tomekwojcik/hotpocket
1
0
Fork 0
Code Actions Releases 16 Wiki Activity

BTHLABS-66: Prepping for public release: Take one

Browse Source
This commit is contained in:
Tomek Wójcik
2025-11-18 20:47:07 +01:00
parent 16a9c73624
commit 20fa33abeb
84 changed files with 839 additions and 631 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
deployment/hotpocket_bthlab/resources/backend/admin-ingress.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backend-admin-ingress
namespace: hotpocket-development
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "web"
spec:
rules:
- host: admin.hotpocket.bthlab.bthlabs.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend-admin-service
port:
name: http

14
deployment/hotpocket_bthlab/resources/backend/admin-service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: backend-admin-service
namespace: hotpocket-development
spec:
type: ClusterIP
selector:
app.kubernetes.io/app: backend-admin
ports:
- name: http
protocol: TCP
port: 8000
targetPort: http

99
deployment/hotpocket_bthlab/resources/backend/admin.yaml Normal file
View File

@@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-admin
namespace: hotpocket-development
labels:
app.kubernetes.io/app: backend-admin
spec:
minReadySeconds: 30
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/app: backend-admin
template:
metadata:
labels:
app.kubernetes.io/app: backend-admin
spec:
containers:
- name: app
image: hotpocket-backend:latest
args:
- "/srv/venv/bin/gunicorn"
- "-c"
- "/srv/lib/gunicorn.conf.py"
- "hotpocket_backend.wsgi:application"
envFrom:
- configMapRef:
name: backend-base-config
- configMapRef:
name: backend-admin-config
env:
- name: VAULT_URL
valueFrom:
secretKeyRef:
name: backend-vault
key: url
- name: VAULT_ROLE_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: role_id
- name: VAULT_SECRET_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: secret_id
ports:
- containerPort: 8000
name: http
protocol: TCP
- containerPort: 8001
name: healthcheck
protocol: TCP
livenessProbe:
httpGet:
path: "/"
port: 8001
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: "/"
port: 8001
initialDelaySeconds: 2
periodSeconds: 5
volumeMounts:
- mountPath: /dev/shm
name: shm
- mountPath: /srv/run
name: backend-admin-srv-run
- name: backend-admin-local-deps
mountPath: "/srv/lib/requirements.txt"
subPath: "requirements.txt"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/01-install-extra-deps.sh"
subPath: "01-install-extra-deps.sh"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/99-collectstatic.sh"
subPath: "99-collectstatic.sh"
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes:
- name: shm
emptyDir:
medium: Memory
- name: backend-admin-srv-run
emptyDir: {}
- name: backend-admin-local-deps
configMap:
name: "backend-local-deps"
defaultMode: 0755

80
deployment/hotpocket_bthlab/resources/backend/celery-beat.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: backend-celery-beat
namespace: hotpocket-development
labels:
app.kubernetes.io/app: backend-celery-beat
spec:
minReadySeconds: 30
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
app.kubernetes.io/app: backend-celery-beat
template:
metadata:
labels:
app.kubernetes.io/app: backend-celery-beat
spec:
containers:
- name: app
image: hotpocket-backend:latest
args:
- "/srv/venv/bin/celery"
- "-A"
- "hotpocket_backend.celery:app"
- "beat"
- "-l"
- "INFO"
- "-s"
- "/srv/run/celery-beat-schedule"
envFrom:
- configMapRef:
name: backend-base-config
- configMapRef:
name: backend-webapp-config
env:
- name: VAULT_URL
valueFrom:
secretKeyRef:
name: backend-vault
key: url
- name: VAULT_ROLE_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: role_id
- name: VAULT_SECRET_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: secret_id
volumeMounts:
- mountPath: /dev/shm
name: shm
- mountPath: /srv/run
name: backend-celery-beat-srv-run
- mountPath: /srv/uploads
name: backend-celery-beat-srv-uploads
- name: backend-admin-local-deps
mountPath: "/srv/lib/requirements.txt"
subPath: "requirements.txt"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/01-install-extra-deps.sh"
subPath: "01-install-extra-deps.sh"
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes:
- name: shm
emptyDir:
medium: Memory
- name: backend-celery-beat-srv-run
persistentVolumeClaim:
claimName: backend-celery-beat-run
- name: backend-celery-beat-srv-uploads
emptyDir: {}
- name: backend-admin-local-deps
configMap:
name: "backend-local-deps"
defaultMode: 0755

88
deployment/hotpocket_bthlab/resources/backend/celery-worker.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-celery-worker
namespace: hotpocket-development
labels:
app.kubernetes.io/app: backend-celery-worker
spec:
minReadySeconds: 30
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/app: backend-celery-worker
template:
metadata:
labels:
app.kubernetes.io/app: backend-celery-worker
spec:
containers:
- name: app
image: hotpocket-backend:latest
args:
- "/srv/venv/bin/celery"
- "-A"
- "hotpocket_backend.celery:app"
- "worker"
- "-l"
- "INFO"
- "-Q"
- "celery,webapp"
- "-c"
- "2"
envFrom:
- configMapRef:
name: backend-base-config
- configMapRef:
name: backend-webapp-config
env:
- name: VAULT_URL
valueFrom:
secretKeyRef:
name: backend-vault
key: url
- name: VAULT_ROLE_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: role_id
- name: VAULT_SECRET_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: secret_id
volumeMounts:
- mountPath: /dev/shm
name: shm
- mountPath: /srv/run
name: backend-celery-worker-srv-run
- mountPath: /srv/uploads
name: backend-celery-worker-srv-uploads
- name: backend-admin-local-deps
mountPath: "/srv/lib/requirements.txt"
subPath: "requirements.txt"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/01-install-extra-deps.sh"
subPath: "01-install-extra-deps.sh"
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes:
- name: shm
emptyDir:
medium: Memory
- name: backend-celery-worker-srv-run
emptyDir: {}
- name: backend-celery-worker-srv-uploads
persistentVolumeClaim:
claimName: backend-uploads
- name: backend-admin-local-deps
configMap:
name: "backend-local-deps"
defaultMode: 0755

18
deployment/hotpocket_bthlab/resources/backend/config-map-local-deps.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: backend-local-deps
namespace: hotpocket-development
data:
01-install-extra-deps.sh: |
#!/usr/bin/env bash
export PIP_INDEX_URL="https://nexus.bthlabs.pl/repository/pypi/simple/"
/srv/venv/bin/pip install -r /srv/lib/requirements.txt
99-collectstatic.sh: |
#!/usr/bin/env bash
(
cd /srv/app;
./manage.py collectstatic --no-input
)
requirements.txt: |
hotpocket_bthlabs>=25.10.28

75
deployment/hotpocket_bthlab/resources/backend/job-migrations.yaml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: backend-job-migrations
namespace: hotpocket-development
labels:
app.kubernetes.io/app: backend-job-migrations
spec:
concurrencyPolicy: "Forbid"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
startingDeadlineSeconds: 180
schedule: "* * * * *"
suspend: true
jobTemplate:
spec:
backoffLimit: 1
completions: 1
parallelism: 1
template:
spec:
containers:
- name: migrations
image: hotpocket-backend:latest
args:
- "./manage.py"
- "migrate"
envFrom:
- configMapRef:
name: backend-base-config
- configMapRef:
name: backend-webapp-config
env:
- name: VAULT_URL
valueFrom:
secretKeyRef:
name: backend-vault
key: url
- name: VAULT_ROLE_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: role_id
- name: VAULT_SECRET_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: secret_id
volumeMounts:
- mountPath: /dev/shm
name: shm
- mountPath: /srv/run
name: backend-webapp-srv-run
- mountPath: /srv/uploads
name: backend-webapp-srv-uploads
- name: backend-admin-local-deps
mountPath: "/srv/lib/requirements.txt"
subPath: "requirements.txt"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/01-install-extra-deps.sh"
subPath: "01-install-extra-deps.sh"
dnsPolicy: ClusterFirst
restartPolicy: Never
volumes:
- name: shm
emptyDir:
medium: Memory
- name: backend-webapp-srv-run
emptyDir: {}
- name: backend-webapp-srv-uploads
emptyDir: {}
- name: backend-admin-local-deps
configMap:
name: "backend-local-deps"
defaultMode: 0755

19
deployment/hotpocket_bthlab/resources/backend/webapp-ingress.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backend-webapp-ingress
namespace: hotpocket-development
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "web"
spec:
rules:
- host: app.hotpocket.bthlab.bthlabs.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend-webapp-service
port:
name: http

14
deployment/hotpocket_bthlab/resources/backend/webapp-service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: backend-webapp-service
namespace: hotpocket-development
spec:
type: ClusterIP
selector:
app.kubernetes.io/app: backend-webapp
ports:
- name: http
protocol: TCP
port: 8000
targetPort: http

106
deployment/hotpocket_bthlab/resources/backend/webapp.yaml Normal file
View File

@@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-webapp
namespace: hotpocket-development
labels:
app.kubernetes.io/app: backend-webapp
spec:
minReadySeconds: 30
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/app: backend-webapp
template:
metadata:
labels:
app.kubernetes.io/app: backend-webapp
spec:
containers:
- name: app
image: hotpocket-backend:latest
args:
- "/srv/venv/bin/gunicorn"
- "-c"
- "/srv/lib/gunicorn.conf.py"
- "hotpocket_backend.wsgi:application"
envFrom:
- configMapRef:
name: backend-base-config
- configMapRef:
name: backend-webapp-config
env:
- name: VAULT_URL
valueFrom:
secretKeyRef:
name: backend-vault
key: url
- name: VAULT_ROLE_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: role_id
- name: VAULT_SECRET_ID
valueFrom:
secretKeyRef:
name: backend-vault
key: secret_id
- name: HOTPOCKET_BACKEND_CREATE_INITIAL_ACCOUNT
value: "true"
ports:
- containerPort: 8000
name: http
protocol: TCP
- containerPort: 8001
name: healthcheck
protocol: TCP
livenessProbe:
httpGet:
path: "/"
port: 8001
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: "/"
port: 8001
initialDelaySeconds: 2
periodSeconds: 5
volumeMounts:
- mountPath: /dev/shm
name: shm
- mountPath: /srv/run
name: backend-webapp-srv-run
- mountPath: /srv/uploads
name: backend-webapp-srv-uploads
- name: backend-admin-local-deps
mountPath: "/srv/lib/requirements.txt"
subPath: "requirements.txt"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/01-install-extra-deps.sh"
subPath: "01-install-extra-deps.sh"
- name: backend-admin-local-deps
mountPath: "/srv/etc/entrypoint.d/99-collectstatic.sh"
subPath: "99-collectstatic.sh"
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes:
- name: shm
emptyDir:
medium: Memory
- name: backend-webapp-srv-run
emptyDir: {}
- name: backend-webapp-srv-uploads
persistentVolumeClaim:
claimName: backend-uploads
- name: backend-admin-local-deps
configMap:
name: "backend-local-deps"
defaultMode: 0755