Skip to content
Snippets Groups Projects
Commit 541d7111 authored by Tim Kreuzer's avatar Tim Kreuzer
Browse files

fix for jupyter prod

parent c271a003
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 0 additions and 271 deletions
rancher/fleet.yaml
+ 0
24
View file @ 541d7111
...@@ -64,30 +64,6 @@ targetCustomizations: ...@@ -64,30 +64,6 @@ targetCustomizations:
clusterSelector: clusterSelector:
matchLabels: matchLabels:
name: jupyter-prod name: jupyter-prod
prep: "true"
kustomize:
dir: overlays/jupyter-prep
helm:
valuesFiles:
- values/nodeSelector.yaml
- values/jupyter.yaml
values:
grafana:
grafana.ini:
server:
domain: zam12185.zam.kfa-juelich.de
ingress:
hosts:
- zam12185.zam.kfa-juelich.de
tls:
- hosts:
- zam12185.zam.kfa-juelich.de
secretName: zam12185
- name: jupyter-prod
clusterSelector:
matchLabels:
name: jupyter-prod
prep: "false"
helm: helm:
valuesFiles: valuesFiles:
- values/nodeSelector.yaml - values/nodeSelector.yaml
......
rancher/overlays/jupyter-prep/dashboards/deploy-dbs-cm.yaml deleted 100644 → 0
+ 0
17
View file @ c271a003
apiVersion: v1
kind: ConfigMap
metadata:
name: deploy-dbs
data:
deploy.sh: |-
#!/bin/sh
# Install jsonnet
apk add build-base cmake
git clone https://github.com/google/jsonnet.git
cd jsonnet && make
# Install python dependencies and run python script to create dashboards
pip install kubernetes
git clone --single-branch --branch ${GIT_BRANCH} \
${GIT_REPO} /tmp/jsonnet
cd /tmp/jsonnet && python deploy.py --jsonnet-dir ./dashboards --dashboards-dir /tmp/dashboards/jupyter --jsonnet-executable-path /apps/jsonnet
\ No newline at end of file
rancher/overlays/jupyter-prep/dashboards/patch-extra-containers.yaml deleted 100644 → 0
+ 0
60
View file @ c271a003
# extra container volumes
- op: add
path: "/spec/template/spec/volumes/-"
value:
name: deploy-dbs
configMap:
name: deploy-dbs
- op: add
path: "/spec/template/spec/volumes/-"
value:
name: set-permissions
configMap:
name: set-dashboard-permissions
# extra init containers
- op: add
path: "/spec/template/spec/initContainers/-"
value:
name: create-jupyter-dashboards
image: alpine/k8s:1.23.17
command:
- /bin/sh
args:
- '-c'
- source /tmp/deploy.sh
volumeMounts:
- name: sc-dashboard-volume
mountPath: /tmp/dashboards
- name: deploy-dbs
mountPath: /tmp/deploy.sh
subPath: deploy.sh
env:
- name: GIT_BRANCH
value: "main"
envFrom:
- secretRef:
name: grafana-jsonnet-git
securityContext:
runAsNonRoot: false
runAsUser: 0
allowPrivilegeEscalation: false
# extra containers
- op: add
path: "/spec/template/spec/containers/-"
value:
name: set-dashboard-permissions
image: postgres:16.0-alpine
command:
- /bin/sh
args:
- '-c'
- source /tmp/db-permissions/set-db-permissions.sh
envFrom:
- secretRef:
name: cattle-monitoring-system.grafana.postgresql.credentials.postgresql.acid.zalan.do
volumeMounts:
- name: set-permissions
mountPath: /tmp/db-permissions
readOnly: False
rancher/overlays/jupyter-prep/dashboards/patch-grafana-cr.yaml deleted 100644 → 0
+ 0
18
View file @ c271a003
- op: add
path: "/rules/-"
value:
apiGroups:
- ''
resources:
- nodes
verbs:
- list
- op: add
path: "/rules/-"
value:
apiGroups:
- apps
resources:
- deployments
verbs:
- list
\ No newline at end of file
rancher/overlays/jupyter-prep/dashboards/set-db-permissions-cm.yaml deleted 100644 → 0
+ 0
37
View file @ c271a003
apiVersion: v1
kind: ConfigMap
metadata:
name: set-dashboard-permissions
data:
set-db-permissions.sql: |-
SET client_min_messages TO NOTICE;
DO $$
DECLARE
defaultUid varchar;
viewerId int;
BEGIN
SELECT uid INTO defaultUid FROM "dashboard" WHERE "slug" = 'default' AND "is_folder" = 't';
SELECT id INTO viewerId FROM "role" WHERE "name" = 'managed:builtins:viewer:permissions';
DELETE FROM "permission" WHERE "scope" ~ defaultUid AND "role_id" = viewerId;
RAISE notice 'default folder uid: %, viewer role id: %', defaultUid, viewerId;
END $$;
set-db-permissions.sh: |-
#!/bin/sh
while true; do
psql postgresql://${username}:${password}@postgresql.database.svc:5432/grafana -f /tmp/db-permissions/set-db-permissions.sql -v ON_ERROR_STOP=1 &> /tmp/psql.out
RC=$?
if [[ $RC -ne 0 ]]; then
echo "Retry in 30 seconds"
sleep 30
continue
else
IS_NULL=$(cat /tmp/psql.out | grep -c "NULL")
if [[ $IS_NULL -ne 0 ]]; then
echo "Got NULL value, retry in 30 seconds"
sleep 30
continue
fi
fi
echo "Successfully updated permissions"
sleep 24h
done
rancher/overlays/jupyter-prep/kustomization.yaml deleted 100644 → 0
+ 0
24
View file @ c271a003
resources:
- dashboards/deploy-dbs-cm.yaml
- dashboards/set-db-permissions-cm.yaml
patchesStrategicMerge:
- nginx-config.yaml
patches:
- target:
kind: Deployment
name: monitoring-rke2-rancher-grafana
namespace: cattle-monitoring-system
path: dashboards/patch-extra-containers.yaml
- target:
kind: ClusterRole
name: monitoring-rke2-rancher-grafana-clusterrole
path: dashboards/patch-grafana-cr.yaml
- target:
kind: Deployment
labelSelector: app.kubernetes.io/name=grafana
patch: |-
- op: replace
path: /spec/replicas
value: 0
\ No newline at end of file
rancher/overlays/jupyter-prep/nginx-config.yaml deleted 100644 → 0
+ 0
91
View file @ c271a003
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-nginx-proxy-config
namespace: cattle-monitoring-system
labels:
app.kubernetes.io/managed-by : Helm
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: rancher-monitoring
# app.kubernetes.io/version : 7.5.11
# helm.sh/chart : grafana-6.16.14
data:
nginx.conf: |-
worker_processes auto;
error_log /dev/stdout warn;
pid /var/cache/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
proxy_connect_timeout 10;
proxy_read_timeout 180;
proxy_send_timeout 5;
proxy_buffering off;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
upstream grafana {
server localhost:3000;
}
server {
listen 8080;
access_log off;
gzip on;
gzip_min_length 1k;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
proxy_set_header Host $host;
location /api/dashboards {
proxy_pass http://localhost:3000;
}
location /api/search {
proxy_pass http://localhost:3000;
sub_filter_types application/json;
sub_filter_once off;
sub_filter '"url":"/d' '"url":"d';
}
location /grafana/ {
proxy_set_header Host $http_host;
proxy_pass http://grafana;
}
location / {
proxy_cache my_zone;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 301 30d;
proxy_cache_valid any 5m;
proxy_cache_bypass $http_cache_control;
add_header X-Proxy-Cache $upstream_cache_status;
add_header Cache-Control "public";
proxy_pass http://localhost:3000/;
sub_filter_types text/html;
sub_filter_once off;
sub_filter '"appSubUrl":""' '"appSubUrl":"."';
sub_filter '"url":"/' '"url":"./';
sub_filter ':"/avatar/' ':"avatar/';
if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
expires 90d;
}
rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break;
}
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment