cleanup

hpi-schul-cloud · Jul 18, 2024 · 3e70516 · 3e70516
1 parent d32f235
commit 3e70516
Show file tree

Hide file tree

Showing 7 changed files with 141 additions and 14 deletions.
diff --git a/ansible/roles/tldraw-server/tasks/main.yml b/ansible/roles/tldraw-server/tasks/main.yml
@@ -2,29 +2,45 @@
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-server-onepassword.yml.j2
+      template: onepassword.yml.j2
     when:
      - ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
      - WITH_TLDRAW is defined and WITH_TLDRAW|bool
 
+  - name: TlDraw server configmap
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: configmap.yml.j2
+    when:
+      - ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
+      - WITH_TLDRAW is defined and WITH_TLDRAW|bool
+
   - name: TlDraw server deployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-deployment.yml.j2
+      template: deployment.yml.j2
+    when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
+
+  - name: TlDraw worker deployment
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: worker-deployment.yml.j2
     when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
 
   - name: TlDraw server service
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-server-svc.yml.j2
+      template: server-svc.yml.j2
     when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
 
   - name: Tldraw ingress
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-ingress.yml.j2
+      template: ingress.yml.j2
       apply: yes
     when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
diff --git a/ansible/roles/tldraw-server/templates/configmap.yml.j2 b/ansible/roles/tldraw-server/templates/configmap.yml.j2
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tldraw-server-configmap
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: tldraw-server
+data:
+  HALLO_SERGEJ: "MAX"
diff --git a/...server/templates/tldraw-deployment.yml.j2 → ...tldraw-server/templates/deployment.yml.j2 b/...server/templates/tldraw-deployment.yml.j2 → ...tldraw-server/templates/deployment.yml.j2
@@ -57,21 +57,16 @@ spec:
           protocol: TCP
         envFrom:
         - configMapRef:
-            name: api-configmap
-        - secretRef:
-            name: api-secret
+            name: tldraw-server-configmap
         - secretRef:
             name: tldraw-server-secret
-        - secretRef:
-            name: api-files-secret
-        command: ['npm', 'run', 'nest:start:tldraw:prod']
         resources:
           limits:
-            cpu: {{ TLDRAW_EDITOR_CPU_LIMITS|default("2000m", true) }}
-            memory: {{ TLDRAW_EDITOR_MEMORY_LIMITS|default("4Gi", true) }}
+            cpu: {{ TLDRAW_SERVER_CPU_LIMITS|default("2000m", true) }}
+            memory: {{ TLDRAW_SERVER_MEMORY_LIMITS|default("2Gi", true) }}
           requests:
-            cpu: {{ TLDRAW_EDITOR_CPU_REQUESTS|default("100m", true) }}
-            memory: {{ TLDRAW_EDITOR_MEMORY_REQUESTS|default("150Mi", true) }}
+            cpu: {{ TLDRAW_SERVER_CPU_REQUESTS|default("100m", true) }}
+            memory: {{ TLDRAW_SERVER_MEMORY_REQUESTS|default("150Mi", true) }}
 {% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
       affinity:
         podAffinity:

diff --git a/...aw-server/templates/tldraw-ingress.yml.j2 → ...es/tldraw-server/templates/ingress.yml.j2 b/...aw-server/templates/tldraw-ingress.yml.j2 → ...es/tldraw-server/templates/ingress.yml.j2
diff --git a/...emplates/tldraw-server-onepassword.yml.j2 → ...ldraw-server/templates/onepassword.yml.j2 b/...emplates/tldraw-server-onepassword.yml.j2 → ...ldraw-server/templates/onepassword.yml.j2
diff --git a/...server/templates/tldraw-server-svc.yml.j2 → ...tldraw-server/templates/server-svc.yml.j2 b/...server/templates/tldraw-server-svc.yml.j2 → ...tldraw-server/templates/server-svc.yml.j2
diff --git a/ansible/roles/tldraw-server/templates/worker-deployment.yml.j2 b/ansible/roles/tldraw-server/templates/worker-deployment.yml.j2
@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tldraw-deployment
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: tldraw-server-worker
+    app.kubernetes.io/part-of: schulcloud-verbund
+    app.kubernetes.io/version: {{ TLDRAW_SERVER_IMAGE_TAG }}
+    app.kubernetes.io/name: tldraw-server-worker
+    app.kubernetes.io/component: tldraw
+    app.kubernetes.io/managed-by: ansible
+    git.branch: {{ TLDRAW_SERVER_BRANCH_NAME }}
+    git.repo: {{ TLDRAW_SERVER_REPO_NAME }}
+spec:
+  replicas: {{ TLDRAW_SERVER_REPLICAS|default("1", true) }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      #maxUnavailable: 1
+  revisionHistoryLimit: 4
+  paused: false
+  selector:
+    matchLabels:
+      app: tldraw-server-worker
+  template:
+    metadata:
+      labels:
+        app: tldraw-server-worker
+        app.kubernetes.io/part-of: schulcloud-verbund
+        app.kubernetes.io/version: {{ TLDRAW_SERVER_IMAGE_TAG }}
+        app.kubernetes.io/name: tldraw-server
+        app.kubernetes.io/component: tldraw
+        app.kubernetes.io/managed-by: ansible
+        git.branch: {{ TLDRAW_SERVER_BRANCH_NAME }}
+        git.repo: {{ TLDRAW_SERVER_REPO_NAME }}
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        runAsNonRoot: true
+      containers:
+      - name: tldraw
+        image: {{ TLDRAW_SERVER_IMAGE }}:{{ TLDRAW_SERVER_IMAGE_TAG }}
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3345
+          name: tldraw-ws
+          protocol: TCP
+        - containerPort: 3349
+          name: tldraw-http
+          protocol: TCP
+        - containerPort: 9090
+          name: api-metrics
+          protocol: TCP
+        envFrom:
+        - configMapRef:
+            name: tldraw-server-configmap
+        - secretRef:
+            name: tldraw-server-secret
+        command: ['npm', 'run', 'start:y-redis-worker']
+        resources:
+          limits:
+            cpu: {{ TLDRAW_SERVER_WORKER_CPU_LIMITS|default("2000m", true) }}
+            memory: {{ TLDRAW_SERVER_WORKER_MEMORY_LIMITS|default("2Gi", true) }}
+          requests:
+            cpu: {{ TLDRAW_SERVER_WORKER_CPU_REQUESTS|default("100m", true) }}
+            memory: {{ TLDRAW_SERVER_WORKER_MEMORY_REQUESTS|default("150Mi", true) }}
+{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 9
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/part-of
+                  operator: In
+                  values:
+                  - schulcloud-verbund
+              topologyKey: "kubernetes.io/hostname"
+              namespaceSelector: {}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %}
+          - weight: 10
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - tldraw-server
+              topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }}
+{% endif %}
+          - weight: 20
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - tldraw-server
+              topologyKey: "topology.kubernetes.io/zone"
+{% endif %}