Skip to content

production/banco: Deploy pathslicing read-only objstorage instance

Antoine R. Dumont requested to merge deploy-banco-objstorage into production

This matches the current static instance deployed on banco.

We matches the previous resources of its gunicorn, 1 instance with 16 workers (1 thread), with 2 instances of 8 workers (1 thread).

helm diff 
[swh] Comparing changes between branches production and deploy-banco-objstorage (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-banco-objstorage branch for environment staging...
[swh] Generate config in deploy-banco-objstorage branch for environment staging...
[swh] Generate config in deploy-banco-objstorage branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-banco-objstorage branch for environment production...
[swh] Generate config in deploy-banco-objstorage branch for environment production...
[swh] Generate config in deploy-banco-objstorage branch for environment production...


------------- diff for environment staging namespace swh -------------

No differences


------------- diff for environment staging namespace swh-cassandra -------------

No differences


------------- diff for environment staging namespace swh-cassandra-next-version -------------

No differences


------------- diff for environment production namespace swh -------------

--- /tmp/swh-chart.swh.gTtOQm5X/production-swh.before   2024-01-30 09:55:17.984756793 +0100
+++ /tmp/swh-chart.swh.gTtOQm5X/production-swh.after    2024-01-30 09:55:18.472756249 +0100
@@ -6135,20 +6135,34 @@
         - type: readonly
         storage_conf:
           cls: remote
           url: http://objstorage-ro-saam-zfs-rpc-ingress
 ---
 # Source: swh/templates/objstorage/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
+  name: objstorage-ro-banco-xfs-configuration-template
+data:
+  config.yml.template: |
+    objstorage:
+      cls: pathslicing
+      root: /srv/softwareheritage/objects
+      slicing: 0:2/2:4/4:6
+    client_max_size: 1073741824
+---
+# Source: swh/templates/objstorage/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
   name: objstorage-ro-saam-zfs-configuration-template
 data:
   config.yml.template: |
     objstorage:
       cls: filtered
       filters_conf:
       - type: readonly
       storage_conf:
         cls: pathslicing
         compression: none
@@ -17250,20 +17264,30 @@
   name: objstorage-read-only-rpc-ingress
   namespace: swh
 spec:
   type: ExternalName
   externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: objstorage-ro-banco-xfs-rpc-ingress
+  namespace: swh
+spec:
+  type: ExternalName
+  externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
   name: objstorage-ro-saam-zfs-rpc-ingress
   namespace: swh
 spec:
   type: ExternalName
   externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
@@ -17406,20 +17430,37 @@
     app: objstorage-read-only
   ports:
     - port: 5003
       targetPort: 5003
       name: rpc
 ---
 # Source: swh/templates/objstorage/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: objstorage-ro-banco-xfs
+  namespace: swh
+  labels:
+    app: objstorage-ro-banco-xfs
+spec:
+  type: ClusterIP
+  selector:
+    app: objstorage-ro-banco-xfs
+  ports:
+    - port: 5003
+      targetPort: 5003
+      name: rpc
+---
+# Source: swh/templates/objstorage/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
   name: objstorage-ro-saam-zfs
   namespace: swh
   labels:
     app: objstorage-ro-saam-zfs
 spec:
   type: ClusterIP
   selector:
     app: objstorage-ro-saam-zfs
   ports:
     - port: 5003
@@ -28589,20 +28630,158 @@
       - name: config-utils
         configMap:
           name: config-utils
           defaultMode: 0555
 ---
 # Source: swh/templates/objstorage/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   namespace: swh
+  name: objstorage-ro-banco-xfs
+  labels:
+    app: objstorage-ro-banco-xfs
+spec:
+  revisionHistoryLimit: 2
+  replicas: 2
+  selector:
+    matchLabels:
+      app: objstorage-ro-banco-xfs
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: objstorage-ro-banco-xfs
+      annotations:
+        checksum/config: db0b3d5e6a36548e6d48839b694aba63012082610874be6eff3807713d060d38
+        checksum/config-utils: d75ca13b805bce6a8ab59c8e24c938f2283108f6a79134f6e71db86308651dc6
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: banco
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/objstorage-pathslicing
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-frontend-rpc
+      initContainers:
+        - name: prepare-configuration
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/utils:20231211.1
+          imagePullPolicy: IfNotPresent
+          command:
+          - /entrypoints/prepare-configuration.sh
+          env:
+
+
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+          - name: config-utils
+            mountPath: /entrypoints
+            readOnly: true
+      containers:
+        - name: objstorage-ro-banco-xfs
+          resources:
+            requests:
+              memory: 1024Mi
+              cpu: 250m
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/objstorage:20240117.3
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5003
+              name: rpc
+          readinessProbe:
+            httpGet:
+              path: /
+              port: rpc
+            initialDelaySeconds: 15
+            failureThreshold: 30
+            periodSeconds: 5
+          livenessProbe:
+            tcpSocket:
+              port: rpc
+            initialDelaySeconds: 10
+            periodSeconds: 5
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - /opt/swh/entrypoint.sh
+          env:
+            - name: THREADS
+              value: "1"
+            - name: WORKERS
+              value: "8"
+            - name: TIMEOUT
+              value: "3600"
+            - name: STATSD_HOST
+              value: prometheus-statsd-exporter
+            - name: STATSD_PORT
+              value: "9125"
+            - name: LOG_LEVEL
+              value: "INFO"
+            - name: SWH_SENTRY_ENVIRONMENT
+              value: production
+            - name: SWH_MAIN_PACKAGE
+              value: swh.objstorage
+            - name: SWH_SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: common-secrets
+                  key: objstorage-sentry-dsn
+                  # 'name' secret should exist & include key
+                  # if the setting doesn't exist, sentry pushes will be disabled
+                  optional: true
+            - name: SWH_SENTRY_DISABLE_LOGGING_EVENTS
+              value: "true"
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: pathslicing-ro
+            mountPath: /srv/softwareheritage/objects
+            readOnly: false
+
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: objstorage-ro-banco-xfs-configuration-template
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: config-utils
+        configMap:
+          name: config-utils
+          defaultMode: 0555
+
+      - name: pathslicing-ro
+
+        hostPath:
+          path: /srv/softwareheritage/objects
+          readOnly: true
+          type: Directory
+---
+# Source: swh/templates/objstorage/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: swh
   name: objstorage-ro-saam-zfs
   labels:
     app: objstorage-ro-saam-zfs
 spec:
   revisionHistoryLimit: 2
   replicas: 2
   selector:
     matchLabels:
       app: objstorage-ro-saam-zfs
   strategy:
@@ -34422,20 +34601,50 @@
           service:
             name: objstorage-read-only
             port:
               number: 5003
 ---
 # Source: swh/templates/objstorage/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   namespace: swh
+  name: objstorage-ro-banco-xfs-ingress-default
+  labels:
+    app: objstorage-ro-banco-xfs
+    endpoint-definition: default
+  annotations:
+    nginx.ingress.kubernetes.io/service-upstream: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.200.0/22
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
+    nginx.ingress.kubernetes.io/proxy-body-size: 4G
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: objstorage-ro-banco-xfs-rpc-ingress
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: objstorage-ro-banco-xfs
+            port:
+              number: 5003
+---
+# Source: swh/templates/objstorage/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: swh
   name: objstorage-ro-saam-zfs-ingress-default
   labels:
     app: objstorage-ro-saam-zfs
     endpoint-definition: default
   annotations:
     nginx.ingress.kubernetes.io/service-upstream: "true"
     nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.200.0/22
     nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
     nginx.ingress.kubernetes.io/proxy-body-size: 4G
     nginx.ingress.kubernetes.io/proxy-buffering: "on"


------------- diff for environment production namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.gTtOQm5X/production-swh-cassandra.before 2024-01-30 09:55:18.148756610 +0100
+++ /tmp/swh-chart.swh.gTtOQm5X/production-swh-cassandra.after  2024-01-30 09:55:18.636756067 +0100
@@ -11225,20 +11225,30 @@
   name: objstorage-read-only-rpc-ingress
   namespace: swh-cassandra
 spec:
   type: ExternalName
   externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: objstorage-ro-banco-xfs-rpc-ingress
+  namespace: swh-cassandra
+spec:
+  type: ExternalName
+  externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+---
+# Source: swh/templates/external-services/cname.yaml
+apiVersion: v1
+kind: Service
+metadata:
   name: objstorage-ro-saam-zfs-rpc-ingress
   namespace: swh-cassandra
 spec:
   type: ExternalName
   externalName: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
 ---
 # Source: swh/templates/external-services/cname.yaml
 apiVersion: v1
 kind: Service
 metadata:

Refs. swh/infra/sysadm-environment#5226 (closed)

Edited by Antoine R. Dumont

Merge request reports