diff --git a/chart/templates/controller/beat.yaml b/chart/templates/controller/beat.yaml new file mode 100644 index 00000000..a7d6acb5 --- /dev/null +++ b/chart/templates/controller/beat.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vela-controller-beat + labels: + app.kubernetes.io/name: vela-controller-beat + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: vela-controller-beat + template: + metadata: + labels: + app.kubernetes.io/name: vela-controller-beat + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: vela-controller + initContainers: +{{ include "vela.waitForPostgresInitContainer" (dict) | nindent 8 }} + containers: + - name: vela-controller-beat + image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + imagePullPolicy: Always + command: ["celery", "-A", "simplyblock.vela.worker", "beat", "--loglevel=info"] + envFrom: + - configMapRef: + name: vela-controller-config + env: + - name: VELA_GRAFANA_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: vela-grafana-secret + key: VELA_GRAFANA_SECURITY_ADMIN_USER + - name: VELA_GRAFANA_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: vela-grafana-secret + key: VELA_GRAFANA_SECURITY_ADMIN_PASSWORD + - name: DB_USER + valueFrom: + secretKeyRef: + name: database + key: superuser-username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: database + key: superuser-password + - name: DB_HOST + value: database + - name: VELA_BROKER_URL + value: 'sqla+postgresql+psycopg://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):5432/postgres' + - name: VELA_RESULT_BACKEND + value: 'db+postgresql+psycopg://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):5432/postgres' + - name: VELA_DEPLOYMENT_PASSWORD_SECRET + valueFrom: + secretKeyRef: + name: vela-controller-secret + key: deployment-password-secret + - name: VELA_POSTGRES_URL + value: 'postgresql+asyncpg://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):5432/postgres' + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/containers/compose-dev.yml b/containers/compose-dev.yml index 296680c0..829e173f 100644 --- a/containers/compose-dev.yml +++ b/containers/compose-dev.yml @@ -47,6 +47,26 @@ services: restart: unless-stopped + controller-beat: + build: + context: .. + dockerfile: containers/Containerfile + volumes: + - ~/.kube/config:/home/vela/.kube/config:ro + - ..:/app + command: 'bash -c "python -m venv /tmp/venv && source /tmp/venv/bin/activate && pip install -e . && celery -A simplyblock.vela.worker beat --loglevel=info"' + environment: + VELA_BROKER_URL: 'sqla+postgresql+psycopg://postgres:vela@database:5432/vela' + VELA_RESULT_BACKEND: 'db+postgresql+psycopg://postgres:vela@database:5432/vela' + VELA_POSTGRES_URL: 'postgresql+asyncpg://postgres:vela@database:5432/vela' + VELA_JWT_SECRET: 'secret' + VELA_ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER: 'false' + depends_on: + database: + condition: service_healthy + restart: unless-stopped + + database: image: docker.io/postgres:17 environment: diff --git a/containers/compose.yml b/containers/compose.yml index fb163971..a5204312 100644 --- a/containers/compose.yml +++ b/containers/compose.yml @@ -93,6 +93,44 @@ services: restart: unless-stopped + controller-beat: + build: + context: .. + dockerfile: containers/Containerfile + volumes: + - ~/.kube/config:/home/vela/.kube/config:ro + - ..:/app + - beat_schedule:/tmp/beat + command: 'bash -c "python -m venv /tmp/venv && source /tmp/venv/bin/activate && pip install -e . && celery -A simplyblock.vela.worker beat --loglevel=info --schedule=/tmp/beat/celerybeat-schedule"' + environment: + VELA_BROKER_URL: 'sqla+postgresql+psycopg://postgres:vela@database:5432/vela' + VELA_RESULT_BACKEND: 'db+postgresql+psycopg://postgres:vela@database:5432/vela' + VELA_ROOT_PATH: '/vela' + VELA_JWT_SECRET: 'http://auth:8080/auth/realms/vela/protocol/openid-connect/certs' + VELA_POSTGRES_URL: 'postgresql+asyncpg://postgres:vela@database:5432/vela' + VELA_CORS_ORIGINS: '["http://localhost:3000"]' + VELA_PGMETA_CRYPTO_KEY: 'secret' + VELA_KEYCLOAK_URL: 'http://auth:8080/auth/' + VELA_KEYCLOAK_ADMIN_NAME: 'admin' + VELA_KEYCLOAK_ADMIN_SECRET: 'admin' + VELA_CLOUDFLARE__API_TOKEN: 'your_cloudflare_api_token' + VELA_CLOUDFLARE__ZONE_ID: 'your_cloudflare_zone_id' + VELA_CLOUDFLARE__BRANCH_REF: 'branch-ref.staging.vela.run' + VELA_CLOUDFLARE__BRANCH_DB_REF: 'branch-db-ref.staging.vela.run' + VELA_CLOUDFLARE__DOMAIN_SUFFIX: 'example.com' + VELA_DEPLOYMENT_NAMESPACE_PREFIX: 'vela' + VELA_GRAFANA_URL: 'http://grafana:3000' + VELA_ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER: 'false' + VELA_GRAFANA_SECURITY_ADMIN_USER: "admin" + VELA_GRAFANA_SECURITY_ADMIN_PASSWORD: "password" + VELA_SIMPLYBLOCK_CSI_NAMESPACE: 'simplyblock-csi' + VELA_DEPLOYMENT_PASSWORD_SECRET: 'secret' + depends_on: + database: + condition: service_healthy + restart: unless-stopped + + auth: image: quay.io/keycloak/keycloak:26.4 environment: @@ -168,3 +206,4 @@ services: volumes: caddy_data: caddy_config: + beat_schedule: diff --git a/src/worker/__init__.py b/src/worker/__init__.py index fb20d4e1..8a7eb29b 100644 --- a/src/worker/__init__.py +++ b/src/worker/__init__.py @@ -19,6 +19,8 @@ class Settings(BaseSettings): # Chord callback always fires even when individual sub-tasks fail. app.conf.task_chord_propagates = False +app.conf.beat_schedule_filename = "/tmp/celerybeat-schedule" + # Register tasks — must be imported after `app` is defined. from ..api.organization.project.branch import resize_tasks as _api_resize_tasks # noqa: E402, F401 from ..deployment import resize as _deployment_resize # noqa: E402, F401