production/web: Deploy instance in dynamic infra
This deploys an equivalent instance of what moma is currently running for the main webapp. The difference being it uses the dynamic infra deployed services (search, storage-read-only, indexer-storage-read-only).
For non migrated services yet (counters, vault), it still uses the static services.
Once this is landed, it will remain to actually open it to the web (after fixing papercuts if any).
make swh-helm-diff
[swh] Comparing changes between branches production and production-deploy-webapp (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in production-deploy-webapp branch for environment staging...
[swh] Generate config in production-deploy-webapp branch for environment staging...
[swh] Generate config in production-deploy-webapp branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in production-deploy-webapp branch for environment production...
[swh] Generate config in production-deploy-webapp branch for environment production...
[swh] Generate config in production-deploy-webapp branch for environment production...
------------- diff for environment staging namespace swh -------------
No differences
------------- diff for environment staging namespace swh-cassandra -------------
No differences
------------- diff for environment staging namespace swh-cassandra-next-version -------------
No differences
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.aJ0Sxuhy/production-swh.before 2023-12-14 10:32:51.139557816 +0100
+++ /tmp/swh-chart.swh.aJ0Sxuhy/production-swh.after 2023-12-14 10:32:51.599562102 +0100
@@ -6020,20 +6020,165 @@
if [ -e "${DB_VERSION}" ]; then
echo "Unable to find the code version"
exit 1
fi
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
+# Source: swh/templates/web/configmap-pgservice.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: pgservice-configuration-template
+data:
+ pg-service-conf: |
+ [syncmailmaps]
+ dbname=swh
+ host=db.internal.softwareheritage.org
+ port=5432
+ user=swhmailmap
+---
+# Source: swh/templates/web/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: web-configuration-template
+data:
+ config.yml.template: |
+ instance_name: archive.softwareheritage.org
+ allowed_hosts:
+ - archive.softwareheritage.org
+ - webapp1.internal.softwareheritage.org
+ - base.softwareheritage.org
+ - archive.internal.softwareheritage.org
+ storage:
+ cls: remote
+ url: http://storage-azure-read-only-rpc-ingress
+ search:
+ cls: remote
+ url: http://search-rpc-ingress
+ scheduler:
+ cls: remote
+ url: http://scheduler.internal.softwareheritage.org
+ vault:
+ cls: remote
+ url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+ indexer_storage:
+ cls: remote
+ url: http://indexer-storage-read-only-rpc-ingress
+ counters_backend: swh-counters
+ counters:
+ cls: remote
+ url: http://counters1.internal.softwareheritage.org:5011/
+ add_forge_now:
+ email_address: add-forge-now@archive.softwareheritage.org
+
+ secret_key: ${DJANGO_SECRET_KEY}
+ production_db:
+
+ host: db.internal.staging.swh.network
+ port: 5432
+ name: swh-web
+ user: swh-web
+ password: ${POSTGRESQL_PASSWORD}
+ client_config:
+ sentry_dsn: ${SWH_SENTRY_DSN}
+ throttling:
+ cache_uri: memcached:11211
+ scopes:
+ swh_api:
+ exempted_networks:
+ - 10.42.0.0/16
+ - 10.43.0.0/16
+ - 127.0.0.0/8
+ - 128.93.166.14
+ - 131.107.174.0/24
+ - 192.168.100.0/24
+ - 192.168.200.0/22
+ - 213.135.60.145
+ - 213.135.60.146
+ - 37.187.137.47
+ - 37.187.96.121
+ limiter_rate:
+ default: 120/h
+ swh_save_origin:
+ exempted_networks:
+ - 10.42.0.0/16
+ - 10.43.0.0/16
+ - 127.0.0.0/8
+ - 128.93.166.14
+ - 131.107.174.0/24
+ - 192.168.100.0/24
+ - 192.168.200.0/22
+ - 213.135.60.145
+ - 213.135.60.146
+ - 37.187.96.121
+ limiter_rate:
+ POST: 10/h
+ default: 120/h
+ swh_vault_cooking:
+ exempted_networks:
+ - 10.42.0.0/16
+ - 10.43.0.0/16
+ - 127.0.0.0/8
+ - 128.93.166.14
+ - 131.107.174.0/24
+ - 192.168.100.0/24
+ - 192.168.200.0/22
+ - 213.135.60.145
+ - 213.135.60.146
+ - 37.187.96.121
+ limiter_rate:
+ GET: 60/m
+ default: 120/h
+ swh_api_origin_search:
+ limiter_rate:
+ default: 10/m
+ swh_api_origin_visit_latest:
+ limiter_rate:
+ default: 700/m
+ swh_raw_object:
+ limiter_rate:
+ default: 120/h
+ content_display_max_size: 5242880
+ es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
+ give:
+ public_key: ${GIVE_PUBLIC_KEY}
+ token: ${GIVE_PRIVATE_TOKEN}
+ history_counters_url: http://counters1.internal.softwareheritage.org:5011/counters_history/history.json#
+ keycloak:
+ realm_name: SoftwareHeritage
+ server_url: https://auth.softwareheritage.org/auth/
+ matomo:
+ site_id: 59
+ url: https://piwik.inria.fr/
+ search_config:
+ metadata_backend: swh-search
+ swh_extra_django_apps:
+ - swh.web.add_forge_now
+ - swh.web.archive_coverage
+ - swh.web.badges
+ - swh.web.banners
+ - swh.web.deposit
+ - swh.web.inbound_email
+ - swh.web.jslicenses
+ - swh.web.mailmap
+ - swh.web.metrics
+ - swh.web.save_code_now
+ - swh.web.save_origin_webhooks
+ - swh.web.vault
+---
# Source: swh/charts/keda/templates/crds/crd-clustertriggerauthentications.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/name: keda-operator
helm.sh/chart: keda-2.11.0
app.kubernetes.io/component: operator
@@ -15730,20 +15875,39 @@
namespace: swh
spec:
type: ClusterIP
selector:
app: storage-postgresql-azure-readonly
ports:
- port: 5002
targetPort: 5002
name: rpc
---
+# Source: swh/templates/web/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: web
+ namespace: swh
+spec:
+ type: ClusterIP
+ selector:
+ app: web
+ ports:
+ - port: 5004
+ targetPort: 5004
+ name: rpc
+
+ - port: 80
+ targetPort: 80
+ name: webstatic
+---
# Source: swh/charts/keda/templates/manager/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: keda-operator
namespace: default
annotations:
{}
labels:
app: keda-operator
@@ -28291,20 +28455,250 @@
defaultMode: 0777
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: toolbox-script-utils
configMap:
name: toolbox-script-utils
defaultMode: 0555
---
+# Source: swh/templates/web/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: swh
+ name: web
+ labels:
+ app: web
+spec:
+ revisionHistoryLimit: 2
+ selector:
+ matchLabels:
+ app: web
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: web
+ annotations:
+ checksum/config: bcedf341d64935582a0f4bf8ff172d9411c3a94c1e32219307bb00b954956f57
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/web
+ operator: In
+ values:
+ - "true"
+ priorityClassName: swh-frontend-rpc
+
+ initContainers:
+ - name: prepare-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-web-secrets
+ key: postgres-swh-web-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: GIVE_PRIVATE_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: private-token
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: GIVE_PUBLIC_KEY
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: public-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ - name: do-migration
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231205.3
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ command:
+ - django-admin
+ args:
+ - migrate
+ - --settings=swh.web.settings.production
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+
+ - name: prepare-static
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231205.3
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
+ volumeMounts:
+ - name: static
+ mountPath: /usr/share/swh/web/static
+ containers:
+ - name: web
+ resources:
+ requests:
+ memory: 500Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231205.3
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 5004
+ name: webapp
+ readinessProbe:
+ httpGet:
+ path: /
+ port: webapp
+ httpHeaders:
+ - name: Host
+ value: archive.softwareheritage.org
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ timeoutSeconds: 30
+ livenessProbe:
+ httpGet:
+ path: /
+ port: webapp
+ httpHeaders:
+ - name: Host
+ value: archive.softwareheritage.org
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ timeoutSeconds: 30
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - /opt/swh/entrypoint.sh
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: LOG_LEVEL
+ value: "INFO"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: production
+ - name: SWH_MAIN_PACKAGE
+ value: swh.web
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: true
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ readOnly: true
+ - name: nginx
+ resources:
+ requests:
+ memory: 90Mi
+ cpu: 10m
+ image: nginx:bullseye
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ name: webstatic
+ readinessProbe:
+ httpGet:
+ path: static/robots.txt
+ port: webstatic
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ livenessProbe:
+ httpGet:
+ path: static/robots.txt
+ port: webstatic
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ volumeMounts:
+ - name: static
+ mountPath: /usr/share/nginx/html
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: web-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ - name: static
+ emptyDir: {}
+---
# Source: swh/templates/indexer-storage/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
namespace: swh
name: indexer-storage-read-only
labels:
app: indexer-storage-read-only
spec:
scaleTargetRef:
@@ -28360,20 +28754,43 @@
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 150
---
+# Source: swh/templates/web/autoscaling.yaml
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ namespace: swh
+ name: web
+ labels:
+ app: web
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: web
+ minReplicas: 2
+ maxReplicas: 4
+ metrics:
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: 100
+---
# Source: swh/templates/scheduler/update-metrics-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: scheduler-update-metrics-cronjob
spec:
# By default, every 4h at midnight
schedule: "27 3-23/4 * * *"
concurrencyPolicy: Forbid
jobTemplate:
@@ -28465,20 +28882,310 @@
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
name: scheduler-update-metrics-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
restartPolicy: OnFailure
---
+# Source: swh/templates/web/refresh-savecodenow-statuses-cronjob.yaml
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: refresh-savecodenow-statuses-cronjob
+spec:
+ schedule: "*/2 * * * *"
+ concurrencyPolicy: Forbid
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/web
+ operator: In
+ values:
+ - "true"
+ priorityClassName: swh-frontend-rpc-workload
+
+ initContainers:
+ - name: prepare-web-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-web-secrets
+ key: postgres-swh-web-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: GIVE_PRIVATE_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: private-token
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: GIVE_PUBLIC_KEY
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: public-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: true
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: web-configuration-template
+ mountPath: /etc/swh/configuration-template
+ containers:
+ - name: refresh-savecodenow-statuses
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231205.3
+ command:
+ - /opt/swh/entrypoint.sh
+ args:
+ - refresh
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: LOG_LEVEL
+ value: INFO
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: production
+ - name: SWH_MAIN_PACKAGE
+ value: swh.web
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # if the setting doesn't exist, sentry issue pushes will be disabled
+ optional: false
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+ imagePullPolicy: IfNotPresent
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: web-configuration-template
+ configMap:
+ name: web-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ restartPolicy: OnFailure
+---
+# Source: swh/templates/web/sync-mailmaps-cronjob.yaml
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: sync-mailmaps-cronjob
+spec:
+ schedule: "15 * * * *"
+ concurrencyPolicy: Forbid
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/web
+ operator: In
+ values:
+ - "true"
+ priorityClassName: swh-frontend-rpc-workload
+
+ initContainers:
+ - name: prepare-pgservice-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval "cp /etc/swh/config/pg_service.conf /etc/swh/.pg_service.conf"
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: pgservice-configuration-template
+ mountPath: /etc/swh/config
+
+ - name: prepare-web-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-web-secrets
+ key: postgres-swh-web-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-webapp-django-secret
+ key: webapp-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: GIVE_PRIVATE_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: private-token
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: GIVE_PUBLIC_KEY
+ valueFrom:
+ secretKeyRef:
+ name: web-give-secrets
+ key: public-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # 'name' secret should exist & include key
+ # if the setting doesn't exist, sentry pushes will be disabled
+ optional: true
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: web-configuration-template
+ mountPath: /etc/swh/configuration-template
+ containers:
+ - name: sync-mailmaps
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231205.3
+ command:
+ - /opt/swh/entrypoint.sh
+ args:
+ - sync-mailmaps
+ - service=syncmailmaps
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: LOG_LEVEL
+ value: INFO
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: production
+ - name: SWH_MAIN_PACKAGE
+ value: swh.web
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-sentry-dsn
+ # if the setting doesn't exist, sentry issue pushes will be disabled
+ optional: false
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+ - name: PGSERVICEFILE
+ value: /etc/swh/.pg_service.conf
+
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-syncmailmap-secret
+ key: postgres-syncmailmap-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ imagePullPolicy: IfNotPresent
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: web-configuration-template
+ configMap:
+ name: web-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ - name: pgservice-configuration-template
+ configMap:
+ name: pgservice-configuration-template
+ items:
+ - key: "pg-service-conf"
+ path: "pg_service.conf"
+
+ restartPolicy: OnFailure
+---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22
nginx.ingress.kubernetes.io/rewrite-target: /
@@ -28620,20 +29327,256 @@
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: storage-postgresql-azure-readonly
port:
number: 5002
---
+# Source: swh/templates/web/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: web-ingress-authenticated
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+ # type of authentication
+ nginx.ingress.kubernetes.io/auth-type: basic
+ # an htpasswd file in the key auth within the secret
+ nginx.ingress.kubernetes.io/auth-secret-type: auth-file
+ # name of the secret that contains the user/password definitions
+ nginx.ingress.kubernetes.io/auth-secret: swh/web-auth-secrets
+ # message to display with an appropriate context why the authentication is required
+ nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+
+spec:
+ rules:
+ - host: archive.softwareheritage.org
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - host: webapp1.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - host: base.softwareheritage.org
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - host: archive.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /api/1/provenance/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/entity/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /api/1/content/[^/]+/symbol/
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ tls:
+ - hosts:
+ - archive.softwareheritage.org
+ - webapp1.internal.softwareheritage.org
+ - base.softwareheritage.org
+ - archive.internal.softwareheritage.org
+ secretName: swh-web-crt
+---
+# Source: swh/templates/web/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: web-ingress-default
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
+spec:
+ rules:
+ - host: archive.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 80
+
+ - host: webapp1.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 80
+
+ - host: base.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 80
+
+ - host: archive.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 5004
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: web
+ port:
+ number: 80
+
+ tls:
+ - hosts:
+ - archive.softwareheritage.org
+ - webapp1.internal.softwareheritage.org
+ - base.softwareheritage.org
+ - archive.internal.softwareheritage.org
+ secretName: swh-web-crt
+---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
labels:
app.kubernetes.io/name: v1beta1.external.metrics.k8s.io
helm.sh/chart: keda-2.11.0
app.kubernetes.io/component: operator
app.kubernetes.io/managed-by: Helm
------------- diff for environment production namespace swh-cassandra -------------
No differencesEdited by Antoine R. Dumont