Perfect the entrypoint

Previously unexplored entrypoint technology has been explored. Now we can run commands after the entrypoint completes with the magical "$@" variable.
2021-03-24 09:15:29 -06:00
parent 11dc31660d
commit b43927c384
9 changed files with 34 additions and 186 deletions
--- a/13
+++ b/13
@@ -1,4 +1,6 @@
-FROM python:3.8.2
+FROM python:3
 USER root
 WORKDIR /app
 COPY config config
@@ -8,10 +10,13 @@ COPY manage.py manage.py
 COPY requirements.txt requirements.txt
 RUN pip install -r requirements.txt
 COPY scripts scripts
 RUN chmod +x scripts/*
 ENTRYPOINT ["scripts/entrypoint.sh"]
 RUN useradd -ms /bin/bash django
 RUN chown -R django .
 USER django
-RUN python manage.py collectstatic
+RUN python manage.py collectstatic --no-input
-CMD ["gunicorn","-b",":8000", "-w", "4", "config.wsgi"]
+CMD ["scripts/cmd.sh"]
--- a/k8s/configmap.yaml
+++ b/k8s/configmap.yaml
@@ -1,6 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: $DEPLOY
 data:
  ALLOWED_HOSTS: localhost,$DEPLOY.ducoterra.net
--- a/k8s/deploy.yaml
+++ b/k8s/deploy.yaml
@@ -1,37 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: $DEPLOY
 spec:
  selector:
    matchLabels:
      app: $DEPLOY
  template:
    metadata:
      labels:
        app: $DEPLOY
    spec:
      containers:
      - name: $DEPLOY
        image: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
        envFrom:
        - configMapRef:
            name: $DEPLOY
        - secretRef:
            name: django-secrets
        volumeMounts:
          - mountPath: /app/db
            name: $DEPLOY
        resources:
          limits:
            memory: "256Mi"
            cpu: "250m"
          requests:
            memory: "1Mi"
            cpu: "1m"
        ports:
        - containerPort: 8000
      volumes:
        - name: $DEPLOY
          persistentVolumeClaim:
            claimName: $DEPLOY
--- a/k8s/prod/ingress.yaml
+++ b/k8s/prod/ingress.yaml
@@ -1,79 +0,0 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: $DEPLOY-internal-tls
  annotations:
    kubernetes.io/ingress.class: traefik-internal
 spec:
  entryPoints:
    - websecure
  tls:
    certResolver: myresolver
    domains:
    - main: "*.ducoterra.net"
  routes:
  - match: Host(`$DEPLOY.ducoterra.net`)
    kind: Rule
    services:
    - name: $DEPLOY
      port: 8000
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: $DEPLOY-internal-web
  annotations:
    kubernetes.io/ingress.class: traefik-internal
 spec:
  entryPoints:
    - web
  routes:
  - match: Host(`$DEPLOY.ducoterra.net`)
    kind: Rule
    services:
    - name: $DEPLOY
      port: 8000
    middlewares:
      - name: httpsredirect
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: $DEPLOY-external-tls
  annotations:
    kubernetes.io/ingress.class: traefik-external
 spec:
  entryPoints:
    - websecure
  tls:
    certResolver: myresolver
  routes:
  - match: Host(`$DEPLOY.ducoterra.net`)
    kind: Rule
    services:
    - name: $DEPLOY
      port: 8000
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: $DEPLOY-external-web
  annotations:
    kubernetes.io/ingress.class: traefik-external
 spec:
  entryPoints:
    - web
  routes:
  - match: Host(`$DEPLOY.ducoterra.net`)
    kind: Rule
    services:
    - name: $DEPLOY
      port: 8000
    middlewares:
      - name: httpsredirect
--- a/k8s/pvc.yaml
+++ b/k8s/pvc.yaml
@@ -1,11 +0,0 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: $DEPLOY
 spec:
  storageClassName: nfs-encrypted
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 8Gi
--- a/k8s/service.yaml
+++ b/k8s/service.yaml
@@ -1,10 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: $DEPLOY
 spec:
  selector:
    app: $DEPLOY
  ports:
  - port: 8000
    targetPort: 8000
--- a/k8s/test/ingress.yaml
+++ b/k8s/test/ingress.yaml
@@ -1,39 +0,0 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: $DEPLOY-internal-tls
  annotations:
    kubernetes.io/ingress.class: traefik-internal
 spec:
  entryPoints:
    - websecure
  tls:
    certResolver: myresolver
    domains:
    - main: "*.ducoterra.net"
  routes:
  - match: Host(`$DEPLOY.ducoterra.net`)
    kind: Rule
    services:
    - name: $DEPLOY
      port: 8000
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: $DEPLOY-internal-web
  annotations:
    kubernetes.io/ingress.class: traefik-internal
 spec:
  entryPoints:
    - web
  routes:
  - match: Host(`$DEPLOY.ducoterra.net`)
    kind: Rule
    services:
    - name: $DEPLOY
      port: 8000
    middlewares:
      - name: httpsredirect
--- a/scripts/cmd.sh
+++ b/scripts/cmd.sh
@@ -0,0 +1,3 @@
 #!/bin/bash
 gunicorn -b :8000 -w 4 config.wsgi
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -0,0 +1,22 @@
 #!/bin/bash
 if ! $SKIP_ENTRYPOINT || [ -z $SKIP_ENTRYPOINT ]; then
 MIGRATED=false
 while ! $MIGRATED; do
 echo "Migrating..."
 python manage.py migrate 2> /dev/null
 if [ $? -eq 0 ]; then
 MIGRATED=true
 else
 echo "ERROR - $(date) - Migrate failed."
 sleep 1
 fi
 done
 fi
 $@
		`@@ -0,0 +1,3 @@`
							`#!/bin/bash`

							`gunicorn -b :8000 -w 4 config.wsgi`