Skip to content

staging: Deploy read/write postgresql storage in elastic infra

This still uses the remote objstorage on storage1.staging for now.

make swh-helm-diff
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'migrate-storage-postgres-to-dynamic-infra'
[swh] Generate config in migrate-storage-postgres-to-dynamic-infra branch for environment staging...
[swh] Generate config in migrate-storage-postgres-to-dynamic-infra branch for environment staging...
[swh] Generate config in migrate-storage-postgres-to-dynamic-infra branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'migrate-storage-postgres-to-dynamic-infra'
[swh] Generate config in migrate-storage-postgres-to-dynamic-infra branch for environment production...
[swh] Generate config in migrate-storage-postgres-to-dynamic-infra branch for environment production...
[swh] Generate config in migrate-storage-postgres-to-dynamic-infra branch for environment production...


------------- diff for environment staging namespace swh -------------

--- /tmp/swh-chart.swh.d99STYeH/staging-swh.before      2023-11-22 11:36:46.397125650 +0100
+++ /tmp/swh-chart.swh.d99STYeH/staging-swh.after       2023-11-22 11:36:47.061124599 +0100
@@ -4101,20 +4101,49 @@
       message.max.bytes: 524288000
       privileged: true
       object_types:
         - snapshot
     replayer:
       error_reporter:
         db: 1
         host: redis-postgresql.redis
         port: 6379
 ---
+# Source: swh/templates/storage/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: storage-configuration-template
+data:
+  config.yml.template: |
+    storage:
+      cls: pipeline
+      steps:
+      - cls: record_references
+      - cls: postgresql
+        db: host=db1.internal.staging.swh.network port=5432 user=swh dbname=swh password=${POSTGRESQL_PASSWORD}
+        objstorage:
+          cls: remote
+          url: http://storage1.internal.staging.swh.network:5003/
+
+        journal_writer:
+          cls: kafka
+          brokers:
+          - journal1.internal.staging.swh.network
+          - journal2.internal.staging.swh.network
+          prefix: swh.journal.objects
+          client_id: swh.storage.journal_writer.storage1
+          anonymize: true
+          producer_config:
+            message.max.bytes: 1000000000
+---
 # Source: swh/templates/toolbox/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: toolbox-indexer-storage-template
   namespace: swh
 data:
   config.yml.template: |
     indexer_storage:
       cls: postgresql
@@ -14221,20 +14250,30 @@
   name: search-rpc-ingress
   namespace: swh
 spec:
   type: ExternalName
   externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: storage-postgresql-rpc-ingress
+  namespace: swh
+spec:
+  type: ExternalName
+  externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
   name: vault-rpc-ingress
   namespace: swh
 spec:
   type: ExternalName
   externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/graphql/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
@@ -14329,20 +14368,35 @@
     app: prometheus-statsd-exporter
   ports:
     - name: statsd
       port: 9125
       targetPort: 9125
       protocol: UDP
     - name: http
       port: 9102
       targetPort: 9102
 ---
+# Source: swh/templates/storage/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: storage
+  namespace: swh
+spec:
+  type: ClusterIP
+  selector:
+    app: storage
+  ports:
+    - port: 5002
+      targetPort: 5002
+      name: rpc
+---
 # Source: swh/templates/web/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: web
   namespace: swh
 spec:
   type: ClusterIP
   selector:
     app: web
@@ -23479,20 +23533,154 @@
         configMap:
           name: storage-replayer-configuration-snapshot-template
           items:
           - key: "config.yml.template"
             path: "config.yml.template"
       - name: database-utils
         configMap:
           name: database-utils
           defaultMode: 0555
 ---
+# Source: swh/templates/storage/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: swh
+  name: storage
+  labels:
+    app: storage
+spec:
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: storage
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: storage
+      annotations:
+        checksum/config: 8f088db9c5dbc10095a481e58ad8ec0752846e9da2e8d0ccbce5ad0a3f3b85fb
+        checksum/config-utils: 95e3ec2d5d9a9195227631abff0736a8d94bcbcc795abf56981a586844da0c79
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/storage
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-frontend-rpc
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+          env:
+
+
+          - name: POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-postgresql-common-secret
+                key: postgres-swh-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+
+
+      containers:
+        - name: storage
+          resources:
+            requests:
+              memory: 1500Mi
+              cpu: 500m
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/storage:20231120.4
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5002
+              name: rpc
+          readinessProbe:
+            httpGet:
+              path: /
+              port: rpc
+            initialDelaySeconds: 15
+            failureThreshold: 30
+            periodSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /
+              port: rpc
+            initialDelaySeconds: 10
+            periodSeconds: 5
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - /opt/swh/entrypoint.sh
+          env:
+            - name: THREADS
+              value: "4"
+            - name: WORKERS
+              value: "8"
+            - name: TIMEOUT
+              value: "60"
+            - name: STATSD_HOST
+              value: prometheus-statsd-exporter
+            - name: STATSD_PORT
+              value: "9125"
+            - name: LOG_LEVEL
+              value: "INFO"
+            - name: SWH_SENTRY_ENVIRONMENT
+              value: staging
+            - name: SWH_MAIN_PACKAGE
+              value: swh.storage
+            - name: SWH_SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: storage-sentry-dsn
+                  # 'name' secret should exist & include key
+                  # if the setting doesn't exist, sentry pushes will be disabled
+                  optional: true
+            - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+              value: "true"
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: storage-configuration-template
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: database-utils
+        configMap:
+          name: database-utils
+          defaultMode: 0555
+---
 # Source: swh/templates/toolbox/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: swh-toolbox
   namespace: swh
   labels:
     app: swh-toolbox
 spec:
   revisionHistoryLimit: 2
@@ -24066,20 +24254,43 @@
   minReplicas: 2
   maxReplicas: 4
   metrics:
   - type: Resource
     resource:
       name: cpu
       target:
         type: Utilization
         averageUtilization: 75
 ---
+# Source: swh/templates/storage/autoscaling.yaml
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  namespace: swh
+  name: storage
+  labels:
+    app: storage
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: storage
+  minReplicas: 2
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 150
+---
 # Source: swh/templates/web/autoscaling.yaml
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   namespace: swh
   name: web
   labels:
     app: web
 spec:
   scaleTargetRef:
@@ -24642,20 +24853,52 @@
     http:
       paths:
       - path: /
         pathType: Prefix
         backend:
           service:
             name: search-rpc
             port:
               number: 5010
 ---
+# Source: swh/templates/storage/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: swh
+  name: storage-ingress-default
+  annotations:
+
+spec:
+  rules:
+  - host: storage-postgresql-rpc-ingress
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: storage
+            port:
+              number: 5002
+
+  - host: storage-postgresql.internal.staging.swh.network
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: storage
+            port:
+              number: 5002
+---
 # Source: swh/templates/web/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   namespace: swh
   name: web-ingress-authenticated
   annotations:

     cert-manager.io/cluster-issuer: letsencrypt-production-gandi
     kubernetes.io/ingress.class: nginx


------------- diff for environment staging namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.d99STYeH/staging-swh-cassandra.before    2023-11-22 11:36:46.621125296 +0100
+++ /tmp/swh-chart.swh.d99STYeH/staging-swh-cassandra.after     2023-11-22 11:36:47.277124257 +0100
@@ -14032,20 +14032,30 @@
   name: search-rpc-ingress
   namespace: swh-cassandra
 spec:
   type: ExternalName
   externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: storage-postgresql-rpc-ingress
+  namespace: swh-cassandra
+spec:
+  type: ExternalName
+  externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
   name: vault-rpc-ingress
   namespace: swh-cassandra
 spec:
   type: ExternalName
   externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/graphql/service.yaml
 apiVersion: v1
 kind: Service
 metadata:


------------- diff for environment staging namespace swh-cassandra-next-version -------------

--- /tmp/swh-chart.swh.d99STYeH/staging-swh-cassandra-next-version.before       2023-11-22 11:36:46.829124966 +0100
+++ /tmp/swh-chart.swh.d99STYeH/staging-swh-cassandra-next-version.after        2023-11-22 11:36:47.521123871 +0100
@@ -13599,20 +13599,30 @@
   name: search-rpc-ingress
   namespace: swh-cassandra-next-version
 spec:
   type: ExternalName
   externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: storage-postgresql-rpc-ingress
+  namespace: swh-cassandra-next-version
+spec:
+  type: ExternalName
+  externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
   name: vault-rpc-ingress
   namespace: swh-cassandra-next-version
 spec:
   type: ExternalName
   externalName: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/graphql/service.yaml
 apiVersion: v1
 kind: Service
 metadata:


------------- diff for environment production namespace swh -------------

No differences


------------- diff for environment production namespace swh-cassandra -------------

No differences

Refs. swh/infra/sysadm-environment#4780 (closed)

Refs. swh/infra/sysadm-environment#5164 (closed)

Edited by Antoine R. Dumont

Merge request reports