Deploy vault instance in dynamic infrastructure
This deploys a new vault instance in the production dynamic infrastructure. This targets the production:
- postgresql: same db instance as the actual vault 'vangogh'
- scheduler: production instance scheduler.internal.s.o
- storage: storage-azure-read-only-rpc-ingress
- objstorage: a multiplexer instance using in order:
-
- aws
-
- objstorage-read-only-rpc-ingress
-
- azure-prefixed blobstorage (16 hex prefixed blobstorages) [1]
-
- cache: azure blobstorage: same as vangogh too
Note: Another commit refactors the deployment template to reuse the prepare-configuration docker image to align with other templates.
[1] azure storage is last fallback as the vault will no longer be running in azure, so to reduce the reading cost if any.
make swh-helm-diff
[swh] Comparing changes between branches production and deploy-vault-workload (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-vault-workload branch for environment staging...
[swh] Generate config in deploy-vault-workload branch for environment staging...
[swh] Generate config in deploy-vault-workload branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-vault-workload branch for environment production...
[swh] Generate config in deploy-vault-workload branch for environment production...
[swh] Generate config in deploy-vault-workload branch for environment production...
------------- diff for environment staging namespace swh -------------
No differences
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.V9tW0YuK/staging-swh-cassandra.before 2024-01-16 15:03:34.729598319 +0100
+++ /tmp/swh-chart.swh.V9tW0YuK/staging-swh-cassandra.after 2024-01-16 15:03:35.405597988 +0100
@@ -22812,51 +22812,53 @@
nodeSelectorTerms:
- matchExpressions:
- key: swh/rpc
operator: In
values:
- "true"
priorityClassName: swh-cassandra-frontend-rpc
initContainers:
- name: prepare-configuration
- image: debian:bullseye
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/utils:20231211.1
imagePullPolicy: IfNotPresent
command:
- - /bin/bash
- args:
- - -c
- - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ - /entrypoints/prepare-configuration.sh
env:
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: swh-vault-postgresql-secret
key: postgres-swh-vault-password
# 'name' secret must exist & include that ^ key
optional: false
- name: ACCOUNT_KEY
valueFrom:
secretKeyRef:
name: swh-vault-azure-secret
key: azure-swh-vault-key
# 'name' secret must exist & include that ^ key
optional: false
+
+
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: configuration-template
mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
containers:
- name: vault-rpc
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/vault:20240108.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5005
@@ -22910,20 +22912,24 @@
mountPath: /etc/swh
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
name: vault-rpc-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh-cassandra
name: web-cassandra
labels:
app: web-cassandra
spec:
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.V9tW0YuK/staging-swh-cassandra-next-version.before 2024-01-16 15:03:34.933598218 +0100
+++ /tmp/swh-chart.swh.V9tW0YuK/staging-swh-cassandra-next-version.after 2024-01-16 15:03:35.609597888 +0100
@@ -20988,51 +20988,53 @@
nodeSelectorTerms:
- matchExpressions:
- key: swh/rpc
operator: In
values:
- "true"
priorityClassName: swh-cassandra-next-version-frontend-rpc
initContainers:
- name: prepare-configuration
- image: debian:bullseye
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/utils:20231211.1
imagePullPolicy: IfNotPresent
command:
- - /bin/bash
- args:
- - -c
- - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ - /entrypoints/prepare-configuration.sh
env:
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: swh-vault-postgresql-secret
key: postgres-swh-vault-password
# 'name' secret must exist & include that ^ key
optional: false
- name: ACCOUNT_KEY
valueFrom:
secretKeyRef:
name: swh-vault-azure-secret
key: azure-swh-vault-key
# 'name' secret must exist & include that ^ key
optional: false
+
+
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: configuration-template
mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
containers:
- name: vault-rpc
resources:
requests:
memory: 512Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/vault:20240108.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5005
@@ -21086,20 +21088,24 @@
mountPath: /etc/swh
volumes:
- name: configuration
emptyDir: {}
- name: configuration-template
configMap:
name: vault-rpc-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh-cassandra-next-version
name: web-cassandra
labels:
app: web-cassandra
spec:
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.V9tW0YuK/production-swh.before 2024-01-16 15:03:35.889597751 +0100
+++ /tmp/swh-chart.swh.V9tW0YuK/production-swh.after 2024-01-16 15:03:36.341597530 +0100
@@ -6193,20 +6193,136 @@
if [ -e "${DB_VERSION}" ]; then
echo "Unable to find the code version"
exit 1
fi
if [ "$DB_VERSION" -ne "$CODE_VERSION" ]; then
echo "code and DB versions are different. Blocking the deployment"
exit 1
fi
---
+# Source: swh/templates/vault/rpc-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: swh
+ name: vault-rpc-configuration-template
+data:
+ config.yml.template: |
+ vault:
+ cls: postgresql
+ db: host=db.internal.softwareheritage.org port=5432 user=swh-vault dbname=swh-vault password=${POSTGRESQL_PASSWORD}
+ storage:
+ cls: pipeline
+ steps:
+ - cls: retry
+ - cls: remote
+ url: http://storage-azure-read-only-rpc-ingress
+ scheduler:
+ cls: remote
+ url: http://scheduler.internal.softwareheritage.org
+ objstorage:
+ cls: multiplexer
+ objstorages:
+ - cls: filtered
+ filters_conf:
+ - type: readonly
+ storage_conf:
+ cls: http
+ compression: gzip
+ timeout: 120
+ url: https://softwareheritage.s3.amazonaws.com/content/
+ - cls: filtered
+ filters_conf:
+ - type: readonly
+ storage_conf:
+ cls: remote
+ url: http://objstorage-read-only-rpc-ingress
+ - cls: filtered
+ filters_conf:
+ - type: readonly
+ storage_conf:
+ accounts:
+ "0":
+ account_name: ${ACCOUNT_NAME_0}
+ api_secret_key: ${API_SECRET_KEY_0}
+ container_name: contents
+ "1":
+ account_name: ${ACCOUNT_NAME_1}
+ api_secret_key: ${API_SECRET_KEY_1}
+ container_name: contents
+ "2":
+ account_name: ${ACCOUNT_NAME_2}
+ api_secret_key: ${API_SECRET_KEY_2}
+ container_name: contents
+ "3":
+ account_name: ${ACCOUNT_NAME_3}
+ api_secret_key: ${API_SECRET_KEY_3}
+ container_name: contents
+ "4":
+ account_name: ${ACCOUNT_NAME_4}
+ api_secret_key: ${API_SECRET_KEY_4}
+ container_name: contents
+ "5":
+ account_name: ${ACCOUNT_NAME_5}
+ api_secret_key: ${API_SECRET_KEY_5}
+ container_name: contents
+ "6":
+ account_name: ${ACCOUNT_NAME_6}
+ api_secret_key: ${API_SECRET_KEY_6}
+ container_name: contents
+ "7":
+ account_name: ${ACCOUNT_NAME_7}
+ api_secret_key: ${API_SECRET_KEY_7}
+ container_name: contents
+ "8":
+ account_name: ${ACCOUNT_NAME_8}
+ api_secret_key: ${API_SECRET_KEY_8}
+ container_name: contents
+ "9":
+ account_name: ${ACCOUNT_NAME_9}
+ api_secret_key: ${API_SECRET_KEY_9}
+ container_name: contents
+ a:
+ account_name: ${ACCOUNT_NAME_10}
+ api_secret_key: ${API_SECRET_KEY_10}
+ container_name: contents
+ b:
+ account_name: ${ACCOUNT_NAME_11}
+ api_secret_key: ${API_SECRET_KEY_11}
+ container_name: contents
+ c:
+ account_name: ${ACCOUNT_NAME_12}
+ api_secret_key: ${API_SECRET_KEY_12}
+ container_name: contents
+ d:
+ account_name: ${ACCOUNT_NAME_13}
+ api_secret_key: ${API_SECRET_KEY_13}
+ container_name: contents
+ e:
+ account_name: ${ACCOUNT_NAME_14}
+ api_secret_key: ${API_SECRET_KEY_14}
+ container_name: contents
+ f:
+ account_name: ${ACCOUNT_NAME_15}
+ api_secret_key: ${API_SECRET_KEY_15}
+ container_name: contents
+ cls: azure-prefixed
+ cache:
+ api_secret_key: ${API_SECRET_KEY}
+ cls: azure
+ connection_string: DefaultEndpointsProtocol=https;AccountName=swhvaultstorage;AccountKey=${ACCOUNT_KEY};EndpointSuffix=core.windows.net
+ container_name: contents-uncompressed
+ smtp:
+ host: smtp.inria.fr
+ port: 25
+---
# Source: swh/templates/web/configmap-pgservice.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: pgservice-archive-configuration-template
namespace: swh
data:
pg-service-conf: |
[syncmailmaps]
dbname=softwareheritage
@@ -16105,20 +16221,30 @@
# Source: swh/templates/external-services/cname.yaml
apiVersion: v1
kind: Service
metadata:
name: storage-azure-read-only-rpc-ingress
namespace: swh
spec:
type: ExternalName
externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: vault-rpc-ingress
+ namespace: swh
+spec:
+ type: ExternalName
+ externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
# Source: swh/templates/graphql/service.yaml
apiVersion: v1
kind: Service
metadata:
name: graphql-archive
namespace: swh
spec:
type: ClusterIP
selector:
app: graphql-archive
@@ -16267,20 +16393,35 @@
namespace: swh
spec:
type: ClusterIP
selector:
app: storage-postgresql-azure-readonly
ports:
- port: 5002
targetPort: 5002
name: rpc
---
+# Source: swh/templates/vault/rpc-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: vault-rpc
+ namespace: swh
+spec:
+ type: ClusterIP
+ selector:
+ app: vault-rpc
+ ports:
+ - port: 5005
+ targetPort: 5005
+ name: rpc
+---
# Source: swh/templates/web/service.yaml
apiVersion: v1
kind: Service
metadata:
name: web-app1
namespace: swh
spec:
type: ClusterIP
selector:
app: web-app1
@@ -29220,20 +29361,387 @@
defaultMode: 0777
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: toolbox-script-utils
configMap:
name: toolbox-script-utils
defaultMode: 0555
---
+# Source: swh/templates/vault/rpc-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: swh
+ name: vault-rpc
+ labels:
+ app: vault-rpc
+spec:
+ revisionHistoryLimit: 2
+ replicas: 2
+ selector:
+ matchLabels:
+ app: vault-rpc
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: vault-rpc
+ annotations:
+ checksum/config: 632783e6b23a77d8638d1d807a469881296690704cbc14e85987b34b88ded75f
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: swh/rpc
+ operator: In
+ values:
+ - "true"
+ priorityClassName: swh-frontend-rpc
+
+ initContainers:
+ - name: prepare-configuration
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/utils:20231211.1
+ imagePullPolicy: IfNotPresent
+ command:
+ - /entrypoints/prepare-configuration.sh
+ env:
+
+
+ - name: POSTGRESQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: swh-vault-postgresql-secret
+ key: postgres-swh-vault-password
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: API_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: swh-vault-azure-secret
+ key: azure-swh-vault
+ # 'name' secret must exist & include that ^ key
+ optional: false
+
+
+ - name: ACCOUNT_NAME_0
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 0_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_1
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 1_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_10
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 10_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_11
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 11_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_12
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 12_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_13
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 13_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_14
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 14_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_15
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 15_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_2
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 2_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_3
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 3_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_4
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 4_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_5
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 5_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_6
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 6_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_7
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 7_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_8
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 8_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: ACCOUNT_NAME_9
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 9_account_name
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_0
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 0_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_1
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 1_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_10
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 10_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_11
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 11_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_12
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 12_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_13
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 13_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_14
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 14_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_15
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 15_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_2
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 2_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_3
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 3_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_4
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 4_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_5
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 5_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_6
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 6_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_7
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 7_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_8
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 8_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ - name: API_SECRET_KEY_9
+ valueFrom:
+ secretKeyRef:
+ name: swh-objstorage-config
+ key: 9_api_secret_key
+ # 'name' secret must exist & include that ^ key
+ optional: false
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ - name: configuration-template
+ mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
+ containers:
+ - name: vault-rpc
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ image: container-registry.softwareheritage.org/swh/infra/swh-apps/vault:20240108.1
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 5005
+ name: rpc
+ readinessProbe:
+ httpGet:
+ path: /
+ port: rpc
+ initialDelaySeconds: 15
+ failureThreshold: 30
+ periodSeconds: 5
+ livenessProbe:
+ httpGet:
+ path: /
+ port: rpc
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - /opt/swh/entrypoint.sh
+ env:
+ - name: THREADS
+ value: "5"
+ - name: WORKERS
+ value: "4"
+ - name: TIMEOUT
+ value: "3600"
+ - name: STATSD_HOST
+ value: prometheus-statsd-exporter
+ - name: STATSD_PORT
+ value: "9125"
+ - name: LOG_LEVEL
+ value: INFO
+ - name: SWH_SENTRY_ENVIRONMENT
+ value: production
+ - name: SWH_MAIN_PACKAGE
+ value: swh.vault
+ - name: SWH_SENTRY_DSN
+ valueFrom:
+ secretKeyRef:
+ name: swh-vault-sentry-secret
+ key: sentry-dsn
+ # if the setting doesn't exist, sentry issue pushes will be disabled
+ optional: false
+ - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+ value: "true"
+ volumeMounts:
+ - name: configuration
+ mountPath: /etc/swh
+ volumes:
+ - name: configuration
+ emptyDir: {}
+ - name: configuration-template
+ configMap:
+ name: vault-rpc-configuration-template
+ items:
+ - key: "config.yml.template"
+ path: "config.yml.template"
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
+---
# Source: swh/templates/web/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh
name: web-app1
labels:
app: web-app1
spec:
revisionHistoryLimit: 2
@@ -30618,20 +31126,49 @@
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: storage-postgresql-azure-readonly
port:
number: 5002
---
+# Source: swh/templates/vault/rpc-ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: swh
+ name: vault-rpc-ingress-default
+ annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
+ nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/proxy-body-size: 4G
+ nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+ nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
+ nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
+
+spec:
+ rules:
+ - host: vault-rpc-ingress
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: vault-rpc
+ port:
+ number: 5005
+---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-app1-ingress-authenticated
annotations:
nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.V9tW0YuK/production-swh-cassandra.before 2024-01-16 15:03:36.057597669 +0100
+++ /tmp/swh-chart.swh.V9tW0YuK/production-swh-cassandra.after 2024-01-16 15:03:36.505597450 +0100
@@ -11260,20 +11260,30 @@
# Source: swh/templates/external-services/cname.yaml
apiVersion: v1
kind: Service
metadata:
name: storage-azure-read-only-rpc-ingress
namespace: swh-cassandra
spec:
type: ExternalName
externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: vault-rpc-ingress
+ namespace: swh-cassandra
+spec:
+ type: ExternalName
+ externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
# Source: swh/templates/graphql/service.yaml
apiVersion: v1
kind: Service
metadata:
name: graphql-cassandra
namespace: swh-cassandra
spec:
type: ClusterIP
selector:
app: graphql-cassandra