adding wts

gen3/bin/kube-setup-wts.sh

@@ -102,7 +102,10 @@ elif ! g3kubectl describe secret wts-g3auto | grep appcreds.json > /dev/null 2>&
   fi
 fi
 
-g3kubectl apply -f "${GEN3_HOME}/kube/services/wts/wts-service.yaml"  
+g3kubectl apply -f "${GEN3_HOME}/kube/services/wts/wts-service.yaml"
+g3kubectl apply -f "${GEN3_HOME}/kube/services/wts/wts-nginx.conf"
+g3kubectl apply -f "${GEN3_HOME}/kube/services/wts/wts-gunicorn.yaml"
+g3kubectl apply -f "${GEN3_HOME}/kube/services/nginx-sidecar/nginx.conf"
 gen3 roll wts
 
 gen3_log_info "The wts service has been deployed onto the k8s cluster."

kube/services/wts/wts-deploy.yaml

@@ -30,6 +30,10 @@ spec:
         GEN3_WTS_VERSION
         GEN3_ENV_LABEL
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -63,12 +67,21 @@ spec:
         - name: wts-secret
           secret:
             secretName: "wts-g3auto"
+        - name: wsgi-config
+          configMap:
+            name: wts-wsgi
+        - name: nginx-config
+          configMap:
+            name: wts-nginx-configmap
+        - name: nginx-main-config
+          configMap:
+            name: sidecar-nginx-main 
       serviceAccountName: workspace-token-service
       containers:
       - name: wts
         GEN3_WTS_IMAGE
         ports:
-        - containerPort: 80
+        - containerPort: 8000
         env:
         - name: POSTGRES_CREDS_FILE
           value: "/var/www/wts/dbcreds.json"
@@ -119,23 +132,43 @@ spec:
           readOnly: true
           mountPath: "/var/www/wts/appcreds.json"
           subPath: appcreds.json
+        - name: "wsgi-config"
+          mountPath: "/wts/deployment/wsgi/gunicorn.conf.py"
+          subPath: gunicorn.conf.py
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
             path: /_status
-            port: 80
+            port: 8000
           failureThreshold: 10
           initialDelaySeconds: 5
         readinessProbe:
           httpGet:
             path: /_status
-            port: 80
+            port: 8000
         resources:
           requests:
             cpu: 100m
             memory: 200Mi
           limits:
             memory: 512Mi
+      - name: sidecar-nginx
+        image: quay.io/cdis/nginx-sidecar:nginx-sidecar-feat_nginx-sidecar
+        imagePullPolicy: IfNotPresent
+        ports:
+          - name: http
+            containerPort: 8080
+        readinessProbe:
+          httpGet:
+            path: /_status
+            port: http
+        volumeMounts:
+          - name: "nginx-main-config"
+            mountPath: "/etc/nginx/nginx.conf"
+            subPath: "nginx.conf"
+          - name: "nginx-config"
+            mountPath: "/etc/nginx/conf.d/default.conf"
+            subPath: default.conf
       initContainers:
         - name: wts-db-migrate
           GEN3_WTS_IMAGE

kube/services/wts/wts-gunicorn.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wts-wsgi
+data:
+  gunicorn.conf.py: |
+    wsgi_app = "deployment.wsgi.wsgi:application"
+    bind = "0.0.0.0:8000"
+    workers = 1
+    user = 'gen3'
+    group = 'gen3'
+    timeout = 300
+    worker_class = "uvicorn.workers.UvicornWorker"

kube/services/wts/wts-nginx.conf

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wts-nginx-configmap
+data:
+  default.conf: |
+      server {
+          listen 8080;
+          server_name localhost;
+          location / {
+              proxy_pass http://127.0.0.1:8000;  # Gunicorn binds to this address
+          }
+      }