PR#2326: Support kubernetes within kustomize - copr/copr

copr / copr

#2326 Support kubernetes within kustomize

Merged a year ago by praiskup. Opened 2 years ago by tommylike.

copr/ tommylike/copr feature/support-kubernetes into main

Add kubernetes deployment support

TommyLike • a year ago

fde39af

kubernetes/README.md

file added

+55

		`@@ -0,0 +1,55 @@`
		`+ # Deploy Copr build system in Kubernetes`
		`+`
		`+ This directory contains the deployment yamls and upgraded configuration for kubernetes`
		`+ cluster, you can deploy COPR into your cluster within several changes. Note this deployment`
		`+ is for pre-production usage.`
		`+`
		`+ ## Before launch`
		`+ 1. [Kustomize](https://github.com/kubernetes-sigs/kustomize) tool, the yamls are organized within kustomize, download it`
		+ first and use `kustomize build kubernetes/kustomize` to generate the final yamls.
		+ 2. Docker Images, the local images which are generated within command `docker compose build` will be used in default, you
		`+ can overwrite the image name and tag in kustomization yamls if you needed.`
		+ ```yaml
		`+ # builder image`
		`+ - name: copr_builder:latest`
		`+ newName: organization/image_name`
		`+ newTag: image_tag`
		+ ````
		`+ 3. Domain name and certificate, now all the COPR UI including frontend, cgit and backend result are exposed via identical domain`
		+ `https://sample.copr.org` you have to replace this all into your own domain (just search 'sample.copr.org' in yaml and configuration),
		+ also you need to update `cert/tls.key` and `cert/tls.crt` within your domain certificate content. If you have cert manager or
		`+ other cert automation tools deployed, please remove these two files and upgrade the Ingress yaml.`
		`+ 4. Persistent storage class, please upgrade the storage class name correspondingly before deploy.`
		+ ```yaml
		`+ apiVersion: v1`
		`+ kind: PersistentVolumeClaim`
		`+ metadata:`
		`+ name: copr-database-data`
		`+ spec:`
		`+ accessModes:`
		`+ - ReadWriteOnce`
		`+ resources:`
		`+ requests:`
		`+ storage: 10Gi`
		`+ storageClassName: ssd`
		+ ```
		+ 5. COPR builder, the only builder instance is deployed in kubernetes within `privileged` mode for demonstration usage, please
		`+ refer to the document on how to integrate COPR with AWS or other cloud provider VM Instance. Also, you can try the [kubernetes plugin](https://github.com/TommyLike/resalloc-kubernetes)`
		`+ for resalloc framework, which will create copr builder pod with PVC dynamically:`
		+ ```yaml
		`+ kubernetes_x86_64_normal_prod:`
		`+ max: 1`
		`+ max_starting: 1`
		`+ max_prealloc: 1`
		`+ tags:`
		`+ - some_tags`
		`+ cmd_new: resalloc add --namespace <namespace> --cpu-resource 1 --memory-resource 1024Mi --image-tag <coper-builder-image> --additional-volume-size 1Gi --additional-volume-class sds --additional-volume-mount-path /var/lib/copr-rpmbuild --timeout 90`
		`+ cmd_delete: resalloc delete --namespace <namespace>`
		`+ cmd_livecheck: "/usr/bin/resalloc-check-vm-ip"`
		`+ livecheck_period: 180`
		`+ reuse_opportunity_time: 180`
		`+ reuse_max_count: 8`
		`+ reuse_max_time: 1800`
		+ ```
		`+ # Author`
		`+ Original author and maintainer of Kustomize scripts is [TommyLike](https://pagure.io/user/tommylike), and [email address](tommylikehu@gmail.com).`
		`\ No newline at end of file`

kubernetes/kustomize/backend.yaml

file added

+149

		`@@ -0,0 +1,149 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-backend`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-backend`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-backend`
		`+ spec:`
		`+ initContainers:`
		`+ - name: init-backend-resalloc`
		`+ image: ebiqe/alpine-nc:latest`
		`+ command: [ "sh", "-c", "until nc -z copr-resalloc.fedora-copr.svc.cluster.local 49100; do echo waiting for resalloc service ; sleep 2; done;" ]`
		`+ - name: init-backend-redis`
		`+ image: ebiqe/alpine-nc:latest`
		`+ command: [ "sh", "-c", "until nc -z redis.fedora-copr.svc.cluster.local 6379; do echo waiting for redis service ; sleep 2; done;" ]`
		`+ containers:`
		`+ - image: copr_backend_httpd:latest`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: httpd`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 5002`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ httpGet:`
		`+ path: /`
		`+ port: 5002`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ ports:`
		`+ - containerPort: 5002`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /opt/app-root/etc/nginx.d/copr-be.conf`
		`+ name: copr-backend`
		`+ subPath: nginx.conf`
		`+ - mountPath: /var/lib/copr/public_html/results`
		`+ name: copr-backend-data`
		`+ - image: copr_backend-log:latest`
		`+ imagePullPolicy: Always`
		`+ name: log`
		`+ command: ["/tini", "--", "/usr/sbin/runuser", "-u", "copr", "-g", "copr", "--", "/usr/bin/copr_run_logger.py"]`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ volumeMounts:`
		`+ - mountPath: /etc/nginx/conf.d/copr-be.conf`
		`+ name: copr-backend`
		`+ subPath: copr-be.conf`
		`+ - mountPath: /var/lib/copr/public_html/results`
		`+ name: copr-backend-data`
		`+ - mountPath: /etc/copr/copr-be.conf`
		`+ name: copr-backend`
		`+ subPath: copr-be.conf`
		`+ - mountPath: /etc/sign.conf`
		`+ name: copr-backend`
		`+ subPath: sign.conf`
		`+ - image: copr_backend-action:latest`
		`+ imagePullPolicy: Always`
		`+ name: action`
		`+ command: ["/tini", "--", "/usr/sbin/runuser", "-u", "copr", "-g", "copr", "--", "/usr/bin/copr-run-dispatcher", "actions"]`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ volumeMounts:`
		`+ - mountPath: /etc/copr/copr-be.conf`
		`+ name: copr-backend`
		`+ subPath: copr-be.conf`
		`+ - mountPath: /etc/sign.conf`
		`+ name: copr-backend`
		`+ subPath: sign.conf`
		`+ - mountPath: /var/lib/copr/public_html/results`
		`+ name: copr-backend-data`
		`+ - image: copr_backend-build:latest`
		`+ imagePullPolicy: Always`
		`+ name: build`
		`+ command: ["/tini", "--", "/usr/sbin/runuser", "-u", "copr", "-g", "copr","-G", "obsrun", "--", "/usr/bin/copr-run-dispatcher", "builds"]`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ volumeMounts:`
		`+ - mountPath: /etc/sign.conf`
		`+ name: copr-backend`
		`+ subPath: sign.conf`
		`+ - mountPath: /etc/nginx/conf.d/copr-be.conf`
		`+ name: copr-backend`
		`+ subPath: nginx.conf`
		`+ - mountPath: /home/copr/.ssh/builder_config`
		`+ name: copr-backend`
		`+ subPath: builder_config`
		`+ - mountPath: /home/copr/.ssh/id_rsa`
		`+ name: copr-backend`
		`+ subPath: id_rsa`
		`+ - mountPath: /home/copr/.ssh/id_rsa.pub`
		`+ name: copr-backend`
		`+ subPath: id_rsa.pub`
		`+ - mountPath: /var/lib/copr/public_html/results`
		`+ name: copr-backend-data`
		`+ - mountPath: /etc/copr/copr-be.conf`
		`+ name: copr-backend`
		`+ subPath: copr-be.conf`
		`+ volumes:`
		`+ - name: copr-backend`
		`+ configMap:`
		`+ name: copr-backend`
		`+ - name: copr-backend-data`
		`+ persistentVolumeClaim:`
		`+ claimName: copr-backend-data`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: copr-backend`
		`+ spec:`
		`+ ports:`
		`+ - name: httpd`
		`+ port: 5002`
		`+ protocol: TCP`
		`+ targetPort: 5002`
		`+ selector:`
		`+ component: copr-backend`
		`+ type: ClusterIP`
		`+ ---`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: PersistentVolumeClaim`
		`+ metadata:`
		`+ name: copr-backend-data`
		`+ spec:`
		`+ accessModes:`
		`+ - ReadWriteOnce`
		`+ resources:`
		`+ requests:`
		`+ storage: 10Gi`
		`+ storageClassName: ssd`

kubernetes/kustomize/builder.yaml

file added

+65

		`@@ -0,0 +1,65 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-builder`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-builder`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-builder`
		`+ spec:`
		`+ containers:`
		`+ - image: copr_builder:latest`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: builder`
		`+ securityContext:`
		`+ privileged: true`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 22`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ tcpSocket:`
		`+ port: 22`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ ports:`
		`+ - containerPort: 22`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /etc/copr-distgit-client/docker.ini`
		`+ name: copr-builder`
		`+ subPath: client.ini`
		`+ - mountPath: /etc/copr-rpmbuild/main.ini`
		`+ name: copr-builder`
		`+ subPath: rpmbuild.ini`
		`+ - mountPath: /root/.ssh/id_backend_pub`
		`+ name: copr-builder`
		`+ subPath: id_backend_pub`
		`+ volumes:`
		`+ - name: copr-builder`
		`+ configMap:`
		`+ name: copr-builder`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: copr-builder`
		`+ spec:`
		`+ ports:`
		`+ - name: ssh`
		`+ port: 22`
		`+ protocol: TCP`
		`+ targetPort: 22`
		`+ selector:`
		`+ component: copr-builder`
		`+ type: ClusterIP`

kubernetes/kustomize/cert/tls.crt

file added

		`@@ -0,0 +1,1 @@`
		`+ # Add content here`
		`\ No newline at end of file`

kubernetes/kustomize/cert/tls.key

file added

		`@@ -0,0 +1,1 @@`
		`+ # Add content here`
		`\ No newline at end of file`

kubernetes/kustomize/config/backend/.ssh/builder_config

file added

+18

		`@@ -0,0 +1,18 @@`
		`+ Host *`
		`+ # For dynamically started VMs.`
		`+ StrictHostKeyChecking no`
		`+ UserKnownHostsFile /dev/null`
		`+`
		`+ # For non-default paths to identity file.`
		`+ IdentityFile ~/.ssh/id_rsa`
		`+`
		`+ # Ensure remote command uses proper line buffering for live logs`
		`+ # (so called live logs).`
		`+ RequestTTY=force`
		`+`
		`+ # Keep control sockets open, to speedup subsequent command runs.`
		`+ ControlPath=/home/copr/ssh_socket_%h_%p_%r`
		`+ ControlMaster=auto`
		`+ ControlPersist=900`
		`+`
		`+ Port=22`

kubernetes/kustomize/config/backend/.ssh/id_rsa

file added

+27

		`@@ -0,0 +1,27 @@`
		`+ -----BEGIN RSA PRIVATE KEY-----`
		`+ MIIEpAIBAAKCAQEA3qIq1f0FDl0Fa2hLrerWvHmDYivo0Rjocmzkps4C3fv+FXvT`
		`+ wpd8m8NvPJxioqIcAqRQuXvLdsY0CE0MgmgWl9t3iIts5W+rjcaZV3qnasTwOV5R`
		`+ lz1MA/PI15lUocJ8/t+HvGldBYoVec+TfsQVlu5PXQfWV7ytZayqtGNtkiGCQp8r`
		`+ OraAeA+THFcvvh4yIPUVUwJSjdB+1Begd8XemDUBBU8fwUAnHodRGJKOjkthDtm+`
		`+ GRJwHCfEl6jSc/6BmeF4MuJ+nVWoT6uHnRxJ+1VzJPtygB6F1WmDfwlTd8G7r4C/`
		`+ FBa8GqPIu8rnAd1TbiL2nW3a+bJcdUGrzBSa5wIDAQABAoIBACYu2fnpczyLZ6qM`
		`+ MK6bYEji7k2gCkYSZ4t4cZ7KJmO8HE/C9QaixJRSaHmUuLX756HsXIvzV2n/hF0I`
		`+ GeUjxPw2f8HDZ+HRzTJ7pUEDoEMHk8vDCWtO8AKdhQy1F3bGzHlKDRWbXIDeteA2`
		`+ Ya2UI7/HD4V9Gp3hljuh6YUWqGwvUSO7pGmBKKS40WtnDJrcH2MhSV3nwV4VaE5j`
		`+ axB7g2iTYFADOPhe1Jj6A5zmZTtvjHn+QdJ46UJUGtW/gjPwJhMwyhTente1CcfL`
		`+ UjOSuZQdr6ZH9sQ9jaEb5fkWOLuzwAafLl2v8NrgM+mCvhlXMT25a/9J4R4uiDqw`
		`+ 2ELJ7QECgYEA9Y24u8Mj1yizSUPq+1gTBIdeW/py9uqbsB5JYVqAX8ymCv1vOUO+`
		`+ Aix0gq6GA7+oKSyxkTex5KPy9YA+0nPuWYHaeTWSyPF7lpCy2zddfMYBJ/VlZgPh`
		`+ bJ5TKn6CpBpFbi/Geqjez0yHntZYCaVTLdOtbhJeevrz4Y4Rxon/NzECgYEA6BrT`
		`+ qjPY8bG3+wk+SdsA7GMX/PaB5CjKniglfYW1SApD3y2CxT8yxXlNX0sHNazSDB5n`
		`+ ra8Goc6h1T6I+eiv5+GSz3yoXBBXZLjXpgufhuct8dB7sjKHZWhuMSriecCvmZtw`
		`+ 6ByLOf8ZdUpr8yIc8kqXkRc5ozpVYhhbvXRSnZcCgYEA2zem0JmqCY/gX2wvACzk`
		`+ 7Yoch2jT8fQJAfZH9I3jRaNiKTWQckM0AqTFb1V3dylHa1rnO4nJWyGy6dGQRDoT`
		`+ c/0lmkhlvtc3Snfr9SE8aQQsTAwcdjLIsTu3a5x97Rs3GOO2AhN4twDPotIgzpu1`
		`+ 4pezoSztBEW+LIO1AtZ37kECgYBJrPJRTaHonpQbAIUgJn91icL8jjcO+I/Qgkfc`
		`+ P0wa8P84YZboC7aPDoEr5YIFXLVUGXapoCxHwnKGYRJT2bO0tFrIt/YtOxaypyX0`
		`+ 1C2wQcPIxXfuSbHG085elxFKuopDBR9i3mSnZT1siNIZXFO56UmRScEG+iZOPBMq`
		`+ 4Ti0QwKBgQDosVdv0+gL1rOyYHhoQOcBUSXvHsLvJvx11q7eyK2V9Yt8O9N9nL1k`
		`+ jCzN5+S6sFORNHkSBcX2DTNHoHwtif2hgdVaMZqHXmSFpccAi5q9jRzRL3osNM2Y`
		`+ jlZUP22h8DHdM4Nqi1DnoHuMMhwgf4w3+FUfd6Wboq78wXKmN4Yf/g==`
		`+ -----END RSA PRIVATE KEY-----`
praiskup commented a year ago Is this supposed to be published?

kubernetes/kustomize/config/backend/.ssh/id_rsa.pub

file added

@@ -0,0 +1,1 @@

+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeoirV/QUOXQVraEut6ta8eYNiK+jRGOhybOSmzgLd+/4Ve9PCl3ybw288nGKiohwCpFC5e8t2xjQITQyCaBaX23eIi2zlb6uNxplXeqdqxPA5XlGXPUwD88jXmVShwnz+34e8aV0FihV5z5N+xBWW7k9dB9ZXvK1lrKq0Y22SIYJCnys6toB4D5McVy++HjIg9RVTAlKN0H7UF6B3xd6YNQEFTx/BQCceh1EYko6OS2EO2b4ZEnAcJ8SXqNJz/oGZ4Xgy4n6dVahPq4edHEn7VXMk+3KAHoXVaYN/CVN3wbuvgL8UFrwao8i7yucB3VNuIvadbdr5slx1QavMFJrn root@backend

kubernetes/kustomize/config/backend/copr-be.conf

file added

+76

		`@@ -0,0 +1,76 @@`
		`+ [backend]`
		`+`
		`+ build_user=root`
		`+`
		`+ # URL where are results visible`
		`+ # default is http://copr`
		`+ results_baseurl=http://copr-backend.fedora-copr.svc.cluster.local:5002/results/`
		`+`
		`+ # default is http://coprs/rest/api`
		`+ #frontend_base_url=http://localhost:5000`
		`+ frontend_base_url=http://copr-frontend.fedora-copr.svc.cluster.local:5000`
		`+`
		`+ # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf`
		`+ # default is PASSWORDHERE but you really should change it. really.`
		`+ #frontend_auth=1234`
		`+ frontend_auth=1234`
		`+`
		`+ dist_git_url=http://copr-distgit.fedora-copr.svc.cluster.local/cgit`
		`+ #dist_git_url=http://cgit`
		`+`
		`+`
		`+ # directory where results are stored`
		`+ # should be accessible from web using 'results_baseurl' URL`
		`+ # no default`
		`+ destdir=/var/lib/copr/public_html/results`
		`+`
		`+ # how long (in seconds) backend should wait before query frontends`
		`+ # for new tasks in queue`
		`+ # default is 10`
		`+ sleeptime=30`
		`+`
		`+`
		`+ # Builder machine allocation is done by resalloc server listening on`
		`+ # this address.`
		`+ resalloc_connection=http://copr-resalloc.fedora-copr.svc.cluster.local:49100`
		`+`
		`+`
		`+ # exit on worker failure`
		`+ # default is false`
		`+ #exit_on_worker=false`
		`+`
		`+ # publish fedmsg notifications from workers if true`
		`+ # default is false`
		`+ #fedmsg_enabled=false`
		`+`
		`+`
		`+ # enable package signing, require configured`
		`+ # signer host and correct /etc/sign.conf`
		`+ do_sign=true`
		`+`
		`+ # host or ip of machine with copr-keygen`
		`+ # usually the same as in /etc/sign.conf`
		`+ keygen_host=copr-keygen.fedora-copr.svc.cluster.local:5003`
		`+`
		`+ # minimum age for builds to be pruned`
		`+ prune_days=14`
		`+`
		`+ # logging settings`
		`+ # log_dir=/var/log/copr-backend/`
		`+ # log_level=info`
		`+`
		`+ # verbose=False`
		`+`
		`+ redis_host=redis`
		`+ redis_port=6379`
		`+`
		`+ [builder]`
		`+ # default is 1800`
		`+ timeout=3600`
		`+`
		`+ # consecutive_failure_threshold=10`
		`+`
		`+ builder_perl=True`
		`+`
		`+ [ssh]`
		`+ builder_config=/home/copr/.ssh/builder_config`

kubernetes/kustomize/config/backend/nginx.conf

file added

+17

		`@@ -0,0 +1,17 @@`
		`+ server {`
		`+ listen 5002;`
		`+ listen [::]:5002;`
		`+ server_tokens off;`
		`+ access_log /dev/stdout;`
		`+ error_log /dev/stdout;`
		`+`
		`+ server_name localhost;`
		`+ charset utf-8;`
		`+`
		`+ root /var/lib/copr/public_html/;`
		`+`
		`+ location / {`
		`+ port_in_redirect off;`
		`+ autoindex on;`
		`+ }`
		`+ }`

kubernetes/kustomize/config/backend/sign.conf

file added

		`@@ -0,0 +1,2 @@`
		`+ server: copr-keygen.fedora-copr.svc.cluster.local`
		`+ allowuser: copr`

kubernetes/kustomize/config/builder/client.ini

file added

		`@@ -0,0 +1,4 @@`
		`+ [copr-distgit]`
		`+ clone_hostnames = copr-distgit`
		`+ lookaside_location = http://copr-distgit.fedora-copr.svc.cluster.local:5001`
		`+ lookaside_uri_pattern = repo/pkgs/{namespace[1]}/{namespace[0]}/{name}/{filename}/{hash}/{filename}`
		`\ No newline at end of file`

kubernetes/kustomize/config/builder/id_backend.pub

file added

@@ -0,0 +1,1 @@

+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeoirV/QUOXQVraEut6ta8eYNiK+jRGOhybOSmzgLd+/4Ve9PCl3ybw288nGKiohwCpFC5e8t2xjQITQyCaBaX23eIi2zlb6uNxplXeqdqxPA5XlGXPUwD88jXmVShwnz+34e8aV0FihV5z5N+xBWW7k9dB9ZXvK1lrKq0Y22SIYJCnys6toB4D5McVy++HjIg9RVTAlKN0H7UF6B3xd6YNQEFTx/BQCceh1EYko6OS2EO2b4ZEnAcJ8SXqNJz/oGZ4Xgy4n6dVahPq4edHEn7VXMk+3KAHoXVaYN/CVN3wbuvgL8UFrwao8i7yucB3VNuIvadbdr5slx1QavMFJrn root@backend

kubernetes/kustomize/config/builder/rpmbuild.ini

file added

+28

		`@@ -0,0 +1,28 @@`
		`+ [main]`
		`+ frontend_url = http://copr-frontend.fedora-copr.svc.cluster.local:5000`
		`+ enabled_source_protocols = https ftps`
		`+`
		`+ [distgit0]`
		`+ distgit_hostname_pattern = src.fedoraproject.org`
		`+ distgit_lookaside_url = https://src.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s`
		`+ distgit_clone_url = https://src.fedoraproject.org/%(module)s`
		`+`
		`+ [distgit1]`
		`+ distgit_hostname_pattern = copr-dist-git.fedorainfracloud.org`
		`+ distgit_lookaside_url = http://copr-dist-git.fedorainfracloud.org/repo/pkgs/%(ns2)s/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s`
		`+ distgit_clone_url = http://copr-dist-git.fedorainfracloud.org/git/%(module)s`
		`+`
		`+ [distgit2]`
		`+ distgit_hostname_pattern = pkgs.fedoraproject.org`
		`+ distgit_lookaside_url = https://src.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s`
		`+ distgit_clone_url = git://pkgs.fedoraproject.org/%(module)s`
		`+`
		`+ [distgit3]`
		`+ distgit_hostname_pattern = src.stg.fedoraproject.org`
		`+ distgit_lookaside_url = https://src.stg.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s`
		`+ distgit_clone_url = https://src.stg.fedoraproject.org/%(module)s`
		`+`
		`+ [distgit4]`
		`+ distgit_hostname_pattern = copr-distgit`
		`+ distgit_lookaside_url = http://ccopr-distgit.fedora-copr.svc.cluster.local:5001/repo/pkgs/%(ns2)s/%(ns1)s/%(name)s/%(filename)s/%(hash)s/%(filename)s`
		`+ distgit_clone_url = http://copr-distgit.fedora-copr.svc.cluster.local:5001/git/%(module)s`

kubernetes/kustomize/config/database/credential.env

file added

		`@@ -0,0 +1,3 @@`
		`+ database-user=copr-fe`
		`+ database-password=coprpass`
		`+ database-name=coprdb`
		`\ No newline at end of file`

kubernetes/kustomize/config/distgit/copr-dist-git.conf

file added

		`@@ -0,0 +1,5 @@`
		`+ [dist-git]`
		`+ frontend_base_url=http://copr-frontend.fedora-copr.svc.cluster.local:5000`
		`+ frontend_auth=1234`
		`+ per_task_log_dir=/var/lib/copr-dist-git/per-task-logs/`
		`+ log_dir=/var/log/copr-dist-git`
		`\ No newline at end of file`

kubernetes/kustomize/config/frontend/copr.conf

file added

+138

		`@@ -0,0 +1,138 @@`
		`+ # Purpose of this instance`
		`+ # Use "production", "devel", "local" or "test"`
		`+ ENV="local"`
		`+`
		`+ # Directory and files where is stored Copr database files`
		`+ #DATA_DIR = '/var/lib/copr/data'`
		`+ #DATABASE = '/var/lib/copr/data/copr.db'`
		`+ #OPENID_STORE = '/var/lib/copr/data/openid_store'`
		`+ #WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'`
		`+`
		`+ # salt for CSRF codes`
		`+ #SECRET_KEY = 'put_some_secret_here'`
		`+`
		`+ BACKEND_PASSWORD = '1234'`
		`+`
		`+ # restrict access to a set of users`
		`+ #USE_ALLOWED_USERS = False`
		`+ #ALLOWED_USERS = ['bonnie', 'clyde']`
		`+`
		`+ SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@database.fedora-copr.svc.cluster.local/coprdb'`
		`+`
		`+ # Token length, defaults to 30 (max 255)`
		`+ #API_TOKEN_LENGTH = 30`
		`+`
		`+ # Expiration of API token in days`
		`+ #API_TOKEN_EXPIRATION = 180`
		`+`
		`+ # logging options`
		`+ #SEND_LOGS_TO = ['root@localhost']`
		`+ #LOGGING_LEVEL = logging.ERROR`
		`+`
		`+ # where to send notice about raised legal flag`
		`+ #SEND_LEGAL_TO = ['root@localhost', 'somebody@somewhere.com']`
		`+`
		`+ # DEBUG = False`
		`+ DEBUG = True`
		`+ SQLALCHEMY_ECHO = False`
		`+`
		`+ #CSRF_ENABLED = True`
		`+ # as of Flask-WTF 0.9+`
		`+ #WTF_CSRF_ENABLED = True`
		`+`
		`+ # send emails when user's perms change in project?`
		`+ SEND_EMAILS = False`
		`+`
		`+ ## post-process url leading to backend`
		`+ ## possible options: None, "http", "https"`
		`+ # ENFORCE_PROTOCOL_FOR_BACKEND_URL = "https"`
		`+ ## post-process url leading to frontend`
		`+ # ENFORCE_PROTOCOL_FOR_FRONTEND_URL = "https"`
		`+`
		`+ # URLs for fedmenu resources`
		`+ #FEDMENU_URL = "http://threebean.org/fedmenu/"`
		`+ #FEDMENU_DATA_URL = "http://threebean.org/fedmenu/dev-data.js"`
		`+ #or`
		`+ #FEDMENU_URL = "https://apps.fedoraproject.org/fedmenu/"`
		`+ #FEDMENU_DATA_URL = "https://apps.fedoraproject.org/js/data.js"`
		`+`
		`+ PUBLIC_COPR_HOSTNAME = 'sample.copr.org'`
		`+ PUBLIC_COPR_BASE_URL = 'https://sample.copr.org'`
		`+`
		`+ BACKEND_BASE_URL = 'https://sample.copr.org'`
		`+ DIST_GIT_CLONE_URL = 'http://copr-distgit:5001/git'`
		`+ DIST_GIT_URL = 'https://sample.copr.org/cgit'`
		`+ COPR_DIST_GIT_LOGS_URL = 'http://localhost:5001/per-task-logs'`
		`+`
		`+ # primary`
		`+ LOG_FILENAME = "/var/log/copr-frontend/frontend.log"`
		`+ LOG_DIR = "/var/log/copr-frontend/"`
		`+`
		`+ # Internal network, used to accept statistics without auth`
		`+ # list of IP or subnet`
		`+ INTRANET_IPS = ["127.0.0.1", "192.168.1.0/24"]`
		`+`
		`+ # Builder VMs network, used to avoid requests from builders in popularity statistics`
		`+ # list of IP or subnet, optional`
		`+ BUILDER_IPS = ["127.0.0.1"]`
		`+`
		`+ # a place for storing srpms until they get uploaded`
		`+ STORAGE_DIR = "/var/lib/copr/data/srpm_storage"`
		`+`
		`+ # no need to filter cla_* groups, they are already filtered by fedora openid`
		`+ GROUP_DENYLIST = ['fedorabugs', 'packager', 'provenpackager']`
		`+`
		`+ REDIS_HOST = "redis.fedora-copr.svc.cluster.local"`
		`+ REDIS_PORT = 6379`
		`+`
		`+ # Hide page parts not relevant to this Copr instance:`
		`+ # LAYOUT_OVERVIEW_HIDE_QUICK_ENABLE = False`
		`+`
		`+ # FAS_LOGIN = True`
		`+ # LOGIN_INFO = {`
		`+ # # Link to user's profile, {username} expaneded.`
		`+ # 'user_link': 'https://accounts.fedoraproject.org/user/{username}/',`
		`+ # # Description sometimes put into template to make clear what we point to`
		`+ # 'user_desc': 'FAS account'`
		`+ # }`
		`+`
		`+`
		`+ NEWS_URL = "https://fedora-copr.github.io/"`
		`+ NEWS_FEED_URL = "https://fedora-copr.github.io/feed.xml"`
		`+`
		`+ OPENID_PROVIDER_URL = "https://id.fedoraproject.org"`
		`+`
		`+ # When the data in EOL chroots should be deleted (in days)`
		`+ DELETE_EOL_CHROOTS_AFTER = 180`
		`+`
		`+ # This option has several meanings:`
		`+ # - How often we warn about the EOL chroots be e-mail; Ie. we send the first`
		`+ # email on the day when we mark some of the mock_chroots EOL, and the next`
		`+ # emails are sent with EOL_CHROOTS_NOTIFICATION_PERIOD.`
		`+ # - We start showing a flash message in web-UI warning about EOL chroot removal`
		`+ # if some of the chroots is to be removed in the next`
		`+ # EOL_CHROOTS_NOTIFICATION_PERIOD days.`
		`+ # - the /repositories pages highlight the chroots to be removed in the next`
		`+ # EOL_CHROOTS_NOTIFICATION_PERIOD days`
		`+ EOL_CHROOTS_NOTIFICATION_PERIOD = 80`
		`+`
		`+ # enable Discourse integration`
		`+ ENABLE_DISCUSSION = False`
		`+ # DISCOURSE_URL = "https://discussion.fedoraproject.org/"`
		`+`
		`+ # PAGINATION`
		`+ ITEMS_PER_PAGE = 10`
		`+ PAGES_URLS_COUNT = 5`
		`+`
		`+ # Builds defaults`
		`+ # # memory in MB`
		`+ DEFAULT_BUILD_MEMORY = 2048`
		`+ MIN_BUILD_MEMORY = 2048`
		`+ MAX_BUILD_MEMORY = 4096`
		`+ # in seconds`
		`+ DEFAULT_BUILD_TIMEOUT = 3600 * 5`
		`+ MIN_BUILD_TIMEOUT = 0`
		`+ MAX_BUILD_TIMEOUT = 108000`
		`+`
		`+ # Disable template caching`
		`+ CACHE_TYPE = "NullCache"`

kubernetes/kustomize/config/frontend/httpd.conf

file added

+12

		`@@ -0,0 +1,12 @@`
		`+ Listen 5000`
		`+`
		`+ <VirtualHost 0.0.0.0>`
		`+ WSGIPassAuthorization On`
		`+ WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5`
		`+ WSGIScriptAlias / /usr/share/copr/coprs_frontend/application`
		`+ WSGIProcessGroup 127.0.0.1`
		`+ <Directory /usr/share/copr>`
		`+ WSGIApplicationGroup %{GLOBAL}`
		`+ Require all granted`
		`+ </Directory>`
		`+ </VirtualHost>`

kubernetes/kustomize/config/keygen/copr-keygen.conf

file added

+24

		`@@ -0,0 +1,24 @@`
		`+ Listen 0.0.0.0:5003`
		`+`
		`+ <VirtualHost 0.0.0.0:5003>`
		`+ ServerName 127.0.0.1`
		`+`
		`+ WSGIPassAuthorization On`
		`+ WSGIDaemonProcess 127.0.0.1 user=copr-signer group=copr-signer threads=5`
		`+ WSGIScriptAlias / /usr/share/copr-keygen/application.py`
		`+ WSGIProcessGroup 127.0.0.1`
		`+`
		`+ ErrorLog logs/error_log`
		`+ CustomLog logs/access_log common`
		`+`
		`+ TimeOut 300`
		`+`
		`+ <Directory /usr/share/copr-keygen>`
		`+ WSGIApplicationGroup %{GLOBAL}`
		`+ # apache 2.2 (el6, F17)`
		`+ #Order deny,allow`
		`+ #Allow from all`
		`+ # apache 2.4 (F18+)`
		`+ Require all granted`
		`+ </Directory>`
		`+ </VirtualHost>`

kubernetes/kustomize/config/keygen/sign.conf

file added

+19

		`@@ -0,0 +1,19 @@`
		`+ ---`
		`+`
		+ # See `man sign.conf`
		`+ #`
		`+ # Allow only connections from the specified ip addresses,`
		`+ # subnets expressed in CIDR notation, and/or hostnames.`
		`+ # Note that hostnames are resolved using reverse DNS`
		`+ # lookups, so there must be reverse entries in the DNS`
		`+ # server, and it should be secured against DNS poisoning`
		`+ # attacks.`
		`+ # Must be present.`
		`+ #`
		`+ # Since we cannot easily allow hostnames and containers IP`
		`+ # addresses may change, just hackily allow everything`
		`+ allow: 0.0.0.0/0`
		`+ phrases: /var/lib/copr-keygen/phrases`
		`+ gpg: /usr/bin/gpg-copr`
		`+ allowuser: $(id -u)`
		`+ allow-unprivileged-ports: true`

kubernetes/kustomize/config/resalloc/local-new

file added

		`@@ -0,0 +1,3 @@`
		`+ #!/bin/bash`
		`+`
		`+ echo copr-builder`
		`\ No newline at end of file`

kubernetes/kustomize/config/resalloc/pools.yaml

file added

+22

		`@@ -0,0 +1,22 @@`
		`+ local_x86_64_normal_prod:`
		`+ max: 1`
		`+ max_starting: 1`
		`+ max_prealloc: 1`
		`+ tags:`
		`+ - copr_builder`
		`+ - arch_noarch`
		`+ - arch_x86_64`
		`+ - arch_x86_64_native`
		`+ - arch_i386`
		`+ - arch_i386_native`
		`+ - arch_i586`
		`+ - arch_i586_native`
		`+ - arch_i686`
		`+ - arch_i686_native`
		`+ cmd_new: "/home/resalloc/provision/local-new"`
		`+ cmd_delete: "/home/resalloc/provision/local-delete"`
		`+ cmd_livecheck: "/usr/bin/resalloc-check-vm-ip"`
		`+ livecheck_period: 180`
		`+ reuse_opportunity_time: 180`
		`+ reuse_max_count: 8`
		`+ reuse_max_time: 1800`

kubernetes/kustomize/config/resalloc/server.yaml

file added

+21

		`@@ -0,0 +1,21 @@`
		`+ # SQLALCHEMY connection url. Note that using sqlite has serious limits WRT to`
		`+ # alembic migrations support (so it is discouraged in production). Make sure`
		`+ # you have installed appropriate libraries for desired SQL dialect, for`
		`+ # appropriate python version!`
		`+ #`
		`+ #For PostgreSQL connection without password using unix socket auth method.`
		`+ #db_url: 'postgresql://resalloc@/resalloc'`
		`+ #For PostgreSQL listening on host/port, using password.`
		`+ #db_url: 'postgresql://resalloc:pass@localhost:5432/resalloc'`
		`+ db_url: 'sqlite:////var/lib/resallocserver/db.sqlite'`
		`+`
		`+ logdir: '/var/log/resallocserver'`
		`+`
		`+ # Hostname to make the xmlrpc server listen on.`
		`+ hostname: '0.0.0.0'`
		`+`
		`+ # Port to make the xmlrpc server listen on.`
		`+ #port: 49100`
		`+`
		`+ # Set to 'debug' to get more verbose logging.`
		`+ loglevel: 'debug'`

kubernetes/kustomize/database.yaml

file added

+87

		`@@ -0,0 +1,87 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-database`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-database`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-database`
		`+ spec:`
		`+ containers:`
		`+ - image: copr_database:latest`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: copr-postgres`
		`+ livenessProbe:`
		`+ exec:`
		`+ command:`
		`+ - /usr/libexec/check-container`
		`+ - --live`
		`+ initialDelaySeconds: 120`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ exec:`
		`+ command:`
		`+ - /usr/libexec/check-container`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 500m`
		`+ memory: 500Mi`
		`+ ports:`
		`+ - containerPort: 5432`
		`+ protocol: TCP`
		`+ env:`
		`+ - name: POSTGRESQL_USER`
		`+ valueFrom:`
		`+ secretKeyRef:`
		`+ key: database-user`
		`+ name: copr-database`
		`+ - name: POSTGRESQL_PASSWORD`
		`+ valueFrom:`
		`+ secretKeyRef:`
		`+ key: database-password`
		`+ name: copr-database`
		`+ - name: POSTGRESQL_DATABASE`
		`+ valueFrom:`
		`+ secretKeyRef:`
		`+ key: database-name`
		`+ name: copr-database`
		`+ volumeMounts:`
		`+ - mountPath: /var/lib/pqsql/data`
		`+ name: postgresql-data`
		`+ volumes:`
		`+ - name: postgresql-data`
		`+ persistentVolumeClaim:`
		`+ claimName: copr-database-data`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: database`
		`+ spec:`
		`+ ports:`
		`+ - name: postgresql`
		`+ port: 5432`
		`+ protocol: TCP`
		`+ targetPort: 5432`
		`+ selector:`
		`+ component: copr-database`
		`+ type: ClusterIP`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: PersistentVolumeClaim`
		`+ metadata:`
		`+ name: copr-database-data`
		`+ spec:`
		`+ accessModes:`
		`+ - ReadWriteOnce`
		`+ resources:`
		`+ requests:`
		`+ storage: 10Gi`
		`+ storageClassName: ssd`

kubernetes/kustomize/distgit.yaml

file added

+95

		`@@ -0,0 +1,95 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-distgit`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-distgit`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-distgit`
		`+ spec:`
		`+ initContainers:`
		`+ - name: init-distgit`
		`+ image: busybox:1.28`
		`+ command: [ "sh", "-c", "until nslookup copr-frontend.fedora-copr.svc.cluster.local; do echo waiting for frontend service ; sleep 2; done;" ]`
		`+ containers:`
		`+ - image: copr_distgit-httpd:latest`
		`+ imagePullPolicy: Always`
		`+ name: copr-distgit-httpd`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 80`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ tcpSocket:`
		`+ port: 80`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ ports:`
		`+ - containerPort: 80`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /var/lib/dist-git`
		`+ name: copr-distgit-data`
		`+ - image: copr_distgit:latest`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: copr-distgit`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ volumeMounts:`
		`+ - mountPath: /var/lib/dist-git`
		`+ name: copr-distgit-data`
		`+ - mountPath: /etc/copr/copr-dist-git.conf`
		`+ name: copr-distgit`
		`+ subPath: copr-dist-git.conf`
		`+ command:`
		`+ - /bin/sh`
		`+ - -c`
		`+ - \|`
		`+ mkdir -p /var/lib/dist-git/cache /var/lib/dist-git/git;`
		`+ exec /usr/sbin/runuser -u root -g packager /usr/bin/importer_runner.py`
		`+ volumes:`
		`+ - name: copr-distgit-data`
		`+ persistentVolumeClaim:`
		`+ claimName: copr-distgit-data`
		`+ - name: copr-distgit`
		`+ configMap:`
		`+ name: copr-distgit`
		`+`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: copr-distgit`
		`+ spec:`
		`+ ports:`
		`+ - name: httpd`
		`+ port: 5001`
		`+ protocol: TCP`
		`+ targetPort: 80`
		`+ selector:`
		`+ component: copr-distgit`
		`+ type: ClusterIP`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: PersistentVolumeClaim`
		`+ metadata:`
		`+ name: copr-distgit-data`
		`+ spec:`
		`+ accessModes:`
		`+ - ReadWriteOnce`
		`+ resources:`
		`+ requests:`
		`+ storage: 10Gi`
		`+ storageClassName: ssd`

kubernetes/kustomize/frontend.yaml

file added

+69

		`@@ -0,0 +1,69 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-frontend`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-frontend`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-frontend`
		`+ spec:`
		`+ initContainers:`
		`+ - name: init-frontend-database`
		`+ image: ebiqe/alpine-nc:latest`
		`+ command: [ "sh", "-c", "until nc -z database.fedora-copr.svc.cluster.local 5432; do echo waiting for database service ; sleep 2; done;" ]`
		`+ - name: init-frontend-redis`
		`+ image: ebiqe/alpine-nc:latest`
		`+ command: [ "sh", "-c", "until nc -z redis.fedora-copr.svc.cluster.local 6379; do echo waiting for redis service ; sleep 2; done;" ]`
		`+ containers:`
		`+ - image: copr_frontend:latest`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: copr-frontend-httpd`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 5000`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ httpGet:`
		`+ path: /`
		`+ port: 5000`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 500m`
		`+ memory: 500Mi`
		`+ ports:`
		`+ - containerPort: 5000`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /etc/copr/copr.conf`
		`+ name: copr-frontend`
		`+ subPath: copr.conf`
		`+ - mountPath: /etc/httpd/conf.d/copr.conf`
		`+ name: copr-frontend`
		`+ subPath: httpd.conf`
		`+ volumes:`
		`+ - name: copr-frontend`
		`+ configMap:`
		`+ name: copr-frontend`
		`+`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: copr-frontend`
		`+ spec:`
		`+ ports:`
		`+ - name: httpd`
		`+ port: 5000`
		`+ protocol: TCP`
		`+ targetPort: 5000`
		`+ selector:`
		`+ component: copr-frontend`
		`+ type: ClusterIP`

kubernetes/kustomize/ingress.yaml

file added

+42

		`@@ -0,0 +1,42 @@`
		`+ apiVersion: networking.k8s.io/v1`
		`+ kind: Ingress`
		`+ metadata:`
		`+ name: copr-ingress`
		`+ spec:`
		`+ rules:`
		`+ - host: sample.copr.org`
		`+ http:`
		`+ paths:`
		`+ - backend:`
		`+ service:`
		`+ name: copr-distgit`
		`+ port:`
		`+ number: 5001`
		`+ path: /cgit/`
		`+ pathType: ImplementationSpecific`
		`+ - backend:`
		`+ service:`
		`+ name: copr-distgit`
		`+ port:`
		`+ number: 5001`
		`+ path: /cgit-data/`
		`+ pathType: ImplementationSpecific`
		`+ - backend:`
		`+ service:`
		`+ name: copr-backend`
		`+ port:`
		`+ number: 5002`
		`+ path: /results/`
		`+ pathType: ImplementationSpecific`
		`+ - backend:`
		`+ service:`
		`+ name: copr-frontend`
		`+ port:`
		`+ number: 5000`
		`+ path: /`
		`+ pathType: ImplementationSpecific`
		`+ tls:`
		`+ - hosts:`
		`+ - sample.copr.org`
		`+ secretName: copr-frontend-tls`
		`+`

kubernetes/kustomize/keygen.yaml

file added

+114

		`@@ -0,0 +1,114 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-keygen`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-keygen`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-keygen`
		`+ spec:`
		`+ containers:`
		`+ - image: copr_keygen-signd:latest`
		`+ imagePullPolicy: Always`
		`+ name: copr-keygen-signer`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 5167`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ tcpSocket:`
		`+ port: 5167`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ ports:`
		`+ - containerPort: 5167`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /var/lib/copr-keygen`
		`+ name: copr-keygen-data`
		`+ - mountPath: /etc/sign.conf`
		`+ name: copr-keygen`
		`+ subPath: sign.conf`
		`+ - image: copr_keygen-httpd:latest`
		`+ imagePullPolicy: Always`
		`+ command:`
		`+ - /bin/sh`
		`+ - -c`
		`+ - \|`
		`+ mkdir --mode=0777 -p /var/lib/copr-keygen/phrases /var/lib/copr-keygen/gnupg`
		`+ chown copr-signer:copr-signer /etc/httpd/logs;`
		`+ mkdir --mode=0777 -p /var/run/httpd`
		`+ exec /entrypoint;`
		`+ name: copr-keygen-httpd`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 5003`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ httpGet:`
		`+ path: /ping`
		`+ port: 5003`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 200m`
		`+ memory: 200Mi`
		`+ ports:`
		`+ - containerPort: 5003`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /var/lib/copr-keygen`
		`+ name: copr-keygen-data`
		`+ - mountPath: /etc/httpd/conf.d/copr-keygen.conf`
		`+ name: copr-keygen`
		`+ subPath: copr-keygen.conf`
		`+ volumes:`
		`+ - name: copr-keygen-data`
		`+ persistentVolumeClaim:`
		`+ claimName: copr-keygen-data`
		`+ - name: copr-keygen`
		`+ configMap:`
		`+ name: copr-keygen`
		`+`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: copr-keygen`
		`+ spec:`
		`+ ports:`
		`+ - name: httpd`
		`+ port: 5003`
		`+ protocol: TCP`
		`+ targetPort: 5003`
		`+ - name: signer`
		`+ port: 5167`
		`+ protocol: TCP`
		`+ targetPort: 5167`
		`+ selector:`
		`+ component: copr-keygen`
		`+ type: ClusterIP`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: PersistentVolumeClaim`
		`+ metadata:`
		`+ name: copr-keygen-data`
		`+ spec:`
		`+ accessModes:`
		`+ - ReadWriteOnce`
		`+ resources:`
		`+ requests:`
		`+ storage: 10Gi`
		`+ storageClassName: ssd`

kubernetes/kustomize/kustomization.yaml

file added

+111

		`@@ -0,0 +1,111 @@`
		`+ resources:`
		`+ - namespace.yaml`
		`+ - database.yaml`
		`+ - redis.yaml`
		`+ - frontend.yaml`
		`+ - keygen.yaml`
		`+ - builder.yaml`
		`+ - distgit.yaml`
		`+ - resalloc.yaml`
		`+ - backend.yaml`
		`+ - ingress.yaml`
		`+ commonLabels:`
		`+ app: copr`
		`+ configMapGenerator:`
		`+ - files:`
		`+ - httpd.conf=config/frontend/httpd.conf`
		`+ - copr.conf=config/frontend/copr.conf`
		`+ name: copr-frontend`
		`+ - files:`
		`+ - copr-dist-git.conf=config/distgit/copr-dist-git.conf`
		`+ name: copr-distgit`
		`+ - files:`
		`+ - sign.conf=config/keygen/sign.conf`
		`+ - copr-keygen.conf=config/keygen/copr-keygen.conf`
		`+ name: copr-keygen`
		`+ - files:`
		`+ - client.ini=config/builder/client.ini`
		`+ - rpmbuild.ini=config/builder/rpmbuild.ini`
		`+ - id_backend.pub=config/builder/id_backend.pub`
		`+ name: copr-builder`
		`+ - files:`
		`+ - local-new=config/resalloc/local-new`
		`+ - pools.yaml=config/resalloc/pools.yaml`
		`+ - server.yaml=config/resalloc/server.yaml`
		`+ - builder_config=config/backend/.ssh/builder_config`
		`+ - id_rsa=config/backend/.ssh/id_rsa`
		`+ name: copr-resalloc`
		`+ - files:`
		`+ - nginx.conf=config/backend/nginx.conf`
		`+ - copr-be.conf=config/backend/copr-be.conf`
		`+ - builder_config=config/backend/.ssh/builder_config`
		`+ - id_rsa=config/backend/.ssh/id_rsa`
		`+ - id_rsa.pub=config/backend/.ssh/id_rsa.pub`
		`+ - sign.conf=config/backend/sign.conf`
		`+ name: copr-backend`
		`+ secretGenerator:`
		`+ - name: copr-frontend-tls`
		`+ files:`
		`+ - cert/tls.crt`
		`+ - cert/tls.key`
		`+ type: "kubernetes.io/tls"`
		`+ namespace: fedora-copr`
		`+ - name: copr-database`
		`+ envs:`
		`+ - config/database/credential.env`
		`+ type: Opaque`
		`+ namespace: fedora-copr`
		`+ options:`
		`+ labels:`
		`+ app: copr`
		`+ namespace: fedora-copr`
		`+ apiVersion: kustomize.config.k8s.io/v1beta1`
		`+ kind: Kustomization`
		`+ images:`
		`+ # database image`
		`+ - name: copr_database:latest`
		`+ newName: copr_database`
		`+ newTag: latest`
		`+ # redis image`
		`+ - name: centos/redis-32-centos7`
		`+ newName: centos/redis-32-centos7`
		`+ newTag: latest`
		`+ # resalloc image`
		`+ - name: copr_resalloc:latest`
		`+ newName: copr_resalloc`
		`+ newTag: latest`
		`+ # distgit image`
		`+ - name: copr_distgit-httpd:latest`
		`+ newName: copr_distgit-httpd`
		`+ newTag: latest`
		`+ - name: copr_distgit:latest`
		`+ newName: copr_distgit`
		`+ newTag: latest`
		`+ # keygen image`
		`+ - name: copr_keygen-httpd:latest`
		`+ newName: copr_keygen-httpd`
		`+ newTag: latest`
		`+ - name: copr_keygen-signd:latest`
		`+ newName: copr_keygen-signd`
		`+ newTag: latest`
		`+ # frontend image`
		`+ - name: copr_frontend:latest`
		`+ newName: copr_frontend`
		`+ newTag: latest`
		`+ # builder image`
		`+ - name: copr_builder:latest`
		`+ newName: copr_builder`
		`+ newTag: latest`
		`+ # backend image`
		`+ - name: copr_backend_httpd:latest`
		`+ newName: copr_backend_httpd`
		`+ newTag: latest`
		`+ - name: copr_backend-log:latest`
		`+ newName: copr_backend-log`
		`+ newTag: latest`
		`+ - name: copr_backend-action:latest`
		`+ newName: copr_backend-action`
		`+ newTag: latest`
		`+ - name: copr_backend-build:latest`
		`+ newName: copr_backend-build`
		`+ newTag: latest`

kubernetes/kustomize/namespace.yaml

file added

		`@@ -0,0 +1,4 @@`
		`+ apiVersion: v1`
		`+ kind: Namespace`
		`+ metadata:`
		`+ name: fedora-copr`

kubernetes/kustomize/redis.yaml

file added

+72

		`@@ -0,0 +1,72 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-redis`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-redis`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-redis`
		`+ spec:`
		`+ containers:`
		`+ - image: centos/redis-32-centos7`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: copr-redis`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 6379`
		`+ initialDelaySeconds: 30`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ exec:`
		`+ command:`
		`+ - /bin/sh`
		`+ - -i`
		`+ - -c`
		`+ - test "$(redis-cli -h 127.0.0.1 ping)" == "PONG"`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 500m`
		`+ memory: 500Mi`
		`+ ports:`
		`+ - containerPort: 6379`
		`+ protocol: TCP`
		`+ volumeMounts:`
		`+ - mountPath: /var/lib/redis/data`
		`+ name: redis-data`
		`+ volumes:`
		`+ - name: redis-data`
		`+ persistentVolumeClaim:`
		`+ claimName: copr-redis-data`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: redis`
		`+ spec:`
		`+ ports:`
		`+ - name: redis`
		`+ port: 6379`
		`+ protocol: TCP`
		`+ targetPort: 6379`
		`+ selector:`
		`+ component: copr-redis`
		`+ type: ClusterIP`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: PersistentVolumeClaim`
		`+ metadata:`
		`+ name: copr-redis-data`
		`+ spec:`
		`+ accessModes:`
		`+ - ReadWriteOnce`
		`+ resources:`
		`+ requests:`
		`+ storage: 10Gi`
		`+ storageClassName: ssd`

kubernetes/kustomize/resalloc.yaml

file added

+78

		`@@ -0,0 +1,78 @@`
		`+ apiVersion: apps/v1`
		`+ kind: Deployment`
		`+ metadata:`
		`+ name: copr-resalloc`
		`+ spec:`
		`+ replicas: 1`
		`+ selector:`
		`+ matchLabels:`
		`+ component: copr-resalloc`
		`+ template:`
		`+ metadata:`
		`+ labels:`
		`+ component: copr-resalloc`
		`+ spec:`
		`+ containers:`
		`+ - image: copr_resalloc:latest`
		`+ imagePullPolicy: IfNotPresent`
		`+ name: resalloc`
		`+ livenessProbe:`
		`+ tcpSocket:`
		`+ port: 49100`
		`+ initialDelaySeconds: 120`
		`+ timeoutSeconds: 5`
		`+ readinessProbe:`
		`+ tcpSocket:`
		`+ port: 49100`
		`+ initialDelaySeconds: 5`
		`+ timeoutSeconds: 5`
		`+ resources:`
		`+ requests:`
		`+ cpu: 100m`
		`+ memory: 100Mi`
		`+ ports:`
		`+ - containerPort: 49100`
		`+ protocol: TCP`
		`+ command:`
		`+ - /bin/sh`
		`+ - -c`
		`+ - \|`
		`+ cp /home/resalloc/provision/local-new-ro /home/resalloc/provision/local-new;`
		`+ cp /root/.ssh/id_rsa-ro /root/.ssh/id_rsa;`
		`+ chmod +x /home/resalloc/provision/local-new;`
		`+ chmod 0400 /root/.ssh/id_rsa;`
		`+ exec /usr/bin/resalloc-server;`
		`+ volumeMounts:`
		`+ - mountPath: /etc/resallocserver/pools.yaml`
		`+ name: copr-resalloc`
		`+ subPath: pools.yaml`
		`+ - mountPath: /etc/resallocserver/server.yaml`
		`+ name: copr-resalloc`
		`+ subPath: server.yaml`
		`+ - mountPath: /home/resalloc/provision/local-new-ro`
		`+ name: copr-resalloc`
		`+ subPath: local-new`
		`+ - mountPath: /root/.ssh/builder_config`
		`+ name: copr-resalloc`
		`+ subPath: builder_config`
		`+ - mountPath: /root/.ssh/id_rsa-ro`
		`+ name: copr-resalloc`
		`+ subPath: id_rsa`
		`+ volumes:`
		`+ - name: copr-resalloc`
		`+ configMap:`
		`+ name: copr-resalloc`
		`+ ---`
		`+ apiVersion: v1`
		`+ kind: Service`
		`+ metadata:`
		`+ name: copr-resalloc`
		`+ spec:`
		`+ ports:`
		`+ - name: resalloc`
		`+ port: 49100`
		`+ protocol: TCP`
		`+ targetPort: 49100`
		`+ selector:`
		`+ component: copr-resalloc`
		`+ type: ClusterIP`

tommylike commented 2 years ago

Support deploy COPR into kubernetes cluster within kustomize
1. Add ingress for entrance, now frontend/cgit/results are visited from "sample.copr.org"
2. Use nc for server readiness check.
3. Add readme for deploy process.

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 01s

tommylike commented 2 years ago

@praiskup @frostyx Thanks in advance.

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 08s

1 new commit added

Fix kubernetes debug issue

2 years ago

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 38s

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 12s

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 19s

frostyx commented 2 years ago

Thank you very much @tommylike,
I haven't reviewed the changes yet but I am afraid there are going to be huge merge conflicts with PR#2193 :-/

We will need to figure out what will be the best way out of this pickle.

tommylike commented 2 years ago

Thank you very much @tommylike,
I haven't reviewed the changes yet but I am afraid there are going to be huge merge conflicts with PR#2193 :-/

We will need to figure out what will be the best way out of this pickle.

You are right @frostyx, considering most of them are kustomize yamls, there would be some confliction in the dockerfile and configuration files, also I learned a lot from the openshift PR and therefore I think most of the code change in dockerfiles&configs are similar. Maybe we can split those changes into individual PRs and merge them first.

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 59s

Metadata Update from @praiskup:
- Pull-request tagged with: wip

2 years ago

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 19s

praiskup commented 2 years ago

I'm in the process of finalizing #2193 which I'd like to do first. Please allow us some time for the review here. Long term, I believe both configurations could stay here in the repository - and they shouldn't actually collide with each other.

@tommylike would you please document yourself somewhere as the maintainer for the kustomize yamls?

tommylike commented 2 years ago

I'm in the process of finalizing #2193 which I'd like to do first. Please allow us some time for the review here. Long term, I believe both configurations could stay here in the repository - and they shouldn't actually collide with each other.

@tommylike would you please document yourself somewhere as the maintainer for the kustomize yamls?

Sure, I am working on it.

1 new commit added

Add document

2 years ago

tommylike commented 2 years ago

@praiskup please check the latest commit.

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 2m 48s

2 new commits added

Fix rsa key permission issue
Add rsa key for resalloc server

2 years ago

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 21s

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 26s

praiskup commented a year ago

Sorry for the delay @tommylike. The OpenShift deployment scripts were merged, even though still WIP. Feel free to rebase this PR on top of main (I'll do a short review now).

praiskup commented on line 6 of docker/keygen-httpd/files/entrypoint a year ago

This seems wrong. RPM wants a package name argument, not username.

praiskup commented on line 13 of docker/keygen-signd/Dockerfile a year ago

We already have this in main.

Edited a year ago by praiskup

praiskup commented on line 7 of kubernetes/README.md a year ago

Awesome writeup here! Can you dump something like the following here?

Original author and maintainer of Kustomize scripts is [TommyLike](https://pagure.io/user/tommylike).

Possibly add some instructions on how users can contact you, on IRC/GitHub, etc.?
Just to speedup some potential Kustomize user coordination things.

praiskup commented on line 28 of kubernetes/kustomize/config/backend/.ssh/id_rsa a year ago

Is this supposed to be published?

praiskup commented on line 8 of rpmbuild/copr_distgit_client.py a year ago

For a private copr deployment, you probably want to provide this as an ini file in the drop-in directory /etc/copr-distgit-client.
Perhaps as copr-rpmbuild-private.rpm or something alike?

Or if this is supposed to be a documentation fix, I'd propose a better place... e.g. the command description.

tommylike commented a year ago

@praiskup thanks for your review, I will update the PR ASAP.

rebased onto c0511bb

a year ago

zuul commented a year ago

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging pagure.io/copr/copr for 2326,c0511bb

rebased onto fde39af

a year ago

zuul commented a year ago

Build succeeded.