web: Make template multi-instance
This makes it possible to deploy multiple webapp instances within the same namespace (using distinct backends).
It's the same configuration as before but it's declared per web instance.
This will redeploy punctually all webapps instances (rolling upgrade) as the configuration is slightly impacted due to the name changes.
make swh-helm-diff
[swh] Comparing changes between branches production and make-web-template-multi-instance (per environment)...
Your branch is ahead of 'origin/production' by 4 commits.
(use "git push" to publish your local commits)
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in make-web-template-multi-instance branch for environment staging...
[swh] Generate config in make-web-template-multi-instance branch for environment staging...
[swh] Generate config in make-web-template-multi-instance branch for environment staging...
Your branch is ahead of 'origin/production' by 4 commits.
(use "git push" to publish your local commits)
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in make-web-template-multi-instance branch for environment production...
[swh] Generate config in make-web-template-multi-instance branch for environment production...
[swh] Generate config in make-web-template-multi-instance branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.kjG4RXDV/staging-swh.before 2023-12-19 16:49:50.485430285 +0100
+++ /tmp/swh-chart.swh.kjG4RXDV/staging-swh.after 2023-12-19 16:49:51.213430324 +0100
@@ -4576,21 +4576,21 @@
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
# Source: swh/templates/web/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
- name: web-configuration-template
+ name: web-postgresql-configuration-template
data:
config.yml.template: |
instance_name: webapp-postgresql.internal.staging.swh.network
allowed_hosts:
- webapp-postgresql.internal.staging.swh.network
storage:
cls: remote
url: http://storage-postgresql-read-only-rpc-ingress
search:
cls: remote
@@ -14465,26 +14465,26 @@
app: storage-postgresql-read-write
ports:
- port: 5002
targetPort: 5002
name: rpc
---
# Source: swh/templates/web/service.yaml
apiVersion: v1
kind: Service
metadata:
- name: web
+ name: web-postgresql
namespace: swh
spec:
type: ClusterIP
selector:
- app: web
+ app: web-postgresql
ports:
- port: 5004
targetPort: 5004
name: rpc
- port: 80
targetPort: 80
name: webstatic
---
# Source: swh/charts/keda/templates/manager/deployment.yaml
@@ -24232,39 +24232,39 @@
- name: toolbox-script-utils
configMap:
name: toolbox-script-utils
defaultMode: 0555
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh
- name: web
+ name: web-postgresql
labels:
- app: web
+ app: web-postgresql
spec:
revisionHistoryLimit: 2
replicas: 1
selector:
matchLabels:
- app: web
+ app: web-postgresql
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
- app: web
+ app: web-postgresql
annotations:
- checksum/config: a59de8d2746e93c1b89ec4c6e62d78db404fcb11b9d1ddf9fd6f60d7b4e72074
+ checksum/config: 175d51236f66e48fd72bc36970742b60ba02ef4ab908f0f067bcabfa126cc166
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -24371,21 +24371,21 @@
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
volumeMounts:
- name: static
mountPath: /usr/share/swh/web/static
containers:
- - name: web
+ - name: web-postgresql
resources:
requests:
memory: 250Mi
cpu: 50m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5004
name: webapp
readinessProbe:
@@ -24474,21 +24474,21 @@
initialDelaySeconds: 3
periodSeconds: 10
volumeMounts:
- name: static
mountPath: /usr/share/nginx/html
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
- name: web-configuration-template
+ name: web-postgresql-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: static
emptyDir: {}
---
# Source: swh/templates/indexer-storage/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
@@ -24968,21 +24968,21 @@
service:
name: storage-postgresql-read-write
port:
number: 5002
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
- name: web-ingress-authenticated
+ name: web-postgresql-ingress-authenticated
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
@@ -24992,106 +24992,106 @@
spec:
rules:
- host: webapp-postgresql.internal.staging.swh.network
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-postgresql
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-postgresql
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-postgresql
port:
number: 5004
tls:
- hosts:
- webapp-postgresql.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
- name: web-ingress-default
+ name: web-postgresql-ingress-default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: webapp-postgresql.internal.staging.swh.network
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-postgresql
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-postgresql
port:
number: 80
tls:
- hosts:
- webapp-postgresql.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
- name: web-ingress-webhooks
+ name: web-postgresql-ingress-webhooks
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.130.1,192.168.130.2
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: webapp-postgresql.internal.staging.swh.network
http:
paths:
- path: /save/origin/visit/webhook
pathType: Prefix
backend:
service:
- name: web
+ name: web-postgresql
port:
number: 5004
tls:
- hosts:
- webapp-postgresql.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.kjG4RXDV/staging-swh-cassandra.before 2023-12-19 16:49:50.729430298 +0100
+++ /tmp/swh-chart.swh.kjG4RXDV/staging-swh-cassandra.after 2023-12-19 16:49:51.445430337 +0100
@@ -4501,36 +4501,36 @@
connection_string: DefaultEndpointsProtocol=https;AccountName=swhvaultstoragestaging;AccountKey=${ACCOUNT_KEY};EndpointSuffix=core.windows.net
container_name: contents-uncompressed
smtp:
host: smtp.inria.fr
port: 25
---
# Source: swh/templates/web/configmap-pgservice.yaml
apiVersion: v1
kind: ConfigMap
metadata:
+ name: pgservice-cassandra-configuration-template
namespace: swh-cassandra
- name: pgservice-configuration-template
data:
pg-service-conf: |
[syncmailmaps]
dbname=swh
host=db1.internal.staging.swh.network
port=5432
user=swhmailmap
---
# Source: swh/templates/web/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh-cassandra
- name: web-configuration-template
+ name: web-cassandra-configuration-template
data:
config.yml.template: |
instance_name: webapp.staging.swh.network
allowed_hosts:
- webapp.staging.swh.network
- webapp-cassandra.internal.staging.swh.network
storage:
cls: remote
url: http://storage-cassandra:5002
search:
@@ -14448,26 +14448,26 @@
app: vault-rpc
ports:
- port: 5005
targetPort: 5005
name: rpc
---
# Source: swh/templates/web/service.yaml
apiVersion: v1
kind: Service
metadata:
- name: web
+ name: web-cassandra
namespace: swh-cassandra
spec:
type: ClusterIP
selector:
- app: web
+ app: web-cassandra
ports:
- port: 5004
targetPort: 5004
name: rpc
- port: 80
targetPort: 80
name: webstatic
---
# Source: swh/charts/keda/templates/manager/deployment.yaml
@@ -22903,38 +22903,38 @@
name: vault-rpc-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh-cassandra
- name: web
+ name: web-cassandra
labels:
- app: web
+ app: web-cassandra
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
- app: web
+ app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
- app: web
+ app: web-cassandra
annotations:
- checksum/config: ac673a4a5fdd310be2aa60f8d95f8c80c68a04225dfa0a1d93f479ae3939ea56
+ checksum/config: 7a3556ea61b9d8354c27414c7bf61109f19f0de6b8bf9e240b06ff7c0707570f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -23049,21 +23049,21 @@
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
volumeMounts:
- name: static
mountPath: /usr/share/swh/web/static
containers:
- - name: web
+ - name: web-cassandra
resources:
requests:
memory: 300Mi
cpu: 100m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5004
name: webapp
readinessProbe:
@@ -23152,21 +23152,21 @@
initialDelaySeconds: 3
periodSeconds: 10
volumeMounts:
- name: static
mountPath: /usr/share/nginx/html
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
- name: web-configuration-template
+ name: web-cassandra-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: static
emptyDir: {}
---
# Source: swh/templates/webhooks/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -23386,28 +23386,28 @@
name: cpu
target:
type: Utilization
averageUtilization: 75
---
# Source: swh/templates/web/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
namespace: swh-cassandra
- name: web
+ name: web-cassandra
labels:
- app: web
+ app: web-cassandra
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: web
+ name: web-cassandra
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 1000
---
@@ -23475,21 +23475,22 @@
defaultMode: 0555
items:
- key: "refresh-counters-cache.sh"
path: "refresh-counters-cache.sh"
restartPolicy: OnFailure
---
# Source: swh/templates/web/sync-mailmaps-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
- name: sync-mailmaps-cronjob
+ name: web-cassandra-sync-mailmaps-cronjob
+ namespace: swh-cassandra
spec:
schedule: "15 * * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -23582,21 +23583,21 @@
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: true
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: web-configuration-template
mountPath: /etc/swh/configuration-template
containers:
- - name: sync-mailmaps
+ - name: web-cassandra-sync-mailmaps
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
command:
- /opt/swh/entrypoint.sh
args:
- sync-mailmaps
- service=syncmailmaps
@@ -23642,21 +23643,21 @@
- name: configuration
emptyDir: {}
- name: web-configuration-template
configMap:
name: web-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: pgservice-configuration-template
configMap:
- name: pgservice-configuration-template
+ name: pgservice-cassandra-configuration-template
items:
- key: "pg-service-conf"
path: "pg_service.conf"
restartPolicy: OnFailure
---
# Source: swh/templates/counters/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -23944,21 +23945,21 @@
service:
name: vault-rpc
port:
number: 5005
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
- name: web-ingress-authenticated
+ name: web-cassandra-ingress-authenticated
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
@@ -23968,165 +23969,165 @@
spec:
rules:
- host: webapp.staging.swh.network
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- host: webapp-cassandra.internal.staging.swh.network
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
tls:
- hosts:
- webapp.staging.swh.network
- webapp-cassandra.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
- name: web-ingress-default
+ name: web-cassandra-ingress-default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp.staging.swh.network
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 80
- host: webapp-cassandra.internal.staging.swh.network
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 80
tls:
- hosts:
- webapp.staging.swh.network
- webapp-cassandra.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
- name: web-ingress-webhooks
+ name: web-cassandra-ingress-webhooks
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.130.1,192.168.130.2
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp.staging.swh.network
http:
paths:
- path: /save/origin/visit/webhook
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- host: webapp-cassandra.internal.staging.swh.network
http:
paths:
- path: /save/origin/visit/webhook
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
tls:
- hosts:
- webapp.staging.swh.network
- webapp-cassandra.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.kjG4RXDV/staging-swh-cassandra-next-version.before 2023-12-19 16:49:50.961430311 +0100
+++ /tmp/swh-chart.swh.kjG4RXDV/staging-swh-cassandra-next-version.after 2023-12-19 16:49:51.657430348 +0100
@@ -4029,21 +4029,21 @@
container_name: contents-uncompressed
smtp:
host: smtp.inria.fr
port: 25
---
# Source: swh/templates/web/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh-cassandra-next-version
- name: web-configuration-template
+ name: web-cassandra-configuration-template
data:
config.yml.template: |
instance_name: webapp-cassandra-next-version.internal.staging.swh.network
allowed_hosts:
- webapp-cassandra-next-version.internal.staging.swh.network
storage:
cls: remote
url: http://storage-cassandra:5002
search:
cls: remote
@@ -13889,26 +13889,26 @@
app: vault-rpc
ports:
- port: 5005
targetPort: 5005
name: rpc
---
# Source: swh/templates/web/service.yaml
apiVersion: v1
kind: Service
metadata:
- name: web
+ name: web-cassandra
namespace: swh-cassandra-next-version
spec:
type: ClusterIP
selector:
- app: web
+ app: web-cassandra
ports:
- port: 5004
targetPort: 5004
name: rpc
- port: 80
targetPort: 80
name: webstatic
---
# Source: swh/charts/keda/templates/manager/deployment.yaml
@@ -21078,39 +21078,39 @@
name: vault-rpc-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh-cassandra-next-version
- name: web
+ name: web-cassandra
labels:
- app: web
+ app: web-cassandra
spec:
revisionHistoryLimit: 2
replicas: 1
selector:
matchLabels:
- app: web
+ app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
- app: web
+ app: web-cassandra
annotations:
- checksum/config: 1abcbbdf0d471db284dff6bef6b8999ab9a1f5ac88158401be759b6d0c2df0f0
+ checksum/config: e290ed2d3783ffd2d0d2074fde583aee97c4bf4500be3222c697c333220adef6
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -21225,21 +21225,21 @@
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
volumeMounts:
- name: static
mountPath: /usr/share/swh/web/static
containers:
- - name: web
+ - name: web-cassandra
resources:
requests:
memory: 300Mi
cpu: 100m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5004
name: webapp
readinessProbe:
@@ -21328,21 +21328,21 @@
initialDelaySeconds: 3
periodSeconds: 10
volumeMounts:
- name: static
mountPath: /usr/share/nginx/html
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
- name: web-configuration-template
+ name: web-cassandra-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: static
emptyDir: {}
---
# Source: swh/templates/storage/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
@@ -21386,28 +21386,28 @@
name: cpu
target:
type: Utilization
averageUtilization: 75
---
# Source: swh/templates/web/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
namespace: swh-cassandra-next-version
- name: web
+ name: web-cassandra
labels:
- app: web
+ app: web-cassandra
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: web
+ name: web-cassandra
minReplicas: 1
maxReplicas: 1
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 1000
---
@@ -21576,21 +21576,21 @@
service:
name: vault-rpc
port:
number: 5005
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
- name: web-ingress-authenticated
+ name: web-cassandra-ingress-authenticated
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
@@ -21601,107 +21601,107 @@
spec:
rules:
- host: webapp-cassandra-next-version.internal.staging.swh.network
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
tls:
- hosts:
- webapp-cassandra-next-version.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
- name: web-ingress-default
+ name: web-cassandra-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp-cassandra-next-version.internal.staging.swh.network
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 80
tls:
- hosts:
- webapp-cassandra-next-version.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
- name: web-ingress-webhooks
+ name: web-cassandra-ingress-webhooks
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.130.0/24,192.168.130.1,192.168.130.2,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp-cassandra-next-version.internal.staging.swh.network
http:
paths:
- path: /save/origin/visit/webhook
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
tls:
- hosts:
- webapp-cassandra-next-version.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.kjG4RXDV/production-swh.before 2023-12-19 16:49:51.945430363 +0100
+++ /tmp/swh-chart.swh.kjG4RXDV/production-swh.after 2023-12-19 16:49:52.413430388 +0100
@@ -6021,36 +6021,36 @@
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
# Source: swh/templates/web/configmap-pgservice.yaml
apiVersion: v1
kind: ConfigMap
metadata:
+ name: pgservice-app1-configuration-template
namespace: swh
- name: pgservice-configuration-template
data:
pg-service-conf: |
[syncmailmaps]
dbname=softwareheritage
host=db.internal.softwareheritage.org
port=5432
user=swhmailmap
---
# Source: swh/templates/web/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
- name: web-configuration-template
+ name: web-app1-configuration-template
data:
config.yml.template: |
instance_name: webapp1.internal.softwareheritage.org
allowed_hosts:
- webapp1.internal.softwareheritage.org
- archive.softwareheritage.org
- base.softwareheritage.org
- archive.internal.softwareheritage.org
production_server_names:
- webapp1.internal.softwareheritage.org
@@ -15925,26 +15925,26 @@
app: storage-postgresql-azure-readonly
ports:
- port: 5002
targetPort: 5002
name: rpc
---
# Source: swh/templates/web/service.yaml
apiVersion: v1
kind: Service
metadata:
- name: web
+ name: web-app1
namespace: swh
spec:
type: ClusterIP
selector:
- app: web
+ app: web-app1
ports:
- port: 5004
targetPort: 5004
name: rpc
- port: 80
targetPort: 80
name: webstatic
---
# Source: swh/charts/keda/templates/manager/deployment.yaml
@@ -28118,39 +28118,39 @@
- name: toolbox-script-utils
configMap:
name: toolbox-script-utils
defaultMode: 0555
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh
- name: web
+ name: web-app1
labels:
- app: web
+ app: web-app1
spec:
revisionHistoryLimit: 2
replicas: 2
selector:
matchLabels:
- app: web
+ app: web-app1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
- app: web
+ app: web-app1
annotations:
- checksum/config: d4cf1f97c6c8a8c0d6c9089922dde9bbc2b41ca4deb3c8b78f3dfd9fdb06dc8a
+ checksum/config: 536bfaa6388bc4065404f754d9d4be653e9e4ea8972dc5485438352f950f481f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -28250,21 +28250,21 @@
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
volumeMounts:
- name: static
mountPath: /usr/share/swh/web/static
containers:
- - name: web
+ - name: web-app1
resources:
requests:
memory: 1024Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5004
name: webapp
readinessProbe:
@@ -28325,21 +28325,21 @@
# 'name' secret must exist & include that ^ key
optional: false
volumeMounts:
- name: configuration
mountPath: /etc/swh
readOnly: true
- name: nginx
resources:
requests:
- memory: 90Mi
+ memory: 50Mi
cpu: 10m
image: nginx:bullseye
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: webstatic
readinessProbe:
httpGet:
path: static/robots.txt
port: webstatic
@@ -28353,21 +28353,21 @@
initialDelaySeconds: 3
periodSeconds: 10
volumeMounts:
- name: static
mountPath: /usr/share/nginx/html
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
- name: web-configuration-template
+ name: web-app1-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: static
emptyDir: {}
---
# Source: swh/templates/indexer-storage/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
@@ -28538,21 +28538,22 @@
name: scheduler-update-metrics-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
restartPolicy: OnFailure
---
# Source: swh/templates/web/refresh-savecodenow-statuses-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
- name: refresh-savecodenow-statuses-cronjob
+ name: web-app1-refresh-savecodenow-statuses-cronjob
+ namespace: swh
spec:
schedule: "*/2 * * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -28631,21 +28632,21 @@
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: true
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: web-configuration-template
mountPath: /etc/swh/configuration-template
containers:
- - name: refresh-savecodenow-statuses
+ - name: web-app1-refresh-savecodenow-statuses
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
command:
- /opt/swh/entrypoint.sh
args:
- refresh
env:
@@ -28682,21 +28683,22 @@
name: web-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
restartPolicy: OnFailure
---
# Source: swh/templates/web/sync-mailmaps-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
- name: sync-mailmaps-cronjob
+ name: web-app1-sync-mailmaps-cronjob
+ namespace: swh
spec:
schedule: "15 * * * *"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -28789,21 +28791,21 @@
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: true
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: web-configuration-template
mountPath: /etc/swh/configuration-template
containers:
- - name: sync-mailmaps
+ - name: web-app1-sync-mailmaps
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
command:
- /opt/swh/entrypoint.sh
args:
- sync-mailmaps
- service=syncmailmaps
@@ -28849,21 +28851,21 @@
- name: configuration
emptyDir: {}
- name: web-configuration-template
configMap:
name: web-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: pgservice-configuration-template
configMap:
- name: pgservice-configuration-template
+ name: pgservice-app1-configuration-template
items:
- key: "pg-service-conf"
path: "pg_service.conf"
restartPolicy: OnFailure
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -29075,21 +29077,21 @@
service:
name: storage-postgresql-azure-readonly
port:
number: 5002
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
- name: web-ingress-authenticated
+ name: web-app1-ingress-authenticated
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
@@ -29099,216 +29101,216 @@
spec:
rules:
- host: webapp1.internal.softwareheritage.org
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- host: archive.softwareheritage.org
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- host: base.softwareheritage.org
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- host: archive.internal.softwareheritage.org
http:
paths:
- path: /api/1/provenance/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/entity/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /api/1/content/[^/]+/symbol/
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
tls:
- hosts:
- webapp1.internal.softwareheritage.org
- archive.softwareheritage.org
- base.softwareheritage.org
- archive.internal.softwareheritage.org
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
- name: web-ingress-default
+ name: web-app1-ingress-default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp1.internal.softwareheritage.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 80
- host: archive.softwareheritage.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 80
- host: base.softwareheritage.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 80
- host: archive.internal.softwareheritage.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-app1
port:
number: 80
tls:
- hosts:
- webapp1.internal.softwareheritage.org
- archive.softwareheritage.org
- base.softwareheritage.org
- archive.internal.softwareheritage.org
secretName: swh-web-crt
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.kjG4RXDV/production-swh-cassandra.before 2023-12-19 16:49:52.109430372 +0100
+++ /tmp/swh-chart.swh.kjG4RXDV/production-swh-cassandra.after 2023-12-19 16:49:52.585430397 +0100
@@ -1408,21 +1408,21 @@
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
# Source: swh/templates/web/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh-cassandra
- name: web-configuration-template
+ name: web-cassandra-configuration-template
data:
config.yml.template: |
instance_name: webapp-cassandra.internal.softwareheritage.org
allowed_hosts:
- webapp-cassandra.internal.softwareheritage.org
production_server_names:
- webapp-cassandra.internal.softwareheritage.org
storage:
cls: remote
url: http://storage-cassandra:5002
@@ -11213,26 +11213,26 @@
app: storage-cassandra
ports:
- port: 5002
targetPort: 5002
name: rpc
---
# Source: swh/templates/web/service.yaml
apiVersion: v1
kind: Service
metadata:
- name: web
+ name: web-cassandra
namespace: swh-cassandra
spec:
type: ClusterIP
selector:
- app: web
+ app: web-cassandra
ports:
- port: 5004
targetPort: 5004
name: rpc
- port: 80
targetPort: 80
name: webstatic
---
# Source: swh/charts/keda/templates/manager/deployment.yaml
@@ -14224,38 +14224,38 @@
- name: toolbox-script-utils
configMap:
name: toolbox-script-utils
defaultMode: 0555
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh-cassandra
- name: web
+ name: web-cassandra
labels:
- app: web
+ app: web-cassandra
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
- app: web
+ app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
- app: web
+ app: web-cassandra
annotations:
- checksum/config: d2ed09bc34e02ac042227c2b6e99274ce60ddf21fc56f97625fc7c9bc89e6618
+ checksum/config: b9c1509e629cba96c7e50ba5361ebb165ef17eb0728fe31b4091c7048828e02f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -14355,21 +14355,21 @@
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
volumeMounts:
- name: static
mountPath: /usr/share/swh/web/static
containers:
- - name: web
+ - name: web-cassandra
resources:
requests:
memory: 500Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/web:20231219.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5004
name: webapp
readinessProbe:
@@ -14430,21 +14430,21 @@
# 'name' secret must exist & include that ^ key
optional: false
volumeMounts:
- name: configuration
mountPath: /etc/swh
readOnly: true
- name: nginx
resources:
requests:
- memory: 90Mi
+ memory: 50Mi
cpu: 10m
image: nginx:bullseye
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: webstatic
readinessProbe:
httpGet:
path: static/robots.txt
port: webstatic
@@ -14458,40 +14458,40 @@
initialDelaySeconds: 3
periodSeconds: 10
volumeMounts:
- name: static
mountPath: /usr/share/nginx/html
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
- name: web-configuration-template
+ name: web-cassandra-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: static
emptyDir: {}
---
# Source: swh/templates/web/autoscaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
namespace: swh-cassandra
- name: web
+ name: web-cassandra
labels:
- app: web
+ app: web-cassandra
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: web
+ name: web-cassandra
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
---
@@ -14516,46 +14516,46 @@
service:
name: graphql-cassandra
port:
number: 5013
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
- name: web-ingress-default
+ name: web-cassandra-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp-cassandra.internal.softwareheritage.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 5004
- path: /static
pathType: Prefix
backend:
service:
- name: web
+ name: web-cassandra
port:
number: 80
tls:
- hosts:
- webapp-cassandra.internal.softwareheritage.org
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1Edited by Antoine R. Dumont