Patchwork on OpenShift

patchwork.yaml

# Resources:
#
# https://markgituma.medium.com/kubernetes-local-to-production-with-django-3-postgres-with-migrations-on-minikube-31f2baa8926e
# https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
  annotations:
    volume.beta.kubernetes.io/storage-class: standard
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: Secret
metadata:
  name: postgres-secret
data:
  username: dGVzdA==
  password: dGVzdA==
---
apiVersion: v1
kind: Secret
metadata:
  name: patchwork-secret
data:
  DJANGO_SECRET_KEY: dGVzdA==
  # TODO: de-dupe this
  DATABASE_USER: dGVzdA==
  DATABASE_PASSWORD: dGVzdA==
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: patchwork-config
data:
  DJANGO_ALLOWED_HOSTS: "*"
  DJANGO_DEBUG: "true"
  DATABASE_NAME: patchwork
  DATABASE_HOST: postgres-service
  STATIC_ROOT: /var/www/patchwork/
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
data:
  # TODO: We shouldn't be overriding the entire file
  nginx.conf: |
    user nginx;
    worker_processes  3;
    error_log /var/log/nginx/error.log;
    events {
      worker_connections 10240;
    }

    http {
      include mime.types;
      server {
        listen 80;
        server_name  _;

        location = favicon.ico { access_log off; log_not_found off; }

        location /static {
          alias /var/www/patchwork;
          expires 3h;
        }

        location / {
          proxy_pass http://localhost:8000/;
        }
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres-container
  template:
    metadata:
      labels:
        app: postgres-container
    spec:
      containers:
      - name: postgres-container
        image: registry.hub.docker.com/library/postgres:latest
        imagePullPolicy: "IfNotPresent"
        # TODO: Use envFrom and create a ConfigRef for this Deployment
        env:
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              name: postgres-secret
              key: username
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-secret
              key: password
        - name: POSTGRES_DB
          value: patchwork
        - name: PGDATA
          value: /var/lib/postgresql/data/db-files/
        ports:
        - containerPort: 5432
        volumeMounts:
        - name: postgres-volume-mount
          mountPath: /var/lib/postgresql/data
      volumes:
      - name: postgres-volume-mount
        persistentVolumeClaim:
          claimName: postgres-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: patchwork-deployment
  labels:
    app: patchwork
spec:
  replicas: 3
  selector:
    matchLabels:
      app: patchwork-container
  template:
    metadata:
      labels:
        app: patchwork-container
    spec:
      # TODO: These should be Tasks instead of initContainers since the latter
      # run every time
      initContainers:
      - name: migrate
        image: quay.io/stephenfin/patchwork:latest
        imagePullPolicy: IfNotPresent
        command: ["python", "manage.py", "migrate"]
        envFrom:
        - secretRef:
            name: patchwork-secret
        - configMapRef:
            name: patchwork-config
      - name: collectstatic
        image: quay.io/stephenfin/patchwork:latest
        imagePullPolicy: IfNotPresent
        command: ["python", "manage.py", "collectstatic", "--noinput"]
        envFrom:
        - secretRef:
            name: patchwork-secret
        - configMapRef:
            name: patchwork-config
        volumeMounts:
        - name: staticfiles
          mountPath: /var/www/patchwork/
      containers:
      - name: patchwork-container
        image: quay.io/stephenfin/patchwork:latest
        envFrom:
        - secretRef:
            name: patchwork-secret
        - configMapRef:
            name: patchwork-config
        ports:
        - name: patchwork-port
          containerPort: 8000
      - name: nginx-container
        image: registry.hub.docker.com/library/nginx:latest
        imagePullPolicy: "IfNotPresent"
        ports:
        - name: nginx-port
          containerPort: 80
        volumeMounts:
        - name: nginx-conf
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
          readOnly: true
        - name: staticfiles
          mountPath: /var/www/patchwork/
      volumes:
      - name: nginx-conf
        configMap:
          name: nginx-config
          items:
          - key: nginx.conf
            path: nginx.conf
      - name: staticfiles
        emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: postgres-service
spec:
  selector:
    app: postgres-container
  ports:
  - protocol: TCP
    port: 5432
    targetPort: 5432
---
apiVersion: v1
kind: Service
metadata:
  name: patchwork-service
  labels:
    app: patchwork-container
spec:
  selector:
    app: patchwork-container
  ports:
  - port: 80
    targetPort: 80
---
# TODO: I think I should be using a special nginx-type ingress controller?
# TODO: What's the difference between these APIs?
#apiVersion: config.openshift.io/v1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: patchwork-ingress
spec:
  rules:
  - host: hello-world.apps.stephenfin.openshift-psi.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: patchwork-service
            port:
              number: 80