christianlight
/
tutor
mirror of https://github.com/ChristianLight/tutor.git
7
0
Fork 0
Code Issues Releases Activity
tutor/tutor/templates/k8s/deployments.yml

488 lines
13 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: caddy
labels:
app.kubernetes.io/name: caddy
spec:
selector:
matchLabels:
app.kubernetes.io/name: caddy
template:
metadata:
labels:
app.kubernetes.io/name: caddy
spec:
{%- if ENABLE_WEB_PROXY %}
# This Deployment uses a persistent volume claim. This requires
# that in order to enable rolling updates (i.e. use a deployment
# strategy other than Replace), we schedule the new Pod to the
# same node as the original Pod.
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- caddy
topologyKey: "kubernetes.io/hostname"
{%- endif %}
containers:
- name: caddy
image: {{ DOCKER_IMAGE_CADDY }}
env:
- name: default_site_port
value: "{% if not ENABLE_HTTPS or not ENABLE_WEB_PROXY %}:80{% endif %}"
volumeMounts:
- mountPath: /etc/caddy/
name: config
{%- if ENABLE_WEB_PROXY %}
- mountPath: /data/
name: data
{%- endif %}
ports:
- containerPort: 80
{%- if ENABLE_WEB_PROXY %}
- containerPort: 443
{%- endif %}
volumes:
- name: config
configMap:
name: caddy-config
{%- if ENABLE_WEB_PROXY %}
- name: data
persistentVolumeClaim:
claimName: caddy
{%- endif %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cms
labels:
app.kubernetes.io/name: cms
spec:
selector:
matchLabels:
app.kubernetes.io/name: cms
template:
metadata:
labels:
app.kubernetes.io/name: cms
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: cms
image: {{ DOCKER_IMAGE_OPENEDX }}
env:
- name: SERVICE_VARIANT
value: cms
- name: DJANGO_SETTINGS_MODULE
value: cms.envs.tutor.production
- name: UWSGI_WORKERS
value: "{{ OPENEDX_CMS_UWSGI_WORKERS }}"
ports:
- containerPort: 8000
volumeMounts:
- mountPath: /openedx/edx-platform/lms/envs/tutor/
name: settings-lms
- mountPath: /openedx/edx-platform/cms/envs/tutor/
name: settings-cms
- mountPath: /openedx/config
name: config
- mountPath: /openedx/edx-platform/uwsgi.ini
name: uwsgi-config
subPath: uwsgi.ini
resources:
requests:
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: settings-lms
configMap:
name: openedx-settings-lms
- name: settings-cms
configMap:
name: openedx-settings-cms
- name: config
configMap:
name: openedx-config
- name: uwsgi-config
configMap:
name: openedx-uwsgi-config
items:
- key: uwsgi.ini
path: uwsgi.ini
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cms-worker
labels:
app.kubernetes.io/name: cms-worker
spec:
selector:
matchLabels:
app.kubernetes.io/name: cms-worker
template:
metadata:
labels:
app.kubernetes.io/name: cms-worker
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: cms-worker
image: {{ DOCKER_IMAGE_OPENEDX }}
args: ["celery", "--app=cms.celery", "worker", "--loglevel=info", "--hostname=edx.cms.core.default.%%h", "--max-tasks-per-child", "100", "--exclude-queues=edx.lms.core.default"]
env:
- name: SERVICE_VARIANT
value: cms
- name: DJANGO_SETTINGS_MODULE
value: cms.envs.tutor.production
volumeMounts:
- mountPath: /openedx/edx-platform/lms/envs/tutor/
name: settings-lms
- mountPath: /openedx/edx-platform/cms/envs/tutor/
name: settings-cms
- mountPath: /openedx/config
name: config
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: settings-lms
configMap:
name: openedx-settings-lms
- name: settings-cms
configMap:
name: openedx-settings-cms
- name: config
configMap:
name: openedx-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lms
labels:
app.kubernetes.io/name: lms
spec:
selector:
matchLabels:
app.kubernetes.io/name: lms
template:
metadata:
labels:
app.kubernetes.io/name: lms
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: lms
image: {{ DOCKER_IMAGE_OPENEDX }}
env:
- name: SERVICE_VARIANT
value: lms
- name: DJANGO_SETTINGS_MODULE
value: lms.envs.tutor.production
- name: UWSGI_WORKERS
value: "{{ OPENEDX_LMS_UWSGI_WORKERS }}"
ports:
- containerPort: 8000
volumeMounts:
- mountPath: /openedx/edx-platform/lms/envs/tutor/
name: settings-lms
- mountPath: /openedx/edx-platform/cms/envs/tutor/
name: settings-cms
- mountPath: /openedx/config
name: config
- mountPath: /openedx/edx-platform/uwsgi.ini
name: uwsgi-config
subPath: uwsgi.ini
resources:
requests:
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: settings-lms
configMap:
name: openedx-settings-lms
- name: settings-cms
configMap:
name: openedx-settings-cms
- name: config
configMap:
name: openedx-config
- name: uwsgi-config
configMap:
name: openedx-uwsgi-config
items:
- key: uwsgi.ini
path: uwsgi.ini
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lms-worker
labels:
app.kubernetes.io/name: lms-worker
spec:
selector:
matchLabels:
app.kubernetes.io/name: lms-worker
template:
metadata:
labels:
app.kubernetes.io/name: lms-worker
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: lms-worker
image: {{ DOCKER_IMAGE_OPENEDX }}
args: ["celery", "--app=lms.celery", "worker", "--loglevel=info", "--hostname=edx.lms.core.default.%%h", "--max-tasks-per-child=100", "--exclude-queues=edx.cms.core.default"]
env:
- name: SERVICE_VARIANT
value: lms
- name: DJANGO_SETTINGS_MODULE
value: lms.envs.tutor.production
volumeMounts:
- mountPath: /openedx/edx-platform/lms/envs/tutor/
name: settings-lms
- mountPath: /openedx/edx-platform/cms/envs/tutor/
name: settings-cms
- mountPath: /openedx/config
name: config
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: settings-lms
configMap:
name: openedx-settings-lms
- name: settings-cms
configMap:
name: openedx-settings-cms
- name: config
configMap:
name: openedx-config
{% if RUN_ELASTICSEARCH %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
labels:
app.kubernetes.io/name: elasticsearch
spec:
selector:
matchLabels:
app.kubernetes.io/name: elasticsearch
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: elasticsearch
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers:
- name: elasticsearch
image: {{ DOCKER_IMAGE_ELASTICSEARCH }}
env:
- name: cluster.name
value: "openedx"
- name: bootstrap.memory_lock
value: "true"
- name: discovery.type
value: "single-node"
- name: ES_JAVA_OPTS
value: "-Xms{{ ELASTICSEARCH_HEAP_SIZE }} -Xmx{{ ELASTICSEARCH_HEAP_SIZE }}"
- name: TAKE_FILE_OWNERSHIP
value: "1"
ports:
- containerPort: 9200
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: data
volumes:
- name: data
persistentVolumeClaim:
claimName: elasticsearch
{% endif %}
{% if RUN_MONGODB %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
labels:
app.kubernetes.io/name: mongodb
spec:
selector:
matchLabels:
app.kubernetes.io/name: mongodb
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: mongodb
spec:
securityContext:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
fsGroupChangePolicy: "OnRootMismatch"
containers:
- name: mongodb
image: {{ DOCKER_IMAGE_MONGODB }}
args: ["mongod", "--nojournal", "--storageEngine", "wiredTiger"]
ports:
- containerPort: 27017
volumeMounts:
- mountPath: /data/db
name: data
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: data
persistentVolumeClaim:
claimName: mongodb
{% endif %}
{% if RUN_MYSQL %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app.kubernetes.io/name: mysql
spec:
selector:
matchLabels:
app.kubernetes.io/name: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: mysql
spec:
securityContext:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
fsGroupChangePolicy: "OnRootMismatch"
containers:
- name: mysql
image: {{ DOCKER_IMAGE_MYSQL }}
args:
- "mysqld"
- "--character-set-server=utf8mb3"
- "--collation-server=utf8mb3_general_ci"
- "--binlog-expire-logs-seconds=259200"
env:
- name: MYSQL_ROOT_PASSWORD
value: "{{ MYSQL_ROOT_PASSWORD }}"
ports:
- containerPort: 3306
volumeMounts:
- mountPath: /var/lib/mysql
name: data
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
{% endif %}
{% if RUN_SMTP %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: smtp
labels:
app.kubernetes.io/name: smtp
spec:
selector:
matchLabels:
app.kubernetes.io/name: smtp
template:
metadata:
labels:
app.kubernetes.io/name: smtp
spec:
securityContext:
runAsUser: 100
runAsGroup: 101
containers:
- name: smtp
image: {{ DOCKER_IMAGE_SMTP }}
ports:
- containerPort: 8025
{% endif %}
{% if RUN_REDIS %}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
app.kubernetes.io/name: redis
spec:
selector:
matchLabels:
app.kubernetes.io/name: redis
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: redis
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers:
- name: redis
image: {{ DOCKER_IMAGE_REDIS }}
args: ["redis-server", "/openedx/redis/config/redis.conf"]
workingDir: /openedx/redis/data
ports:
- containerPort: {{ REDIS_PORT }}
volumeMounts:
- mountPath: /openedx/redis/config/
name: config
- mountPath: /openedx/redis/data
name: data
securityContext:
allowPrivilegeEscalation: false
volumes:
- name: config
configMap:
name: redis-config
- name: data
persistentVolumeClaim:
claimName: redis
{% endif %}
{{ patch("k8s-deployments") }}
View Git Blame Copy Permalink