diff --git a/ansible/roles/schulcloud-server-core/tasks/main.yml b/ansible/roles/schulcloud-server-core/tasks/main.yml index dcc0a88cd79..313e0490e1b 100644 --- a/ansible/roles/schulcloud-server-core/tasks/main.yml +++ b/ansible/roles/schulcloud-server-core/tasks/main.yml @@ -233,44 +233,6 @@ template: admin-api-server-svc-monitor.yml.j2 when: WITH_API_ADMIN is defined and WITH_API_ADMIN|bool - - name: TlDraw server Secret (from 1Password) - kubernetes.core.k8s: - kubeconfig: ~/.kube/config - namespace: "{{ NAMESPACE }}" - template: tldraw-server-onepassword.yml.j2 - when: - - ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool - - WITH_TLDRAW is defined and WITH_TLDRAW|bool - - - name: TlDraw server deployment - kubernetes.core.k8s: - kubeconfig: ~/.kube/config - namespace: "{{ NAMESPACE }}" - template: tldraw-deployment.yml.j2 - when: WITH_TLDRAW is defined and WITH_TLDRAW|bool - - - name: TlDraw server service - kubernetes.core.k8s: - kubeconfig: ~/.kube/config - namespace: "{{ NAMESPACE }}" - template: tldraw-server-svc.yml.j2 - when: WITH_TLDRAW is defined and WITH_TLDRAW|bool - - - name: Tldraw ingress - kubernetes.core.k8s: - kubeconfig: ~/.kube/config - namespace: "{{ NAMESPACE }}" - template: tldraw-ingress.yml.j2 - apply: yes - when: WITH_TLDRAW is defined and WITH_TLDRAW|bool - - - name: TldrawServiceMonitor - kubernetes.core.k8s: - kubeconfig: ~/.kube/config - namespace: "{{ NAMESPACE }}" - template: tldraw-svc-monitor.yml.j2 - when: WITH_TLDRAW is defined and WITH_TLDRAW|bool - - name: common cartridge configmap kubernetes.core.k8s: kubeconfig: ~/.kube/config diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 deleted file mode 100644 index f6f8783dc13..00000000000 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2 +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tldraw-deployment - namespace: {{ NAMESPACE }} - labels: - app: tldraw-server - app.kubernetes.io/part-of: schulcloud-verbund - app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }} - app.kubernetes.io/name: tldraw-server - app.kubernetes.io/component: tldraw - app.kubernetes.io/managed-by: ansible - git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} - git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} -spec: - replicas: {{ TLDRAW_SERVER_REPLICAS|default("1", true) }} - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - #maxUnavailable: 1 - revisionHistoryLimit: 4 - paused: false - selector: - matchLabels: - app: tldraw-server - template: - metadata: - labels: - app: tldraw-server - app.kubernetes.io/part-of: schulcloud-verbund - app.kubernetes.io/version: {{ SCHULCLOUD_SERVER_IMAGE_TAG }} - app.kubernetes.io/name: tldraw-server - app.kubernetes.io/component: tldraw - app.kubernetes.io/managed-by: ansible - git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} - git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} - spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true - containers: - - name: tldraw - image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 3345 - name: tldraw-ws - protocol: TCP - - containerPort: 3349 - name: tldraw-http - protocol: TCP - - containerPort: 9090 - name: api-metrics - protocol: TCP - envFrom: - - configMapRef: - name: api-configmap - - secretRef: - name: api-secret - - secretRef: - name: tldraw-server-secret - - secretRef: - name: api-files-secret - command: ['npm', 'run', 'nest:start:tldraw:prod'] - resources: - limits: - cpu: {{ TLDRAW_EDITOR_CPU_LIMITS|default("2000m", true) }} - memory: {{ TLDRAW_EDITOR_MEMORY_LIMITS|default("4Gi", true) }} - requests: - cpu: {{ TLDRAW_EDITOR_CPU_REQUESTS|default("100m", true) }} - memory: {{ TLDRAW_EDITOR_MEMORY_REQUESTS|default("150Mi", true) }} -{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %} - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 9 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - schulcloud-verbund - topologyKey: "kubernetes.io/hostname" - namespaceSelector: {} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: -{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %} - - weight: 10 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tldraw-server - topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }} -{% endif %} - - weight: 20 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - tldraw-server - topologyKey: "topology.kubernetes.io/zone" -{% endif %} diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-ingress.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-ingress.yml.j2 deleted file mode 100644 index aa765778276..00000000000 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-ingress.yml.j2 +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ NAMESPACE }}-tldraw-ingress - namespace: {{ NAMESPACE }} - annotations: - nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" - nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" - # The following properties added with BC-3606. - # The header size of the request is too big. For e.g. state and the permanent growing jwt. - # Nginx throws away the Location header, resulting in the 502 Bad Gateway. - nginx.ingress.kubernetes.io/client-header-buffer-size: 100k - nginx.ingress.kubernetes.io/http2-max-header-size: 96k - nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k - nginx.ingress.kubernetes.io/proxy-buffer-size: 96k - nginx.org/websocket-services: "tldraw-server-svc" -{% if CLUSTER_ISSUER is defined %} - cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} -{% endif %} - -spec: - ingressClassName: {{ INGRESS_CLASS }} -{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} - tls: - - hosts: - - {{ DOMAIN }} -{% if CLUSTER_ISSUER is defined %} - secretName: {{ DOMAIN }}-tls -{% endif %} -{% endif %} - rules: - - host: {{ DOMAIN }} - http: - paths: - - path: /tldraw-server - backend: - service: - name: tldraw-server-svc - port: - number: 3345 - pathType: Prefix diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-server-onepassword.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-server-onepassword.yml.j2 deleted file mode 100644 index 14021d8bd9c..00000000000 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-server-onepassword.yml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: tldraw-server-secret - namespace: {{ NAMESPACE }} - labels: - app: tldraw-server -spec: - itemPath: "vaults/{{ ONEPASSWORD_OPERATOR_VAULT }}/items/tldraw-server" diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-server-svc.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-server-svc.yml.j2 deleted file mode 100644 index 59074ea4f29..00000000000 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-server-svc.yml.j2 +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tldraw-server-svc - namespace: {{ NAMESPACE }} - labels: - app: tldraw-server -spec: - type: ClusterIP - ports: - # port for WebSocket connection - - port: 3345 - targetPort: 3345 - protocol: TCP - name: tldraw-ws - # port for http managing drawing data - - port: 3349 - targetPort: 3349 - protocol: TCP - name: tldraw-http - - port: {{ PORT_METRICS_SERVER }} - targetPort: 9090 - protocol: TCP - name: api-metrics - selector: - app: tldraw-server diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-svc-monitor.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-svc-monitor.yml.j2 deleted file mode 100644 index 6fcc75f0402..00000000000 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-svc-monitor.yml.j2 +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: tldraw-svc-monitor - namespace: {{ NAMESPACE }} - labels: - app: tldraw-server -spec: - selector: - matchExpressions: - - key: app.kubernetes.io/name - operator: in - values: - - tldraw-server-svc - endpoints: - - path: /metrics - port: api-metrics