tutor/tutor/templates/k8s/deployments.yml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: caddy
  labels:
    app.kubernetes.io/name: caddy
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: caddy
  template:
    metadata:
      labels:
        app.kubernetes.io/name: caddy
    spec:
      {%- if ENABLE_WEB_PROXY %}
      # This Deployment uses a persistent volume claim. This requires
      # that in order to enable rolling updates (i.e. use a deployment
      # strategy other than Replace), we schedule the new Pod to the
      # same node as the original Pod.
      affinity:
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                    - caddy
              topologyKey: "kubernetes.io/hostname"
      {%- endif %}
      containers:
        - name: caddy
          image: {{ DOCKER_IMAGE_CADDY }}
          env:
          - name: default_site_port
            value: "{% if not ENABLE_HTTPS or not ENABLE_WEB_PROXY %}:80{% endif %}"
          volumeMounts:
            - mountPath: /etc/caddy/
              name: config
            {%- if ENABLE_WEB_PROXY %}
            - mountPath: /data/
              name: data
            {%- endif %}
          ports:
            - containerPort: 80
            {%- if ENABLE_WEB_PROXY %}
            - containerPort: 443
            {%- endif %}
      volumes:
        - name: config
          configMap:
            name: caddy-config
        {%- if ENABLE_WEB_PROXY %}
        - name: data
          persistentVolumeClaim:
            claimName: caddy
        {%- endif %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cms
  labels:
    app.kubernetes.io/name: cms
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: cms
  template:
    metadata:
      labels:
        app.kubernetes.io/name: cms
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: cms
          image: {{ DOCKER_IMAGE_OPENEDX }}
          env:
          - name: SERVICE_VARIANT
            value: cms
          - name: DJANGO_SETTINGS_MODULE
            value: cms.envs.tutor.production
          - name: UWSGI_WORKERS
            value: "{{ OPENEDX_CMS_UWSGI_WORKERS }}"
          ports:
            - containerPort: 8000
          volumeMounts:
            - mountPath: /openedx/edx-platform/lms/envs/tutor/
              name: settings-lms
            - mountPath: /openedx/edx-platform/cms/envs/tutor/
              name: settings-cms
            - mountPath: /openedx/config
              name: config
            - mountPath: /openedx/edx-platform/uwsgi.ini
              name: uwsgi-config
              subPath: uwsgi.ini
          resources:
            requests:
              memory: 2Gi
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: settings-lms
          configMap:
            name: openedx-settings-lms
        - name: settings-cms
          configMap:
            name: openedx-settings-cms
        - name: config
          configMap:
            name: openedx-config
        - name: uwsgi-config
          configMap:
            name: openedx-uwsgi-config
            items:
              - key: uwsgi.ini
                path: uwsgi.ini
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cms-worker
  labels:
    app.kubernetes.io/name: cms-worker
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: cms-worker
  template:
    metadata:
      labels:
        app.kubernetes.io/name: cms-worker
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: cms-worker
          image: {{ DOCKER_IMAGE_OPENEDX }}
          args: ["celery", "--app=cms.celery", "worker", "--loglevel=info", "--hostname=edx.cms.core.default.%%h", "--max-tasks-per-child", "100", "--exclude-queues=edx.lms.core.default"]
          env:
          - name: SERVICE_VARIANT
            value: cms
          - name: DJANGO_SETTINGS_MODULE
            value: cms.envs.tutor.production
          volumeMounts:
            - mountPath: /openedx/edx-platform/lms/envs/tutor/
              name: settings-lms
            - mountPath: /openedx/edx-platform/cms/envs/tutor/
              name: settings-cms
            - mountPath: /openedx/config
              name: config
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: settings-lms
          configMap:
            name: openedx-settings-lms
        - name: settings-cms
          configMap:
            name: openedx-settings-cms
        - name: config
          configMap:
            name: openedx-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: lms
  labels:
    app.kubernetes.io/name: lms
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: lms
  template:
    metadata:
      labels:
        app.kubernetes.io/name: lms
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: lms
          image: {{ DOCKER_IMAGE_OPENEDX }}
          env:
          - name: SERVICE_VARIANT
            value: lms
          - name: DJANGO_SETTINGS_MODULE
            value: lms.envs.tutor.production
          - name: UWSGI_WORKERS
            value: "{{ OPENEDX_LMS_UWSGI_WORKERS }}"
          ports:
            - containerPort: 8000
          volumeMounts:
            - mountPath: /openedx/edx-platform/lms/envs/tutor/
              name: settings-lms
            - mountPath: /openedx/edx-platform/cms/envs/tutor/
              name: settings-cms
            - mountPath: /openedx/config
              name: config
            - mountPath: /openedx/edx-platform/uwsgi.ini
              name: uwsgi-config
              subPath: uwsgi.ini
          resources:
            requests:
              memory: 2Gi
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: settings-lms
          configMap:
            name: openedx-settings-lms
        - name: settings-cms
          configMap:
            name: openedx-settings-cms
        - name: config
          configMap:
            name: openedx-config
        - name: uwsgi-config
          configMap:
            name: openedx-uwsgi-config
            items:
            - key: uwsgi.ini
              path: uwsgi.ini
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: lms-worker
  labels:
    app.kubernetes.io/name: lms-worker
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: lms-worker
  template:
    metadata:
      labels:
        app.kubernetes.io/name: lms-worker
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: lms-worker
          image: {{ DOCKER_IMAGE_OPENEDX }}
          args: ["celery", "--app=lms.celery", "worker", "--loglevel=info", "--hostname=edx.lms.core.default.%%h", "--max-tasks-per-child=100", "--exclude-queues=edx.cms.core.default"]
          env:
          - name: SERVICE_VARIANT
            value: lms
          - name: DJANGO_SETTINGS_MODULE
            value: lms.envs.tutor.production
          volumeMounts:
            - mountPath: /openedx/edx-platform/lms/envs/tutor/
              name: settings-lms
            - mountPath: /openedx/edx-platform/cms/envs/tutor/
              name: settings-cms
            - mountPath: /openedx/config
              name: config
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: settings-lms
          configMap:
            name: openedx-settings-lms
        - name: settings-cms
          configMap:
            name: openedx-settings-cms
        - name: config
          configMap:
            name: openedx-config
{% if RUN_ELASTICSEARCH %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: elasticsearch
  labels:
    app.kubernetes.io/name: elasticsearch
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: elasticsearch
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: elasticsearch
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        fsGroupChangePolicy: "OnRootMismatch"
      containers:
        - name: elasticsearch
          image: {{ DOCKER_IMAGE_ELASTICSEARCH }}
          env:
            - name: cluster.name
              value: "openedx"
            - name: bootstrap.memory_lock
              value: "true"
            - name: discovery.type
              value: "single-node"
            - name: ES_JAVA_OPTS
              value: "-Xms{{ ELASTICSEARCH_HEAP_SIZE }} -Xmx{{ ELASTICSEARCH_HEAP_SIZE }}"
            - name: TAKE_FILE_OWNERSHIP
              value: "1"
          ports:
            - containerPort: 9200
          securityContext:
            allowPrivilegeEscalation: false
          volumeMounts:
            - mountPath: /usr/share/elasticsearch/data
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: elasticsearch
{% endif %}
{% if RUN_MONGODB %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongodb
  labels:
    app.kubernetes.io/name: mongodb
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: mongodb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: mongodb
    spec:
      securityContext:
        runAsUser: 999
        runAsGroup: 999
        fsGroup: 999
        fsGroupChangePolicy: "OnRootMismatch"
      containers:
        - name: mongodb
          image: {{ DOCKER_IMAGE_MONGODB }}
          args: ["mongod", "--nojournal", "--storageEngine", "wiredTiger"]
          ports:
            - containerPort: 27017
          volumeMounts:
            - mountPath: /data/db
              name: data
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: mongodb
{% endif %}
{% if RUN_MYSQL %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  labels:
    app.kubernetes.io/name: mysql
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: mysql
    spec:
      securityContext:
        runAsUser: 999
        runAsGroup: 999
        fsGroup: 999
        fsGroupChangePolicy: "OnRootMismatch"
      containers:
        - name: mysql
          image: {{ DOCKER_IMAGE_MYSQL }}
          args:
            - "mysqld"
            - "--character-set-server=utf8mb3"
            - "--collation-server=utf8mb3_general_ci"
            - "--binlog-expire-logs-seconds=259200"
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "{{ MYSQL_ROOT_PASSWORD }}"
          ports:
            - containerPort: 3306
          volumeMounts:
            - mountPath: /var/lib/mysql
              name: data
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: mysql
{% endif %}
{% if RUN_SMTP %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: smtp
  labels:
    app.kubernetes.io/name: smtp
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: smtp
  template:
    metadata:
      labels:
        app.kubernetes.io/name: smtp
    spec:
      securityContext:
        runAsUser: 100
        runAsGroup: 101
      containers:
        - name: smtp
          image: {{ DOCKER_IMAGE_SMTP }}
          ports:
            - containerPort: 8025
{% endif %}
{% if RUN_REDIS %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  labels:
    app.kubernetes.io/name: redis
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: redis
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: redis
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        fsGroupChangePolicy: "OnRootMismatch"
      containers:
        - name: redis
          image: {{ DOCKER_IMAGE_REDIS }}
          args: ["redis-server", "/openedx/redis/config/redis.conf"]
          workingDir: /openedx/redis/data
          ports:
            - containerPort: {{ REDIS_PORT }}
          volumeMounts:
            - mountPath: /openedx/redis/config/
              name: config
            - mountPath: /openedx/redis/data
              name: data
          securityContext:
            allowPrivilegeEscalation: false
      volumes:
        - name: config
          configMap:
            name: redis-config
        - name: data
          persistentVolumeClaim:
            claimName: redis
{% endif %}
{{ patch("k8s-deployments") }}