diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index de832edcd5b576aeaabd8f13451ef5d71e524aab..7e68e2bbfec2769133c11a260b32659140c6560f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,6 @@ variables: DOCKER_HOST: "tcp://docker-dind.gitlab:2375" + AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS: "--network host" POSTGRES_ENABLED: "false" CODE_QUALITY_DISABLED: "true" CONTAINER_SCANNING_DISABLED: "true" @@ -81,8 +82,6 @@ build: services: review: - services: - - redis:latest variables: HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.tls.enabled=false --set ingress.annotations.kubernetes\.io/tls-acme="false" --set ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect="false" ROLLOUT_RESOURCE_TYPE: deployment diff --git a/Dockerfile b/Dockerfile index 4d14f11cf46a91ffa73ae94601145a21f73bf2e3..8e3937435a36d6ff7ad46149d846a3c738a979db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,66 @@ -FROM registry.metager.de/open-source/proxy/php-fpm:latest +FROM alpine:3.11.3 -COPY . /html +RUN apk add --update \ + nginx \ + tzdata \ + ca-certificates \ + dcron \ + php7 \ + php7-fpm \ + php7-json \ + php7-session \ + php7-openssl \ + php7-bcmath \ + php7-ctype \ + php7-mbstring \ + php7-pdo \ + php7-tokenizer \ + php7-xml \ + php7-curl \ + php7-dom \ + && rm -rf /var/cache/apk/* + +WORKDIR /html + +RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \ + sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \ + sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \ + sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \ + # Opcache configuration + sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php7/php.ini && \ + sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php7/php.ini && \ + sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php7/php.ini && \ + sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php7/php.ini && \ + sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php7/php.ini && \ + sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php7/php.ini && \ + sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php7/php.ini && \ + ln -s /dev/null /var/log/nginx/access.log && \ + ln -s /dev/stdout /var/log/nginx/error.log && \ + cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \ + echo "Europe/Berlin" > /etc/timezone && \ + (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab - + + +COPY config/nginx.conf /etc/nginx/nginx.conf +COPY config/nginx-default.conf /etc/nginx/conf.d/default.conf +RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/conf.d/default.conf +COPY --chown=root:nginx . /html WORKDIR /html EXPOSE 80 -CMD /html/service-configs/start.sh +CMD crond -L /dev/stdout && \ + php-fpm7 diff --git a/DockerfileDev b/DockerfileDev new file mode 100644 index 0000000000000000000000000000000000000000..380f662d134681a6a31089e4247de75726360934 --- /dev/null +++ b/DockerfileDev @@ -0,0 +1,52 @@ +FROM alpine:3.11.3 + +RUN apk add --update \ + nginx \ + tzdata \ + ca-certificates \ + dcron \ + php7 \ + php7-fpm \ + php7-json \ + php7-session \ + php7-openssl \ + php7-bcmath \ + php7-ctype \ + php7-mbstring \ + php7-pdo \ + php7-tokenizer \ + php7-xml \ + php7-curl \ + php7-dom \ + && rm -rf /var/cache/apk/* + +WORKDIR /html + +RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \ + sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \ + sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \ + sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \ + sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \ + ln -s /dev/null /var/log/nginx/access.log && \ + ln -s /dev/stdout /var/log/nginx/error.log && \ + cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \ + echo "Europe/Berlin" > /etc/timezone && \ + (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab - + +WORKDIR /html +EXPOSE 80 + +CMD crond -L /dev/stdout && \ + php-fpm7 diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 0e9474472f73440d41032de90387177ae3f850ac..bd3d8be18066789ac92c1196252ffb8a9bdefc94 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: imagePullSecrets: {{ toYaml .Values.image.secrets | indent 10 }} containers: - - name: {{ .Chart.Name }} + - name: {{ .Chart.Name }}-phpfpm image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.application.secretName }} @@ -52,73 +52,76 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: REDIS_SERVICE_NAME - value: {{ template "fullname" . }}-redis + ports: + - name: "{{ .Values.service.name }}-phpfpm" + containerPort: 9000 + livenessProbe: + tcpSocket: + port: "{{ .Values.service.name }}-phpfpm" + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + readinessProbe: + tcpSocket: + port: "{{ .Values.service.name }}-phpfpm" + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} +# NGINX + - name: {{ .Chart.Name }}-nginx + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["nginx"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.application.secretName }} + envFrom: + - secretRef: + name: {{ .Values.application.secretName }} + {{- end }} + env: + - name: DATABASE_URL + value: {{ .Values.application.database_url | quote }} + - name: GITLAB_ENVIRONMENT_NAME + value: {{ .Values.gitlab.envName }} + - name: GITLAB_ENVIRONMENT_URL + value: {{ .Values.gitlab.envURL }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace ports: - name: "{{ .Values.service.name }}" containerPort: {{ .Values.service.internalPort }} livenessProbe: httpGet: path: {{ .Values.livenessProbe.path }} - port: {{ .Values.service.internalPort }} scheme: {{ .Values.livenessProbe.scheme }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: path: {{ .Values.readinessProbe.path }} - port: {{ .Values.service.internalPort }} scheme: {{ .Values.readinessProbe.scheme }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} resources: {{ toYaml .Values.resources | indent 12 }} ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ template "trackableappname" . }}-redis - annotations: - {{ if .Values.gitlab.app }}app.gitlab.com/app: {{ .Values.gitlab.app | quote }}{{ end }} - {{ if .Values.gitlab.env }}app.gitlab.com/env: {{ .Values.gitlab.env | quote }}{{ end }} - labels: - app: {{ template "appname" . }}-redis - track: "{{ .Values.application.track }}" - tier: "{{ .Values.application.tier }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ template "appname" . }}-redis - track: "{{ .Values.application.track }}" - tier: "{{ .Values.application.tier }}" - release: {{ .Release.Name }} - spec: - containers: +# REDIS - name: {{ .Chart.Name }}-redis - image: "redis:latest" + image: "redis:5.0.3-alpine" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - containerPort: 6379 + - name: "{{ .Values.service.name }}-redis" + containerPort: 6379 livenessProbe: - exec: - command: - - sh - - -c - - redis-cli ping + tcpSocket: + port: "{{ .Values.service.name }}-redis" initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: - exec: - command: - - sh - - -c - - redis-cli ping + tcpSocket: + port: "{{ .Values.service.name }}-redis" initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - resources: -{{ toYaml .Values.resources | indent 12 }} {{- end -}} \ No newline at end of file diff --git a/config/nginx-default.conf b/config/nginx-default.conf new file mode 100644 index 0000000000000000000000000000000000000000..6c237d3ab201dcb7a9d475a3572f4bcea41e52b7 --- /dev/null +++ b/config/nginx-default.conf @@ -0,0 +1,54 @@ +server { + listen 80; + server_name localhost; + root /html/public; + index index.php index.html index.htm; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + try_files $uri /index.php =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass phpfpm:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/config/nginx.conf b/config/nginx.conf new file mode 100644 index 0000000000000000000000000000000000000000..b2d7e2d661ed546eef52d01facb6ca79df01ec10 --- /dev/null +++ b/config/nginx.conf @@ -0,0 +1,32 @@ +user nginx; +worker_processes 100; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +daemon off; + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/docker-compose.yml b/docker-compose.yml index 72a9be54a11e264f55f98d94edcb5d5a450c9f76..18ed16ba0b7a8f7ea4d7c61e9187eae980d3463f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,17 +11,31 @@ services: - .:/usr/src/app working_dir: /usr/src/app command: bash -c "npm install && npm run watch" - web: + phpfpm: depends_on: - "phpdeps" - "assets" - "redis" - build: . + restart: on-failure + build: + context: . + dockerfile: DockerfileDev + image: metager:latest + working_dir: /html + volumes: + - .:/html + web: + depends_on: + - "phpfpm" + image: metager:latest working_dir: /html + command: nginx volumes: - .:/html + - ./config/nginx.conf:/etc/nginx/nginx.conf + - ./config/nginx-default.conf:/etc/nginx/conf.d/default.conf ports: - "8080:80" redis: - image: redis + image: redis:5.0.3-alpine container_name: redis \ No newline at end of file