diff --git a/.circleci/config.yml b/.circleci/config.yml index 5ba48f3a..0e17a8f4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -133,7 +133,7 @@ jobs: command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circleci\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 @@ -190,7 +190,7 @@ jobs: command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circleci\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}\"" >> $BASH_ENV - run: name: "Update Kubernetes Deployment" command: ./deploy/kubernetes/atst-update-deploy.sh diff --git a/atst/app.py b/atst/app.py index ac3ed9b3..cad01fea 100644 --- a/atst/app.py +++ b/atst/app.py @@ -46,7 +46,8 @@ def make_app(config): app.config.update({"SESSION_REDIS": app.redis}) make_flask_callbacks(app) - make_crl_validator(app) + if app.config.get("REQUIRE_CRLS"): + make_crl_validator(app) register_filters(app) make_eda_client(app) make_upload_storage(app) @@ -99,6 +100,7 @@ def map_config(config): "PERMANENT_SESSION_LIFETIME": config.getint( "default", "PERMANENT_SESSION_LIFETIME" ), + "REQUIRE_CRLS": config.getboolean("default", "REQUIRE_CRLS"), "RQ_REDIS_URL": config["default"]["REDIS_URI"], "RQ_QUEUES": ["atat_{}".format(ENV.lower())], } diff --git a/config/base.ini b/config/base.ini index 5fa7ec6e..491ab0e4 100644 --- a/config/base.ini +++ b/config/base.ini @@ -15,6 +15,7 @@ PGPORT = 5432 PGUSER = postgres PORT=8000 REDIS_URI = redis://localhost:6379 +REQUIRE_CRLS = true SECRET = change_me_into_something_secret SECRET_KEY = change_me_into_something_secret SESSION_COOKIE_NAME=atat diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh index 75b3f6d6..ba9452f8 100755 --- a/deploy/kubernetes/atst-update-deploy.sh +++ b/deploy/kubernetes/atst-update-deploy.sh @@ -45,12 +45,14 @@ kubectl config current-context # Update the ATST deployment kubectl -n atat set image deployment.apps/atst atst="${IMAGE_NAME}" +kubectl -n atat set image deployment.apps/atst-worker atst-worker="${IMAGE_NAME}" # Wait for deployment to finish if ! timeout -t "${MAX_DEPLOY_WAIT}" -s INT kubectl -n atat rollout status deployment/atst then # Deploy did not finish before max wait time; abort and rollback the deploy kubectl -n atat rollout undo deployment/atst + kubectl -n atat rollout undo deployment/atst-worker # Exit with a non-zero return code exit 2 fi diff --git a/deploy/kubernetes/atst-worker-envvars-configmap.yml b/deploy/kubernetes/atst-worker-envvars-configmap.yml new file mode 100644 index 00000000..0f3ec5e8 --- /dev/null +++ b/deploy/kubernetes/atst-worker-envvars-configmap.yml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: atst-worker-envvars + namespace: atat +data: + REQUIRE_CRLS: "False" diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index 666b79b6..a9d6dca2 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -24,7 +24,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:76854ac + image: registry.atat.codes:443/atst-prod:5550eed2 resources: requests: memory: "2500Mi" @@ -125,6 +125,51 @@ spec: emptyDir: medium: Memory --- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: atst + name: atst-worker + namespace: atat +spec: + replicas: 1 + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: atst + spec: + securityContext: + fsGroup: 101 + containers: + - name: atst-worker + image: registry.atat.codes:443/atst-prod:5550eed2 + args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] + resources: + requests: + memory: "500Mi" + envFrom: + - configMapRef: + name: atst-envvars + - configMapRef: + name: atst-worker-envvars + volumeMounts: + - name: atst-config + mountPath: "/opt/atat/atst/atst-overrides.ini" + subPath: atst-overrides.ini + imagePullSecrets: + - name: regcred + volumes: + - name: atst-config + secret: + secretName: atst-config-ini + items: + - key: override.ini + path: atst-overrides.ini + mode: 0644 +--- apiVersion: v1 kind: Service metadata: diff --git a/script/rq_worker b/script/rq_worker new file mode 100755 index 00000000..7b5a0276 --- /dev/null +++ b/script/rq_worker @@ -0,0 +1,11 @@ +#!/bin/bash + +# script/rq_worker: Launch the Flask-RQ worker + +source "$(dirname "${0}")"/../script/include/global_header.inc.sh + +# Before starting the server, apply any pending migrations to the DB +migrate_db + +# Launch the worker +run_command "flask rq worker"