swh/staging: Use public deposit url in the webapp to have a valid certificate
The internal deposit url is http only so the nginx self signed certificate is used by default (with no vhost behind). It will match the production configuration.
Related to swh/infra/sysadm-environment#5257 (closed)
helm-diff
[swh] Comparing changes between branches production and staging-deposit-urls (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in staging-deposit-urls branch for environment staging...
[swh] Generate config in staging-deposit-urls branch for environment staging...
[swh] Generate config in staging-deposit-urls branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in staging-deposit-urls branch for environment production...
[swh] Generate config in staging-deposit-urls branch for environment production...
[swh] Generate config in staging-deposit-urls branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.M1UIB0R4/staging-swh.before 2024-02-20 19:42:00.932224269 +0100
+++ /tmp/swh-chart.swh.M1UIB0R4/staging-swh.after 2024-02-20 19:42:02.512230406 +0100
@@ -1386,21 +1386,21 @@
cls: remote
url: http://vault-rpc-ingress
indexer_storage:
cls: remote
url: http://indexer-storage-rpc-ingress
counters_backend: swh-counters
counters:
cls: remote
url: http://counters-rpc-ingress
deposit:
- private_api_url: https://deposit-dynamic.internal.staging.swh.network/1/private/
+ private_api_url: https://deposit.staging.swh.network/1/private/
private_api_user: ${DEPOSIT_USERNAME}
private_api_password: ${DEPOSIT_PASSWORD}
add_forge_now:
email_address: add-forge-now@webapp.staging.swh.network
secret_key: ${DJANGO_SECRET_KEY}
production_db:
host: db1.internal.staging.swh.network
port: 5432
@@ -4765,21 +4765,21 @@
app: web-postgresql
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-postgresql
annotations:
- checksum/config: 26a7bc8690f61a63d24d91d64254553b4ca8f4d93b990ff765dbe2a00e9456ec
+ checksum/config: 168755b24bcbf288eec63bf6e2dae01830d862a7eab8e9f6025f332aa2037136
checksum/config-utils: d75ca13b805bce6a8ab59c8e24c938f2283108f6a79134f6e71db86308651dc6
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.M1UIB0R4/staging-swh-cassandra.before 2024-02-20 19:42:01.612226910 +0100
+++ /tmp/swh-chart.swh.M1UIB0R4/staging-swh-cassandra.after 2024-02-20 19:42:03.360233699 +0100
@@ -199,21 +199,21 @@
- cls: remote
url: http://storage-postgresql-read-only-rpc-ingress
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@scheduler0.internal.staging.swh.network:5672/%2f
task_acks_late: true
task_modules:
- swh.deposit.loader.tasks
task_queues:
- swh.deposit.loader.tasks.ChecksDepositTsk
deposit:
- url: https://deposit-dynamic.internal.staging.swh.network/1/private/
+ url: https://deposit.staging.swh.network/1/private/
auth:
username: ${DEPOSIT_USERNAME}
password: ${DEPOSIT_PASSWORD}
init-container-entrypoint.sh: |
#!/bin/bash
set -e
CONFIG_FILE=/etc/swh/config.yml
@@ -4773,21 +4773,21 @@
- cls: filter
- cls: retry
- cls: remote
url: http://storage-cassandra:5002
default_filename:
archive.tar
deposit:
auth:
password: ${DEPOSIT_PASSWORD}
username: ${DEPOSIT_USERNAME}
- url: https://deposit-dynamic.internal.staging.swh.network/1/private
+ url: http://deposit-dynamic.internal.staging.swh.network/1/private
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@scheduler0.internal.staging.swh.network:5672/%2f
task_acks_late: false
task_queues:
- swh.loader.package.deposit.tasks.LoadDeposit
sentry_settings_for_celery_tasks:
__sentry-settings-for-celery-tasks__
metadata_fetcher_credentials:
__metadata-fetcher-credentials__
@@ -7730,21 +7730,21 @@
cls: remote
url: http://vault-rpc-ingress
indexer_storage:
cls: remote
url: http://indexer-storage-rpc-ingress
counters_backend: swh-counters
counters:
cls: remote
url: http://counters-rpc-ingress
deposit:
- private_api_url: https://deposit-dynamic.internal.staging.swh.network/1/private/
+ private_api_url: https://deposit.staging.swh.network/1/private/
private_api_user: ${DEPOSIT_USERNAME}
private_api_password: ${DEPOSIT_PASSWORD}
add_forge_now:
email_address: add-forge-now@webapp.staging.swh.network
secret_key: ${DJANGO_SECRET_KEY}
production_db:
host: db1.internal.staging.swh.network
port: 5432
@@ -8181,21 +8181,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: checker-deposit
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: afe69037aec2b554b847bc1403a8059308032c4b3da3b3e0cc958a1b1fa7c58b
+ checksum/config: e7766991791ade56814dfc3ef783f70bd10c62fd1f49c615fe9421fc873bbdbd
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/deposit
operator: In
values:
@@ -16272,21 +16272,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: loader-deposit
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: 3a91e1ce68b18ecd384c6274cbd276c16f85b6db370abfd25a2011fadd26eff4
+ checksum/config: 8cb70eea5d8fa68cf924244c26fe999010fd64a9adba11e2f81af9e6ad3da318
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/loader
operator: In
values:
- "true"
@@ -22612,21 +22612,21 @@
app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-cassandra
annotations:
- checksum/config: 4bd8b0f9526c2d6e2b7af7fdf9842e094e155245070406979270ef182f50be79
+ checksum/config: 14bf3dc0f7932a051f589cbd40661b2ca33a0b45f323dc352b5557151f934184
checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.M1UIB0R4/staging-swh-cassandra-next-version.before 2024-02-20 19:42:02.072228697 +0100
+++ /tmp/swh-chart.swh.M1UIB0R4/staging-swh-cassandra-next-version.after 2024-02-20 19:42:03.788235362 +0100
@@ -1528,21 +1528,21 @@
- cls: filter
- cls: retry
- cls: remote
url: http://storage-cassandra:5002
default_filename:
archive.tar
deposit:
auth:
password: ${DEPOSIT_PASSWORD}
username: ${DEPOSIT_USERNAME}
- url: https://deposit-dynamic.internal.staging.swh.network/1/private
+ url: http://deposit-dynamic.internal.staging.swh.network/1/private
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@scheduler0.internal.staging.swh.network:5672/%2f
task_acks_late: false
task_queues:
- swh.loader.package.deposit.tasks.LoadDeposit
sentry_settings_for_celery_tasks:
__sentry-settings-for-celery-tasks__
metadata_fetcher_credentials:
__metadata-fetcher-credentials__
@@ -4042,21 +4042,21 @@
cls: remote
url: http://vault-rpc-ingress-next-version
indexer_storage:
cls: remote
url: http://indexer-storage-rpc-ingress
counters_backend: swh-counters
counters:
cls: remote
url: http://counters-rpc-ingress-next-version
deposit:
- private_api_url: https://deposit-dynamic.internal.staging.swh.network/1/private/
+ private_api_url: https://deposit.staging.swh.network/1/private/
private_api_user: ${DEPOSIT_USERNAME}
private_api_password: ${DEPOSIT_PASSWORD}
add_forge_now:
email_address: add-forge-now@webapp.staging.swh.network
secret_key: ${DJANGO_SECRET_KEY}
production_db:
host: db1.internal.staging.swh.network
port: 5432
@@ -6599,21 +6599,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: loader-deposit
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: 5c7b57ae6c0318cfc1cf708b829c1c9d118b940cb671a698fdfb33074ee9357e
+ checksum/config: d479f0589b7d653a394285e4ff10ef9998da627f79c1ddd3e1078a6946b2a808
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/loader
operator: In
values:
- "true"
@@ -11206,21 +11206,21 @@
app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-cassandra
annotations:
- checksum/config: 53c24212a30e71faefcfcd4604491a9350acc11990d635e22270061339e11837
+ checksum/config: 8722a49e1f58ea9815cfc35a7a56d7fa383ac7ec8397a99b9ae82b7f2d8a05ec
checksum/config-utils: 94d255131467f84bef964a4c72b2b792c5ebaf711bb1c77829d7cd1007a8ac22
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
------------- diff for environment production namespace swh -------------
No differences
------------- diff for environment production namespace swh-cassandra -------------
No differences