diff --git a/.dockerignore b/.dockerignore index 2722717..073f48f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,6 +6,7 @@ *.pyc Dockerfile k8s.yaml +cache/ windows/* __pycache__ cache/* diff --git a/Dockerfile b/Dockerfile index eae9b36..a3469e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN wget -O /opt/utils/yuicompressor.jar "https://github.com/tgckpg/BotanJS/rele RUN apk add --update bash python3 uwsgi uwsgi-python openjdk11-jre-headless; python3 -m ensurepip -RUN echo "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" >> /etc/passwd; echo "www-data:x:33:" >> /etc/group +RUN echo "www-data:x:1001:1001:www-data:/var/www:/usr/sbin/nologin" >> /etc/passwd; echo "www-data:x:1001:" >> /etc/group RUN chown www-data:www-data . -R RUN pip3 install Flask redis compressinja Celery diff --git a/k8s.yaml b/k8s.yaml index 635acb3..e87a20e 100644 --- a/k8s.yaml +++ b/k8s.yaml @@ -12,17 +12,15 @@ spec: labels: app: astrojs spec: - volumes: - - name: astrojs-cache - nfs: - server: astrofile.astrohost - path: /srv/astrostorage + securityContext: + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + imagePullSecrets: + - name: registry-auth containers: - name: web - image: 192.168.80.4:32000/sites/astrojs:b00034 - volumeMounts: - - mountPath: "/app/cache" - name: astrojs-cache + image: registry.k8s.astropenguin.net/astrojs:2022.03.15.04 env: - name: FLASK_DEBUG value: "0" @@ -30,16 +28,36 @@ spec: value: "production" - name: RUN_MODE value: "web" + volumeMounts: + - name: cache + mountPath: "/app/cache" - name: redis image: redis:6.0.8-alpine - name: compiler - image: 192.168.80.4:32000/sites/astrojs:b00034 - volumeMounts: - - mountPath: "/app/cache" - name: astrojs-cache + image: registry.k8s.astropenguin.net/astrojs:2022.03.15.04 env: - name: RUN_MODE value: "tasks" + volumeMounts: + - name: cache + mountPath: "/app/cache" + volumes: + - name: cache + persistentVolumeClaim: + claimName: astrojs-cache + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: astrojs-cache +spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 10Gi + storageClassName: local-storage --- @@ -60,16 +78,32 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: astrojs + namespace: ingress-https spec: ingressClassName: nginx + tls: + - hosts: + - astrojs.k8s.astropenguin.net + secretName: any-k8s-astro-prod rules: - - host: botanjs.astropenguin.net + - host: astrojs.k8s.astropenguin.net http: paths: - path: / pathType: Prefix backend: service: - name: astrojs + name: f-astrojs-default port: number: 5000 + +--- + +kind: Service +apiVersion: v1 +metadata: + name: f-astrojs-default + namespace: ingress-https +spec: + type: ExternalName + externalName: astrojs.default.svc.cluster.local diff --git a/setup/docker.start b/setup/docker.start index 541d8d4..a6f5753 100644 --- a/setup/docker.start +++ b/setup/docker.start @@ -19,11 +19,9 @@ case "$RUN_MODE" in "tasks") source "$INST_DIR/celery.conf" - celery worker -n worker1@%h \ - -A ${CELERY_APP} \ + celery -A ${CELERY_APP} worker -n worker1@%h \ --loglevel=${CELERYD_LOG_LEVEL} ${CELERYD_OPTS} \ - & celery worker -n worker1@%h \ - -A ${CELERY_APP} \ + & celery -A ${CELERY_APP} worker -n worker1@%h \ --loglevel=${CELERYD_LOG_LEVEL} ${CELERYD_OPTS} ;; *)