488 lines
13 KiB
YAML
488 lines
13 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: caddy
|
|
labels:
|
|
app.kubernetes.io/name: caddy
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: caddy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: caddy
|
|
spec:
|
|
{%- if ENABLE_WEB_PROXY %}
|
|
# This Deployment uses a persistent volume claim. This requires
|
|
# that in order to enable rolling updates (i.e. use a deployment
|
|
# strategy other than Replace), we schedule the new Pod to the
|
|
# same node as the original Pod.
|
|
affinity:
|
|
podAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- caddy
|
|
topologyKey: "kubernetes.io/hostname"
|
|
{%- endif %}
|
|
containers:
|
|
- name: caddy
|
|
image: {{ DOCKER_IMAGE_CADDY }}
|
|
env:
|
|
- name: default_site_port
|
|
value: "{% if not ENABLE_HTTPS or not ENABLE_WEB_PROXY %}:80{% endif %}"
|
|
volumeMounts:
|
|
- mountPath: /etc/caddy/
|
|
name: config
|
|
{%- if ENABLE_WEB_PROXY %}
|
|
- mountPath: /data/
|
|
name: data
|
|
{%- endif %}
|
|
ports:
|
|
- containerPort: 80
|
|
{%- if ENABLE_WEB_PROXY %}
|
|
- containerPort: 443
|
|
{%- endif %}
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: caddy-config
|
|
{%- if ENABLE_WEB_PROXY %}
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: caddy
|
|
{%- endif %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cms
|
|
labels:
|
|
app.kubernetes.io/name: cms
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cms
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cms
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
containers:
|
|
- name: cms
|
|
image: {{ DOCKER_IMAGE_OPENEDX }}
|
|
env:
|
|
- name: SERVICE_VARIANT
|
|
value: cms
|
|
- name: DJANGO_SETTINGS_MODULE
|
|
value: cms.envs.tutor.production
|
|
- name: UWSGI_WORKERS
|
|
value: "{{ OPENEDX_CMS_UWSGI_WORKERS }}"
|
|
ports:
|
|
- containerPort: 8000
|
|
volumeMounts:
|
|
- mountPath: /openedx/edx-platform/lms/envs/tutor/
|
|
name: settings-lms
|
|
- mountPath: /openedx/edx-platform/cms/envs/tutor/
|
|
name: settings-cms
|
|
- mountPath: /openedx/config
|
|
name: config
|
|
- mountPath: /openedx/edx-platform/uwsgi.ini
|
|
name: uwsgi-config
|
|
subPath: uwsgi.ini
|
|
resources:
|
|
requests:
|
|
memory: 2Gi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: settings-lms
|
|
configMap:
|
|
name: openedx-settings-lms
|
|
- name: settings-cms
|
|
configMap:
|
|
name: openedx-settings-cms
|
|
- name: config
|
|
configMap:
|
|
name: openedx-config
|
|
- name: uwsgi-config
|
|
configMap:
|
|
name: openedx-uwsgi-config
|
|
items:
|
|
- key: uwsgi.ini
|
|
path: uwsgi.ini
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cms-worker
|
|
labels:
|
|
app.kubernetes.io/name: cms-worker
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cms-worker
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: cms-worker
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
containers:
|
|
- name: cms-worker
|
|
image: {{ DOCKER_IMAGE_OPENEDX }}
|
|
args: ["celery", "--app=cms.celery", "worker", "--loglevel=info", "--hostname=edx.cms.core.default.%%h", "--max-tasks-per-child", "100", "--exclude-queues=edx.lms.core.default"]
|
|
env:
|
|
- name: SERVICE_VARIANT
|
|
value: cms
|
|
- name: DJANGO_SETTINGS_MODULE
|
|
value: cms.envs.tutor.production
|
|
volumeMounts:
|
|
- mountPath: /openedx/edx-platform/lms/envs/tutor/
|
|
name: settings-lms
|
|
- mountPath: /openedx/edx-platform/cms/envs/tutor/
|
|
name: settings-cms
|
|
- mountPath: /openedx/config
|
|
name: config
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: settings-lms
|
|
configMap:
|
|
name: openedx-settings-lms
|
|
- name: settings-cms
|
|
configMap:
|
|
name: openedx-settings-cms
|
|
- name: config
|
|
configMap:
|
|
name: openedx-config
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: lms
|
|
labels:
|
|
app.kubernetes.io/name: lms
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: lms
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: lms
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
containers:
|
|
- name: lms
|
|
image: {{ DOCKER_IMAGE_OPENEDX }}
|
|
env:
|
|
- name: SERVICE_VARIANT
|
|
value: lms
|
|
- name: DJANGO_SETTINGS_MODULE
|
|
value: lms.envs.tutor.production
|
|
- name: UWSGI_WORKERS
|
|
value: "{{ OPENEDX_LMS_UWSGI_WORKERS }}"
|
|
ports:
|
|
- containerPort: 8000
|
|
volumeMounts:
|
|
- mountPath: /openedx/edx-platform/lms/envs/tutor/
|
|
name: settings-lms
|
|
- mountPath: /openedx/edx-platform/cms/envs/tutor/
|
|
name: settings-cms
|
|
- mountPath: /openedx/config
|
|
name: config
|
|
- mountPath: /openedx/edx-platform/uwsgi.ini
|
|
name: uwsgi-config
|
|
subPath: uwsgi.ini
|
|
resources:
|
|
requests:
|
|
memory: 2Gi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: settings-lms
|
|
configMap:
|
|
name: openedx-settings-lms
|
|
- name: settings-cms
|
|
configMap:
|
|
name: openedx-settings-cms
|
|
- name: config
|
|
configMap:
|
|
name: openedx-config
|
|
- name: uwsgi-config
|
|
configMap:
|
|
name: openedx-uwsgi-config
|
|
items:
|
|
- key: uwsgi.ini
|
|
path: uwsgi.ini
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: lms-worker
|
|
labels:
|
|
app.kubernetes.io/name: lms-worker
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: lms-worker
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: lms-worker
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
containers:
|
|
- name: lms-worker
|
|
image: {{ DOCKER_IMAGE_OPENEDX }}
|
|
args: ["celery", "--app=lms.celery", "worker", "--loglevel=info", "--hostname=edx.lms.core.default.%%h", "--max-tasks-per-child=100", "--exclude-queues=edx.cms.core.default"]
|
|
env:
|
|
- name: SERVICE_VARIANT
|
|
value: lms
|
|
- name: DJANGO_SETTINGS_MODULE
|
|
value: lms.envs.tutor.production
|
|
volumeMounts:
|
|
- mountPath: /openedx/edx-platform/lms/envs/tutor/
|
|
name: settings-lms
|
|
- mountPath: /openedx/edx-platform/cms/envs/tutor/
|
|
name: settings-cms
|
|
- mountPath: /openedx/config
|
|
name: config
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: settings-lms
|
|
configMap:
|
|
name: openedx-settings-lms
|
|
- name: settings-cms
|
|
configMap:
|
|
name: openedx-settings-cms
|
|
- name: config
|
|
configMap:
|
|
name: openedx-config
|
|
{% if RUN_ELASTICSEARCH %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: elasticsearch
|
|
labels:
|
|
app.kubernetes.io/name: elasticsearch
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: elasticsearch
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: elasticsearch
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
containers:
|
|
- name: elasticsearch
|
|
image: {{ DOCKER_IMAGE_ELASTICSEARCH }}
|
|
env:
|
|
- name: cluster.name
|
|
value: "openedx"
|
|
- name: bootstrap.memory_lock
|
|
value: "true"
|
|
- name: discovery.type
|
|
value: "single-node"
|
|
- name: ES_JAVA_OPTS
|
|
value: "-Xms{{ ELASTICSEARCH_HEAP_SIZE }} -Xmx{{ ELASTICSEARCH_HEAP_SIZE }}"
|
|
- name: TAKE_FILE_OWNERSHIP
|
|
value: "1"
|
|
ports:
|
|
- containerPort: 9200
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumeMounts:
|
|
- mountPath: /usr/share/elasticsearch/data
|
|
name: data
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: elasticsearch
|
|
{% endif %}
|
|
{% if RUN_MONGODB %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: mongodb
|
|
labels:
|
|
app.kubernetes.io/name: mongodb
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: mongodb
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: mongodb
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
fsGroup: 999
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
containers:
|
|
- name: mongodb
|
|
image: {{ DOCKER_IMAGE_MONGODB }}
|
|
args: ["mongod", "--nojournal", "--storageEngine", "wiredTiger"]
|
|
ports:
|
|
- containerPort: 27017
|
|
volumeMounts:
|
|
- mountPath: /data/db
|
|
name: data
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: mongodb
|
|
{% endif %}
|
|
{% if RUN_MYSQL %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: mysql
|
|
labels:
|
|
app.kubernetes.io/name: mysql
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: mysql
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: mysql
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
fsGroup: 999
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
containers:
|
|
- name: mysql
|
|
image: {{ DOCKER_IMAGE_MYSQL }}
|
|
args:
|
|
- "mysqld"
|
|
- "--character-set-server=utf8mb3"
|
|
- "--collation-server=utf8mb3_general_ci"
|
|
- "--binlog-expire-logs-seconds=259200"
|
|
env:
|
|
- name: MYSQL_ROOT_PASSWORD
|
|
value: "{{ MYSQL_ROOT_PASSWORD }}"
|
|
ports:
|
|
- containerPort: 3306
|
|
volumeMounts:
|
|
- mountPath: /var/lib/mysql
|
|
name: data
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: mysql
|
|
{% endif %}
|
|
{% if RUN_SMTP %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: smtp
|
|
labels:
|
|
app.kubernetes.io/name: smtp
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: smtp
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: smtp
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 100
|
|
runAsGroup: 101
|
|
containers:
|
|
- name: smtp
|
|
image: {{ DOCKER_IMAGE_SMTP }}
|
|
ports:
|
|
- containerPort: 8025
|
|
{% endif %}
|
|
{% if RUN_REDIS %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: redis
|
|
labels:
|
|
app.kubernetes.io/name: redis
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: redis
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: redis
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
containers:
|
|
- name: redis
|
|
image: {{ DOCKER_IMAGE_REDIS }}
|
|
args: ["redis-server", "/openedx/redis/config/redis.conf"]
|
|
workingDir: /openedx/redis/data
|
|
ports:
|
|
- containerPort: {{ REDIS_PORT }}
|
|
volumeMounts:
|
|
- mountPath: /openedx/redis/config/
|
|
name: config
|
|
- mountPath: /openedx/redis/data
|
|
name: data
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: redis-config
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: redis
|
|
{% endif %}
|
|
{{ patch("k8s-deployments") }}
|