From 156effebe318621d0a6f04537d40ac5f6865150b Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Thu, 22 Jan 2026 14:09:39 -0300 Subject: [PATCH] ops: pause portal/ariadne and add migrate jobs --- .../bstein-dev-home/backend-deployment.yaml | 16 ++++++- .../chat-ai-gateway-deployment.yaml | 2 +- .../bstein-dev-home/frontend-deployment.yaml | 2 +- services/bstein-dev-home/kustomization.yaml | 1 + .../bstein-dev-home/portal-migrate-job.yaml | 41 ++++++++++++++++++ .../vault-sync-deployment.yaml | 2 +- services/maintenance/ariadne-deployment.yaml | 16 ++++++- services/maintenance/ariadne-migrate-job.yaml | 42 +++++++++++++++++++ services/maintenance/kustomization.yaml | 1 + 9 files changed, 118 insertions(+), 5 deletions(-) create mode 100644 services/bstein-dev-home/portal-migrate-job.yaml create mode 100644 services/maintenance/ariadne-migrate-job.yaml diff --git a/services/bstein-dev-home/backend-deployment.yaml b/services/bstein-dev-home/backend-deployment.yaml index 074a19d..100c3eb 100644 --- a/services/bstein-dev-home/backend-deployment.yaml +++ b/services/bstein-dev-home/backend-deployment.yaml @@ -5,7 +5,7 @@ metadata: name: bstein-dev-home-backend namespace: bstein-dev-home spec: - replicas: 1 + replicas: 0 revisionHistoryLimit: 3 selector: matchLabels: @@ -99,6 +99,20 @@ spec: value: "" - name: HTTP_CHECK_TIMEOUT_SEC value: "2" + - name: PORTAL_DB_POOL_MIN + value: "0" + - name: PORTAL_DB_POOL_MAX + value: "5" + - name: PORTAL_DB_CONNECT_TIMEOUT_SEC + value: "5" + - name: PORTAL_DB_LOCK_TIMEOUT_SEC + value: "5" + - name: PORTAL_DB_STATEMENT_TIMEOUT_SEC + value: "30" + - name: PORTAL_DB_IDLE_IN_TX_TIMEOUT_SEC + value: "10" + - name: PORTAL_RUN_MIGRATIONS + value: "false" - name: ACCESS_REQUEST_SUBMIT_RATE_LIMIT value: "30" - name: ACCESS_REQUEST_SUBMIT_RATE_WINDOW_SEC diff --git a/services/bstein-dev-home/chat-ai-gateway-deployment.yaml b/services/bstein-dev-home/chat-ai-gateway-deployment.yaml index 40d74fe..3010a9b 100644 --- a/services/bstein-dev-home/chat-ai-gateway-deployment.yaml +++ b/services/bstein-dev-home/chat-ai-gateway-deployment.yaml @@ -5,7 +5,7 @@ metadata: name: chat-ai-gateway namespace: bstein-dev-home spec: - replicas: 1 + replicas: 0 revisionHistoryLimit: 2 selector: matchLabels: diff --git a/services/bstein-dev-home/frontend-deployment.yaml b/services/bstein-dev-home/frontend-deployment.yaml index ef26e73..bbe5981 100644 --- a/services/bstein-dev-home/frontend-deployment.yaml +++ b/services/bstein-dev-home/frontend-deployment.yaml @@ -5,7 +5,7 @@ metadata: name: bstein-dev-home-frontend namespace: bstein-dev-home spec: - replicas: 1 + replicas: 0 revisionHistoryLimit: 3 selector: matchLabels: diff --git a/services/bstein-dev-home/kustomization.yaml b/services/bstein-dev-home/kustomization.yaml index 192ad7e..28bbc3a 100644 --- a/services/bstein-dev-home/kustomization.yaml +++ b/services/bstein-dev-home/kustomization.yaml @@ -15,6 +15,7 @@ resources: - frontend-service.yaml - backend-deployment.yaml - backend-service.yaml + - portal-migrate-job.yaml - vaultwarden-cred-sync-cronjob.yaml - portal-onboarding-e2e-test-job.yaml - ingress.yaml diff --git a/services/bstein-dev-home/portal-migrate-job.yaml b/services/bstein-dev-home/portal-migrate-job.yaml new file mode 100644 index 0000000..303a04f --- /dev/null +++ b/services/bstein-dev-home/portal-migrate-job.yaml @@ -0,0 +1,41 @@ +# services/bstein-dev-home/portal-migrate-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: bstein-dev-home-portal-migrate + namespace: bstein-dev-home +spec: + backoffLimit: 1 + ttlSecondsAfterFinished: 3600 + template: + metadata: + labels: + app: bstein-dev-home-portal-migrate + annotations: + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/role: "bstein-dev-home" + vault.hashicorp.com/agent-inject-secret-portal-env.sh: "kv/data/atlas/portal/atlas-portal-db" + vault.hashicorp.com/agent-inject-template-portal-env.sh: | + {{ with secret "kv/data/atlas/portal/atlas-portal-db" }} + export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}" + {{ end }} + spec: + serviceAccountName: bstein-dev-home + restartPolicy: Never + nodeSelector: + kubernetes.io/arch: arm64 + node-role.kubernetes.io/worker: "true" + imagePullSecrets: + - name: harbor-regcred + containers: + - name: migrate + image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-95 + imagePullPolicy: Always + command: ["/bin/sh", "-c"] + args: + - >- + . /vault/secrets/portal-env.sh + && exec python -m atlas_portal.migrate + env: + - name: PORTAL_RUN_MIGRATIONS + value: "true" diff --git a/services/bstein-dev-home/vault-sync-deployment.yaml b/services/bstein-dev-home/vault-sync-deployment.yaml index ad50f1e..2f2ddbb 100644 --- a/services/bstein-dev-home/vault-sync-deployment.yaml +++ b/services/bstein-dev-home/vault-sync-deployment.yaml @@ -5,7 +5,7 @@ metadata: name: bstein-dev-home-vault-sync namespace: bstein-dev-home spec: - replicas: 1 + replicas: 0 selector: matchLabels: app: bstein-dev-home-vault-sync diff --git a/services/maintenance/ariadne-deployment.yaml b/services/maintenance/ariadne-deployment.yaml index 01e940c..e11f8db 100644 --- a/services/maintenance/ariadne-deployment.yaml +++ b/services/maintenance/ariadne-deployment.yaml @@ -5,7 +5,7 @@ metadata: name: ariadne namespace: maintenance spec: - replicas: 1 + replicas: 0 revisionHistoryLimit: 3 selector: matchLabels: @@ -129,6 +129,20 @@ spec: value: https://bstein.dev - name: ARIADNE_LOG_LEVEL value: INFO + - name: ARIADNE_DB_POOL_MIN + value: "0" + - name: ARIADNE_DB_POOL_MAX + value: "5" + - name: ARIADNE_DB_CONNECT_TIMEOUT_SEC + value: "5" + - name: ARIADNE_DB_LOCK_TIMEOUT_SEC + value: "5" + - name: ARIADNE_DB_STATEMENT_TIMEOUT_SEC + value: "30" + - name: ARIADNE_DB_IDLE_IN_TX_TIMEOUT_SEC + value: "10" + - name: ARIADNE_RUN_MIGRATIONS + value: "false" - name: PORTAL_ADMIN_USERS value: bstein - name: PORTAL_ADMIN_GROUPS diff --git a/services/maintenance/ariadne-migrate-job.yaml b/services/maintenance/ariadne-migrate-job.yaml new file mode 100644 index 0000000..472cf5f --- /dev/null +++ b/services/maintenance/ariadne-migrate-job.yaml @@ -0,0 +1,42 @@ +# services/maintenance/ariadne-migrate-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ariadne-migrate + namespace: maintenance +spec: + backoffLimit: 1 + ttlSecondsAfterFinished: 3600 + template: + metadata: + labels: + app: ariadne-migrate + annotations: + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/role: "maintenance" + vault.hashicorp.com/agent-inject-secret-ariadne-env.sh: "kv/data/atlas/maintenance/ariadne-db" + vault.hashicorp.com/agent-inject-template-ariadne-env.sh: | + {{ with secret "kv/data/atlas/maintenance/ariadne-db" }} + export ARIADNE_DATABASE_URL="{{ .Data.data.database_url }}" + {{ end }} + {{ with secret "kv/data/atlas/portal/atlas-portal-db" }} + export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}" + {{ end }} + spec: + serviceAccountName: ariadne + restartPolicy: Never + nodeSelector: + kubernetes.io/arch: arm64 + node-role.kubernetes.io/worker: "true" + containers: + - name: migrate + image: registry.bstein.dev/bstein/ariadne:0.1.0-0 + imagePullPolicy: Always + command: ["/bin/sh", "-c"] + args: + - >- + . /vault/secrets/ariadne-env.sh + && exec python -m ariadne.migrate + env: + - name: ARIADNE_RUN_MIGRATIONS + value: "true" diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml index 1f1c731..c1350eb 100644 --- a/services/maintenance/kustomization.yaml +++ b/services/maintenance/kustomization.yaml @@ -14,6 +14,7 @@ resources: - node-nofile-serviceaccount.yaml - pod-cleaner-rbac.yaml - ariadne-deployment.yaml + - ariadne-migrate-job.yaml - ariadne-service.yaml - disable-k3s-traefik-daemonset.yaml - k3s-traefik-cleanup-job.yaml