mirror of
https://github.com/zed-industries/zed.git
synced 2026-05-31 19:05:00 +07:00
4b23564f36
This PR makes it so we route the `UserService::get_users_by_ids` call through Cloud instead of hitting the database. We've introduced a new `CloudUserService` that will fetch the users from Cloud using the internal API. Note that we've only implemented the `get_users_by_ids` method on this service, as the endpoints for the other methods don't yet exist. We have also introduced a `TransitionalUserService` for the purposes of gradually transitioning these calls over to Cloud. Right now it uses the `CloudUserService` for the `get_users_by_ids` implementation, but then uses the `DatabaseUserService` for the other methods. Closes CLO-740. Release Notes: - N/A
178 lines
5 KiB
YAML
178 lines
5 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: ${ZED_KUBE_NAMESPACE}
|
|
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
namespace: ${ZED_KUBE_NAMESPACE}
|
|
name: ${ZED_SERVICE_NAME}
|
|
annotations:
|
|
service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
|
|
service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
|
|
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
|
|
service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
|
|
service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
|
|
spec:
|
|
type: LoadBalancer
|
|
selector:
|
|
app: ${ZED_SERVICE_NAME}
|
|
ports:
|
|
- name: web
|
|
protocol: TCP
|
|
port: 443
|
|
targetPort: 8080
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: ${ZED_KUBE_NAMESPACE}
|
|
name: ${ZED_SERVICE_NAME}
|
|
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
selector:
|
|
matchLabels:
|
|
app: ${ZED_SERVICE_NAME}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ${ZED_SERVICE_NAME}
|
|
spec:
|
|
containers:
|
|
- name: ${ZED_SERVICE_NAME}
|
|
image: "${ZED_IMAGE_ID}"
|
|
args:
|
|
- serve
|
|
- ${ZED_SERVICE_NAME}
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8080
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 1
|
|
startupProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8080
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 1
|
|
failureThreshold: 15
|
|
env:
|
|
- name: HTTP_PORT
|
|
value: "8080"
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: database
|
|
key: url
|
|
- name: DATABASE_MAX_CONNECTIONS
|
|
value: "${DATABASE_MAX_CONNECTIONS}"
|
|
- name: ZED_CLIENT_CHECKSUM_SEED
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: zed-client
|
|
key: checksum-seed
|
|
- name: ZED_CLOUD_INTERNAL_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: zed-cloud
|
|
key: internal-api-key
|
|
- name: LIVEKIT_SERVER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: livekit
|
|
key: server
|
|
- name: LIVEKIT_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: livekit
|
|
key: key
|
|
- name: LIVEKIT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: livekit
|
|
key: secret
|
|
- name: BLOB_STORE_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: blob-store
|
|
key: access_key
|
|
- name: BLOB_STORE_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: blob-store
|
|
key: secret_key
|
|
- name: BLOB_STORE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: blob-store
|
|
key: url
|
|
- name: BLOB_STORE_REGION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: blob-store
|
|
key: region
|
|
- name: BLOB_STORE_BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: blob-store
|
|
key: bucket
|
|
- name: KINESIS_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: kinesis
|
|
key: access_key
|
|
- name: KINESIS_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: kinesis
|
|
key: secret_key
|
|
- name: KINESIS_STREAM
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: kinesis
|
|
key: stream
|
|
- name: KINESIS_REGION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: kinesis
|
|
key: region
|
|
- name: BLOB_STORE_BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: blob-store
|
|
key: bucket
|
|
- name: RUST_BACKTRACE
|
|
value: "1"
|
|
- name: RUST_LOG
|
|
value: ${RUST_LOG}
|
|
- name: LOG_JSON
|
|
value: "true"
|
|
- name: ZED_ENVIRONMENT
|
|
value: ${ZED_ENVIRONMENT}
|
|
securityContext:
|
|
capabilities:
|
|
# TODO - Switch to the more restrictive `PERFMON` capability.
|
|
# This capability isn't yet available in a stable version of Debian.
|
|
add: ["SYS_ADMIN"]
|
|
terminationGracePeriodSeconds: 10
|