Added mirrors-qa

From https://github.com/kiwix/mirrors-qa/

- a dedicated namespace
- a backend API with a Postgres DB
- a schduler running the same image as backend
- a Metabase UI with a Postgres DB

mirrors-qa/api-db/api-db-backup.cronjob.yaml

@@ -0,0 +1,38 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: api-db-backup
+  namespace: mirrors-qa
+spec:
+  schedule: "5 10 * * *"
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      backoffLimit: 2
+      template:
+        spec:
+          containers:
+            - name: borg-backup
+              image: ghcr.io/kiwix/borg-backup:latest
+              imagePullPolicy: Always
+              envFrom:
+              - secretRef:
+                  name: backup-credentials
+              - secretRef:
+                  name: api-db-backup-credentials
+              env:
+                - name: BITWARDEN_EMAIL
+                  value: "[email protected]"
+                - name: BORGBASE_NAME
+                  value: "mirrors-qa-api-postgresdb"
+              command: ["single-backup"]
+              resources:
+                requests:
+                  cpu: 100m
+                  memory: 128Mi
+          volumes:
+          restartPolicy: Never
+          nodeSelector:
+            k8s.kiwix.org/role: "services"

mirrors-qa/api-db/api-db-local.pv.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mirrors-qa-api-db-local-pv
+spec:
+  capacity:
+    storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: local-storage
+  local:
+    path: /data/mirrors-qa/postgresdb
+  claimRef:
+    name: mirrors-qa-api-db-pvc
+    namespace: mirrors-qa
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: k8s.kiwix.org/role
+              operator: In
+              values:
+              - services

mirrors-qa/api-db/api-db.pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mirrors-qa-api-db-pvc
+  namespace: mirrors-qa
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: local-storage
+  volumeName: mirrors-qa-api-db-local-pv

mirrors-qa/api-db/api-db.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: mirrors-qa
+  labels:
+    app: api-db-app
+  name: api-db-sts
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-db-app
+  serviceName: api-db-service
+  template:
+    metadata:
+      labels:
+        app: api-db-app
+    spec:
+      containers:
+      - image: docker.io/library/postgres:16.3-bookworm
+        imagePullPolicy: Always
+        name: postgresdb
+        envFrom:
+        - secretRef:
+            name: api-db-secrets
+        volumeMounts:
+        - name: data-volume
+          mountPath: "/var/lib/postgresql/data"
+          readOnly: false
+        - name: init-extensions
+          mountPath: /docker-entrypoint-initdb.d/init-extensions.sh
+          readOnly: true
+          subPath: init-extensions.sh
+        ports:
+        - containerPort: 5432
+        readinessProbe:
+          exec:
+            command: ["pg_isready", "-q", "-d", "dbname=mirrors-qa user=mirrors-qa"]
+          initialDelaySeconds: 1
+          periodSeconds: 1
+      volumes:
+      - name: data-volume
+        persistentVolumeClaim:
+          claimName: mirrors-qa-api-db-pvc
+      - name: init-extensions
+        configMap:
+          name: api-configs
+          defaultMode: 0755
+          optional: false
+      nodeSelector:
+        k8s.kiwix.org/role: "services"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: mirrors-qa
+  name: api-db-service
+  labels:
+    app: api-db-app
+spec:
+  selector:
+    app: api-db-app
+  ports:
+  - protocol: TCP
+    port: 5432
+    targetPort: 5432

mirrors-qa/api/api-configs.cm.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: api-configs
+  namespace: mirrors-qa
+data:
+  SCHEDULER_SLEEP_DURATION: "3h"
+  IDLE_WORKER_DURATION: "1h"
+  EXPIRE_TEST_DURATION: "1d"
+  MAX_PAGE_SIZE: "10"
+  # comma-separated
+  MIRRORS_EXCLUSION_LIST: "mirror.isoc.org.il"
+  init-extensions.sh: |
+    #!/bin/bash
+    set -e
+
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+        CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+    EOSQL
+

mirrors-qa/api/api.mirrors-qa.kiwix.org.certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: api-mirrors-kiwix-org
+  namespace: mirrors-qa
+spec:
+  secretName: api-mirrors-qa-kiwix-org-tls
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+  commonName: api.mirrors-qa.kiwix.org
+  dnsNames:
+  - api.mirrors-qa.kiwix.org

mirrors-qa/api/api.yaml

@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: mirrors-qa
+  labels:
+    app: api-app
+  name: api-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-app
+  template:
+    metadata:
+      labels:
+        app: api-app
+    spec:
+      containers:
+      - image: ghcr.io/kiwix/mirrors-qa-backend:latest
+        imagePullPolicy: Always
+        name: api
+        envFrom:
+        - configMapRef:
+            name: api-configs
+        - secretRef:
+            name: api-secrets
+        ports:
+        - containerPort: 80
+        # readinessProbe:
+        #   exec:
+        #     command: ["curl", "-f", "http://localhost/tests?page_size=1"]
+        #   initialDelaySeconds: 5
+        #   periodSeconds: 1
+        resources:
+          requests:
+            memory: "1Gi"
+            cpu: "800m"
+      nodeSelector:
+        k8s.kiwix.org/role: "services"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: mirrors-qa
+  name: api-service
+  labels:
+    app: api-app
+spec:
+  selector:
+    app: api-app
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-ingress
+  namespace: mirrors-qa
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/proxy-body-size: "2m"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - api.mirrors-qa.kiwix.org
+      secretName: api-mirrors-qa-kiwix-org-tls
+  rules:
+  - host: api.mirrors-qa.kiwix.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: api-service
+            port:
+              number: 80

mirrors-qa/mirrors-qa.ns.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mirrors-qa
+  annotations:
+    k8s.kiwix.org/client: https://github.com/rgaudin
+    k8s.kiwix.org/source_repo: https://github.com/kiwix/mirrors-qa

mirrors-qa/scheduler/scheduler.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: mirrors-qa
+  labels:
+    app: scheduler-app
+  name: scheduler-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: scheduler-app
+  template:
+    metadata:
+      labels:
+        app: scheduler-app
+    spec:
+      containers:
+      - image: ghcr.io/kiwix/mirrors-qa-backend:latest
+        imagePullPolicy: Always
+        name: scheduler
+        command: ["mirrors-qa-backend", "scheduler"]
+        envFrom:
+        - configMapRef:
+            name: api-configs
+        - secretRef:
+            name: api-secrets
+        ports:
+        - containerPort: 80
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+      nodeSelector:
+        k8s.kiwix.org/role: "services"

mirrors-qa/ui-db/ui-db-backup.cronjob.yaml

@@ -0,0 +1,38 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: ui-db-backup
+  namespace: mirrors-qa
+spec:
+  schedule: "5 10 * * *"
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      backoffLimit: 2
+      template:
+        spec:
+          containers:
+            - name: borg-backup
+              image: ghcr.io/kiwix/borg-backup:latest
+              imagePullPolicy: Always
+              envFrom:
+              - secretRef:
+                  name: backup-credentials
+              - secretRef:
+                  name: ui-db-backup-credentials
+              env:
+                - name: BITWARDEN_EMAIL
+                  value: "[email protected]"
+                - name: BORGBASE_NAME
+                  value: "mirrors-qa-ui-postgresdb"
+              command: ["single-backup"]
+              resources:
+                requests:
+                  cpu: 100m
+                  memory: 128Mi
+          volumes:
+          restartPolicy: Never
+          nodeSelector:
+            k8s.kiwix.org/role: "services"

mirrors-qa/ui-db/ui-db-local.pv.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mirrors-qa-ui-db-local-pv
+spec:
+  capacity:
+    storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: local-storage
+  local:
+    path: /data/mirrors-qa/ui-postgresdb
+  claimRef:
+    name: mirrors-qa-ui-db-pvc
+    namespace: mirrors-qa
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: k8s.kiwix.org/role
+              operator: In
+              values:
+              - services

mirrors-qa/ui-db/ui-db.pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mirrors-qa-ui-db-pvc
+  namespace: mirrors-qa
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: local-storage
+  volumeName: mirrors-qa-ui-db-local-pv