From 8552f2a29cbb55c1d7eaa297c0c62016b81f7c16 Mon Sep 17 00:00:00 2001 From: Jordan Olshevski Date: Mon, 10 Jun 2024 23:23:14 -0500 Subject: [PATCH] Add profile app cronjobs --- Makefile | 2 +- kustomization.yaml | 1 - manifests/profile-staging.yaml | 128 --------------------------------- manifests/profile.yaml | 103 +++++++++++++++++++++++++- 4 files changed, 103 insertions(+), 131 deletions(-) delete mode 100644 manifests/profile-staging.yaml diff --git a/Makefile b/Makefile index b4ec582..c6e54e5 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ .PHONY: apply prom apply: - kubectl apply --prune --all --kustomize . + kubectl apply --prune --all --validate=false --kustomize . prom: kubectl port-forward svc/prom 8080:80 diff --git a/kustomization.yaml b/kustomization.yaml index 96012ef..c356be7 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -73,7 +73,6 @@ resources: - manifests/homeassistant.yaml - manifests/keycloak.yaml - manifests/nvidia.ext.yaml - - manifests/profile-staging.yaml - manifests/profile.yaml - manifests/prom.yaml - manifests/psql-keycloak.yaml diff --git a/manifests/profile-staging.yaml b/manifests/profile-staging.yaml deleted file mode 100644 index 2efed6b..0000000 --- a/manifests/profile-staging.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: profile-staging - labels: - app: profile-staging - annotations: - oauth-sidecar: "yes" -spec: - replicas: 1 - selector: - matchLabels: - app: profile-staging - template: - metadata: - labels: - app: profile-staging - annotations: - prometheus.io/port: "8081" - prometheus.io/path: /metrics - prometheus.io/scrape: "true" - spec: - containers: - - name: svc - # Image is set in the profile app's deploy github action - volumeMounts: - - name: keycloak-creds - mountPath: /var/lib/keycloak - - name: root-ca - mountPath: /etc/ssl/certs - env: - - name: KEYCLOAK_URL - value: http://keycloak.default.svc.cluster.local - - name: KEYCLOAK_MEMBERS_GROUP_ID - value: 032aafbc-76ad-4b16-9e72-e814a5d341d7 - - name: SELF_URL - value: https://profile-staging.thelab.ms - - name: DOCUSEAL_URL - value: https://docuseal.apps.thelab.ms - - name: DOCUSEAL_TOKEN - valueFrom: - secretKeyRef: - name: docuseal - key: token - - name: STRIPE_KEY - valueFrom: - secretKeyRef: - name: stripe-test-creds - key: secret - - name: STRIPE_WEBHOOK_KEY - valueFrom: - secretKeyRef: - name: stripe-test-creds - key: webhook-key - - name: AGE_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: web-secrets-keys - key: AGE_PRIVATE_KEY - - name: AGE_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: web-secrets-keys - key: AGE_PUBLIC_KEY - readinessProbe: - initialDelaySeconds: 2 - periodSeconds: 5 - httpGet: - path: /health - port: 8080 - - - name: oauth2proxy - env: - - name: OAUTH2_PROXY_UPSTREAMS - value: "http://127.0.0.1:8080" - - name: OAUTH2_PROXY_SKIP_AUTH_ROUTES - value: '.*(signup|assets|webhooks|events|prices|\/f\/).*' - - name: OAUTH2_PROXY_REDIRECT_URL - value: "https://profile-staging.thelab.ms/oauth2/callback" - - volumes: - - name: keycloak-creds - csi: - driver: identity.keycloak.org - volumeAttributes: - clientID: profile-app - - - name: root-ca - hostPath: - path: /etc/ssl/certs/ - type: Directory - ---- -apiVersion: v1 -kind: Service -metadata: - name: profile-staging -spec: - type: ClusterIP - selector: - app: profile-staging - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 8880 - ---- -apiVersion: projectcontour.io/v1 -kind: HTTPProxy -metadata: - name: profile-staging -spec: - virtualhost: - fqdn: profile-staging.thelab.ms - rateLimitPolicy: - local: - requests: 50 - unit: second - burst: 50 - tls: - secretName: wildcard-cert - routes: - - conditions: - - prefix: / - services: - - name: profile-staging - port: 80 diff --git a/manifests/profile.yaml b/manifests/profile.yaml index 34a527b..29ed525 100644 --- a/manifests/profile.yaml +++ b/manifests/profile.yaml @@ -22,7 +22,7 @@ spec: spec: containers: - name: svc - # Image is set in the profile app's deploy github action + image: ghcr.io/thelab-ms/profile:sha-109b545 volumeMounts: - name: keycloak-creds mountPath: /var/lib/keycloak @@ -158,3 +158,104 @@ spec: services: - name: profile port: 80 + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: visit-check-job +spec: + schedule: "0 5 * * *" + jobTemplate: + spec: + backoffLimit: 4 + template: + spec: + nodeName: supermicro1 + restartPolicy: Never + containers: + - name: job + imagePullPolicy: IfNotPresent + image: ghcr.io/thelab-ms/profile/visit-check-job:sha-109b545 + volumeMounts: + - name: keycloak-creds + mountPath: /var/lib/keycloak + env: + - name: SELF_URL + value: https://profile.thelab.ms + - name: KEYCLOAK_URL + value: http://keycloak.default.svc.cluster.local + - name: KEYCLOAK_MEMBERS_GROUP_ID + value: 4eea9c17-f9b1-41eb-8f25-721ae04b66f6 + - name: EVENT_PSQL_USERNAME + value: postgres + - name: EVENT_PSQL_ADDR + value: "psql-reporting.default.svc.cluster.local" + - name: EVENT_PSQL_PASSWORD + valueFrom: + secretKeyRef: + name: reporting-psql + key: password + volumes: + - name: keycloak-creds + csi: + driver: identity.keycloak.org + volumeAttributes: + clientID: profile-app + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: paypal-check-job +spec: + schedule: "0 4 * * *" + jobTemplate: + spec: + backoffLimit: 4 + template: + spec: + nodeName: supermicro1 + restartPolicy: Never + containers: + - name: job + imagePullPolicy: IfNotPresent + image: ghcr.io/thelab-ms/profile/paypal-check-job:sha-109b545 + volumeMounts: + - name: keycloak-creds + mountPath: /var/lib/keycloak + - name: root-ca + mountPath: /etc/ssl/certs + env: + - name: SELF_URL + value: https://profile.thelab.ms + - name: KEYCLOAK_URL + value: http://keycloak.default.svc.cluster.local + - name: KEYCLOAK_MEMBERS_GROUP_ID + value: 4eea9c17-f9b1-41eb-8f25-721ae04b66f6 + - name: EVENT_PSQL_USERNAME + value: postgres + - name: EVENT_PSQL_ADDR + value: "psql-reporting.default.svc.cluster.local" + - name: EVENT_PSQL_PASSWORD + valueFrom: + secretKeyRef: + name: reporting-psql + key: password + - name: PAYPAL_CLIENT_ID + value: "AQVBErG_0lJAN5lhC_fSYUWvMjYpQrGxoCuO0jdAs7yiLVghlT0PpQflGIyL6DUAn5AFC_R9A0dHKkzu" + - name: PAYPAL_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: stripe-creds + key: paypal-secret + volumes: + - name: keycloak-creds + csi: + driver: identity.keycloak.org + volumeAttributes: + clientID: profile-app + - name: root-ca + hostPath: + path: /etc/ssl/certs/ + type: Directory