slococo-uni
/
kube-exam
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use stateful set and fix bugs

This commit is contained in:
Santiago Lo Coco 2023-11-24 10:30:18 -03:00
parent 5736188d4c
commit 96c4fd0611
10 changed files with 151 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -5,4 +5,5 @@ consignas.txt
other other
*.tgz *.tgz
*.crt *.crt
*.key *.key
secrets.yaml

6
README.md
View File

@ -68,6 +68,12 @@ El script `run.sh` automatiza el proceso de implementación para un entorno de `
Verifica la existencia de un release de helm llamado "exam" y lo actualiza o instala según sea necesario. Verifica la existencia de un release de helm llamado "exam" y lo actualiza o instala según sea necesario.
8. **Configuración de Secrets (opcional):**
Para no mantener los secretos en el SVC (si se utiliza uno), se pueden pasar a `helm` mediante un archivo `secrets.yaml` con la opción `-f`. Si existe `./helm/secrets.yaml` (en la carpeta `./helm`, es decir en la misma ubicación que `values.yaml`), se utilizarán estos valores; de lo contrario, se utilizarán los definidos en `values.yaml`. Estos valores sobrescribirán los existentes.
Cabe destacar que al crear `./helm/secrets.yaml`, el script `run.sh` lo detectará automáticamente y lo utilizará al ejecutar `helm`. Por lo tanto, no es necesario realizar acciones adicionales, ya que el script gestionará la detección y el paso de este archivo a `helm`.
### Uso ### Uso
```bash ```bash

20
data/db/create.sql
View File

@ -1,3 +1,21 @@
CREATE DATABASE api_prod; CREATE DATABASE api_prod;
CREATE DATABASE api_dev; CREATE DATABASE api_dev;
CREATE DATABASE api_test; CREATE DATABASE api_test;
\c api_prod;
CREATE TABLE IF NOT EXISTS users (
id SERIAL NOT NULL,
username VARCHAR(128) NOT NULL,
email VARCHAR(128) NOT NULL,
password VARCHAR(255) NOT NULL,
active BOOLEAN NOT NULL,
created_date TIMESTAMP WITHOUT TIME ZONE NOT NULL,
PRIMARY KEY (id)
)
CREATE TABLE IF NOT EXISTS zones (
id SERIAL PRIMARY KEY,
name VARCHAR(128) NOT NULL,
create_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
);

4
data/sample-api-users/src/__init__.py
View File

@ -33,6 +33,4 @@ def create_app(script_info=None):
def ctx(): def ctx():
return {"app": app, "db": db} return {"app": app, "db": db}
with app.app_context(): return app
db.create_all()
return app

12
helm/README.md
View File

@ -135,4 +135,14 @@ Si se quiere actualizar los autogenerados por helm los pasos son:
1) Borrar `exam-crt` 1) Borrar `exam-crt`
2) Hacer upgrade 2) Hacer upgrade
Note que si se hace un upgrade solo NO se regenerará el exam-crt. Esto es esperado ya que sino cada vez que modificamos algo se estará autogenerando un nuevo certificado!! Note que si se hace un upgrade solo NO se regenerará el exam-crt. Esto es esperado ya que sino cada vez que modificamos algo se estará autogenerando un nuevo certificado!!
---
# Race condition:
# https://www.postgresql.org/message-id/CA+TgmoZAdYVtwBfp1FL2sMZbiHCWT4UPrzRLNnX1Nb30Ku3-gg@mail.gmail.com
# with app.app_context():
# db.create_all()
# return app

4
helm/secrets.yaml
View File

@ -1,4 +0,0 @@
secrets:
username: "username"
password: "password1234"
database-url: "postgresql://username:password1234@exam-db/api_prod"

3
helm/templates/secrets.yaml
View File

@ -6,8 +6,7 @@ metadata:
{{- include "exam.labels" . | nindent 4 }} {{- include "exam.labels" . | nindent 4 }}
data: data:
{{- range $key, $val := .Values.secrets }} {{- range $key, $val := .Values.secrets }}
{{- $envKey := $key }} {{ $key }}: {{ required "A value is required, configure .Values.secrets or create secrets.yaml" $val | b64enc | quote }}
{{ $envKey }}: {{ required "$envKey" $val | b64enc | quote }}
{{- end }} {{- end }}
type: Opaque type: Opaque
--- ---

85
helm/templates/stateful.yaml Normal file
View File

@ -0,0 +1,85 @@
{{- range .Values.statefuls }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "exam.fullname" $ }}-{{ .name }}
labels:
app: {{ .name }}
{{- include "exam.labels" $ | nindent 4 }}
spec:
serviceName: {{ include "exam.fullname" $ }}-{{ .name }}
replicas: 1
selector:
matchLabels:
app: {{ .name }}
tier: {{ .tier }}
{{- include "exam.selectorLabels" $ | nindent 6 }}
template:
metadata:
labels:
app: {{ .name }}
tier: {{ .tier }}
{{- include "exam.selectorLabels" $ | nindent 8 }}
spec:
terminationGracePeriodSeconds: {{ default "30" .grace }}
{{- if .initContainer }}
initContainers:
- name: {{ .name }}-init
{{- with .image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
{{- end }}
{{- with .initContainer }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
containers:
- name: {{ .name }}
{{- with .image }}
image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
{{- end }}
ports:
- name: {{ .name }}
containerPort: {{ .port }}
{{- if .env }}
env:
{{- with .env }}
{{- range $key, $val := . }}
{{- if ne "secrets" $key }}
{{- $envKey := $key | upper | replace "-" "_" }}
- name: {{ $envKey }}
value: {{ quote $val }}
{{- else }}
{{- range $key, $val := $val }}
{{- $envKey := $key | upper | replace "-" "_" }}
- name: {{ $envKey }}
valueFrom:
secretKeyRef:
name: {{ include "exam.secrets" $ }}
key: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
resources: {}
livenessProbe:
exec:
{{- toYaml .probe | nindent 14 }}
initialDelaySeconds: 5
readinessProbe:
exec:
{{- toYaml .probe | nindent 14 }}
initialDelaySeconds: 5
{{- if .mountPath }}
volumeMounts:
- mountPath: {{ .mountPath }}
name: {{ .storage }}
{{- end }}
{{- if .mountPath }}
volumes:
- name: {{ .storage }}
persistentVolumeClaim:
claimName: {{ include "exam.pvclaim" $ }}
{{- end }}
{{- end }}

11
helm/values.yaml
View File

@ -51,11 +51,10 @@ services:
tier: *dbTier tier: *dbTier
port: *dbPort port: *dbPort
# secrets.yaml
secrets: secrets:
username: "username" username: ""
password: "password1234" password: ""
database-url: "postgresql://username:password1234@exam-db/api_prod" database-url: ""
pv: pv:
class: local-storage class: local-storage
@ -78,7 +77,6 @@ deployments:
replicas: 3 replicas: 3
initContainer: initContainer:
command: ['/bin/sh', '-c', 'until nc -z exam-db "${EXAM_DB_SERVICE_PORT-5432}"; do sleep 1; done;'] command: ['/bin/sh', '-c', 'until nc -z exam-db "${EXAM_DB_SERVICE_PORT-5432}"; do sleep 1; done;']
# cmd: ['sh', '-c', 'until pg_isready -U username -h exam-db -p 5432; do sleep 1; done']
- client: - client:
name: *clientName name: *clientName
tier: *clientTier tier: *clientTier
@ -86,9 +84,12 @@ deployments:
repository: client repository: client
tag: prod tag: prod
port: 80 port: 80
statefuls:
- db: - db:
name: *dbName name: *dbName
tier: *dbTier tier: *dbTier
grace: 60
env: env:
pgdata: /var/lib/postgresql/data/pgdata pgdata: /var/lib/postgresql/data/pgdata
secrets: secrets:

23
run.sh
View File

@ -10,14 +10,16 @@ postgres_version=
enable_ssl= enable_ssl=
api_replicas= api_replicas=
fluentd=false fluentd=false
seed_db=false
while getopts "ifhp:s:r:" arg; do while getopts "idfhp:s:r:" arg; do
case $arg in case $arg in
i) interactive=true ;; i) interactive=true ;;
p) postgres_version=${OPTARG} ;; p) postgres_version=${OPTARG} ;;
s) enable_ssl=${OPTARG} ;; s) enable_ssl=${OPTARG} ;;
r) api_replicas=${OPTARG} ;; r) api_replicas=${OPTARG} ;;
f) fluentd=true ;; f) fluentd=true ;;
d) seed_db=true ;;
*) usage ;; *) usage ;;
esac esac
done done
@ -36,6 +38,7 @@ if [ "$interactive" == true ]; then
read -p "Do you want to enable SSL? [y/N]: " enable_ssl read -p "Do you want to enable SSL? [y/N]: " enable_ssl
read -p "Enter the number of replicas for the API: " api_replicas read -p "Enter the number of replicas for the API: " api_replicas
read -p "Do you want to enable fluentd? [y/N]: " fluentd read -p "Do you want to enable fluentd? [y/N]: " fluentd
read -p "Do you want to seed the database with some data? [y/N]: " seed_db
fi fi
if [ -n "$postgres_version" ]; then if [ -n "$postgres_version" ]; then
@ -79,9 +82,23 @@ $START_MINIKUBE && minikube addons enable ingress
helm dependency list helm | grep -q "missing" && helm dependency build helm helm dependency list helm | grep -q "missing" && helm dependency build helm
VALUES=("-f" "helm/values.yaml")
if [ "$fluentd" == true ] || [ "$fluentd" == "y" ] || [ "$fluentd" == "Y" ]; then if [ "$fluentd" == true ] || [ "$fluentd" == "y" ] || [ "$fluentd" == "Y" ]; then
VALUES=("-f" "helm/values.yaml" "-f" "helm/fluentd.yaml") VALUES+=("-f" "helm/fluentd.yaml")
[ -f 'helm/secrets.yaml' ] && VALUES+=("-f" "helm/secrets.yaml")
helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]} helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]}
else else
helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam || helm install exam ./helm -n exam [ -f 'helm/secrets.yaml' ] && VALUES+=("-f" "helm/secrets.yaml")
helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]}
fi
if [ -n "$seed_db" ]; then
if [ "$seed_db" == true ] || [ "$seed_db" == "y" ] || [ "$seed_db" == "Y" ]; then
API_POD=$(kubectl get pods -n exam --selector=app=api --template '{{range .items}}{{.metadata.name}}{{break}}{{end}}')
[ -z "$API_POD" ] && exit 1
echo "Waiting for the API pod to start. Please be patient..."
kubectl -n exam wait pod/${API_POD} --for=condition=Ready --timeout=-1s
kubectl -n exam exec -it ${API_POD} -- python manage.py seed_db
fi
fi fi