From b6e97b78ab7f5396785e1af3498795503f9e7182 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Mon, 6 May 2024 16:44:07 +0200 Subject: [PATCH] BC-7263 - seperation of /api/v3/user/import/ to an own deployment (#4984) --- .../defaults/main.yml | 6 + .../meta/main.yml | 9 ++ .../tasks/main.yml | 22 +++ .../templates/deployment.yml.j2 | 125 ++++++++++++++++++ .../templates/ingress.yml.j2 | 41 ++++++ .../templates/svc.yml.j2 | 20 +++ 6 files changed, 223 insertions(+) create mode 100644 ansible/roles/schulcloud-server-migration-system/defaults/main.yml create mode 100644 ansible/roles/schulcloud-server-migration-system/meta/main.yml create mode 100644 ansible/roles/schulcloud-server-migration-system/tasks/main.yml create mode 100644 ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2 create mode 100644 ansible/roles/schulcloud-server-migration-system/templates/ingress.yml.j2 create mode 100644 ansible/roles/schulcloud-server-migration-system/templates/svc.yml.j2 diff --git a/ansible/roles/schulcloud-server-migration-system/defaults/main.yml b/ansible/roles/schulcloud-server-migration-system/defaults/main.yml new file mode 100644 index 00000000000..f9e83d24e41 --- /dev/null +++ b/ansible/roles/schulcloud-server-migration-system/defaults/main.yml @@ -0,0 +1,6 @@ +WITH_MIGRATION_SYSTEMS: false +API_MIGRATION_SYSTEMS_REPLICAS: 1 +API_MIGRATION_SYSTEMS_CPU_LIMITS: "2000m" +API_MIGRATION_SYSTEMS_CPU_REQUESTS: "100m" +API_MIGRATION_SYSTEMS_MEMORY_LIMITS: "2Gi" +API_MIGRATION_SYSTEMS_MEMORY_REQUESTS: "150Mi" \ No newline at end of file diff --git a/ansible/roles/schulcloud-server-migration-system/meta/main.yml b/ansible/roles/schulcloud-server-migration-system/meta/main.yml new file mode 100644 index 00000000000..89be810a431 --- /dev/null +++ b/ansible/roles/schulcloud-server-migration-system/meta/main.yml @@ -0,0 +1,9 @@ +galaxy_info: + role_name: schulcloud-server-migration-system + author: Schul-Cloud Verbund + description: role for separation of user system migration at the schulcloud-server + company: Schul-Cloud Verbund + license: license (AGPLv3) + min_ansible_version: 2.8 + galaxy_tags: [] +dependencies: [] diff --git a/ansible/roles/schulcloud-server-migration-system/tasks/main.yml b/ansible/roles/schulcloud-server-migration-system/tasks/main.yml new file mode 100644 index 00000000000..21255d57e29 --- /dev/null +++ b/ansible/roles/schulcloud-server-migration-system/tasks/main.yml @@ -0,0 +1,22 @@ + - name: Service + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: svc.yml.j2 + state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}" + + - name: Deployment + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: deployment.yml.j2 + state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}" + + - name: Ingress + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: ingress.yml.j2 + apply: yes + state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}" + diff --git a/ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2 b/ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2 new file mode 100644 index 00000000000..4c032afce64 --- /dev/null +++ b/ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2 @@ -0,0 +1,125 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-migration-systems-deployment + namespace: {{ NAMESPACE }} + labels: + app: api-migration-systems + app.kubernetes.io/part-of: schulcloud-verbund + app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }} + app.kubernetes.io/name: api-migration-systems + app.kubernetes.io/component: server + app.kubernetes.io/managed-by: ansible + git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} + git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} +spec: + replicas: {{ API_MIGRATION_SYSTEMS_REPLICAS }} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + #maxUnavailable: 1 + revisionHistoryLimit: 4 + paused: false + selector: + matchLabels: + app: api-migration-systems + template: + metadata: + labels: + app: api-migration-systems + app.kubernetes.io/part-of: schulcloud-verbund + app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }} + app.kubernetes.io/name: api-migration-systems + app.kubernetes.io/component: server + app.kubernetes.io/managed-by: ansible + git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} + git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true + containers: + - name: api-migration-systems + image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3030 + name: api + protocol: TCP + - containerPort: 9090 + name: api-metrics + protocol: TCP + envFrom: + - configMapRef: + name: api-configmap + - secretRef: + name: api-secret + readinessProbe: + httpGet: + path: /internal/health + port: 3030 + timeoutSeconds: 4 + failureThreshold: 3 + periodSeconds: 5 + # liveless if unsatisfactory reply + livenessProbe: + httpGet: + path: /internal/health + port: 3030 + timeoutSeconds: 4 + failureThreshold: 3 + periodSeconds: 15 + startupProbe: + httpGet: + path: /internal/health + port: 3030 + timeoutSeconds: 4 + failureThreshold: 36 + periodSeconds: 5 + resources: + limits: + cpu: {{ API_MIGRATION_SYSTEMS_CPU_LIMITS }} + memory: {{ API_MIGRATION_SYSTEMS_MEMORY_LIMITS }} + requests: + cpu: {{ API_MIGRATION_SYSTEMS_CPU_REQUESTS }} + memory: {{ API_MIGRATION_SYSTEMS_MEMORY_REQUESTS }} +{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 9 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - schulcloud-verbund + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: +{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} + - weight: 10 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-migration-systems + topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} +{% endif %} + - weight: 20 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - api-migration-systems + topologyKey: "topology.kubernetes.io/zone" +{% endif %} diff --git a/ansible/roles/schulcloud-server-migration-system/templates/ingress.yml.j2 b/ansible/roles/schulcloud-server-migration-system/templates/ingress.yml.j2 new file mode 100644 index 00000000000..fc307a0386c --- /dev/null +++ b/ansible/roles/schulcloud-server-migration-system/templates/ingress.yml.j2 @@ -0,0 +1,41 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: api-migration-systems-ingress + namespace: {{ NAMESPACE }} + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" + nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" + nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" + # The following properties added with BC-3606. + # The header size of the request is too big. For e.g. state and the permanent growing jwt. + # Nginx throws away the Location header, resulting in the 502 Bad Gateway. + nginx.ingress.kubernetes.io/client-header-buffer-size: 100k + nginx.ingress.kubernetes.io/http2-max-header-size: 96k + nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k + nginx.ingress.kubernetes.io/proxy-buffer-size: 96k +{% if CLUSTER_ISSUER is defined %} + cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} +{% endif %} + +spec: + ingressClassName: {{ INGRESS_CLASS }} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} + tls: + - hosts: + - {{ DOMAIN }} +{% if CLUSTER_ISSUER is defined %} + secretName: {{ DOMAIN }}-tls +{% endif %} +{% endif %} + rules: + - host: {{ DOMAIN }} + http: + paths: + - path: /api/v3/user/import/ + backend: + service: + name: api-migration-systems-svc + port: + number: 3030 + pathType: Prefix diff --git a/ansible/roles/schulcloud-server-migration-system/templates/svc.yml.j2 b/ansible/roles/schulcloud-server-migration-system/templates/svc.yml.j2 new file mode 100644 index 00000000000..dfee8c1e251 --- /dev/null +++ b/ansible/roles/schulcloud-server-migration-system/templates/svc.yml.j2 @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-migration-systems-svc + namespace: {{ NAMESPACE }} + labels: + app: api-migration-systems +spec: + type: ClusterIP + ports: + - port: 3030 + targetPort: 3030 + protocol: TCP + name: api + - port: 9090 + targetPort: 9090 + protocol: TCP + name: api-metrics + selector: + app: api-migration-systems