From af4de4fbd739c99016a0bdab8b1b938c889c1c80 Mon Sep 17 00:00:00 2001 From: Francois Andrieu Date: Mon, 4 Jul 2022 15:17:32 +0200 Subject: [PATCH] mote: Add redis password & liveness probes --- playbooks/openshift-apps/mote.yml | 8 ++++++ .../mote/templates/buildconfig.yml | 4 +++ .../mote/templates/fedmsg-dc.yml | 7 +++++ .../openshift-apps/mote/templates/mote-dc.yml | 27 +++++++++++++++++++ .../mote/templates/mote-worker-dc.yml | 7 ++++- .../mote/templates/redis-dc.yml | 17 +++++++++++- .../mote/templates/redis-is.yml | 18 +++++++++++++ .../openshift-apps/mote/templates/secret.yml | 11 ++++++++ 8 files changed, 97 insertions(+), 2 deletions(-) create mode 100644 roles/openshift-apps/mote/templates/redis-is.yml create mode 100644 roles/openshift-apps/mote/templates/secret.yml diff --git a/playbooks/openshift-apps/mote.yml b/playbooks/openshift-apps/mote.yml index ab95735640..ffa311fc76 100644 --- a/playbooks/openshift-apps/mote.yml +++ b/playbooks/openshift-apps/mote.yml @@ -39,6 +39,10 @@ objectname: fedmsg-dc.yml when: env == "production" + - role: openshift/object + template: redis-is.yml + objectname: redis-is.yml + - role: openshift/object template: redis-dc.yml objectname: redis-dc.yml @@ -55,6 +59,10 @@ template: mote-cm.yml objectname: mote-cm.yml + - role: openshift/object + template: secret.yml + objectname: secret.yml + - role: openshift/object template: fedmsg-cm.yml objectname: fedmsg-cm.yml diff --git a/roles/openshift-apps/mote/templates/buildconfig.yml b/roles/openshift-apps/mote/templates/buildconfig.yml index f29139a014..c2c241621b 100644 --- a/roles/openshift-apps/mote/templates/buildconfig.yml +++ b/roles/openshift-apps/mote/templates/buildconfig.yml @@ -13,7 +13,11 @@ spec: runPolicy: Serial source: git: +{% if env == 'staging' %} + ref: staging +{% else %} ref: main +{% endif %} uri: https://github.com/fedora-infra/mote.git type: Git strategy: diff --git a/roles/openshift-apps/mote/templates/fedmsg-dc.yml b/roles/openshift-apps/mote/templates/fedmsg-dc.yml index 31226bf245..aabdd64113 100644 --- a/roles/openshift-apps/mote/templates/fedmsg-dc.yml +++ b/roles/openshift-apps/mote/templates/fedmsg-dc.yml @@ -23,6 +23,13 @@ spec: env: - name: REDIS_URL value: "redis://redis.{{ app }}.svc.cluster.local" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-password + key: password + - name: FLASK_CACHE_TYPE + value: RedisCache imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /etc/fedora-messaging/config.py diff --git a/roles/openshift-apps/mote/templates/mote-dc.yml b/roles/openshift-apps/mote/templates/mote-dc.yml index 986a929b2f..a1c7b9abee 100644 --- a/roles/openshift-apps/mote/templates/mote-dc.yml +++ b/roles/openshift-apps/mote/templates/mote-dc.yml @@ -6,6 +6,7 @@ metadata: app: mote spec: replicas: 1 + revisionHistoryLimit: 5 selector: app: mote template: @@ -17,6 +18,12 @@ spec: - image: image-registry.openshift-image-registry.svc:5000/mote/mote name: mote imagePullPolicy: IfNotPresent + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-password + key: password volumeMounts: {% if env == 'staging' %} - mountPath: /srv/web/meetbot @@ -35,6 +42,26 @@ spec: requests: cpu: '0' memory: 50Mi + readinessProbe: + httpGet: + path: / + port: 9696 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + httpGet: + path: / + port: 9696 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 volumes: - name: meetbot persistentVolumeClaim: diff --git a/roles/openshift-apps/mote/templates/mote-worker-dc.yml b/roles/openshift-apps/mote/templates/mote-worker-dc.yml index 44c9e678af..ccac248415 100644 --- a/roles/openshift-apps/mote/templates/mote-worker-dc.yml +++ b/roles/openshift-apps/mote/templates/mote-worker-dc.yml @@ -6,6 +6,7 @@ metadata: app: mote-worker spec: replicas: 1 + revisionHistoryLimit: 5 selector: app: mote-worker template: @@ -24,7 +25,11 @@ spec: value: "redis://redis.{{ app }}.svc.cluster.local" - name: LOGLEVEL value: "20" - + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-password + key: password name: mote-worker imagePullPolicy: IfNotPresent volumeMounts: diff --git a/roles/openshift-apps/mote/templates/redis-dc.yml b/roles/openshift-apps/mote/templates/redis-dc.yml index 65de6b610e..901b32248e 100644 --- a/roles/openshift-apps/mote/templates/redis-dc.yml +++ b/roles/openshift-apps/mote/templates/redis-dc.yml @@ -14,7 +14,7 @@ spec: app: redis spec: containers: - - image: registry.redhat.io/rhel9/redis-6 + - image: image-registry.openshift-image-registry.svc:5000/mote/redis name: redis imagePullPolicy: IfNotPresent volumeMounts: @@ -27,7 +27,22 @@ spec: requests: cpu: '0' memory: 200Mi + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-password + key: password volumes: - emptyDir: {} name: redis-data restartPolicy: Always + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + from: + kind: ImageStreamTag + name: redis:latest + containerNames: + - "redis" diff --git a/roles/openshift-apps/mote/templates/redis-is.yml b/roles/openshift-apps/mote/templates/redis-is.yml new file mode 100644 index 0000000000..317388365c --- /dev/null +++ b/roles/openshift-apps/mote/templates/redis-is.yml @@ -0,0 +1,18 @@ +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + name: redis + namespace: mote +spec: + lookupPolicy: + local: false + tags: + - from: + kind: DockerImage + name: registry.redhat.io/rhel9/redis-6:latest + importPolicy: + scheduled: true + name: latest + referencePolicy: + type: Source + diff --git a/roles/openshift-apps/mote/templates/secret.yml b/roles/openshift-apps/mote/templates/secret.yml new file mode 100644 index 0000000000..a345a27be3 --- /dev/null +++ b/roles/openshift-apps/mote/templates/secret.yml @@ -0,0 +1,11 @@ +--- +kind: Secret +apiVersion: v1 +metadata: + name: redis-password +stringData: +{% if env == 'staging' %} + password: {{ stg_mote_redis_password }} +{% else %} + password: {{ prod_mote_redis_password }} +{% endif %}