From 0fc1669a874454b4951de64048491d8522df4ff8 Mon Sep 17 00:00:00 2001 From: Jordi Bagot Date: Fri, 30 Oct 2020 18:18:50 +0100 Subject: [PATCH 01/10] Add helm chart --- .gitignore | 5 ++ helm/apf/.helmignore | 23 +++++++ helm/apf/Chart.lock | 9 +++ helm/apf/Chart.yaml | 22 ++++++ helm/apf/templates/_helpers.tpl | 62 +++++++++++++++++ helm/apf/templates/certificate.yaml | 12 ++++ helm/apf/templates/deployments/app.yaml | 57 +++++++++++++++ helm/apf/templates/deployments/celery.yaml | 37 ++++++++++ helm/apf/templates/ingress.yaml | 36 ++++++++++ helm/apf/templates/secrets.yaml | 30 ++++++++ helm/apf/templates/serviceaccount.yaml | 12 ++++ helm/apf/templates/services/app.yaml | 14 ++++ helm/apf/templates/services/celery.yaml | 14 ++++ helm/apf/values.yaml | 80 ++++++++++++++++++++++ requirements.txt | 3 +- 15 files changed, 415 insertions(+), 1 deletion(-) create mode 100644 helm/apf/.helmignore create mode 100644 helm/apf/Chart.lock create mode 100644 helm/apf/Chart.yaml create mode 100644 helm/apf/templates/_helpers.tpl create mode 100644 helm/apf/templates/certificate.yaml create mode 100644 helm/apf/templates/deployments/app.yaml create mode 100644 helm/apf/templates/deployments/celery.yaml create mode 100644 helm/apf/templates/ingress.yaml create mode 100644 helm/apf/templates/secrets.yaml create mode 100644 helm/apf/templates/serviceaccount.yaml create mode 100644 helm/apf/templates/services/app.yaml create mode 100644 helm/apf/templates/services/celery.yaml create mode 100644 helm/apf/values.yaml diff --git a/.gitignore b/.gitignore index c0908767..546322e1 100644 --- a/.gitignore +++ b/.gitignore @@ -268,3 +268,8 @@ __pycache__/ # all-contributors-cli node_modules + +### Helm +helm/*/myvalues.yaml +# Dependencies +helm/*/charts \ No newline at end of file diff --git a/helm/apf/.helmignore b/helm/apf/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/apf/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/apf/Chart.lock b/helm/apf/Chart.lock new file mode 100644 index 00000000..571f3289 --- /dev/null +++ b/helm/apf/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 11.0.6 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 9.8.1 +digest: sha256:7ffea47877067e199faa37e7cd087d175e79657220cc27ad70b560448a1ea34d +generated: "2020-10-30T13:02:10.028763072+01:00" diff --git a/helm/apf/Chart.yaml b/helm/apf/Chart.yaml new file mode 100644 index 00000000..a48d42fe --- /dev/null +++ b/helm/apf/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: apf +description: A Helm chart for Kubernetes +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.16.0 + +dependencies: + - name: redis + version: 11.0.6 + repository: https://charts.bitnami.com/bitnami + - name: postgresql + version: 9.8.1 + repository: https://charts.bitnami.com/bitnami diff --git a/helm/apf/templates/_helpers.tpl b/helm/apf/templates/_helpers.tpl new file mode 100644 index 00000000..b341ec5b --- /dev/null +++ b/helm/apf/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "apf.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "apf.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "apf.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "apf.labels" -}} +helm.sh/chart: {{ include "apf.chart" . }} +{{ include "apf.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "apf.selectorLabels" -}} +app.kubernetes.io/name: {{ include "apf.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "apf.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "apf.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/apf/templates/certificate.yaml b/helm/apf/templates/certificate.yaml new file mode 100644 index 00000000..6204fbeb --- /dev/null +++ b/helm/apf/templates/certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "apf.fullname" . }}-cert +spec: + secretName: {{ include "apf.fullname" . }}-cert + issuerRef: + kind: ClusterIssuer + name: {{ .Values.certificate.issuername }} + commonName: {{ .Values.certificate.hostname }} + dnsNames: + - {{ .Values.certificate.hostname }} \ No newline at end of file diff --git a/helm/apf/templates/deployments/app.yaml b/helm/apf/templates/deployments/app.yaml new file mode 100644 index 00000000..6775b44e --- /dev/null +++ b/helm/apf/templates/deployments/app.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "apf.fullname" . }} + labels: + {{- include "apf.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.app.replicaCount }} + selector: + matchLabels: + {{- include "apf.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "apf.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "apf.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }}-celery + image: "{{ .Values.app.image }}:{{ .Values.app.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.app.pullPolicy }} + command: + - invoke + - uwsgi + - --port + - {{ .Values.app.container.port | quote }} + - -w + - {{ .Values.app.workers | quote }} + - -t + - {{ .Values.app.threads | quote }} + envFrom: + - secretRef: + name: {{ include "apf.fullname" . }} + ports: + - name: http + containerPort: {{ .Values.app.container.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 4 + readinessProbe: + httpGet: + path: / + port: http + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 4 + resources: + {{- toYaml .Values.app.resources | nindent 12 }} diff --git a/helm/apf/templates/deployments/celery.yaml b/helm/apf/templates/deployments/celery.yaml new file mode 100644 index 00000000..49067cd2 --- /dev/null +++ b/helm/apf/templates/deployments/celery.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "apf.fullname" . }}-celery + labels: + {{- include "apf.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.celery.replicaCount }} + selector: + matchLabels: + {{- include "apf.selectorLabels" . | nindent 6 }}-celery + template: + metadata: + labels: + {{- include "apf.selectorLabels" . | nindent 8 }}-celery + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "apf.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.app.image }}:{{ .Values.app.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.celery.pullPolicy }} + command: + - invoke + # - wait-for + # - redis-master:6379 + # - wait-for + # - postgresql:5432 + - celery-queues + envFrom: + - secretRef: + name: {{ include "apf.fullname" . }} + resources: + {{- toYaml .Values.celery.resources | nindent 12 }} diff --git a/helm/apf/templates/ingress.yaml b/helm/apf/templates/ingress.yaml new file mode 100644 index 00000000..77131771 --- /dev/null +++ b/helm/apf/templates/ingress.yaml @@ -0,0 +1,36 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "apf.fullname" . -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "apf.labels" . | nindent 4 }} + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web, websecure + cert-manager.io/cluster-issuer: {{ .Values.certificate.issuername | quote }} +spec: + backend: + serviceName: {{ $fullName }} + servicePort: {{ .Values.ingress.app.port }} + {{- if .Values.ingress.tls }} + tls: + secretName: {{ $fullName }}-cert + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + {{- end }} + {{- end }} diff --git a/helm/apf/templates/secrets.yaml b/helm/apf/templates/secrets.yaml new file mode 100644 index 00000000..21382e33 --- /dev/null +++ b/helm/apf/templates/secrets.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "apf.fullname" . }} + labels: + app: {{ template "apf.name" . }} + chart: {{ template "apf.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: + BASE_URL: {{ .Values.baseurl | b64enc | quote }} + DEBUG: {{ .Values.app.debug | b64enc | quote }} + LOG_LEVEL: {{ .Values.app.log_level | b64enc | quote }} + SECRET_KEY: {{ required "secret key is needed" .Values.app.secretKey | b64enc | quote }} + # Postgres + POSTGRES_DB: {{ .Values.postgresql.postgresqlDatabase | b64enc | quote }} + POSTGRES_USER: {{ .Values.postgresql.postgresqlUsername | b64enc | quote }} + POSTGRES_HOST: {{ include "postgresql.fullname" . | b64enc | quote }} + POSTGRES_PORT: {{ .Values.postgresql.service.port | b64enc | quote }} + POSTGRES_PASSWORD: {{ required "postgres password is needed" .Values.postgresql.postgresqlPassword | b64enc | quote }} + # Celery + CELERY_BROKER_PROTOCOL: {{ .Values.celery.broker.protocol | b64enc | quote }} + CELERY_BROKER_HOST: {{ include "redis.fullname" . | b64enc | quote }} + CELERY_BROKER_PORT: {{ .Values.redis.redisPort | b64enc | quote }} + CELERY_BROKER_DB: {{ .Values.redis.db | b64enc | quote }} + CELERY_REDIRECT_STDOUTS_LEVEL: {{ .Values.celery.stdouts_level | b64enc | quote }} + # Telegram + TELEGRAM_TOKEN: {{ .Values.notifications.telegram.token | b64enc | quote }} + NOTIF_TELEGRAM_ENABLED: {{ .Values.notifications.telegram.enabled | b64enc | quote }} + TELEGRAM_CHAT_IDS: {{ .Values.notifications.telegram.chatIds | b64enc | quote }} \ No newline at end of file diff --git a/helm/apf/templates/serviceaccount.yaml b/helm/apf/templates/serviceaccount.yaml new file mode 100644 index 00000000..f6a49916 --- /dev/null +++ b/helm/apf/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "apf.serviceAccountName" . }} + labels: + {{- include "apf.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/apf/templates/services/app.yaml b/helm/apf/templates/services/app.yaml new file mode 100644 index 00000000..e1e3516b --- /dev/null +++ b/helm/apf/templates/services/app.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "apf.fullname" . }} + labels: + {{- include "apf.labels" . | nindent 4 }} +spec: + ports: + - port: {{ .Values.app.service.port }} + targetPort: {{ .Values.app.service.port }} + protocol: TCP + name: http + selector: + {{- include "apf.selectorLabels" . | nindent 4 }} diff --git a/helm/apf/templates/services/celery.yaml b/helm/apf/templates/services/celery.yaml new file mode 100644 index 00000000..27904536 --- /dev/null +++ b/helm/apf/templates/services/celery.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "apf.fullname" . }}-celery + labels: + {{- include "apf.labels" . | nindent 4 }}-celery +spec: + ports: + - port: {{ .Values.celery.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "apf.selectorLabels" . | nindent 4 }}-celery diff --git a/helm/apf/values.yaml b/helm/apf/values.yaml new file mode 100644 index 00000000..f1c475fa --- /dev/null +++ b/helm/apf/values.yaml @@ -0,0 +1,80 @@ +baseurl: https://nemperfeina.cat + +app: + image: geekscat/anem-per-feina + # Overrides the image tag whose default is the chart appVersion. + tag: latest + pullPolicy: Always + # workers is the amount of forked workers the server will have + workers: 4 + # threads is the amount of threads per worker + threads: 2 + debug: "True" + log_level: INFO + secretKey: null + container: + port: 8000 + service: + port: 8000 + resources: {} + replicaCount: 1 + +postgresql: + serviceAccount: + enabled: true + postgresqlUsername: anemperfeina + postgresqlPassword: null + postgresqlDatabase: anemperfeina + service: + port: "5432" + +redis: + serviceAccount: + create: true + redisPort: "6379" + usePassword: false + db: "0" + +celery: + broker: + protocol: redis + pullPolicy: Always + service: + port: 8000 + resources: {} + stdouts_level: INFO + replicaCount: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +ingress: + enabled: false + app: + port: 80 + hosts: + - host: nemperfeina.cat + paths: + - path: / + serviceName: aaa + servicePort: 8000 + +certificate: + hostname: nemperfeina.cat + issuername: letsencrypt-prod + +notifications: + telegram: + enabled: "True" + chatIds: "@chatID,@chatID2" + token: null diff --git a/requirements.txt b/requirements.txt index c3c78eac..f4168204 100644 --- a/requirements.txt +++ b/requirements.txt @@ -45,4 +45,5 @@ redis==3.5.3 celery==5.0.1 python-telegram-bot==13.0.0 python-twitter==3.5 -inclusive-django-range-fields==0.2.3 \ No newline at end of file +inclusive-django-range-fields==0.2.3 +uwsgi==2.0.19.1 From 9cb3fd553858ff4397f2760da812535e48b5b82b Mon Sep 17 00:00:00 2001 From: Jordi Bagot Date: Sat, 31 Oct 2020 14:35:05 +0100 Subject: [PATCH 02/10] Add build-essentials --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index c5b3dcdf..326cbd7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,7 @@ WORKDIR /anem-per-feina/ RUN apt-get update \ && apt-get install --no-install-recommends -qy wait-for-it \ + build-essential \ && rm -rf /var/lib/apt/list/* COPY requirements.txt ./ From 4dbde569cd06b399b42a806b9fd1134113570ab4 Mon Sep 17 00:00:00 2001 From: Jordi Bagot Date: Sat, 31 Oct 2020 20:37:19 +0100 Subject: [PATCH 03/10] Fix ingress and secrets --- Dockerfile.test | 1 + helm/apf/templates/deployments/app.yaml | 1 + helm/apf/templates/deployments/celery.yaml | 4 ---- helm/apf/templates/ingress.yaml | 26 +++++++++------------- helm/apf/templates/secrets.yaml | 4 ++-- helm/apf/values.yaml | 3 +-- tasks.py | 4 ++-- 7 files changed, 18 insertions(+), 25 deletions(-) diff --git a/Dockerfile.test b/Dockerfile.test index 12869447..7c8d9e71 100644 --- a/Dockerfile.test +++ b/Dockerfile.test @@ -5,6 +5,7 @@ WORKDIR /anem-per-feina/ RUN apt-get update \ && apt-get install --no-install-recommends -qy wait-for-it \ + build-essential \ && rm -rf /var/lib/apt/list/* COPY requirements.txt ./ diff --git a/helm/apf/templates/deployments/app.yaml b/helm/apf/templates/deployments/app.yaml index 6775b44e..408003f0 100644 --- a/helm/apf/templates/deployments/app.yaml +++ b/helm/apf/templates/deployments/app.yaml @@ -25,6 +25,7 @@ spec: imagePullPolicy: {{ .Values.app.pullPolicy }} command: - invoke + - migrate - uwsgi - --port - {{ .Values.app.container.port | quote }} diff --git a/helm/apf/templates/deployments/celery.yaml b/helm/apf/templates/deployments/celery.yaml index 49067cd2..222b90e1 100644 --- a/helm/apf/templates/deployments/celery.yaml +++ b/helm/apf/templates/deployments/celery.yaml @@ -25,10 +25,6 @@ spec: imagePullPolicy: {{ .Values.celery.pullPolicy }} command: - invoke - # - wait-for - # - redis-master:6379 - # - wait-for - # - postgresql:5432 - celery-queues envFrom: - secretRef: diff --git a/helm/apf/templates/ingress.yaml b/helm/apf/templates/ingress.yaml index 77131771..aabbea21 100644 --- a/helm/apf/templates/ingress.yaml +++ b/helm/apf/templates/ingress.yaml @@ -1,10 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "apf.fullname" . -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} @@ -14,23 +10,23 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: web, websecure cert-manager.io/cluster-issuer: {{ .Values.certificate.issuername | quote }} spec: - backend: - serviceName: {{ $fullName }} - servicePort: {{ .Values.ingress.app.port }} {{- if .Values.ingress.tls }} tls: - secretName: {{ $fullName }}-cert + - secretName: {{ $fullName }}-cert {{- end }} rules: {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ .serviceName }} - servicePort: {{ .servicePort }} - {{- end }} + {{- range .paths }} + - path: {{ .path }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ .servicePort }} + {{- end }} {{- end }} {{- end }} diff --git a/helm/apf/templates/secrets.yaml b/helm/apf/templates/secrets.yaml index 21382e33..1401b138 100644 --- a/helm/apf/templates/secrets.yaml +++ b/helm/apf/templates/secrets.yaml @@ -15,12 +15,12 @@ data: # Postgres POSTGRES_DB: {{ .Values.postgresql.postgresqlDatabase | b64enc | quote }} POSTGRES_USER: {{ .Values.postgresql.postgresqlUsername | b64enc | quote }} - POSTGRES_HOST: {{ include "postgresql.fullname" . | b64enc | quote }} + POSTGRES_HOST: {{ printf "%s-postgresql" (include "apf.name" .) | b64enc | quote }} POSTGRES_PORT: {{ .Values.postgresql.service.port | b64enc | quote }} POSTGRES_PASSWORD: {{ required "postgres password is needed" .Values.postgresql.postgresqlPassword | b64enc | quote }} # Celery CELERY_BROKER_PROTOCOL: {{ .Values.celery.broker.protocol | b64enc | quote }} - CELERY_BROKER_HOST: {{ include "redis.fullname" . | b64enc | quote }} + CELERY_BROKER_HOST: {{ printf "%s-redis-master" (include "apf.name" .) | b64enc | quote }} CELERY_BROKER_PORT: {{ .Values.redis.redisPort | b64enc | quote }} CELERY_BROKER_DB: {{ .Values.redis.db | b64enc | quote }} CELERY_REDIRECT_STDOUTS_LEVEL: {{ .Values.celery.stdouts_level | b64enc | quote }} diff --git a/helm/apf/values.yaml b/helm/apf/values.yaml index f1c475fa..1465201e 100644 --- a/helm/apf/values.yaml +++ b/helm/apf/values.yaml @@ -59,14 +59,13 @@ serviceAccount: name: "" ingress: - enabled: false + enabled: true app: port: 80 hosts: - host: nemperfeina.cat paths: - path: / - serviceName: aaa servicePort: 8000 certificate: diff --git a/tasks.py b/tasks.py index 08e54b33..61b36223 100644 --- a/tasks.py +++ b/tasks.py @@ -52,8 +52,8 @@ def uwsgi( command_args = [ "uwsgi", - "--chdir=..", - "--module=bff.config.wsgi:application", + "--chdir=.", + "--module=jobs.wsgi:application", "--master", listen, f"--processes={workers}", From fa952796e93c676c789908a4e84cf60dfdfbcc4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:40:30 +0100 Subject: [PATCH 04/10] Use current runserver, uwsgi should be implemented in another PR --- helm/apf/templates/deployments/app.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/helm/apf/templates/deployments/app.yaml b/helm/apf/templates/deployments/app.yaml index 408003f0..dd5f0fa9 100644 --- a/helm/apf/templates/deployments/app.yaml +++ b/helm/apf/templates/deployments/app.yaml @@ -26,13 +26,17 @@ spec: command: - invoke - migrate - - uwsgi - - --port - - {{ .Values.app.container.port | quote }} - - -w - - {{ .Values.app.workers | quote }} - - -t - - {{ .Values.app.threads | quote }} + - runserver + # command: + # - invoke + # - migrate + # - uwsgi + # - --port + # - {{ .Values.app.container.port | quote }} + # - -w + # - {{ .Values.app.workers | quote }} + # - -t + # - {{ .Values.app.threads | quote }} envFrom: - secretRef: name: {{ include "apf.fullname" . }} From 2a6419e206b1884ad201030b06f603c62e380aea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:40:49 +0100 Subject: [PATCH 05/10] Make it k8s 1.18+ compatible --- helm/apf/templates/ingress.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/helm/apf/templates/ingress.yaml b/helm/apf/templates/ingress.yaml index aabbea21..f6ae1cda 100644 --- a/helm/apf/templates/ingress.yaml +++ b/helm/apf/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "apf.fullname" . -}} -apiVersion: networking.k8s.io/v1 +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ $fullName }} @@ -23,10 +23,8 @@ spec: - path: {{ .path }} pathType: Prefix backend: - service: - name: {{ $fullName }} - port: - number: {{ .servicePort }} + serviceName: {{ $fullName }} + servicePort: {{ .servicePort }} {{- end }} {{- end }} {{- end }} From b05e696f12ab3754447efd23b9571c5fbf647c26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:45:00 +0100 Subject: [PATCH 06/10] Fix baseUrl naming --- helm/apf/templates/secrets.yaml | 2 +- helm/apf/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/apf/templates/secrets.yaml b/helm/apf/templates/secrets.yaml index 1401b138..f66fad9b 100644 --- a/helm/apf/templates/secrets.yaml +++ b/helm/apf/templates/secrets.yaml @@ -8,7 +8,7 @@ metadata: release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} data: - BASE_URL: {{ .Values.baseurl | b64enc | quote }} + BASE_URL: {{ .Values.baseUrl | b64enc | quote }} DEBUG: {{ .Values.app.debug | b64enc | quote }} LOG_LEVEL: {{ .Values.app.log_level | b64enc | quote }} SECRET_KEY: {{ required "secret key is needed" .Values.app.secretKey | b64enc | quote }} diff --git a/helm/apf/values.yaml b/helm/apf/values.yaml index 1465201e..77438695 100644 --- a/helm/apf/values.yaml +++ b/helm/apf/values.yaml @@ -1,4 +1,4 @@ -baseurl: https://nemperfeina.cat +baseUrl: https://nemperfeina.cat app: image: geekscat/anem-per-feina From e41a576f0763f8eb15b404ec4827cc97ac1f5a33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:46:18 +0100 Subject: [PATCH 07/10] Add needed env vars --- helm/apf/templates/secrets.yaml | 22 +++++++++++++++++++--- helm/apf/values.yaml | 21 ++++++++++++++++++++- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/helm/apf/templates/secrets.yaml b/helm/apf/templates/secrets.yaml index f66fad9b..21118264 100644 --- a/helm/apf/templates/secrets.yaml +++ b/helm/apf/templates/secrets.yaml @@ -9,22 +9,38 @@ metadata: heritage: {{ .Release.Service | quote }} data: BASE_URL: {{ .Values.baseUrl | b64enc | quote }} + BASE_EMAIL: {{ .Values.baseEmail | b64enc | quote }} DEBUG: {{ .Values.app.debug | b64enc | quote }} + SILENCED_SYSTEM_CHECKS: {{ .Values.app.silencedSystemChecks | b64enc | quote }} LOG_LEVEL: {{ .Values.app.log_level | b64enc | quote }} SECRET_KEY: {{ required "secret key is needed" .Values.app.secretKey | b64enc | quote }} # Postgres POSTGRES_DB: {{ .Values.postgresql.postgresqlDatabase | b64enc | quote }} POSTGRES_USER: {{ .Values.postgresql.postgresqlUsername | b64enc | quote }} - POSTGRES_HOST: {{ printf "%s-postgresql" (include "apf.name" .) | b64enc | quote }} + POSTGRES_HOST: {{ printf "%s-postgresql" (include "apf.fullname" .) | b64enc | quote }} POSTGRES_PORT: {{ .Values.postgresql.service.port | b64enc | quote }} POSTGRES_PASSWORD: {{ required "postgres password is needed" .Values.postgresql.postgresqlPassword | b64enc | quote }} # Celery CELERY_BROKER_PROTOCOL: {{ .Values.celery.broker.protocol | b64enc | quote }} - CELERY_BROKER_HOST: {{ printf "%s-redis-master" (include "apf.name" .) | b64enc | quote }} + CELERY_BROKER_HOST: {{ printf "%s-redis-master" (include "apf.fullname" .) | b64enc | quote }} CELERY_BROKER_PORT: {{ .Values.redis.redisPort | b64enc | quote }} CELERY_BROKER_DB: {{ .Values.redis.db | b64enc | quote }} CELERY_REDIRECT_STDOUTS_LEVEL: {{ .Values.celery.stdouts_level | b64enc | quote }} # Telegram TELEGRAM_TOKEN: {{ .Values.notifications.telegram.token | b64enc | quote }} NOTIF_TELEGRAM_ENABLED: {{ .Values.notifications.telegram.enabled | b64enc | quote }} - TELEGRAM_CHAT_IDS: {{ .Values.notifications.telegram.chatIds | b64enc | quote }} \ No newline at end of file + TELEGRAM_CHAT_IDS: {{ .Values.notifications.telegram.chatIds | b64enc | quote }} + # Twitter + NOTIF_TWITTER_ENABLED: {{ .Values.notifications.twitter.enabled | b64enc | quote }} + TWITTER_API_KEY: {{ .Values.notifications.twitter.apiKey | b64enc | quote }} + TWITTER_API_SECRET: {{ .Values.notifications.twitter.apiSecret | b64enc | quote }} + TWITTER_ACCESS_TOKEN: {{ .Values.notifications.twitter.accessToken | b64enc | quote }} + TWITTER_ACCESS_TOKEN_SECRET: {{ .Values.notifications.twitter.accessTokenSecret | b64enc | quote }} + # Social Auth + SOCIAL_AUTH_GITHUB_KEY: {{ .Values.socialAuth.githubKey | b64enc | quote }} + SOCIAL_AUTH_GITHUB_SECRET: {{ .Values.socialAuth.githubSecret | b64enc | quote }} + # Recaptcha + RECAPTCHA_PUBLIC_KEY: {{ .Values.recaptcha.publicKey | b64enc | quote }} + RECAPTCHA_PRIVATE_KEY: {{ .Values.recaptcha.privateKey | b64enc | quote }} + # Sentry + SENTRY_URL: {{ .Values.sentry.dsn | b64enc | quote }} \ No newline at end of file diff --git a/helm/apf/values.yaml b/helm/apf/values.yaml index 77438695..ba8787da 100644 --- a/helm/apf/values.yaml +++ b/helm/apf/values.yaml @@ -1,4 +1,5 @@ baseUrl: https://nemperfeina.cat +baseEmail: it@geekscat.org app: image: geekscat/anem-per-feina @@ -10,6 +11,7 @@ app: # threads is the amount of threads per worker threads: 2 debug: "True" + silencedSystemChecks: "[]" log_level: INFO secretKey: null container: @@ -74,6 +76,23 @@ certificate: notifications: telegram: - enabled: "True" + enabled: "False" chatIds: "@chatID,@chatID2" token: null + twitter: + enabled: "False" + apiKey: null + apiSecret: null + accessToken: null + accessTokenSecret: null + +socialAuth: + githubKey: null + githubSecret: null + +recaptcha: + publicKey: null + privateKey: null + +sentry: + dsn: null \ No newline at end of file From 093a824b1bc67b17e440e02ed6fb277b4a175b09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:46:31 +0100 Subject: [PATCH 08/10] Use nemperfeina name --- helm/apf/Chart.yaml | 4 ++-- helm/apf/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/apf/Chart.yaml b/helm/apf/Chart.yaml index a48d42fe..3d3615a1 100644 --- a/helm/apf/Chart.yaml +++ b/helm/apf/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: apf -description: A Helm chart for Kubernetes +name: npf +description: Nem per feina Chart type: application # This is the chart version. This version number should be incremented each time you make changes diff --git a/helm/apf/values.yaml b/helm/apf/values.yaml index ba8787da..b0992e95 100644 --- a/helm/apf/values.yaml +++ b/helm/apf/values.yaml @@ -2,7 +2,7 @@ baseUrl: https://nemperfeina.cat baseEmail: it@geekscat.org app: - image: geekscat/anem-per-feina + image: geekscat/nem-per-feina # Overrides the image tag whose default is the chart appVersion. tag: latest pullPolicy: Always @@ -24,9 +24,9 @@ app: postgresql: serviceAccount: enabled: true - postgresqlUsername: anemperfeina + postgresqlUsername: nemperfeina postgresqlPassword: null - postgresqlDatabase: anemperfeina + postgresqlDatabase: nemperfeina service: port: "5432" From f9927623faf3b11fc533aedbcb9fa9c5a3fabef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:47:18 +0100 Subject: [PATCH 09/10] Bump to v0.2.0 --- helm/apf/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/apf/Chart.yaml b/helm/apf/Chart.yaml index 3d3615a1..97e4eead 100644 --- a/helm/apf/Chart.yaml +++ b/helm/apf/Chart.yaml @@ -6,7 +6,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From a1988e94e3b004150dd3d8f04eed4c325587fbca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Torell=C3=B3?= Date: Fri, 6 Nov 2020 07:59:34 +0100 Subject: [PATCH 10/10] Add Helm Chart deployment instructions --- README.md | 23 ++++++++++------ helm/apf/README.md | 65 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 8 deletions(-) create mode 100644 helm/apf/README.md diff --git a/README.md b/README.md index d3f07b31..ecef36f3 100644 --- a/README.md +++ b/README.md @@ -14,13 +14,14 @@ Show your support by 🌟 the project!! -* [The project](#the-project) -* [Contributing](#contributing) -* [Tech stack](#tech-stack) -* [Setup backend development environment](#setup-backend-development-environment) - * [Docker](#docker) - * [Local venv](#local-venv) -* [Contributors](#contributors) +- [The project](#the-project) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [Tech stack](#tech-stack) +- [Setup backend development environment](#setup-backend-development-environment) + - [Docker](#docker) + - [Local venv](#local-venv) +- [Contributors](#contributors) ## The project @@ -34,7 +35,13 @@ We forked the open source project [django-job-portal](https://github.com/manjuru ### Kubernetes deployment -To deploy to a k8s cluster see the [k8s manifests](/manifests/README.md) +#### Using k8s manifests + +To deploy to a k8s cluster using core manifests see the [NPF k8s manifests](/manifests/README.md) + +#### Using Helm Chart + +To deploy to a k8s cluster see the [NPF Helm Chart](/helm/npf/README.md) ## Contributing diff --git a/helm/apf/README.md b/helm/apf/README.md new file mode 100644 index 00000000..8e2d6cc3 --- /dev/null +++ b/helm/apf/README.md @@ -0,0 +1,65 @@ +# Helm Chart + +This provides our NPF Helm Chart + +## Deployment + +Create your deployment values file overriding [base values](values.yaml): + +```bash +cat values-prod.yaml + +baseUrl: https://nemperfeina.cat +baseEmail: it@geekscat.org + +app: + image: geekscat/nem-per-feina + tag: latest + workers: 4 + threads: 2 + debug: "False" + log_level: INFO + secretKey: this-is-not-an-strong-password + replicaCount: 1 + +postgresql: + postgresqlPassword: this-is-not-an-strong-password + +celery: + stdouts_level: INFO + replicaCount: 1 + +ingress: + hosts: + - host: nemperfeina.cat + paths: + - path: / + servicePort: 8000 + +... +``` + +```bash +# Create namespace +kubectl create ns $SOME_NAME + +# Install Chart with our custom overrides +helm -n $SOME_NAME install $SOME_NAME helm/apf -f values-prod.yaml +``` + +## Troubleshooting + +Ingress API changed before 1.18+, so remember to define your IngressClass (and opt mark it as defautl) with something like: + +```yaml +apiVersion: networking.k8s.io/v1beta1 +kind: IngressClass +metadata: + name: traefik + annotations: + ingressclass.kubernetes.io/is-default-class: 'true' +spec: + controller: traefik.io/ingress-controller +``` + +If you don't want to define it as `default-class`, pass `ingressClassName: traefik` to your `Ingress.spec`