api-deployment.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "nomad.fullname" . }}-app-gunicorn-log-config
  labels:
    app.kubernetes.io/name: {{ include "nomad.name" . }}-app-gunicorn-log-config
    helm.sh/chart: {{ include "nomad.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
  gunicorn.log.conf: |
    [loggers]
    keys=root, gunicorn.error, gunicorn.access

    [handlers]
    keys=console, access, error

    [formatters]
    keys=generic, json

    [logger_root]
    level=INFO
    handlers=console

    [logger_gunicorn.error]
    level=INFO
    handlers=error
    qualname=gunicorn.error

    [logger_gunicorn.access]
    level=INFO
    handlers=access
    qualname=gunicorn.access

    [handler_console]
    class=StreamHandler
    formatter=generic
    args=(sys.stdout, )

    [handler_access]
    class=StreamHandler
    formatter=json
    args=(sys.stdout, )

    [handler_error]
    class=StreamHandler
    formatter=json
    args=(sys.stdout, )

    [formatter_generic]
    format=%(asctime)s [%(process)d] [%(levelname)s] %(message)s
    datefmt=%Y-%m-%d %H:%M:%S
    class=logging.Formatter

    [formatter_json]
    class=pythonjsonlogger.jsonlogger.JsonFormatter
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "nomad.fullname" . }}-app-gunicorn-config
  labels:
    app.kubernetes.io/name: {{ include "nomad.name" . }}-app-gunicorn-config
    helm.sh/chart: {{ include "nomad.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
  gunicorn.conf: |
    secure_scheme_headers = {'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'}
    {{ if ne .Values.app.workerClass "sync" }}
    worker_class = '{{ .Values.app.workerClass }}'
    threads = {{ .Values.app.threads }}
    {{ end }}
    worker_connections = 1000
    workers = {{ .Values.app.worker }}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "nomad.fullname" . }}-gui-env-js
  labels:
    app.kubernetes.io/name: {{ include "nomad.name" . }}-gui-env-js
    helm.sh/chart: {{ include "nomad.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
  env.js: |
    window.nomadEnv = {
      "appBase": "{{ .Values.proxy.external.path }}",
      "keycloakBase": "{{ .Values.keycloak.serverExternalUrl }}",
      "keycloakRealm": "{{ .Values.keycloak.realmName }}",
      "keycloakClientId": "{{ .Values.keycloak.guiClientId }}",
      "matomoSiteId": {{ .Values.gui.matomoSiteId }},
      "matomoUrl": "{{ .Values.gui.matomoUrl }}",
      "matomoEnabled": {{ .Values.gui.matomoEnabled }},
      "debug": {{ .Values.gui.debug }},
      "version": {
        "label": "{{ .Values.version.label }}",
        "isBeta": {{ .Values.version.isBeta }},
        "usesBetaData": {{ .Values.version.usesBetaData }},
        "officialUrl": "{{ .Values.version.officialUrl }}"
      },
      "encyclopediaEnabled": {{ .Values.gui.encyclopediaEnabled }}
    };
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "nomad.fullname" . }}-enc-conf-js
  labels:
    app.kubernetes.io/name: {{ include "nomad.name" . }}-enc-conf-js
    helm.sh/chart: {{ include "nomad.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
  conf.js: |
    window.nomadEnv = {
      apiRoot: "https://{{ .Values.proxy.external.host }}{{ .Values.proxy.external.path }}/api/encyclopedia/",
      guiRoot: "https://{{ .Values.proxy.external.host }}{{ .Values.proxy.external.path }}/encyclopedia/",
      userCookieDomain: ".{{ .Values.proxy.external.host }}",
      guestUserToken: 'eyJhbGciOiJIUzI1NiIsImlhdCI6MTUyMzg4MDE1OSwiZXhwIjoxNjgxNTYwMTU5fQ.ey'+
      'JpZCI6ImVuY2d1aSJ9.MsMWQa3IklH7cQTxRaIRSF9q8D_2LD5Fs2-irpWPTp4',
      keycloakBase: "{{ .Values.keycloak.serverExternalUrl }}",
      keycloakRealm: "{{ .Values.keycloak.realmName }}",
      keycloakClientId: "{{ .Values.keycloak.guiClientId }}"
    };
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "nomad.fullname" . }}-app
  labels:
    app.kubernetes.io/name: {{ include "nomad.name" . }}-app
    helm.sh/chart: {{ include "nomad.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
  replicas: {{ .Values.app.replicas }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "nomad.name" . }}-app
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "nomad.name" . }}-app
        app.kubernetes.io/instance: {{ .Release.Name }}
      {{ if .Values.roll }}
      annotations:
        rollme: {{ randAlphaNum 5 | quote }}
      {{ end }}
    spec:
      containers:
      - name: {{ include "nomad.name" . }}-app
        image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        volumeMounts:
        - mountPath: /app/nomad.yaml
          name: nomad-conf
          subPath: nomad.yaml
        - mountPath: /app/gunicorn.log.conf
          name: gunicorn-log-conf
          subPath: gunicorn.log.conf
        - mountPath: /app/gunicorn.conf
          name: gunicorn-conf
          subPath: gunicorn.conf
        - mountPath: /app/.volumes/fs/public
          name: public-volume
        - mountPath: /app/.volumes/fs/staging
          name: staging-volume
        - mountPath: /nomad
          name: nomad-volume
        - mountPath: /app/gui/build/env.js
          readOnly: true
          subPath: env.js
          name: gui-env-js
        - mountPath: /app/dependencies/encyclopedia-gui/client/conf.js
          readOnly: true
          subPath: conf.js
          name: enc-conf-js
        env:
        - name: NOMAD_META_SERVICE
          value: "app"
        - name: NOMAD_CONSOLE_LOGLEVEL
          value: "{{ .Values.app.console_loglevel }}"
        - name: NOMAD_LOGSTASH_LEVEL
          value: "{{ .Values.app.logstash_loglevel }}"
       {{ if .Values.api.apiSecret }}
        - name: NOMAD_SERVICES_API_SECRET
          valueFrom:
            secretKeyRef:
              name: {{ .Values.api.apiSecret}}
              key: password
        {{ end }}
        {{ if .Values.keycloak.clientSecret }}
        - name: NOMAD_KEYCLOAK_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: {{ .Values.keycloak.clientSecret }}
              key: password
        {{ end }}
        {{ if .Values.client.passwordSecret }}
        - name: NOMAD_CLIENT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ .Values.client.passwordSecret }}
              key: password
        {{ end }}
        {{ if .Values.keycloak.passwordSecret }}
        - name: NOMAD_KEYCLOAK_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ .Values.keycloak.passwordSecret }}
              key: password
        {{ end }}
        {{ if .Values.datacite.secret }}
        - name: NOMAD_DATACITE_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ .Values.datacite.secret }}
              key: password
        - name: NOMAD_DATACITE_USER
          valueFrom:
            secretKeyRef:
              name: {{ .Values.datacite.secret }}
              key: user
        {{ end }}
        command: ["./run.sh",  "{{ .Values.proxy.external.path }}"]
        livenessProbe:
          httpGet:
            path: "{{ .Values.proxy.external.path }}/alive"
            port: 8000
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: "{{ .Values.proxy.external.path }}/alive"
            port: 8000
          initialDelaySeconds: 15
          periodSeconds: 15
          timeoutSeconds: 5
      nodeSelector:
        nomadtype: {{ .Values.app.nomadNodeType }}
      imagePullSecrets:
      - name: {{ .Values.image.secret }}
      volumes:
      - name: gunicorn-log-conf
        configMap:
          name: {{ include "nomad.fullname" . }}-app-gunicorn-log-config
      - name: gunicorn-conf
        configMap:
          name: {{ include "nomad.fullname" . }}-app-gunicorn-config
      - name: nomad-conf
        configMap:
          name: {{ include "nomad.fullname" . }}-configmap
      - name: gui-env-js
        configMap:
          name: {{ include "nomad.fullname" . }}-gui-env-js
      - name: enc-conf-js
        configMap:
          name: {{ include "nomad.fullname" . }}-enc-conf-js
      - name: public-volume
        hostPath:
          path: {{ .Values.volumes.public }}
          type: Directory
      - name: staging-volume
        {{ if (eq .Values.worker.storage "memory") }}
        emptyDir:
          medium: 'Memory'
        {{ else }}
        hostPath:
          path: {{ .Values.volumes.staging}}
          type: Directory
        {{ end }}
      - name: nomad-volume
        hostPath:
          path: {{ .Values.volumes.nomad }}
          type: Directory