From 011e1c280d528dd7217001ff530a5bf0b2eb8a7a Mon Sep 17 00:00:00 2001
From: Ashley Felton
Date: Wed, 20 Dec 2023 09:33:05 +0800
Subject: [PATCH 1/4] Set Cache-Control on responses to 60 seconds.
---
status.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/status.py b/status.py
index 385c51a..bf28a22 100644
--- a/status.py
+++ b/status.py
@@ -344,8 +344,8 @@ def healthcheck():
def healthcheck_json():
d = healthcheck()
response.content_type = "application/json"
- # Mark response as 'never cache'.
- response.set_header("Cache-Control", "private, max-age=0")
+ # Mark response as "cache for 60 seconds".
+ response.set_header("Cache-Control", "max-age=60")
return json.dumps(d)
@@ -514,7 +514,8 @@ def healthcheck_http():
output += "Finished checks, something is wrong =("
output += "
"
- response.set_header("Cache-Control", "private, max-age=0")
+ # Mark response as "cache for 60 seconds".
+ response.set_header("Cache-Control", "max-age=60")
return OUTPUT_TEMPLATE.format(output)
From 69f02607ec84df00dc4e9879f13e8518bd76de8a Mon Sep 17 00:00:00 2001
From: Ashley Felton
Date: Wed, 20 Dec 2023 10:13:52 +0800
Subject: [PATCH 2/4] Less-aggressive healthcheck config.
---
kustomize/base/deployment.yaml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml
index 9edd862..60ae8e5 100644
--- a/kustomize/base/deployment.yaml
+++ b/kustomize/base/deployment.yaml
@@ -26,19 +26,19 @@ spec:
path: /liveness
port: 8080
scheme: HTTP
- initialDelaySeconds: 3
- periodSeconds: 3
+ periodSeconds: 15
+ successThreshold: 1
failureThreshold: 3
- timeoutSeconds: 2
+ timeoutSeconds: 10
readinessProbe:
httpGet:
path: /readiness
port: 8080
scheme: HTTP
- initialDelaySeconds: 3
- periodSeconds: 3
+ periodSeconds: 15
+ successThreshold: 1
failureThreshold: 3
- timeoutSeconds: 2
+ timeoutSeconds: 10
securityContext:
runAsNonRoot: true
privileged: false
From 6a838a1a7d43926154e95dbf28ea1fe8a6b0e801 Mon Sep 17 00:00:00 2001
From: Ashley Felton
Date: Wed, 20 Dec 2023 10:34:17 +0800
Subject: [PATCH 3/4] Added gunicorn to project, update Dockerfile.
---
Dockerfile | 6 +++---
gunicorn.py | 14 ++++++++++++++
kustomize/base/deployment.yaml | 8 ++++++++
poetry.lock | 33 ++++++++++++++++++++++++++++++++-
pyproject.toml | 1 +
5 files changed, 58 insertions(+), 4 deletions(-)
create mode 100644 gunicorn.py
diff --git a/Dockerfile b/Dockerfile
index b0c5a42..41e6c73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ RUN apt-get update -y \
# Install Python libs using Poetry.
FROM builder_base_healthcheck as python_libs_healthcheck
WORKDIR /app
-ARG POETRY_VERSION=1.6.1
+ARG POETRY_VERSION=1.7.1
RUN pip install poetry=="${POETRY_VERSION}"
COPY poetry.lock pyproject.toml ./
RUN poetry config virtualenvs.create false \
@@ -27,9 +27,9 @@ RUN groupadd -g "${GID}" appuser \
# Install the project.
FROM python_libs_healthcheck
-COPY status.py ./
+COPY gunicorn.py status.py ./
COPY static ./static
USER ${UID}
EXPOSE 8080
-CMD ["python", "status.py"]
+CMD ["gunicorn", "status:application", "--config", "gunicorn.py"]
diff --git a/gunicorn.py b/gunicorn.py
new file mode 100644
index 0000000..f8fdc9d
--- /dev/null
+++ b/gunicorn.py
@@ -0,0 +1,14 @@
+# Gunicorn configuration settings.
+import multiprocessing
+
+bind = ":8080"
+# Don't start too many workers:
+workers = min(multiprocessing.cpu_count(), 4)
+# Give workers an expiry:
+max_requests = 2048
+max_requests_jitter = 256
+preload_app = True
+# Set longer timeout for workers
+timeout = 600
+# Disable access logging.
+accesslog = None
diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml
index 60ae8e5..5762caa 100644
--- a/kustomize/base/deployment.yaml
+++ b/kustomize/base/deployment.yaml
@@ -47,4 +47,12 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmpfs-ram
+ volumes:
+ - name: tmpfs-ram
+ emptyDir:
+ medium: "Memory"
restartPolicy: Always
+ terminationGracePeriodSeconds: 180
diff --git a/poetry.lock b/poetry.lock
index e2a7570..9be1c33 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -189,6 +189,26 @@ files = [
[package.extras]
tests = ["asttokens (>=2.1.0)", "coverage", "coverage-enable-subprocess", "ipython", "littleutils", "pytest", "rich"]
+[[package]]
+name = "gunicorn"
+version = "21.2.0"
+description = "WSGI HTTP Server for UNIX"
+optional = false
+python-versions = ">=3.5"
+files = [
+ {file = "gunicorn-21.2.0-py3-none-any.whl", hash = "sha256:3213aa5e8c24949e792bcacfc176fef362e7aac80b76c56f6b5122bf350722f0"},
+ {file = "gunicorn-21.2.0.tar.gz", hash = "sha256:88ec8bff1d634f98e61b9f65bc4bf3cd918a90806c6f5c48bc5603849ec81033"},
+]
+
+[package.dependencies]
+packaging = "*"
+
+[package.extras]
+eventlet = ["eventlet (>=0.24.1)"]
+gevent = ["gevent (>=1.4.0)"]
+setproctitle = ["setproctitle"]
+tornado = ["tornado (>=0.2)"]
+
[[package]]
name = "idna"
version = "3.6"
@@ -269,6 +289,17 @@ files = [
[package.dependencies]
traitlets = "*"
+[[package]]
+name = "packaging"
+version = "23.2"
+description = "Core utilities for Python packages"
+optional = false
+python-versions = ">=3.7"
+files = [
+ {file = "packaging-23.2-py3-none-any.whl", hash = "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7"},
+ {file = "packaging-23.2.tar.gz", hash = "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5"},
+]
+
[[package]]
name = "parso"
version = "0.8.3"
@@ -473,4 +504,4 @@ files = [
[metadata]
lock-version = "2.0"
python-versions = "^3.10"
-content-hash = "38497ac32db28a82593951f7c090fa1e52bf36e7b6a8c4699c98574beab2e4f7"
+content-hash = "6addd2923155b97b42ed59c8b2fb0926874f53ef4b3f8ae9393b229da9ff7a57"
diff --git a/pyproject.toml b/pyproject.toml
index 51457af..a6df157 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -10,6 +10,7 @@ bottle = "0.12.25"
requests = "2.31.0"
pytz = "2023.3.post1"
python-dotenv = "1.0.0"
+gunicorn = "21.2.0"
[tool.poetry.group.dev.dependencies]
ipython = "^8.10.0"
From 3e02e369ae7a4caab0b3553b2dfbda750468a564 Mon Sep 17 00:00:00 2001
From: Ashley Felton
Date: Wed, 20 Dec 2023 10:34:51 +0800
Subject: [PATCH 4/4] Increment project minor version.
---
kustomize/overlays/prod/kustomization.yaml | 2 +-
pyproject.toml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml
index 0b2e5ac..02796a8 100644
--- a/kustomize/overlays/prod/kustomization.yaml
+++ b/kustomize/overlays/prod/kustomization.yaml
@@ -16,7 +16,7 @@ labels:
variant: prod
images:
- name: ghcr.io/dbca-wa/healthcheck
- newTag: 1.1.13
+ newTag: 1.1.14
patches:
- path: deployment_patch.yaml
- path: service_patch.yaml
diff --git a/pyproject.toml b/pyproject.toml
index a6df157..8f52d91 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "healthcheck"
-version = "1.1.13"
+version = "1.1.14"
description = "Internal service endpoint health check for Spatial Support System"
authors = ["ASI "]