staging/deposit: Activate deposit in elastic infra

Refs. swh/infra/sysadm-environment#5129

swh/values/default.yaml

@@ -178,6 +178,21 @@ web:
             values:
             - "true"
 
+deposit:
+  migrations:
+    enabled: true
+  sentry:
+    enabled: true
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: swh/deposit
+            operator: In
+            values:
+            - "true"
+
 indexerStorage:
   sentry:
     enabled: true

swh/values/staging/default.yaml

@@ -7,6 +7,10 @@ clusterNetworkRanges:
   - 10.42.0.0/16
   - 10.43.0.0/16
 
+keycloakConfiguration:
+  server_url: https://auth.softwareheritage.org/auth/
+  realm_name: SoftwareHeritageStaging
+
 stagingNetworkRanges:
   # staging ip
   - 10.42.0.0/16
@@ -85,12 +89,29 @@ postgresqlWebConfiguration:
       secretKeyRef: swh-postgresql-web-secrets
       secretKeyName: postgres-swh-web-password
 
+postgresqlDepositConfiguration:
+  host: db1.internal.staging.swh.network
+  port: 5432
+  db: swh-deposit
+  user: swh-deposit
+  pass: ${POSTGRESQL_PASSWORD}
+  secrets:
+    POSTGRESQL_PASSWORD:
+      secretKeyRef: swh-postgresql-deposit-secrets
+      secretKeyName: postgres-swh-deposit-password
+
 djangoWebConfiguration:
   secrets:
     DJANGO_SECRET_KEY:
       secretKeyRef: swh-webapp-django-secret
       secretKeyName: webapp-django-secret-key
 
+djangoDepositConfiguration:
+  secrets:
+    DJANGO_SECRET_KEY:
+      secretKeyRef: swh-deposit-django-secret
+      secretKeyName: deposit-django-secret-key
+
 remoteSearchConfiguration:
   cls: remote
   url: http://search-rpc-ingress

swh/values/staging/swh.yaml

@@ -2,6 +2,10 @@ remoteStorageConfiguration:
   cls: remote
   url: http://storage1.internal.staging.swh.network:5002
 
+remoteStorageMetadataConfiguration:
+  cls: remote
+  url: http://storage1.internal.staging.swh.network:5002
+
 remoteObjstorageConfiguration:
   cls: remote
   url: http://storage1.internal.staging.swh.network:5003/
@@ -778,3 +782,42 @@ web:
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
+
+deposit:
+  enabled: true
+  logLevel: INFO
+  requestedCpu: 500m
+  requestedMemory: 500Mi
+  autoScaling:
+    minReplicaCount: 2
+    maxReplicaCount: 3
+    cpuPercentageUsage: 50
+  ingress:
+    enabled: true
+    secretName: swh-deposit-crt
+    extraAnnotations:
+      cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: "true"
+      # The default behavior is true (when tls is enabled). We don't want that behavior
+      # since the rp is in charge of this
+      # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#server-side-https-enforcement-through-redirect
+      nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    tlsEnabled: true
+    endpoints:
+      default:
+        paths:
+          - path: /
+  databaseConfigurationRef: postgresqlDepositConfiguration
+  schedulerConfigurationRef: remoteSchedulerConfiguration
+  storageConfigurationRef: remoteStorageConfiguration
+  storageMetadataConfigurationRef: remoteStorageMetadataConfiguration
+  djangoConfigurationRef: djangoDepositConfiguration
+  keycloakConfigurationRef: keycloakConfiguration
+  hosts:
+    - deposit.staging.swh.network
+  extraConfig:
+    max_upload_size: 209715200
+    extraction_dir: "/tmp/swh-deposit/archive/"
+    cache_uri: 127.0.0.1:11211
+

values-swh-application-versions.yaml

@@ -3,7 +3,7 @@ software_stories_image_version: '20230912.1'
 swh_deposit_checkers_image: container-registry.softwareheritage.org/swh/infra/swh-apps/deposit_checkers
 swh_deposit_checkers_image_version: '20231018.1'
 swh_deposit_image: container-registry.softwareheritage.org/swh/infra/swh-apps/deposit
-swh_deposit_image_version: '20231027.1'
+swh_deposit_image_version: '20231027.2'
 swh_graphql_image: container-registry.softwareheritage.org/swh/infra/swh-apps/graphql
 swh_graphql_image_version: '20231102.1'
 swh_indexer_image: container-registry.softwareheritage.org/swh/infra/swh-apps/indexer