manifests: - kubernetes/01-journal.yml - kubernetes/02-monitoring.yml - kubernetes/05-storage-db.yml - kubernetes/10-objstorage.yml - kubernetes/11-storage.yml - kubernetes/15-scheduler-db.yml - kubernetes/16-rabbitmq.yml - kubernetes/20-scheduler.yml - kubernetes/21-scheduler-runner.yml - kubernetes/22-scheduler-listener.yml - kubernetes/23-scheduler-journal-client.yml - kubernetes/29-web-db.yml - kubernetes/30-webapp.yml - kubernetes/40-loaders.yml - kubernetes/45-listers.yml - kubernetes/50-elasticsearch.yml - kubernetes/55-search.yml - kubernetes/56-search-journal-client.yml - kubernetes/60-redis.yml - kubernetes/61-counters.yml - kubernetes/62-counters-journal-client.yml - kubernetes/70-idx-storage-db.yml - kubernetes/71-idx-storage.yml - kubernetes/72-indexers.yml - kubernetes/73-indexer-journal-client.yml - kubernetes/80-vault-db.yml - kubernetes/81-vault.yml - kubernetes/82-cookers.yml - kubernetes/90-deposit-db.yml + - kubernetes/91-deposit.yml