From 74da37c593c48296d99915982a49bd862a58332d Mon Sep 17 00:00:00 2001 From: sdarwin Date: Thu, 11 May 2023 10:20:55 -0600 Subject: [PATCH] Deploy to new environments --- .github/workflows/actions-gcp.yaml | 188 ++++++++++++++++++++++ .github/workflows/actions.yml | 2 +- config/settings.py | 10 +- kube/boost/templates/celery.yaml | 82 ++++++++++ kube/boost/templates/configmap-nginx.yaml | 5 + kube/boost/templates/deployment.yaml | 4 + kube/boost/templates/ingress.yaml | 58 +++++++ kube/boost/templates/redis.yaml | 55 +++++++ kube/boost/values-cppal-dev-gke.yaml | 160 ++++++++++++++++++ kube/boost/values-production-gke.yaml | 160 ++++++++++++++++++ kube/boost/values-stage-gke.yaml | 160 ++++++++++++++++++ kube/boost/values.yaml | 6 + 12 files changed, 883 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/actions-gcp.yaml create mode 100644 kube/boost/templates/celery.yaml create mode 100644 kube/boost/templates/redis.yaml create mode 100644 kube/boost/values-cppal-dev-gke.yaml create mode 100644 kube/boost/values-production-gke.yaml create mode 100644 kube/boost/values-stage-gke.yaml diff --git a/.github/workflows/actions-gcp.yaml b/.github/workflows/actions-gcp.yaml new file mode 100644 index 00000000..a83cf7db --- /dev/null +++ b/.github/workflows/actions-gcp.yaml @@ -0,0 +1,188 @@ +name: CI-GCP + +on: + pull_request: + push: + branches: + - master + - develop + - cppal-dev + +env: + DOCKER_BUILDKIT: "1" + DOCKER_IMAGE: "us-central1-docker.pkg.dev/boostorg-project1/website/website" + DOCKER_REGISTRY: "us-central1-docker.pkg.dev" + PROJECT_ID: boostorg-project1 + GKE_CLUSTER: boostorg-cluster1 + GKE_REGION: us-central1 + GKE_ZONE: us-central1-c + DEPLOYMENT_NAME: boost + # more environment variables are set in the build step + +jobs: + test: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres:12 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: postgres + ports: ["5432:5432"] + # options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 + + redis: + image: redis + ports: + - 6379:6379 + + steps: + - name: Git - Get Sources + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Python 3.11 + uses: actions/setup-python@v4 + with: + python-version: 3.11 + + - uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('**/base.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + ${{ runner.os }}- + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + python -m pip install -r requirements.txt + sudo apt-get install -y ruby ruby-dev build-essential + sudo gem install asciidoctor + if: steps.cache.outputs.cache-hit != 'true' + + - name: Test with pytest + env: + DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres" + SECRET_KEY: "for-testing-only" + REDIS_HOST: "localhost" + run: | + python -m pytest + + - name: Lints with pre-commit + run: | + pre-commit run -a + + build: + needs: [test] + name: Build and Publish Docker image + runs-on: ubuntu-latest + if: ( github.repository == 'cppalliance/temp-site' && github.event_name == 'push' && ( github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' )) || ( github.repository == 'sdarwin/temp-site' && github.event_name == 'push' && github.ref == 'refs/heads/cppal-dev' ) + + steps: + - name: Set environment for branches + run: | + if [[ $GITHUB_REF == 'refs/heads/master' ]]; then + echo "K8S_NAMESPACE=production" >> "$GITHUB_ENV" + echo "HELM_RELEASE_NAME=boost-production" >> "$GITHUB_ENV" + elif [[ $GITHUB_REF == 'refs/heads/develop' ]]; then + echo "K8S_NAMESPACE=stage" >> "$GITHUB_ENV" + echo "HELM_RELEASE_NAME=boost-stage" >> "$GITHUB_ENV" + elif [[ $GITHUB_REF == 'refs/heads/cppal-dev' ]]; then + # cppal-dev is a test branch in another fork. Doesn't need to be created in the main repo. + echo "K8S_NAMESPACE=cppal-dev" >> "$GITHUB_ENV" + echo "HELM_RELEASE_NAME=boost-cppal-dev" >> "$GITHUB_ENV" + fi + + - name: Git - Get Sources + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Fetch Git Tags + run: | + git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true + + - name: Set up Python 3.11 + uses: actions/setup-python@v4 + with: + python-version: 3.11 + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + python -m pip install vinnie + + # + # To avoid conflicting with the develop branch version tags, + # use SHORT_SHA instead. + # + # - name: Bump and Tag our version + # run: | + # git config --local user.email "action@github.com" + # git config --local user.name "GitHub Action" + # vinnie patch + # export VINNIE_VERSION=`vinnie version` + # git push --tags + + - name: Set short git commit SHA + run: | + echo "SHORT_SHA=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_ENV + + - name: Display SHORT_SHA tag + run: echo $SHORT_SHA + env: + SHORT_SHA: ${{ env.SHORT_SHA }} + + - name: Login to Container Registry + uses: docker/login-action@v2 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ secrets.GKE_DOCKER_REGISTRY_USERNAME }} + password: ${{ secrets.GKE_DOCKER_REGISTRY_PASSWORD }} + + - name: Build Docker image + run: | + # TAG=`vinnie version` + TAG=${{ env.SHORT_SHA }} + + docker build --file ./docker/Dockerfile \ + --build-arg TAG=${TAG} \ + --cache-from=${DOCKER_IMAGE}:latest \ + --tag ${DOCKER_IMAGE} . + + - name: Docker - Tag and Push + run: | + # TAG=`vinnie version` + TAG=${{ env.SHORT_SHA }} + docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE}:latest + docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE}:${TAG} + + docker push ${DOCKER_IMAGE}:latest + docker push ${DOCKER_IMAGE}:${TAG} + + - name: Deploy to cluster - google auth + id: 'auth' + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '${{ secrets.GKE_SA_KEY }}' + + - name: Deploy to cluster - get credentials + id: 'get-credentials' + uses: 'google-github-actions/get-gke-credentials@v1' + with: + cluster_name: ${{ env.GKE_CLUSTER }} + location: ${{ env.GKE_REGION }} + + - name: Deploy to cluster - helm + run: |- + set -xe + TAG=${{ env.SHORT_SHA }} + cd kube/boost + helm upgrade --install --create-namespace -n ${{ env.K8S_NAMESPACE }} -f values-${{ env.K8S_NAMESPACE }}-gke.yaml --timeout=3600s --set=Image=${DOCKER_IMAGE} --set=ImageTag="${TAG}" ${{ env.HELM_RELEASE_NAME }} . + kubectl rollout status deployment/$DEPLOYMENT_NAME -n ${{ env.K8S_NAMESPACE }} + kubectl get services -o wide -n ${{ env.K8S_NAMESPACE }} diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 0196c49b..e23a3216 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -71,7 +71,7 @@ jobs: needs: [test] name: Build and Publish Docker image runs-on: ubuntu-latest - if: github.event_name == 'push' && github.ref == 'refs/heads/develop' + if: github.event_name == 'push' && github.ref == 'refs/heads/develop' && github.repository == 'cppalliance/temp-site' steps: - name: Git - Get Sources diff --git a/config/settings.py b/config/settings.py index 20978597..b082c760 100755 --- a/config/settings.py +++ b/config/settings.py @@ -103,12 +103,10 @@ AUTH_USER_MODEL = "users.User" CSRF_COOKIE_HTTPONLY = True # See https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins -CSRF_TRUSTED_ORIGINS = [ - "http://0.0.0.0", - "http://localhost", - "https://boost.revsys.dev", - "https://www.boost.revsys.dev", -] +csrf_trusted_origins = env.list( + "CSRF_TRUSTED_ORIGINS", default="http://0.0.0.0, http://localhost" +) +CSRF_TRUSTED_ORIGINS = [el.strip() for el in csrf_trusted_origins] MIDDLEWARE = [ "tracer.middleware.RequestID", diff --git a/kube/boost/templates/celery.yaml b/kube/boost/templates/celery.yaml new file mode 100644 index 00000000..98f03fb8 --- /dev/null +++ b/kube/boost/templates/celery.yaml @@ -0,0 +1,82 @@ +{{- if .Values.celeryInstall }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery-worker + labels: + app: celery-worker + env: {{.Values.deploymentEnvironment}} +spec: + replicas: 1 + selector: + matchLabels: + app: celery-worker + env: {{.Values.deploymentEnvironment}} + template: + metadata: + labels: + app: celery-worker + env: {{.Values.deploymentEnvironment}} + imageTag: {{.Values.ImageTag}} + spec: + imagePullSecrets: + - name: revsys-docker-registry + containers: + - + name: celery-worker + image: {{.Values.Image}}:{{.Values.ImageTag}} + command: ["celery", "-A", "config", "worker", "--concurrency=5", "--loglevel=debug"] + resources: + limits: + cpu: 250m + ephemeral-storage: 1Gi + memory: 1Gi + requests: + cpu: 250m + ephemeral-storage: 1Gi + memory: 1Gi + env: +{{ toYaml .Values.Env | indent 12 }} + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery-beat + labels: + app: celery-beat + env: {{.Values.deploymentEnvironment}} +spec: + replicas: 1 + selector: + matchLabels: + app: celery-beat + env: {{.Values.deploymentEnvironment}} + template: + metadata: + labels: + app: celery-beat + env: {{.Values.deploymentEnvironment}} + imageTag: {{.Values.ImageTag}} + spec: + imagePullSecrets: + - name: revsys-docker-registry + containers: + - + name: celery-beat + image: {{.Values.Image}}:{{.Values.ImageTag}} + command: ["celery", "-A", "config", "beat", "--loglevel=debug"] + resources: + limits: + cpu: 250m + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 250m + ephemeral-storage: 1Gi + memory: 512Mi + env: +{{ toYaml .Values.Env | indent 12 }} +{{ end }} diff --git a/kube/boost/templates/configmap-nginx.yaml b/kube/boost/templates/configmap-nginx.yaml index a6768028..73bb5315 100644 --- a/kube/boost/templates/configmap-nginx.yaml +++ b/kube/boost/templates/configmap-nginx.yaml @@ -31,6 +31,11 @@ data: proxy_redirect off; + location /lbcheck { + return 200 'OK'; + add_header Content-Type text/plain; + } + location / { proxy_pass http://unix:/run/gunicorn.sock; } diff --git a/kube/boost/templates/deployment.yaml b/kube/boost/templates/deployment.yaml index 7998d160..72091978 100644 --- a/kube/boost/templates/deployment.yaml +++ b/kube/boost/templates/deployment.yaml @@ -43,6 +43,10 @@ spec: - name: nginx image: nginx:{{ .Values.nginxImageTag }} + readinessProbe: + httpGet: + path: /lbcheck + port: 80 volumeMounts: - name: ngx diff --git a/kube/boost/templates/ingress.yaml b/kube/boost/templates/ingress.yaml index fdc90616..2adad993 100644 --- a/kube/boost/templates/ingress.yaml +++ b/kube/boost/templates/ingress.yaml @@ -1,5 +1,7 @@ # vim: ft=sls nolist +{{- if eq .Values.ingressType "nginx" }} + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -40,3 +42,59 @@ spec: name: boost port: number: 80 + +{{- else if eq .Values.ingressType "gce" }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: www-boost-{{.Values.deploymentEnvironment}} + namespace: {{ .Values.namespace }} + labels: + env: {{ .Values.deploymentEnvironment }} + app: boost + annotations: + # cert-manager.io/cluster-issuer: letsencrypt-staging + kubernetes.io/ingress.class: "gce" + networking.gke.io/managed-certificates: {{ .Values.managedCertName }} + networking.gke.io/v1beta1.FrontendConfig: frontend-{{ .Values.deploymentEnvironment }} + nginx.ingress.kubernetes.io/proxy-body-size: + {{ .Values.clientMaxBodySize|quote }} + kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingressStaticIp }} +spec: + # managed cert. see above. + # tls: + # - hosts: + # - www.{{.Values.publicFqdn}} + # - {{ .Values.publicFqdn }} + # secretName: www.{{.Values.publicFqdn}}-tls-staging + rules: + - host: www.{{.Values.publicFqdn}} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: boost + port: + number: 80 + - host: {{ .Values.publicFqdn }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: boost + port: + number: 80 +--- +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: frontend-{{ .Values.deploymentEnvironment }} +spec: + redirectToHttps: + enabled: true +{{ end }} diff --git a/kube/boost/templates/redis.yaml b/kube/boost/templates/redis.yaml new file mode 100644 index 00000000..56255094 --- /dev/null +++ b/kube/boost/templates/redis.yaml @@ -0,0 +1,55 @@ +{{- if .Values.redisInstall }} + +apiVersion: apps/v1 # API version +kind: Deployment +metadata: + name: redis # Unique name for the deployment + labels: + app: redis # Labels to be applied to this deployment +spec: + selector: + matchLabels: # This deployment applies to the Pods matching these labels + app: redis + role: master + tier: backend + replicas: 1 # Run a single pod in the deployment + template: # Template for the pods that will be created by this deployment + metadata: + labels: # Labels to be applied to the Pods in this deployment + app: redis + role: master + tier: backend + spec: # Spec for the container which will be run inside the Pod. + containers: + - name: master + image: redis + resources: + limits: + cpu: 250m + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 250m + ephemeral-storage: 1Gi + memory: 512Mi + ports: + - containerPort: 6379 +--- +apiVersion: v1 +kind: Service # Type of Kubernetes resource +metadata: + name: redis # Name of the Kubernetes resource + labels: # Labels that will be applied to this resource + app: redis + role: master + tier: backend +spec: + ports: + - port: 6379 # Map incoming connections on port 6379 to the target port 6379 of the Pod + targetPort: 6379 + selector: # Map any Pod with the specified labels to this service + app: redis + role: master + tier: backend + +{{ end }} diff --git a/kube/boost/values-cppal-dev-gke.yaml b/kube/boost/values-cppal-dev-gke.yaml new file mode 100644 index 00000000..8250ed28 --- /dev/null +++ b/kube/boost/values-cppal-dev-gke.yaml @@ -0,0 +1,160 @@ +Image: us-central1-docker.pkg.dev/boostorg-project1/website/website +ImageTag: ac20d69 + +djangoDebug: true + +nginxImageTag: "1.21-alpine" + +deploymentEnvironment: &env dev +clientMaxBodySize: 250m + +replicaCount: "2" + +## NOTE ## +# set publcFqdn to the target domain. `www` will be prepended to the domain +# where necessary + +initCommands: + # migrate moved to a Job + # - name: migrate + # command: ./manage.py migrate --noinput + - name: collectstatic + command: ./manage.py collectstatic --noinput + +publicFqdn: &fqdn cppal-dev.boost.cpp.al + +Env: + - name: DJANGO_SETTINGS_MODULE + value: "config.settings" + - name: PGHOST + valueFrom: + secretKeyRef: + name: pg + key: dbhost + - name: PGPORT + valueFrom: + secretKeyRef: + name: pg + key: dbport + - name: PGDATABASE + valueFrom: + secretKeyRef: + name: pg + key: dbname + - name: PGUSER + valueFrom: + secretKeyRef: + name: pg + key: dbuser + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: pg + key: dbpass + - name: DJANGO_FQDN + value: *fqdn + - name: ALLOWED_HOSTS + value: "cppal-dev.boost.cpp.al, www.cppal-dev.boost.cpp.al" + - name: CSRF_TRUSTED_ORIGINS + value: "http://0.0.0.0, http://localhost, https://cppal-dev.boost.cpp.al, https://www.cppal-dev.boost.cpp.al" + + # silence django deprecation warnings + - name: PYTHONWARNINGS + value: ignore + - name: X_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + apiVersion: v1 + - name: X_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + apiVersion: v1 + - name: X_KUBE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + apiVersion: v1 + - name: X_DEPLOYMENT_ENV + value: *env + - name: X_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + apiVersion: v1 + - name: DJANGO_DEBUG + value: "false" + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: django-secret-key + key: key + - name: ENVIRONMENT_NAME + value: "Development Environment" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: media-bucket + key: access_key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: media-bucket + key: secret_key + - name: MEDIA_BUCKET_NAME + value: boost.org-cppal-dev-v2.media + # Staticly generated content bucket (Antora docs, etc) + - name: STATIC_CONTENT_AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: static-content + key: access_key + - name: STATIC_CONTENT_AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: static-content + key: secret_key + - name: STATIC_CONTENT_BUCKET_NAME + valueFrom: + secretKeyRef: + name: static-content + key: bucket_name + # Static content cache timeout + - name: STATIC_CACHE_TIMEOUT + value: "60" + - name: CELERY_BROKER + value: redis://redis:6379/0 + - name: CELERY_BACKEND + value: redis://redis:6379/0 + +# Volumes +Volumes: + - name: run + emptyDir: {} + - name: staticfiles + emptyDir: {} + - name: ngx + configMap: + name: nginx-config--boost + - name: htpw + configMap: + name: htpasswd + +VolumeMounts: + - name: staticfiles + mountPath: /code/static_deploy + - name: run + mountPath: /run + +NginxVolumeMounts: + - name: staticfiles + mountPath: /code/static_deploy + - name: run + mountPath: /run + +ingressType: gce +managedCertName: managed-cert-cppal-dev +ingressStaticIp: cppal-dev-ingress1 +redisInstall: true +celeryInstall: true diff --git a/kube/boost/values-production-gke.yaml b/kube/boost/values-production-gke.yaml new file mode 100644 index 00000000..73aae669 --- /dev/null +++ b/kube/boost/values-production-gke.yaml @@ -0,0 +1,160 @@ +Image: us-central1-docker.pkg.dev/boostorg-project1/website/website +ImageTag: ac20d69 + +djangoDebug: false + +nginxImageTag: "1.21-alpine" + +deploymentEnvironment: &env production +clientMaxBodySize: 250m + +replicaCount: "2" + +## NOTE ## +# set publcFqdn to the target domain. `www` will be prepended to the domain +# where necessary + +initCommands: + # migrate moved to a Job + # - name: migrate + # command: ./manage.py migrate --noinput + - name: collectstatic + command: ./manage.py collectstatic --noinput + +publicFqdn: &fqdn boost.cpp.al + +Env: + - name: DJANGO_SETTINGS_MODULE + value: "config.settings" + - name: PGHOST + valueFrom: + secretKeyRef: + name: pg + key: dbhost + - name: PGPORT + valueFrom: + secretKeyRef: + name: pg + key: dbport + - name: PGDATABASE + valueFrom: + secretKeyRef: + name: pg + key: dbname + - name: PGUSER + valueFrom: + secretKeyRef: + name: pg + key: dbuser + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: pg + key: dbpass + - name: DJANGO_FQDN + value: *fqdn + - name: ALLOWED_HOSTS + value: "boost.cpp.al, www.boost.cpp.al" + - name: CSRF_TRUSTED_ORIGINS + value: "http://0.0.0.0, http://localhost, https://boost.cpp.al, https://www.boost.cpp.al" + + # silence django deprecation warnings + - name: PYTHONWARNINGS + value: ignore + - name: X_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + apiVersion: v1 + - name: X_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + apiVersion: v1 + - name: X_KUBE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + apiVersion: v1 + - name: X_DEPLOYMENT_ENV + value: *env + - name: X_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + apiVersion: v1 + - name: DJANGO_DEBUG + value: "false" + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: django-secret-key + key: key + - name: ENVIRONMENT_NAME + value: "Production Environment" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: media-bucket + key: access_key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: media-bucket + key: secret_key + - name: MEDIA_BUCKET_NAME + value: boost.org.media + # Staticly generated content bucket (Antora docs, etc) + - name: STATIC_CONTENT_AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: static-content + key: access_key + - name: STATIC_CONTENT_AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: static-content + key: secret_key + - name: STATIC_CONTENT_BUCKET_NAME + valueFrom: + secretKeyRef: + name: static-content + key: bucket_name + # Static content cache timeout + - name: STATIC_CACHE_TIMEOUT + value: "60" + - name: CELERY_BROKER + value: redis://redis:6379/0 + - name: CELERY_BACKEND + value: redis://redis:6379/0 + +# Volumes +Volumes: + - name: run + emptyDir: {} + - name: staticfiles + emptyDir: {} + - name: ngx + configMap: + name: nginx-config--boost + - name: htpw + configMap: + name: htpasswd + +VolumeMounts: + - name: staticfiles + mountPath: /code/static_deploy + - name: run + mountPath: /run + +NginxVolumeMounts: + - name: staticfiles + mountPath: /code/static_deploy + - name: run + mountPath: /run + +ingressType: gce +managedCertName: managed-cert-boost-production +ingressStaticIp: boost-production-ingress1 +redisInstall: true +celeryInstall: true diff --git a/kube/boost/values-stage-gke.yaml b/kube/boost/values-stage-gke.yaml new file mode 100644 index 00000000..e77260e2 --- /dev/null +++ b/kube/boost/values-stage-gke.yaml @@ -0,0 +1,160 @@ +Image: us-central1-docker.pkg.dev/boostorg-project1/website/website +ImageTag: ac20d69 + +djangoDebug: true + +nginxImageTag: "1.21-alpine" + +deploymentEnvironment: &env stage +clientMaxBodySize: 250m + +replicaCount: "2" + +## NOTE ## +# set publcFqdn to the target domain. `www` will be prepended to the domain +# where necessary + +initCommands: + # migrate moved to a Job + # - name: migrate + # command: ./manage.py migrate --noinput + - name: collectstatic + command: ./manage.py collectstatic --noinput + +publicFqdn: &fqdn stage.boost.cpp.al + +Env: + - name: DJANGO_SETTINGS_MODULE + value: "config.settings" + - name: PGHOST + valueFrom: + secretKeyRef: + name: pg + key: dbhost + - name: PGPORT + valueFrom: + secretKeyRef: + name: pg + key: dbport + - name: PGDATABASE + valueFrom: + secretKeyRef: + name: pg + key: dbname + - name: PGUSER + valueFrom: + secretKeyRef: + name: pg + key: dbuser + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: pg + key: dbpass + - name: DJANGO_FQDN + value: *fqdn + - name: ALLOWED_HOSTS + value: "stage.boost.cpp.al, www.stage.boost.cpp.al" + - name: CSRF_TRUSTED_ORIGINS + value: "http://0.0.0.0, http://localhost, https://stage.boost.cpp.al, https://www.stage.boost.cpp.al" + + # silence django deprecation warnings + - name: PYTHONWARNINGS + value: ignore + - name: X_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + apiVersion: v1 + - name: X_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + apiVersion: v1 + - name: X_KUBE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + apiVersion: v1 + - name: X_DEPLOYMENT_ENV + value: *env + - name: X_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + apiVersion: v1 + - name: DJANGO_DEBUG + value: "false" + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: django-secret-key + key: key + - name: ENVIRONMENT_NAME + value: "Development Environment" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: media-bucket + key: access_key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: media-bucket + key: secret_key + - name: MEDIA_BUCKET_NAME + value: stage.boost.org.media + # Staticly generated content bucket (Antora docs, etc) + - name: STATIC_CONTENT_AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: static-content + key: access_key + - name: STATIC_CONTENT_AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: static-content + key: secret_key + - name: STATIC_CONTENT_BUCKET_NAME + valueFrom: + secretKeyRef: + name: static-content + key: bucket_name + # Static content cache timeout + - name: STATIC_CACHE_TIMEOUT + value: "60" + - name: CELERY_BROKER + value: redis://redis:6379/0 + - name: CELERY_BACKEND + value: redis://redis:6379/0 + +# Volumes +Volumes: + - name: run + emptyDir: {} + - name: staticfiles + emptyDir: {} + - name: ngx + configMap: + name: nginx-config--boost + - name: htpw + configMap: + name: htpasswd + +VolumeMounts: + - name: staticfiles + mountPath: /code/static_deploy + - name: run + mountPath: /run + +NginxVolumeMounts: + - name: staticfiles + mountPath: /code/static_deploy + - name: run + mountPath: /run + +ingressType: gce +managedCertName: managed-cert-boost-stage +ingressStaticIp: boost-stage-ingress1 +redisInstall: true +celeryInstall: true diff --git a/kube/boost/values.yaml b/kube/boost/values.yaml index 35d69058..0b21372f 100644 --- a/kube/boost/values.yaml +++ b/kube/boost/values.yaml @@ -55,6 +55,8 @@ Env: value: *fqdn - name: ALLOWED_HOSTS value: "boost.revsys.dev, www.boost.revsys.dev" + - name: CSRF_TRUSTED_ORIGINS + value: "http://0.0.0.0, http://localhost, https://boost.revsys.dev, https://www.boost.revsys.dev" # silence django deprecation warnings - name: PYTHONWARNINGS @@ -144,3 +146,7 @@ NginxVolumeMounts: mountPath: /code/static_deploy - name: run mountPath: /run + +ingressType: nginx +redisInstall: false +celeryInstall: false