From ff10124d0186b1fdfaf74f662749d9b9ada13210 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Wed, 8 Nov 2023 19:24:00 -0800 Subject: [PATCH] charts cleanup: (#1360) - move authsign secret to signer and make port configurable - rename storages to more general ops-configs - put 'storages.json' path into env var - rename backend secret to backend-auth - cronjobs: don't keep succeeded jobs around, triggers operator update --- backend/btrixcloud/storages.py | 2 +- chart/app-templates/crawl_cron_job.yaml | 2 +- chart/templates/backend.yaml | 20 ++++++++++---------- chart/templates/configmap.yaml | 6 ++++-- chart/templates/secrets.yaml | 20 +++----------------- chart/templates/signer.yaml | 20 ++++++++++++++++++-- 6 files changed, 37 insertions(+), 33 deletions(-) diff --git a/backend/btrixcloud/storages.py b/backend/btrixcloud/storages.py index 85ddd184..3a182113 100644 --- a/backend/btrixcloud/storages.py +++ b/backend/btrixcloud/storages.py @@ -78,7 +78,7 @@ class StorageOps: self.is_local_minio = is_bool(os.environ.get("IS_LOCAL_MINIO")) - with open("/tmp/storages/storages.json", encoding="utf-8") as fh: + with open(os.environ["STORAGES_JSON"], encoding="utf-8") as fh: storage_list = json.loads(fh.read()) for storage in storage_list: diff --git a/chart/app-templates/crawl_cron_job.yaml b/chart/app-templates/crawl_cron_job.yaml index 1b73291f..3ce50ba3 100644 --- a/chart/app-templates/crawl_cron_job.yaml +++ b/chart/app-templates/crawl_cron_job.yaml @@ -8,7 +8,7 @@ metadata: spec: concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 0 failedJobsHistoryLimit: 2 schedule: "{{ schedule }}" diff --git a/chart/templates/backend.yaml b/chart/templates/backend.yaml index 044f9473..4a9c7624 100644 --- a/chart/templates/backend.yaml +++ b/chart/templates/backend.yaml @@ -37,9 +37,9 @@ spec: - key: config.yaml path: config.yaml - - name: storages + - name: ops-configs secret: - secretName: storages + secretName: ops-configs - name: app-templates configMap: @@ -51,9 +51,9 @@ spec: imagePullPolicy: {{ .Values.backend_pull_policy }} envFrom: - configMapRef: - name: {{ .Values.name }}-env-config + name: backend-env-config - secretRef: - name: auth-secrets + name: backend-auth - secretRef: name: mongo-auth @@ -62,8 +62,8 @@ spec: value: "{{ .Values.backend_workers | default 4 }}" volumeMounts: - - name: storages - mountPath: /tmp/storages/ + - name: ops-configs + mountPath: /ops-configs/ - name: app-templates mountPath: /app/btrixcloud/templates/ @@ -119,9 +119,9 @@ spec: envFrom: - configMapRef: - name: {{ .Values.name }}-env-config + name: backend-env-config - secretRef: - name: auth-secrets + name: backend-auth - secretRef: name: mongo-auth @@ -133,8 +133,8 @@ spec: - name: config-volume mountPath: /config - - name: storages - mountPath: /tmp/storages/ + - name: ops-configs + mountPath: /ops-configs/ - name: app-templates mountPath: /app/btrixcloud/templates/ diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml index 92b01047..023631d3 100644 --- a/chart/templates/configmap.yaml +++ b/chart/templates/configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Values.name }}-env-config + name: backend-env-config namespace: {{ .Release.Namespace }} data: @@ -46,6 +46,8 @@ data: IS_LOCAL_MINIO: "{{ .Values.minio_local }}" + STORAGES_JSON: "/ops-configs/storages.json" + --- apiVersion: v1 kind: ConfigMap @@ -110,7 +112,7 @@ data: crawler_node_type: "{{ .Values.crawler_node_type }}" redis_node_type: "{{ .Values.redis_node_type }}" - signing_secret: {{ .Values.signer.enabled | ternary "signing-secret" "" }} + signing_secret: {{ and .Values.signer.enabled (not (empty .Values.signer.auth_token)) | ternary "signing-secret" "" }} --- apiVersion: v1 diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 30201cfa..9d511ad6 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: auth-secrets + name: backend-auth namespace: {{ .Release.Namespace }} type: Opaque @@ -19,11 +19,12 @@ stringData: SUPERUSER_EMAIL: "{{ .Values.superuser.email }}" SUPERUSER_PASSWORD: "{{ .Values.superuser.password }}" + --- apiVersion: v1 kind: Secret metadata: - name: storages + name: ops-configs namespace: {{ .Release.Namespace }} type: Opaque @@ -31,21 +32,6 @@ data: storages.json: {{ .Values.storages | toJson | b64enc | quote }} -{{- if $.Values.signer.auth_token }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: signing-secret - namespace: {{ $.Values.crawler_namespace }} - -type: Opaque -stringData: - WACZ_SIGN_URL: "http://auth-signer.{{ .Release.Namespace }}:5053/sign" - WACZ_SIGN_TOKEN: "{{ $.Values.signer.auth_token }}" -{{- end }} - - {{- range $storage := .Values.storages }} --- apiVersion: v1 diff --git a/chart/templates/signer.yaml b/chart/templates/signer.yaml index 1c55ef11..b9d945af 100644 --- a/chart/templates/signer.yaml +++ b/chart/templates/signer.yaml @@ -1,5 +1,21 @@ {{- if .Values.signer.enabled }} +{{ $signer_port := default "5053" .Values.signer.port }} + +{{- if .Values.signer.auth_token }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: signing-secret + namespace: {{ .Values.crawler_namespace }} + +type: Opaque +stringData: + WACZ_SIGN_URL: "http://auth-signer.{{ .Release.Namespace }}:{{ $signer_port }}/sign" + WACZ_SIGN_TOKEN: "{{ .Values.signer.auth_token }}" +{{- end }} + --- apiVersion: v1 kind: Secret @@ -95,7 +111,7 @@ spec: - name: signer image: {{ .Values.signer.image }} imagePullPolicy: {{ .Values.signer.image_pull_policy }} - command: ["uvicorn", "authsign.main:app", "--port", "5053", "--host", "0.0.0.0", "--log-config", "/app/log.json"] + command: ["uvicorn", "authsign.main:app", "--port", "{{ $signer_port }}", "--host", "0.0.0.0", "--log-config", "/app/log.json"] env: - name: CONFIG value: "/app-config/config.yaml" @@ -141,7 +157,7 @@ spec: name: signer-cert - protocol: TCP - port: 5053 + port: {{ $signer_port }} name: signer-api