How to Deploy
Services needed
- You will need:
PostgreSQL database
RabbitMQ
Redis
An OIDC provider (Keycloak)
Services to deployed
- You will need to deploy 4 services:
static (nginx container spklabs/sentry-dynamic-sampling-controller-static)
Django API (spklabs/sentry-dynamic-sampling-controller)
Celery beat (alternative entrypoint in spklabs/sentry-dynamic-sampling-controller)
Celery Worker (alternative entrypoint in spklabs/sentry-dynamic-sampling-controller)
Docker-compose
You can find this docker-compose in the devops folder
version: "3"
x-env:
&env
environment:
- ENV=debug
- SECRET_KEY="very_secret"
- POSTGRES_DB=sentry
- POSTGRES_USER=sentry
- POSTGRES_PASSWORD=sentry
- POSTGRES_HOST=postgres
- POSTGRES_PORT=5432
- APP_CACHE_TIMEOUT=600
- CACHE_REDIS_URL=redis://redis:6379
- CACHE_TIMEOUT=120
- DEFAULT_SAMPLE_RATE=0.1
- DEFAULT_WSGI_IGNORE_PATHS="/health,/healthz,/health/,/healthz/"
- MAX_BUMP_TIME_SEC=6000
# oidc
- OIDC_RP_CLIENT_ID=$OIDC_RP_CLIENT_ID
- OIDC_RP_CLIENT_SECRET=$OIDC_RP_CLIENT_SECRET
- OIDC_OP_AUTHORIZATION_ENDPOINT=$OIDC_OP_AUTHORIZATION_ENDPOINT
- OIDC_OP_TOKEN_ENDPOINT=$OIDC_OP_TOKEN_ENDPOINT
- OIDC_OP_USER_ENDPOINT=$OIDC_OP_USER_ENDPOINT
- LOGIN_REDIRECT_URL=$LOGIN_REDIRECT_URL
- LOGOUT_REDIRECT_URL=$LOGOUT_REDIRECT_URL
- OIDC_OP_JWKS_ENDPOINT=$OIDC_OP_JWKS_ENDPOINT
- OIDC_RP_SIGN_ALGO=RS256
- STATIC_URL=http://localhost:8000/static/
# rabbit
- CELERY_BROKER_USER=sentry
- CELERY_BROKER_PASSWORD=sentry
- CELERY_BROKER_HOST=rabbitmq
- CELERY_BROKER_PORT=5672
# this is for nginx-proxy
- VIRTUAL_HOST=localhost
- VIRTUAL_PORT=8000
- VIRTUAL_PATH=/
services:
# serves as an ingress to prevent cors errors
nginx-proxy:
image: nginxproxy/nginx-proxy
ports:
- "8000:80"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
postgres:
image: postgres:latest
environment:
- POSTGRES_DB=sentry
- POSTGRES_USER=sentry
- POSTGRES_PASSWORD=sentry
profiles:
- data
- all
ports:
- 5432:5432
volumes:
- "controllerdata:/var/lib/postgresql/data"
redis:
image: 'bitnami/redis:latest'
profiles:
- data
- all
environment:
- ALLOW_EMPTY_PASSWORD=yes
ports:
- 6379:6379
rabbitmq:
image: bitnami/rabbitmq:3.12.0
profiles:
- data
- all
ports:
- "15672:15672"
- "5672:5672"
environment:
- RABBITMQ_DEFAULT_USER=sentry
- RABBITMQ_DEFAULT_PASS=sentry
- TZ=Europe/Paris
# serve the static files
static:
image: spklabs/sentry-dynamic-sampling-controller-static:alpha
expose:
- 80
profiles:
- app
- all
environment:
# this is for nginx-proxy
- VIRTUAL_HOST=localhost
- VIRTUAL_PORT=80
- VIRTUAL_PATH=/static/
# deploy the app
# the command is optional here
# but it's customized to migrate the database an load the permissions
app:
image: spklabs/sentry-dynamic-sampling-controller:alpha
command: >
sh -c "python manage.py migrate && python manage.py loadpermissions && gunicorn controller.wsgi -c /app/config.py"
depends_on:
- postgres
- redis
- static
- rabbitmq
expose:
- 8000
profiles:
- app
- all
<<: *env
# Deploy the worker
worker:
image: spklabs/sentry-dynamic-sampling-controller:alpha
command:
- "celery"
- "-A"
- "controller"
- "worker"
- "-l"
- "info"
depends_on:
- postgres
- redis
- rabbitmq
profiles:
- app
- all
<<: *env
# Deploy the beat
beat:
image: spklabs/sentry-dynamic-sampling-controller:alpha
command:
- "celery"
- "-A"
- "controller"
- "beat"
- "-l"
- "info"
depends_on:
- postgres
- redis
- rabbitmq
profiles:
- app
- all
<<: *env
# This optional and it's used to monitor the API
statsd-exporter:
image: prom/statsd-exporter:v0.24.0
ports:
- "9125:9125/udp"
- "9102:9102"
profiles:
- metrics
volumes:
- ./etc/statsd.conf:/statsd/statsd.conf
command:
- --statsd.mapping-config=/statsd/statsd.conf
# This optional and it's used to monitor the API
prometheus:
image: prom/prometheus
profiles:
- metrics
volumes:
- ./etc/prometheus.yaml:/etc/prometheus/prometheus.yml
- prometheus_data:/prometheus
ports:
- 9090:9090
# This optional and it's used to monitor the API
grafana:
image: grafana/grafana
profiles:
- metrics
volumes:
- grafana_data:/var/lib/grafana
ports:
- 3000:3000
depends_on:
- prometheus
volumes:
controllerdata:
prometheus_data:
grafana_data: