From 3e70516bbd1e5704ca878ae4ed7abda96610eb99 Mon Sep 17 00:00:00 2001
From: Phillip Wirth <phillip.wirth@dataport.de>
Date: Thu, 18 Jul 2024 17:23:48 +0200
Subject: [PATCH] cleanup

---
 ansible/roles/tldraw-server/tasks/main.yml    |  24 +++-
 .../tldraw-server/templates/configmap.yml.j2  |   9 ++
 ...aw-deployment.yml.j2 => deployment.yml.j2} |  15 +--
 .../{tldraw-ingress.yml.j2 => ingress.yml.j2} |   0
 ...-onepassword.yml.j2 => onepassword.yml.j2} |   0
 ...aw-server-svc.yml.j2 => server-svc.yml.j2} |   0
 .../templates/worker-deployment.yml.j2        | 107 ++++++++++++++++++
 7 files changed, 141 insertions(+), 14 deletions(-)
 create mode 100644 ansible/roles/tldraw-server/templates/configmap.yml.j2
 rename ansible/roles/tldraw-server/templates/{tldraw-deployment.yml.j2 => deployment.yml.j2} (87%)
 rename ansible/roles/tldraw-server/templates/{tldraw-ingress.yml.j2 => ingress.yml.j2} (100%)
 rename ansible/roles/tldraw-server/templates/{tldraw-server-onepassword.yml.j2 => onepassword.yml.j2} (100%)
 rename ansible/roles/tldraw-server/templates/{tldraw-server-svc.yml.j2 => server-svc.yml.j2} (100%)
 create mode 100644 ansible/roles/tldraw-server/templates/worker-deployment.yml.j2

diff --git a/ansible/roles/tldraw-server/tasks/main.yml b/ansible/roles/tldraw-server/tasks/main.yml
index d69ca2f6..66bfc0b4 100644
--- a/ansible/roles/tldraw-server/tasks/main.yml
+++ b/ansible/roles/tldraw-server/tasks/main.yml
@@ -2,29 +2,45 @@
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-server-onepassword.yml.j2
+      template: onepassword.yml.j2
     when:
      - ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
      - WITH_TLDRAW is defined and WITH_TLDRAW|bool
 
+  - name: TlDraw server configmap
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: configmap.yml.j2
+    when:
+      - ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
+      - WITH_TLDRAW is defined and WITH_TLDRAW|bool
+
   - name: TlDraw server deployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-deployment.yml.j2
+      template: deployment.yml.j2
+    when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
+
+  - name: TlDraw worker deployment
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: worker-deployment.yml.j2
     when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
 
   - name: TlDraw server service
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-server-svc.yml.j2
+      template: server-svc.yml.j2
     when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
 
   - name: Tldraw ingress
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
-      template: tldraw-ingress.yml.j2
+      template: ingress.yml.j2
       apply: yes
     when: WITH_TLDRAW is defined and WITH_TLDRAW|bool
diff --git a/ansible/roles/tldraw-server/templates/configmap.yml.j2 b/ansible/roles/tldraw-server/templates/configmap.yml.j2
new file mode 100644
index 00000000..ff6f2e1a
--- /dev/null
+++ b/ansible/roles/tldraw-server/templates/configmap.yml.j2
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tldraw-server-configmap
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: tldraw-server
+data:
+  HALLO_SERGEJ: "MAX"
diff --git a/ansible/roles/tldraw-server/templates/tldraw-deployment.yml.j2 b/ansible/roles/tldraw-server/templates/deployment.yml.j2
similarity index 87%
rename from ansible/roles/tldraw-server/templates/tldraw-deployment.yml.j2
rename to ansible/roles/tldraw-server/templates/deployment.yml.j2
index df540838..98c22844 100644
--- a/ansible/roles/tldraw-server/templates/tldraw-deployment.yml.j2
+++ b/ansible/roles/tldraw-server/templates/deployment.yml.j2
@@ -57,21 +57,16 @@ spec:
           protocol: TCP
         envFrom:
         - configMapRef:
-            name: api-configmap
-        - secretRef:
-            name: api-secret
+            name: tldraw-server-configmap
         - secretRef:
             name: tldraw-server-secret
-        - secretRef:
-            name: api-files-secret
-        command: ['npm', 'run', 'nest:start:tldraw:prod']
         resources:
           limits:
-            cpu: {{ TLDRAW_EDITOR_CPU_LIMITS|default("2000m", true) }}
-            memory: {{ TLDRAW_EDITOR_MEMORY_LIMITS|default("4Gi", true) }}
+            cpu: {{ TLDRAW_SERVER_CPU_LIMITS|default("2000m", true) }}
+            memory: {{ TLDRAW_SERVER_MEMORY_LIMITS|default("2Gi", true) }}
           requests:
-            cpu: {{ TLDRAW_EDITOR_CPU_REQUESTS|default("100m", true) }}
-            memory: {{ TLDRAW_EDITOR_MEMORY_REQUESTS|default("150Mi", true) }}
+            cpu: {{ TLDRAW_SERVER_CPU_REQUESTS|default("100m", true) }}
+            memory: {{ TLDRAW_SERVER_MEMORY_REQUESTS|default("150Mi", true) }}
 {% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
       affinity:
         podAffinity:
diff --git a/ansible/roles/tldraw-server/templates/tldraw-ingress.yml.j2 b/ansible/roles/tldraw-server/templates/ingress.yml.j2
similarity index 100%
rename from ansible/roles/tldraw-server/templates/tldraw-ingress.yml.j2
rename to ansible/roles/tldraw-server/templates/ingress.yml.j2
diff --git a/ansible/roles/tldraw-server/templates/tldraw-server-onepassword.yml.j2 b/ansible/roles/tldraw-server/templates/onepassword.yml.j2
similarity index 100%
rename from ansible/roles/tldraw-server/templates/tldraw-server-onepassword.yml.j2
rename to ansible/roles/tldraw-server/templates/onepassword.yml.j2
diff --git a/ansible/roles/tldraw-server/templates/tldraw-server-svc.yml.j2 b/ansible/roles/tldraw-server/templates/server-svc.yml.j2
similarity index 100%
rename from ansible/roles/tldraw-server/templates/tldraw-server-svc.yml.j2
rename to ansible/roles/tldraw-server/templates/server-svc.yml.j2
diff --git a/ansible/roles/tldraw-server/templates/worker-deployment.yml.j2 b/ansible/roles/tldraw-server/templates/worker-deployment.yml.j2
new file mode 100644
index 00000000..48d9fed0
--- /dev/null
+++ b/ansible/roles/tldraw-server/templates/worker-deployment.yml.j2
@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tldraw-deployment
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: tldraw-server-worker
+    app.kubernetes.io/part-of: schulcloud-verbund
+    app.kubernetes.io/version: {{ TLDRAW_SERVER_IMAGE_TAG }}
+    app.kubernetes.io/name: tldraw-server-worker
+    app.kubernetes.io/component: tldraw
+    app.kubernetes.io/managed-by: ansible
+    git.branch: {{ TLDRAW_SERVER_BRANCH_NAME }}
+    git.repo: {{ TLDRAW_SERVER_REPO_NAME }}
+spec:
+  replicas: {{ TLDRAW_SERVER_REPLICAS|default("1", true) }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      #maxUnavailable: 1
+  revisionHistoryLimit: 4
+  paused: false
+  selector:
+    matchLabels:
+      app: tldraw-server-worker
+  template:
+    metadata:
+      labels:
+        app: tldraw-server-worker
+        app.kubernetes.io/part-of: schulcloud-verbund
+        app.kubernetes.io/version: {{ TLDRAW_SERVER_IMAGE_TAG }}
+        app.kubernetes.io/name: tldraw-server
+        app.kubernetes.io/component: tldraw
+        app.kubernetes.io/managed-by: ansible
+        git.branch: {{ TLDRAW_SERVER_BRANCH_NAME }}
+        git.repo: {{ TLDRAW_SERVER_REPO_NAME }}
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        runAsNonRoot: true
+      containers:
+      - name: tldraw
+        image: {{ TLDRAW_SERVER_IMAGE }}:{{ TLDRAW_SERVER_IMAGE_TAG }}
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3345
+          name: tldraw-ws
+          protocol: TCP
+        - containerPort: 3349
+          name: tldraw-http
+          protocol: TCP
+        - containerPort: 9090
+          name: api-metrics
+          protocol: TCP
+        envFrom:
+        - configMapRef:
+            name: tldraw-server-configmap
+        - secretRef:
+            name: tldraw-server-secret
+        command: ['npm', 'run', 'start:y-redis-worker']
+        resources:
+          limits:
+            cpu: {{ TLDRAW_SERVER_WORKER_CPU_LIMITS|default("2000m", true) }}
+            memory: {{ TLDRAW_SERVER_WORKER_MEMORY_LIMITS|default("2Gi", true) }}
+          requests:
+            cpu: {{ TLDRAW_SERVER_WORKER_CPU_REQUESTS|default("100m", true) }}
+            memory: {{ TLDRAW_SERVER_WORKER_MEMORY_REQUESTS|default("150Mi", true) }}
+{% if AFFINITY_ENABLE is defined and AFFINITY_ENABLE|bool %}
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 9
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/part-of
+                  operator: In
+                  values:
+                  - schulcloud-verbund
+              topologyKey: "kubernetes.io/hostname"
+              namespaceSelector: {}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+{% if ANIT_AFFINITY_NODEPOOL_ENABLE is defined and ANIT_AFFINITY_NODEPOOL_ENABLE|bool %}
+          - weight: 10
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - tldraw-server
+              topologyKey: {{ ANIT_AFFINITY_NODEPOOL_TOPOLOGY_KEY }}
+{% endif %}
+          - weight: 20
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - tldraw-server
+              topologyKey: "topology.kubernetes.io/zone"
+{% endif %}