From 6c0d78ee7890fdaabcf6c2f204098ae901eae9fb Mon Sep 17 00:00:00 2001 From: Isac Petruzzi Date: Wed, 20 Feb 2019 17:46:07 +0100 Subject: [PATCH 1/2] reinstate readinessProbe in production.yml --- hokusai/production.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/hokusai/production.yml b/hokusai/production.yml index 28b766c1c34..42b9f151d6b 100644 --- a/hokusai/production.yml +++ b/hokusai/production.yml @@ -33,15 +33,16 @@ spec: imagePullPolicy: Always ports: - containerPort: 5000 - # readinessProbe: - # httpGet: - # port: 5000 - # path: /system/up - # httpHeaders: - # - name: X-FORWARDED-PROTO - # value: https - # initialDelaySeconds: 5 - # periodSeconds: 5 + readinessProbe: + httpGet: + port: 5000 + path: /system/up + httpHeaders: + - name: X-FORWARDED-PROTO + value: https + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 10 resources: requests: cpu: 700m From f143cb8b7a2794377adeaabcda60c4e7b2dee458 Mon Sep 17 00:00:00 2001 From: Isac Petruzzi Date: Wed, 20 Feb 2019 17:48:53 +0100 Subject: [PATCH 2/2] remove force-nginx --- hokusai/production.yml | 153 +---------------------------------------- 1 file changed, 2 insertions(+), 151 deletions(-) diff --git a/hokusai/production.yml b/hokusai/production.yml index 42b9f151d6b..aa9b3d2f4aa 100644 --- a/hokusai/production.yml +++ b/hokusai/production.yml @@ -49,155 +49,6 @@ spec: memory: 1Gi limits: memory: 1.5Gi - - name: force-nginx - image: artsy/docker-nginx:latest - ports: - - containerPort: 8080 - lifecycle: - preStop: - exec: - command: ["/usr/sbin/nginx", "-s", "quit"] - env: - - name: "NGINX_DEFAULT_CONF" - value: > - upstream force { - server 127.0.0.1:5000; - } - map $http_referer $bad_referer { - hostnames; - - default 0; - - # Put regexes for undesired referers here - "~youtube.com" 1; - "~yahoo.com" 1; - "~bing.com" 1; - } - log_format postdata '$http_x_forwarded_for - $remote_user [$time_local] ' - '"$request" $status $bytes_sent ' - '"$http_referer" "$http_user_agent" [$request_body]'; - server { - listen *:8080; - access_log /var/log/nginx/access.log postdata; - location /log_in { - if ($bad_referer) { - return 403; - } - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/log_in; - } - location /sign_up { - if ($bad_referer) { - return 403; - } - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/sign_up; - } - location /clear-cache { - if ($bad_referer) { - return 403; - } - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/clear-cache; - } - location /about/sms { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/about/sms; - } - location /forgot_password { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/forgot_password; - } - location /gallery-insights/form { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/gallery-insights/form; - } - location /unsupported-browser { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/unsupported-browser; - } - location /venice-biennale/sms { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/venice-biennale/sms; - } - location /artsy-primer/set-sailthru { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/artsy-primer/set-sailthru; - } - location /oauth2/access_token { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/oauth2/access_token; - } - location /signup/editorial { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force/signup/editorial; - } - location /news/artsy-editorial-belgian-authorities-reportedly-investigating-two-brothers-smuggled-antiquities-syria { - deny all; - } - location /artwork/xavier-veilhan-light-machine-music { - deny all; - } - location / { - if ($request_method = POST) { - return 403; - } - if ($bad_referer) { - return 403; - } - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto "https"; - proxy_redirect off; - proxy_read_timeout 60; - proxy_send_timeout 60; - proxy_pass http://force; - } - } dnsPolicy: Default affinity: nodeAffinity: @@ -235,11 +86,11 @@ spec: - port: 443 protocol: TCP name: https - targetPort: 8080 + targetPort: 5000 - port: 80 protocol: TCP name: http - targetPort: 8080 + targetPort: 5000 selector: app: force layer: application