From ed490842527fa2bbe0bafe0e8f2af70f759d4b98 Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Tue, 31 Oct 2023 14:24:50 +0800 Subject: [PATCH 1/4] Change imagePullPolicy, update DFES harvest job schedule, set TZ. --- kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml | 4 ++-- .../prod/cronjobs/harvest-email-iriditrak/patch.yaml | 2 +- .../overlays/prod/cronjobs/harvest-email-mp70/patch.yaml | 2 +- .../overlays/prod/cronjobs/harvest-email-spot/patch.yaml | 2 +- kustomize/overlays/prod/cronjobs/harvest-tracplus/patch.yaml | 2 +- kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml | 3 +-- .../overlays/uat/cronjobs/harvest-email-iriditrak/patch.yaml | 1 - .../overlays/uat/cronjobs/harvest-email-mp70/patch.yaml | 1 - kustomize/overlays/uat/cronjobs/harvest-tracplus/patch.yaml | 1 - kustomize/template/cronjob.yaml | 5 ++++- 10 files changed, 11 insertions(+), 12 deletions(-) diff --git a/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml b/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml index 3f45874..51a0eae 100644 --- a/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml +++ b/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml @@ -3,14 +3,14 @@ kind: CronJob metadata: name: resourcetracking-cronjob spec: - schedule: "* * * * *" + schedule: "*/2 * * * *" jobTemplate: spec: template: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always + imagePullPolicy: IfNotPresent args: ["manage.py", "harvest_dfes_feed"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/prod/cronjobs/harvest-email-iriditrak/patch.yaml b/kustomize/overlays/prod/cronjobs/harvest-email-iriditrak/patch.yaml index da2c365..bf4dde4 100644 --- a/kustomize/overlays/prod/cronjobs/harvest-email-iriditrak/patch.yaml +++ b/kustomize/overlays/prod/cronjobs/harvest-email-iriditrak/patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always + imagePullPolicy: IfNotPresent args: ["manage.py", "harvest_tracking_email", "--device-type", "iriditrak", "--purge-email"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/prod/cronjobs/harvest-email-mp70/patch.yaml b/kustomize/overlays/prod/cronjobs/harvest-email-mp70/patch.yaml index 3136a65..e7ef302 100644 --- a/kustomize/overlays/prod/cronjobs/harvest-email-mp70/patch.yaml +++ b/kustomize/overlays/prod/cronjobs/harvest-email-mp70/patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always + imagePullPolicy: IfNotPresent args: ["manage.py", "harvest_tracking_email", "--device-type", "mp70", "--purge-email"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/prod/cronjobs/harvest-email-spot/patch.yaml b/kustomize/overlays/prod/cronjobs/harvest-email-spot/patch.yaml index a9b0548..b976d0f 100644 --- a/kustomize/overlays/prod/cronjobs/harvest-email-spot/patch.yaml +++ b/kustomize/overlays/prod/cronjobs/harvest-email-spot/patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always + imagePullPolicy: IfNotPresent args: ["manage.py", "harvest_tracking_email", "--device-type", "spot", "--purge-email"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/prod/cronjobs/harvest-tracplus/patch.yaml b/kustomize/overlays/prod/cronjobs/harvest-tracplus/patch.yaml index 44e03bf..50730ea 100644 --- a/kustomize/overlays/prod/cronjobs/harvest-tracplus/patch.yaml +++ b/kustomize/overlays/prod/cronjobs/harvest-tracplus/patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always + imagePullPolicy: IfNotPresent args: ["manage.py", "harvest_tracplus"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml b/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml index b31ff20..ab9737d 100644 --- a/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml +++ b/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml @@ -3,14 +3,13 @@ kind: CronJob metadata: name: resourcetracking-cronjob spec: - schedule: "* * * * *" + schedule: "*/2 * * * *" jobTemplate: spec: template: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always args: ["manage.py", "harvest_dfes_feed"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/uat/cronjobs/harvest-email-iriditrak/patch.yaml b/kustomize/overlays/uat/cronjobs/harvest-email-iriditrak/patch.yaml index 2f16d17..06f3d12 100644 --- a/kustomize/overlays/uat/cronjobs/harvest-email-iriditrak/patch.yaml +++ b/kustomize/overlays/uat/cronjobs/harvest-email-iriditrak/patch.yaml @@ -10,7 +10,6 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always args: ["manage.py", "harvest_tracking_email", "--device-type", "iriditrak"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/uat/cronjobs/harvest-email-mp70/patch.yaml b/kustomize/overlays/uat/cronjobs/harvest-email-mp70/patch.yaml index 0a7267e..db4274f 100644 --- a/kustomize/overlays/uat/cronjobs/harvest-email-mp70/patch.yaml +++ b/kustomize/overlays/uat/cronjobs/harvest-email-mp70/patch.yaml @@ -10,7 +10,6 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always args: ["manage.py", "harvest_tracking_email", "--device-type", "mp70"] env: - name: DATABASE_URL diff --git a/kustomize/overlays/uat/cronjobs/harvest-tracplus/patch.yaml b/kustomize/overlays/uat/cronjobs/harvest-tracplus/patch.yaml index 90b798d..79a66c8 100644 --- a/kustomize/overlays/uat/cronjobs/harvest-tracplus/patch.yaml +++ b/kustomize/overlays/uat/cronjobs/harvest-tracplus/patch.yaml @@ -10,7 +10,6 @@ spec: spec: containers: - name: resourcetracking-cronjob - imagePullPolicy: Always args: ["manage.py", "harvest_tracplus"] env: - name: DATABASE_URL diff --git a/kustomize/template/cronjob.yaml b/kustomize/template/cronjob.yaml index a8b8e70..3b4d810 100644 --- a/kustomize/template/cronjob.yaml +++ b/kustomize/template/cronjob.yaml @@ -15,9 +15,12 @@ spec: containers: - name: resourcetracking-cronjob image: ghcr.io/dbca-wa/resource_tracking - imagePullPolicy: IfNotPresent + imagePullPolicy: Always command: ["python"] args: ["--version"] + env: + - name: TZ + value: "Australia/Perth" securityContext: runAsNonRoot: true privileged: false From 45e6f812cf41fd3651b47f3665eb74e726b4ff7d Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Tue, 31 Oct 2023 14:30:06 +0800 Subject: [PATCH 2/4] Revert schedule change. --- kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml | 2 +- kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml b/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml index 51a0eae..dfeff6b 100644 --- a/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml +++ b/kustomize/overlays/prod/cronjobs/harvest-dfes/patch.yaml @@ -3,7 +3,7 @@ kind: CronJob metadata: name: resourcetracking-cronjob spec: - schedule: "*/2 * * * *" + schedule: "* * * * *" jobTemplate: spec: template: diff --git a/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml b/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml index ab9737d..f3bde46 100644 --- a/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml +++ b/kustomize/overlays/uat/cronjobs/harvest-dfes/patch.yaml @@ -3,7 +3,7 @@ kind: CronJob metadata: name: resourcetracking-cronjob spec: - schedule: "*/2 * * * *" + schedule: "* * * * *" jobTemplate: spec: template: From fa682c36bfd9c57eccab955f47b121bb4446a953 Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Wed, 1 Nov 2023 13:21:18 +0800 Subject: [PATCH 3/4] Tweak Sentry config to derive project version from pyproject.toml. --- poetry.lock | 2 +- pyproject.toml | 1 + resource_tracking/settings.py | 5 +++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/poetry.lock b/poetry.lock index 05967e7..04eede2 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1372,4 +1372,4 @@ brotli = ["Brotli"] [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "cd7fe3090b8d452c957275d4af3b2c75e74142fac2a942e2eaecca7e99b84666" +content-hash = "244d7796bbb9bae9b31ea7354e67aa25d9fe427ec6bfb15a2060a2f6f70f5d68" diff --git a/pyproject.toml b/pyproject.toml index c39923d..963374a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -20,6 +20,7 @@ unicodecsv = "0.14.1" whitenoise = {version = "6.5.0", extras = ["brotli"]} azure-storage-blob = "12.17.0" sentry-sdk = {version = "1.32.0", extras = ["django"]} +tomli = "2.0.1" [tool.poetry.group.dev.dependencies] ipython = "^8.13.0" diff --git a/resource_tracking/settings.py b/resource_tracking/settings.py index 026a909..76a9c20 100644 --- a/resource_tracking/settings.py +++ b/resource_tracking/settings.py @@ -153,11 +153,12 @@ SENTRY_ENVIRONMENT = env('SENTRY_ENVIRONMENT', None) if SENTRY_DSN and SENTRY_ENVIRONMENT: import sentry_sdk - from importlib import metadata + import tomli + project = tomli.load(open(os.path.join(BASE_DIR, "pyproject.toml"), "rb")) sentry_sdk.init( dsn=SENTRY_DSN, traces_sample_rate=SENTRY_SAMPLE_RATE, environment=SENTRY_ENVIRONMENT, - release=metadata.version("resource_tracking"), + release=project["tool"]["poetry"]["version"], ) From d59363b6fb7112301a2c9bab0951c707b068381c Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Fri, 3 Nov 2023 14:40:11 +0800 Subject: [PATCH 4/4] Update base deployment resource to use RO root filesystem. --- kustomize/base/deployment.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml index 67665ca..2542d3b 100644 --- a/kustomize/base/deployment.yaml +++ b/kustomize/base/deployment.yaml @@ -52,5 +52,12 @@ spec: capabilities: drop: - ALL - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: tmpfs-ram + volumes: + - name: tmpfs-ram + emptyDir: + medium: "Memory" restartPolicy: Always