From 011e1c280d528dd7217001ff530a5bf0b2eb8a7a Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Wed, 20 Dec 2023 09:33:05 +0800 Subject: [PATCH 1/4] Set Cache-Control on responses to 60 seconds. --- status.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/status.py b/status.py index 385c51a..bf28a22 100644 --- a/status.py +++ b/status.py @@ -344,8 +344,8 @@ def healthcheck(): def healthcheck_json(): d = healthcheck() response.content_type = "application/json" - # Mark response as 'never cache'. - response.set_header("Cache-Control", "private, max-age=0") + # Mark response as "cache for 60 seconds". + response.set_header("Cache-Control", "max-age=60") return json.dumps(d) @@ -514,7 +514,8 @@ def healthcheck_http(): output += "Finished checks, something is wrong =(" output += "

" - response.set_header("Cache-Control", "private, max-age=0") + # Mark response as "cache for 60 seconds". + response.set_header("Cache-Control", "max-age=60") return OUTPUT_TEMPLATE.format(output) From 69f02607ec84df00dc4e9879f13e8518bd76de8a Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Wed, 20 Dec 2023 10:13:52 +0800 Subject: [PATCH 2/4] Less-aggressive healthcheck config. --- kustomize/base/deployment.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml index 9edd862..60ae8e5 100644 --- a/kustomize/base/deployment.yaml +++ b/kustomize/base/deployment.yaml @@ -26,19 +26,19 @@ spec: path: /liveness port: 8080 scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 3 + periodSeconds: 15 + successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 2 + timeoutSeconds: 10 readinessProbe: httpGet: path: /readiness port: 8080 scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 3 + periodSeconds: 15 + successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 2 + timeoutSeconds: 10 securityContext: runAsNonRoot: true privileged: false From 6a838a1a7d43926154e95dbf28ea1fe8a6b0e801 Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Wed, 20 Dec 2023 10:34:17 +0800 Subject: [PATCH 3/4] Added gunicorn to project, update Dockerfile. --- Dockerfile | 6 +++--- gunicorn.py | 14 ++++++++++++++ kustomize/base/deployment.yaml | 8 ++++++++ poetry.lock | 33 ++++++++++++++++++++++++++++++++- pyproject.toml | 1 + 5 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 gunicorn.py diff --git a/Dockerfile b/Dockerfile index b0c5a42..41e6c73 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN apt-get update -y \ # Install Python libs using Poetry. FROM builder_base_healthcheck as python_libs_healthcheck WORKDIR /app -ARG POETRY_VERSION=1.6.1 +ARG POETRY_VERSION=1.7.1 RUN pip install poetry=="${POETRY_VERSION}" COPY poetry.lock pyproject.toml ./ RUN poetry config virtualenvs.create false \ @@ -27,9 +27,9 @@ RUN groupadd -g "${GID}" appuser \ # Install the project. FROM python_libs_healthcheck -COPY status.py ./ +COPY gunicorn.py status.py ./ COPY static ./static USER ${UID} EXPOSE 8080 -CMD ["python", "status.py"] +CMD ["gunicorn", "status:application", "--config", "gunicorn.py"] diff --git a/gunicorn.py b/gunicorn.py new file mode 100644 index 0000000..f8fdc9d --- /dev/null +++ b/gunicorn.py @@ -0,0 +1,14 @@ +# Gunicorn configuration settings. +import multiprocessing + +bind = ":8080" +# Don't start too many workers: +workers = min(multiprocessing.cpu_count(), 4) +# Give workers an expiry: +max_requests = 2048 +max_requests_jitter = 256 +preload_app = True +# Set longer timeout for workers +timeout = 600 +# Disable access logging. +accesslog = None diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml index 60ae8e5..5762caa 100644 --- a/kustomize/base/deployment.yaml +++ b/kustomize/base/deployment.yaml @@ -47,4 +47,12 @@ spec: drop: - ALL readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: tmpfs-ram + volumes: + - name: tmpfs-ram + emptyDir: + medium: "Memory" restartPolicy: Always + terminationGracePeriodSeconds: 180 diff --git a/poetry.lock b/poetry.lock index e2a7570..9be1c33 100644 --- a/poetry.lock +++ b/poetry.lock @@ -189,6 +189,26 @@ files = [ [package.extras] tests = ["asttokens (>=2.1.0)", "coverage", "coverage-enable-subprocess", "ipython", "littleutils", "pytest", "rich"] +[[package]] +name = "gunicorn" +version = "21.2.0" +description = "WSGI HTTP Server for UNIX" +optional = false +python-versions = ">=3.5" +files = [ + {file = "gunicorn-21.2.0-py3-none-any.whl", hash = "sha256:3213aa5e8c24949e792bcacfc176fef362e7aac80b76c56f6b5122bf350722f0"}, + {file = "gunicorn-21.2.0.tar.gz", hash = "sha256:88ec8bff1d634f98e61b9f65bc4bf3cd918a90806c6f5c48bc5603849ec81033"}, +] + +[package.dependencies] +packaging = "*" + +[package.extras] +eventlet = ["eventlet (>=0.24.1)"] +gevent = ["gevent (>=1.4.0)"] +setproctitle = ["setproctitle"] +tornado = ["tornado (>=0.2)"] + [[package]] name = "idna" version = "3.6" @@ -269,6 +289,17 @@ files = [ [package.dependencies] traitlets = "*" +[[package]] +name = "packaging" +version = "23.2" +description = "Core utilities for Python packages" +optional = false +python-versions = ">=3.7" +files = [ + {file = "packaging-23.2-py3-none-any.whl", hash = "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7"}, + {file = "packaging-23.2.tar.gz", hash = "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5"}, +] + [[package]] name = "parso" version = "0.8.3" @@ -473,4 +504,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "38497ac32db28a82593951f7c090fa1e52bf36e7b6a8c4699c98574beab2e4f7" +content-hash = "6addd2923155b97b42ed59c8b2fb0926874f53ef4b3f8ae9393b229da9ff7a57" diff --git a/pyproject.toml b/pyproject.toml index 51457af..a6df157 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,6 +10,7 @@ bottle = "0.12.25" requests = "2.31.0" pytz = "2023.3.post1" python-dotenv = "1.0.0" +gunicorn = "21.2.0" [tool.poetry.group.dev.dependencies] ipython = "^8.10.0" From 3e02e369ae7a4caab0b3553b2dfbda750468a564 Mon Sep 17 00:00:00 2001 From: Ashley Felton Date: Wed, 20 Dec 2023 10:34:51 +0800 Subject: [PATCH 4/4] Increment project minor version. --- kustomize/overlays/prod/kustomization.yaml | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml index 0b2e5ac..02796a8 100644 --- a/kustomize/overlays/prod/kustomization.yaml +++ b/kustomize/overlays/prod/kustomization.yaml @@ -16,7 +16,7 @@ labels: variant: prod images: - name: ghcr.io/dbca-wa/healthcheck - newTag: 1.1.13 + newTag: 1.1.14 patches: - path: deployment_patch.yaml - path: service_patch.yaml diff --git a/pyproject.toml b/pyproject.toml index a6df157..8f52d91 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "healthcheck" -version = "1.1.13" +version = "1.1.14" description = "Internal service endpoint health check for Spatial Support System" authors = ["ASI "]