Skip to content

Commit

Permalink
Merge pull request #300 from tapis-project/staging
Browse files Browse the repository at this point in the history
Staging
  • Loading branch information
mpackard authored Oct 9, 2023
2 parents 0b121e9 + 754fd6d commit 91013b2
Show file tree
Hide file tree
Showing 8 changed files with 34 additions and 56 deletions.
5 changes: 3 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,12 @@ Notable changes between versions.
- [ Systems: 1.4.1 to 1.4.2 (tapis/systems)](https://github.com/tapis-project/tapis-systems/blob/1.4.2/CHANGELOG.md)
- [ Apps: 1.4.1 to 1.4.2 (tapis/apps)](https://github.com/tapis-project/tapis-apps/blob/1.4.2/CHANGELOG.md)
- [ Notifications: 1.4.0 to 1.4.1 (tapis/notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/1.4.1/CHANGELOG.md)
- [ Files: 1.4.2 to 1.4.3 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md)
- [ Jobs: 1.4.2 to 1.4.3 (tapis/jobsworker, jobsmigrate, jobsapi)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md)
- [ Files: 1.4.2 to 1.5.0 (tapis/tapis-files, tapis/tapis-files-workers)](https://github.com/tapis-project/tapis-files/blob/dev/CHANGELOG.md)
- [ Jobs: 1.4.2 to 1.5.0 (tapis/jobsworker, jobsmigrate, jobsapi)](https://github.com/tapis-project/tapis-jobs/blob/dev/tapis-jobsapi/CHANGELOG.md)
- [ Globus-Proxy: 1.4.2 to 1.4.3 (tapis/globus-proxy)](https://github.com/tapis-project/globus-proxy/blob/dev/CHANGELOG.md)



### Breaking Changes for Deployer Admins

- This is ONLY for Docker Tapis installs updating; it is NOT applicable to Kubernetes installs: Some components' Postgres directory volume mounts have moved within the `tapisdatadir` and may need to be moved on disk before starting the containers. Each component should now follow a similar structure, e.g. for authenticator: `tapisdatadir/authenticator/postgres/data` should contain the Postgres data, such as the `PG_VERSION` file, `pg_wal` directory, etc.
Expand Down
7 changes: 4 additions & 3 deletions playbooks/roles/actors/templates/kube/api/burndown
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ kubectl delete -f nginx.yml

# storage
kubectl delete -f mongo.yml
#kubectl delete -f mongo-pvc.yml
# rabbit can be killed each time. If you drop rabbit, must also kill the pvc.
kubectl delete -f rabbit.yml
kubectl delete -f rabbitmq-pvc.yml

# pvc
# kubectl delete -f mongo-pvc.yml
# kubectl delete -f rabbitmq-pvc.yml
2 changes: 1 addition & 1 deletion playbooks/roles/actors/templates/kube/api/rabbit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ spec:
labels:
app: actors-rabbit
spec:
hostname: actors-rabbit # sets static hostname rather than k8 generated. Without rabbit can't use pvc to restart.
containers:
- name: actors-rabbit
image: {{ actors_rabbitmq_image }}
Expand Down Expand Up @@ -39,4 +40,3 @@ spec:
- name: actors-rabbitmq-data
persistentVolumeClaim:
claimName: {{actors_rabbit_pvc}}

4 changes: 2 additions & 2 deletions playbooks/roles/files/defaults/main/images.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
files_api_image: tapis/tapis-files:1.4.3
files_workers_image: tapis/tapis-files-workers:1.4.3
files_api_image: tapis/tapis-files:1.5.0
files_workers_image: tapis/tapis-files-workers:1.5.0
files_postgres_image: postgres:11
files_migrations_image: postgres:11
files_minio_image: minio/minio
Expand Down
6 changes: 3 additions & 3 deletions playbooks/roles/jobs/defaults/main/images.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
jobs_api_image: tapis/jobsapi:1.4.3
jobs_migrations_image: tapis/jobsmigrate:1.4.3
jobs_worker_image: tapis/jobsworker:1.4.3
jobs_api_image: tapis/jobsapi:1.5.0
jobs_migrations_image: tapis/jobsmigrate:1.5.0
jobs_worker_image: tapis/jobsworker:1.5.0
jobs_postgres_image: postgres:12.4
jobs_pgadmin_image: dpage/pgadmin4:6.20
jobs_rabbitmq_management_image: rabbitmq:3.8.11-management
28 changes: 0 additions & 28 deletions playbooks/roles/pods/templates/kube/nfs-pvc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,31 +9,3 @@ spec:
resources:
requests:
storage: 5Gi

---
apiVersion: batch/v1
kind: Job
metadata:
name: pods-nfs-mkdirs
spec:
ttlSecondsAfterFinished: 60
template:
spec:
restartPolicy: Never
containers:
- name: pods-nfs-vol
image: alpine:latest
command:
- sh
- -c
- |
mkdir -p /podsnfs/volumes
mkdir -p /podsnfs/snapshots
chmod 777 /podsnfs/volumes /podsnfs/snapshots
volumeMounts:
- name: pods-nfs-data
mountPath: /podsnfs
volumes:
- name: pods-nfs-data
persistentVolumeClaim:
claimName: pods-nfs-vol
36 changes: 20 additions & 16 deletions playbooks/roles/proxy/templates/kube/nginx/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,45 +10,49 @@ events {
}

{% if "pods" in proxy_nginx_service_list %}
### Everything first goes through this stream stanza. Map matches subdomain to port to route to.
### If no map found, we route to default 8443. This directs back to HTTP stanza as normal.
# Everything routes through here. Either goes to Pods or HTTP stanza
stream {

log_format stream_routing '$remote_addr [$time_local] '
'with SNI name "$ssl_preread_server_name" '
'proxying to "$instanceport" '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';

# 'map' maps input string to output variable. Regex works.
# Ports used are purely random. Feel free to change.
# 'map's input request SNI (domain name) to output port.
# Ports used are purely random
map $ssl_preread_server_name $instanceport {
# Route TCP with following whatever.pods.whatever.tenant.tapis.io to pods-traefik
# proxy_nginx_server_name would be `*.develop.tapis.io`, `*.tapis.io`, etc.
# *.pods.tenant.environment.tapis.io routes to pods-traefik
"~*.pods.{{proxy_nginx_server_name}}" 5510;
# Route non-pod things to 8443 (arbitrary port, listened to by http stanza) to follow regular nginx walkthrough
# Route non-pod requests to 8443 which is read by http stanza
"~{{proxy_nginx_server_name}}" 8443;
# Else default to 5510
default 8443;
# Else default to 5510 which routes to pods (required for Postgres)
default 5510;
}

# pods_service. Route TCP to pods-traefik pod.
# 'pods_upstream' routes to traefik. Backup is HTTP stanza.
# Works even if pods_service is down.
upstream pods_upstream {
server pods-traefik:80;
server 127.0.0.1:8443 backup;
}

# 5510 routes to pod_service traefik pod. Backup is HTTP stanza.
server {
listen 5510;
ssl_preread off;
proxy_timeout 600s;
access_log /dev/stdout stream_routing;
proxy_pass pods-traefik:80;

#access_log /dev/stdout stream_routing; # debug log if needed
proxy_pass pods_upstream;
proxy_next_upstream on;
}

# Listen for all incoming requests. Preread server name (for mapping). Then pass.
server {
listen 443;
ssl_preread on;
proxy_connect_timeout 20s; # max time to connect to pserver
proxy_timeout 600s;
access_log /dev/stdout stream_routing;
proxy_connect_timeout 20s; # max time to connect to pserver
#access_log /dev/stdout stream_routing;
proxy_pass 127.0.0.1:$instanceport;
}
}
Expand Down
2 changes: 1 addition & 1 deletion playbooks/roles/streams/defaults/main/images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ streams_influxdb2_image: influxdb:2.1.1-alpine
streams_mysql_image: mysql:5.7
streams_chords_image: ncareol/chords:1.0
streams_tapis_chords_app_image: scleveland/tapis-chords-app:0.9.8.2.3
streams_api_image: tapis/streams-api:1.4.0
streams_api_image: tapis/streams-api:1.5.0

0 comments on commit 91013b2

Please sign in to comment.