From a75b39f1617a5b06d550ce8961db60530d09dff3 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 09:33:10 -0700 Subject: [PATCH 01/22] replace sockets with ports in local env Co-authored-by: Rob Kaufman --- .env.development | 10 ++++++---- Dockerfile | 2 +- docker-compose.yml | 3 ++- nginx/config/{default.conf => default.conf.template} | 6 +++--- nginx/scripts/start-nginx | 6 +++++- 5 files changed, 17 insertions(+), 10 deletions(-) rename nginx/config/{default.conf => default.conf.template} (95%) diff --git a/.env.development b/.env.development index 100f58d61e..b58e57374d 100644 --- a/.env.development +++ b/.env.development @@ -10,16 +10,18 @@ CLIENT_BROWSER_API_CABLE_URL=http://127.0.0.1:4000/cable SSL_ENABLED=false API_PORT=3020 -API_SOCKET=/manifold_sockets/manifold-api -API_CABLE_SOCKET=/manifold_sockets/manifold-cable +API_CABLE_PORT=3021 +CLIENT_SERVER_PORT=3010 +API_HOST=api_rails +API_CABLE_HOST=api_cable +CLIENT_SERVER_HOST=client -CLIENT_SERVER_SOCKET=/manifold_sockets/manifold-client CLIENT_SERVER_API_URL=http://api_rails:3020 NODE_ENV=production ELASTICSEARCH_URL=http://elasticsearch:9200 -CLIENT_SERVER_PROXIES=true +CLIENT_SERVER_PROXIES=false RAILS_ENV=production RAILS_SECRET_KEY=6234a9eada2709680e0db091d48fe7973f6eb23f413d9b5c2b9d17149c9e38e7309a897b6a5231297b89ac6d3c7494d40c7d6454f342c04f8743482f610016aa RAILS_DB_USER=postgres diff --git a/Dockerfile b/Dockerfile index c70f18c33f..aa353d5894 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,7 +60,7 @@ FROM nginx:1.25 as manifold-nginx RUN apt-get -o Acquire::Check-Valid-Until=false update RUN apt-get install -y openssl -COPY nginx/config/default.conf /etc/nginx/conf.d/default.conf +COPY nginx/config/default.conf.template /etc/nginx/templates/default.conf.template COPY nginx/includes/manifold-client-local /etc/nginx/includes/manifold-client-local COPY nginx/includes/manifold-server-local /etc/nginx/includes/manifold-server-local diff --git a/docker-compose.yml b/docker-compose.yml index a8d24b97dd..c5bf7a2e33 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -85,6 +85,8 @@ services: target: manifold-nginx args: - EXTRA_APK_PACKAGES=less vim bash rsync + env_file: + - .env.development volumes: - ./data/nginx/ssl:/etc/nginx/ssl - ./data/api/public:/opt/manifold/api/public @@ -92,7 +94,6 @@ services: ports: - "4000:80" - "4001:443" - command: ["start-nginx"] networks: - internal #volumes: diff --git a/nginx/config/default.conf b/nginx/config/default.conf.template similarity index 95% rename from nginx/config/default.conf rename to nginx/config/default.conf.template index 5c6c448863..4d09836530 100644 --- a/nginx/config/default.conf +++ b/nginx/config/default.conf.template @@ -1,13 +1,13 @@ upstream manifold_api { - server unix:/manifold_sockets/manifold-api; + server ${API_HOST}:${API_PORT}; } upstream manifold_cable { - server unix:/manifold_sockets/manifold-cable; + server ${API_CABLE_HOST}:${API_CABLE_PORT}; } upstream manifold_client { - server unix:/manifold_sockets/manifold-client; + server ${CLIENT_SERVER_HOST}:${CLIENT_SERVER_PORT}; } server { diff --git a/nginx/scripts/start-nginx b/nginx/scripts/start-nginx index abe15d1646..0130df98b0 100755 --- a/nginx/scripts/start-nginx +++ b/nginx/scripts/start-nginx @@ -1,6 +1,10 @@ #!/usr/bin/env bash set -e +# Ensure the Docker scripts gets executed. This includes calling `envsubst` +# on the nginx conf template +bash /docker-entrypoint.sh + install-self-signed-cert echo "Starting Nginx..." -nginx -g 'daemon off;' \ No newline at end of file +nginx -g 'daemon off;' From 0496070778eeacac4d5fbd998b4b2ec3c6c39650 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 09:50:54 -0700 Subject: [PATCH 02/22] replace sockets with ports in configmap-env --- chart/princeton-manifold/templates/configmap-env.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/chart/princeton-manifold/templates/configmap-env.yaml b/chart/princeton-manifold/templates/configmap-env.yaml index c14b90954c..c9964ba216 100644 --- a/chart/princeton-manifold/templates/configmap-env.yaml +++ b/chart/princeton-manifold/templates/configmap-env.yaml @@ -8,16 +8,16 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} data: + API_CABLE_HOST: princeton-manifold-production-api-cable API_CABLE_PORT: "3021" - API_CABLE_SOCKET: /manifold_sockets/manifold-cable + API_HOST: princeton-manifold-production-api-rails API_PORT: "3020" - API_SOCKET: /manifold_sockets/manifold-api CLIENT_BROWSER_API_CABLE_URL: https://openpublishing.princeton.edu/cable CLIENT_BROWSER_API_URL: https://openpublishing.princeton.edu CLIENT_SERVER_API_URL: http://princeton-manifold-production-api:3020 + CLIENT_SERVER_HOST: princeton-manifold-production-client CLIENT_SERVER_PORT: "3010" - CLIENT_SERVER_PROXIES: "true" - CLIENT_SERVER_SOCKET: /manifold_sockets/manifold-client + CLIENT_SERVER_PROXIES: "false" DOMAIN: openpublishing.princeton.edu ELASTICSEARCH_URL: http://princeton-manifold-production-es:9200 NODE_ENV: production From a21e87f7de49189e1616fbb0c9e95bac294e3ac4 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 10:49:54 -0700 Subject: [PATCH 03/22] create k8s Services for cable and client --- .../{service-api.yaml => service-api-cable.yaml} | 9 ++++----- .../templates/service-api-rails.yaml | 15 +++++++++++++++ .../templates/service-client.yaml | 15 +++++++++++++++ chart/princeton-manifold/values.yaml | 10 +++++++++- 4 files changed, 43 insertions(+), 6 deletions(-) rename chart/princeton-manifold/templates/{service-api.yaml => service-api-cable.yaml} (62%) create mode 100644 chart/princeton-manifold/templates/service-api-rails.yaml create mode 100644 chart/princeton-manifold/templates/service-client.yaml diff --git a/chart/princeton-manifold/templates/service-api.yaml b/chart/princeton-manifold/templates/service-api-cable.yaml similarity index 62% rename from chart/princeton-manifold/templates/service-api.yaml rename to chart/princeton-manifold/templates/service-api-cable.yaml index f7bae85019..4cb7690055 100644 --- a/chart/princeton-manifold/templates/service-api.yaml +++ b/chart/princeton-manifold/templates/service-api-cable.yaml @@ -1,16 +1,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "princeton-manifold.fullname" . }}-api + name: {{ include "princeton-manifold.fullname" . }}-api-cable labels: {{- include "princeton-manifold.labels" . | nindent 4 }} spec: - type: {{ .Values.serviceApi.type }} + type: {{ .Values.serviceApiCable.type }} ports: - - port: {{ .Values.serviceApi.port }} - targetPort: 3020 + - port: {{ .Values.serviceApiCable.port }} protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api + app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api-cable app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/templates/service-api-rails.yaml b/chart/princeton-manifold/templates/service-api-rails.yaml new file mode 100644 index 0000000000..ee007783fd --- /dev/null +++ b/chart/princeton-manifold/templates/service-api-rails.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "princeton-manifold.fullname" . }}-api-rails + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + type: {{ .Values.serviceApiRails.type }} + ports: + - port: {{ .Values.serviceApiRails.port }} + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api-rails + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/templates/service-client.yaml b/chart/princeton-manifold/templates/service-client.yaml new file mode 100644 index 0000000000..57f9773e70 --- /dev/null +++ b/chart/princeton-manifold/templates/service-client.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "princeton-manifold.fullname" . }}-client + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + type: {{ .Values.serviceClient.type }} + ports: + - port: {{ .Values.serviceClient.port }} + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-client + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/values.yaml b/chart/princeton-manifold/values.yaml index ec46017927..486788b1c3 100644 --- a/chart/princeton-manifold/values.yaml +++ b/chart/princeton-manifold/values.yaml @@ -49,10 +49,18 @@ service: type: ClusterIP port: 80 -serviceApi: +serviceApiRails: type: ClusterIP port: 3020 +serviceApiCable: + type: ClusterIP + port: 3021 + +serviceClient: + type: ClusterIP + port: 3010 + ingress: enabled: false className: "" From 1f2f537d9c7b6cee2cf538955632f2545ce107bc Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 11:31:34 -0700 Subject: [PATCH 04/22] create k8s Service for nginx --- chart/princeton-manifold/templates/service-nginx.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 chart/princeton-manifold/templates/service-nginx.yaml diff --git a/chart/princeton-manifold/templates/service-nginx.yaml b/chart/princeton-manifold/templates/service-nginx.yaml new file mode 100644 index 0000000000..cd1a200312 --- /dev/null +++ b/chart/princeton-manifold/templates/service-nginx.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "princeton-manifold.fullname" . }}-nginx + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-nginx + app.kubernetes.io/instance: {{ .Release.Name }} From 227590531749c7b156e33657ac44f717df996415 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 11:40:26 -0700 Subject: [PATCH 05/22] use shorter selector names This follows convention set in other projects, like PALs --- chart/princeton-manifold/templates/service-api-cable.yaml | 2 +- chart/princeton-manifold/templates/service-api-rails.yaml | 2 +- chart/princeton-manifold/templates/service-client.yaml | 2 +- chart/princeton-manifold/templates/service-nginx.yaml | 2 +- chart/princeton-manifold/templates/service.yaml | 1 + 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/chart/princeton-manifold/templates/service-api-cable.yaml b/chart/princeton-manifold/templates/service-api-cable.yaml index 4cb7690055..14f8c83d14 100644 --- a/chart/princeton-manifold/templates/service-api-cable.yaml +++ b/chart/princeton-manifold/templates/service-api-cable.yaml @@ -11,5 +11,5 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api-cable + app.kubernetes.io/name: cable app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/templates/service-api-rails.yaml b/chart/princeton-manifold/templates/service-api-rails.yaml index ee007783fd..fbb3f30a95 100644 --- a/chart/princeton-manifold/templates/service-api-rails.yaml +++ b/chart/princeton-manifold/templates/service-api-rails.yaml @@ -11,5 +11,5 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api-rails + app.kubernetes.io/name: rails app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/templates/service-client.yaml b/chart/princeton-manifold/templates/service-client.yaml index 57f9773e70..ea969fef81 100644 --- a/chart/princeton-manifold/templates/service-client.yaml +++ b/chart/princeton-manifold/templates/service-client.yaml @@ -11,5 +11,5 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-client + app.kubernetes.io/name: client app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/templates/service-nginx.yaml b/chart/princeton-manifold/templates/service-nginx.yaml index cd1a200312..572d6d936b 100644 --- a/chart/princeton-manifold/templates/service-nginx.yaml +++ b/chart/princeton-manifold/templates/service-nginx.yaml @@ -7,5 +7,5 @@ metadata: spec: type: {{ .Values.service.type }} selector: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-nginx + app.kubernetes.io/name: nginx app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/chart/princeton-manifold/templates/service.yaml b/chart/princeton-manifold/templates/service.yaml index c45d63e430..64c5523fe9 100644 --- a/chart/princeton-manifold/templates/service.yaml +++ b/chart/princeton-manifold/templates/service.yaml @@ -1,3 +1,4 @@ +# TODO: delete? apiVersion: v1 kind: Service metadata: From 0c0b253f2b7c0e5aafee07bd51604ceb10f0d37b Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 11:49:21 -0700 Subject: [PATCH 06/22] extract nginx deployment --- .../templates/deployment-api.yaml | 18 ------- .../templates/deployment-nginx.yaml | 50 +++++++++++++++++++ 2 files changed, 50 insertions(+), 18 deletions(-) create mode 100644 chart/princeton-manifold/templates/deployment-nginx.yaml diff --git a/chart/princeton-manifold/templates/deployment-api.yaml b/chart/princeton-manifold/templates/deployment-api.yaml index f55ac1f29c..c2a62142b1 100644 --- a/chart/princeton-manifold/templates/deployment-api.yaml +++ b/chart/princeton-manifold/templates/deployment-api.yaml @@ -119,24 +119,6 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - - name: {{ .Chart.Name }}-nginx - command: - - start-nginx - ports: - - containerPort: 80 - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.nginx.image.registry }}/{{ .Values.nginx.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "princeton-manifold.fullname" . }}-env - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/chart/princeton-manifold/templates/deployment-nginx.yaml b/chart/princeton-manifold/templates/deployment-nginx.yaml new file mode 100644 index 0000000000..be3ff23558 --- /dev/null +++ b/chart/princeton-manifold/templates/deployment-nginx.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "princeton-manifold.fullname" . }}-nginx + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: nginx + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: nginx + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "princeton-manifold.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: nginx + ports: + - containerPort: 80 + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.nginx.image.registry }}/{{ .Values.nginx.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "princeton-manifold.fullname" . }}-env + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} From 03a864c64eef1b80f057b59b49031c77d53c8d6f Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 11:55:25 -0700 Subject: [PATCH 07/22] extract client deployment --- .../templates/deployment-api.yaml | 20 ------- .../templates/deployment-client.yaml | 54 +++++++++++++++++++ 2 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 chart/princeton-manifold/templates/deployment-client.yaml diff --git a/chart/princeton-manifold/templates/deployment-api.yaml b/chart/princeton-manifold/templates/deployment-api.yaml index c2a62142b1..2c424006b8 100644 --- a/chart/princeton-manifold/templates/deployment-api.yaml +++ b/chart/princeton-manifold/templates/deployment-api.yaml @@ -99,26 +99,6 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - - name: {{ .Chart.Name }}-client - command: - - yarn - - run - - start - ports: - - containerPort: 3010 - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.client.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "princeton-manifold.fullname" . }}-env - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/chart/princeton-manifold/templates/deployment-client.yaml b/chart/princeton-manifold/templates/deployment-client.yaml new file mode 100644 index 0000000000..cb0e89efa6 --- /dev/null +++ b/chart/princeton-manifold/templates/deployment-client.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "princeton-manifold.fullname" . }}-client + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: client + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: client + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "princeton-manifold.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: client + command: + - yarn + - run + - start + ports: + - containerPort: 3010 + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.client.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "princeton-manifold.fullname" . }}-env + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} From aa48f65a6195bdb2999c7712db0d07a638cb5bbe Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 12:08:21 -0700 Subject: [PATCH 08/22] extract rails deployment --- .../templates/deployment-api-rails.yaml | 54 +++++++++++++++++++ .../templates/deployment-api.yaml | 20 ------- 2 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 chart/princeton-manifold/templates/deployment-api-rails.yaml diff --git a/chart/princeton-manifold/templates/deployment-api-rails.yaml b/chart/princeton-manifold/templates/deployment-api-rails.yaml new file mode 100644 index 0000000000..0ff63f4793 --- /dev/null +++ b/chart/princeton-manifold/templates/deployment-api-rails.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "princeton-manifold.fullname" . }}-api-rails + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: rails + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: rails + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "princeton-manifold.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: rails + command: + - bin/puma + - -C + - config/puma.rb + ports: + - containerPort: 3020 + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "princeton-manifold.fullname" . }}-env + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/chart/princeton-manifold/templates/deployment-api.yaml b/chart/princeton-manifold/templates/deployment-api.yaml index 2c424006b8..501832b0da 100644 --- a/chart/princeton-manifold/templates/deployment-api.yaml +++ b/chart/princeton-manifold/templates/deployment-api.yaml @@ -28,26 +28,6 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }}-api-rails - command: - - bin/puma - - -C - - config/puma.rb - ports: - - containerPort: 3020 - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "princeton-manifold.fullname" . }}-env - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - name: {{ .Chart.Name }}-api-sidekiq command: - bin/sidekiq From 645c7f460e4ce64b36cdd15fbe995466bbcc3fc9 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 12:11:45 -0700 Subject: [PATCH 09/22] rename api deployment to api-cable --- ...ent-api.yaml => deployment-api-cable.yaml} | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) rename chart/princeton-manifold/templates/{deployment-api.yaml => deployment-api-cable.yaml} (88%) diff --git a/chart/princeton-manifold/templates/deployment-api.yaml b/chart/princeton-manifold/templates/deployment-api-cable.yaml similarity index 88% rename from chart/princeton-manifold/templates/deployment-api.yaml rename to chart/princeton-manifold/templates/deployment-api-cable.yaml index 501832b0da..b20af3fe71 100644 --- a/chart/princeton-manifold/templates/deployment-api.yaml +++ b/chart/princeton-manifold/templates/deployment-api-cable.yaml @@ -1,14 +1,14 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "princeton-manifold.fullname" . }}-api + name: {{ include "princeton-manifold.fullname" . }}-api-cable labels: {{- include "princeton-manifold.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api + app.kubernetes.io/name: cable app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: @@ -17,7 +17,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api + app.kubernetes.io/name: cable app.kubernetes.io/instance: {{ .Release.Name }} spec: {{- with .Values.imagePullSecrets }} @@ -28,9 +28,11 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }}-api-sidekiq + - name: cable command: - - bin/sidekiq + - bin/cable + ports: + - containerPort: 3021 securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -44,11 +46,9 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - - name: {{ .Chart.Name }}-api-cable + - name: sidekiq command: - - bin/cable - ports: - - containerPort: 3021 + - bin/sidekiq securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -62,7 +62,7 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - - name: {{ .Chart.Name }}-api-clockwork + - name: clockwork command: - bin/zhong - zhong.rb From 844f1839d076f70e4c9053eb688f80981af17ff9 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 12:12:02 -0700 Subject: [PATCH 10/22] remove volume mount for sockets --- chart/princeton-manifold/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/chart/princeton-manifold/values.yaml b/chart/princeton-manifold/values.yaml index 486788b1c3..e34327a528 100644 --- a/chart/princeton-manifold/values.yaml +++ b/chart/princeton-manifold/values.yaml @@ -131,9 +131,6 @@ volumeMounts: - mountPath: /opt/manifold/api/data name: shared-storage subPath: data - - mountPath: /manifold_sockets - name: shared-storage - subPath: sockets nodeSelector: {} From 7c0dbdf3a51e8faed564f9f67a3c3bbc03ddf029 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 13:56:29 -0700 Subject: [PATCH 11/22] fix "spec.ports: Required value" deployment error --- chart/princeton-manifold/templates/service-nginx.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/chart/princeton-manifold/templates/service-nginx.yaml b/chart/princeton-manifold/templates/service-nginx.yaml index 572d6d936b..1f7491cd62 100644 --- a/chart/princeton-manifold/templates/service-nginx.yaml +++ b/chart/princeton-manifold/templates/service-nginx.yaml @@ -6,6 +6,11 @@ metadata: {{- include "princeton-manifold.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http selector: app.kubernetes.io/name: nginx app.kubernetes.io/instance: {{ .Release.Name }} From abb380cbc61754f8cb2296a29536303ceec762d2 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:16:10 -0700 Subject: [PATCH 12/22] remove SSL from nginx conf, restore nginx commands --- .../templates/deployment-nginx.yaml | 2 ++ docker-compose.yml | 1 + nginx/config/default.conf.template | 12 ------------ 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/chart/princeton-manifold/templates/deployment-nginx.yaml b/chart/princeton-manifold/templates/deployment-nginx.yaml index be3ff23558..ea541136ad 100644 --- a/chart/princeton-manifold/templates/deployment-nginx.yaml +++ b/chart/princeton-manifold/templates/deployment-nginx.yaml @@ -29,6 +29,8 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: nginx + command: + - start-nginx ports: - containerPort: 80 securityContext: diff --git a/docker-compose.yml b/docker-compose.yml index c5bf7a2e33..939e2bfcc8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,6 +94,7 @@ services: ports: - "4000:80" - "4001:443" + command: ["start-nginx"] networks: - internal #volumes: diff --git a/nginx/config/default.conf.template b/nginx/config/default.conf.template index 4d09836530..2314fd33ed 100644 --- a/nginx/config/default.conf.template +++ b/nginx/config/default.conf.template @@ -12,20 +12,8 @@ upstream manifold_api { server { listen 80; - listen 443 ssl; root /opt/manifold/client/dist/build/client/build; - ssl_certificate /etc/nginx/ssl/manifold.crt; - ssl_certificate_key /etc/nginx/ssl/manifold.key; - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256; - ssl_ecdh_curve secp384r1; - ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; From 8d87e511492de2c31966907fbad2126ed99a619a Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:29:24 -0700 Subject: [PATCH 13/22] Revert 1 commits abb380c 'remove SSL from nginx conf, restore nginx commands' --- .../templates/deployment-nginx.yaml | 2 -- docker-compose.yml | 1 - nginx/config/default.conf.template | 12 ++++++++++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/chart/princeton-manifold/templates/deployment-nginx.yaml b/chart/princeton-manifold/templates/deployment-nginx.yaml index ea541136ad..be3ff23558 100644 --- a/chart/princeton-manifold/templates/deployment-nginx.yaml +++ b/chart/princeton-manifold/templates/deployment-nginx.yaml @@ -29,8 +29,6 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: nginx - command: - - start-nginx ports: - containerPort: 80 securityContext: diff --git a/docker-compose.yml b/docker-compose.yml index 939e2bfcc8..c5bf7a2e33 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,7 +94,6 @@ services: ports: - "4000:80" - "4001:443" - command: ["start-nginx"] networks: - internal #volumes: diff --git a/nginx/config/default.conf.template b/nginx/config/default.conf.template index 2314fd33ed..4d09836530 100644 --- a/nginx/config/default.conf.template +++ b/nginx/config/default.conf.template @@ -12,8 +12,20 @@ upstream manifold_api { server { listen 80; + listen 443 ssl; root /opt/manifold/client/dist/build/client/build; + ssl_certificate /etc/nginx/ssl/manifold.crt; + ssl_certificate_key /etc/nginx/ssl/manifold.key; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256; + ssl_ecdh_curve secp384r1; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; From adacea0a5b4c10a69c13e5ab70aefcb985d3a6ce Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:29:56 -0700 Subject: [PATCH 14/22] nginx image has default cmd "start-nginx" This should allow nginx to start both locally and in prod. The self-signed certs will be generated in both, but since we have SSL at the ingress level in prod, they will be vestigial in prod --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index aa353d5894..ad8ea5afda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -70,4 +70,6 @@ COPY nginx/scripts/start-nginx /usr/local/bin/start-nginx VOLUME ["/manifold_sockets","/manifold_data"] +CMD [ "start-nginx" ] + EXPOSE 80 443 From 86ed99e68d08bd5cce543202b7941b0d02cff709 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:53:58 -0700 Subject: [PATCH 15/22] properly run docker entrypoint script It needed an argument --- nginx/scripts/start-nginx | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/nginx/scripts/start-nginx b/nginx/scripts/start-nginx index 0130df98b0..a0e157135b 100755 --- a/nginx/scripts/start-nginx +++ b/nginx/scripts/start-nginx @@ -1,10 +1,9 @@ #!/usr/bin/env bash set -e -# Ensure the Docker scripts gets executed. This includes calling `envsubst` -# on the nginx conf template -bash /docker-entrypoint.sh - install-self-signed-cert echo "Starting Nginx..." -nginx -g 'daemon off;' + +# Ensure the Docker entrypoint scripts get executed. This includes +# calling `envsubst` on the nginx conf template +bash /docker-entrypoint.sh nginx -g 'daemon off;' From 4b3874471c0e6651a409d068647970a376c27f07 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 16:11:06 -0700 Subject: [PATCH 16/22] properly connect nginx to ingress --- chart/princeton-manifold/templates/ingress.yaml | 4 ++-- chart/princeton-manifold/templates/service-nginx.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/princeton-manifold/templates/ingress.yaml b/chart/princeton-manifold/templates/ingress.yaml index 2d49702010..1ee2b44784 100644 --- a/chart/princeton-manifold/templates/ingress.yaml +++ b/chart/princeton-manifold/templates/ingress.yaml @@ -49,11 +49,11 @@ spec: backend: {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: - name: {{ $fullName }} + name: {{ $fullName }}-nginx port: number: {{ $svcPort }} {{- else }} - serviceName: {{ $fullName }} + serviceName: {{ $fullName }}-nginx servicePort: {{ $svcPort }} {{- end }} {{- end }} diff --git a/chart/princeton-manifold/templates/service-nginx.yaml b/chart/princeton-manifold/templates/service-nginx.yaml index 1f7491cd62..953e07db7b 100644 --- a/chart/princeton-manifold/templates/service-nginx.yaml +++ b/chart/princeton-manifold/templates/service-nginx.yaml @@ -8,7 +8,7 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: http + targetPort: 80 protocol: TCP name: http selector: From d8e5f3083d4188172f56f288adbece6885510336 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 16:34:41 -0700 Subject: [PATCH 17/22] use env vars that work --- chart/princeton-manifold/templates/configmap-env.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/princeton-manifold/templates/configmap-env.yaml b/chart/princeton-manifold/templates/configmap-env.yaml index c9964ba216..158d76b573 100644 --- a/chart/princeton-manifold/templates/configmap-env.yaml +++ b/chart/princeton-manifold/templates/configmap-env.yaml @@ -14,10 +14,10 @@ data: API_PORT: "3020" CLIENT_BROWSER_API_CABLE_URL: https://openpublishing.princeton.edu/cable CLIENT_BROWSER_API_URL: https://openpublishing.princeton.edu - CLIENT_SERVER_API_URL: http://princeton-manifold-production-api:3020 + CLIENT_SERVER_API_URL: http://princeton-manifold-production-api-rails:3020 CLIENT_SERVER_HOST: princeton-manifold-production-client CLIENT_SERVER_PORT: "3010" - CLIENT_SERVER_PROXIES: "false" + CLIENT_SERVER_PROXIES: "true" DOMAIN: openpublishing.princeton.edu ELASTICSEARCH_URL: http://princeton-manifold-production-es:9200 NODE_ENV: production From 25227df99de5de3949844c0f2da1333cf1e527a1 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 17:04:44 -0700 Subject: [PATCH 18/22] delete unused k8s Service --- chart/princeton-manifold/templates/service.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 chart/princeton-manifold/templates/service.yaml diff --git a/chart/princeton-manifold/templates/service.yaml b/chart/princeton-manifold/templates/service.yaml deleted file mode 100644 index 64c5523fe9..0000000000 --- a/chart/princeton-manifold/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# TODO: delete? -apiVersion: v1 -kind: Service -metadata: - name: {{ include "princeton-manifold.fullname" . }} - labels: - {{- include "princeton-manifold.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 80 - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "princeton-manifold.name" . }}-api - app.kubernetes.io/instance: {{ .Release.Name }} From 34196a981197fab305086d477cced5f52b9fdbc0 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 17:05:22 -0700 Subject: [PATCH 19/22] remove socket volumes from docker-compose.yml --- docker-compose.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c5bf7a2e33..6d46ac82b1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,6 @@ x-api: &api - EXTRA_APK_PACKAGES=less vim bash rsync volumes: - ./data/api/public:/opt/manifold/api/public - - ./data/sockets:/manifold_sockets env_file: - .env.development networks: @@ -73,7 +72,6 @@ services: - .env.development volumes: - ./data/api/public:/opt/manifold/api/public - - ./data/sockets:/manifold_sockets command: yarn run start-docker networks: - internal @@ -90,15 +88,11 @@ services: volumes: - ./data/nginx/ssl:/etc/nginx/ssl - ./data/api/public:/opt/manifold/api/public - - ./data/sockets:/manifold_sockets ports: - "4000:80" - "4001:443" networks: - internal -#volumes: -# manifold_data: -# manifold_sockets: networks: internal: From 8a9aef6015e09f69d9687a9aaefafdb86835c710 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 17:19:41 -0700 Subject: [PATCH 20/22] extract sidekiq deployment --- .../templates/deployment-api-cable.yaml | 16 ------ .../templates/deployment-api-sidekiq.yaml | 50 +++++++++++++++++++ 2 files changed, 50 insertions(+), 16 deletions(-) create mode 100644 chart/princeton-manifold/templates/deployment-api-sidekiq.yaml diff --git a/chart/princeton-manifold/templates/deployment-api-cable.yaml b/chart/princeton-manifold/templates/deployment-api-cable.yaml index b20af3fe71..2dac54bf19 100644 --- a/chart/princeton-manifold/templates/deployment-api-cable.yaml +++ b/chart/princeton-manifold/templates/deployment-api-cable.yaml @@ -46,22 +46,6 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - - name: sidekiq - command: - - bin/sidekiq - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "princeton-manifold.fullname" . }}-env - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - name: clockwork command: - bin/zhong diff --git a/chart/princeton-manifold/templates/deployment-api-sidekiq.yaml b/chart/princeton-manifold/templates/deployment-api-sidekiq.yaml new file mode 100644 index 0000000000..4e70f7355f --- /dev/null +++ b/chart/princeton-manifold/templates/deployment-api-sidekiq.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "princeton-manifold.fullname" . }}-api-sidekiq + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: sidekiq + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: sidekiq + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "princeton-manifold.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: sidekiq + command: + - bin/sidekiq + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "princeton-manifold.fullname" . }}-env + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} From 346f64fdcf614b4cde0148235ad5cff718f5ea99 Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 17:21:44 -0700 Subject: [PATCH 21/22] extract clockwork deployment --- .../templates/deployment-api-cable.yaml | 17 ------- .../templates/deployment-api-clockwork.yaml | 51 +++++++++++++++++++ 2 files changed, 51 insertions(+), 17 deletions(-) create mode 100644 chart/princeton-manifold/templates/deployment-api-clockwork.yaml diff --git a/chart/princeton-manifold/templates/deployment-api-cable.yaml b/chart/princeton-manifold/templates/deployment-api-cable.yaml index 2dac54bf19..9ae4b5ca32 100644 --- a/chart/princeton-manifold/templates/deployment-api-cable.yaml +++ b/chart/princeton-manifold/templates/deployment-api-cable.yaml @@ -46,23 +46,6 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - - name: clockwork - command: - - bin/zhong - - zhong.rb - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "princeton-manifold.fullname" . }}-env - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/chart/princeton-manifold/templates/deployment-api-clockwork.yaml b/chart/princeton-manifold/templates/deployment-api-clockwork.yaml new file mode 100644 index 0000000000..6c830ba3a4 --- /dev/null +++ b/chart/princeton-manifold/templates/deployment-api-clockwork.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "princeton-manifold.fullname" . }}-api-clockwork + labels: + {{- include "princeton-manifold.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: clockwork + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: clockwork + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "princeton-manifold.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: clockwork + command: + - bin/zhong + - zhong.rb + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.api.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "princeton-manifold.fullname" . }}-env + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} From 2508ade745a99e5b78316f52df64d33f26bddcfc Mon Sep 17 00:00:00 2001 From: Benjamin Kiah Stroud <32469930+bkiahstroud@users.noreply.github.com> Date: Tue, 20 Aug 2024 20:22:46 -0700 Subject: [PATCH 22/22] CLIENT_SERVER_PROXIES must be true for assets to work --- .env.development | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.development b/.env.development index b58e57374d..9e219345c2 100644 --- a/.env.development +++ b/.env.development @@ -21,7 +21,7 @@ NODE_ENV=production ELASTICSEARCH_URL=http://elasticsearch:9200 -CLIENT_SERVER_PROXIES=false +CLIENT_SERVER_PROXIES=true RAILS_ENV=production RAILS_SECRET_KEY=6234a9eada2709680e0db091d48fe7973f6eb23f413d9b5c2b9d17149c9e38e7309a897b6a5231297b89ac6d3c7494d40c7d6454f342c04f8743482f610016aa RAILS_DB_USER=postgres