production/deposit: Add instance to dynamic infra
This installs the future deposit instance (which will need to be exposed publically when ready) in the dynamic infra.
A second commit refactors the web template to reuse the same configuration pattern for keycloak (to avoid config duplication). That will make a small impact, some web instance which will be redeployed.
make swh-helm-diff
[swh] Comparing changes between branches production and migrate-deposit-to-dynamic-infra (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment staging...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment staging...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment production...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment production...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.Xe9LW9G4/staging-swh.before 2023-12-19 11:01:10.812313054 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/staging-swh.after 2023-12-19 11:01:11.516313092 +0100
@@ -4651,28 +4651,29 @@
swh_api_origin_search:
limiter_rate:
default: 10/m
swh_api_origin_visit_latest:
limiter_rate:
default: 700/m
swh_save_origin:
limiter_rate:
POST: 10/h
default: 120/h
+ keycloak:
+ realm_name: SoftwareHeritageStaging
+ server_url: https://auth.softwareheritage.org/auth/
+
content_display_max_size: 5242880
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json
- keycloak:
- realm_name: SoftwareHeritageStaging
- server_url: https://auth.softwareheritage.org/auth/
matomo: {}
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
- swh.web.banners
- swh.web.deposit
- swh.web.inbound_email
@@ -24250,21 +24251,21 @@
app: web
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web
annotations:
- checksum/config: a59de8d2746e93c1b89ec4c6e62d78db404fcb11b9d1ddf9fd6f60d7b4e72074
+ checksum/config: 95fd87e3902f1a126fcc44517e76ede4d3041d4b186b03b349950dd773a8db80
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra.before 2023-12-19 11:01:11.052313067 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra.after 2023-12-19 11:01:11.760313105 +0100
@@ -4592,28 +4592,29 @@
swh_api_origin_search:
limiter_rate:
default: 10/m
swh_api_origin_visit_latest:
limiter_rate:
default: 700/m
swh_save_origin:
limiter_rate:
POST: 10/h
default: 120/h
+ keycloak:
+ realm_name: SoftwareHeritageStaging
+ server_url: https://auth.softwareheritage.org/auth/
+
content_display_max_size: 5242880
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json
- keycloak:
- realm_name: SoftwareHeritageStaging
- server_url: https://auth.softwareheritage.org/auth/
matomo: {}
save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
- swh.web.banners
- swh.web.deposit
@@ -22920,21 +22921,21 @@
app: web
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web
annotations:
- checksum/config: ac673a4a5fdd310be2aa60f8d95f8c80c68a04225dfa0a1d93f479ae3939ea56
+ checksum/config: 6c3a51ab5bee1281a8d19881149e3b2eaabddf83b1396920768fa3800a92980a
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra-next-version.before 2023-12-19 11:01:11.268313079 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra-next-version.after 2023-12-19 11:01:11.972313116 +0100
@@ -4104,28 +4104,29 @@
swh_api_origin_search:
limiter_rate:
default: 10/m
swh_api_origin_visit_latest:
limiter_rate:
default: 700/m
swh_save_origin:
limiter_rate:
POST: 10/h
default: 120/h
+ keycloak:
+ realm_name: SoftwareHeritageStaging
+ server_url: https://auth.softwareheritage.org/auth/
+
content_display_max_size: 5242880
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json
- keycloak:
- realm_name: SoftwareHeritageStaging
- server_url: https://auth.softwareheritage.org/auth/
matomo: {}
save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
- swh.web.banners
- swh.web.deposit
@@ -21096,21 +21097,21 @@
app: web
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web
annotations:
- checksum/config: 1abcbbdf0d471db284dff6bef6b8999ab9a1f5ac88158401be759b6d0c2df0f0
+ checksum/config: 1479240dedcb3a7d99af99255c05cdb473934b3ff6fd9271a4317ac6d7aeb611
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.Xe9LW9G4/production-swh.before 2023-12-19 11:01:12.244313131 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/production-swh.after 2023-12-19 11:01:12.708313156 +0100
@@ -233,20 +233,66 @@
swh:
level: "INFO"
celery.task:
level: "INFO"
root:
level: "INFO"
handlers:
- console
---
+# Source: swh/templates/deposit/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: deposit-configuration-template
+data:
+ config.yml.template: |
+ instance_name: deposit-rpc-ingress
+ allowed_hosts:
+ - deposit-rpc-ingress
+ - deposit.softwareheritage.org
+ - deposit-dynamic.internal.softwareheritage.org
+ swh_authority_url: deposit-rpc-ingress
+ storage:
+ cls: remote
+ url: http://storage-azure-read-only-rpc-ingress
+ storage_metadata:
+ cls: remote
+ url: http://storage-azure-read-only-rpc-ingress
+ scheduler:
+ cls: remote
+ url: http://scheduler.internal.softwareheritage.org
+ authentication_provider: keycloak
+ keycloak:
+ realm_name: SoftwareHeritage
+ server_url: https://auth.softwareheritage.org/auth/
+
+ private:
+ secret_key: ${DJANGO_SECRET_KEY}
+ db:
+
+ host: db.internal.staging.swh.network
+ port: 5432
+ name: softwareheritage-deposit
+ user: swhstorage
+ password: ${POSTGRESQL_PASSWORD}
+ cache_uri: memcached:11211
+ extraction_dir: /tmp/swh-deposit/archive/
+ max_upload_size: 209715200
+ azure:
+ container_name: ""deposit-tarballs""
+ connection_string: ""DefaultEndpointsProtocol=https;AccountName=swhdepositstoragestaging;AccountKey=${ACCOUNT_KEY};EndpointSuffix=core.windows.net""
+ content_type: ""application/octet-stream""
+ content_encoding: """"
+---
# Source: swh/templates/graphql/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh
name: graphql-moma-configuration-template
data:
# TODO: rename to not have a dot in the name to allow testing
config.yml: |
storage:
@@ -6186,29 +6232,30 @@
default: 120/h
swh_api_origin_search:
limiter_rate:
default: 10/m
swh_api_origin_visit_latest:
limiter_rate:
default: 700/m
swh_raw_object:
limiter_rate:
default: 120/h
+ keycloak:
+ realm_name: SoftwareHeritage
+ server_url: https://auth.softwareheritage.org/auth/
+
content_display_max_size: 5242880
es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters1.internal.softwareheritage.org:5011/counters_history/history.json#
- keycloak:
- realm_name: SoftwareHeritage
- server_url: https://auth.softwareheritage.org/auth/
matomo:
site_id: 59
url: https://piwik.inria.fr/
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
- swh.web.banners
@@ -15777,20 +15824,39 @@
namespace: default
spec:
ports:
- name: http
port: 443
protocol: TCP
targetPort: 9443
selector:
app: keda-admission-webhooks
---
+# Source: swh/templates/deposit/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: deposit
+ namespace: swh
+spec:
+ type: ClusterIP
+ selector:
+ app: deposit
+ ports:
+ - port: 5006
+ targetPort: 5006
+ name: rpc
+
+ - port: 80
+ targetPort: 80
+ name: webstatic
+---
# Source: swh/templates/external-services/cname.yaml
apiVersion: v1
kind: Service
metadata:
name: indexer-storage-read-only-rpc-ingress
namespace: swh
spec:
type: ExternalName
externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
---
@@ -16479,20 +16545,229 @@
path: "logging-configuration.yml"
- name: checker-deposit-utils
configMap:
name: checker-deposit-utils
defaultMode: 0777
items:
- key: "pre-stop-idempotent.sh"
path: "pre-stop.sh"
---
+# Source: swh/templates/deposit/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: swh
+ name: deposit
+ labels:
+ app: deposit
+spec:
+ revisionHistoryLimit: 2
+ replicas: 2
+ selector:
+ matchLabels:
+ app: deposit
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: deposit
+ annotations:
+ checksum/config: 1f2d2428a6ec1079373d4c04958bbc4762f874cde95641f65114122f6e91131a
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/deposit
+ operator: In
+ values:
+ - "true"
+ priorityClassName: swh-frontend-rpc
+
+ initContainers:
+ - name: prepare-configuration
+ image: debian:bullseye
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ env:
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-postgresql-deposit-secrets
+ key: postgres-swh-deposit-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-deposit-django-secret
+ key: deposit-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+
+ - name: ACCOUNT_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-deposit-azure-secret
+ key: azure-swh-deposit-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: deposit-sentry-dsn
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ - name: prepare-static-folder
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/deposit:20231208.1
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - cp -r $PWD/.local/lib/python3.10/site-packages/swh/deposit/static/ /usr/share/swh/deposit/static/
+ volumeMounts:
+ - name: static
+ mountPath: /usr/share/swh/deposit/static
+ containers:
+ - name: deposit
+ resources:
+ requests:
+ memory: 500Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/deposit:20231208.1
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 5006
+ name: deposit-app
+ readinessProbe:
+ httpGet:
+ path: /
+ port: deposit-app
+ httpHeaders:
+ - name: Host
+ value: deposit-rpc-ingress
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ timeoutSeconds: 30
+ livenessProbe:
+ httpGet:
+ path: /
+ port: deposit-app
+ httpHeaders:
+ - name: Host
+ value: deposit-rpc-ingress
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ timeoutSeconds: 30
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - /opt/swh/entrypoint.sh
+ env:
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: LOG_LEVEL
+ value: "INFO"
+ - name: SWH_CONFIG_FILENAME
+ value: /etc/swh/config.yml
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: production
+ - name: SWH_MAIN_PACKAGE
+ value: swh.deposit
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: deposit-sentry-dsn
+ optional: false
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+
+ - name: DJANGO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-deposit-django-secret
+ key: deposit-django-secret-key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ readOnly: true
+ - name: localstorage
+ mountPath: /tmp
+ - name: nginx
+ resources:
+ requests:
+ memory: 500Mi
+ cpu: 500m
+ image: nginx:bullseye
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ name: webstatic
+ readinessProbe:
+ httpGet:
+ path: static/robots.txt
+ port: webstatic
+ initialDelaySeconds: 5
+ failureThreshold: 30
+ periodSeconds: 10
+ livenessProbe:
+ httpGet:
+ path: static/robots.txt
+ port: webstatic
+ initialDelaySeconds: 3
+ periodSeconds: 10
+ volumeMounts:
+ - name: static
+ mountPath: /usr/share/nginx/html
+ volumes:
+ - name: static
+ emptyDir: {}
+ - name: localstorage
+ emptyDir: {}
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: deposit-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+---
# Source: swh/templates/graphql/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: graphql-moma
namespace: swh
labels:
app: graphql-moma
spec:
revisionHistoryLimit: 2
@@ -28638,21 +28913,21 @@
app: web
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web
annotations:
- checksum/config: d8a17319c4310b8e76fad47fa67457ab572eefaf0f100e9e99dfb38ac4093475
+ checksum/config: 09e9556ba45bc1d6dc63e3db148768ce6d20a1722a95b2fb8e3ae9c4c83220bf
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -29358,20 +29633,160 @@
path: "config.yml.template"
- name: pgservice-configuration-template
configMap:
name: pgservice-configuration-template
items:
- key: "pg-service-conf"
path: "pg_service.conf"
restartPolicy: OnFailure
---
+# Source: swh/templates/deposit/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: deposit-ingress-authenticated
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/ssl-redirect: "false"
+ # type of authentication
+ nginx.ingress.kubernetes.io/auth-type: basic
+ # an htpasswd file in the key auth within the secret
+ nginx.ingress.kubernetes.io/auth-secret-type: auth-file
+ # name of the secret that contains the user/password definitions
+ nginx.ingress.kubernetes.io/auth-secret: swh/deposit-auth-secrets
+ # message to display with an appropriate context why the authentication is required
+ nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+
+spec:
+ rules:
+ - host: deposit-rpc-ingress
+ http:
+ paths:
+ - path: /1/private/
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 5006
+
+ - host: deposit.softwareheritage.org
+ http:
+ paths:
+ - path: /1/private/
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 5006
+
+ - host: deposit-dynamic.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /1/private/
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 5006
+
+ tls:
+ - hosts:
+ - deposit-rpc-ingress
+ - deposit.softwareheritage.org
+ - deposit-dynamic.internal.softwareheritage.org
+ secretName: swh-deposit-crt
+---
+# Source: swh/templates/deposit/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: deposit-ingress-default
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/ssl-redirect: "false"
+
+spec:
+ rules:
+ - host: deposit-rpc-ingress
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 5006
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 80
+
+ - host: deposit.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 5006
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 80
+
+ - host: deposit-dynamic.internal.softwareheritage.org
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 5006
+
+ - path: /static
+ pathType: Prefix
+ backend:
+ service:
+ name: deposit
+ port:
+ number: 80
+
+ tls:
+ - hosts:
+ - deposit-rpc-ingress
+ - deposit.softwareheritage.org
+ - deposit-dynamic.internal.softwareheritage.org
+ secretName: swh-deposit-crt
+---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-moma-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22
nginx.ingress.kubernetes.io/rewrite-target: /
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.Xe9LW9G4/production-swh-cassandra.before 2023-12-19 11:01:12.412313140 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/production-swh-cassandra.after 2023-12-19 11:01:12.868313164 +0100
@@ -1507,29 +1507,30 @@
default: 120/h
swh_api_origin_search:
limiter_rate:
default: 10/m
swh_api_origin_visit_latest:
limiter_rate:
default: 700/m
swh_raw_object:
limiter_rate:
default: 120/h
+ keycloak:
+ realm_name: SoftwareHeritage
+ server_url: https://auth.softwareheritage.org/auth/
+
content_display_max_size: 5242880
es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters1.internal.softwareheritage.org:5011/counters_history/history.json#
- keycloak:
- realm_name: SoftwareHeritage
- server_url: https://auth.softwareheritage.org/auth/
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
- swh.web.banners
- swh.web.deposit
- swh.web.inbound_email
- swh.web.jslicenses
@@ -14239,21 +14240,21 @@
app: web
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web
annotations:
- checksum/config: ffcb5d3378471db8cd6a6e1c6c9393edabaa014d32861e1cacb75f6db193e3f1
+ checksum/config: fa5d3f4c2b26c4cfa9ff18bba2a699ec66d9b1d60c7a95dfc48ef4264e81a529
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"