diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index de832edcd5b576aeaabd8f13451ef5d71e524aab..7e68e2bbfec2769133c11a260b32659140c6560f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,6 @@
variables:
DOCKER_HOST: "tcp://docker-dind.gitlab:2375"
+ AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS: "--network host"
POSTGRES_ENABLED: "false"
CODE_QUALITY_DISABLED: "true"
CONTAINER_SCANNING_DISABLED: "true"
@@ -81,8 +82,6 @@ build:
services:
review:
- services:
- - redis:latest
variables:
HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.tls.enabled=false --set ingress.annotations.kubernetes\.io/tls-acme="false" --set ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect="false"
ROLLOUT_RESOURCE_TYPE: deployment
diff --git a/Dockerfile b/Dockerfile
index 4d14f11cf46a91ffa73ae94601145a21f73bf2e3..8e3937435a36d6ff7ad46149d846a3c738a979db 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,66 @@
-FROM registry.metager.de/open-source/proxy/php-fpm:latest
+FROM alpine:3.11.3
-COPY . /html
+RUN apk add --update \
+ nginx \
+ tzdata \
+ ca-certificates \
+ dcron \
+ php7 \
+ php7-fpm \
+ php7-json \
+ php7-session \
+ php7-openssl \
+ php7-bcmath \
+ php7-ctype \
+ php7-mbstring \
+ php7-pdo \
+ php7-tokenizer \
+ php7-xml \
+ php7-curl \
+ php7-dom \
+ && rm -rf /var/cache/apk/*
+
+WORKDIR /html
+
+RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \
+ sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \
+ sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \
+ sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \
+ # Opcache configuration
+ sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php7/php.ini && \
+ sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php7/php.ini && \
+ sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php7/php.ini && \
+ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php7/php.ini && \
+ sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php7/php.ini && \
+ sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php7/php.ini && \
+ sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php7/php.ini && \
+ ln -s /dev/null /var/log/nginx/access.log && \
+ ln -s /dev/stdout /var/log/nginx/error.log && \
+ cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
+ echo "Europe/Berlin" > /etc/timezone && \
+ (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
+
+
+COPY config/nginx.conf /etc/nginx/nginx.conf
+COPY config/nginx-default.conf /etc/nginx/conf.d/default.conf
+RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/conf.d/default.conf
+COPY --chown=root:nginx . /html
WORKDIR /html
EXPOSE 80
-CMD /html/service-configs/start.sh
+CMD crond -L /dev/stdout && \
+ php-fpm7
diff --git a/DockerfileDev b/DockerfileDev
new file mode 100644
index 0000000000000000000000000000000000000000..380f662d134681a6a31089e4247de75726360934
--- /dev/null
+++ b/DockerfileDev
@@ -0,0 +1,52 @@
+FROM alpine:3.11.3
+
+RUN apk add --update \
+ nginx \
+ tzdata \
+ ca-certificates \
+ dcron \
+ php7 \
+ php7-fpm \
+ php7-json \
+ php7-session \
+ php7-openssl \
+ php7-bcmath \
+ php7-ctype \
+ php7-mbstring \
+ php7-pdo \
+ php7-tokenizer \
+ php7-xml \
+ php7-curl \
+ php7-dom \
+ && rm -rf /var/cache/apk/*
+
+WORKDIR /html
+
+RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \
+ sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \
+ sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+ sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \
+ sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \
+ ln -s /dev/null /var/log/nginx/access.log && \
+ ln -s /dev/stdout /var/log/nginx/error.log && \
+ cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
+ echo "Europe/Berlin" > /etc/timezone && \
+ (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
+
+WORKDIR /html
+EXPOSE 80
+
+CMD crond -L /dev/stdout && \
+ php-fpm7
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index 0e9474472f73440d41032de90387177ae3f850ac..bd3d8be18066789ac92c1196252ffb8a9bdefc94 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
imagePullSecrets:
{{ toYaml .Values.image.secrets | indent 10 }}
containers:
- - name: {{ .Chart.Name }}
+ - name: {{ .Chart.Name }}-phpfpm
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.application.secretName }}
@@ -52,73 +52,76 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- - name: REDIS_SERVICE_NAME
- value: {{ template "fullname" . }}-redis
+ ports:
+ - name: "{{ .Values.service.name }}-phpfpm"
+ containerPort: 9000
+ livenessProbe:
+ tcpSocket:
+ port: "{{ .Values.service.name }}-phpfpm"
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ readinessProbe:
+ tcpSocket:
+ port: "{{ .Values.service.name }}-phpfpm"
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+# NGINX
+ - name: {{ .Chart.Name }}-nginx
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ command: ["nginx"]
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.application.secretName }}
+ envFrom:
+ - secretRef:
+ name: {{ .Values.application.secretName }}
+ {{- end }}
+ env:
+ - name: DATABASE_URL
+ value: {{ .Values.application.database_url | quote }}
+ - name: GITLAB_ENVIRONMENT_NAME
+ value: {{ .Values.gitlab.envName }}
+ - name: GITLAB_ENVIRONMENT_URL
+ value: {{ .Values.gitlab.envURL }}
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
ports:
- name: "{{ .Values.service.name }}"
containerPort: {{ .Values.service.internalPort }}
livenessProbe:
httpGet:
path: {{ .Values.livenessProbe.path }}
- port: {{ .Values.service.internalPort }}
scheme: {{ .Values.livenessProbe.scheme }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe:
httpGet:
path: {{ .Values.readinessProbe.path }}
- port: {{ .Values.service.internalPort }}
scheme: {{ .Values.readinessProbe.scheme }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
resources:
{{ toYaml .Values.resources | indent 12 }}
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ template "trackableappname" . }}-redis
- annotations:
- {{ if .Values.gitlab.app }}app.gitlab.com/app: {{ .Values.gitlab.app | quote }}{{ end }}
- {{ if .Values.gitlab.env }}app.gitlab.com/env: {{ .Values.gitlab.env | quote }}{{ end }}
- labels:
- app: {{ template "appname" . }}-redis
- track: "{{ .Values.application.track }}"
- tier: "{{ .Values.application.tier }}"
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ template "appname" . }}-redis
- track: "{{ .Values.application.track }}"
- tier: "{{ .Values.application.tier }}"
- release: {{ .Release.Name }}
- spec:
- containers:
+# REDIS
- name: {{ .Chart.Name }}-redis
- image: "redis:latest"
+ image: "redis:5.0.3-alpine"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- - containerPort: 6379
+ - name: "{{ .Values.service.name }}-redis"
+ containerPort: 6379
livenessProbe:
- exec:
- command:
- - sh
- - -c
- - redis-cli ping
+ tcpSocket:
+ port: "{{ .Values.service.name }}-redis"
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe:
- exec:
- command:
- - sh
- - -c
- - redis-cli ping
+ tcpSocket:
+ port: "{{ .Values.service.name }}-redis"
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
- resources:
-{{ toYaml .Values.resources | indent 12 }}
{{- end -}}
\ No newline at end of file
diff --git a/config/nginx-default.conf b/config/nginx-default.conf
new file mode 100644
index 0000000000000000000000000000000000000000..6c237d3ab201dcb7a9d475a3572f4bcea41e52b7
--- /dev/null
+++ b/config/nginx-default.conf
@@ -0,0 +1,54 @@
+server {
+ listen 80;
+ server_name localhost;
+ root /html/public;
+ index index.php index.html index.htm;
+
+ #charset koi8-r;
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ try_files $uri $uri/ /index.php?$query_string;
+ }
+
+ location ~ \.php$ {
+ try_files $uri /index.php =404;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass phpfpm:9000;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+ #
+ #location ~ \.php$ {
+ # proxy_pass http://127.0.0.1;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # root html;
+ # fastcgi_pass 127.0.0.1:9000;
+ # fastcgi_index index.php;
+ # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
diff --git a/config/nginx.conf b/config/nginx.conf
new file mode 100644
index 0000000000000000000000000000000000000000..b2d7e2d661ed546eef52d01facb6ca79df01ec10
--- /dev/null
+++ b/config/nginx.conf
@@ -0,0 +1,32 @@
+user nginx;
+worker_processes 100;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+daemon off;
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ gzip on;
+
+ include /etc/nginx/conf.d/*.conf;
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index 72a9be54a11e264f55f98d94edcb5d5a450c9f76..18ed16ba0b7a8f7ea4d7c61e9187eae980d3463f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,17 +11,31 @@ services:
- .:/usr/src/app
working_dir: /usr/src/app
command: bash -c "npm install && npm run watch"
- web:
+ phpfpm:
depends_on:
- "phpdeps"
- "assets"
- "redis"
- build: .
+ restart: on-failure
+ build:
+ context: .
+ dockerfile: DockerfileDev
+ image: metager:latest
+ working_dir: /html
+ volumes:
+ - .:/html
+ web:
+ depends_on:
+ - "phpfpm"
+ image: metager:latest
working_dir: /html
+ command: nginx
volumes:
- .:/html
+ - ./config/nginx.conf:/etc/nginx/nginx.conf
+ - ./config/nginx-default.conf:/etc/nginx/conf.d/default.conf
ports:
- "8080:80"
redis:
- image: redis
+ image: redis:5.0.3-alpine
container_name: redis
\ No newline at end of file