55 lines
1.4 KiB
Markdown
55 lines
1.4 KiB
Markdown
# Django on Railiance
|
|
|
|
This is the short recipe for Django workloads running as S5 apps on the
|
|
Railiance cluster.
|
|
|
|
## Probe Host Header
|
|
|
|
Production Django usually runs with `DEBUG=False` and a narrow
|
|
`ALLOWED_HOSTS`. Kubelet HTTP probes do not use the public app host by
|
|
default; they send the pod IP as the `Host` header. Django rejects that
|
|
before the request reaches the health view, so kubelet sees `HTTP 400`
|
|
and restarts an otherwise healthy pod.
|
|
|
|
Set the probe `Host` header to a value that is also present in
|
|
`ALLOWED_HOSTS`:
|
|
|
|
```yaml
|
|
env:
|
|
ALLOWED_HOSTS: app.example.org,localhost
|
|
|
|
probes:
|
|
enabled: true
|
|
path: /health/
|
|
port: 8000
|
|
hostHeader: app.example.org
|
|
```
|
|
|
|
The `charts/vergabe-teilnahme` chart already renders this as:
|
|
|
|
```yaml
|
|
httpGet:
|
|
path: /health/
|
|
port: 8000
|
|
httpHeaders:
|
|
- name: Host
|
|
value: app.example.org
|
|
```
|
|
|
|
When changing the public hostname or `ALLOWED_HOSTS`, change
|
|
`probes.hostHeader` in the same review.
|
|
|
|
## Database URL Secrets
|
|
|
|
CNPG-generated role passwords may contain URL-reserved characters such
|
|
as `=`, `+`, and `/`. If the app consumes `DATABASE_URL`, URL-encode the
|
|
password when building the env Secret:
|
|
|
|
```bash
|
|
make vergabe-db-url-secret
|
|
```
|
|
|
|
For new charts, prefer either this helper or separate PostgreSQL env
|
|
vars (`POSTGRES_HOST`, `POSTGRES_USER`, `POSTGRES_PASSWORD`,
|
|
`POSTGRES_DB`) so there is no URL parser in the path.
|