Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BC-7263 - seperation of /api/v3/user/import/ to an own deployment #4984

Merged
merged 4 commits into from
May 6, 2024
Merged

BC-7263 - seperation of /api/v3/user/import/ to an own deployment #4984

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e7cc22d
BC-7263 - add deployment for system migration to moin.schule for larg…
mamutmk5 May 6, 2024
78a306f
BC-7263 - fix spelling
mamutmk5 May 6, 2024
6de860e
BC-7263 - fix missing thing
mamutmk5 May 6, 2024
94b23b3
BC-7263 - remove complexity
mamutmk5 May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
WITH_MIGRATION_SYSTEMS: false
API_MIGRATION_SYSTEMS_REPLICAS: 1
API_MIGRATION_SYSTEMS_CPU_LIMITS: "2000m"
API_MIGRATION_SYSTEMS_CPU_REQUESTS: "100m"
API_MIGRATION_SYSTEMS_MEMORY_LIMITS: "2Gi"
API_MIGRATION_SYSTEMS_MEMORY_REQUESTS: "150Mi"
9 changes: 9 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
galaxy_info:
role_name: schulcloud-server-migration-system
author: Schul-Cloud Verbund
description: role for separation of user system migration at the schulcloud-server
company: Schul-Cloud Verbund
license: license (AGPLv3)
min_ansible_version: 2.8
galaxy_tags: []
dependencies: []
22 changes: 22 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
- name: Service
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: svc.yml.j2
state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}"

- name: Deployment
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: deployment.yml.j2
state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}"

- name: Ingress
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: ingress.yml.j2
apply: yes
state: "{{ 'present' if WITH_MIGRATION_SYSTEMS else 'absent'}}"

125 changes: 125 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-migration-systems-deployment
namespace: {{ NAMESPACE }}
labels:
app: api-migration-systems
app.kubernetes.io/part-of: schulcloud-verbund
app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }}
app.kubernetes.io/name: api-migration-systems
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: ansible
git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }}
git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }}
spec:
replicas: {{ API_MIGRATION_SYSTEMS_REPLICAS }}
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
#maxUnavailable: 1
revisionHistoryLimit: 4
paused: false
selector:
matchLabels:
app: api-migration-systems
template:
metadata:
labels:
app: api-migration-systems
app.kubernetes.io/part-of: schulcloud-verbund
app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }}
app.kubernetes.io/name: api-migration-systems
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: ansible
git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }}
git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }}
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: api-migration-systems
image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3030
name: api
protocol: TCP
- containerPort: 9090
name: api-metrics
protocol: TCP
envFrom:
- configMapRef:
name: api-configmap
- secretRef:
name: api-secret
readinessProbe:
httpGet:
path: /internal/health
port: 3030
timeoutSeconds: 4
failureThreshold: 3
periodSeconds: 5
# liveless if unsatisfactory reply
livenessProbe:
httpGet:
path: /internal/health
port: 3030
timeoutSeconds: 4
failureThreshold: 3
periodSeconds: 15
startupProbe:
httpGet:
path: /internal/health
port: 3030
timeoutSeconds: 4
failureThreshold: 36
periodSeconds: 5
resources:
limits:
cpu: {{ API_MIGRATION_SYSTEMS_CPU_LIMITS }}
memory: {{ API_MIGRATION_SYSTEMS_MEMORY_LIMITS }}
requests:
cpu: {{ API_MIGRATION_SYSTEMS_CPU_REQUESTS }}
memory: {{ API_MIGRATION_SYSTEMS_MEMORY_REQUESTS }}
{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 9
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- schulcloud-verbund
topologyKey: "kubernetes.io/hostname"
namespaceSelector: {}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %}
- weight: 10
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- api-migration-systems
topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }}
{% endif %}
- weight: 20
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- api-migration-systems
topologyKey: "topology.kubernetes.io/zone"
{% endif %}
41 changes: 41 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/templates/ingress.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-migration-systems-ingress
namespace: {{ NAMESPACE }}
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
# The following properties added with BC-3606.
# The header size of the request is too big. For e.g. state and the permanent growing jwt.
# Nginx throws away the Location header, resulting in the 502 Bad Gateway.
nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
nginx.ingress.kubernetes.io/http2-max-header-size: 96k
nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
{% if CLUSTER_ISSUER is defined %}
cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
{% endif %}

spec:
ingressClassName: {{ INGRESS_CLASS }}
{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
tls:
- hosts:
- {{ DOMAIN }}
{% if CLUSTER_ISSUER is defined %}
secretName: {{ DOMAIN }}-tls
{% endif %}
{% endif %}
rules:
- host: {{ DOMAIN }}
http:
paths:
- path: /api/v3/user/import/
backend:
service:
name: api-migration-systems-svc
port:
number: 3030
pathType: Prefix
20 changes: 20 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/templates/svc.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: api-migration-systems-svc
namespace: {{ NAMESPACE }}
labels:
app: api-migration-systems
spec:
type: ClusterIP
ports:
- port: 3030
targetPort: 3030
protocol: TCP
name: api
- port: 9090
targetPort: 9090
protocol: TCP
name: api-metrics
selector:
app: api-migration-systems
Loading