aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/namespaces/default/site
diff options
context:
space:
mode:
authorGravatar Chris Lovering <[email protected]>2023-08-13 20:01:42 +0100
committerGravatar Chris Lovering <[email protected]>2023-08-14 11:44:03 +0100
commit661f49409e69f5cfafbef4cd41411a72ebc5418d (patch)
tree9ddd7f2a2ab09cadc5b716be00628e19d839ad4d /kubernetes/namespaces/default/site
parentAllow multiple documents within yaml files (diff)
Copy all files from kubernetes repo into this one
This commit is a like-for-like copy of the [kubernetes repo](https://github.com/python-discord/kubernetes) check that repo for comit history prioir to this commit. Co-authored-by: Amrou Bellalouna <[email protected]> Co-authored-by: Bradley Reynolds <[email protected]> Co-authored-by: Chris <[email protected]> Co-authored-by: Chris Lovering <[email protected]> Co-authored-by: ChrisJL <[email protected]> Co-authored-by: Den4200 <[email protected]> Co-authored-by: GDWR <[email protected]> Co-authored-by: Hassan Abouelela <[email protected]> Co-authored-by: Hassan Abouelela <[email protected]> Co-authored-by: jchristgit <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: Johannes Christ <[email protected]> Co-authored-by: Kieran Siek <[email protected]> Co-authored-by: kosayoda <[email protected]> Co-authored-by: ks129 <[email protected]> Co-authored-by: Leon Sand├©y <[email protected]> Co-authored-by: Leon Sand├©y <[email protected]> Co-authored-by: MarkKoz <[email protected]> Co-authored-by: Matteo Bertucci <[email protected]> Co-authored-by: Sebastiaan Zeeff <[email protected]> Co-authored-by: Sebastiaan Zeeff <[email protected]> Co-authored-by: vcokltfre <[email protected]>
Diffstat (limited to 'kubernetes/namespaces/default/site')
-rw-r--r--kubernetes/namespaces/default/site/README.md25
-rw-r--r--kubernetes/namespaces/default/site/deployment.yaml72
-rw-r--r--kubernetes/namespaces/default/site/ingress.yaml29
-rw-r--r--kubernetes/namespaces/default/site/redirect.yaml28
-rw-r--r--kubernetes/namespaces/default/site/secrets.yamlbin0 -> 2461 bytes
-rw-r--r--kubernetes/namespaces/default/site/service.yaml14
6 files changed, 168 insertions, 0 deletions
diff --git a/kubernetes/namespaces/default/site/README.md b/kubernetes/namespaces/default/site/README.md
new file mode 100644
index 0000000..3eff711
--- /dev/null
+++ b/kubernetes/namespaces/default/site/README.md
@@ -0,0 +1,25 @@
+# Python Discord Site
+This folder contains the manifests for Python Discord site.
+
+## Serving static files
+
+Usually, a web server like `nginx` should be deployed and configured to serve static files needed by Django. Then we'd put an `Ingress`
+rule to route traffic to the `STATIC_URL` to that webserver.
+Check the [official docs](https://docs.djangoproject.com/en/4.2/howto/static-files/deployment/) for more info.
+
+In this setup, we do it differently thanks to [WhiteNoise](https://whitenoise.readthedocs.io/en/stable/base.html#), which sets up
+a middleware that handles the caching, compression and serving of the static files for us.
+
+## Secrets
+
+The deployment expects the following secrets to be available in `site-env`:
+
+| Environment | Description |
+|-----------------------|------------------------------------------------------------|
+| DATABASE_URL | The URL for the Postgresql database. |
+| GITHUB_APP_ID | The ID of a GitHub Application (related to the above key). |
+| GITHUB_APP_KEY | A PEM key for a GitHub Application. |
+| GITHUB_TOKEN | An API key to the Github API |
+| METRICITY_DB_URL | The URL for the Metricity database. |
+| SECRET_KEY | Secret key for Django. |
+| SITE_DSN | The Sentry Data Source Name. |
diff --git a/kubernetes/namespaces/default/site/deployment.yaml b/kubernetes/namespaces/default/site/deployment.yaml
new file mode 100644
index 0000000..2f88af8
--- /dev/null
+++ b/kubernetes/namespaces/default/site/deployment.yaml
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: site
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: site
+ template:
+ metadata:
+ labels:
+ app: site
+ spec:
+ containers:
+ - name: site
+ image: ghcr.io/python-discord/site:latest
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8000
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 8000
+ httpHeaders:
+ - name: Host
+ value: pythondiscord.com
+ failureThreshold: 2
+ periodSeconds: 30
+ timeoutSeconds: 5
+ initialDelaySeconds: 10
+ startupProbe:
+ httpGet:
+ path: /
+ port: 8000
+ httpHeaders:
+ - name: Host
+ value: pythondiscord.com
+ failureThreshold: 15
+ periodSeconds: 2
+ timeoutSeconds: 5
+ initialDelaySeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 1000Mi
+ requests:
+ cpu: 250m
+ memory: 400Mi
+ env:
+ # Needs to match with the variable name being read in django-prometheus
+ # https://github.com/korfuri/django-prometheus/blob/434a3ba36bdada45c9633451f5f6cfd145814ccf/django_prometheus/exports.py#L119
+ - name: prometheus_multiproc_dir
+ value: /tmp
+ envFrom:
+ - secretRef:
+ name: site-env
+ volumeMounts:
+ # Used for `gunicorn` worker heartbeats as well as the Prometheus
+ # client library's multiprocessing mode.
+ - name: django-tmp
+ mountPath: /tmp
+ securityContext:
+ readOnlyRootFilesystem: true
+ volumes:
+ - name: django-tmp
+ emptyDir:
+ medium: Memory
+ securityContext:
+ fsGroup: 1000
+ runAsUser: 1000
+ runAsNonRoot: true
diff --git a/kubernetes/namespaces/default/site/ingress.yaml b/kubernetes/namespaces/default/site/ingress.yaml
new file mode 100644
index 0000000..9f12daf
--- /dev/null
+++ b/kubernetes/namespaces/default/site/ingress.yaml
@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+ nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+ nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+ nginx.ingress.kubernetes.io/server-snippet: |
+ location ~* /metrics {
+ deny all;
+ return 403;
+ }
+ name: site
+spec:
+ tls:
+ - hosts:
+ - "*.pythondiscord.com"
+ secretName: pythondiscord.com-tls
+ rules:
+ - host: www.pythondiscord.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: site
+ port:
+ number: 80
diff --git a/kubernetes/namespaces/default/site/redirect.yaml b/kubernetes/namespaces/default/site/redirect.yaml
new file mode 100644
index 0000000..33cf7d2
--- /dev/null
+++ b/kubernetes/namespaces/default/site/redirect.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+ nginx.ingress.kubernetes.io/server-snippet: |
+ location ~* / {
+ return 308 https://www.pythondiscord.com$request_uri;
+ }
+ nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+ nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+ name: www-redirect
+spec:
+ tls:
+ - hosts:
+ - "pythondiscord.com"
+ secretName: pythondiscord.com-tls
+ rules:
+ - host: pythondiscord.com
+ http:
+ paths:
+ - path: /(.*)
+ pathType: Prefix
+ backend:
+ service:
+ name: site
+ port:
+ number: 80
diff --git a/kubernetes/namespaces/default/site/secrets.yaml b/kubernetes/namespaces/default/site/secrets.yaml
new file mode 100644
index 0000000..1e42248
--- /dev/null
+++ b/kubernetes/namespaces/default/site/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/default/site/service.yaml b/kubernetes/namespaces/default/site/service.yaml
new file mode 100644
index 0000000..4f06394
--- /dev/null
+++ b/kubernetes/namespaces/default/site/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: site
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "8000"
+spec:
+ selector:
+ app: site
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 8000
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-20 06:53:01 +0000