Helm charts for swh packages merge requests
https://gitlab.softwareheritage.org/swh/infra/ci-cd/swh-charts/-/merge_requests
2024-03-25T16:21:47Z
https://gitlab.softwareheritage.org/swh/infra/ci-cd/swh-charts/-/merge_requests/374
v273: Release swh.objstorage v2.9.1
2024-03-25T16:21:47Z
Jenkins Bot
v273: Release swh.objstorage v2.9.1
Jenkins Bot
Jenkins Bot
https://gitlab.softwareheritage.org/swh/infra/ci-cd/swh-charts/-/merge_requests/369
Deploy svix in production
2024-03-21T15:26:09Z
Antoine R. Dumont
Deploy svix in production
<details><summary>helm diff</summary>
```diff
[cluster-components] Comparing changes between branches production and deploy-svix-in-production...
Your branch is up to date with 'origin/production'.
[cluster-components] Generate config i...
<details><summary>helm diff</summary>
```diff
[cluster-components] Comparing changes between branches production and deploy-svix-in-production...
Your branch is up to date with 'origin/production'.
[cluster-components] Generate config in production branch for cluster-components/values/admin-rke2.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/archive-production-rke2.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/archive-staging-rke2.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/gitlab-production.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/gitlab-staging.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/minikube.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/rancher.yaml...
[cluster-components] Generate config in production branch for cluster-components/values/test-staging-rke2.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/admin-rke2.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/archive-production-rke2.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/archive-staging-rke2.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/gitlab-production.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/gitlab-staging.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/minikube.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/rancher.yaml...
[cluster-components] Generate config in deploy-svix-in-production branch for cluster-components/values/test-staging-rke2.yaml...
------------- diff for cluster-components/values/admin-rke2.yaml -------------
No differences
------------- diff for cluster-components/values/archive-production-rke2.yaml -------------
--- /tmp/swh-chart.cluster-components.e42yX22D/archive-production-rke2.yaml.before 2024-03-21 16:08:09.968166245 +0100
+++ /tmp/swh-chart.cluster-components.e42yX22D/archive-production-rke2.yaml.after 2024-03-21 16:08:10.604165213 +0100
@@ -2,20 +2,76 @@
# Source: cluster-config/templates/pod-priority/priority.yaml
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: cluster-components-system
namespace: cluster-components
value: 75000
globalDefault: false
description: Highest pod priorities (ingress, operator, collector, controller)
---
+# Source: cluster-config/templates/svix/network-policies.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-deny-svix-ingress
+ namespace: svix-server
+spec:
+ podSelector:
+ matchLabels: {}
+ policyTypes:
+ - Ingress
+---
+# Source: cluster-config/templates/svix/network-policies.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: all-access-svix-http
+ namespace: svix-server
+spec:
+ podSelector:
+ matchLabels:
+ app: svix-server
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: ingress-nginx
+ ports:
+ - protocol: TCP
+ port: 8071
+---
+# Source: cluster-config/templates/svix/network-policies.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: svix-access-redis
+ namespace: svix-server
+spec:
+ podSelector:
+ matchLabels:
+ app: redis-svix
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: svix-server
+ ports:
+ - protocol: TCP
+ port: 6379
+ - from:
+ - ipBlock:
+ cidr: 0.0.0.0/0
+ ports:
+ - protocol: TCP
+ port: 9121
+---
# Source: cluster-config/templates/scrape-external-metrics/service.yaml
apiVersion: v1
kind: Service
metadata:
namespace: cassandra
name: cassandra-servers-svc
labels:
app: cassandra
spec:
type: ExternalName
@@ -36,20 +92,144 @@
app: rabbitmq
spec:
type: ExternalName
externalName: "fake-url"
ports:
- name: rabbitmq-metrics
port: 9419
targetPort: 9419
protocol: TCP
---
+# Source: cluster-config/templates/svix/services.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: svix
+ namespace: svix-server
+spec:
+ type: ClusterIP
+ selector:
+ app: svix-server
+ ports:
+ - port: 8071
+ targetPort: 8071
+ name: svix
+---
+# Source: cluster-config/templates/svix/svix-server.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: svix-server
+ name: svix-server
+ labels:
+ app: svix-server
+spec:
+ revisionHistoryLimit: 2
+ replicas: 1
+ selector:
+ matchLabels:
+ app: svix-server
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: svix-server
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: svix-server
+ operator: In
+ values:
+ - "true"
+ containers:
+ - name: svix-server
+ resources:
+ requests:
+ memory: 100Mi
+ cpu: 100m
+ image: svix/svix-server:v1.16
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 8071
+ name: svix
+ readinessProbe:
+ httpGet:
+ path: /
+ port: svix
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ timeoutSeconds: 30
+ livenessProbe:
+ httpGet:
+ path: /
+ port: svix
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ timeoutSeconds: 30
+ env:
+ - name: SVIX_JWT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: svix-server-secrets
+ key: SVIX_JWT_SECRET
+ - name: SVIX_DB_PASS
+ valueFrom:
+ secretKeyRef:
+ name: svix-server-secrets
+ key: APP_DB_PASS
+ - name: SVIX_DB_USER
+ valueFrom:
+ secretKeyRef:
+ name: svix-server-secrets
+ key: APP_DB_USER
+ - name: WAIT_FOR
+ value: "true" # We want to wait for the default services
+ - name: SVIX_REDIS_DSN
+ value: "redis://redis-svix.svix-server:6379"
+ - name: SVIX_DB_DSN
+ value: "postgresql://$(SVIX_DB_USER):$(SVIX_DB_PASS)@albertinal.internal.softwareheritage.org"
+---
+# Source: cluster-config/templates/svix/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: svix-server
+ name: svix-ingress
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+ nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.50.0/24
+spec:
+ rules:
+ - host: svix.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: svix
+ port:
+ number: 8071
+ tls:
+ - hosts:
+ - svix.internal.softwareheritage.org
+ secretName: swh-svix-crt
+---
# Source: cluster-config/templates/scrape-external-metrics/endpoints.yaml
# This defines the external endpoints ips to connect to scrape metrics
---
# Source: cluster-config/templates/scrape-external-metrics/service-monitor.yaml
# This defines the service-monitor to monitor the service which scrapes external metrics
# This may redefine some metrics, see the relabeling configuration dict key
---
# Source: cluster-config/templates/scrape-external-metrics/service.yaml
# This defines a service to be monitored by the service monitor
---
------------- diff for cluster-components/values/archive-staging-rke2.yaml -------------
No differences
------------- diff for cluster-components/values/gitlab-production.yaml -------------
No differences
------------- diff for cluster-components/values/gitlab-staging.yaml -------------
No differences
------------- diff for cluster-components/values/minikube.yaml -------------
No differences
------------- diff for cluster-components/values/rancher.yaml -------------
No differences
------------- diff for cluster-components/values/test-staging-rke2.yaml -------------
No differences
```
</details>
Refs. swh/infra/sysadm-environment#5275
https://gitlab.softwareheritage.org/swh/infra/ci-cd/swh-charts/-/merge_requests/367
Draft: svix: Allow svix to run with rabbitmq as queue messages
2024-03-21T13:59:44Z
Antoine R. Dumont
Draft: svix: Allow svix to run with rabbitmq as queue messages
Tentatively tried to adapt svix to use rabbitmq for the queue messaging system.
Failed for now in minikube.
Refs. swh/infra/sysadm-environment#5275
Tentatively tried to adapt svix to use rabbitmq for the queue messaging system.
Failed for now in minikube.
Refs. swh/infra/sysadm-environment#5275
https://gitlab.softwareheritage.org/swh/infra/ci-cd/swh-charts/-/merge_requests/366
loader-metadata: restart the journal client when it reaches EOF
2024-03-14T18:33:59Z
Nicolas Dandrimont
olasd@softwareheritage.org
loader-metadata: restart the journal client when it reaches EOF
We expect this journal client to run continuously, refreshing old
metadata when necessary; to do so, we need to set the journal client to
reset itself on EOF.
Ref. swh/infra/sysadm-environment#5289
We expect this journal client to run continuously, refreshing old
metadata when necessary; to do so, we need to set the journal client to
reset itself on EOF.
Ref. swh/infra/sysadm-environment#5289