From ac0ffd75435fc1cc90d4eb5624a2e6617967bbf1 Mon Sep 17 00:00:00 2001 From: Jay Sharma Date: Wed, 28 Feb 2024 22:52:29 +0000 Subject: [PATCH] Merged in feature/multidevfix (pull request #38) Feature/multidevfix * multidev sync * multidev sync fix typo * Add conf for www and dev01 * Add conf for www and dev01 * fix typo * symlink fix * hpa and resource modify Approved-by: Rachit Bhargava --- bitbucket-pipelines.yml | 1 + build/dev/deployment.tpl | 4 +- build/dev/web-default-conf-cm.yaml | 311 ++++++++++++++++++++++++++++- build/dev/web-hpa.yml | 6 +- common-jobs-bitbucket.sh | 18 ++ multidev-sync.sh | 18 ++ 6 files changed, 349 insertions(+), 9 deletions(-) create mode 100644 multidev-sync.sh diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 52647cc6..0a565c0e 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -106,6 +106,7 @@ definitions: after-script: - aws eks update-kubeconfig --name caresage-eks-cluster-$ENV --region us-east-1 - sleep 10 && while kubectl get po -A |grep -i medicalalert-web|egrep -i '0/1|crash'; do sleep 10; echo "--- still getting 0/1 or crash pods-----"; done + - chmod 755 ./multidev-sync.sh && ./multidev-sync.sh pipelines: # our custom pipeline, what shows up Bitbucket web app diff --git a/build/dev/deployment.tpl b/build/dev/deployment.tpl index fc0ba963..bee8a8a7 100755 --- a/build/dev/deployment.tpl +++ b/build/dev/deployment.tpl @@ -83,8 +83,8 @@ spec: timeoutSeconds: 10 resources: limits: - cpu: 1000m - memory: 2048Mi + cpu: 2000m + memory: 4096Mi requests: cpu: 500m memory: 1024Mi diff --git a/build/dev/web-default-conf-cm.yaml b/build/dev/web-default-conf-cm.yaml index 26c43976..a05b240c 100644 --- a/build/dev/web-default-conf-cm.yaml +++ b/build/dev/web-default-conf-cm.yaml @@ -66,7 +66,7 @@ data: return 301 https://$host$request_uri; } - root /usr/share/nginx/subdomain/$subdomain; + root /usr/share/nginx/subdomain/$subdomain-web; index index.php index.html index.htm; sendfile off; @@ -92,7 +92,7 @@ data: error_page 404 /404.html; location = /404.html { - root /usr/share/nginx/subdomain/$subdomain; + root /usr/share/nginx/subdomain/$subdomain-web; add_header Cache-Control "no-cache" always; } @@ -147,7 +147,7 @@ data: # error_page 500 502 503 504 /50x.html; location = /50x.html { - root /usr/share/nginx/subdomain/$subdomain; + root /usr/share/nginx/subdomain/$subdomain-web; add_header Cache-Control "no-cache" always; } @@ -197,7 +197,310 @@ data: } } - + + www.conf: | + + server { + #----------------------------- + client_max_body_size 512m; + # ------------------------ + client_body_timeout 1200; + client_header_timeout 600; + # --------------------------- + + listen 80; + listen [::]:80; + + server_name www.dev-medicalalert.com; + + if ($http_x_forwarded_proto != 'https') { + return 301 https://$host$request_uri; + } + + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + sendfile off; + + # Security - Hide nginx version number in error pages and Server header + server_tokens off; + + # Add stdout logging + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + error_page 404 /404.html; + location = /404.html { + root /usr/share/nginx/subdomain/www; + add_header Cache-Control "no-cache" always; + } + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { + + set $no_cache 1; + } + + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $no_cache 1; + } + + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/www; + add_header Cache-Control "no-cache" always; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + expires 7d; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } + + dev01.conf: | + + server { + #----------------------------- + client_max_body_size 512m; + # ------------------------ + client_body_timeout 1200; + client_header_timeout 600; + # --------------------------- + + listen 80; + listen [::]:80; + + server_name dev01.dev-medicalalert.com; + + if ($http_x_forwarded_proto != 'https') { + return 301 https://$host$request_uri; + } + + root /usr/share/nginx/subdomain/dev01; + index index.php index.html index.htm; + sendfile off; + + # Security - Hide nginx version number in error pages and Server header + server_tokens off; + + # Add stdout logging + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + error_page 404 /404.html; + location = /404.html { + root /usr/share/nginx/subdomain/dev01; + add_header Cache-Control "no-cache" always; + } + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|wp-login.php|/medical-shipping.*|/medical-order.*|/medical-profile.*|/medical-thank.*") { + + set $no_cache 1; + } + + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $no_cache 1; + } + + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN dev01; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/dev01; + add_header Cache-Control "no-cache" always; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SUBDOMAIN dev01; # $_SERVER["SUBDOMAIN"] + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + expires 7d; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } + + localhost.conf: | server { diff --git a/build/dev/web-hpa.yml b/build/dev/web-hpa.yml index 6e3cfe17..e303f675 100644 --- a/build/dev/web-hpa.yml +++ b/build/dev/web-hpa.yml @@ -8,12 +8,12 @@ spec: apiVersion: apps/v1 kind: Deployment name: medicalalert-web - minReplicas: 3 - maxReplicas: 6 + minReplicas: 1 + maxReplicas: 1 metrics: - resource: name: cpu target: averageValue: "90" type: AverageValue - type: Resource \ No newline at end of file + type: Resource diff --git a/common-jobs-bitbucket.sh b/common-jobs-bitbucket.sh index 1dff552c..51618b00 100644 --- a/common-jobs-bitbucket.sh +++ b/common-jobs-bitbucket.sh @@ -124,6 +124,24 @@ kubectl exec common-job-pod -n $NAMESPACE -- apt update kubectl exec common-job-pod -n $NAMESPACE -- apt install rclone rsync -y kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; cd /tmp && rclone sync --exclude wp-content/uploads/** wp/ /usr/share/nginx/subdomain/$SUBDOMAIN -q && echo ---sync-done--- ' + # ----------------------------------------------------------- +if [ "$ENV" = "dev" ] ; then +pods=`kubectl get pods --no-headers -o custom-columns=":metadata.name" -n $NAMESPACE` +for i in $pods; do +kubectl exec $i -n $NAMESPACE -- apt-key adv --fetch-keys 'https://packages.sury.org/php/apt.gpg' > /dev/null 2>&1 +kubectl exec $i -n $NAMESPACE -- apt update +kubectl exec $i -n $NAMESPACE -- apt install rclone rsync -y + +kubectl cp setenv.sh $NAMESPACE/$i:/tmp/setenv.sh && echo "setenv copy done" || exit 9 + +kubectl exec $i -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; cd /usr/share/nginx/subdomain && rclone sync --exclude wp-content/uploads/** $SUBDOMAIN/ /usr/share/nginx/subdomain/$SUBDOMAIN-web -q && echo ---sync-done from efs to local for $SUBDOMAIN-web --- && cd $SUBDOMAIN-web/wp-content && [ -L uploads ] && [ -e uploads ]] && echo ----symlink-exist--- || ln -s /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads uploads && chown -R nginx:nginx /usr/share/nginx/subdomain/$SUBDOMAIN-web' +done +else + +echo ----The env is $ENV and thus no multidev applicable---- + +fi + kubectl delete po common-job-pod -n $NAMESPACE # ------------------------------------------------------------------------------------------------------------------------- diff --git a/multidev-sync.sh b/multidev-sync.sh new file mode 100644 index 00000000..67385c44 --- /dev/null +++ b/multidev-sync.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +NAMESPACE=medicalalert-web + +if [ "$ENV" = "dev" ]; then + pods=`kubectl get pods --no-headers -o custom-columns=":metadata.name" -n $NAMESPACE` + for i in $pods; do + kubectl exec $i -n $NAMESPACE -- apt-key adv --fetch-keys 'https://packages.sury.org/php/apt.gpg' > /dev/null 2>&1 + kubectl exec $i -n $NAMESPACE -- apt-get update + kubectl exec $i -n $NAMESPACE -- apt-get install rclone rsync -y + kubectl exec $i -n $NAMESPACE -- sh -c 'for j in dev02 dev03 dev04 dev05; do cd /usr/share/nginx/subdomain && rclone sync --exclude wp-content/uploads/** $j/ /usr/share/nginx/subdomain/$j-web -q && echo ---sync-done from efs to local for $j-web --- && cd $j-web/wp-content && [ -L uploads ] && [ -e uploads ]] && echo ----symlink-exist--- || ln -s /usr/share/nginx/subdomain/$j/wp-content/uploads uploads && chown -R nginx:nginx /usr/share/nginx/subdomain/$j-web;done' + + done +else + + echo ----The env is $ENV and thus no multidev applicable---- + +fi