diff --git a/changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md b/changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md new file mode 100644 index 00000000..1e22bae1 --- /dev/null +++ b/changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md @@ -0,0 +1,5 @@ +### Removed + +- All support for debug pods via Ingress NGINX canary annotations has been + removed. Users of this feature must re-implement it. + diff --git a/drydock/patches/kustomization-resources b/drydock/patches/kustomization-resources index 87956711..39d026fa 100644 --- a/drydock/patches/kustomization-resources +++ b/drydock/patches/kustomization-resources @@ -13,11 +13,6 @@ - plugins/drydock/k8s/ingress/extra-hosts.yml - plugins/drydock/k8s/ingress/static-cache.yml {%- endif %} -{% if DRYDOCK_DEBUG -%} -- plugins/drydock/k8s/debug/deployments.yml -- plugins/drydock/k8s/debug/services.yml -- plugins/drydock/k8s/debug/ingress.yml -{%- endif %} {% if DRYDOCK_REGISTRY_CREDENTIALS -%} - plugins/drydock/k8s/secrets/image-pull-secret.yml {% endif -%} diff --git a/drydock/plugin.py b/drydock/plugin.py index cd95a3da..3b25a8df 100644 --- a/drydock/plugin.py +++ b/drydock/plugin.py @@ -17,6 +17,48 @@ INIT_JOBS_SYNC_WAVE = 1 +tutor_hooks.Filters.CONFIG_DEFAULTS.add_items( + [ + ("DRYDOCK_VERSION", __version__), + ("DRYDOCK_INIT_JOBS", False), + ("DRYDOCK_INIT_JOBS_EXCLUDED", []), + ("DRYDOCK_CMS_SSO_USER", "cms"), + ("DRYDOCK_AUTO_TLS", True), + ("DRYDOCK_MIGRATE_FROM", 0), + ("DRYDOCK_INGRESS", True), + ("DRYDOCK_INGRESS_EXTRA_HOSTS", []), + ("DRYDOCK_INGRESS_LMS_EXTRA_HOSTS", []), + ("DRYDOCK_NEWRELIC_LICENSE_KEY", ""), + ("DRYDOCK_CUSTOM_CERTS", {}), + ("DRYDOCK_LETSENCRYPT_EMAIL", "{{ CONTACT_EMAIL }}"), + ("DRYDOCK_ENABLE_MULTITENANCY", True), + ("DRYDOCK_ENABLE_SCORM", True), + ("DRYDOCK_POD_LIFECYCLE", True), + ("DRYDOCK_BYPASS_CADDY", False), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_LMS", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_LMS_WORKER", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_CMS", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_CMS_WORKER", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_MFE", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_FORUM", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_CADDY", 0), + ( + "DRYDOCK_POST_INIT_DEPLOYMENTS", + ["lms", "cms", "forum", "lms-worker", "cms-worker", "superset", "superset-worker", "superset-celery-beat"], + ), + ("DRYDOCK_NGINX_STATIC_CACHE_CONFIG", {}), + ("DRYDOCK_REGISTRY_CREDENTIALS", ""), + ] +) + +tutor_hooks.Filters.CONFIG_OVERRIDES.add_items( + [ + ("FORUM_MONGODB_DATABASE", "cs_comments_service"), + ("MONGODB_ROOT_USERNAME", ""), + ("MONGODB_ROOT_PASSWORD", ""), + ] +) + # This function is taken from # https://github.com/overhangio/tutor/blob/v16.1.8/tutor/commands/k8s.py#L182 @@ -83,9 +125,6 @@ def get_init_tasks(): CORE_SYNC_WAVES_ORDER: SYNC_WAVES_ORDER_ATTRS_TYPE = { "drydock-upgrade-lms-job": 50, "drydock-upgrade-cms-job": 51, - "lms-debug": 50, - "cms-debug": 50, - "ingress-debug": 200, "deployments:post-init-apps": 100, "horizontalpodautoscalers:all": 150, } @@ -131,67 +170,6 @@ def get_sync_waves_for_resource(resource_name: str) -> SYNC_WAVES_ORDER_ATTRS_TY return get_sync_waves_order().get(resource_name, 0) -################# Configuration -config = { - # Add here your new settings - "defaults": { - "VERSION": __version__, - "INIT_JOBS": False, - "INIT_JOBS_EXCLUDED": [], - "CMS_SSO_USER": "cms", - "AUTO_TLS": True, - "MIGRATE_FROM": 0, - "INGRESS": True, - "INGRESS_EXTRA_HOSTS": [], - "INGRESS_LMS_EXTRA_HOSTS": [], - "NEWRELIC_LICENSE_KEY": "", - "CUSTOM_CERTS": {}, - "DEBUG": False, - "LETSENCRYPT_EMAIL": "{{ CONTACT_EMAIL }}", - "ENABLE_MULTITENANCY": True, - "ENABLE_SCORM": True, - "POD_LIFECYCLE": True, - "BYPASS_CADDY": False, - "PDB_MINAVAILABLE_PERCENTAGE_LMS": 0, - "PDB_MINAVAILABLE_PERCENTAGE_LMS_WORKER": 0, - "PDB_MINAVAILABLE_PERCENTAGE_CMS": 0, - "PDB_MINAVAILABLE_PERCENTAGE_CMS_WORKER": 0, - "PDB_MINAVAILABLE_PERCENTAGE_MFE": 0, - "PDB_MINAVAILABLE_PERCENTAGE_FORUM": 0, - "PDB_MINAVAILABLE_PERCENTAGE_CADDY": 0, - "POST_INIT_DEPLOYMENTS": [ - "lms", - "cms", - "forum", - "lms-worker", - "cms-worker", - "superset", - "superset-worker", - "superset-celery-beat", - ], - "NGINX_STATIC_CACHE_CONFIG": {}, - "REGISTRY_CREDENTIALS": "", - }, - # Add here settings that don't have a reasonable default for all users. For - # instance: passwords, secret keys, etc. - "unique": { - # "SECRET_KEY": "\{\{ 24|random_string \}\}", - }, - # Danger zone! Add here values to override settings from Tutor core or other plugins. - "overrides": {}, -} - -tutor_hooks.Filters.CONFIG_DEFAULTS.add_items([("OPENEDX_DEBUG_COOKIE", "ednx_enable_debug")]) -tutor_hooks.Filters.CONFIG_OVERRIDES.add_items( - [ - # This values are not prefixed with DRYDOCK_ - ("FORUM_MONGODB_DATABASE", "cs_comments_service"), - ("MONGODB_ROOT_USERNAME", ""), - ("MONGODB_ROOT_PASSWORD", ""), - ] -) - - ################# You don't really have to bother about what's below this line, ################# except maybe for educational purposes :) @@ -212,10 +190,6 @@ def get_sync_waves_for_resource(resource_name: str) -> SYNC_WAVES_ORDER_ATTRS_TY tutor_hooks.priorities.LOW, # Apply our changes last to correctly override defaults. ) -# Load all configuration entries -tutor_hooks.Filters.CONFIG_DEFAULTS.add_items([(f"DRYDOCK_{key}", value) for key, value in config["defaults"].items()]) -tutor_hooks.Filters.CONFIG_UNIQUE.add_items([(f"DRYDOCK_{key}", value) for key, value in config["unique"].items()]) -tutor_hooks.Filters.CONFIG_OVERRIDES.add_items(list(config["overrides"].items())) tutor_hooks.Filters.ENV_TEMPLATE_VARIABLES.add_items( [ diff --git a/drydock/templates/drydock/k8s/debug/deployments.yml b/drydock/templates/drydock/k8s/debug/deployments.yml deleted file mode 100644 index 724431ae..00000000 --- a/drydock/templates/drydock/k8s/debug/deployments.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cms-debug - labels: - app.kubernetes.io/name: cms-debug - annotations: - argocd.argoproj.io/sync-wave: "{{ get_sync_waves_for_resource('cms-debug') }}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: cms-debug - template: - metadata: - labels: - app.kubernetes.io/name: cms-debug - spec: - securityContext: - runAsUser: 0 - runAsGroup: 0 - containers: - - name: cms-debug - args: [./manage.py cms runserver 0.0.0.0:8000] - command: ["/bin/bash", "-c"] - image: {{ DOCKER_IMAGE_OPENEDX }} - env: - - name: SERVICE_VARIANT - value: cms - - name: DJANGO_SETTINGS_MODULE - value: cms.envs.tutor.production - ports: - - containerPort: 8000 - volumeMounts: - - mountPath: /openedx/edx-platform/lms/envs/tutor/ - name: settings-lms - - mountPath: /openedx/edx-platform/cms/envs/tutor/ - name: settings-cms - - mountPath: /openedx/config - name: config - securityContext: - allowPrivilegeEscalation: false - stdin: true - tty: true - volumes: - - name: settings-lms - configMap: - name: openedx-settings-lms - - name: settings-cms - configMap: - name: openedx-settings-cms - - name: config - configMap: - name: openedx-config ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: lms-debug - labels: - app.kubernetes.io/name: lms-debug - annotations: - argocd.argoproj.io/sync-wave: "{{ get_sync_waves_for_resource('lms-debug') }}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: lms-debug - template: - metadata: - labels: - app.kubernetes.io/name: lms-debug - spec: - securityContext: - runAsUser: 0 - runAsGroup: 0 - containers: - - name: lms-debug - args: [./manage.py lms runserver 0.0.0.0:8000] - command: ["/bin/bash", "-c"] - image: {{ DOCKER_IMAGE_OPENEDX }} - ports: - - containerPort: 8000 - volumeMounts: - - mountPath: /openedx/edx-platform/lms/envs/tutor/ - name: settings-lms - - mountPath: /openedx/edx-platform/cms/envs/tutor/ - name: settings-cms - - mountPath: /openedx/config - name: config - securityContext: - allowPrivilegeEscalation: false - stdin: true - tty: true - volumes: - - name: settings-lms - configMap: - name: openedx-settings-lms - - name: settings-cms - configMap: - name: openedx-settings-cms - - name: config - configMap: - name: openedx-config diff --git a/drydock/templates/drydock/k8s/debug/ingress.yml b/drydock/templates/drydock/k8s/debug/ingress.yml deleted file mode 100644 index ad748cf5..00000000 --- a/drydock/templates/drydock/k8s/debug/ingress.yml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress-debug - namespace: {{ K8S_NAMESPACE }} - annotations: - argocd.argoproj.io/sync-wave: "{{ get_sync_waves_for_resource('ingress-debug') }}" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/canary: "true" - nginx.ingress.kubernetes.io/canary-by-cookie: {{ OPENEDX_DEBUG_COOKIE }} - {%- if DRYDOCK_AUTO_TLS and not DRYDOCK_CUSTOM_CERTS%} - cert-manager.io/issuer: letsencrypt - {%- endif %} -spec: - rules: - {%- for host, prefix in [(LMS_HOST, "lms"), (CMS_HOST, "cms")] %} - - host: {{ host }} - http: - paths: - - backend: - service: - name: {{prefix}}-debug - port: - number: 8000 - path: / - pathType: Prefix - {%- endfor %} - {% if DRYDOCK_AUTO_TLS -%} - tls: - - hosts: - {%- for host in [LMS_HOST, CMS_HOST] %} - - {{ host }} - {%- endfor %} - secretName: {{ K8S_NAMESPACE }}-tls - {%- endif %} diff --git a/drydock/templates/drydock/k8s/debug/services.yml b/drydock/templates/drydock/k8s/debug/services.yml deleted file mode 100644 index 93eb4e7e..00000000 --- a/drydock/templates/drydock/k8s/debug/services.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: lms-debug - namespace: {{ K8S_NAMESPACE }} -spec: - ports: - - port: 8000 - protocol: TCP - targetPort: 8000 - selector: - app.kubernetes.io/name: lms-debug - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: cms-debug - namespace: {{ K8S_NAMESPACE }} -spec: - ports: - - port: 8000 - protocol: TCP - targetPort: 8000 - selector: - app.kubernetes.io/name: cms-debug - type: ClusterIP