Merge pull request #281 from ropable/master

Add Geoserver to Kustomize resource definitions

gunicorn.py

@@ -3,7 +3,7 @@
 
 bind = ":8080"
 # Don't start too many workers:
-workers = min(multiprocessing.cpu_count(), 8)
+workers = min(multiprocessing.cpu_count(), 4)
 # Give workers an expiry:
 max_requests = 2048
 max_requests_jitter = 256

kustomize/base/celery.yaml

@@ -16,10 +16,10 @@ spec:
           value: "Australia/Perth"
         resources:
           requests:
-            memory: "64Mi"
+            memory: "128Mi"
             cpu: "10m"
           limits:
-            memory: "4096Mi"
+            memory: "2Gi"
             cpu: "1000m"
         securityContext:
           runAsNonRoot: true

kustomize/base/deployment.yaml

@@ -28,24 +28,36 @@ spec:
           limits:
             memory: "4096Mi"
             cpu: "1000m"
-        livenessProbe:
+        startupProbe:
           httpGet:
             path: /liveness
             port: 8080
             scheme: HTTP
           initialDelaySeconds: 3
           periodSeconds: 3
+          timeoutSeconds: 3
+          successThreshold: 1
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /liveness
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 0
+          periodSeconds: 15
+          timeoutSeconds: 3
+          successThreshold: 1
           failureThreshold: 3
-          timeoutSeconds: 2
         readinessProbe:
           httpGet:
             path: /readiness
             port: 8080
             scheme: HTTP
-          initialDelaySeconds: 3
-          periodSeconds: 3
+          initialDelaySeconds: 0
+          periodSeconds: 15
+          timeoutSeconds: 3
+          successThreshold: 1
           failureThreshold: 3
-          timeoutSeconds: 2
         securityContext:
           runAsNonRoot: true
           privileged: false

kustomize/base/geoserver.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prs-geoserver
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    spec:
+      containers:
+      - name: prs-geoserver
+        image: ghcr.io/dbca-wa/docker-geoserver:2.24.1
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: TZ
+          value: "Australia/Perth"
+        - name: GEOSERVER_CSRF_WHITELIST
+          value: ".dbca.wa.gov.au"
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "10m"
+          limits:
+            memory: "2Gi"
+            cpu: "1000m"
+        startupProbe:
+          httpGet:
+            path: "/geoserver/ows?service=WFS&acceptversions=2.0.0&request=GetCapabilities"
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: "/geoserver/ows?service=WFS&acceptversions=2.0.0&request=GetCapabilities"
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 3
+        livenessProbe:
+          httpGet:
+            path: "/geoserver/ows?service=WFS&acceptversions=2.0.0&request=GetCapabilities"
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 3
+        securityContext:
+          runAsNonRoot: true
+          privileged: false
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          # Note that Geoserver can't cope with a RO root filesystem.
+          readOnlyRootFilesystem: false
+      restartPolicy: Always

kustomize/base/geoserver_service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prs-geoserver-clusterip
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080

kustomize/base/kustomization.yaml

@@ -6,3 +6,5 @@ resources:
   - service.yaml
   - typesense.yaml
   - typesense_service.yaml
+  - geoserver.yaml
+  - geoserver_service.yaml

kustomize/base/typesense.yaml

@@ -22,7 +22,7 @@ spec:
             memory: "128Mi"
             cpu: "10m"
           limits:
-            memory: "8Gi"
+            memory: "6Gi"
             cpu: "1000m"
         livenessProbe:
           httpGet:

kustomize/overlays/prod/deployment_patch.yaml

@@ -149,5 +149,15 @@ spec:
             secretKeyRef:
               name: prs-env-prod
               key: SENTRY_DSN
+        - name: SENTRY_SAMPLE_RATE
+          valueFrom:
+            secretKeyRef:
+              name: prs-env-prod
+              key: SENTRY_SAMPLE_RATE
+        - name: SENTRY_TRANSACTION_SAMPLE_RATE
+          valueFrom:
+            secretKeyRef:
+              name: prs-env-prod
+              key: SENTRY_TRANSACTION_SAMPLE_RATE
         - name: SENTRY_ENVIRONMENT
           value: "prod"

kustomize/overlays/prod/geoserver_patch.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prs-geoserver
+  labels:
+    app: prs-geoserver-prod
+spec:
+  selector:
+    matchLabels:
+      app: prs-geoserver-prod
+  template:
+    metadata:
+      labels:
+        app: prs-geoserver-prod
+    spec:
+      initContainers:
+      - name: chown-pvc
+        image: busybox
+        command:
+          - /bin/chown
+          - -R
+          - "10001:0"
+          - /data/geoserver
+        volumeMounts:
+          - mountPath: /data/geoserver
+            name: prs-geoserver-data
+      containers:
+      - name: prs-geoserver
+        volumeMounts:
+          - mountPath: /data/geoserver
+            name: prs-geoserver-data
+      volumes:
+        - name: prs-geoserver-data
+          persistentVolumeClaim:
+            claimName: prs-geoserver-data-prod

kustomize/overlays/prod/geoserver_pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prs-geoserver-data
+spec:
+  storageClassName: managed-csi-retain
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi

kustomize/overlays/prod/geoserver_service_patch.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prs-geoserver-clusterip
+spec:
+  selector:
+    app: prs-geoserver-prod
+    variant: prod

kustomize/overlays/prod/ingress.yaml

@@ -15,3 +15,10 @@ spec:
             name: prs-clusterip-prod
             port:
               number: 8080
+      - path: /geoserver
+        pathType: Prefix
+        backend:
+          service:
+            name: prs-geoserver-clusterip-prod
+            port:
+              number: 8080

kustomize/overlays/prod/kustomization.yaml

@@ -8,6 +8,7 @@ resources:
   - ingress.yaml
   - pdb.yaml
   - typesense_pvc.yaml
+  - geoserver_pvc.yaml
 secretGenerator:
   - name: prs-env
     type: Opaque
@@ -23,6 +24,8 @@ patches:
   - path: service_patch.yaml
   - path: typesense_patch.yaml
   - path: typesense_service_patch.yaml
+  - path: geoserver_patch.yaml
+  - path: geoserver_service_patch.yaml
 images:
   - name: ghcr.io/dbca-wa/prs
     newTag: 2.5.35

kustomize/overlays/prod/pdb.yaml

@@ -30,3 +30,14 @@ spec:
     matchLabels:
       app: prs-typesense-prod
       variant: prod
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: prs-geoserver-pdb
+spec:
+  minAvailable: 0
+  selector:
+    matchLabels:
+      app: prs-geoserver-prod
+      variant: prod

kustomize/overlays/uat/deployment_patch.yaml

@@ -148,5 +148,15 @@ spec:
             secretKeyRef:
               name: prs-env-uat
               key: SENTRY_DSN
+        - name: SENTRY_SAMPLE_RATE
+          valueFrom:
+            secretKeyRef:
+              name: prs-env-uat
+              key: SENTRY_SAMPLE_RATE
+        - name: SENTRY_TRANSACTION_SAMPLE_RATE
+          valueFrom:
+            secretKeyRef:
+              name: prs-env-uat
+              key: SENTRY_TRANSACTION_SAMPLE_RATE
         - name: SENTRY_ENVIRONMENT
           value: "uat"

kustomize/overlays/uat/geoserver_patch.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prs-geoserver
+  labels:
+    app: prs-geoserver-uat
+spec:
+  selector:
+    matchLabels:
+      app: prs-geoserver-uat
+  template:
+    metadata:
+      labels:
+        app: prs-geoserver-uat
+    spec:
+      initContainers:
+      - name: chown-pvc
+        image: busybox
+        command:
+          - /bin/chown
+          - -R
+          - "10001:0"
+          - /data/geoserver
+        volumeMounts:
+          - mountPath: /data/geoserver
+            name: prs-geoserver-data
+      containers:
+      - name: prs-geoserver
+        volumeMounts:
+          - mountPath: /data/geoserver
+            name: prs-geoserver-data
+      volumes:
+        - name: prs-geoserver-data
+          persistentVolumeClaim:
+            claimName: prs-geoserver-data-uat

kustomize/overlays/uat/geoserver_pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prs-geoserver-data
+spec:
+  storageClassName: managed-csi-retain
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi

kustomize/overlays/uat/geoserver_service_patch.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prs-geoserver-clusterip
+spec:
+  selector:
+    app: prs-geoserver-uat
+    variant: uat

kustomize/overlays/uat/ingress.yaml

@@ -15,3 +15,10 @@ spec:
             name: prs-clusterip-uat
             port:
               number: 8080
+      - path: /geoserver
+        pathType: Prefix
+        backend:
+          service:
+            name: prs-geoserver-clusterip-uat
+            port:
+              number: 8080

kustomize/overlays/uat/kustomization.yaml

@@ -8,6 +8,7 @@ resources:
   - ingress.yaml
   - pdb.yaml
   - typesense_pvc.yaml
+  - geoserver_pvc.yaml
 secretGenerator:
   - name: prs-env
     type: Opaque
@@ -23,3 +24,5 @@ patches:
   - path: service_patch.yaml
   - path: typesense_patch.yaml
   - path: typesense_service_patch.yaml
+  - path: geoserver_patch.yaml
+  - path: geoserver_service_patch.yaml

kustomize/overlays/uat/pdb.yaml

@@ -30,3 +30,14 @@ spec:
     matchLabels:
       app: prs-typesense-uat
       variant: uat
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: prs-geoserver-pdb
+spec:
+  minAvailable: 0
+  selector:
+    matchLabels:
+      app: prs-geoserver-uat
+      variant: uat