swh: add web service

Related to swh/infra/sysadm-environment#4812

swh: add web service
Related to swh/infra/sysadm-environment#4812
a3ebc542 · Guillaume Samson · 6cdc5c24 · a3ebc542 · a3ebc542 · a3ebc542
Commit a3ebc542 authored 1 year ago by Guillaume Samson
--- a/swh/templates/web/deployment.yaml
+++ b/swh/templates/web/deployment.yaml
+{{ if .Values.web.enabled -}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Values.namespace }}
+  name: web
+  labels:
+    app: web
+spec:
+  revisionHistoryLimit: 2
+  replicas: {{ .Values.web.replicas | default 1 }}
+  selector:
+    matchLabels:
+      app: web
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: web
+    spec:
+      {{- if .Values.web.affinity }}
+      affinity:
+        {{- toYaml .Values.web.affinity | nindent 8 }}
+      {{- end }}
+      initContainers:
+      #  - name: prepare-configuration
+      #    image: debian:bullseye
+      #    imagePullPolicy: Always
+      #    command:
+      #    - /bin/bash
+      #    args:
+      #    - -c
+      #    - eval echo "\"$(</etc/softwareheritage/configuration-template/config.yml.template)\"" > /etc/softwareheritage/config.yml
+      #    volumeMounts:
+      #    - name: configuration
+      #      mountPath: /etc/softwareheritage
+      #    - name: configuration-template
+      #      mountPath: /etc/softwareheritage/configuration-template
+        - name: prepare-static
+          image: {{ .Values.swh_web_image }}:{{ .Values.swh_web_image_version }}
+          imagePullPolicy: Always
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - cp -r $PWD/.local/share/swh/web/static/ /usr/share/swh/web/static/
+          volumeMounts:
+          - name: static
+            mountPath: /usr/share/swh/web/static
+      containers:
+        - name: web
+          resources:
+            requests:
+              memory: {{ .Values.web.requestedMemory | default "512Mi" }}
+              cpu: {{ .Values.web.requestedCpu | default "500m" }}
+          image: {{ .Values.swh_web_image }}:{{ .Values.swh_web_image_version }}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5004
+              name: webapp
+          readinessProbe:
+            httpGet:
+              path: /
+              port: webapp
+            initialDelaySeconds: 5
+            failureThreshold: 30
+            periodSeconds: 10
+            timeoutSeconds: 30
+          livenessProbe:
+            httpGet:
+              path: /
+              port: webapp
+            initialDelaySeconds: 3
+            periodSeconds: 10
+            timeoutSeconds: 30
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - /srv/swh/entrypoint.sh
+          env:
+            {{ if .Values.web.gunicorn -}}
+            - name: THREADS
+              value: {{ .Values.web.gunicorn.threads | default 5 | quote }}
+            - name: WORKERS
+              value: {{ .Values.web.gunicorn.workers | default 2 | quote }}
+            - name: TIMEOUT
+              value: {{ .Values.web.gunicorn.timeout | default 60 | quote }}
+            {{ end -}}
+            - name: STATSD_HOST
+              value: {{ .Values.statsdExternalHost | default "prometheus-statsd-exporter" }}
+            - name: STATSD_PORT
+              value: {{ .Values.statsdPort | default "9125" | quote }}
+            - name: LOG_LEVEL
+              value: {{ .Values.web.logLevel | quote }}
+            {{- if .Values.web.sentry.enabled }}
+            - name: SWH_SENTRY_ENVIRONMENT
+              value: {{ .Values.sentry.environment }}
+            - name: SWH_MAIN_PACKAGE
+              value: swh.web
+            - name: SWH_SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.web.sentry.secretKeyRef }}
+                  key: {{ .Values.web.sentry.secretKeyName }}
+                  # 'name' secret should exist & include key
+                  # if the setting doesn't exist, sentry pushes will be disabled
+                  optional: true
+            - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+              value: "true"
+            {{- end }}
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/softwareheritage
+            readOnly: true
+        - name: nginx
+          resources:
+            requests:
+              memory: {{ .Values.web.requestedMemory | default "512Mi" }}
+              cpu: {{ .Values.web.requestedCpu | default "500m" }}
+          image: nginx:bullseye
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
+              name: webstatic
+          readinessProbe:
+            httpGet:
+              path: static/robots.txt
+              port: webstatic
+            initialDelaySeconds: 5
+            failureThreshold: 30
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: static/robots.txt
+              port: webstatic
+            initialDelaySeconds: 3
+            periodSeconds: 10
+        #  command:
+        #  - /bin/bash
+        #  args:
+        #  - -c
+        #  - /srv/swh/entrypoint.sh
+          volumeMounts:
+          - name: static
+            mountPath: /usr/share/nginx/html
+      volumes:
+      - name: configuration
+        secret:
+          secretName: {{ .Values.web.configSecretRef }}
+      #- name: configuration
+      #  emptyDir: {}
+      #- name: configuration-template
+      #  configMap:
+      #    name: web-configuration-template
+      #    items:
+      #    - key: "config.yml.template"
+      #      path: "config.yml.template"
+      - name: static
+        emptyDir: {}
+{{ end }}
--- a/swh/templates/web/ingress.yaml
+++ b/swh/templates/web/ingress.yaml
+{{ if .Values.web.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: {{ .Values.namespace }}
+  name: swh-web-ingress
+#  annotations:
+#    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  {{- if .Values.ingressClassName }}
+  ingressClassName: {{ .Values.ingressClassName }}
+  {{- end }}
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 5004
+      - path: /static
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 80
+    {{- if .Values.host }}
+    host: {{ .Values.host }}
+    {{- end }}
+{{ end }}
\ No newline at end of file
--- a/swh/templates/web/service.yaml
+++ b/swh/templates/web/service.yaml
+{{ if .Values.web.enabled -}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: web
+  namespace: {{ .Values.namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: web
+  ports:
+    - port: 5004
+      targetPort: 5004
+      name: webapp
+    - port: 80
+      targetPort: 80
+      name: webstatic
+{{ end }}
--- a/swh/tests/storage_service_test.yaml
+++ b/swh/tests/storage_service_test.yaml
-suite: test swh-storage service deployment
+suite: test storage service deployment
 templates:
  - storage/service.yaml
 tests:
-  - it: swh-storage service is deployed when activated
+  - it: Storage service is deployed when activated
    set:
      storage.enabled: true
      namespace: mynamespace

--- a/swh/tests/web_deployment_test.yaml
+++ b/swh/tests/web_deployment_test.yaml
+
+suite: test web deployment
+tests:
+  - it: Web is deployed when activated
+    templates:
+      - web/deployment.yaml
+    set:
+      web.enabled: true
+      swh_web_image: image
+      swh_web_image_version: version
+      web.requestedMemory: memory
+      web.requestedCpu: cpu
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: Deployment
+          apiVersion: apps/v1
+      - equal:
+          path: metadata.namespace
+          value: swh
+      - equal:
+          path: spec.replicas
+          value: 1
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.memory
+          value: memory
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.cpu
+          value: cpu
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: image:version
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "LOG_LEVEL")].value
+          value: "INFO"
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "STATSD_HOST")].value
+          value: prometheus-statsd-exporter
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "STATSD_PORT")].value
+          value: "9125"
+      - isNull:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "THREADS")]
+      - isNull:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "WORKERS")]
+      - isNull:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "TIMEOUT")]
+      - isNull:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_ENVIRONMENT")]
+      - isNull:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_MAIN_PACKAGE")]
+      - isNull:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_DSN")]
+      - equal:
+          path: spec.template.spec.volumes[?(@.name == "configuration")].secret.secretName
+          value: swh-cassandra-webapp-config
+  - it: Web gunicorn workers configuration
+    templates:
+      - web/deployment.yaml
+    set:
+      web.enabled: true
+      swh_web_image: image
+      swh_web_image_version: version
+      web.gunicorn.threads: 101
+      web.gunicorn.workers: 102
+      web.gunicorn.timeout: 103
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "THREADS")].value
+          value: "101"
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "WORKERS")].value
+          value: "102"
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "TIMEOUT")].value
+          value: "103"
+  - it: Web statsd overridden configuration
+    templates:
+      - web/deployment.yaml
+    set:
+      web.enabled: true
+      swh_web_image: image
+      swh_web_image_version: version
+      statsdExternalHost: my-statsd-host
+      statsdPort: 9999
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "STATSD_HOST")].value
+          value: my-statsd-host
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "STATSD_PORT")].value
+          value: "9999"
+  - it: Web sentry default configuration
+    templates:
+      - web/deployment.yaml
+    set:
+      web.enabled: true
+      web.sentry.enabled: true
+      swh_web_image: image
+      swh_web_image_version: version
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_ENVIRONMENT")].value
+          value: production
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_MAIN_PACKAGE")].value
+          value: swh.web
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_DSN")].valueFrom.secretKeyRef.name
+          value: common-secrets
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_DSN")].valueFrom.secretKeyRef.key
+          value: web-sentry-dsn
+  - it: Web sentry overridden configuration
+    templates:
+      - web/deployment.yaml
+    set:
+      sentry.environment: my-environment
+      web.enabled: true
+      web.sentry.enabled: true
+      web.sentry.secretKeyRef: my-secret
+      web.sentry.secretKeyName: my-key
+      swh_web_image: image
+      swh_web_image_version: version
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_ENVIRONMENT")].value
+          value: my-environment
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_MAIN_PACKAGE")].value
+          value: swh.web
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_DSN")].valueFrom.secretKeyRef.name
+          value: my-secret
+      - equal:
+          path: spec.template.spec.containers[?(@.name == "web")].env[?(@.name == "SWH_SENTRY_DSN")].valueFrom.secretKeyRef.key
+          value: my-key
--- a/swh/tests/web_global_test.yaml
+++ b/swh/tests/web_global_test.yaml
+suite: test web default deployment
+templates:
+  - web/deployment.yaml
+  - web/ingress.yaml
+  - web/service.yaml
+tests:
+  - it: Web is not deployed by default
+    values:
+      - ../values.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
\ No newline at end of file
--- a/swh/tests/web_ingess_test.yaml
+++ b/swh/tests/web_ingess_test.yaml
+
+suite: test web ingress deployment
+templates:
+  - web/ingress.yaml
+tests:
+  - it: web ingress is deployed when activated
+    set:
+      web.enabled: true
+      namespace: mynamespace
+      ingressClassName: myingressClass
+      host: myhost
+    asserts:
+        - containsDocument:
+            kind: Ingress
+            apiVersion: networking.k8s.io/v1
+        - equal:
+            path: metadata.namespace
+            value: mynamespace
+        - equal:
+            path: spec.ingressClassName
+            value: myingressClass
+        - equal:
+            path: spec.rules[0].host
+            value: myhost
\ No newline at end of file
--- a/swh/tests/web_service_test.yaml
+++ b/swh/tests/web_service_test.yaml
+suite: test web service deployment
+templates:
+  - web/service.yaml
+tests:
+  - it: web service is deployed when activated
+    set:
+      web.enabled: true
+      namespace: mynamespace
+    asserts:
+        - containsDocument:
+            kind: Service
+            apiVersion: v1
+        - equal:
+            path: metadata.namespace
+            value: mynamespace
\ No newline at end of file
--- a/swh/values.yaml
+++ b/swh/values.yaml
@@ -210,6 +210,36 @@ storage:
  objstorage:
    cls: noop

+web:
+  enabled: false
+  logLevel: INFO
+  replicas: 1
+  requestedCpu: 50m
+  requestedMemory: 100Mi
+  autoScaling:
+    maxReplicaCount: 1
+#  affinity:
+#    nodeAffinity:
+#      requiredDuringSchedulingIgnoredDuringExecution:
+#        nodeSelectorTerms:
+#        - matchExpressions:
+#          - key: swh/web
+#            operator: In
+#            values:
+#            - "true"
+#  gunicorn:
+#    threads: 5
+#    workers: 2
+#    timeout: 60
+  sentry:
+    enabled: false
+    # name of the secret containing the $secretKeyName value
+    # it defines the sentry token, host and projet to access
+    # like https://token@sentry.host/id
+    secretKeyRef: common-secrets
+    secretKeyName: web-sentry-dsn
+  configSecretRef: swh-cassandra-webapp-config
+
 statsd_exporter:
  enabled: false
  image: prom/statsd-exporter