backend/Dockerfile

@@ -12,18 +12,32 @@ COPY ./pyproject.toml ./poetry.lock* /tmp/
 
 RUN poetry export -f requirements.txt --output requirements.txt --without-hashes
 
-FROM python:3.11.4-slim-bookworm
+FROM python:3.11.4-slim-bookworm as django
 
-RUN apt update -y && apt upgrade -y && apt install -y python3-dev libpq-dev
+RUN apt update -y && apt upgrade -y && apt install -y python3-dev libpq-dev cron
 
-WORKDIR /code
+RUN useradd -ms /bin/bash worker && usermod -aG crontab worker
 
-COPY --from=requirements-stage /tmp/requirements.txt /code/requirements.txt
+WORKDIR  /code
+
+
+RUN echo "*/5 * * * * python /code/manage.py clear-sessions-history > /proc/1/fd/1 2>&1" >> /etc/cron.d/clean-session \
+    && crontab -u worker /etc/cron.d/clean-session \
+    && chmod u+s /usr/sbin/cron
+
+RUN chown root:worker /var/run && chmod g+w /var/run
+RUN touch /var/run/crond.pid && chown worker:worker /var/run/crond.pid
+
+COPY --chown=worker:worker --from=requirements-stage /tmp/requirements.txt /code/requirements.txt
 
 RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt
 
-COPY . ./
+USER worker
 
-EXPOSE 8000
+COPY --chown=worker:worker . ./
 
+EXPOSE 8000
+# CMD ["service", "cron", "start"]
 CMD ["gunicorn", "--timeout", "120", "--bind", ":8000", "defense_finder_api.wsgi:application"]
+
+

backend/docker-cron/clean.cron

+*/5 * * * * python /code/manage.py clear-sessions-history

deploy/charts/djangoninja/templates/deployment.yaml

@@ -93,6 +93,59 @@ spec:
             #   name: server-static
             - mountPath: /uploaded-files
               name: uploaded-files
+        - name: "{{ .Chart.Name }}-cron"
+
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: 
+            - cron
+          envFrom:
+          - configMapRef:
+              name: galaxy-config-map
+          env:
+            - name: DEBUG
+              value: "True"
+            - name: SECRET_KEY
+              value: {{ .Values.django.secret }}
+            - name: GALAXY_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: galaxy-secret
+                  key: galaxy_key
+            - name: DF_HOSTNAME
+              value: {{ .Release.Name }}  
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.user }}.{{ .Values.postgresql.teamId }}-postgresql.credentials.postgresql.acid.zalan.do"
+                  key: password
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.user }}.{{ .Values.postgresql.teamId }}-postgresql.credentials.postgresql.acid.zalan.do"
+                  key: username
+            - name: POSTGRES_DB 
+              value: {{ .Values.postgresql.name }}
+            - name: DATABASE_URL
+              value: "psql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@{{ .Values.postgresql.teamId }}-postgresql:5432/$(POSTGRES_DB)"
+          # livenessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: 8000
+          # readinessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: 8000
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            # - mountPath: /code/public/static
+            #   name: server-static
+            - mountPath: /uploaded-files
+              name: uploaded-files
+
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

deploy/charts/djangoninja/values.yaml

@@ -37,8 +37,8 @@ securityContext:
   #   - ALL
   # readOnlyRootFilesystem: true
   runAsNonRoot: true
-  runAsUser: 1001
-  fsGroup: 1001
+  runAsUser: 1000
+  fsGroup: 1000
 
 service:
   type: ClusterIP