diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..26dbd16 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,66 @@ +name: remote ssh command + +on: + push: + branches: + - "main" + +env: + FRONTEND_PATH: ${{ secrets.FRONTEND_PATH }} + TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }} + ACCESS_TOKEN_DURATION: ${{ secrets.ACCESS_TOKEN_DURATION }} + REFRESH_TOKEN_DURATION: ${{ secrets.REFRESH_TOKEN_DURATION }} + DEFAULT_USER_FULLNAME: ${{ secrets.DEFAULT_USER_FULLNAME }} + DEFAULT_USER_EMAIL: ${{ secrets.DEFAULT_USER_EMAIL }} + DEFAULT_USER_USERNAME: ${{ secrets.DEFAULT_USER_USERNAME }} + DEFAULT_USER_PASSWORD: ${{ secrets.DEFAULT_USER_PASSWORD }} + GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} + GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} + GOOGLE_REDIRECT_URL: ${{ secrets.GOOGLE_REDIRECT_URL }} + OAUTH_GITHUB_CLIENT_ID: ${{ secrets.OAUTH_GITHUB_CLIENT_ID }} + OAUTH_GITHUB_CLIENT_SECRET: ${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }} + OAUTH_GITHUB_REDIRECT_URL: ${{ secrets.OAUTH_GITHUB_REDIRECT_URL }} + POSTGRES_USER: ${{ secrets.POSTGRES_USER }} + POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} + POSTGRES_DB: ${{ secrets.POSTGRES_DB }} + REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} + +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v2 + + - name: Inserts Prod Enviromental Variables + run: | + envsubst < $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml > $GITHUB_WORKSPACE/frontend/frontend-secret.yaml; + envsubst < $GITHUB_WORKSPACE/backend/backend-secret.template.yaml > $GITHUB_WORKSPACE/backend/backend-secret.yaml; + envsubst < $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml > $GITHUB_WORKSPACE/postgres/postgres-secret.yaml; + envsubst < $GITHUB_WORKSPACE/redis/redis-secret.template.yaml > $GITHUB_WORKSPACE/redis/redis-secret.yaml; + rm $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml; + rm $GITHUB_WORKSPACE/redis/redis-secret.template.yaml; + rm $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml; + rm $GITHUB_WORKSPACE/backend/backend-secret.template.yaml; + + - name: copy file via ssh + uses: appleboy/scp-action@master + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH_KEY }} + port: ${{ secrets.PORT }} + source: "." + target: "infra-hideyoshi.com" + + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH_KEY }} + port: ${{ secrets.PORT }} + script: | + cd infra-hideyoshi.com; + ./deploy.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a268338 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ + +backend/backend-secret.yaml + +postgres/postgres-secret.yaml + +redis/redis-secret.yaml \ No newline at end of file diff --git a/backend/backend-config.yaml b/backend/backend-config.yaml index dc41f82..7293c45 100644 --- a/backend/backend-config.yaml +++ b/backend/backend-config.yaml @@ -1,8 +1,9 @@ apiVersion: v1 kind: ConfigMap metadata: - namespace: portfolio + namespace: portfolio name: backend-config data: - backend-url: backend-service - backend-port: "8070" + backend_url: backend-service + backend_port: "8070" + diff --git a/backend/backend-secret.template.yaml b/backend/backend-secret.template.yaml new file mode 100644 index 0000000..89b7bbf --- /dev/null +++ b/backend/backend-secret.template.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: portfolio + name: backend-secret +type: Opaque +data: + token_secret: $TOKEN_SECRET + access_token_duration: $ACCESS_TOKEN_DURATION + refresh_token_duration: $REFRESH_TOKEN_DURATION + default_user_fullname: $DEFAULT_USER_FULLNAME + default_user_email: $DEFAULT_USER_EMAIL + default_user_username: $DEFAULT_USER_USERNAME + default_user_password: $DEFAULT_USER_PASSWORD + google_client_id: $GOOGLE_CLIENT_ID + google_client_secret: $GOOGLE_CLIENT_SECRET + google_redirect_url: $GOOGLE_REDIRECT_URL + github_client_id: $OAUTH_GITHUB_CLIENT_ID + github_client_secret: $OAUTH_GITHUB_CLIENT_SECRET + github_redirect_url: $OAUTH_GITHUB_REDIRECT_URL \ No newline at end of file diff --git a/backend/backend-secret.yaml b/backend/backend-secret.yaml deleted file mode 100644 index 2695af7..0000000 --- a/backend/backend-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: portfolio - name: backend-secret -type: Opaque -data: - tokenSecret: c2VjcmV0 - accessTokenDuration: MTgwMDAwMA== - refreshTokenDuration: MTMxNDkwMDAwMA== - defaultUserFullname: Vml0b3IgSGlkZXlvc2hp - defaultUserEmail: dml0b3IuaC5uLmJhdGlzdGFAZ21haWwuY29t - defaultUserUsername: WW9zaGlVbmZyaWVuZGx5 - defaultUserPassword: cGFzc3dk \ No newline at end of file diff --git a/backend/backend.yaml b/backend/backend.yaml index 77391a6..edfedf9 100644 --- a/backend/backend.yaml +++ b/backend/backend.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - namespace: portfolio + namespace: portfolio name: backend-deployment spec: replicas: 1 @@ -13,7 +13,6 @@ spec: labels: app: backend spec: - limits: containers: - name: backend image: yoshiunfriendly/backend-hideyoshi.com @@ -23,69 +22,99 @@ spec: env: - name: FRONTEND_PATH valueFrom: - configMapKeyRef: - name: frontend-config - key: frontend-url - - - name: FRONTEND_CONNECTION_TYPE - valueFrom: - configMapKeyRef: - name: frontend-config - key: frontend-type + secretKeyRef: + name: frontend-secret + key: frontend_path - name: TOKEN_SECRET valueFrom: secretKeyRef: name: backend-secret - key: tokenSecret + key: token_secret - name: ACCESS_TOKEN_DURATION valueFrom: secretKeyRef: name: backend-secret - key: accessTokenDuration + key: access_token_duration - name: REFRESH_TOKEN_DURATION valueFrom: secretKeyRef: name: backend-secret - key: refreshTokenDuration + key: refresh_token_duration - name: DEFAULT_USER_FULLNAME valueFrom: secretKeyRef: name: backend-secret - key: defaultUserFullname + key: default_user_fullname - name: DEFAULT_USER_EMAIL valueFrom: secretKeyRef: name: backend-secret - key: defaultUserEmail + key: default_user_email - name: DEFAULT_USER_USERNAME valueFrom: secretKeyRef: name: backend-secret - key: defaultUserUsername + key: default_user_username - name: DEFAULT_USER_PASSWORD valueFrom: secretKeyRef: name: backend-secret - key: defaultUserPassword + key: default_user_password - name: PORT valueFrom: configMapKeyRef: name: backend-config - key: backend-port + key: backend_port + + - name: GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + name: backend-secret + key: google_client_id + + - name: GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: backend-secret + key: google_client_secret + + - name: GOOGLE_REDIRECT_URL + valueFrom: + secretKeyRef: + name: backend-secret + key: google_redirect_url + + - name: GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: backend-secret + key: github_client_id + + - name: GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: backend-secret + key: github_client_secret + + - name: GITHUB_REDIRECT_URL + valueFrom: + secretKeyRef: + name: backend-secret + key: github_redirect_url - name: POSTGRES_URL valueFrom: configMapKeyRef: name: postgres-config - key: postgres-url + key: postgres_url - name: POSTGRES_DB valueFrom: @@ -130,7 +159,7 @@ spec: apiVersion: v1 kind: Service metadata: - namespace: portfolio + namespace: portfolio name: backend-service spec: selector: diff --git a/deploy.sh b/deploy.sh index 642da8f..212e880 100755 --- a/deploy.sh +++ b/deploy.sh @@ -3,7 +3,7 @@ function check_k3s_installation() { if [ ! -f /usr/local/bin/k3s ]; then export INSTALL_K3S_EXEC="--no-deploy traefik"; - curl -sfL https://get.k3s.io | sh -s -; + curl -sfL https://get.k3s.io | sh - ; sudo chmod 644 /etc/rancher/k3s/k3s.yaml; fi } @@ -66,7 +66,7 @@ function main { minikube kubectl -- $@ } - minikube start --driver docker; + minikube start --driver kvm2; minikube addons enable ingress; start_cert_manager diff --git a/frontend/frontend-config.yaml b/frontend/frontend-config.yaml index a72698c..c8bf709 100644 --- a/frontend/frontend-config.yaml +++ b/frontend/frontend-config.yaml @@ -1,8 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - namespace: portfolio + namespace: portfolio name: frontend-config data: - frontend-url: frontend-service - frontend-type: unsecure + frontend_url: frontend-service \ No newline at end of file diff --git a/frontend/frontend-secret.template.yaml b/frontend/frontend-secret.template.yaml new file mode 100644 index 0000000..2f90955 --- /dev/null +++ b/frontend/frontend-secret.template.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: portfolio + name: frontend-secret +type: Opaque +data: + frontend_path: $FRONTEND_PATH \ No newline at end of file diff --git a/frontend/frontend.yaml b/frontend/frontend.yaml index dc02216..6afc790 100644 --- a/frontend/frontend.yaml +++ b/frontend/frontend.yaml @@ -19,7 +19,6 @@ spec: - name: frontend image: yoshiunfriendly/frontend-hideyoshi.com:latest imagePullPolicy: "Always" - limits: ports: - containerPort: 5000 env: diff --git a/postgres/postgres-config.yaml b/postgres/postgres-config.yaml index 96d1490..713babd 100644 --- a/postgres/postgres-config.yaml +++ b/postgres/postgres-config.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - namespace: portfolio + namespace: portfolio name: postgres-config data: - postgres-url: postgres-service \ No newline at end of file + postgres_url: postgres-service diff --git a/postgres/postgres-secret.template.yaml b/postgres/postgres-secret.template.yaml new file mode 100644 index 0000000..4acdad4 --- /dev/null +++ b/postgres/postgres-secret.template.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: portfolio + name: postgres-secret +type: Opaque +data: + POSTGRES_USER: $POSTGRES_USER + POSTGRES_PASSWORD: $POSTGRES_PASSWORD + POSTGRES_DB: $POSTGRES_DB diff --git a/postgres/postgres-secret.yaml b/postgres/postgres-secret.yaml deleted file mode 100644 index ea4ab25..0000000 --- a/postgres/postgres-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: portfolio - name: postgres-secret -type: Opaque -data: - POSTGRES_USER: cG9zdGdyZXM= - POSTGRES_PASSWORD: cG9zdGdyZXM= - POSTGRES_DB: cG9ydGZvbGlv diff --git a/postgres/postgres.yaml b/postgres/postgres.yaml index bacb4a8..f63f289 100644 --- a/postgres/postgres.yaml +++ b/postgres/postgres.yaml @@ -13,10 +13,9 @@ spec: labels: app: postgres spec: - limits: containers: - name: postgres - image: postgres + image: postgres:14-bullseye imagePullPolicy: "IfNotPresent" ports: - containerPort: 5432 diff --git a/redis/redis-secret.yaml b/redis/redis-secret.template.yaml similarity index 75% rename from redis/redis-secret.yaml rename to redis/redis-secret.template.yaml index dc6b0e2..4d91d9e 100644 --- a/redis/redis-secret.yaml +++ b/redis/redis-secret.template.yaml @@ -5,4 +5,4 @@ metadata: name: redis-secret type: Opaque data: - redis-password: cGFzc3dk \ No newline at end of file + redis-password: $REDIS_PASSWORD \ No newline at end of file diff --git a/redis/redis.yaml b/redis/redis.yaml index f2efbba..ef9c674 100644 --- a/redis/redis.yaml +++ b/redis/redis.yaml @@ -13,7 +13,6 @@ spec: labels: app: redis spec: - limits: containers: - name: redis image: bitnami/redis