mote: Add redis password & liveness probes

2022-07-04 15:17:32 +02:00 · 2022-07-04 15:17:32 +02:00 · af4de4fbd7
commit af4de4fbd7
parent c287d34d44
8 changed files with 97 additions and 2 deletions
--- a/playbooks/openshift-apps/mote.yml
+++ b/playbooks/openshift-apps/mote.yml
@ -39,6 +39,10 @@
    objectname: fedmsg-dc.yml
    when: env == "production"

+  - role: openshift/object
+    template: redis-is.yml
+    objectname: redis-is.yml
+
  - role: openshift/object
    template: redis-dc.yml
    objectname: redis-dc.yml
@ -55,6 +59,10 @@
    template: mote-cm.yml
    objectname: mote-cm.yml

+  - role: openshift/object
+    template: secret.yml
+    objectname: secret.yml
+
  - role: openshift/object
    template: fedmsg-cm.yml
    objectname: fedmsg-cm.yml
--- a/roles/openshift-apps/mote/templates/buildconfig.yml
+++ b/roles/openshift-apps/mote/templates/buildconfig.yml
@ -13,7 +13,11 @@ spec:
  runPolicy: Serial
  source:
    git:
+{% if env == 'staging' %}
+      ref: staging
+{% else %}
      ref: main
+{% endif %}
      uri: https://github.com/fedora-infra/mote.git
    type: Git
  strategy:
--- a/roles/openshift-apps/mote/templates/fedmsg-dc.yml
+++ b/roles/openshift-apps/mote/templates/fedmsg-dc.yml
@ -23,6 +23,13 @@ spec:
        env:
        - name: REDIS_URL
          value: "redis://redis.{{ app }}.svc.cluster.local"
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-password
+              key: password
+        - name: FLASK_CACHE_TYPE
+          value: RedisCache
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - mountPath: /etc/fedora-messaging/config.py
--- a/roles/openshift-apps/mote/templates/mote-dc.yml
+++ b/roles/openshift-apps/mote/templates/mote-dc.yml
@ -6,6 +6,7 @@ metadata:
    app: mote
 spec:
  replicas: 1
+  revisionHistoryLimit: 5
  selector:
    app: mote
  template:
@ -17,6 +18,12 @@ spec:
      - image: image-registry.openshift-image-registry.svc:5000/mote/mote
        name: mote
        imagePullPolicy: IfNotPresent
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-password
+              key: password
        volumeMounts:
 {% if env == 'staging' %}
        - mountPath: /srv/web/meetbot
@ -35,6 +42,26 @@ spec:
          requests:
            cpu: '0'
            memory: 50Mi
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 9696
+            scheme: HTTP
+          initialDelaySeconds: 5
+          timeoutSeconds: 1
+          periodSeconds: 30
+          successThreshold: 1
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 9696
+            scheme: HTTP
+          initialDelaySeconds: 5
+          timeoutSeconds: 1
+          periodSeconds: 30
+          successThreshold: 1
+          failureThreshold: 3
      volumes:
      - name: meetbot
        persistentVolumeClaim:
--- a/roles/openshift-apps/mote/templates/mote-worker-dc.yml
+++ b/roles/openshift-apps/mote/templates/mote-worker-dc.yml
@ -6,6 +6,7 @@ metadata:
    app: mote-worker
 spec:
  replicas: 1
+  revisionHistoryLimit: 5
  selector:
    app: mote-worker
  template:
@ -24,7 +25,11 @@ spec:
          value: "redis://redis.{{ app }}.svc.cluster.local"
        - name: LOGLEVEL
          value: "20"
-
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-password
+              key: password
        name: mote-worker
        imagePullPolicy: IfNotPresent
        volumeMounts:
--- a/roles/openshift-apps/mote/templates/redis-dc.yml
+++ b/roles/openshift-apps/mote/templates/redis-dc.yml
@ -14,7 +14,7 @@ spec:
        app: redis
    spec:
      containers:
-      - image: registry.redhat.io/rhel9/redis-6
+      - image: image-registry.openshift-image-registry.svc:5000/mote/redis
        name: redis
        imagePullPolicy: IfNotPresent
        volumeMounts:
@ -27,7 +27,22 @@ spec:
          requests:
            cpu: '0'
            memory: 200Mi
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-password
+              key: password
      volumes:
      - emptyDir: {}
        name: redis-data
      restartPolicy: Always
+  triggers:
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      from:
+        kind: ImageStreamTag
+        name: redis:latest
+      containerNames:
+      - "redis"
--- a/roles/openshift-apps/mote/templates/redis-is.yml
+++ b/roles/openshift-apps/mote/templates/redis-is.yml
@ -0,0 +1,18 @@
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  name: redis
+  namespace: mote
+spec:
+  lookupPolicy:
+    local: false
+  tags:
+  - from:
+      kind: DockerImage
+      name: registry.redhat.io/rhel9/redis-6:latest
+    importPolicy:
+      scheduled: true
+    name: latest
+    referencePolicy:
+      type: Source
+
--- a/roles/openshift-apps/mote/templates/secret.yml
+++ b/roles/openshift-apps/mote/templates/secret.yml
@ -0,0 +1,11 @@
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  name: redis-password
+stringData:
+{% if env == 'staging' %}
+  password: {{ stg_mote_redis_password }}
+{% else %}
+  password: {{ prod_mote_redis_password }}
+{% endif %}