staging: Deploy webapp in elastic infra
This deploys a webapp with a storage (with postgresql backend).
In effect, this aligns the current static staging webapp (with the endpoints behind basic http authentication).
This also:
- adds a missing cronjob (syncmail-maps) and deploy it for the new webapp running in 'swh' namespace.
- aligns the webapp-cassandra (with the same http endpoints behind authentication)
make swh-helm-diff
[swh] Comparing changes between branches production and migrate-staging-webapp (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'migrate-staging-webapp'
[swh] Generate config in migrate-staging-webapp branch for environment staging...
[swh] Generate config in migrate-staging-webapp branch for environment staging...
[swh] Generate config in migrate-staging-webapp branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'migrate-staging-webapp'
[swh] Generate config in migrate-staging-webapp branch for environment production...
[swh] Generate config in migrate-staging-webapp branch for environment production...
[swh] Generate config in migrate-staging-webapp branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.qOLA98PU/staging-swh.before 2023-10-17 17:23:03.165668555 +0200
+++ /tmp/swh-chart.swh.qOLA98PU/staging-swh.after 2023-10-17 17:23:03.897668146 +0200
@@ -4088,20 +4088,116 @@
if [ -e "${DB_VERSION}" ]; then
echo "Unable to find the code version"
exit 1
fi
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
+# Source: swh/templates/web/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: web-configuration-template
+data:
+ config.yml.template: |
+ storage:
+ cls: remote
+ url: http://storage:5002
+ search:
+ cls: remote
+ url: http://search0.internal.staging.swh.network:5010
+ scheduler:
+ cls: remote
+ url: http://scheduler.internal.staging.swh.network
+ vault:
+ cls: remote
+ url: http://vault-rpc-ingress
+ indexer_storage:
+ cls: remote
+ url: http://storage1.internal.staging.swh.network:5007/
+ counters_backend: swh-counters
+ counters:
+ cls: remote
+ url: http://counters0.internal.staging.swh.network:5011/
+
+ secret_key: ${DJANGO_SECRET_KEY}
+ production_db:
+
+ host: db1.internal.staging.swh.network
+ port: 5432
+ name: swh-web
+ user: swh-web
+ password: ${POSTGRESQL_PASSWORD}
+ client_config:
+ sentry_dsn: ${SWH_SENTRY_DSN}
+ throttling:
+ cache_uri: memcached:11211
+ scopes:
+ swh_api:
+ exempted_networks:
+ - 10.42.0.0/16
+ - 10.43.0.0/16
+ - 192.168.130.0/24
+ limiter_rate:
+ default: 120/h
+ swh_vault_cooking:
+ exempted_networks:
+ - 10.42.0.0/16
+ - 10.43.0.0/16
+ - 192.168.130.0/24
+ limiter_rate:
+ GET: 60/m
+ default: 120/h
+ swh_api_origin_search:
+ limiter_rate:
+ default: 10/m
+ swh_api_origin_visit_latest:
+ limiter_rate:
+ default: 700/m
+ swh_save_origin:
+ limiter_rate:
+ POST: 10/h
+ default: 120/h
+ add_forge_now:
+ email_address: add-forge-now@webapp.staging.swh.network
+ allowed_hosts:
+ - webapp-postgresql.internal.staging.swh.network
+ content_display_max_size: 5242880
+ give:
+ public_key: ${GIVE_PUBLIC_KEY}
+ token: ${GIVE_PRIVATE_TOKEN}
+ history_counters_url: http://counters0.internal.staging.swh.network:5011/counters_history/history.json
+ instance_name: webapp-postgresql.internal.staging.swh.network
+ keycloak:
+ realm_name: SoftwareHeritageStaging
+ server_url: https://auth.softwareheritage.org/auth/
+ matomo: {}
+ search_config:
+ metadata_backend: swh-search
+ swh_extra_django_apps:
+ - swh.web.add_forge_now
+ - swh.web.archive_coverage
+ - swh.web.badges
+ - swh.web.banners
+ - swh.web.deposit
+ - swh.web.inbound_email
+ - swh.web.jslicenses
+ - swh.web.mailmap
+ - swh.web.metrics
+ - swh.web.save_code_now
+ - swh.web.save_origin_webhooks
+ - swh.web.vault
+---
# Source: swh/charts/keda/templates/crds/crd-clustertriggerauthentications.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/name: keda-operator
helm.sh/chart: keda-2.11.0
app.kubernetes.io/component: operator
@@ -13723,20 +13819,39 @@
app: prometheus-statsd-exporter
ports:
- name: statsd
port: 9125
targetPort: 9125
protocol: UDP
- name: http
port: 9102
targetPort: 9102
---
+# Source: swh/templates/web/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: web
+ namespace: swh
+spec:
+ type: ClusterIP
+ selector:
+ app: web
+ ports:
+ - port: 5004
+ targetPort: 5004
+ name: rpc
+
+ - port: 80
+ targetPort: 80
+ name: webstatic
+---
# Source: swh/charts/keda/templates/manager/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: keda-operator
namespace: default
annotations:
{}
labels:
app: keda-operator
@@ -21379,20 +21494,272 @@
defaultMode: 0777
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: toolbox-script-utils
configMap:
name: toolbox-script-utils
defaultMode: 0555
---
+# Source: swh/templates/web/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: swh
+ name: web
+ labels:
+ app: web
+spec:
+ revisionHistoryLimit: 2
+ selector:
+ matchLabels:
+ app: web
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: web
+ annotations:
+ checksum/config: 809af0fb83e39a1b7f9356e53203fc239fa9483229ce1c40c0741d9a673cfe3d
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/web
+ operator: In
+ values:
+ - "true"
+ priorityClassName: swh-frontend-rpc
+
+ initContainers:
+ - name: prepare-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-web-secrets
+ key: postgres-swh-web-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: GIVE_PRIVATE_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: private-token
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: GIVE_PUBLIC_KEY
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: public-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ - name: do-migration
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231010.1
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ command:
+ - django-admin
+ args:
+ - migrate
+ - --settings=swh.web.settings.production
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+
+ - name: prepare-static
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231010.1
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
+ volumeMounts:
+ - name: static
+ mountPath: /usr/share/swh/web/static
+ containers:
+ - name: web
+ resources:
+ requests:
+ memory: 500Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231010.1
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 5004
+ name: webapp
+ readinessProbe:
+ httpGet:
+ path: /
+ port: webapp
+ httpHeaders:
+ - name: Host
+ value: webapp-postgresql.internal.staging.swh.network
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ timeoutSeconds: 30
+ livenessProbe:
+ httpGet:
+ path: /
+ port: webapp
+ httpHeaders:
+ - name: Host
+ value: webapp-postgresql.internal.staging.swh.network
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ timeoutSeconds: 30
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - /opt/swh/entrypoint.sh
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: LOG_LEVEL
+ value: "INFO"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: staging
+ - name: SWH_MAIN_PACKAGE
+ value: swh.web
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: true
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ readOnly: true
+ - name: nginx
+ resources:
+ requests:
+ memory: 500Mi
+ cpu: 500m
+ image: nginx:bullseye
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ name: webstatic
+ readinessProbe:
+ httpGet:
+ path: static/robots.txt
+ port: webstatic
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ livenessProbe:
+ httpGet:
+ path: static/robots.txt
+ port: webstatic
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ volumeMounts:
+ - name: static
+ mountPath: /usr/share/nginx/html
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: web-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ - name: static
+ emptyDir: {}
+---
+# Source: swh/templates/web/autoscaling.yaml
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ namespace: swh
+ name: web
+ labels:
+ app: web
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: web
+ minReplicas: 2
+ maxReplicas: 3
+ metrics:
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: 50
+---
# Source: swh/templates/scheduler/update-metrics-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: scheduler-update-metrics-cronjob
spec:
# By default, every 4h at midnight
schedule: "0/10 * * * *"
jobTemplate:
spec:
@@ -21474,20 +21841,264 @@
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
name: scheduler-update-metrics-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
restartPolicy: OnFailure
---
+# Source: swh/templates/web/refresh-savecodenow-statuses-cronjob.yaml
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: refresh-savecodenow-statuses-cronjob
+spec:
+ # By default, hourly at minute 15
+ schedule: "* * * * *"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ priorityClassName: swh-frontend-rpc-workload
+
+ initContainers:
+ - name: prepare-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-web-secrets
+ key: postgres-swh-web-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: GIVE_PRIVATE_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: private-token
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: GIVE_PUBLIC_KEY
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: public-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: true
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ containers:
+ - name: sync-mailmaps
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231010.1
+ command:
+ - /opt/swh/entrypoint.sh
+ args:
+ # - shell
+ # - sleep
+ # - infinity
+ - refresh
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: LOG_LEVEL
+ value: INFO
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: staging
+ - name: SWH_MAIN_PACKAGE
+ value: swh.web
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # if the setting doesn't exist, sentry issue pushes will be disabled
+ optional: false
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+ imagePullPolicy: IfNotPresent
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: web-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ restartPolicy: OnFailure
+---
+# Source: swh/templates/web/sync-mailmaps-cronjob.yaml
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: sync-mailmaps-cronjob
+spec:
+ # By default, hourly at minute 15
+ schedule: "15 * * * *"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ priorityClassName: swh-frontend-rpc-workload
+
+ initContainers:
+ - name: prepare-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-web-secrets
+ key: postgres-swh-web-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: GIVE_PRIVATE_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: private-token
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: GIVE_PUBLIC_KEY
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: public-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: true
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ containers:
+ - name: sync-mailmaps
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231010.1
+ command:
+ - /opt/swh/entrypoint.sh
+ args:
+ # - shell
+ # - sleep
+ # - infinity
+ - refresh
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: LOG_LEVEL
+ value: INFO
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: staging
+ - name: SWH_MAIN_PACKAGE
+ value: swh.web
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # if the setting doesn't exist, sentry issue pushes will be disabled
+ optional: false
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+ imagePullPolicy: IfNotPresent
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: web-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ restartPolicy: OnFailure
+---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
nginx.ingress.kubernetes.io/rewrite-target: /
@@ -21557,20 +22168,118 @@
http:
paths:
- path: /scheduler_metrics/get
pathType: Prefix
backend:
service:
name: scheduler-rpc
port:
number: 5008
---
+# Source: swh/templates/web/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: web-ingress-authenticated
+ annotations:
+ nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
+
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
+ # type of authentication
+ nginx.ingress.kubernetes.io/auth-type: basic
+ # an htpasswd file in the key auth within the secret
+ nginx.ingress.kubernetes.io/auth-secret-type: auth-file
+ # name of the secret that contains the user/password definitions
+ nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/web-auth-secrets
+ # message to display with an appropriate context why the authentication is required
+ nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+
+spec:
+ rules:
+ - host: webapp-postgresql.internal.staging.swh.network
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ tls:
+ - hosts:
+ - webapp-postgresql.internal.staging.swh.network
+ secretName: swh-web-crt
+---
+# Source: swh/templates/web/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: web-ingress-default
+ annotations:
+ nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
+
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
+
+spec:
+ rules:
+ - host: webapp-postgresql.internal.staging.swh.network
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 80
+
+ tls:
+ - hosts:
+ - webapp-postgresql.internal.staging.swh.network
+ secretName: swh-web-crt
+---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
labels:
app.kubernetes.io/name: v1beta1.external.metrics.k8s.io
helm.sh/chart: keda-2.11.0
app.kubernetes.io/component: operator
app.kubernetes.io/managed-by: Helm
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.qOLA98PU/staging-swh-cassandra.before 2023-10-17 17:23:03.409668418 +0200
+++ /tmp/swh-chart.swh.qOLA98PU/staging-swh-cassandra.after 2023-10-17 17:23:04.141668009 +0200
@@ -20912,20 +20912,77 @@
service:
name: vault-rpc
port:
number: 5005
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
+ name: web-ingress-authenticated
+ annotations:
+ nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
+
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
+ # type of authentication
+ nginx.ingress.kubernetes.io/auth-type: basic
+ # an htpasswd file in the key auth within the secret
+ nginx.ingress.kubernetes.io/auth-secret-type: auth-file
+ # name of the secret that contains the user/password definitions
+ nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/web-auth-secrets
+ # message to display with an appropriate context why the authentication is required
+ nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+
+spec:
+ rules:
+ - host: webapp-cassandra.internal.staging.swh.network
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ tls:
+ - hosts:
+ - webapp-cassandra.internal.staging.swh.network
+ secretName: swh-web-crt
+---
+# Source: swh/templates/web/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh-cassandra
name: web-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.qOLA98PU/staging-swh-cassandra-next-version.before 2023-10-17 17:23:03.645668287 +0200
+++ /tmp/swh-chart.swh.qOLA98PU/staging-swh-cassandra-next-version.after 2023-10-17 17:23:04.369667881 +0200
@@ -20912,20 +20912,77 @@
service:
name: vault-rpc
port:
number: 5005
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
+ name: web-ingress-authenticated
+ annotations:
+ nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
+
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
+ # type of authentication
+ nginx.ingress.kubernetes.io/auth-type: basic
+ # an htpasswd file in the key auth within the secret
+ nginx.ingress.kubernetes.io/auth-secret-type: auth-file
+ # name of the secret that contains the user/password definitions
+ nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/web-auth-secrets
+ # message to display with an appropriate context why the authentication is required
+ nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+
+spec:
+ rules:
+ - host: webapp-cassandra-next-version.internal.staging.swh.network
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ tls:
+ - hosts:
+ - webapp-cassandra-next-version.internal.staging.swh.network
+ secretName: swh-web-crt
+---
+# Source: swh/templates/web/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh-cassandra-next-version
name: web-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
------------- diff for environment production namespace swh -------------
No differences
------------- diff for environment production namespace swh-cassandra -------------
No differencesEdited by Antoine R. Dumont