From 33a5e525a1ea54ad22a30d280eefe44ac75aeee7 Mon Sep 17 00:00:00 2001 From: April Rieger Date: Thu, 11 Apr 2024 16:18:48 -0700 Subject: [PATCH] what the branch says --- ops/staging-deploy.tmpl.yaml | 112 ++++++++++++++++++++++------------- 1 file changed, 71 insertions(+), 41 deletions(-) diff --git a/ops/staging-deploy.tmpl.yaml b/ops/staging-deploy.tmpl.yaml index a72261da..683d22bf 100644 --- a/ops/staging-deploy.tmpl.yaml +++ b/ops/staging-deploy.tmpl.yaml @@ -1,16 +1,26 @@ replicaCount: 2 +# These values are currently in atla_digital_library +# Do we still like these values set? +# resources: +# requests: +# memory: '1Gi' +# cpu: '250m' +# limits: +# memory: '2Gi' +# cpu: '1000m' + livenessProbe: enabled: false readinessProbe: enabled: false brandingVolume: - storageClass: aws-efs + storageClass: efs-sc derivativesVolume: - storageClass: aws-efs + storageClass: efs-sc uploadsVolume: - storageClass: aws-efs + storageClass: efs-sc size: 200Gi imagePullSecrets: @@ -63,15 +73,17 @@ extraEnvVars: &envVars - name: DB_ADAPTER value: postgresql - name: DB_HOST - value: pg-postgresql.staging-postgres.svc.cluster.local + value: hyrax20181216.cn4nhxyoxlnu.us-west-2.rds.amazonaws.com - name: DB_NAME value: atla-hyku-staging - name: DB_USER - value: postgres + value: hydra_user + - name: DISABLE_SPRING + value: '1' - name: FCREPO_BASE_PATH - value: /atlahykustaging + value: /hykustage - name: FCREPO_HOST - value: fcrepo.staging-fcrepo.svc.cluster.local + value: fcrepo.fcrepo.svc.cluster.local - name: FCREPO_PORT value: "8080" - name: FCREPO_REST_PATH @@ -101,7 +113,7 @@ extraEnvVars: &envVars - name: PASSENGER_APP_ENV value: production - name: RAILS_CACHE_STORE_URL - value: redis://:$REDIS_PASSWORD@atla-hyku-staging-redis-master:6379/staging + value: redis://:$REDIS_PASSWORD@atla-hyku-staging-redis-master:6379/hykustage - name: RAILS_ENV value: production - name: RAILS_LOG_TO_STDOUT @@ -113,7 +125,7 @@ extraEnvVars: &envVars - name: REDIS_HOST value: atla-hyku-staging-redis-master - name: REDIS_URL - value: redis://:$REDIS_PASSWORD@atla-hyku-staging-redis-master:6379/staging + value: redis://:$REDIS_PASSWORD@atla-hyku-staging-redis-master - name: HYRAX_ACTIVE_JOB_QUEUE value: sidekiq - name: HYRAX_ANALYTICS @@ -134,6 +146,8 @@ extraEnvVars: &envVars value: "false" - name: HYKU_DEFAULT_HOST value: "%{tenant}.atla-hyku.notch8.cloud" + - name: HYKU_FILE_ACL + value: "false" - name: HYKU_MULTITENANT value: "true" - name: HYKU_ROOT_HOST @@ -143,21 +157,21 @@ extraEnvVars: &envVars - name: NEGATIVE_CAPTCHA_SECRET value: $NEGATIVE_CAPTCHA_SECRET - name: SMTP_ADDRESS - value: "maildev-smtp.maildev.svc.cluster.local" + value: email-smtp.us-east-1.amazonaws.com - name: SMTP_DOMAIN - value: "maildev-smtp.maildev.svc.cluster.local" + value: "atla-hyku.notch8.cloud" - name: SMTP_ENABLED - value: "true" + value: 'true' + - name: SMTP_PASSWORD + value: $SMTP_PASSWORD - name: SMTP_PORT - value: "1025" + value: '587' + - name: SMTP_STARTTLS + value: 'true' - name: SMTP_TYPE - value: "plain" + value: login - name: SMTP_USER_NAME - value: "admin" - - name: SMTP_STARTTLS - value: "false" - - name: SMTP_PASSWORD - value: $SMTP_PASSWORD + value: $SMTP_USER_NAME - name: SOLR_ADMIN_USER value: admin - name: SOLR_ADMIN_PASSWORD @@ -167,34 +181,33 @@ extraEnvVars: &envVars - name: SOLR_CONFIGSET_NAME value: atla-hyku-staging - name: SOLR_HOST - value: solr.staging-solr + value: solr.solr.svc.cluster.local - name: SOLR_PORT value: "8983" - name: SOLR_URL - value: http://admin:$SOLR_ADMIN_PASSWORD@solr.staging-solr:8983/solr/ + value: http://admin:$SOLR_ADMIN_PASSWORD@solr.solr.svc.cluster.local:8983/solr/ - name: SENTRY_DSN value: $SENTRY_DSN - name: SENTRY_ENVIRONMENT value: $SENTRY_ENVIRONMENT - - name: TEST_USER_EMAIL - value: user@example.com - - name: TEST_USER_PASSWORD - value: testing123 + +securityContext: &secValues + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 +podSecurityContext: &podSecValues + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 101 + fsGroup: 101 + fsGroupChangePolicy: 'OnRootMismatch' worker: replicaCount: 1 extraVolumeMounts: *volMounts extraEnvVars: *envVars - podSecurityContext: - runAsUser: 1001 - runAsGroup: 101 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" -podSecurityContext: - runAsUser: 1001 - runAsGroup: 101 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" + podSecurityContext: *podSecValues + securityContext: *secValues embargoRelease: enabled: false @@ -203,31 +216,48 @@ leaseRelease: fcrepo: enabled: false +# These values are currently in atla_digital_library +# Do we still like these values set? + # resources: + # limits: + # memory: '4Gi' + # cpu: '2' + # requests: + # memory: '2Gi' + # cpu: '1' + postgresql: enabled: false + redis: + persistence: + enabled: true + storageClass: ebs cluster: enabled: false password: $REDIS_PASSWORD + solr: enabled: false -externalFcrepoHost: fcrepo.staging-fcrepo.svc.cluster.local +externalFcrepoHost: fcrepo.fcrepo.svc.cluster.local externalPostgresql: - host: pg-postgresql.staging-postgres.svc.cluster.local - username: postgres + host: hyrax20181216.cn4nhxyoxlnu.us-west-2.rds.amazonaws.com + username: hydra_user password: $POSTGRES_PASSWORD + database: atla-hyku-staging -externalSolrHost: solr.staging-solr.svc.cluster.local +externalSolrHost: solr.solr.svc.cluster.local externalSolrUser: admin externalSolrCollection: "atla-hyku-staging" externalSolrPassword: $SOLR_ADMIN_PASSWORD -global: - hyraxName: atla-hyku-staging-hyrax +# global: + # hyraxName: atla-hyku-staging-hyrax nginx: enabled: false service: port: 80 +