From ee56152168824e83b95a70bc634da8eda5e49de4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mois=C3=A9s=20Gonz=C3=A1lez?= Date: Tue, 7 Apr 2026 12:56:28 -0400 Subject: [PATCH 1/3] chore: re-arrange tutor settings Explicitly prefix them with `DRYDOCK_` and use the filters directly. Put them at the top of the file. --- drydock/plugin.py | 108 ++++++++++++++++++---------------------------- 1 file changed, 43 insertions(+), 65 deletions(-) diff --git a/drydock/plugin.py b/drydock/plugin.py index cd95a3d..8757a96 100644 --- a/drydock/plugin.py +++ b/drydock/plugin.py @@ -17,6 +17,49 @@ INIT_JOBS_SYNC_WAVE = 1 +tutor_hooks.Filters.CONFIG_DEFAULTS.add_items( + [ + ("DRYDOCK_VERSION", __version__), + ("DRYDOCK_INIT_JOBS", False), + ("DRYDOCK_INIT_JOBS_EXCLUDED", []), + ("DRYDOCK_CMS_SSO_USER", "cms"), + ("DRYDOCK_AUTO_TLS", True), + ("DRYDOCK_MIGRATE_FROM", 0), + ("DRYDOCK_INGRESS", True), + ("DRYDOCK_INGRESS_EXTRA_HOSTS", []), + ("DRYDOCK_INGRESS_LMS_EXTRA_HOSTS", []), + ("DRYDOCK_NEWRELIC_LICENSE_KEY", ""), + ("DRYDOCK_CUSTOM_CERTS", {}), + ("DRYDOCK_DEBUG", False), + ("DRYDOCK_LETSENCRYPT_EMAIL", "{{ CONTACT_EMAIL }}"), + ("DRYDOCK_ENABLE_MULTITENANCY", True), + ("DRYDOCK_ENABLE_SCORM", True), + ("DRYDOCK_POD_LIFECYCLE", True), + ("DRYDOCK_BYPASS_CADDY", False), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_LMS", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_LMS_WORKER", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_CMS", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_CMS_WORKER", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_MFE", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_FORUM", 0), + ("DRYDOCK_PDB_MINAVAILABLE_PERCENTAGE_CADDY", 0), + ( + "DRYDOCK_POST_INIT_DEPLOYMENTS", + ["lms", "cms", "forum", "lms-worker", "cms-worker", "superset", "superset-worker", "superset-celery-beat"], + ), + ("DRYDOCK_NGINX_STATIC_CACHE_CONFIG", {}), + ("DRYDOCK_REGISTRY_CREDENTIALS", ""), + ] +) + +tutor_hooks.Filters.CONFIG_OVERRIDES.add_items( + [ + ("FORUM_MONGODB_DATABASE", "cs_comments_service"), + ("MONGODB_ROOT_USERNAME", ""), + ("MONGODB_ROOT_PASSWORD", ""), + ] +) + # This function is taken from # https://github.com/overhangio/tutor/blob/v16.1.8/tutor/commands/k8s.py#L182 @@ -131,67 +174,6 @@ def get_sync_waves_for_resource(resource_name: str) -> SYNC_WAVES_ORDER_ATTRS_TY return get_sync_waves_order().get(resource_name, 0) -################# Configuration -config = { - # Add here your new settings - "defaults": { - "VERSION": __version__, - "INIT_JOBS": False, - "INIT_JOBS_EXCLUDED": [], - "CMS_SSO_USER": "cms", - "AUTO_TLS": True, - "MIGRATE_FROM": 0, - "INGRESS": True, - "INGRESS_EXTRA_HOSTS": [], - "INGRESS_LMS_EXTRA_HOSTS": [], - "NEWRELIC_LICENSE_KEY": "", - "CUSTOM_CERTS": {}, - "DEBUG": False, - "LETSENCRYPT_EMAIL": "{{ CONTACT_EMAIL }}", - "ENABLE_MULTITENANCY": True, - "ENABLE_SCORM": True, - "POD_LIFECYCLE": True, - "BYPASS_CADDY": False, - "PDB_MINAVAILABLE_PERCENTAGE_LMS": 0, - "PDB_MINAVAILABLE_PERCENTAGE_LMS_WORKER": 0, - "PDB_MINAVAILABLE_PERCENTAGE_CMS": 0, - "PDB_MINAVAILABLE_PERCENTAGE_CMS_WORKER": 0, - "PDB_MINAVAILABLE_PERCENTAGE_MFE": 0, - "PDB_MINAVAILABLE_PERCENTAGE_FORUM": 0, - "PDB_MINAVAILABLE_PERCENTAGE_CADDY": 0, - "POST_INIT_DEPLOYMENTS": [ - "lms", - "cms", - "forum", - "lms-worker", - "cms-worker", - "superset", - "superset-worker", - "superset-celery-beat", - ], - "NGINX_STATIC_CACHE_CONFIG": {}, - "REGISTRY_CREDENTIALS": "", - }, - # Add here settings that don't have a reasonable default for all users. For - # instance: passwords, secret keys, etc. - "unique": { - # "SECRET_KEY": "\{\{ 24|random_string \}\}", - }, - # Danger zone! Add here values to override settings from Tutor core or other plugins. - "overrides": {}, -} - -tutor_hooks.Filters.CONFIG_DEFAULTS.add_items([("OPENEDX_DEBUG_COOKIE", "ednx_enable_debug")]) -tutor_hooks.Filters.CONFIG_OVERRIDES.add_items( - [ - # This values are not prefixed with DRYDOCK_ - ("FORUM_MONGODB_DATABASE", "cs_comments_service"), - ("MONGODB_ROOT_USERNAME", ""), - ("MONGODB_ROOT_PASSWORD", ""), - ] -) - - ################# You don't really have to bother about what's below this line, ################# except maybe for educational purposes :) @@ -212,10 +194,6 @@ def get_sync_waves_for_resource(resource_name: str) -> SYNC_WAVES_ORDER_ATTRS_TY tutor_hooks.priorities.LOW, # Apply our changes last to correctly override defaults. ) -# Load all configuration entries -tutor_hooks.Filters.CONFIG_DEFAULTS.add_items([(f"DRYDOCK_{key}", value) for key, value in config["defaults"].items()]) -tutor_hooks.Filters.CONFIG_UNIQUE.add_items([(f"DRYDOCK_{key}", value) for key, value in config["unique"].items()]) -tutor_hooks.Filters.CONFIG_OVERRIDES.add_items(list(config["overrides"].items())) tutor_hooks.Filters.ENV_TEMPLATE_VARIABLES.add_items( [ From 9bbdb65b48773a65b461b7216061c8caefa86acb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mois=C3=A9s=20Gonz=C3=A1lez?= Date: Tue, 7 Apr 2026 13:10:29 -0400 Subject: [PATCH 2/3] feat!: remove support for debug pods --- ...25934_moises.gonzalez_remove_debug_pods.md | 5 + drydock/patches/kustomization-resources | 5 - drydock/plugin.py | 4 - .../drydock/k8s/debug/deployments.yml | 103 ------------------ .../templates/drydock/k8s/debug/ingress.yml | 35 ------ .../templates/drydock/k8s/debug/services.yml | 28 ----- 6 files changed, 5 insertions(+), 175 deletions(-) create mode 100644 changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md delete mode 100644 drydock/templates/drydock/k8s/debug/deployments.yml delete mode 100644 drydock/templates/drydock/k8s/debug/ingress.yml delete mode 100644 drydock/templates/drydock/k8s/debug/services.yml diff --git a/changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md b/changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md new file mode 100644 index 0000000..1e22bae --- /dev/null +++ b/changelog.d/20260407_125934_moises.gonzalez_remove_debug_pods.md @@ -0,0 +1,5 @@ +### Removed + +- All support for debug pods via Ingress NGINX canary annotations has been + removed. Users of this feature must re-implement it. + diff --git a/drydock/patches/kustomization-resources b/drydock/patches/kustomization-resources index 8795671..39d026f 100644 --- a/drydock/patches/kustomization-resources +++ b/drydock/patches/kustomization-resources @@ -13,11 +13,6 @@ - plugins/drydock/k8s/ingress/extra-hosts.yml - plugins/drydock/k8s/ingress/static-cache.yml {%- endif %} -{% if DRYDOCK_DEBUG -%} -- plugins/drydock/k8s/debug/deployments.yml -- plugins/drydock/k8s/debug/services.yml -- plugins/drydock/k8s/debug/ingress.yml -{%- endif %} {% if DRYDOCK_REGISTRY_CREDENTIALS -%} - plugins/drydock/k8s/secrets/image-pull-secret.yml {% endif -%} diff --git a/drydock/plugin.py b/drydock/plugin.py index 8757a96..3b25a8d 100644 --- a/drydock/plugin.py +++ b/drydock/plugin.py @@ -30,7 +30,6 @@ ("DRYDOCK_INGRESS_LMS_EXTRA_HOSTS", []), ("DRYDOCK_NEWRELIC_LICENSE_KEY", ""), ("DRYDOCK_CUSTOM_CERTS", {}), - ("DRYDOCK_DEBUG", False), ("DRYDOCK_LETSENCRYPT_EMAIL", "{{ CONTACT_EMAIL }}"), ("DRYDOCK_ENABLE_MULTITENANCY", True), ("DRYDOCK_ENABLE_SCORM", True), @@ -126,9 +125,6 @@ def get_init_tasks(): CORE_SYNC_WAVES_ORDER: SYNC_WAVES_ORDER_ATTRS_TYPE = { "drydock-upgrade-lms-job": 50, "drydock-upgrade-cms-job": 51, - "lms-debug": 50, - "cms-debug": 50, - "ingress-debug": 200, "deployments:post-init-apps": 100, "horizontalpodautoscalers:all": 150, } diff --git a/drydock/templates/drydock/k8s/debug/deployments.yml b/drydock/templates/drydock/k8s/debug/deployments.yml deleted file mode 100644 index 724431a..0000000 --- a/drydock/templates/drydock/k8s/debug/deployments.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cms-debug - labels: - app.kubernetes.io/name: cms-debug - annotations: - argocd.argoproj.io/sync-wave: "{{ get_sync_waves_for_resource('cms-debug') }}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: cms-debug - template: - metadata: - labels: - app.kubernetes.io/name: cms-debug - spec: - securityContext: - runAsUser: 0 - runAsGroup: 0 - containers: - - name: cms-debug - args: [./manage.py cms runserver 0.0.0.0:8000] - command: ["/bin/bash", "-c"] - image: {{ DOCKER_IMAGE_OPENEDX }} - env: - - name: SERVICE_VARIANT - value: cms - - name: DJANGO_SETTINGS_MODULE - value: cms.envs.tutor.production - ports: - - containerPort: 8000 - volumeMounts: - - mountPath: /openedx/edx-platform/lms/envs/tutor/ - name: settings-lms - - mountPath: /openedx/edx-platform/cms/envs/tutor/ - name: settings-cms - - mountPath: /openedx/config - name: config - securityContext: - allowPrivilegeEscalation: false - stdin: true - tty: true - volumes: - - name: settings-lms - configMap: - name: openedx-settings-lms - - name: settings-cms - configMap: - name: openedx-settings-cms - - name: config - configMap: - name: openedx-config ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: lms-debug - labels: - app.kubernetes.io/name: lms-debug - annotations: - argocd.argoproj.io/sync-wave: "{{ get_sync_waves_for_resource('lms-debug') }}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: lms-debug - template: - metadata: - labels: - app.kubernetes.io/name: lms-debug - spec: - securityContext: - runAsUser: 0 - runAsGroup: 0 - containers: - - name: lms-debug - args: [./manage.py lms runserver 0.0.0.0:8000] - command: ["/bin/bash", "-c"] - image: {{ DOCKER_IMAGE_OPENEDX }} - ports: - - containerPort: 8000 - volumeMounts: - - mountPath: /openedx/edx-platform/lms/envs/tutor/ - name: settings-lms - - mountPath: /openedx/edx-platform/cms/envs/tutor/ - name: settings-cms - - mountPath: /openedx/config - name: config - securityContext: - allowPrivilegeEscalation: false - stdin: true - tty: true - volumes: - - name: settings-lms - configMap: - name: openedx-settings-lms - - name: settings-cms - configMap: - name: openedx-settings-cms - - name: config - configMap: - name: openedx-config diff --git a/drydock/templates/drydock/k8s/debug/ingress.yml b/drydock/templates/drydock/k8s/debug/ingress.yml deleted file mode 100644 index ad748cf..0000000 --- a/drydock/templates/drydock/k8s/debug/ingress.yml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress-debug - namespace: {{ K8S_NAMESPACE }} - annotations: - argocd.argoproj.io/sync-wave: "{{ get_sync_waves_for_resource('ingress-debug') }}" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/canary: "true" - nginx.ingress.kubernetes.io/canary-by-cookie: {{ OPENEDX_DEBUG_COOKIE }} - {%- if DRYDOCK_AUTO_TLS and not DRYDOCK_CUSTOM_CERTS%} - cert-manager.io/issuer: letsencrypt - {%- endif %} -spec: - rules: - {%- for host, prefix in [(LMS_HOST, "lms"), (CMS_HOST, "cms")] %} - - host: {{ host }} - http: - paths: - - backend: - service: - name: {{prefix}}-debug - port: - number: 8000 - path: / - pathType: Prefix - {%- endfor %} - {% if DRYDOCK_AUTO_TLS -%} - tls: - - hosts: - {%- for host in [LMS_HOST, CMS_HOST] %} - - {{ host }} - {%- endfor %} - secretName: {{ K8S_NAMESPACE }}-tls - {%- endif %} diff --git a/drydock/templates/drydock/k8s/debug/services.yml b/drydock/templates/drydock/k8s/debug/services.yml deleted file mode 100644 index 93eb4e7..0000000 --- a/drydock/templates/drydock/k8s/debug/services.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: lms-debug - namespace: {{ K8S_NAMESPACE }} -spec: - ports: - - port: 8000 - protocol: TCP - targetPort: 8000 - selector: - app.kubernetes.io/name: lms-debug - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: cms-debug - namespace: {{ K8S_NAMESPACE }} -spec: - ports: - - port: 8000 - protocol: TCP - targetPort: 8000 - selector: - app.kubernetes.io/name: cms-debug - type: ClusterIP From d045b633c3f9671763c1e002a4c731ed09a7a434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mois=C3=A9s=20Gonz=C3=A1lez?= Date: Wed, 8 Apr 2026 11:51:09 -0400 Subject: [PATCH 3/3] feat: add an option to configure the ingressClass --- ...408_115227_moises.gonzalez_multiple_ingress_controller.md | 5 +++++ drydock/plugin.py | 1 + drydock/templates/drydock/k8s/ingress/cms.yml | 2 +- drydock/templates/drydock/k8s/ingress/extra-hosts.yml | 2 +- drydock/templates/drydock/k8s/ingress/issuer.yml | 2 +- drydock/templates/drydock/k8s/ingress/lms.yml | 2 +- drydock/templates/drydock/k8s/ingress/meilisearch.yml | 2 +- drydock/templates/drydock/k8s/ingress/mfe.yml | 2 +- drydock/templates/drydock/k8s/ingress/notes.yml | 2 +- 9 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 changelog.d/20260408_115227_moises.gonzalez_multiple_ingress_controller.md diff --git a/changelog.d/20260408_115227_moises.gonzalez_multiple_ingress_controller.md b/changelog.d/20260408_115227_moises.gonzalez_multiple_ingress_controller.md new file mode 100644 index 0000000..669df75 --- /dev/null +++ b/changelog.d/20260408_115227_moises.gonzalez_multiple_ingress_controller.md @@ -0,0 +1,5 @@ +### Added + +- The new `DRYDOCK_INGRESS_CLASS` allows to configure the ingress class used by + the Ingress and Issuers objects. + diff --git a/drydock/plugin.py b/drydock/plugin.py index 3b25a8d..5df19ed 100644 --- a/drydock/plugin.py +++ b/drydock/plugin.py @@ -26,6 +26,7 @@ ("DRYDOCK_AUTO_TLS", True), ("DRYDOCK_MIGRATE_FROM", 0), ("DRYDOCK_INGRESS", True), + ("DRYDOCK_INGRESS_CLASS", "nginx"), ("DRYDOCK_INGRESS_EXTRA_HOSTS", []), ("DRYDOCK_INGRESS_LMS_EXTRA_HOSTS", []), ("DRYDOCK_NEWRELIC_LICENSE_KEY", ""), diff --git a/drydock/templates/drydock/k8s/ingress/cms.yml b/drydock/templates/drydock/k8s/ingress/cms.yml index 02569a0..555af6c 100644 --- a/drydock/templates/drydock/k8s/ingress/cms.yml +++ b/drydock/templates/drydock/k8s/ingress/cms.yml @@ -28,7 +28,7 @@ metadata: } {%- endif %} spec: - ingressClassName: nginx + ingressClassName: {{ DRYDOCK_INGRESS_CLASS }} rules: - host: {{ CMS_HOST }} http: diff --git a/drydock/templates/drydock/k8s/ingress/extra-hosts.yml b/drydock/templates/drydock/k8s/ingress/extra-hosts.yml index 5804d56..16caef4 100644 --- a/drydock/templates/drydock/k8s/ingress/extra-hosts.yml +++ b/drydock/templates/drydock/k8s/ingress/extra-hosts.yml @@ -10,7 +10,7 @@ metadata: cert-manager.io/issuer: letsencrypt {%- endif %} spec: - ingressClassName: nginx + ingressClassName: {{ DRYDOCK_INGRESS_CLASS }} rules: - host: {{ host }} http: diff --git a/drydock/templates/drydock/k8s/ingress/issuer.yml b/drydock/templates/drydock/k8s/ingress/issuer.yml index 6ccf6c6..44ac955 100644 --- a/drydock/templates/drydock/k8s/ingress/issuer.yml +++ b/drydock/templates/drydock/k8s/ingress/issuer.yml @@ -19,7 +19,7 @@ spec: solvers: - http01: ingress: - class: nginx + class: {{ DRYDOCK_INGRESS_CLASS }} {% endif -%} {% if DRYDOCK_CUSTOM_CERTS -%} diff --git a/drydock/templates/drydock/k8s/ingress/lms.yml b/drydock/templates/drydock/k8s/ingress/lms.yml index 3fdb6d9..abf359a 100644 --- a/drydock/templates/drydock/k8s/ingress/lms.yml +++ b/drydock/templates/drydock/k8s/ingress/lms.yml @@ -28,7 +28,7 @@ metadata: } {%- endif %} spec: - ingressClassName: nginx + ingressClassName: {{ DRYDOCK_INGRESS_CLASS }} rules: - host: {{ LMS_HOST }} http: diff --git a/drydock/templates/drydock/k8s/ingress/meilisearch.yml b/drydock/templates/drydock/k8s/ingress/meilisearch.yml index 3499f39..fe069b3 100644 --- a/drydock/templates/drydock/k8s/ingress/meilisearch.yml +++ b/drydock/templates/drydock/k8s/ingress/meilisearch.yml @@ -9,7 +9,7 @@ metadata: cert-manager.io/issuer: letsencrypt {%- endif %} spec: - ingressClassName: nginx + ingressClassName: {{ DRYDOCK_INGRESS_CLASS }} rules: - host: {{ MEILISEARCH_HOST }} http: diff --git a/drydock/templates/drydock/k8s/ingress/mfe.yml b/drydock/templates/drydock/k8s/ingress/mfe.yml index c09e00e..c6836a0 100644 --- a/drydock/templates/drydock/k8s/ingress/mfe.yml +++ b/drydock/templates/drydock/k8s/ingress/mfe.yml @@ -10,7 +10,7 @@ metadata: cert-manager.io/issuer: letsencrypt {%- endif %} spec: - ingressClassName: nginx + ingressClassName: {{ DRYDOCK_INGRESS_CLASS }} rules: - host: {{ MFE_HOST }} http: diff --git a/drydock/templates/drydock/k8s/ingress/notes.yml b/drydock/templates/drydock/k8s/ingress/notes.yml index f4e9bb5..e26339f 100644 --- a/drydock/templates/drydock/k8s/ingress/notes.yml +++ b/drydock/templates/drydock/k8s/ingress/notes.yml @@ -9,7 +9,7 @@ metadata: cert-manager.io/issuer: letsencrypt {%- endif %} spec: - ingressClassName: nginx + ingressClassName: {{ DRYDOCK_INGRESS_CLASS }} rules: - host: {{ NOTES_HOST }} http: