openfun · claudusd · Mar 18, 2024 · Mar 18, 2024 · Mar 18, 2024 · Mar 18, 2024
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+*/*.tgz
diff --git a/jenny/.helmignore b/jenny/.helmignore
@@ -0,0 +1 @@
+jenny-*.tgz
diff --git a/jenny/templates/_helpers.tpl b/jenny/templates/_helpers.tpl
@@ -77,6 +77,13 @@ service: app
   value: "{{ .Values.django.db.host }}"
 - name: "DB_PORT"
   value: "{{ .Values.django.db.port }}"
+{{- range $key, $val := .Values.env.secret }}
+- name: {{ $val.envName }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $val.secretName }}
+      key: {{ $val.keyName }}
+{{- end }}
 {{- end }}
 
 {{- define "django.imagePullSecrets" -}}

diff --git a/jenny/templates/configmap.yaml b/jenny/templates/configmap.yaml
@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "jenny.fullname" . }}-nginx"
+data:
+  config: |
+    # nginx.conf
+    user nobody nogroup;
+    # 'user nobody nobody;' for systems with 'nobody' as a group instead
+    error_log  /var/log/nginx/error.log warn;
+    pid /var/run/nginx.pid;
+
+    events {
+      worker_connections 1024; # increase if you have lots of clients
+      accept_mutex off; # set to 'on' if nginx worker_processes > 1
+      # 'use epoll;' to enable for Linux 2.6+
+      # 'use kqueue;' to enable for FreeBSD, OSX
+    }
+
+    http {
+        upstream django_app {
+            server localhost:{{ .Values.django.port }};
+        }
+
+        server {
+            listen {{ .Values.nginx.port }};
+
+            root /usr/share/nginx;
+            location / {
+              # checks for static file, if not found proxy to app
+              try_files $uri @proxy_to_app;
+            }
+
+            location @proxy_to_app {
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header Host $host;
+                proxy_redirect off;
+                proxy_pass http://django_app;
+            }
+        }
+
+        server {
+          listen 5000;
+          server_name localhost;
+
+          location /__status__ {
+            stub_status;
+            allow 127.0.0.1;
+            deny all;
+            access_log off;
+          }
+
+        }
+
+        include /etc/nginx/mime.types;
+    }
diff --git a/jenny/templates/deployment.yaml b/jenny/templates/deployment.yaml
@@ -1,7 +1,8 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "jenny.fullname" . }}
+  name: "{{ template "jenny.fullname" . }}"
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "jenny.labels" . | nindent 4 }}
@@ -22,43 +23,91 @@ spec:
         {{- include "jenny.selectorLabels" . | nindent 8 }}
     spec:
       {{- include "django.imagePullSecrets" . | nindent 6 }}
-      securityContext:
-        {{- toYaml .Values.securityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
+      initContainers:
+        - name: "{{ .Chart.Name }}-collectstatic"
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command:
-            {{- toYaml .Values.django.command | nindent 12 }}
+            - "python"
+            - "manage.py"
+            - "collectstatic"
+            - "--no-input"
+          volumeMounts:
+            - name: "static"
+              mountPath: /app/static
+      containers:
+        - name: "{{ .Chart.Name }}-django"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           livenessProbe:
             httpGet:
-              path: /__lbheartbeat__
+              path: /__heartbeat__
               port: {{ .Values.django.port }}
+              httpHeaders:
+                - name: "Host"
+                  value: "{{ .Values.ingress.host}}"
             initialDelaySeconds: 15
             periodSeconds: 30
           readinessProbe:
             httpGet:
-              path: /__heartbeat__
+              path: /__lbheartbeat__
               port: {{ .Values.django.port }}
+              httpHeaders:
+                - name: "Host"
+                  value: "{{ .Values.ingress.host}}"
             initialDelaySeconds: 5
             periodSeconds: 5
+          startupProbe:
+            exec:
+              command:
+                - python3
+                - manage.py
+                - migrate
+                - --check
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 30
           env:
             {{- include "jenny.envs" . | nindent 12 }}
+            - name: "UWSGI_PORT"
+              value: "{{ .Values.django.port }}"
           {{- if .Values.persistence.enabled }}
           volumeMounts:
-            - name: {{ .Values.volumes.static.name }}
-              mountPath: {{ .Values.volumes.static.mountPath }}
+            - name: static
+              mountPath: /app/static
             - name: {{ .Values.volumes.media.name }}
               mountPath: {{ .Values.volumes.media.mountPath }}
+        - name: "{{ .Chart.Name }}-nginx"
+          image: nginx:1.25.4-alpine
+          volumeMounts:
+            - name: "static"
+              mountPath: /usr/share/nginx/static
+            - name: {{ .Values.volumes.media.name }}
+              mountPath: /usr/share/nginx/media
+            - name: nginx
+              mountPath: /etc/nginx
+              readOnly: true
+          livenessProbe:
+            httpGet:
+              path: /__status__
+              port: 5000
+            initialDelaySeconds: 15
+            periodSeconds: 30
       volumes:
-        - name: {{ .Values.volumes.static.name }}
-          persistentVolumeClaim:
-            claimName: {{ .Values.volumes.static.claimName }}
         - name: {{ .Values.volumes.media.name }}
           persistentVolumeClaim:
             claimName: {{ .Values.volumes.media.claimName }}
+        - name: nginx
+          configMap:
+            items:
+              - key: config
+                path: nginx.conf
+            name: "{{ .Chart.Name }}-nginx"
+        - name: "static"
+          emptyDir:
+            sizeLimit: 50Mi
       {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
@@ -71,4 +120,4 @@ spec:
       {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+      {{- end }}
diff --git a/jenny/templates/ingress.yaml b/jenny/templates/ingress.yaml
@@ -13,16 +13,26 @@ metadata:
     {{- if .Values.commonAnnotations }}
     {{- toYaml .Values.commonAnnotations | nindent 4 }}
     {{- end }}
+    {{- if .Values.ingress.annotations }}
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+    {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.class_name }}
+  {{- if $.Values.ingress.tls.enabled }}
+  tls:
+  - hosts:
+      - {{ $.Values.ingress.host }}
+    secretName: {{ $.Values.ingress.tls.certificateSecretName }}
+  {{- end }}
   rules:
-    - http:
+    - host: {{ .Values.ingress.host }}
+      http:
         paths:
           - path: /
             pathType: Prefix
             backend:
               service:
                 name: {{ include "jenny.fullname" . }}-service
                 port:
-                  number: {{ .Values.service.port }}
+                  number: {{ .Values.nginx.port }}
 {{- end }}
diff --git a/jenny/templates/jobs.yaml b/jenny/templates/jobs.yaml
@@ -1,4 +1,5 @@
 {{- range .Values.django.jobs }}
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -13,7 +14,7 @@ metadata:
 {{- if $.Values.commonAnnotations }}
 {{- toYaml $.Values.commonAnnotations | nindent 4 }}
 {{- end }}
-    "helm.sh/hook": pre-upgrade, pre-install
+    "helm.sh/hook": post-upgrade,post-install
     "helm.sh/hook-weight": "0"
 spec:
   template:
@@ -22,9 +23,6 @@ spec:
         app.kubernetes.io/component: django
     spec:
       {{- include "django.imagePullSecrets" $ | nindent 6 }}
-      {{- if $.Values.podSecurityContext }}
-      securityContext: {{- toYaml $.Values.podSecurityContext | nindent 8 }}
-      {{- end }}
       containers:
         - name: django-{{ .name }}
           image: {{ $.Values.image.repository }}:{{ $.Values.image.tag }}
@@ -35,19 +33,12 @@ spec:
           {{- if $.Values.resources }}
           resources: {{ toYaml $.Values.resources | nindent 12 }}
           {{- end }}
-          {{- if $.Values.persistence.enabled }}
           volumeMounts:
-            - name: {{ $.Values.volumes.static.name }}
-              mountPath: {{ $.Values.volumes.static.mountPath }}
             - name: {{ $.Values.volumes.media.name }}
               mountPath: {{ $.Values.volumes.media.mountPath }}
       volumes:
-        - name: {{ $.Values.volumes.static.name }}
-          persistentVolumeClaim:
-            claimName: {{ $.Values.volumes.static.claimName }}
         - name: {{ $.Values.volumes.media.name }}
           persistentVolumeClaim:
             claimName: {{ $.Values.volumes.media.claimName }}
-          {{- end }}
       restartPolicy: Never
 {{- end }}
diff --git a/jenny/templates/pvc.yaml b/jenny/templates/pvc.yaml
@@ -13,19 +13,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.size }}
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Values.volumes.static.claimName }}
-  namespace: {{ .Release.Namespace | quote }}
-spec:
-  accessModes:
-  {{ with .Values.persistence.accessModes }}
-    {{- toYaml . | indent 4 }}
-  {{- end }}
-  storageClassName: {{ .Values.persistence.storageClass }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}
 {{- end }}
diff --git a/jenny/templates/service.yaml b/jenny/templates/service.yaml
@@ -3,13 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "jenny.fullname" . }}-service
-  namespace: {{ .Values.namespace }}
   labels: {{- include "jenny.labels" . | nindent 4 }}
 spec:
   ports:
-    - name: "{{ .Values.service.port }}-tcp"
-      port: {{ .Values.service.port }}
-      targetPort: {{ .Values.django.port }}
+    - name: "{{ .Values.nginx.port }}-tcp"
+      port: {{ .Values.nginx.port }}
+      targetPort: {{ .Values.nginx.port }}
       protocol: TCP
       {{- if (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.service.nodePort.http }}

diff --git a/jenny/values.yaml b/jenny/values.yaml
@@ -10,11 +10,7 @@ image:
 
 replicaCount: 1
 
-imagePullSecrets: ["regcred"]
-
-securityContext:
-  runAsUser: 1000
-  runAsGroup: 1000
+imagePullSecrets: []
 
 podAnnotations: {}
 
@@ -27,6 +23,10 @@ service:
 ingress:
   enabled: true
   class_name: "nginx"
+  annotations: {}
+  tls:
+    enabled: false
+    certificateSecretName: jenny-certificate
 
 persistence:
   enabled: true
@@ -59,13 +59,7 @@ nodeSelector: {}
 
 tolerations: []
 
-resources: {}
-
 volumes:
-  static:
-    name: "jenny-static"
-    claimName: "jenny-static-pvc"
-    mountPath: "/app/static"
   media:
     name: "jenny-media"
     claimName: "jenny-media-pvc"
@@ -74,10 +68,6 @@ volumes:
 django:
   fullname: jenny
   port: 8080
-  command:
-    - uwsgi
-    - "--http=:8080"
-    - "--module=jenny.wsgi"
   settings: "jenny.settings"
   configuration: "Base"
   allowed_hosts: "*"
@@ -89,5 +79,10 @@ django:
   jobs:
     - name: dbmigrate
       command: ["python", "manage.py", "migrate", "--no-input"]
-    - name: collectstatic
-      command: ["python", "manage.py", "collectstatic", "--no-input"]
+  resources: {}
+
+nginx:
+  port: 8000
+
+env:
+  secret: []