Add celery worker deployment

spack · Dec 20, 2023 · 879a456 · 879a456
1 parent 3f3d64e
commit 879a456
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 1 deletion.
diff --git a/k8s/production/custom/webhook-handler/deployments.yaml b/k8s/production/custom/webhook-handler/deployments.yaml
@@ -24,7 +24,6 @@ spec:
       serviceAccountName: webhook-handler
       containers:
         - name: webhook-handler
-          #image: ghcr.io/danlamanna/webhook-handler:0.0.11
           image: ghcr.io/spack/upload-build-timings:0.0.5
           imagePullPolicy: Always
           resources:
@@ -87,5 +86,105 @@ spec:
                 secretKeyRef:
                   name: opensearch-secrets
                   key: opensearch-password
+            - name: CELERY_BROKER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-secrets
+                  key: celery-broker-url
+      nodeSelector:
+        spack.io/node-pool: base
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webhook-handler-worker
+  namespace: custom
+  labels:
+    app: webhook-handler-worker
+    svc: web #TODO
+spec:
+  selector:
+    matchLabels:
+      app: webhook-handler-worker
+      svc: web # TODO
+      # TODO: evaluate
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: webhook-handler-worker
+        svc: web # TODO
+    spec:
+      restartPolicy: Always
+      serviceAccountName: webhook-handler  # TODO yes?
+      containers:
+        - name: webhook-handler-worker
+          image: ghcr.io/spack/upload-build-timings:0.0.5
+          command: ["celery", "-A", "analytics.celery", "worker", "-l", "info"]
+          imagePullPolicy: Always
+          resources:
+          # TODO: evaluate
+            requests:
+              cpu: 350m
+              memory: 1G
+            limits:
+              cpu: 1600m
+              memory: 1G
+          env:
+            - name: GITLAB_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-secrets
+                  key: gitlab-endpoint
+            - name: GITLAB_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-handler
+                  key: gitlab-token
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-secrets
+                  key: secret-key
+            - name: SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-secrets
+                  key: sentry-dsn
+            - name: DB_NAME
+              value: analytics
+            - name: DB_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-handler
+                  key: analytics-postgresql-host
+            - name: DB_USER
+              value: postgres
+            - name: DB_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-handler
+                  key: analytics-postgresql-password
+            - name: OPENSEARCH_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: opensearch-secrets
+                  key: opensearch-endpoint
+            - name: OPENSEARCH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: opensearch-secrets
+                  key: opensearch-username
+            - name: OPENSEARCH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: opensearch-secrets
+                  key: opensearch-password
+            - name: CELERY_BROKER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: webhook-secrets
+                  key: celery-broker-url
       nodeSelector:
         spack.io/node-pool: base
diff --git a/terraform/modules/spack/gitlab_webhooks.tf b/terraform/modules/spack/gitlab_webhooks.tf
@@ -37,6 +37,8 @@ resource "random_password" "webhook_handler" {
   special = false
 }
 
+# Note: the /1 is important to ensure that the broker for the webhook handler isn't using the same
+# database as the broker for spackbot.
 resource "kubectl_manifest" "webhook_secrets" {
   yaml_body = <<-YAML
      apiVersion: v1
@@ -49,6 +51,7 @@ resource "kubectl_manifest" "webhook_secrets" {
        gitlab-token: ${base64encode("${gitlab_personal_access_token.webhook_handler.token}")}
        sentry-dsn: ${base64encode("${data.sentry_key.webhook_handler.dsn_public}")}
        secret-key: ${base64encode("${random_password.webhook_handler.result}")}
+       celery-broker-url: ${base64encode("redis://${aws_elasticache_replication_group.pr_binary_graduation_task_queue.primary_endpoint_address}:6379/1")}
    YAML
 }