Created
September 1, 2021 14:56
-
-
Save stephenfin/032d59eadef3e7e849fac6539273f99d to your computer and use it in GitHub Desktop.
Patchwork on OpenShift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Resources: | |
# | |
# https://markgituma.medium.com/kubernetes-local-to-production-with-django-3-postgres-with-migrations-on-minikube-31f2baa8926e | |
# https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/ | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: postgres-pvc | |
annotations: | |
volume.beta.kubernetes.io/storage-class: standard | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: postgres-secret | |
data: | |
username: dGVzdA== | |
password: dGVzdA== | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: patchwork-secret | |
data: | |
DJANGO_SECRET_KEY: dGVzdA== | |
# TODO: de-dupe this | |
DATABASE_USER: dGVzdA== | |
DATABASE_PASSWORD: dGVzdA== | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: patchwork-config | |
data: | |
DJANGO_ALLOWED_HOSTS: "*" | |
DJANGO_DEBUG: "true" | |
DATABASE_NAME: patchwork | |
DATABASE_HOST: postgres-service | |
STATIC_ROOT: /var/www/patchwork/ | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: nginx-config | |
data: | |
# TODO: We shouldn't be overriding the entire file | |
nginx.conf: | | |
user nginx; | |
worker_processes 3; | |
error_log /var/log/nginx/error.log; | |
events { | |
worker_connections 10240; | |
} | |
http { | |
include mime.types; | |
server { | |
listen 80; | |
server_name _; | |
location = favicon.ico { access_log off; log_not_found off; } | |
location /static { | |
alias /var/www/patchwork; | |
expires 3h; | |
} | |
location / { | |
proxy_pass http://localhost:8000/; | |
} | |
} | |
} | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: postgres-deployment | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: postgres-container | |
template: | |
metadata: | |
labels: | |
app: postgres-container | |
spec: | |
containers: | |
- name: postgres-container | |
image: registry.hub.docker.com/library/postgres:latest | |
imagePullPolicy: "IfNotPresent" | |
# TODO: Use envFrom and create a ConfigRef for this Deployment | |
env: | |
- name: POSTGRES_USER | |
valueFrom: | |
secretKeyRef: | |
name: postgres-secret | |
key: username | |
- name: POSTGRES_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: postgres-secret | |
key: password | |
- name: POSTGRES_DB | |
value: patchwork | |
- name: PGDATA | |
value: /var/lib/postgresql/data/db-files/ | |
ports: | |
- containerPort: 5432 | |
volumeMounts: | |
- name: postgres-volume-mount | |
mountPath: /var/lib/postgresql/data | |
volumes: | |
- name: postgres-volume-mount | |
persistentVolumeClaim: | |
claimName: postgres-pvc | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: patchwork-deployment | |
labels: | |
app: patchwork | |
spec: | |
replicas: 3 | |
selector: | |
matchLabels: | |
app: patchwork-container | |
template: | |
metadata: | |
labels: | |
app: patchwork-container | |
spec: | |
# TODO: These should be Tasks instead of initContainers since the latter | |
# run every time | |
initContainers: | |
- name: migrate | |
image: quay.io/stephenfin/patchwork:latest | |
imagePullPolicy: IfNotPresent | |
command: ["python", "manage.py", "migrate"] | |
envFrom: | |
- secretRef: | |
name: patchwork-secret | |
- configMapRef: | |
name: patchwork-config | |
- name: collectstatic | |
image: quay.io/stephenfin/patchwork:latest | |
imagePullPolicy: IfNotPresent | |
command: ["python", "manage.py", "collectstatic", "--noinput"] | |
envFrom: | |
- secretRef: | |
name: patchwork-secret | |
- configMapRef: | |
name: patchwork-config | |
volumeMounts: | |
- name: staticfiles | |
mountPath: /var/www/patchwork/ | |
containers: | |
- name: patchwork-container | |
image: quay.io/stephenfin/patchwork:latest | |
envFrom: | |
- secretRef: | |
name: patchwork-secret | |
- configMapRef: | |
name: patchwork-config | |
ports: | |
- name: patchwork-port | |
containerPort: 8000 | |
- name: nginx-container | |
image: registry.hub.docker.com/library/nginx:latest | |
imagePullPolicy: "IfNotPresent" | |
ports: | |
- name: nginx-port | |
containerPort: 80 | |
volumeMounts: | |
- name: nginx-conf | |
mountPath: /etc/nginx/nginx.conf | |
subPath: nginx.conf | |
readOnly: true | |
- name: staticfiles | |
mountPath: /var/www/patchwork/ | |
volumes: | |
- name: nginx-conf | |
configMap: | |
name: nginx-config | |
items: | |
- key: nginx.conf | |
path: nginx.conf | |
- name: staticfiles | |
emptyDir: {} | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: postgres-service | |
spec: | |
selector: | |
app: postgres-container | |
ports: | |
- protocol: TCP | |
port: 5432 | |
targetPort: 5432 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: patchwork-service | |
labels: | |
app: patchwork-container | |
spec: | |
selector: | |
app: patchwork-container | |
ports: | |
- port: 80 | |
targetPort: 80 | |
--- | |
# TODO: I think I should be using a special nginx-type ingress controller? | |
# TODO: What's the difference between these APIs? | |
#apiVersion: config.openshift.io/v1 | |
apiVersion: networking.k8s.io/v1 | |
kind: Ingress | |
metadata: | |
name: patchwork-ingress | |
spec: | |
rules: | |
- host: hello-world.apps.stephenfin.openshift-psi.com | |
http: | |
paths: | |
- pathType: Prefix | |
path: "/" | |
backend: | |
service: | |
name: patchwork-service | |
port: | |
number: 80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment