old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implements OAuth2 and Github Actions

Browse Source 
* [v0.0.2] Adds Google and Github OAuth2 Authentication

Adds to the API the feature of OAuth2 Authentication via two providers: Google and Github, and implements better handling of secrets

* Create deploy.yml

* Update deploy.yml

* Update deploy.yml

* Update deploy.yml

* Fixes k3s

* Update deploy.yml

* Update deploy.yml

Update deploy.yml

update deploy.yml

* Reemplements Frontend and Backend Connection

* Final Configurations
This commit is contained in:
Vitor Hideyoshi
2022-11-15 17:24:15 -03:00
committed by Vitor Hideyoshi
parent 87c0d140f0
commit 0fb3e46a9a
16 changed files with 172 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
.github/workflows/deploy.yml vendored Normal file
View File

@@ -0,0 +1,66 @@
name: remote ssh command
on:
push:
branches:
- "main"
env:
FRONTEND_PATH: ${{ secrets.FRONTEND_PATH }}
TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
ACCESS_TOKEN_DURATION: ${{ secrets.ACCESS_TOKEN_DURATION }}
REFRESH_TOKEN_DURATION: ${{ secrets.REFRESH_TOKEN_DURATION }}
DEFAULT_USER_FULLNAME: ${{ secrets.DEFAULT_USER_FULLNAME }}
DEFAULT_USER_EMAIL: ${{ secrets.DEFAULT_USER_EMAIL }}
DEFAULT_USER_USERNAME: ${{ secrets.DEFAULT_USER_USERNAME }}
DEFAULT_USER_PASSWORD: ${{ secrets.DEFAULT_USER_PASSWORD }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GOOGLE_REDIRECT_URL: ${{ secrets.GOOGLE_REDIRECT_URL }}
OAUTH_GITHUB_CLIENT_ID: ${{ secrets.OAUTH_GITHUB_CLIENT_ID }}
OAUTH_GITHUB_CLIENT_SECRET: ${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }}
OAUTH_GITHUB_REDIRECT_URL: ${{ secrets.OAUTH_GITHUB_REDIRECT_URL }}
POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Inserts Prod Enviromental Variables
run: |
envsubst < $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml > $GITHUB_WORKSPACE/frontend/frontend-secret.yaml;
envsubst < $GITHUB_WORKSPACE/backend/backend-secret.template.yaml > $GITHUB_WORKSPACE/backend/backend-secret.yaml;
envsubst < $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml > $GITHUB_WORKSPACE/postgres/postgres-secret.yaml;
envsubst < $GITHUB_WORKSPACE/redis/redis-secret.template.yaml > $GITHUB_WORKSPACE/redis/redis-secret.yaml;
rm $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml;
rm $GITHUB_WORKSPACE/redis/redis-secret.template.yaml;
rm $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml;
rm $GITHUB_WORKSPACE/backend/backend-secret.template.yaml;
- name: copy file via ssh
uses: appleboy/scp-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
source: "."
target: "infra-hideyoshi.com"
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
cd infra-hideyoshi.com;
./deploy.sh

6
.gitignore vendored Normal file
View File

@@ -0,0 +1,6 @@
backend/backend-secret.yaml
postgres/postgres-secret.yaml
redis/redis-secret.yaml

5
backend/backend-config.yaml
View File

@@ -4,5 +4,6 @@ metadata:
namespace: portfolio namespace: portfolio
name: backend-config name: backend-config
data: data:
backend-url: backend-service backend_url: backend-service
backend-port: "8070" backend_port: "8070"

20
backend/backend-secret.template.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: backend-secret
type: Opaque
data:
token_secret: $TOKEN_SECRET
access_token_duration: $ACCESS_TOKEN_DURATION
refresh_token_duration: $REFRESH_TOKEN_DURATION
default_user_fullname: $DEFAULT_USER_FULLNAME
default_user_email: $DEFAULT_USER_EMAIL
default_user_username: $DEFAULT_USER_USERNAME
default_user_password: $DEFAULT_USER_PASSWORD
google_client_id: $GOOGLE_CLIENT_ID
google_client_secret: $GOOGLE_CLIENT_SECRET
google_redirect_url: $GOOGLE_REDIRECT_URL
github_client_id: $OAUTH_GITHUB_CLIENT_ID
github_client_secret: $OAUTH_GITHUB_CLIENT_SECRET
github_redirect_url: $OAUTH_GITHUB_REDIRECT_URL

14
backend/backend-secret.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: backend-secret
type: Opaque
data:
tokenSecret: c2VjcmV0
accessTokenDuration: MTgwMDAwMA==
refreshTokenDuration: MTMxNDkwMDAwMA==
defaultUserFullname: Vml0b3IgSGlkZXlvc2hp
defaultUserEmail: dml0b3IuaC5uLmJhdGlzdGFAZ21haWwuY29t
defaultUserUsername: WW9zaGlVbmZyaWVuZGx5
defaultUserPassword: cGFzc3dk

67
backend/backend.yaml
View File

@@ -13,7 +13,6 @@ spec:
labels: labels:
app: backend app: backend
spec: spec:
limits:
containers: containers:
- name: backend - name: backend
image: yoshiunfriendly/backend-hideyoshi.com image: yoshiunfriendly/backend-hideyoshi.com
@@ -23,69 +22,99 @@ spec:
env: env:
- name: FRONTEND_PATH - name: FRONTEND_PATH
valueFrom: valueFrom:
configMapKeyRef: secretKeyRef:
name: frontend-config name: frontend-secret
key: frontend-url key: frontend_path
- name: FRONTEND_CONNECTION_TYPE
valueFrom:
configMapKeyRef:
name: frontend-config
key: frontend-type
- name: TOKEN_SECRET - name: TOKEN_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: tokenSecret key: token_secret
- name: ACCESS_TOKEN_DURATION - name: ACCESS_TOKEN_DURATION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: accessTokenDuration key: access_token_duration
- name: REFRESH_TOKEN_DURATION - name: REFRESH_TOKEN_DURATION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: refreshTokenDuration key: refresh_token_duration
- name: DEFAULT_USER_FULLNAME - name: DEFAULT_USER_FULLNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserFullname key: default_user_fullname
- name: DEFAULT_USER_EMAIL - name: DEFAULT_USER_EMAIL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserEmail key: default_user_email
- name: DEFAULT_USER_USERNAME - name: DEFAULT_USER_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserUsername key: default_user_username
- name: DEFAULT_USER_PASSWORD - name: DEFAULT_USER_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserPassword key: default_user_password
- name: PORT - name: PORT
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: backend-config name: backend-config
key: backend-port key: backend_port
- name: GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: google_client_id
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: google_client_secret
- name: GOOGLE_REDIRECT_URL
valueFrom:
secretKeyRef:
name: backend-secret
key: google_redirect_url
- name: GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: github_client_id
- name: GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: github_client_secret
- name: GITHUB_REDIRECT_URL
valueFrom:
secretKeyRef:
name: backend-secret
key: github_redirect_url
- name: POSTGRES_URL - name: POSTGRES_URL
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: postgres-config name: postgres-config
key: postgres-url key: postgres_url
- name: POSTGRES_DB - name: POSTGRES_DB
valueFrom: valueFrom:

4
deploy.sh
View File

@@ -3,7 +3,7 @@
function check_k3s_installation() { function check_k3s_installation() {
if [ ! -f /usr/local/bin/k3s ]; then if [ ! -f /usr/local/bin/k3s ]; then
export INSTALL_K3S_EXEC="--no-deploy traefik"; export INSTALL_K3S_EXEC="--no-deploy traefik";
curl -sfL https://get.k3s.io | sh -s -; curl -sfL https://get.k3s.io | sh - ;
sudo chmod 644 /etc/rancher/k3s/k3s.yaml; sudo chmod 644 /etc/rancher/k3s/k3s.yaml;
fi fi
} }
@@ -66,7 +66,7 @@ function main {
minikube kubectl -- $@ minikube kubectl -- $@
} }
minikube start --driver docker; minikube start --driver kvm2;
minikube addons enable ingress; minikube addons enable ingress;
start_cert_manager start_cert_manager

3
frontend/frontend-config.yaml
View File

@@ -4,5 +4,4 @@ metadata:
namespace: portfolio namespace: portfolio
name: frontend-config name: frontend-config
data: data:
frontend-url: frontend-service frontend_url: frontend-service
frontend-type: unsecure

8
frontend/frontend-secret.template.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: frontend-secret
type: Opaque
data:
frontend_path: $FRONTEND_PATH

1
frontend/frontend.yaml
View File

@@ -19,7 +19,6 @@ spec:
- name: frontend - name: frontend
image: yoshiunfriendly/frontend-hideyoshi.com:latest image: yoshiunfriendly/frontend-hideyoshi.com:latest
imagePullPolicy: "Always" imagePullPolicy: "Always"
limits:
ports: ports:
- containerPort: 5000 - containerPort: 5000
env: env:

2
postgres/postgres-config.yaml
View File

@@ -4,4 +4,4 @@ metadata:
namespace: portfolio namespace: portfolio
name: postgres-config name: postgres-config
data: data:
postgres-url: postgres-service postgres_url: postgres-service

10
postgres/postgres-secret.template.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: postgres-secret
type: Opaque
data:
POSTGRES_USER: $POSTGRES_USER
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_DB: $POSTGRES_DB

10
postgres/postgres-secret.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: postgres-secret
type: Opaque
data:
POSTGRES_USER: cG9zdGdyZXM=
POSTGRES_PASSWORD: cG9zdGdyZXM=
POSTGRES_DB: cG9ydGZvbGlv

3
postgres/postgres.yaml
View File

@@ -13,10 +13,9 @@ spec:
labels: labels:
app: postgres app: postgres
spec: spec:
limits:
containers: containers:
- name: postgres - name: postgres
image: postgres image: postgres:14-bullseye
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
ports: ports:
- containerPort: 5432 - containerPort: 5432

2
redis/redis-secret.yaml → redis/redis-secret.template.yaml
View File

@@ -5,4 +5,4 @@ metadata:
name: redis-secret name: redis-secret
type: Opaque type: Opaque
data: data:
redis-password: cGFzc3dk redis-password: $REDIS_PASSWORD

1
redis/redis.yaml
View File

@@ -13,7 +13,6 @@ spec:
labels: labels:
app: redis app: redis
spec: spec:
limits:
containers: containers:
- name: redis - name: redis
image: bitnami/redis image: bitnami/redis