Skip to content

production/deposit: Add instance to dynamic infra

Antoine R. Dumont requested to merge migrate-deposit-to-dynamic-infra into production

This installs the future deposit instance (which will need to be exposed publically when ready) in the dynamic infra.

A second commit refactors the web template to reuse the same configuration pattern for keycloak (to avoid config duplication). That will make a small impact, some web instance which will be redeployed.

make swh-helm-diff
[swh] Comparing changes between branches production and migrate-deposit-to-dynamic-infra (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment staging...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment staging...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment production...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment production...
[swh] Generate config in migrate-deposit-to-dynamic-infra branch for environment production...


------------- diff for environment staging namespace swh -------------

--- /tmp/swh-chart.swh.Xe9LW9G4/staging-swh.before      2023-12-19 11:01:10.812313054 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/staging-swh.after       2023-12-19 11:01:11.516313092 +0100
@@ -4651,28 +4651,29 @@
         swh_api_origin_search:
           limiter_rate:
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_save_origin:
           limiter_rate:
             POST: 10/h
             default: 120/h
+    keycloak:
+      realm_name: SoftwareHeritageStaging
+      server_url: https://auth.softwareheritage.org/auth/
+
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json
-    keycloak:
-      realm_name: SoftwareHeritageStaging
-      server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
     - swh.web.deposit
     - swh.web.inbound_email
@@ -24250,21 +24251,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: a59de8d2746e93c1b89ec4c6e62d78db404fcb11b9d1ddf9fd6f60d7b4e72074
+        checksum/config: 95fd87e3902f1a126fcc44517e76ede4d3041d4b186b03b349950dd773a8db80
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"


------------- diff for environment staging namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra.before    2023-12-19 11:01:11.052313067 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra.after     2023-12-19 11:01:11.760313105 +0100
@@ -4592,28 +4592,29 @@
         swh_api_origin_search:
           limiter_rate:
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_save_origin:
           limiter_rate:
             POST: 10/h
             default: 120/h
+    keycloak:
+      realm_name: SoftwareHeritageStaging
+      server_url: https://auth.softwareheritage.org/auth/
+
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json
-    keycloak:
-      realm_name: SoftwareHeritageStaging
-      server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
     - swh.web.deposit
@@ -22920,21 +22921,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: ac673a4a5fdd310be2aa60f8d95f8c80c68a04225dfa0a1d93f479ae3939ea56
+        checksum/config: 6c3a51ab5bee1281a8d19881149e3b2eaabddf83b1396920768fa3800a92980a
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"


------------- diff for environment staging namespace swh-cassandra-next-version -------------

--- /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra-next-version.before       2023-12-19 11:01:11.268313079 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/staging-swh-cassandra-next-version.after        2023-12-19 11:01:11.972313116 +0100
@@ -4104,28 +4104,29 @@
         swh_api_origin_search:
           limiter_rate:
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_save_origin:
           limiter_rate:
             POST: 10/h
             default: 120/h
+    keycloak:
+      realm_name: SoftwareHeritageStaging
+      server_url: https://auth.softwareheritage.org/auth/
+
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters-rpc-ingress/counters_history/history.json
-    keycloak:
-      realm_name: SoftwareHeritageStaging
-      server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
     - swh.web.deposit
@@ -21096,21 +21097,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: 1abcbbdf0d471db284dff6bef6b8999ab9a1f5ac88158401be759b6d0c2df0f0
+        checksum/config: 1479240dedcb3a7d99af99255c05cdb473934b3ff6fd9271a4317ac6d7aeb611
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"


------------- diff for environment production namespace swh -------------

--- /tmp/swh-chart.swh.Xe9LW9G4/production-swh.before   2023-12-19 11:01:12.244313131 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/production-swh.after    2023-12-19 11:01:12.708313156 +0100
@@ -233,20 +233,66 @@
       swh:
         level: "INFO"
       celery.task:
         level: "INFO"

     root:
       level: "INFO"
       handlers:
       - console
 ---
+# Source: swh/templates/deposit/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: deposit-configuration-template
+data:
+  config.yml.template: |
+    instance_name: deposit-rpc-ingress
+    allowed_hosts:
+      - deposit-rpc-ingress
+      - deposit.softwareheritage.org
+      - deposit-dynamic.internal.softwareheritage.org
+    swh_authority_url: deposit-rpc-ingress
+    storage:
+      cls: remote
+      url: http://storage-azure-read-only-rpc-ingress
+    storage_metadata:
+      cls: remote
+      url: http://storage-azure-read-only-rpc-ingress
+    scheduler:
+      cls: remote
+      url: http://scheduler.internal.softwareheritage.org
+    authentication_provider: keycloak
+    keycloak:
+      realm_name: SoftwareHeritage
+      server_url: https://auth.softwareheritage.org/auth/
+
+    private:
+      secret_key: ${DJANGO_SECRET_KEY}
+      db:
+
+          host: db.internal.staging.swh.network
+          port: 5432
+          name: softwareheritage-deposit
+          user: swhstorage
+          password: ${POSTGRESQL_PASSWORD}
+    cache_uri: memcached:11211
+    extraction_dir: /tmp/swh-deposit/archive/
+    max_upload_size: 209715200
+    azure:
+      container_name: ""deposit-tarballs""
+      connection_string: ""DefaultEndpointsProtocol=https;AccountName=swhdepositstoragestaging;AccountKey=${ACCOUNT_KEY};EndpointSuffix=core.windows.net""
+      content_type: ""application/octet-stream""
+      content_encoding: """"
+---
 # Source: swh/templates/graphql/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: graphql-moma-configuration-template
 data:
   # TODO: rename to not have a dot in the name to allow testing
   config.yml: |
     storage:
@@ -6186,29 +6232,30 @@
             default: 120/h
         swh_api_origin_search:
           limiter_rate:
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_raw_object:
           limiter_rate:
             default: 120/h
+    keycloak:
+      realm_name: SoftwareHeritage
+      server_url: https://auth.softwareheritage.org/auth/
+
     content_display_max_size: 5242880
     es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters1.internal.softwareheritage.org:5011/counters_history/history.json#
-    keycloak:
-      realm_name: SoftwareHeritage
-      server_url: https://auth.softwareheritage.org/auth/
     matomo:
       site_id: 59
       url: https://piwik.inria.fr/
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
@@ -15777,20 +15824,39 @@
   namespace: default
 spec:
   ports:
   - name: http
     port: 443
     protocol: TCP
     targetPort: 9443
   selector:
     app: keda-admission-webhooks
 ---
+# Source: swh/templates/deposit/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: deposit
+  namespace: swh
+spec:
+  type: ClusterIP
+  selector:
+    app: deposit
+  ports:
+    - port: 5006
+      targetPort: 5006
+      name: rpc
+
+    - port: 80
+      targetPort: 80
+      name: webstatic
+---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: indexer-storage-read-only-rpc-ingress
   namespace: swh
 spec:
   type: ExternalName
   externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
@@ -16479,20 +16545,229 @@
             path: "logging-configuration.yml"

       - name: checker-deposit-utils
         configMap:
           name: checker-deposit-utils
           defaultMode: 0777
           items:
           - key: "pre-stop-idempotent.sh"
             path: "pre-stop.sh"
 ---
+# Source: swh/templates/deposit/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: swh
+  name: deposit
+  labels:
+    app: deposit
+spec:
+  revisionHistoryLimit: 2
+  replicas: 2
+  selector:
+    matchLabels:
+      app: deposit
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: deposit
+      annotations:
+        checksum/config: 1f2d2428a6ec1079373d4c04958bbc4762f874cde95641f65114122f6e91131a
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/deposit
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-frontend-rpc
+
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+          args:
+            - -c
+            - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+          env:
+
+            - name: POSTGRESQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: swh-postgresql-deposit-secrets
+                  key: postgres-swh-deposit-password
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
+
+            - name: DJANGO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: swh-deposit-django-secret
+                  key: deposit-django-secret-key
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
+
+
+
+            - name: ACCOUNT_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: swh-deposit-azure-secret
+                  key: azure-swh-deposit-key
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
+
+            - name: SWH_SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: deposit-sentry-dsn
+                  optional: false
+
+          volumeMounts:
+            - name: configuration
+              mountPath: /etc/swh
+            - name: configuration-template
+              mountPath: /etc/swh/configuration-template
+        - name: prepare-static-folder
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/deposit:20231208.1
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+          args:
+            - -c
+            - cp -r $PWD/.local/lib/python3.10/site-packages/swh/deposit/static/ /usr/share/swh/deposit/static/
+          volumeMounts:
+          - name: static
+            mountPath: /usr/share/swh/deposit/static
+      containers:
+        - name: deposit
+          resources:
+            requests:
+              memory: 500Mi
+              cpu: 500m
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/deposit:20231208.1
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5006
+              name: deposit-app
+          readinessProbe:
+            httpGet:
+              path: /
+              port: deposit-app
+              httpHeaders:
+                - name: Host
+                  value: deposit-rpc-ingress
+            initialDelaySeconds: 5
+            failureThreshold: 30
+            periodSeconds: 10
+            timeoutSeconds: 30
+          livenessProbe:
+            httpGet:
+              path: /
+              port: deposit-app
+              httpHeaders:
+                - name: Host
+                  value: deposit-rpc-ingress
+            initialDelaySeconds: 3
+            periodSeconds: 10
+            timeoutSeconds: 30
+          command:
+            - /bin/bash
+          args:
+            - -c
+            - /opt/swh/entrypoint.sh
+          env:
+            - name: STATSD_HOST
+              value: prometheus-statsd-exporter
+            - name: STATSD_PORT
+              value: "9125"
+            - name: LOG_LEVEL
+              value: "INFO"
+            - name: SWH_CONFIG_FILENAME
+              value: /etc/swh/config.yml
+            - name: SWH_SENTRY_ENVIRONMENT
+              value: production
+            - name: SWH_MAIN_PACKAGE
+              value: swh.deposit
+            - name: SWH_SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: deposit-sentry-dsn
+                  optional: false
+            - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+              value: "true"
+
+            - name: DJANGO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: swh-deposit-django-secret
+                  key: deposit-django-secret-key
+                  # 'name' secret must exist & include that ^ key
+                  optional: false
+
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+            readOnly: true
+          - name: localstorage
+            mountPath: /tmp
+        - name: nginx
+          resources:
+            requests:
+              memory: 500Mi
+              cpu: 500m
+          image: nginx:bullseye
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 80
+              name: webstatic
+          readinessProbe:
+            httpGet:
+              path: static/robots.txt
+              port: webstatic
+            initialDelaySeconds: 5
+            failureThreshold: 30
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: static/robots.txt
+              port: webstatic
+            initialDelaySeconds: 3
+            periodSeconds: 10
+          volumeMounts:
+            - name: static
+              mountPath: /usr/share/nginx/html
+      volumes:
+      - name: static
+        emptyDir: {}
+      - name: localstorage
+        emptyDir: {}
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+         name: deposit-configuration-template
+         items:
+         - key: "config.yml.template"
+           path: "config.yml.template"
+---
 # Source: swh/templates/graphql/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: graphql-moma
   namespace: swh
   labels:
     app: graphql-moma
 spec:
   revisionHistoryLimit: 2
@@ -28638,21 +28913,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: d8a17319c4310b8e76fad47fa67457ab572eefaf0f100e9e99dfb38ac4093475
+        checksum/config: 09e9556ba45bc1d6dc63e3db148768ce6d20a1722a95b2fb8e3ae9c4c83220bf
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"
@@ -29358,20 +29633,160 @@
                 path: "config.yml.template"
           - name: pgservice-configuration-template
             configMap:
               name: pgservice-configuration-template
               items:
               - key: "pg-service-conf"
                 path: "pg_service.conf"

           restartPolicy: OnFailure
 ---
+# Source: swh/templates/deposit/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: swh
+  name: deposit-ingress-authenticated
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    # type of authentication
+    nginx.ingress.kubernetes.io/auth-type: basic
+    # an htpasswd file in the key auth within the secret
+    nginx.ingress.kubernetes.io/auth-secret-type: auth-file
+    # name of the secret that contains the user/password definitions
+    nginx.ingress.kubernetes.io/auth-secret: swh/deposit-auth-secrets
+    # message to display with an appropriate context why the authentication is required
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+
+spec:
+  rules:
+  - host: deposit-rpc-ingress
+    http:
+      paths:
+      - path: /1/private/
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 5006
+
+  - host: deposit.softwareheritage.org
+    http:
+      paths:
+      - path: /1/private/
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 5006
+
+  - host: deposit-dynamic.internal.softwareheritage.org
+    http:
+      paths:
+      - path: /1/private/
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 5006
+
+  tls:
+  - hosts:
+    - deposit-rpc-ingress
+    - deposit.softwareheritage.org
+    - deposit-dynamic.internal.softwareheritage.org
+    secretName: swh-deposit-crt
+---
+# Source: swh/templates/deposit/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: swh
+  name: deposit-ingress-default
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+
+spec:
+  rules:
+  - host: deposit-rpc-ingress
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 5006
+
+      - path: /static
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 80
+
+  - host: deposit.softwareheritage.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 5006
+
+      - path: /static
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 80
+
+  - host: deposit-dynamic.internal.softwareheritage.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 5006
+
+      - path: /static
+        pathType: Prefix
+        backend:
+          service:
+            name: deposit
+            port:
+              number: 80
+
+  tls:
+  - hosts:
+    - deposit-rpc-ingress
+    - deposit.softwareheritage.org
+    - deposit-dynamic.internal.softwareheritage.org
+    secretName: swh-deposit-crt
+---
 # Source: swh/templates/graphql/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   namespace: swh
   name: graphql-moma-ingress-default
   annotations:
     nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22
     nginx.ingress.kubernetes.io/rewrite-target: /



------------- diff for environment production namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.Xe9LW9G4/production-swh-cassandra.before 2023-12-19 11:01:12.412313140 +0100
+++ /tmp/swh-chart.swh.Xe9LW9G4/production-swh-cassandra.after  2023-12-19 11:01:12.868313164 +0100
@@ -1507,29 +1507,30 @@
             default: 120/h
         swh_api_origin_search:
           limiter_rate:
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_raw_object:
           limiter_rate:
             default: 120/h
+    keycloak:
+      realm_name: SoftwareHeritage
+      server_url: https://auth.softwareheritage.org/auth/
+
     content_display_max_size: 5242880
     es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters1.internal.softwareheritage.org:5011/counters_history/history.json#
-    keycloak:
-      realm_name: SoftwareHeritage
-      server_url: https://auth.softwareheritage.org/auth/
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
     - swh.web.deposit
     - swh.web.inbound_email
     - swh.web.jslicenses
@@ -14239,21 +14240,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: ffcb5d3378471db8cd6a6e1c6c9393edabaa014d32861e1cacb75f6db193e3f1
+        checksum/config: fa5d3f4c2b26c4cfa9ff18bba2a699ec66d9b1d60c7a95dfc48ef4264e81a529
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"

Refs. swh/infra/sysadm-environment#5191 (closed)

Edited by Antoine R. Dumont

Merge request reports

Loading