Changes for in-kind contribution JAP-JPG-S3 from NAOJ
#3913
Conversation
There was a problem hiding this comment.
There are some things that can be improved and a few things that I think won't work as currently specified. You can try deploying from this branch with https://phalanx.lsst.io/developers/switch-environment-to-branch.html#switch-an-environment-to-a-branch and https://phalanx.lsst.io/developers/deploy-from-a-branch.html#deploying-from-a-branch-for-development; I will approve once things are actually working.
| @@ -0,0 +1,3 @@ | |||
| fov-quicklook-secret: | |||
There was a problem hiding this comment.
The secret is already named fov-quicklook. This file should contain the keys within the secret like s3_tile_access_key and s3_tile_secret_key.
| - name: QUICKLOOK_s3_tile__access_key | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fov-quicklook-secret |
There was a problem hiding this comment.
The name of the secret should always be the application name (fov-quicklook).
| port: 9500 | ||
| targetPort: 9500 | ||
| --- | ||
| apiVersion: v1 |
| config: | ||
| scopes: | ||
| all: | ||
| - "read:all" |
There was a problem hiding this comment.
read:image is more appropriate, I think.
| - name: DB_PASSWORD | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: quicklook-db |
There was a problem hiding this comment.
I think this is OK for now. Normally for a phalanx application, this would be still in the application secret (fov-quicklook) and there would be a generate clause in the secrets.yaml for it.
| initContainers: | ||
| - name: init-permissions | ||
| image: 'busybox' | ||
| command: ['sh', '-c', 'chown -R 999:999 /var/lib/postgresql/data'] |
There was a problem hiding this comment.
I'm a little concerned that this will cause delays on startup. If nothing else is touching the Postgres data files, can this be limited to doing a chown of the mount path only instead of having -R?
| valueFrom: | ||
| secretKeyRef: | ||
| name: fov-quicklook-secret | ||
| key: s3_repository_acceess_key |
There was a problem hiding this comment.
| key: s3_repository_acceess_key | |
| key: s3_repository_access_key |
There was a problem hiding this comment.
fixed in f0d243d
| path: "{{ .Values.global.vaultSecretsPathPrefix }}/fov-quicklook" | ||
| type: Opaque | ||
| keys: | ||
| - s3_repository_acceess_key |
There was a problem hiding this comment.
| - s3_repository_acceess_key | |
| - s3_repository_access_key |
There was a problem hiding this comment.
fixed in f0d243d
| {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} | ||
| ports: | ||
| - containerPort: 9501 | ||
| securityContext: |
There was a problem hiding this comment.
You should provide the ability to set additional information like resource requests and limits in these deployments. Another thing that may be necessary to configure, especially for the generator, is tolerations.
michitaro
force-pushed
the
u/michitaro/fov-quicklook
branch
from
2745217 to
192b0f8
Compare
|
Thank you for the review. Currently, the generator’s limits.memory is set to 32GiB. |
michitaro
force-pushed
the
u/michitaro/fov-quicklook
branch
from
192b0f8 to
826e75d
Compare
|
Add settings for butler in 826e75d. |
michitaro
force-pushed
the
u/michitaro/fov-quicklook
branch
from
e9b0639 to
1d68dc2
Compare
These changes are for the in-kind contribution JAP-JPG-S3.
I'm discussing the following points with @ktlim :
deploymentinstead ofdaemonset