Tool:Containers
Phabricator project: #Tool-containers
 Toolforge Containers
| |
|---|---|
| |
| Website | https://toolsadmin.wikimedia.org/tools/id/containers |
| Description | Collection of Build Service manged containers suitable for reuse by other tools. |
| Keywords | build-service, container |
| Author(s) | BryanDavis |
| Maintainer(s) | BryanDavis (View all) |
| License | GNU General Public License 3.0 or later |
| Issues | Open tasks · Report a bug |
| Admin log | Tools.containers/SAL |
Toolforge Containers is a project to maintain and publish a collection of build service managed containers for use by other Toolforge tools.
Containers
BNC container
Container running ZNC to act as a BNC (Bounced Network Connection) for an IRC bot. The container also includes Irssi with configuration to connect to the bouncer.
- Container name
- tool-containers/bnc:latest
- Commands
- bouncer - Run ZNC
- client - Run irssi
- Source code
- https://gitlab.wikimedia.org/toolforge-repos/containers-bnc
- Usage
$ ssh login.toolforge.org $ become $TOOL $ toolforge envvars create BNC_USER $ toolforge envvars create BNC_NICK $ toolforge envvars create BNC_REALNAME $ toolforge envvars create BNC_PASSWORD $ toolforge jobs run \ --image tool-containers/bnc:latest \ --command bouncer \ --continuous \ --emails none \ --port 6667 \ bnc
The ZNC server will be available to your other containers at bnc:6667. Clients will need to authenticate as $BNC_USER/$BNC_NETWORK:$BNC_PASSWORD. The default BNC_NETWORK value is "libera".
Redirect container
Container for redirecting all web requests to a different host.
- Container name
- tool-containers/redirect:latest
- Commands
- web - Run redirect webservice
- Source code
- https://gitlab.wikimedia.org/toolforge-repos/containers-redirect
- Usage
$ ssh login.toolforge.org $ become $TOOL $ toolforge envvars create REDIRECT_HOST $ cat > $HOME/service.template <<EOF type: buildservice buildservice-image: tool-containers/redirect:latest health-check-path: /healthz mount: none cpu: 125m mem: 128Mi EOF $ toolforge webservice start
Configuration
The redirector can be configured using environment variables.
- REDIRECT_HOST
- Replace the host component of the requested URL with this value.
- Example:
another-tool.toolforge.org - Required
- REDIRECT_PATH
- Format string for constructing the path of the target URL. A %s in the value will be replaced by the request URL path in the target URL.
- Example:
/new_path_prefix%s - Default:
%s - REDIRECT_PROTO
- Set the protocol of the target URL.
- Default:
https
Redis container
Container running Redis.
- Container name
- tool-containers/redis:latest
- Commands
- server - Run redis-server
- client - Run redis-cli
- Source code
- https://gitlab.wikimedia.org/toolforge-repos/containers-redis
- Usage
$ ssh login.toolforge.org $ become $TOOL $ toolforge envvars create REDIS_PASSWORD $ toolforge jobs run \ --image tool-containers/redis:latest \ --command server \ --continuous \ --emails none \ --port 6379 \ redis
The Redis server will be available to your other containers at redis:6379.
Clients will need to use the REDIS_PASSWORD envvar to authenticate to the server.
Reverse proxy container
Any objects manually created in Kubernetes (as opposed to using
toolforge clients and APIs) are not officially supported by the Toolforge admin team. They may stop working without notice following any Kubernetes software update or platform outage.
Container for reverse proxying requests to one or more upstream servers.
- Container name
- tool-containers/rproxy:latest
- Commands
- web - Run reverse proxy webservice
- Source code
- https://gitlab.wikimedia.org/toolforge-repos/containers-rproxy
- Usage
$ ssh dev.toolforge.org $ become $TOOL $ toolforge envvars create RPROXY_CONFIG << '_EOF' --- routes: - upstream: https://example.com path: /com(/|$)(.*) template: /$2 - upstream: https://example.org path: /org(/|$)(.*) template: /$2 _EOF $ toolforge jobs run \ --image tool-containers/rproxy:latest \ --command web \ --continuous \ --port 8000 \ --health-check-http /healthz \ rproxy $ TOOL=$(whoami | cut -d. -f2) $ kubectl apply --validate=true -f - << _EOF apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: rproxy spec: hostnames: [$TOOL.toolforge.org] rules: - matches: - path: {value: /com, type: PathPrefix} - path: {value: /org, type: PathPrefix} backendRefs: [{name: rproxy, port: 8000, kind: Service}] parentRefs: [{name: toolforge, kind: Gateway, group: gateway.networking.k8s.io, namespace: istio-gateway}] _EOF
The parentRefs section is basically a magic string to copy to connect your new routes to the common Gateway object shared across all tools.
Configuration
The reverse proxy can be configured using environment variables.
- RPROXY_CONFIG
- YAML document configuring list of one or more routes to proxy.
- The application expects a top level
routesmapping to a list of one or more route configurations. - Each route in the list must include these keys:
- An
upstreamURL providing the protocol, host, and base path for upstream requests. - A
pathregular expression pattern for constructing the path of the target URL from the request path. Capture groups in the regex will be combined with the associatedtemplatestring to create the upstream request path. - A
templatepattern used to apply captures from thepathregex to the path for the upstream request. Variables of the form$nameand${name}will be replaced with corresponding capture groups from the associated path regular expression.
- An
- Required
- GO_LOG
- Configure the log/slog logging handler used by rproxy.
- Setting this envvar to
debugwill make the app emit a log event for each request to the proxy. - Default: info