-
Notifications
You must be signed in to change notification settings - Fork 68
/
Copy pathperegrine-deploy.yaml
173 lines (173 loc) · 5.12 KB
/
peregrine-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
apiVersion: apps/v1
kind: Deployment
metadata:
name: peregrine-deployment
annotations:
gen3.io/network-ingress: "pidgin"
spec:
selector:
# Only select pods based on the 'app' label
matchLabels:
app: peregrine
release: production
revisionHistoryLimit: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
netnolimit: "yes"
app: peregrine
release: production
public: "yes"
# to download dictionary
s3: "yes"
GEN3_ENV_LABEL
GEN3_PEREGRINE_VERSION
GEN3_DATE_LABEL
GEN3_HOSTNAME_LABEL
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 25
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- peregrine
topologyKey: "kubernetes.io/hostname"
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: karpenter.sh/capacity-type
operator: In
values:
- spot
- weight: 99
preference:
matchExpressions:
- key: eks.amazonaws.com/capacityType
operator: In
values:
- SPOT
automountServiceAccountToken: false
volumes:
- name: shared-data
emptyDir: {}
- name: config-volume
secret:
secretName: "peregrine-secret"
- name: creds-volume
secret:
secretName: "peregrine-creds"
- name: config-helper
configMap:
name: config-helper
- name: cert-volume
secret:
secretName: "cert-peregrine-service"
- name: ca-volume
secret:
secretName: "service-ca"
containers:
- name: peregrine
GEN3_PEREGRINE_IMAGE
ports:
- containerPort: 80
- containerPort: 443
env:
- name: GEN3_UWSGI_TIMEOUT
value: "600"
- name: DICTIONARY_URL
valueFrom:
configMapKeyRef:
name: manifest-global
key: dictionary_url
- name: PUBLIC_DATASETS
valueFrom:
configMapKeyRef:
name: manifest-global
key: public_datasets
optional: true
# Signpost is deprecated; replace this w INDEX_CLIENT_HOST block
- name: SIGNPOST_HOST
valueFrom:
configMapKeyRef:
name: manifest-global
key: indexd_url
optional: true
- name: INDEX_CLIENT_HOST
valueFrom:
configMapKeyRef:
name: manifest-global
key: indexd_url
optional: true
- name: GRAPHQL_TIMEOUT
valueFrom:
configMapKeyRef:
name: manifest-peregrine
key: peregrine_timeout
optional: true
- name: FENCE_URL
valueFrom:
configMapKeyRef:
name: manifest-global
key: fence_url
optional: true
- name: ARBORIST_URL
valueFrom:
configMapKeyRef:
name: manifest-global
key: arborist_url
optional: true
- name: GEN3_DEBUG
GEN3_DEBUG_FLAG|-value: "False"-|
- name: GEN3_SIDECAR
value: "False"
volumeMounts:
- name: "shared-data"
mountPath: "/var/run/gen3"
- name: "config-volume"
readOnly: true
mountPath: "/var/www/peregrine/wsgi.py"
subPath: "wsgi.py"
- name: "creds-volume"
readOnly: true
mountPath: "/var/www/peregrine/creds.json"
subPath: creds.json
- name: "config-helper"
readOnly: true
mountPath: "/var/www/peregrine/config_helper.py"
subPath: config_helper.py
- name: "ca-volume"
# See https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line
readOnly: true
mountPath: "/usr/local/share/ca-certificates/cdis-ca.crt"
subPath: "ca.pem"
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 1024Mi
limits:
memory: 2048Mi
livenessProbe:
httpGet:
path: /_status?timeout=20
port: 80
# peregrine can take forever to initialize
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 30
readinessProbe:
httpGet:
path: /_status?timeout=2
port: 80