fix postgres password

.gitlab-ci.yml

@@ -1,6 +1,7 @@
 variables:
   CI_PROJECT_DIR: "."
-  CI_REGISTRY_IMAGE: hub.ducoterra.net/ducoterra/mysite
+  CI_REGISTRY_IMAGE: hub.ducoterra.net/ducoterra/button
+  DEPLOY: button
 
 stages:
   - build
@@ -16,21 +17,25 @@ build:
     name: gcr.io/kaniko-project/executor:debug
     entrypoint: [""]
   script:
-    - echo $DEPLOY
     - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
 
 test:
   stage: test
+  variables:
+    POSTGRES_PASSWORD: postgres
   only:
     variables:
     - $CI_COMMIT_TAG
+  services:
+  - name: postgres:12
+    alias: postgres
   image:
     name: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
     entrypoint: [""]
   script:
     - python manage.py test
 
-deploy_to_test:
+deploy:
   variables:
     DEPLOY: test
   stage: deploy
@@ -42,35 +47,9 @@ deploy_to_test:
     entrypoint: [""]
   script:
     - apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
-    - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
-    - chmod +x ./kubectl
-    - mkdir /deploy
-    - for f in $(find k8s -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
-    - for f in $(find k8s/test -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
-    - ./kubectl apply -f /deploy
-    - ./kubectl rollout status deploy $DEPLOY
-    - POD=$(./kubectl get pods --selector=app=$DEPLOY --output=jsonpath='{.items[*].metadata.name}')
-    - ./kubectl exec $POD -- python manage.py migrate
-
-deploy_to_prod:
-  variables:
-    DEPLOY: prod
-  stage: deploy
-  only:
-    variables:
-    - $CI_COMMIT_TAG
-  when: manual
-  image:
-    name: debian:10
-    entrypoint: [""]
-  script:
-    - apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
-    - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
-    - chmod +x ./kubectl
-    - mkdir /deploy
-    - for f in $(find k8s -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
-    - for f in $(find k8s/prod -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
-    - ./kubectl apply -f /deploy
-    - ./kubectl rollout status deploy $DEPLOY
+    - curl -o /usr/bin/kubectl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
+    - chmod +x /usr/bin/kubectl
+    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+    - helm install --upgrade $DEPLOY ./helm --set image=$CI_REGISTRY_IMAGE --set tag=$CI_COMMIT_TAG
     - POD=$(./kubectl get pods --selector=app=$DEPLOY --output=jsonpath='{.items[*].metadata.name}')
     - ./kubectl exec $POD -- python manage.py migrate

README.md

@@ -2,23 +2,4 @@
 
 My CI testing pipeline for a django project.
 
-[![pipeline status](http://gitlab.ducoterra.net/ducoterra/ci_builder/badges/master/pipeline.svg)](http://gitlab.ducoterra.net/ducoterra/ci_builder/-/commits/master)
-
-## Django Environment Variables
-
-### Django Secret
-
-```bash
-kubectl create secret generic django-secrets --from-literal=SECRET_KEY=$(python -c "import secrets ; print(secrets.token_urlsafe(32))")
-```
-
-### Django Allowed Hosts
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: test
-data:
-  ALLOWED_HOSTS: localhost,test.ducoterra.net
-```
+[![pipeline status](http://gitlab.ducoterra.net/ducoterra/ci_builder/badges/master/pipeline.svg)](http://gitlab.ducoterra.net/ducoterra/ci_builder/-/commits/master)

config/settings.py

@@ -24,6 +24,7 @@ SECRET_KEY = os.getenv("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True if os.getenv("DEBUG") == "True" else False
+LOGGING_CONFIG = None
 
 ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "localhost").split(",")
 
@@ -78,8 +79,12 @@ WSGI_APPLICATION = 'config.wsgi.application'
 
 DATABASES = {
     'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(BASE_DIR, 'db/db.sqlite3'),
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': os.getenv('DB_NAME', 'postgres'),
+        'USER': os.getenv('POSTGRES_USER', 'postgres'),
+        'PASSWORD': os.getenv('POSTGRES_PASSWORD', 'postgres'),
+        'HOST': os.getenv('DB_HOST', 'postgres'),
+        'PORT': os.getenv('DB_PORT', '5432'),
     }
 }
 

docker-compose.yml

@@ -0,0 +1,54 @@
+version: '3.5'
+
+services:
+  button:
+    build: .
+    labels:
+      - "traefik.http.routers.button.rule=Host(`button.localhost`)"
+      - "traefik.http.services.button-service.loadbalancer.server.port=8000"
+      - "traefik.http.middlewares.btn-ratelimit.ratelimit.average=50"
+      - "traefik.http.middlewares.btn-ratelimit.ratelimit.burst=10"
+      - "traefik.http.routers.button.middlewares=btn-ratelimit@docker"
+    volumes:
+      - ./manage.py:/app/manage.py
+      - ./config:/app/config
+      - ./api:/app/api
+    environment:
+      - DEBUG=True
+      - SECRET_KEY=secret
+      - ALLOWED_HOSTS=button.localhost
+      - DJANGO_SUPERUSER_PASSWORD=django
+  
+  postgres:
+    image: postgres:12
+    volumes:
+      - data:/var/lib/postgresql/data 
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+
+  pgadmin:
+    image: dpage/pgadmin4:4
+    labels:
+      - "traefik.http.routers.pgadmin.rule=Host(`pgadmin.localhost`)"
+      - "traefik.http.services.pgadmin-service.loadbalancer.server.port=80"
+    volumes:
+      - pgadmin:/var/lib/pgadmin
+    environment:
+      PGADMIN_DEFAULT_EMAIL: postgres
+      PGADMIN_DEFAULT_PASSWORD: postgres
+
+  traefik:
+    image: traefik:v2.2
+    labels:
+      - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
+      - "traefik.http.services.traefik-service.loadbalancer.server.port=8080"
+    command: --api.insecure=true --providers.docker --log.level=ERROR --accesslog=true
+    ports:
+      - "80:80"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+volumes:
+  data:
+  pgadmin:

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: helm
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 1.16.0

helm/templates/configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app: {{ .Release.Name }}
+data:
+  ALLOWED_HOSTS: {{ .Release.Name }}.ducoterra.net

helm/templates/deploy.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+    spec:
+      containers:
+        - image: {{ required "A valid .Values.image entry required!" .Values.image }}:{{ required "A valid .Values.tag entry required!" .Values.tag }}
+          name: {{ .Release.Name }}
+          ports:
+            - containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: {{ .Release.Name }}
+            - secretRef:
+                name: {{ .Release.Name }}
+            - secretRef:
+                name: postgres
+          resources:
+            limits:
+              memory: "500Mi"
+              cpu: "250m"
+            requests:
+              memory: "1Mi"
+              cpu: "100m"

helm/templates/hpa.yaml

@@ -0,0 +1,18 @@
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ .Release.Name }}
+  minReplicas: 1
+  maxReplicas: 4
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50

helm/templates/ingress.yaml

@@ -0,0 +1,78 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Release.Name }}-internal-tls
+  annotations:
+    kubernetes.io/ingress.class: traefik-internal
+spec:
+  entryPoints:
+    - websecure
+  tls:
+    certResolver: myresolver
+    domains:
+    - main: "*.ducoterra.net"
+  routes:
+  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: {{ .Release.Name }}
+      port: 8000
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Release.Name }}-internal-web
+  annotations:
+    kubernetes.io/ingress.class: traefik-internal
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: {{ .Release.Name }}
+      port: 8000
+    middlewares:
+      - name: httpsredirect
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Release.Name }}-external-tls
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  tls:
+    certResolver: myresolver
+  routes:
+  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: {{ .Release.Name }}
+      port: 8000
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Release.Name }}-external-web
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: {{ .Release.Name }}
+      port: 8000
+    middlewares:
+      - name: httpsredirect

helm/templates/secret.yaml

@@ -0,0 +1,10 @@
+{{ if and .Values.secret .Release.IsInstall }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}
+type: generic
+data:
+  SECRET_KEY: {{ randAlphaNum 64 | b64enc | quote }}
+  DJANGO_SUPERUSER_PASSWORD: {{ randAlphaNum 64 | b64enc | quote }}
+{{ end }}

helm/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Release.Name }}
+  name: {{ .Release.Name }}
+spec:
+  ports:
+  - port: 8000
+    protocol: TCP
+    name: {{ .Release.Name }}-web
+    targetPort: 8000
+  selector:
+    app: {{ .Release.Name }} # This selects the pod(s) that match the selector
+  type: ClusterIP

k8s/prod/ingress.yaml

@@ -1,21 +1,42 @@
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
+  name: $DEPLOY-internal-tls
   annotations:
-    ingress.kubernetes.io/ssl-redirect: "true"
-  name: $DEPLOY
+    kubernetes.io/ingress.class: traefik-internal
 spec:
+  entryPoints:
+    - websecure
   tls:
-  - hosts:
-    - $DEPLOY.ducoterra.net
-    secretName: letsencrypt
-  rules:
-  - host: $DEPLOY.ducoterra.net
-    http:
-      paths:
-      - backend:
-          serviceName: $DEPLOY
-          servicePort: 8000
+    certResolver: myresolver
+    domains:
+    - main: "*.ducoterra.net"
+  routes:
+  - match: Host(`$DEPLOY.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: $DEPLOY
+      port: 8000
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: $DEPLOY-internal-web
+  annotations:
+    kubernetes.io/ingress.class: traefik-internal
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`$DEPLOY.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: $DEPLOY
+      port: 8000
+    middlewares:
+      - name: httpsredirect
 
 ---
 
@@ -23,11 +44,13 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
   name: $DEPLOY-external-tls
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
 spec:
   entryPoints:
     - websecure
   tls:
-    secretName: letsencrypt
+    certResolver: myresolver
   routes:
   - match: Host(`$DEPLOY.ducoterra.net`)
     kind: Rule
@@ -41,6 +64,8 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
   name: $DEPLOY-external-web
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
 spec:
   entryPoints:
     - web

k8s/test/ingress.yaml

@@ -1,18 +1,39 @@
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
+  name: $DEPLOY-internal-tls
   annotations:
-    ingress.kubernetes.io/ssl-redirect: "true"
-  name: $DEPLOY
+    kubernetes.io/ingress.class: traefik-internal
 spec:
+  entryPoints:
+    - websecure
   tls:
-  - hosts:
-    - $DEPLOY.ducoterra.net
-    secretName: letsencrypt
-  rules:
-  - host: $DEPLOY.ducoterra.net
-    http:
-      paths:
-      - backend:
-          serviceName: $DEPLOY
-          servicePort: 8000
+    certResolver: myresolver
+    domains:
+    - main: "*.ducoterra.net"
+  routes:
+  - match: Host(`$DEPLOY.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: $DEPLOY
+      port: 8000
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: $DEPLOY-internal-web
+  annotations:
+    kubernetes.io/ingress.class: traefik-internal
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`$DEPLOY.ducoterra.net`)
+    kind: Rule
+    services:
+    - name: $DEPLOY
+      port: 8000
+    middlewares:
+      - name: httpsredirect

requirements.txt

@@ -2,4 +2,5 @@ django
 djangorestframework
 pygments
 gunicorn
-whitenoise
+whitenoise
+psycopg2-binary

test.py

@@ -0,0 +1,38 @@
+import getpass
+import threading
+import requests
+import time
+import sys
+from requests.auth import HTTPBasicAuth
+
+rate = int(sys.argv[1]) # /second
+if rate == 0:
+    burst = True
+    print("Burst mode activated")
+else:
+    burst = False
+    sleep = 1 / rate
+    print(f"Beginning load test at {rate} calls/second")
+# url = 'https://button.ducoterra.net/button/'
+url = 'http://button.localhost/button/'
+
+def timer(func, *args, **kwargs):
+    then = time.time()
+    func(*args, **kwargs)
+    print(time.time() - then)
+
+# init = requests.get('https://button.ducoterra.net/button/')
+init = requests.get(url)
+csrf = init.cookies.get('csrftoken')
+session = init.cookies.get('sessionid')
+me = lambda num: print(num) or print(requests.post(url, headers = {'Content-Type': 'application/json', 'X-CSRFToken': csrf, 'Cookie': f'csrftoken={csrf}; sessionid={session}'}).text)
+threadme = lambda num: threading.Thread(target=timer, args=(me, num)).start()
+
+if burst:
+    [threadme(num) for num in range(0,100)]
+else:
+    num = 1
+    while True:
+        threadme(num)
+        num += 1
+        time.sleep(sleep)

ui/static/ui/button.js

@@ -25,7 +25,7 @@ function add_achievement(text) {
 button.addEventListener("click", event => {
     button.disabled = true;
     button.classList.add("is-loading");
-    fetch('/button/', {
+    fetch(button.dataset.action, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',

ui/templates/ui/button.html

@@ -22,7 +22,7 @@
                 <h1 class="title">
                     The Button
                 </h1>
-                <button class="button is-primary" id="BUTTON">Press</button>
+                <button class="button is-danger" id="BUTTON" data-action = "{% url 'button' %}">Press</button>
             </div>
             <div><br></div>
             <div>

ui/urls.py

@@ -2,5 +2,5 @@ from django.urls import path
 from . import views
 
 urlpatterns = [
-    path('button/', views.button, name = 'button'),
+    path('', views.button, name = 'button'),
 ]

ui/views.py

@@ -55,21 +55,17 @@ achievements = {
 def button(request):
     PRESSED = 'pressed'
     ACHIEVE = 'achievement'
-
-    try:
-        request.session[PRESSED]
-    except KeyError:
-        request.session[PRESSED] = 0
+    current = request.session.get(PRESSED, 0)
+    request.session[PRESSED] = current + 1
 
     if request.method == "POST":
-        request.session[PRESSED] += 1
         response = {
-            PRESSED: request.session[PRESSED],
-            ACHIEVE: achievements.get(request.session[PRESSED])
+            PRESSED: current,
+            ACHIEVE: achievements.get(current)
         }
         return JsonResponse(response)
 
-    pressed = request.session[PRESSED]
+    pressed = current
     response = {PRESSED: pressed}
     achieved = {k:v for k,v in achievements.items() if k <= pressed}
     response.update({ACHIEVE: achieved})