From fde39afa4a8b26a6a7629d03da5fa3404fec7e98 Mon Sep 17 00:00:00 2001 From: TommyLike Date: Nov 16 2022 14:46:07 +0000 Subject: Add kubernetes deployment support --- diff --git a/kubernetes/README.md b/kubernetes/README.md new file mode 100644 index 0000000..10cb6c0 --- /dev/null +++ b/kubernetes/README.md @@ -0,0 +1,55 @@ +# Deploy Copr build system in Kubernetes + +This directory contains the deployment yamls and upgraded configuration for kubernetes +cluster, you can deploy COPR into your cluster within several changes. Note this deployment +is for pre-production usage. + +## Before launch +1. [Kustomize](https://github.com/kubernetes-sigs/kustomize) tool, the yamls are organized within kustomize, download it +first and use `kustomize build kubernetes/kustomize` to generate the final yamls. +2. Docker Images, the local images which are generated within command `docker compose build` will be used in default, you +can overwrite the image name and tag in kustomization yamls if you needed. +```yaml +# builder image +- name: copr_builder:latest + newName: organization/image_name + newTag: image_tag +```` +3. Domain name and certificate, now all the COPR UI including frontend, cgit and backend result are exposed via identical domain +`https://sample.copr.org` you have to replace this all into your own domain (just search 'sample.copr.org' in yaml and configuration), +also you need to update `cert/tls.key` and `cert/tls.crt` within your domain certificate content. If you have cert manager or +other cert automation tools deployed, please remove these two files and upgrade the Ingress yaml. +4. Persistent storage class, please upgrade the storage class name correspondingly before deploy. +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: copr-database-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ssd +``` +5. COPR builder, the only builder instance is deployed in kubernetes within `privileged` mode for demonstration usage, please +refer to the document on how to integrate COPR with AWS or other cloud provider VM Instance. Also, you can try the [kubernetes plugin](https://github.com/TommyLike/resalloc-kubernetes) +for resalloc framework, which will create copr builder pod with PVC dynamically: +```yaml +kubernetes_x86_64_normal_prod: + max: 1 + max_starting: 1 + max_prealloc: 1 + tags: + - some_tags + cmd_new: resalloc add --namespace --cpu-resource 1 --memory-resource 1024Mi --image-tag --additional-volume-size 1Gi --additional-volume-class sds --additional-volume-mount-path /var/lib/copr-rpmbuild --timeout 90 + cmd_delete: resalloc delete --namespace + cmd_livecheck: "/usr/bin/resalloc-check-vm-ip" + livecheck_period: 180 + reuse_opportunity_time: 180 + reuse_max_count: 8 + reuse_max_time: 1800 +``` +# Author +Original author and maintainer of Kustomize scripts is [TommyLike](https://pagure.io/user/tommylike), and [email address](tommylikehu@gmail.com). \ No newline at end of file diff --git a/kubernetes/kustomize/backend.yaml b/kubernetes/kustomize/backend.yaml new file mode 100644 index 0000000..10cf82e --- /dev/null +++ b/kubernetes/kustomize/backend.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-backend +spec: + replicas: 1 + selector: + matchLabels: + component: copr-backend + template: + metadata: + labels: + component: copr-backend + spec: + initContainers: + - name: init-backend-resalloc + image: ebiqe/alpine-nc:latest + command: [ "sh", "-c", "until nc -z copr-resalloc.fedora-copr.svc.cluster.local 49100; do echo waiting for resalloc service ; sleep 2; done;" ] + - name: init-backend-redis + image: ebiqe/alpine-nc:latest + command: [ "sh", "-c", "until nc -z redis.fedora-copr.svc.cluster.local 6379; do echo waiting for redis service ; sleep 2; done;" ] + containers: + - image: copr_backend_httpd:latest + imagePullPolicy: IfNotPresent + name: httpd + livenessProbe: + tcpSocket: + port: 5002 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 5002 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 200m + memory: 200Mi + ports: + - containerPort: 5002 + protocol: TCP + volumeMounts: + - mountPath: /opt/app-root/etc/nginx.d/copr-be.conf + name: copr-backend + subPath: nginx.conf + - mountPath: /var/lib/copr/public_html/results + name: copr-backend-data + - image: copr_backend-log:latest + imagePullPolicy: Always + name: log + command: ["/tini", "--", "/usr/sbin/runuser", "-u", "copr", "-g", "copr", "--", "/usr/bin/copr_run_logger.py"] + resources: + requests: + cpu: 200m + memory: 200Mi + volumeMounts: + - mountPath: /etc/nginx/conf.d/copr-be.conf + name: copr-backend + subPath: copr-be.conf + - mountPath: /var/lib/copr/public_html/results + name: copr-backend-data + - mountPath: /etc/copr/copr-be.conf + name: copr-backend + subPath: copr-be.conf + - mountPath: /etc/sign.conf + name: copr-backend + subPath: sign.conf + - image: copr_backend-action:latest + imagePullPolicy: Always + name: action + command: ["/tini", "--", "/usr/sbin/runuser", "-u", "copr", "-g", "copr", "--", "/usr/bin/copr-run-dispatcher", "actions"] + resources: + requests: + cpu: 200m + memory: 200Mi + volumeMounts: + - mountPath: /etc/copr/copr-be.conf + name: copr-backend + subPath: copr-be.conf + - mountPath: /etc/sign.conf + name: copr-backend + subPath: sign.conf + - mountPath: /var/lib/copr/public_html/results + name: copr-backend-data + - image: copr_backend-build:latest + imagePullPolicy: Always + name: build + command: ["/tini", "--", "/usr/sbin/runuser", "-u", "copr", "-g", "copr","-G", "obsrun", "--", "/usr/bin/copr-run-dispatcher", "builds"] + resources: + requests: + cpu: 200m + memory: 200Mi + volumeMounts: + - mountPath: /etc/sign.conf + name: copr-backend + subPath: sign.conf + - mountPath: /etc/nginx/conf.d/copr-be.conf + name: copr-backend + subPath: nginx.conf + - mountPath: /home/copr/.ssh/builder_config + name: copr-backend + subPath: builder_config + - mountPath: /home/copr/.ssh/id_rsa + name: copr-backend + subPath: id_rsa + - mountPath: /home/copr/.ssh/id_rsa.pub + name: copr-backend + subPath: id_rsa.pub + - mountPath: /var/lib/copr/public_html/results + name: copr-backend-data + - mountPath: /etc/copr/copr-be.conf + name: copr-backend + subPath: copr-be.conf + volumes: + - name: copr-backend + configMap: + name: copr-backend + - name: copr-backend-data + persistentVolumeClaim: + claimName: copr-backend-data +--- +apiVersion: v1 +kind: Service +metadata: + name: copr-backend +spec: + ports: + - name: httpd + port: 5002 + protocol: TCP + targetPort: 5002 + selector: + component: copr-backend + type: ClusterIP +--- +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: copr-backend-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ssd diff --git a/kubernetes/kustomize/builder.yaml b/kubernetes/kustomize/builder.yaml new file mode 100644 index 0000000..37ffd0b --- /dev/null +++ b/kubernetes/kustomize/builder.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-builder +spec: + replicas: 1 + selector: + matchLabels: + component: copr-builder + template: + metadata: + labels: + component: copr-builder + spec: + containers: + - image: copr_builder:latest + imagePullPolicy: IfNotPresent + name: builder + securityContext: + privileged: true + livenessProbe: + tcpSocket: + port: 22 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: 22 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 200m + memory: 200Mi + ports: + - containerPort: 22 + protocol: TCP + volumeMounts: + - mountPath: /etc/copr-distgit-client/docker.ini + name: copr-builder + subPath: client.ini + - mountPath: /etc/copr-rpmbuild/main.ini + name: copr-builder + subPath: rpmbuild.ini + - mountPath: /root/.ssh/id_backend_pub + name: copr-builder + subPath: id_backend_pub + volumes: + - name: copr-builder + configMap: + name: copr-builder +--- +apiVersion: v1 +kind: Service +metadata: + name: copr-builder +spec: + ports: + - name: ssh + port: 22 + protocol: TCP + targetPort: 22 + selector: + component: copr-builder + type: ClusterIP diff --git a/kubernetes/kustomize/cert/tls.crt b/kubernetes/kustomize/cert/tls.crt new file mode 100644 index 0000000..515aa61 --- /dev/null +++ b/kubernetes/kustomize/cert/tls.crt @@ -0,0 +1 @@ +# Add content here \ No newline at end of file diff --git a/kubernetes/kustomize/cert/tls.key b/kubernetes/kustomize/cert/tls.key new file mode 100644 index 0000000..515aa61 --- /dev/null +++ b/kubernetes/kustomize/cert/tls.key @@ -0,0 +1 @@ +# Add content here \ No newline at end of file diff --git a/kubernetes/kustomize/config/backend/.ssh/builder_config b/kubernetes/kustomize/config/backend/.ssh/builder_config new file mode 100644 index 0000000..498d949 --- /dev/null +++ b/kubernetes/kustomize/config/backend/.ssh/builder_config @@ -0,0 +1,18 @@ +Host * + # For dynamically started VMs. + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + + # For non-default paths to identity file. + IdentityFile ~/.ssh/id_rsa + + # Ensure remote command uses proper line buffering for live logs + # (so called live logs). + RequestTTY=force + + # Keep control sockets open, to speedup subsequent command runs. + ControlPath=/home/copr/ssh_socket_%h_%p_%r + ControlMaster=auto + ControlPersist=900 + + Port=22 diff --git a/kubernetes/kustomize/config/backend/.ssh/id_rsa b/kubernetes/kustomize/config/backend/.ssh/id_rsa new file mode 100644 index 0000000..74cc976 --- /dev/null +++ b/kubernetes/kustomize/config/backend/.ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3qIq1f0FDl0Fa2hLrerWvHmDYivo0Rjocmzkps4C3fv+FXvT +wpd8m8NvPJxioqIcAqRQuXvLdsY0CE0MgmgWl9t3iIts5W+rjcaZV3qnasTwOV5R +lz1MA/PI15lUocJ8/t+HvGldBYoVec+TfsQVlu5PXQfWV7ytZayqtGNtkiGCQp8r +OraAeA+THFcvvh4yIPUVUwJSjdB+1Begd8XemDUBBU8fwUAnHodRGJKOjkthDtm+ +GRJwHCfEl6jSc/6BmeF4MuJ+nVWoT6uHnRxJ+1VzJPtygB6F1WmDfwlTd8G7r4C/ +FBa8GqPIu8rnAd1TbiL2nW3a+bJcdUGrzBSa5wIDAQABAoIBACYu2fnpczyLZ6qM +MK6bYEji7k2gCkYSZ4t4cZ7KJmO8HE/C9QaixJRSaHmUuLX756HsXIvzV2n/hF0I +GeUjxPw2f8HDZ+HRzTJ7pUEDoEMHk8vDCWtO8AKdhQy1F3bGzHlKDRWbXIDeteA2 +Ya2UI7/HD4V9Gp3hljuh6YUWqGwvUSO7pGmBKKS40WtnDJrcH2MhSV3nwV4VaE5j +axB7g2iTYFADOPhe1Jj6A5zmZTtvjHn+QdJ46UJUGtW/gjPwJhMwyhTente1CcfL +UjOSuZQdr6ZH9sQ9jaEb5fkWOLuzwAafLl2v8NrgM+mCvhlXMT25a/9J4R4uiDqw +2ELJ7QECgYEA9Y24u8Mj1yizSUPq+1gTBIdeW/py9uqbsB5JYVqAX8ymCv1vOUO+ +Aix0gq6GA7+oKSyxkTex5KPy9YA+0nPuWYHaeTWSyPF7lpCy2zddfMYBJ/VlZgPh +bJ5TKn6CpBpFbi/Geqjez0yHntZYCaVTLdOtbhJeevrz4Y4Rxon/NzECgYEA6BrT +qjPY8bG3+wk+SdsA7GMX/PaB5CjKniglfYW1SApD3y2CxT8yxXlNX0sHNazSDB5n +ra8Goc6h1T6I+eiv5+GSz3yoXBBXZLjXpgufhuct8dB7sjKHZWhuMSriecCvmZtw +6ByLOf8ZdUpr8yIc8kqXkRc5ozpVYhhbvXRSnZcCgYEA2zem0JmqCY/gX2wvACzk +7Yoch2jT8fQJAfZH9I3jRaNiKTWQckM0AqTFb1V3dylHa1rnO4nJWyGy6dGQRDoT +c/0lmkhlvtc3Snfr9SE8aQQsTAwcdjLIsTu3a5x97Rs3GOO2AhN4twDPotIgzpu1 +4pezoSztBEW+LIO1AtZ37kECgYBJrPJRTaHonpQbAIUgJn91icL8jjcO+I/Qgkfc +P0wa8P84YZboC7aPDoEr5YIFXLVUGXapoCxHwnKGYRJT2bO0tFrIt/YtOxaypyX0 +1C2wQcPIxXfuSbHG085elxFKuopDBR9i3mSnZT1siNIZXFO56UmRScEG+iZOPBMq +4Ti0QwKBgQDosVdv0+gL1rOyYHhoQOcBUSXvHsLvJvx11q7eyK2V9Yt8O9N9nL1k +jCzN5+S6sFORNHkSBcX2DTNHoHwtif2hgdVaMZqHXmSFpccAi5q9jRzRL3osNM2Y +jlZUP22h8DHdM4Nqi1DnoHuMMhwgf4w3+FUfd6Wboq78wXKmN4Yf/g== +-----END RSA PRIVATE KEY----- diff --git a/kubernetes/kustomize/config/backend/.ssh/id_rsa.pub b/kubernetes/kustomize/config/backend/.ssh/id_rsa.pub new file mode 100644 index 0000000..53c710c --- /dev/null +++ b/kubernetes/kustomize/config/backend/.ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeoirV/QUOXQVraEut6ta8eYNiK+jRGOhybOSmzgLd+/4Ve9PCl3ybw288nGKiohwCpFC5e8t2xjQITQyCaBaX23eIi2zlb6uNxplXeqdqxPA5XlGXPUwD88jXmVShwnz+34e8aV0FihV5z5N+xBWW7k9dB9ZXvK1lrKq0Y22SIYJCnys6toB4D5McVy++HjIg9RVTAlKN0H7UF6B3xd6YNQEFTx/BQCceh1EYko6OS2EO2b4ZEnAcJ8SXqNJz/oGZ4Xgy4n6dVahPq4edHEn7VXMk+3KAHoXVaYN/CVN3wbuvgL8UFrwao8i7yucB3VNuIvadbdr5slx1QavMFJrn root@backend diff --git a/kubernetes/kustomize/config/backend/copr-be.conf b/kubernetes/kustomize/config/backend/copr-be.conf new file mode 100644 index 0000000..aeb3539 --- /dev/null +++ b/kubernetes/kustomize/config/backend/copr-be.conf @@ -0,0 +1,76 @@ +[backend] + +build_user=root + +# URL where are results visible +# default is http://copr +results_baseurl=http://copr-backend.fedora-copr.svc.cluster.local:5002/results/ + +# default is http://coprs/rest/api +#frontend_base_url=http://localhost:5000 +frontend_base_url=http://copr-frontend.fedora-copr.svc.cluster.local:5000 + +# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf +# default is PASSWORDHERE but you really should change it. really. +#frontend_auth=1234 +frontend_auth=1234 + +dist_git_url=http://copr-distgit.fedora-copr.svc.cluster.local/cgit +#dist_git_url=http://cgit + + +# directory where results are stored +# should be accessible from web using 'results_baseurl' URL +# no default +destdir=/var/lib/copr/public_html/results + +# how long (in seconds) backend should wait before query frontends +# for new tasks in queue +# default is 10 +sleeptime=30 + + +# Builder machine allocation is done by resalloc server listening on +# this address. +resalloc_connection=http://copr-resalloc.fedora-copr.svc.cluster.local:49100 + + +# exit on worker failure +# default is false +#exit_on_worker=false + +# publish fedmsg notifications from workers if true +# default is false +#fedmsg_enabled=false + + +# enable package signing, require configured +# signer host and correct /etc/sign.conf +do_sign=true + +# host or ip of machine with copr-keygen +# usually the same as in /etc/sign.conf +keygen_host=copr-keygen.fedora-copr.svc.cluster.local:5003 + +# minimum age for builds to be pruned +prune_days=14 + +# logging settings +# log_dir=/var/log/copr-backend/ +# log_level=info + +# verbose=False + +redis_host=redis +redis_port=6379 + +[builder] +# default is 1800 +timeout=3600 + +# consecutive_failure_threshold=10 + +builder_perl=True + +[ssh] +builder_config=/home/copr/.ssh/builder_config diff --git a/kubernetes/kustomize/config/backend/nginx.conf b/kubernetes/kustomize/config/backend/nginx.conf new file mode 100644 index 0000000..0499842 --- /dev/null +++ b/kubernetes/kustomize/config/backend/nginx.conf @@ -0,0 +1,17 @@ +server { + listen 5002; + listen [::]:5002; + server_tokens off; + access_log /dev/stdout; + error_log /dev/stdout; + + server_name localhost; + charset utf-8; + + root /var/lib/copr/public_html/; + + location / { + port_in_redirect off; + autoindex on; + } +} diff --git a/kubernetes/kustomize/config/backend/sign.conf b/kubernetes/kustomize/config/backend/sign.conf new file mode 100644 index 0000000..258f11a --- /dev/null +++ b/kubernetes/kustomize/config/backend/sign.conf @@ -0,0 +1,2 @@ +server: copr-keygen.fedora-copr.svc.cluster.local +allowuser: copr diff --git a/kubernetes/kustomize/config/builder/client.ini b/kubernetes/kustomize/config/builder/client.ini new file mode 100644 index 0000000..7e7dc2a --- /dev/null +++ b/kubernetes/kustomize/config/builder/client.ini @@ -0,0 +1,4 @@ +[copr-distgit] +clone_hostnames = copr-distgit +lookaside_location = http://copr-distgit.fedora-copr.svc.cluster.local:5001 +lookaside_uri_pattern = repo/pkgs/{namespace[1]}/{namespace[0]}/{name}/{filename}/{hash}/{filename} \ No newline at end of file diff --git a/kubernetes/kustomize/config/builder/id_backend.pub b/kubernetes/kustomize/config/builder/id_backend.pub new file mode 100644 index 0000000..53c710c --- /dev/null +++ b/kubernetes/kustomize/config/builder/id_backend.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeoirV/QUOXQVraEut6ta8eYNiK+jRGOhybOSmzgLd+/4Ve9PCl3ybw288nGKiohwCpFC5e8t2xjQITQyCaBaX23eIi2zlb6uNxplXeqdqxPA5XlGXPUwD88jXmVShwnz+34e8aV0FihV5z5N+xBWW7k9dB9ZXvK1lrKq0Y22SIYJCnys6toB4D5McVy++HjIg9RVTAlKN0H7UF6B3xd6YNQEFTx/BQCceh1EYko6OS2EO2b4ZEnAcJ8SXqNJz/oGZ4Xgy4n6dVahPq4edHEn7VXMk+3KAHoXVaYN/CVN3wbuvgL8UFrwao8i7yucB3VNuIvadbdr5slx1QavMFJrn root@backend diff --git a/kubernetes/kustomize/config/builder/rpmbuild.ini b/kubernetes/kustomize/config/builder/rpmbuild.ini new file mode 100644 index 0000000..d97f84b --- /dev/null +++ b/kubernetes/kustomize/config/builder/rpmbuild.ini @@ -0,0 +1,28 @@ +[main] +frontend_url = http://copr-frontend.fedora-copr.svc.cluster.local:5000 +enabled_source_protocols = https ftps + +[distgit0] +distgit_hostname_pattern = src.fedoraproject.org +distgit_lookaside_url = https://src.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s +distgit_clone_url = https://src.fedoraproject.org/%(module)s + +[distgit1] +distgit_hostname_pattern = copr-dist-git.fedorainfracloud.org +distgit_lookaside_url = http://copr-dist-git.fedorainfracloud.org/repo/pkgs/%(ns2)s/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s +distgit_clone_url = http://copr-dist-git.fedorainfracloud.org/git/%(module)s + +[distgit2] +distgit_hostname_pattern = pkgs.fedoraproject.org +distgit_lookaside_url = https://src.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s +distgit_clone_url = git://pkgs.fedoraproject.org/%(module)s + +[distgit3] +distgit_hostname_pattern = src.stg.fedoraproject.org +distgit_lookaside_url = https://src.stg.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s +distgit_clone_url = https://src.stg.fedoraproject.org/%(module)s + +[distgit4] +distgit_hostname_pattern = copr-distgit +distgit_lookaside_url = http://ccopr-distgit.fedora-copr.svc.cluster.local:5001/repo/pkgs/%(ns2)s/%(ns1)s/%(name)s/%(filename)s/%(hash)s/%(filename)s +distgit_clone_url = http://copr-distgit.fedora-copr.svc.cluster.local:5001/git/%(module)s diff --git a/kubernetes/kustomize/config/database/credential.env b/kubernetes/kustomize/config/database/credential.env new file mode 100644 index 0000000..b839b37 --- /dev/null +++ b/kubernetes/kustomize/config/database/credential.env @@ -0,0 +1,3 @@ +database-user=copr-fe +database-password=coprpass +database-name=coprdb \ No newline at end of file diff --git a/kubernetes/kustomize/config/distgit/copr-dist-git.conf b/kubernetes/kustomize/config/distgit/copr-dist-git.conf new file mode 100644 index 0000000..f304ae5 --- /dev/null +++ b/kubernetes/kustomize/config/distgit/copr-dist-git.conf @@ -0,0 +1,5 @@ +[dist-git] +frontend_base_url=http://copr-frontend.fedora-copr.svc.cluster.local:5000 +frontend_auth=1234 +per_task_log_dir=/var/lib/copr-dist-git/per-task-logs/ +log_dir=/var/log/copr-dist-git \ No newline at end of file diff --git a/kubernetes/kustomize/config/frontend/copr.conf b/kubernetes/kustomize/config/frontend/copr.conf new file mode 100644 index 0000000..ccb892b --- /dev/null +++ b/kubernetes/kustomize/config/frontend/copr.conf @@ -0,0 +1,138 @@ +# Purpose of this instance +# Use "production", "devel", "local" or "test" +ENV="local" + +# Directory and files where is stored Copr database files +#DATA_DIR = '/var/lib/copr/data' +#DATABASE = '/var/lib/copr/data/copr.db' +#OPENID_STORE = '/var/lib/copr/data/openid_store' +#WHOOSHEE_DIR = '/var/lib/copr/data/whooshee' + +# salt for CSRF codes +#SECRET_KEY = 'put_some_secret_here' + +BACKEND_PASSWORD = '1234' + +# restrict access to a set of users +#USE_ALLOWED_USERS = False +#ALLOWED_USERS = ['bonnie', 'clyde'] + +SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@database.fedora-copr.svc.cluster.local/coprdb' + +# Token length, defaults to 30 (max 255) +#API_TOKEN_LENGTH = 30 + +# Expiration of API token in days +#API_TOKEN_EXPIRATION = 180 + +# logging options +#SEND_LOGS_TO = ['root@localhost'] +#LOGGING_LEVEL = logging.ERROR + +# where to send notice about raised legal flag +#SEND_LEGAL_TO = ['root@localhost', 'somebody@somewhere.com'] + +# DEBUG = False +DEBUG = True +SQLALCHEMY_ECHO = False + +#CSRF_ENABLED = True +# as of Flask-WTF 0.9+ +#WTF_CSRF_ENABLED = True + +# send emails when user's perms change in project? +SEND_EMAILS = False + +## post-process url leading to backend +## possible options: None, "http", "https" +# ENFORCE_PROTOCOL_FOR_BACKEND_URL = "https" +## post-process url leading to frontend +# ENFORCE_PROTOCOL_FOR_FRONTEND_URL = "https" + +# URLs for fedmenu resources +#FEDMENU_URL = "http://threebean.org/fedmenu/" +#FEDMENU_DATA_URL = "http://threebean.org/fedmenu/dev-data.js" +#or +#FEDMENU_URL = "https://apps.fedoraproject.org/fedmenu/" +#FEDMENU_DATA_URL = "https://apps.fedoraproject.org/js/data.js" + +PUBLIC_COPR_HOSTNAME = 'sample.copr.org' +PUBLIC_COPR_BASE_URL = 'https://sample.copr.org' + +BACKEND_BASE_URL = 'https://sample.copr.org' +DIST_GIT_CLONE_URL = 'http://copr-distgit:5001/git' +DIST_GIT_URL = 'https://sample.copr.org/cgit' +COPR_DIST_GIT_LOGS_URL = 'http://localhost:5001/per-task-logs' + +# primary +LOG_FILENAME = "/var/log/copr-frontend/frontend.log" +LOG_DIR = "/var/log/copr-frontend/" + +# Internal network, used to accept statistics without auth +# list of IP or subnet +INTRANET_IPS = ["127.0.0.1", "192.168.1.0/24"] + +# Builder VMs network, used to avoid requests from builders in popularity statistics +# list of IP or subnet, optional +BUILDER_IPS = ["127.0.0.1"] + +# a place for storing srpms until they get uploaded +STORAGE_DIR = "/var/lib/copr/data/srpm_storage" + +# no need to filter cla_* groups, they are already filtered by fedora openid +GROUP_DENYLIST = ['fedorabugs', 'packager', 'provenpackager'] + +REDIS_HOST = "redis.fedora-copr.svc.cluster.local" +REDIS_PORT = 6379 + +# Hide page parts not relevant to this Copr instance: +# LAYOUT_OVERVIEW_HIDE_QUICK_ENABLE = False + +# FAS_LOGIN = True +# LOGIN_INFO = { +# # Link to user's profile, {username} expaneded. +# 'user_link': 'https://accounts.fedoraproject.org/user/{username}/', +# # Description sometimes put into template to make clear what we point to +# 'user_desc': 'FAS account' +# } + + +NEWS_URL = "https://fedora-copr.github.io/" +NEWS_FEED_URL = "https://fedora-copr.github.io/feed.xml" + +OPENID_PROVIDER_URL = "https://id.fedoraproject.org" + +# When the data in EOL chroots should be deleted (in days) +DELETE_EOL_CHROOTS_AFTER = 180 + +# This option has several meanings: +# - How often we warn about the EOL chroots be e-mail; Ie. we send the first +# email on the day when we mark some of the mock_chroots EOL, and the next +# emails are sent with EOL_CHROOTS_NOTIFICATION_PERIOD. +# - We start showing a flash message in web-UI warning about EOL chroot removal +# if some of the chroots is to be removed in the next +# EOL_CHROOTS_NOTIFICATION_PERIOD days. +# - the /repositories pages highlight the chroots to be removed in the next +# EOL_CHROOTS_NOTIFICATION_PERIOD days +EOL_CHROOTS_NOTIFICATION_PERIOD = 80 + +# enable Discourse integration +ENABLE_DISCUSSION = False +# DISCOURSE_URL = "https://discussion.fedoraproject.org/" + +# PAGINATION +ITEMS_PER_PAGE = 10 +PAGES_URLS_COUNT = 5 + +# Builds defaults +# # memory in MB +DEFAULT_BUILD_MEMORY = 2048 +MIN_BUILD_MEMORY = 2048 +MAX_BUILD_MEMORY = 4096 +# in seconds +DEFAULT_BUILD_TIMEOUT = 3600 * 5 +MIN_BUILD_TIMEOUT = 0 +MAX_BUILD_TIMEOUT = 108000 + +# Disable template caching +CACHE_TYPE = "NullCache" diff --git a/kubernetes/kustomize/config/frontend/httpd.conf b/kubernetes/kustomize/config/frontend/httpd.conf new file mode 100644 index 0000000..4ca20c4 --- /dev/null +++ b/kubernetes/kustomize/config/frontend/httpd.conf @@ -0,0 +1,12 @@ +Listen 5000 + + + WSGIPassAuthorization On + WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5 + WSGIScriptAlias / /usr/share/copr/coprs_frontend/application + WSGIProcessGroup 127.0.0.1 + + WSGIApplicationGroup %{GLOBAL} + Require all granted + + diff --git a/kubernetes/kustomize/config/keygen/copr-keygen.conf b/kubernetes/kustomize/config/keygen/copr-keygen.conf new file mode 100644 index 0000000..adca5a6 --- /dev/null +++ b/kubernetes/kustomize/config/keygen/copr-keygen.conf @@ -0,0 +1,24 @@ +Listen 0.0.0.0:5003 + + + ServerName 127.0.0.1 + + WSGIPassAuthorization On + WSGIDaemonProcess 127.0.0.1 user=copr-signer group=copr-signer threads=5 + WSGIScriptAlias / /usr/share/copr-keygen/application.py + WSGIProcessGroup 127.0.0.1 + + ErrorLog logs/error_log + CustomLog logs/access_log common + + TimeOut 300 + + + WSGIApplicationGroup %{GLOBAL} + # apache 2.2 (el6, F17) + #Order deny,allow + #Allow from all + # apache 2.4 (F18+) + Require all granted + + diff --git a/kubernetes/kustomize/config/keygen/sign.conf b/kubernetes/kustomize/config/keygen/sign.conf new file mode 100644 index 0000000..3d95eba --- /dev/null +++ b/kubernetes/kustomize/config/keygen/sign.conf @@ -0,0 +1,19 @@ +--- + +# See `man sign.conf` +# +# Allow only connections from the specified ip addresses, +# subnets expressed in CIDR notation, and/or hostnames. +# Note that hostnames are resolved using reverse DNS +# lookups, so there must be reverse entries in the DNS +# server, and it should be secured against DNS poisoning +# attacks. +# Must be present. +# +# Since we cannot easily allow hostnames and containers IP +# addresses may change, just hackily allow everything +allow: 0.0.0.0/0 +phrases: /var/lib/copr-keygen/phrases +gpg: /usr/bin/gpg-copr +allowuser: $(id -u) +allow-unprivileged-ports: true diff --git a/kubernetes/kustomize/config/resalloc/local-new b/kubernetes/kustomize/config/resalloc/local-new new file mode 100755 index 0000000..e9ce98f --- /dev/null +++ b/kubernetes/kustomize/config/resalloc/local-new @@ -0,0 +1,3 @@ +#!/bin/bash + +echo copr-builder \ No newline at end of file diff --git a/kubernetes/kustomize/config/resalloc/pools.yaml b/kubernetes/kustomize/config/resalloc/pools.yaml new file mode 100644 index 0000000..d292512 --- /dev/null +++ b/kubernetes/kustomize/config/resalloc/pools.yaml @@ -0,0 +1,22 @@ +local_x86_64_normal_prod: + max: 1 + max_starting: 1 + max_prealloc: 1 + tags: + - copr_builder + - arch_noarch + - arch_x86_64 + - arch_x86_64_native + - arch_i386 + - arch_i386_native + - arch_i586 + - arch_i586_native + - arch_i686 + - arch_i686_native + cmd_new: "/home/resalloc/provision/local-new" + cmd_delete: "/home/resalloc/provision/local-delete" + cmd_livecheck: "/usr/bin/resalloc-check-vm-ip" + livecheck_period: 180 + reuse_opportunity_time: 180 + reuse_max_count: 8 + reuse_max_time: 1800 diff --git a/kubernetes/kustomize/config/resalloc/server.yaml b/kubernetes/kustomize/config/resalloc/server.yaml new file mode 100644 index 0000000..5cf41b3 --- /dev/null +++ b/kubernetes/kustomize/config/resalloc/server.yaml @@ -0,0 +1,21 @@ +# SQLALCHEMY connection url. Note that using sqlite has serious limits WRT to +# alembic migrations support (so it is discouraged in production). Make sure +# you have installed appropriate libraries for desired SQL dialect, for +# appropriate python version! +# +#For PostgreSQL connection without password using unix socket auth method. +#db_url: 'postgresql://resalloc@/resalloc' +#For PostgreSQL listening on host/port, using password. +#db_url: 'postgresql://resalloc:pass@localhost:5432/resalloc' +db_url: 'sqlite:////var/lib/resallocserver/db.sqlite' + +logdir: '/var/log/resallocserver' + +# Hostname to make the xmlrpc server listen on. +hostname: '0.0.0.0' + +# Port to make the xmlrpc server listen on. +#port: 49100 + +# Set to 'debug' to get more verbose logging. +loglevel: 'debug' diff --git a/kubernetes/kustomize/database.yaml b/kubernetes/kustomize/database.yaml new file mode 100644 index 0000000..d803669 --- /dev/null +++ b/kubernetes/kustomize/database.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-database +spec: + replicas: 1 + selector: + matchLabels: + component: copr-database + template: + metadata: + labels: + component: copr-database + spec: + containers: + - image: copr_database:latest + imagePullPolicy: IfNotPresent + name: copr-postgres + livenessProbe: + exec: + command: + - /usr/libexec/check-container + - --live + initialDelaySeconds: 120 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - /usr/libexec/check-container + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 500Mi + ports: + - containerPort: 5432 + protocol: TCP + env: + - name: POSTGRESQL_USER + valueFrom: + secretKeyRef: + key: database-user + name: copr-database + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + key: database-password + name: copr-database + - name: POSTGRESQL_DATABASE + valueFrom: + secretKeyRef: + key: database-name + name: copr-database + volumeMounts: + - mountPath: /var/lib/pqsql/data + name: postgresql-data + volumes: + - name: postgresql-data + persistentVolumeClaim: + claimName: copr-database-data +--- +apiVersion: v1 +kind: Service +metadata: + name: database +spec: + ports: + - name: postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + component: copr-database + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: copr-database-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ssd diff --git a/kubernetes/kustomize/distgit.yaml b/kubernetes/kustomize/distgit.yaml new file mode 100644 index 0000000..8dfadfa --- /dev/null +++ b/kubernetes/kustomize/distgit.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-distgit +spec: + replicas: 1 + selector: + matchLabels: + component: copr-distgit + template: + metadata: + labels: + component: copr-distgit + spec: + initContainers: + - name: init-distgit + image: busybox:1.28 + command: [ "sh", "-c", "until nslookup copr-frontend.fedora-copr.svc.cluster.local; do echo waiting for frontend service ; sleep 2; done;" ] + containers: + - image: copr_distgit-httpd:latest + imagePullPolicy: Always + name: copr-distgit-httpd + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 200m + memory: 200Mi + ports: + - containerPort: 80 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/dist-git + name: copr-distgit-data + - image: copr_distgit:latest + imagePullPolicy: IfNotPresent + name: copr-distgit + resources: + requests: + cpu: 200m + memory: 200Mi + volumeMounts: + - mountPath: /var/lib/dist-git + name: copr-distgit-data + - mountPath: /etc/copr/copr-dist-git.conf + name: copr-distgit + subPath: copr-dist-git.conf + command: + - /bin/sh + - -c + - | + mkdir -p /var/lib/dist-git/cache /var/lib/dist-git/git; + exec /usr/sbin/runuser -u root -g packager /usr/bin/importer_runner.py + volumes: + - name: copr-distgit-data + persistentVolumeClaim: + claimName: copr-distgit-data + - name: copr-distgit + configMap: + name: copr-distgit + +--- +apiVersion: v1 +kind: Service +metadata: + name: copr-distgit +spec: + ports: + - name: httpd + port: 5001 + protocol: TCP + targetPort: 80 + selector: + component: copr-distgit + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: copr-distgit-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ssd diff --git a/kubernetes/kustomize/frontend.yaml b/kubernetes/kustomize/frontend.yaml new file mode 100644 index 0000000..3c8c787 --- /dev/null +++ b/kubernetes/kustomize/frontend.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: copr-frontend + template: + metadata: + labels: + component: copr-frontend + spec: + initContainers: + - name: init-frontend-database + image: ebiqe/alpine-nc:latest + command: [ "sh", "-c", "until nc -z database.fedora-copr.svc.cluster.local 5432; do echo waiting for database service ; sleep 2; done;" ] + - name: init-frontend-redis + image: ebiqe/alpine-nc:latest + command: [ "sh", "-c", "until nc -z redis.fedora-copr.svc.cluster.local 6379; do echo waiting for redis service ; sleep 2; done;" ] + containers: + - image: copr_frontend:latest + imagePullPolicy: IfNotPresent + name: copr-frontend-httpd + livenessProbe: + tcpSocket: + port: 5000 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 5000 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 500Mi + ports: + - containerPort: 5000 + protocol: TCP + volumeMounts: + - mountPath: /etc/copr/copr.conf + name: copr-frontend + subPath: copr.conf + - mountPath: /etc/httpd/conf.d/copr.conf + name: copr-frontend + subPath: httpd.conf + volumes: + - name: copr-frontend + configMap: + name: copr-frontend + +--- +apiVersion: v1 +kind: Service +metadata: + name: copr-frontend +spec: + ports: + - name: httpd + port: 5000 + protocol: TCP + targetPort: 5000 + selector: + component: copr-frontend + type: ClusterIP diff --git a/kubernetes/kustomize/ingress.yaml b/kubernetes/kustomize/ingress.yaml new file mode 100644 index 0000000..92d0342 --- /dev/null +++ b/kubernetes/kustomize/ingress.yaml @@ -0,0 +1,42 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: copr-ingress +spec: + rules: + - host: sample.copr.org + http: + paths: + - backend: + service: + name: copr-distgit + port: + number: 5001 + path: /cgit/ + pathType: ImplementationSpecific + - backend: + service: + name: copr-distgit + port: + number: 5001 + path: /cgit-data/ + pathType: ImplementationSpecific + - backend: + service: + name: copr-backend + port: + number: 5002 + path: /results/ + pathType: ImplementationSpecific + - backend: + service: + name: copr-frontend + port: + number: 5000 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - sample.copr.org + secretName: copr-frontend-tls + diff --git a/kubernetes/kustomize/keygen.yaml b/kubernetes/kustomize/keygen.yaml new file mode 100644 index 0000000..39274a8 --- /dev/null +++ b/kubernetes/kustomize/keygen.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-keygen +spec: + replicas: 1 + selector: + matchLabels: + component: copr-keygen + template: + metadata: + labels: + component: copr-keygen + spec: + containers: + - image: copr_keygen-signd:latest + imagePullPolicy: Always + name: copr-keygen-signer + livenessProbe: + tcpSocket: + port: 5167 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: 5167 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 200m + memory: 200Mi + ports: + - containerPort: 5167 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/copr-keygen + name: copr-keygen-data + - mountPath: /etc/sign.conf + name: copr-keygen + subPath: sign.conf + - image: copr_keygen-httpd:latest + imagePullPolicy: Always + command: + - /bin/sh + - -c + - | + mkdir --mode=0777 -p /var/lib/copr-keygen/phrases /var/lib/copr-keygen/gnupg + chown copr-signer:copr-signer /etc/httpd/logs; + mkdir --mode=0777 -p /var/run/httpd + exec /entrypoint; + name: copr-keygen-httpd + livenessProbe: + tcpSocket: + port: 5003 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /ping + port: 5003 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 200m + memory: 200Mi + ports: + - containerPort: 5003 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/copr-keygen + name: copr-keygen-data + - mountPath: /etc/httpd/conf.d/copr-keygen.conf + name: copr-keygen + subPath: copr-keygen.conf + volumes: + - name: copr-keygen-data + persistentVolumeClaim: + claimName: copr-keygen-data + - name: copr-keygen + configMap: + name: copr-keygen + +--- +apiVersion: v1 +kind: Service +metadata: + name: copr-keygen +spec: + ports: + - name: httpd + port: 5003 + protocol: TCP + targetPort: 5003 + - name: signer + port: 5167 + protocol: TCP + targetPort: 5167 + selector: + component: copr-keygen + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: copr-keygen-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ssd diff --git a/kubernetes/kustomize/kustomization.yaml b/kubernetes/kustomize/kustomization.yaml new file mode 100644 index 0000000..440f272 --- /dev/null +++ b/kubernetes/kustomize/kustomization.yaml @@ -0,0 +1,111 @@ +resources: +- namespace.yaml +- database.yaml +- redis.yaml +- frontend.yaml +- keygen.yaml +- builder.yaml +- distgit.yaml +- resalloc.yaml +- backend.yaml +- ingress.yaml +commonLabels: + app: copr +configMapGenerator: +- files: + - httpd.conf=config/frontend/httpd.conf + - copr.conf=config/frontend/copr.conf + name: copr-frontend +- files: + - copr-dist-git.conf=config/distgit/copr-dist-git.conf + name: copr-distgit +- files: + - sign.conf=config/keygen/sign.conf + - copr-keygen.conf=config/keygen/copr-keygen.conf + name: copr-keygen +- files: + - client.ini=config/builder/client.ini + - rpmbuild.ini=config/builder/rpmbuild.ini + - id_backend.pub=config/builder/id_backend.pub + name: copr-builder +- files: + - local-new=config/resalloc/local-new + - pools.yaml=config/resalloc/pools.yaml + - server.yaml=config/resalloc/server.yaml + - builder_config=config/backend/.ssh/builder_config + - id_rsa=config/backend/.ssh/id_rsa + name: copr-resalloc +- files: + - nginx.conf=config/backend/nginx.conf + - copr-be.conf=config/backend/copr-be.conf + - builder_config=config/backend/.ssh/builder_config + - id_rsa=config/backend/.ssh/id_rsa + - id_rsa.pub=config/backend/.ssh/id_rsa.pub + - sign.conf=config/backend/sign.conf + name: copr-backend +secretGenerator: +- name: copr-frontend-tls + files: + - cert/tls.crt + - cert/tls.key + type: "kubernetes.io/tls" + namespace: fedora-copr +- name: copr-database + envs: + - config/database/credential.env + type: Opaque + namespace: fedora-copr + options: + labels: + app: copr +namespace: fedora-copr +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +# database image +- name: copr_database:latest + newName: copr_database + newTag: latest +# redis image +- name: centos/redis-32-centos7 + newName: centos/redis-32-centos7 + newTag: latest +# resalloc image +- name: copr_resalloc:latest + newName: copr_resalloc + newTag: latest +# distgit image +- name: copr_distgit-httpd:latest + newName: copr_distgit-httpd + newTag: latest +- name: copr_distgit:latest + newName: copr_distgit + newTag: latest +# keygen image +- name: copr_keygen-httpd:latest + newName: copr_keygen-httpd + newTag: latest +- name: copr_keygen-signd:latest + newName: copr_keygen-signd + newTag: latest +# frontend image +- name: copr_frontend:latest + newName: copr_frontend + newTag: latest +# builder image +- name: copr_builder:latest + newName: copr_builder + newTag: latest +# backend image +- name: copr_backend_httpd:latest + newName: copr_backend_httpd + newTag: latest +- name: copr_backend-log:latest + newName: copr_backend-log + newTag: latest +- name: copr_backend-action:latest + newName: copr_backend-action + newTag: latest +- name: copr_backend-build:latest + newName: copr_backend-build + newTag: latest diff --git a/kubernetes/kustomize/namespace.yaml b/kubernetes/kustomize/namespace.yaml new file mode 100644 index 0000000..281d0dc --- /dev/null +++ b/kubernetes/kustomize/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: fedora-copr diff --git a/kubernetes/kustomize/redis.yaml b/kubernetes/kustomize/redis.yaml new file mode 100644 index 0000000..1fa16e0 --- /dev/null +++ b/kubernetes/kustomize/redis.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-redis +spec: + replicas: 1 + selector: + matchLabels: + component: copr-redis + template: + metadata: + labels: + component: copr-redis + spec: + containers: + - image: centos/redis-32-centos7 + imagePullPolicy: IfNotPresent + name: copr-redis + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - /bin/sh + - -i + - -c + - test "$(redis-cli -h 127.0.0.1 ping)" == "PONG" + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 500Mi + ports: + - containerPort: 6379 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/redis/data + name: redis-data + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: copr-redis-data +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + component: copr-redis + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: copr-redis-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: ssd diff --git a/kubernetes/kustomize/resalloc.yaml b/kubernetes/kustomize/resalloc.yaml new file mode 100644 index 0000000..a2dceaa --- /dev/null +++ b/kubernetes/kustomize/resalloc.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: copr-resalloc +spec: + replicas: 1 + selector: + matchLabels: + component: copr-resalloc + template: + metadata: + labels: + component: copr-resalloc + spec: + containers: + - image: copr_resalloc:latest + imagePullPolicy: IfNotPresent + name: resalloc + livenessProbe: + tcpSocket: + port: 49100 + initialDelaySeconds: 120 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: 49100 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 49100 + protocol: TCP + command: + - /bin/sh + - -c + - | + cp /home/resalloc/provision/local-new-ro /home/resalloc/provision/local-new; + cp /root/.ssh/id_rsa-ro /root/.ssh/id_rsa; + chmod +x /home/resalloc/provision/local-new; + chmod 0400 /root/.ssh/id_rsa; + exec /usr/bin/resalloc-server; + volumeMounts: + - mountPath: /etc/resallocserver/pools.yaml + name: copr-resalloc + subPath: pools.yaml + - mountPath: /etc/resallocserver/server.yaml + name: copr-resalloc + subPath: server.yaml + - mountPath: /home/resalloc/provision/local-new-ro + name: copr-resalloc + subPath: local-new + - mountPath: /root/.ssh/builder_config + name: copr-resalloc + subPath: builder_config + - mountPath: /root/.ssh/id_rsa-ro + name: copr-resalloc + subPath: id_rsa + volumes: + - name: copr-resalloc + configMap: + name: copr-resalloc +--- +apiVersion: v1 +kind: Service +metadata: + name: copr-resalloc +spec: + ports: + - name: resalloc + port: 49100 + protocol: TCP + targetPort: 49100 + selector: + component: copr-resalloc + type: ClusterIP