kubernetes/deployment-staging.tmpl
apiVersion: v1
data:
nginx.conf: |+
upstream docker-talk {
server localhost:81;
}
server {
server_name talk-staging.zooniverse.org;
include /etc/nginx/ssl.default.conf;
proxy_buffer_size 8k;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
location = /commit_id.txt {
root /static-assets/;
expires off;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, HEAD';
add_header 'Access-Control-Allow-Credentials' 'true';
}
location / {
proxy_pass http://docker-talk;
}
}
kind: ConfigMap
metadata:
name: talk-nginx-conf-staging
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talk-staging-app
labels:
app: talk-staging-app
spec:
selector:
matchLabels:
app: talk-staging-app
template:
metadata:
labels:
app: talk-staging-app
spec:
containers:
- name: talk-staging-app
image: ghcr.io/zooniverse/talk-api:__IMAGE_TAG__
resources:
requests:
memory: "150Mi"
cpu: "100m"
limits:
memory: "250Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /
port: 81
httpHeaders:
- name: X-Forwarded-Proto
value: https
- name: Accept
value: application/json
readinessProbe:
httpGet:
path: /
port: 81
httpHeaders:
- name: X-Forwarded-Proto
value: https
- name: Accept
value: application/json
initialDelaySeconds: 20
envFrom:
- secretRef:
name: talk-common-env-vars
- secretRef:
name: talk-staging-env-vars
- configMapRef:
name: talk-staging-shared
volumeMounts:
- name: static-assets
mountPath: "/static-assets"
lifecycle:
postStart:
exec:
command: ["/bin/bash", "-c", "cp -R /rails_app/public/* /static-assets"]
- name: talk-staging-nginx
image: zooniverse/nginx
resources:
requests:
memory: "30Mi"
cpu: "10m"
limits:
memory: "100Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /
port: 80
httpHeaders:
- name: X-Forwarded-Proto
value: https
- name: Accept
value: application/json
initialDelaySeconds: 10
readinessProbe:
httpGet:
path: /
port: 80
httpHeaders:
- name: X-Forwarded-Proto
value: https
- name: Accept
value: application/json
initialDelaySeconds: 20
lifecycle:
preStop:
exec:
# SIGTERM triggers a quick exit; gracefully terminate instead
command: ["/usr/sbin/nginx","-s","quit"]
ports:
- containerPort: 80
volumeMounts:
- name: static-assets
mountPath: "/static-assets"
- name: talk-nginx-config
mountPath: "/etc/nginx-sites"
volumes:
- name: static-assets
hostPath:
# directory location on host node temp disk
path: /mnt/talk-staging-app-static-assets
type: DirectoryOrCreate
- name: talk-nginx-config
configMap:
name: talk-nginx-conf-staging
---
apiVersion: v1
kind: ConfigMap
metadata:
name: talk-staging-shared
data:
RAILS_ENV: staging
AWS_DEFAULT_REGION: us-east-1
MAILER_ADDRESS: 'email-smtp.us-east-1.amazonaws.com'
MAILER_ENABLE_STARTTLS_AUTO: 'true'
MAILER_PORT: '587'
MAILER_DOMAIN: zooniverse.org
MAILER_AUTHENTICATION: plain
MARKDOWN_HOST: 'http://markdown-api:2998'
NEW_RELIC_APP_NAME: 'Talk API (Staging)'
SIDEKIQ_CONCURRENCY: '2'
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: talk-staging-app
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: talk-staging-app
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
---
apiVersion: v1
kind: Service
metadata:
name: talk-staging-app
spec:
selector:
app: talk-staging-app
ports:
- protocol: TCP
port: 80
targetPort: 80
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talk-staging-sidekiq
labels:
app: talk-staging-sidekiq
spec:
selector:
matchLabels:
app: talk-staging-sidekiq
template:
metadata:
labels:
app: talk-staging-sidekiq
spec:
containers:
- name: talk-staging-sidekiq
image: ghcr.io/zooniverse/talk-api:__IMAGE_TAG__
resources:
requests:
memory: "200Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- /rails_app/docker/sidekiq_status
initialDelaySeconds: 20
args: ["/rails_app/docker/start-sidekiq.sh"]
envFrom:
- secretRef:
name: talk-common-env-vars
- secretRef:
name: talk-staging-env-vars
- configMapRef:
name: talk-staging-shared
volumeMounts:
- mountPath: /tmp
name: talk-staging-dumpworker-data
volumes:
- name: talk-staging-dumpworker-data
hostPath:
# directory location on host node temp disk
path: /mnt/talk-staging-dumpworker-data
type: DirectoryOrCreate
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: talk-staging-redis
spec:
accessModes:
- ReadWriteOnce
storageClassName: azurefile
resources:
requests:
storage: 1Gi
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: talk-staging-sidekiq
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: talk-staging-sidekiq
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talk-staging-redis
labels:
app: talk-staging-redis
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: talk-staging-redis
template:
metadata:
labels:
app: talk-staging-redis
spec:
tolerations:
- key: "servicelife"
operator: "Equal"
value: "longlife"
effect: "NoSchedule"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: servicelife
operator: In
values:
- longlife
initContainers:
- name: disable-thp
image: busybox
volumeMounts:
- name: host-sys
mountPath: /host-sys
command: ["sh", "-c", "echo never >/host-sys/kernel/mm/transparent_hugepage/enabled"]
containers:
- name: talk-staging-redis
image: redis:6.0.5
resources:
requests:
memory: "100Mi"
cpu: "10m"
limits:
memory: "100Mi"
cpu: "500m"
volumeMounts:
- name: talk-staging-redis-data
mountPath: "/data"
volumes:
- name: talk-staging-redis-data
persistentVolumeClaim:
claimName: talk-staging-redis
- name: host-sys
hostPath:
path: /sys
---
apiVersion: v1
kind: Service
metadata:
name: talk-staging-redis
spec:
selector:
app: talk-staging-redis
ports:
- protocol: TCP
port: 6379
targetPort: 6379
type: NodePort
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: talk-staging-tls
labels:
use-azuredns-solver: "true"
spec:
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
secretName: talk-staging-tls
dnsNames:
- talk-staging.zooniverse.org
- talk-staging.azure.zooniverse.org
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: talk-staging-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
nginx.ingress.kubernetes.io/set-real-ip-from: "10.0.0.0/8"
spec:
tls:
- hosts:
- talk-staging.zooniverse.org
- talk-staging.azure.zooniverse.org
secretName: talk-staging-tls
rules:
- host: talk-staging.zooniverse.org
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: talk-staging-app
port:
number: 80
- host: talk-staging.azure.zooniverse.org
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: talk-staging-app
port:
number: 80