From 7c150209e4d96f04b56aa83f554151bc869e7495 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Sat, 17 Apr 2021 20:18:46 -0400 Subject: [PATCH 01/23] Initial --- src/k8s_conf/_pv_claims.yaml | 30 +++++++++++++ src/k8s_conf/api_server.yaml | 69 ++++++++++++++++++++++++++++++ src/k8s_conf/db_server.yaml | 67 +++++++++++++++++++++++++++++ src/k8s_conf/front_end.yaml | 63 +++++++++++++++++++++++++++ src/k8s_conf/kind_w_reg.sh | 82 ++++++++++++++++++++++++++++++++++++ 5 files changed, 311 insertions(+) create mode 100644 src/k8s_conf/_pv_claims.yaml create mode 100644 src/k8s_conf/api_server.yaml create mode 100644 src/k8s_conf/db_server.yaml create mode 100644 src/k8s_conf/front_end.yaml create mode 100644 src/k8s_conf/kind_w_reg.sh diff --git a/src/k8s_conf/_pv_claims.yaml b/src/k8s_conf/_pv_claims.yaml new file mode 100644 index 00000000..47679df9 --- /dev/null +++ b/src/k8s_conf/_pv_claims.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: src-archive + name: src-archive +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +status: {} diff --git a/src/k8s_conf/api_server.yaml b/src/k8s_conf/api_server.yaml new file mode 100644 index 00000000..03f3c38f --- /dev/null +++ b/src/k8s_conf/api_server.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: server + name: server +spec: + ports: + - name: "5000" + port: 5000 + targetPort: 5000 + selector: + io.kompose.service: server +status: + loadBalancer: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: server + name: server +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: server + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: server + spec: + containers: + - env: + - name: FLASK_ENV + value: development + image: localhost:5000/src-server:latest + imagePullPolicy: "" + name: paws-compose-server + ports: + - containerPort: 5000 + resources: {} + volumeMounts: + - mountPath: /app/static/raw_data + name: src-archive + restartPolicy: Always + serviceAccountName: "" + imagePullSecrets: + - name: regcred + volumes: + - name: src-archive + persistentVolumeClaim: + claimName: src-archive +status: {} diff --git a/src/k8s_conf/db_server.yaml b/src/k8s_conf/db_server.yaml new file mode 100644 index 00000000..5f1a2f6f --- /dev/null +++ b/src/k8s_conf/db_server.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: paws-compose-db + name: paws-compose-db +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + selector: + io.kompose.service: paws-compose-db +status: + loadBalancer: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: paws-compose-db + name: paws-compose-db +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: paws-compose-db + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: paws-compose-db + spec: + containers: + - env: + - name: POSTGRES_PASSWORD + value: thispasswordisverysecure + image: localhost:5000/postgres:11.3-alpine + imagePullPolicy: "" + name: paws-compose-db + ports: + - containerPort: 5432 + resources: {} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres + restartPolicy: Always + serviceAccountName: "" + volumes: + - name: postgres + persistentVolumeClaim: + claimName: postgres +status: {} diff --git a/src/k8s_conf/front_end.yaml b/src/k8s_conf/front_end.yaml new file mode 100644 index 00000000..fe53ba44 --- /dev/null +++ b/src/k8s_conf/front_end.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: client + name: client +spec: + ports: + - name: "3000" + port: 3000 + targetPort: 3000 + selector: + io.kompose.service: client +status: + loadBalancer: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: client + name: client +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: client + strategy: {} + template: + metadata: + annotations: + kompose.cmd: \temp\kompose -f docker-compose.yml convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + io.kompose.service: client + spec: + containers: + - env: + - name: CHOKIDAR_USEPOLLING + value: "true" + image: localhost:5000/src-client:latest + imagePullPolicy: "" + name: paws-compose-client + ports: + - containerPort: 3000 + resources: {} + stdin: true + restartPolicy: Always + serviceAccountName: "" + volumes: null + imagePullSecrets: + - name: regcred +status: {} diff --git a/src/k8s_conf/kind_w_reg.sh b/src/k8s_conf/kind_w_reg.sh new file mode 100644 index 00000000..d30327f1 --- /dev/null +++ b/src/k8s_conf/kind_w_reg.sh @@ -0,0 +1,82 @@ +#!/bin/sh +# +# Adapted from: +# https://github.com/kubernetes-sigs/kind/commits/master/site/static/examples/kind-with-registry.sh +# +# Copyright 2020 The Kubernetes Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit + +# desired cluster name; default is "kind" +KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" + +kind_version=$(kind version) +kind_network='kind' +reg_name='kind-registry' +reg_port='5000' +case "${kind_version}" in + "kind v0.7."* | "kind v0.6."* | "kind v0.5."*) + kind_network='bridge' + ;; +esac + +# create registry container unless it already exists +running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" +if [ "${running}" != 'true' ]; then + docker run \ + -d --restart=always -p "${reg_port}:5000" --name "${reg_name}" \ + registry:2 +fi + +reg_host="${reg_name}" +if [ "${kind_network}" = "bridge" ]; then + reg_host="$(docker inspect -f '{{.NetworkSettings.IPAddress}}' "${reg_name}")" +fi +echo "Registry Host: ${reg_host}" + +# create a cluster with the local registry enabled in containerd +cat < Date: Mon, 19 Apr 2021 18:30:42 -0400 Subject: [PATCH 02/23] Port to 80 --- src/k8s_conf/front_end.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/k8s_conf/front_end.yaml b/src/k8s_conf/front_end.yaml index fe53ba44..c170b650 100644 --- a/src/k8s_conf/front_end.yaml +++ b/src/k8s_conf/front_end.yaml @@ -10,9 +10,9 @@ metadata: name: client spec: ports: - - name: "3000" - port: 3000 - targetPort: 3000 + - name: "80" + port: 80 + targetPort: 80 selector: io.kompose.service: client status: @@ -48,7 +48,7 @@ spec: - env: - name: CHOKIDAR_USEPOLLING value: "true" - image: localhost:5000/src-client:latest + image: ghcr.io/codeforphilly/paws-data-pipeline/client:1.2 imagePullPolicy: "" name: paws-compose-client ports: From 531f5896085f3dc175b6e024504508b189ee448e Mon Sep 17 00:00:00 2001 From: c-simpson Date: Mon, 19 Apr 2021 18:30:59 -0400 Subject: [PATCH 03/23] Config map --- src/k8s_conf/db_server.yaml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/k8s_conf/db_server.yaml b/src/k8s_conf/db_server.yaml index 5f1a2f6f..d60ae7b0 100644 --- a/src/k8s_conf/db_server.yaml +++ b/src/k8s_conf/db_server.yaml @@ -19,6 +19,18 @@ status: loadBalancer: {} --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-configuration + labels: + app: postgres +data: + POSTGRES_DB: paws + POSTGRES_USER: postgres + POSTGRES_PASSWORD: thispasswordisverysecure +--- + apiVersion: apps/v1 kind: Deployment metadata: @@ -47,9 +59,12 @@ spec: spec: containers: - env: + - name: POSTGRES_DB + value: paws - name: POSTGRES_PASSWORD value: thispasswordisverysecure - image: localhost:5000/postgres:11.3-alpine + + image: postgres:11-alpine # localhost:5000/postgres:11.3-alpine imagePullPolicy: "" name: paws-compose-db ports: From 0a830904232def07dfff79df1bdb2d5a5c98a7b1 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Mon, 19 Apr 2021 18:31:21 -0400 Subject: [PATCH 04/23] Using local registry --- src/k8s_conf/api_server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/k8s_conf/api_server.yaml b/src/k8s_conf/api_server.yaml index 03f3c38f..f0ca50c5 100644 --- a/src/k8s_conf/api_server.yaml +++ b/src/k8s_conf/api_server.yaml @@ -49,9 +49,9 @@ spec: - env: - name: FLASK_ENV value: development - image: localhost:5000/src-server:latest + image: localhost:5000/server:1.2 imagePullPolicy: "" - name: paws-compose-server + name: server #paws-compose-server ports: - containerPort: 5000 resources: {} From 73e3ce37fce0fa8e498e3cd7c896db473fb04b60 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Tue, 20 Apr 2021 18:55:41 -0400 Subject: [PATCH 05/23] Works --- src/client/default.conf.template | 2 +- src/docker-compose.yml | 2 +- src/k8s_conf/api_server.yaml | 4 ++-- src/k8s_conf/front_end.yaml | 6 ++++-- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/client/default.conf.template b/src/client/default.conf.template index 69001c5d..9814d341 100644 --- a/src/client/default.conf.template +++ b/src/client/default.conf.template @@ -1,6 +1,6 @@ upstream backend { #server paws-compose-server:5000; - server ${PAWS_API_HOST}:5000; + server server:5000; } server { diff --git a/src/docker-compose.yml b/src/docker-compose.yml index fe4efb54..0c7ab822 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -34,7 +34,7 @@ services: - server environment: - CHOKIDAR_USEPOLLING=true - - PAWS_API_HOST=paws-compose-server + - PAWS_API_HOST=server # paws-compose-server stdin_open: true diff --git a/src/k8s_conf/api_server.yaml b/src/k8s_conf/api_server.yaml index f0ca50c5..fafc9b25 100644 --- a/src/k8s_conf/api_server.yaml +++ b/src/k8s_conf/api_server.yaml @@ -49,8 +49,8 @@ spec: - env: - name: FLASK_ENV value: development - image: localhost:5000/server:1.2 - imagePullPolicy: "" + image: localhost:5000/src-server:latest + imagePullPolicy: "IfNotPresent" name: server #paws-compose-server ports: - containerPort: 5000 diff --git a/src/k8s_conf/front_end.yaml b/src/k8s_conf/front_end.yaml index c170b650..aa77db00 100644 --- a/src/k8s_conf/front_end.yaml +++ b/src/k8s_conf/front_end.yaml @@ -48,8 +48,10 @@ spec: - env: - name: CHOKIDAR_USEPOLLING value: "true" - image: ghcr.io/codeforphilly/paws-data-pipeline/client:1.2 - imagePullPolicy: "" + - name: PAWS_API_HOST + value: "server" + image: localhost:5000/src-client:latest + imagePullPolicy: "IfNotPresent" name: paws-compose-client ports: - containerPort: 3000 From 9b87e877a7e5c871dcc716e513a1b2f2807f47c1 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Tue, 27 Apr 2021 17:04:02 -0400 Subject: [PATCH 06/23] Initial .dockerignore for server --- src/server/.dockerignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 src/server/.dockerignore diff --git a/src/server/.dockerignore b/src/server/.dockerignore new file mode 100644 index 00000000..3438e1ee --- /dev/null +++ b/src/server/.dockerignore @@ -0,0 +1,17 @@ +# .dockerignore needs to live in root of build context (src/server or src/client) +# It specifies which files Docker should exclude from the built image +# Details: https://docs.docker.com/engine/reference/builder/#dockerignore-file + +# */temp* Exclude files and directories whose names start with temp in any +# immediate subdirectory of the root. For example, the plain +# file /somedir/temporary.txt is excluded, as is the directory /somedir/temp. + +# */*/temp* Exclude files and directories starting with temp from any subdirectory +# that is two levels below the root. For example, /somedir/subdir/temporary.txt is excluded. + +# temp? Exclude files and directories in the root directory whose names are a one-character extension +# of temp. For example, /tempa and /tempb are excluded. + +secrets.py +secrets.pyX +secrets/* \ No newline at end of file From 4204bd3e104fccbde0ed5b54f76e86d668fff205 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Tue, 27 Apr 2021 17:05:45 -0400 Subject: [PATCH 07/23] Run file for kind-based cluster --- src/run _cluster.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 src/run _cluster.sh diff --git a/src/run _cluster.sh b/src/run _cluster.sh new file mode 100644 index 00000000..51901615 --- /dev/null +++ b/src/run _cluster.sh @@ -0,0 +1,18 @@ +kind create cluster + +kubectl apply -k server/secrets + +docker-compose build + + +docker tag src_client localhost:5000/src-client:latest +kind load docker-image localhost:5000/src-client:latest + + +docker tag src_server localhost:5000/src-server:latest +kind load docker-image localhost:5000/src-server:latest + + +kubectl apply -f k8s_conf + +kubectl port-forward service/client 80:80 \ No newline at end of file From a6dd4a1e6d6cb00646c570d62a7bef98fabdbdab Mon Sep 17 00:00:00 2001 From: c-simpson Date: Tue, 27 Apr 2021 17:08:03 -0400 Subject: [PATCH 08/23] Updated k8s yaml files for secrets from env --- src/k8s_conf/api_server.yaml | 5 +++++ src/k8s_conf/db_server.yaml | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/k8s_conf/api_server.yaml b/src/k8s_conf/api_server.yaml index fafc9b25..fc1a906a 100644 --- a/src/k8s_conf/api_server.yaml +++ b/src/k8s_conf/api_server.yaml @@ -58,6 +58,11 @@ spec: volumeMounts: - mountPath: /app/static/raw_data name: src-archive + envFrom: + - secretRef: + name: api-server-pws-7c66bb2cf7 + - secretRef: + name: db-pass-762dk6hmhm restartPolicy: Always serviceAccountName: "" imagePullSecrets: diff --git a/src/k8s_conf/db_server.yaml b/src/k8s_conf/db_server.yaml index d60ae7b0..5ff1924d 100644 --- a/src/k8s_conf/db_server.yaml +++ b/src/k8s_conf/db_server.yaml @@ -28,7 +28,7 @@ metadata: data: POSTGRES_DB: paws POSTGRES_USER: postgres - POSTGRES_PASSWORD: thispasswordisverysecure + --- apiVersion: apps/v1 @@ -61,9 +61,9 @@ spec: - env: - name: POSTGRES_DB value: paws - - name: POSTGRES_PASSWORD - value: thispasswordisverysecure - + envFrom: + - secretRef: + name: db-pass-762dk6hmhm image: postgres:11-alpine # localhost:5000/postgres:11.3-alpine imagePullPolicy: "" name: paws-compose-db From 2712d3c110a55f74359589c9e632073c5fd5117c Mon Sep 17 00:00:00 2001 From: c-simpson Date: Wed, 28 Apr 2021 21:52:53 -0400 Subject: [PATCH 09/23] Kind cluster script --- src/run_cluster.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 src/run_cluster.sh diff --git a/src/run_cluster.sh b/src/run_cluster.sh new file mode 100644 index 00000000..caa3d20e --- /dev/null +++ b/src/run_cluster.sh @@ -0,0 +1,38 @@ +# Creates and runs PDP on a kind-based clauster +# If running on Windows, run on Bash (e.g., Git Bash) or change file ext from .sh to .cmd +# .cmd works the same but you'll see echo lines twice + +echo " "; echo ">>>>>>>>>>>>>>>>> Creating cluster. Now's a good time to go get coffee >>>>>>>>>>>>>>>>>" +kind create cluster + +# Assumes kustomization.yaml lives in server/secets +echo " "; echo ">>>>>>>>>>>>>>>>> Create and add secrets to k8s environment >>>>>>>>>>>>>>>>>" +kubectl apply -k server/secrets + +echo " "; echo ">>>>>>>>>>>>>>>>> Build images >>>>>>>>>>>>>>>>>" +docker-compose build + +# So pods, specifically 'wait_for', have read access to API +echo " "; echo ">>>>>>>>>>>>>>>>> Give pods access to k8s API >>>>>>>>>>>>>>>>>" +kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods,services,deployments +kubectl create rolebinding default-pod-reader --role=pod-reader --serviceaccount=default:default --namespace=default + +echo " "; echo ">>>>>>>>>>>>>>>>> Tag and push client container image >>>>>>>>>>>>>>>>>" +docker tag src_client localhost:5000/src-client:latest +kind load docker-image localhost:5000/src-client:latest + +echo " "; echo ">>>>>>>>>>>>>>>>> Tag and push server container image >>>>>>>>>>>>>>>>>" +docker tag src_server localhost:5000/src-server:latest +kind load docker-image localhost:5000/src-server:latest + +echo " "; echo ">>>>>>>>>>>>>>>>> Apply k8s deployment files to launch containers >>>>>>>>>>>>>>>>>" +kubectl apply -f k8s_conf + +echo " "; echo ">>>>>>>>>>>>>>>>> Wait 20s in hopes that client service/container is live >>>>>>>>>>>>>>>>>" +sleep 20 + +echo " "; echo ">>>>>>>>>>>>>>>>> Forwarding port 80 from cluster to localhost >>>>>>>>>>>>>>>>>" +echo "'>>>>>>>>>>>>>>>>> Forwarding...' means it's working and will forward until ^C " +echo ">>>>>>>>>>>>>>>>> To restart port-forwarding, 'kubectl port-forward service/client 80:80 '" +kubectl port-forward service/client 80:80 +echo " "; echo ">>>>>>>>>>>>>>>>> ^- Failed? Try running 'kubectl port-forward service/client 80:80' >>>>>>>>>>>>>>>>>" \ No newline at end of file From 662ec63ecbcffdde35cb46deb509c975863b4dce Mon Sep 17 00:00:00 2001 From: c-simpson Date: Wed, 28 Apr 2021 21:53:34 -0400 Subject: [PATCH 10/23] Uses wait_for to wait for Postgres ready --- src/k8s_conf/api_server.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/k8s_conf/api_server.yaml b/src/k8s_conf/api_server.yaml index fc1a906a..6be5e572 100644 --- a/src/k8s_conf/api_server.yaml +++ b/src/k8s_conf/api_server.yaml @@ -45,6 +45,14 @@ spec: labels: io.kompose.service: server spec: + initContainers: + - name: wait-for-db + image: groundnuty/k8s-wait-for:v1.3 + imagePullPolicy: Always + args: + - "service" + - "paws-compose-db" + containers: - env: - name: FLASK_ENV From f735d2f140c46c02f6045647a7dd1ed90b542478 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Wed, 28 Apr 2021 22:03:54 -0400 Subject: [PATCH 11/23] Added an extra space in name; deleted --- src/run _cluster.sh | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 src/run _cluster.sh diff --git a/src/run _cluster.sh b/src/run _cluster.sh deleted file mode 100644 index 51901615..00000000 --- a/src/run _cluster.sh +++ /dev/null @@ -1,18 +0,0 @@ -kind create cluster - -kubectl apply -k server/secrets - -docker-compose build - - -docker tag src_client localhost:5000/src-client:latest -kind load docker-image localhost:5000/src-client:latest - - -docker tag src_server localhost:5000/src-server:latest -kind load docker-image localhost:5000/src-server:latest - - -kubectl apply -f k8s_conf - -kubectl port-forward service/client 80:80 \ No newline at end of file From bd7235d1bc81916f59abf058182b0a68d004c31a Mon Sep 17 00:00:00 2001 From: c-simpson Date: Thu, 29 Apr 2021 13:25:26 -0400 Subject: [PATCH 12/23] Updated to get PWs from env, use JWTs for all APIs --- src/server/test_api.py | 50 ++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/src/server/test_api.py b/src/server/test_api.py index 9320f996..18867f8d 100644 --- a/src/server/test_api.py +++ b/src/server/test_api.py @@ -1,11 +1,17 @@ import pytest, socket, requests, os -from secrets import BASEUSER_PW, BASEADMIN_PW + +try: + from secrets import BASEUSER_PW, BASEADMIN_PW +except KeyError: + BASEUSER_PW = os.environ['BASEUSER_PW'] + BASEADMIN_PW = os.environ['BASEADMIN_PW'] + jwt_token = '' # -# Run 'pytest' from the command line +# Run 'pytest' from the command line (-v gives helpful details) # # Running pytest can result in six different exit codes: # 0 - All tests were collected and passed successfully @@ -68,20 +74,6 @@ def test_client_dns(): assert len(gai) > 0 # Simple API tests ################################################ - - -def test_currentFiles(): - """360 view Current Files list""" - response = requests.get(SERVER_URL + "/api/listCurrentFiles") - assert response.status_code == 200 - - -def test_statistics(): - """360 view Statistics""" - response = requests.get(SERVER_URL + "/api/statistics") - assert response.status_code == 200 - - def test_usertest(): """Verify liveness test works""" response = requests.get(SERVER_URL + "/api/user/test") @@ -147,6 +139,10 @@ def test_inact_userblocked(state: State): assert response.status_code == 401 + + + + ### Admin-level tests ###################################### def test_adminlogin(state: State): @@ -182,6 +178,28 @@ def test_admingetusers(state: State): assert len(userlist) > 1 +def test_admin_currentFiles(state: State): + """Verify admin user can get Current Files list""" + + b_string = 'Bearer ' + state.state['base_admin'] + assert len(b_string) > 24 + auth_hdr = {'Authorization' : b_string} + + response = requests.get(SERVER_URL + "/api/listCurrentFiles", headers=auth_hdr) + assert response.status_code == 200 + + +def test_admin_statistics(state: State): + """360 view Statistics""" + + b_string = 'Bearer ' + state.state['base_admin'] + assert len(b_string) > 24 + auth_hdr = {'Authorization' : b_string} + + response = requests.get(SERVER_URL + "/api/statistics", headers=auth_hdr) + assert response.status_code == 200 + + def test_usergetusers(state: State): """Verify logged-in base_user *cannot* use JWT to get user list """ # Build auth string value including token from state From 0b9521cede6d0ca6c255c5c43245be6904ab3913 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Sun, 2 May 2021 20:57:49 -0400 Subject: [PATCH 13/23] Initial helm chart --- src/helm-chart/.helmignore | 23 ++++ src/helm-chart/Chart.yaml | 23 ++++ src/helm-chart/templates/NOTES.txt | 22 ++++ src/helm-chart/templates/_helpers.tpl | 62 +++++++++++ src/helm-chart/templates/deployment.yaml | 61 +++++++++++ src/helm-chart/templates/hpa.yaml | 28 +++++ src/helm-chart/templates/ingress.yaml | 41 +++++++ src/helm-chart/templates/service.yaml | 15 +++ src/helm-chart/templates/serviceaccount.yaml | 12 +++ .../templates/tests/test-connection.yaml | 15 +++ src/helm-chart/values.yaml | 100 ++++++++++++++++++ 11 files changed, 402 insertions(+) create mode 100644 src/helm-chart/.helmignore create mode 100644 src/helm-chart/Chart.yaml create mode 100644 src/helm-chart/templates/NOTES.txt create mode 100644 src/helm-chart/templates/_helpers.tpl create mode 100644 src/helm-chart/templates/deployment.yaml create mode 100644 src/helm-chart/templates/hpa.yaml create mode 100644 src/helm-chart/templates/ingress.yaml create mode 100644 src/helm-chart/templates/service.yaml create mode 100644 src/helm-chart/templates/serviceaccount.yaml create mode 100644 src/helm-chart/templates/tests/test-connection.yaml create mode 100644 src/helm-chart/values.yaml diff --git a/src/helm-chart/.helmignore b/src/helm-chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/src/helm-chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/src/helm-chart/Chart.yaml b/src/helm-chart/Chart.yaml new file mode 100644 index 00000000..45d2bdc6 --- /dev/null +++ b/src/helm-chart/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: paws-datapipeline +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 0.8.0 diff --git a/src/helm-chart/templates/NOTES.txt b/src/helm-chart/templates/NOTES.txt new file mode 100644 index 00000000..5084c4b3 --- /dev/null +++ b/src/helm-chart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helm-chart.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helm-chart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helm-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helm-chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/src/helm-chart/templates/_helpers.tpl b/src/helm-chart/templates/_helpers.tpl new file mode 100644 index 00000000..a68e2b52 --- /dev/null +++ b/src/helm-chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm-chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm-chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm-chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm-chart.labels" -}} +helm.sh/chart: {{ include "helm-chart.chart" . }} +{{ include "helm-chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm-chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "helm-chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "helm-chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "helm-chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/src/helm-chart/templates/deployment.yaml b/src/helm-chart/templates/deployment.yaml new file mode 100644 index 00000000..dd184d96 --- /dev/null +++ b/src/helm-chart/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm-chart.fullname" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "helm-chart.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "helm-chart.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "helm-chart.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/src/helm-chart/templates/hpa.yaml b/src/helm-chart/templates/hpa.yaml new file mode 100644 index 00000000..92316eba --- /dev/null +++ b/src/helm-chart/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm-chart.fullname" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm-chart.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/src/helm-chart/templates/ingress.yaml b/src/helm-chart/templates/ingress.yaml new file mode 100644 index 00000000..a1075832 --- /dev/null +++ b/src/helm-chart/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "helm-chart.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} diff --git a/src/helm-chart/templates/service.yaml b/src/helm-chart/templates/service.yaml new file mode 100644 index 00000000..50310712 --- /dev/null +++ b/src/helm-chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm-chart.fullname" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "helm-chart.selectorLabels" . | nindent 4 }} diff --git a/src/helm-chart/templates/serviceaccount.yaml b/src/helm-chart/templates/serviceaccount.yaml new file mode 100644 index 00000000..2429af4e --- /dev/null +++ b/src/helm-chart/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "helm-chart.serviceAccountName" . }} + labels: + {{- include "helm-chart.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/src/helm-chart/templates/tests/test-connection.yaml b/src/helm-chart/templates/tests/test-connection.yaml new file mode 100644 index 00000000..d15d37ea --- /dev/null +++ b/src/helm-chart/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "helm-chart.fullname" . }}-test-connection" + labels: + {{- include "helm-chart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "helm-chart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/src/helm-chart/values.yaml b/src/helm-chart/values.yaml new file mode 100644 index 00000000..2c7fd186 --- /dev/null +++ b/src/helm-chart/values.yaml @@ -0,0 +1,100 @@ +# Default values for helm-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +server: + image: + repository: ghcr.io/codeforphilly/paws-data-pipeline/server:latest + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + +client: + image: + repository: ghcr.io/codeforphilly/paws-data-pipeline/client:latest + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + +db: + image: + repository: postgres:11-alpine + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "11.3-alpine" + + +storage: + db: 1Gi + server: 1Gi + +imagePullSecrets: + - name: regcred +nameOverride: "paws-datapipeline" +fullnameOverride: "paws-dp-chart" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort #ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 16c6e779c63fb2e6177ca4200a4349f05864f4cd Mon Sep 17 00:00:00 2001 From: c-simpson Date: Mon, 3 May 2021 21:54:42 -0400 Subject: [PATCH 14/23] Working w/o secrets --- src/helm-chart/templates/deployment.yaml | 45 ++++++++++++++++++++---- src/helm-chart/values.yaml | 10 +++--- 2 files changed, 43 insertions(+), 12 deletions(-) diff --git a/src/helm-chart/templates/deployment.yaml b/src/helm-chart/templates/deployment.yaml index dd184d96..74af0f6a 100644 --- a/src/helm-chart/templates/deployment.yaml +++ b/src/helm-chart/templates/deployment.yaml @@ -28,11 +28,43 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.db }} + - name: {{ $.Chart.Name }}-db + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + env: + - name: POSTGRES_DB + value: paws + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + # volumeMounts: + # - name: {{ $.Release.Name }}-db + # mountPath: /var/lib/postgresql/data + # subPath: postgresql-data + {{- end }} + {{- with .Values.server }} + - name: {{ $.Chart.Name }}-server + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + ports: + - containerPort: 5000 + protocol: TCP + livenessProbe: + httpGet: + path: /api/user/test + port: 5000 + readinessProbe: + httpGet: + path: /api/user/test + port: 5000 + {{- end }} + + {{- with .Values.client }} + - name: {{ $.Chart.Name }}-client + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} ports: - name: http containerPort: 80 @@ -45,8 +77,7 @@ spec: httpGet: path: / port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/src/helm-chart/values.yaml b/src/helm-chart/values.yaml index 2c7fd186..5c1ff13e 100644 --- a/src/helm-chart/values.yaml +++ b/src/helm-chart/values.yaml @@ -6,21 +6,21 @@ replicaCount: 1 server: image: - repository: ghcr.io/codeforphilly/paws-data-pipeline/server:latest + repository: ghcr.io/codeforphilly/paws-data-pipeline/server pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "latest" + tag: "1.2" client: image: - repository: ghcr.io/codeforphilly/paws-data-pipeline/client:latest + repository: ghcr.io/codeforphilly/paws-data-pipeline/client pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "latest" + tag: "1.2" db: image: - repository: postgres:11-alpine + repository: postgres pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "11.3-alpine" From 41368104914d804ab02ed3b035c814574cffe173 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Mon, 3 May 2021 22:13:42 -0400 Subject: [PATCH 15/23] Gets secrets from secrets -> env --- src/helm-chart/templates/deployment.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/helm-chart/templates/deployment.yaml b/src/helm-chart/templates/deployment.yaml index 74af0f6a..739d2fe9 100644 --- a/src/helm-chart/templates/deployment.yaml +++ b/src/helm-chart/templates/deployment.yaml @@ -35,6 +35,9 @@ spec: env: - name: POSTGRES_DB value: paws + envFrom: + - secretRef: + name: db-pass ports: - name: postgresql containerPort: 5432 @@ -48,6 +51,11 @@ spec: - name: {{ $.Chart.Name }}-server image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" imagePullPolicy: {{ .image.pullPolicy }} + envFrom: + - secretRef: + name: api-server-pws + - secretRef: + name: db-pass ports: - containerPort: 5000 protocol: TCP From 2e74f25c1d992d177159a45f63bf7cf7188b73e5 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Tue, 4 May 2021 11:07:39 -0400 Subject: [PATCH 16/23] Now catching ImportError instead of KeyError KeyError is if environ access fails. --- src/server/test_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/test_api.py b/src/server/test_api.py index 18867f8d..401be742 100644 --- a/src/server/test_api.py +++ b/src/server/test_api.py @@ -3,7 +3,7 @@ try: from secrets import BASEUSER_PW, BASEADMIN_PW -except KeyError: +except ImportError: BASEUSER_PW = os.environ['BASEUSER_PW'] BASEADMIN_PW = os.environ['BASEADMIN_PW'] From dfcedec8efeca9372d9518080924e2dda43e2de8 Mon Sep 17 00:00:00 2001 From: c-simpson Date: Wed, 5 May 2021 15:16:53 -0400 Subject: [PATCH 17/23] Updated to v 2.21 --- src/helm-chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/helm-chart/values.yaml b/src/helm-chart/values.yaml index 5c1ff13e..43fe0305 100644 --- a/src/helm-chart/values.yaml +++ b/src/helm-chart/values.yaml @@ -9,14 +9,14 @@ server: repository: ghcr.io/codeforphilly/paws-data-pipeline/server pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "1.2" + tag: "2.21" client: image: repository: ghcr.io/codeforphilly/paws-data-pipeline/client pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "1.2" + tag: "2.21" db: image: From ef4b76c66f86c4c10cfdd458d7f80fd4224d65b2 Mon Sep 17 00:00:00 2001 From: Cris Simpson Date: Wed, 5 May 2021 21:23:19 -0400 Subject: [PATCH 18/23] Add hostAliases to localhost On Docker, each container has its own pod. With Helm, all live in chart pod, share localhost. --- src/helm-chart/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/helm-chart/values.yaml b/src/helm-chart/values.yaml index 43fe0305..9f82eaa7 100644 --- a/src/helm-chart/values.yaml +++ b/src/helm-chart/values.yaml @@ -57,6 +57,14 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +hostAliases: + - ip: "127.0.0.1" + hostnames: + - "server" + - "paws-compose-db" + - "client" + + service: type: NodePort #ClusterIP port: 80 From 98c69405abeb74bf0f50cc4ba1f2027c50eb3be0 Mon Sep 17 00:00:00 2001 From: Cris Simpson Date: Wed, 5 May 2021 21:23:50 -0400 Subject: [PATCH 19/23] Add hostAliases to deployment --- src/helm-chart/templates/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/helm-chart/templates/deployment.yaml b/src/helm-chart/templates/deployment.yaml index 739d2fe9..0361a386 100644 --- a/src/helm-chart/templates/deployment.yaml +++ b/src/helm-chart/templates/deployment.yaml @@ -24,6 +24,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{ toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ include "helm-chart.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} From 03ce734c8226ac214e3eb580d069e41cec57531f Mon Sep 17 00:00:00 2001 From: c-simpson Date: Mon, 17 May 2021 22:13:49 -0400 Subject: [PATCH 20/23] Added container-internal host aliases,PG 11->13 --- src/helm-chart/templates/deployment.yaml | 4 ++++ src/helm-chart/values.yaml | 10 +++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/helm-chart/templates/deployment.yaml b/src/helm-chart/templates/deployment.yaml index 739d2fe9..0361a386 100644 --- a/src/helm-chart/templates/deployment.yaml +++ b/src/helm-chart/templates/deployment.yaml @@ -24,6 +24,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{ toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ include "helm-chart.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/src/helm-chart/values.yaml b/src/helm-chart/values.yaml index 43fe0305..b6c27089 100644 --- a/src/helm-chart/values.yaml +++ b/src/helm-chart/values.yaml @@ -23,7 +23,7 @@ db: repository: postgres pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "11.3-alpine" + tag: "13.2-alpine" storage: @@ -57,6 +57,14 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +hostAliases: + - ip: "127.0.0.1" + hostnames: + - "server" + - "paws-compose-db" + - "client" + + service: type: NodePort #ClusterIP port: 80 From 2c3e29545413bbf2bf8dc798105ad570d610210a Mon Sep 17 00:00:00 2001 From: c-simpson Date: Mon, 24 May 2021 22:30:26 -0400 Subject: [PATCH 21/23] Update for PG 13.2 --- src/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/docker-compose.yml b/src/docker-compose.yml index 0c7ab822..0d98825d 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -5,7 +5,7 @@ services: container_name: paws-compose-db ports: - "5432:5432" - image: postgres:11.3-alpine + image: postgres:13.2-alpine volumes: - postgres:/var/lib/postgresql/data environment: From f598b8ff76ac827b7c3c067a87c09e5a8ccdc92a Mon Sep 17 00:00:00 2001 From: c-simpson Date: Tue, 25 May 2021 10:23:56 -0400 Subject: [PATCH 22/23] Removing temporarily - .gitignore should cover --- src/server/.dockerignore | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 src/server/.dockerignore diff --git a/src/server/.dockerignore b/src/server/.dockerignore deleted file mode 100644 index 3438e1ee..00000000 --- a/src/server/.dockerignore +++ /dev/null @@ -1,17 +0,0 @@ -# .dockerignore needs to live in root of build context (src/server or src/client) -# It specifies which files Docker should exclude from the built image -# Details: https://docs.docker.com/engine/reference/builder/#dockerignore-file - -# */temp* Exclude files and directories whose names start with temp in any -# immediate subdirectory of the root. For example, the plain -# file /somedir/temporary.txt is excluded, as is the directory /somedir/temp. - -# */*/temp* Exclude files and directories starting with temp from any subdirectory -# that is two levels below the root. For example, /somedir/subdir/temporary.txt is excluded. - -# temp? Exclude files and directories in the root directory whose names are a one-character extension -# of temp. For example, /tempa and /tempb are excluded. - -secrets.py -secrets.pyX -secrets/* \ No newline at end of file From 90c1645ad242553b94bd2dd6adee7c588d96614e Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Tue, 25 May 2021 22:39:37 +0000 Subject: [PATCH 23/23] feat(ci): declare helm-chart holobranch --- .holo/branches/helm-chart/_paws-data-pipeline.toml | 3 +++ .holo/config.toml | 2 ++ 2 files changed, 5 insertions(+) create mode 100644 .holo/branches/helm-chart/_paws-data-pipeline.toml create mode 100644 .holo/config.toml diff --git a/.holo/branches/helm-chart/_paws-data-pipeline.toml b/.holo/branches/helm-chart/_paws-data-pipeline.toml new file mode 100644 index 00000000..24b02242 --- /dev/null +++ b/.holo/branches/helm-chart/_paws-data-pipeline.toml @@ -0,0 +1,3 @@ +[holomapping] +root = "src/helm-chart" +files = "**" \ No newline at end of file diff --git a/.holo/config.toml b/.holo/config.toml new file mode 100644 index 00000000..bfef5f7c --- /dev/null +++ b/.holo/config.toml @@ -0,0 +1,2 @@ +[holospace] +name = "paws-data-pipeline"