old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implements OAuth2 and Github Actions

Browse Source 
* [v0.0.2] Adds Google and Github OAuth2 Authentication

Adds to the API the feature of OAuth2 Authentication via two providers: Google and Github, and implements better handling of secrets

* Create deploy.yml

* Update deploy.yml

* Update deploy.yml

* Update deploy.yml

* Fixes k3s

* Update deploy.yml

* Update deploy.yml

Update deploy.yml

update deploy.yml

* Reemplements Frontend and Backend Connection

* Final Configurations
This commit is contained in:
Vitor Hideyoshi
2022-11-15 17:24:15 -03:00
committed by Vitor Hideyoshi
parent 87c0d140f0
commit 0fb3e46a9a
16 changed files with 172 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
.github/workflows/deploy.yml vendored Normal file
View File

@@ -0,0 +1,66 @@
name: remote ssh command
on:
push:
branches:
- "main"
env:
FRONTEND_PATH: ${{ secrets.FRONTEND_PATH }}
TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
ACCESS_TOKEN_DURATION: ${{ secrets.ACCESS_TOKEN_DURATION }}
REFRESH_TOKEN_DURATION: ${{ secrets.REFRESH_TOKEN_DURATION }}
DEFAULT_USER_FULLNAME: ${{ secrets.DEFAULT_USER_FULLNAME }}
DEFAULT_USER_EMAIL: ${{ secrets.DEFAULT_USER_EMAIL }}
DEFAULT_USER_USERNAME: ${{ secrets.DEFAULT_USER_USERNAME }}
DEFAULT_USER_PASSWORD: ${{ secrets.DEFAULT_USER_PASSWORD }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GOOGLE_REDIRECT_URL: ${{ secrets.GOOGLE_REDIRECT_URL }}
OAUTH_GITHUB_CLIENT_ID: ${{ secrets.OAUTH_GITHUB_CLIENT_ID }}
OAUTH_GITHUB_CLIENT_SECRET: ${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }}
OAUTH_GITHUB_REDIRECT_URL: ${{ secrets.OAUTH_GITHUB_REDIRECT_URL }}
POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Inserts Prod Enviromental Variables
run: |
envsubst < $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml > $GITHUB_WORKSPACE/frontend/frontend-secret.yaml;
envsubst < $GITHUB_WORKSPACE/backend/backend-secret.template.yaml > $GITHUB_WORKSPACE/backend/backend-secret.yaml;
envsubst < $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml > $GITHUB_WORKSPACE/postgres/postgres-secret.yaml;
envsubst < $GITHUB_WORKSPACE/redis/redis-secret.template.yaml > $GITHUB_WORKSPACE/redis/redis-secret.yaml;
rm $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml;
rm $GITHUB_WORKSPACE/redis/redis-secret.template.yaml;
rm $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml;
rm $GITHUB_WORKSPACE/backend/backend-secret.template.yaml;
- name: copy file via ssh
uses: appleboy/scp-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
source: "."
target: "infra-hideyoshi.com"
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
cd infra-hideyoshi.com;
./deploy.sh

6
.gitignore vendored Normal file
View File

@@ -0,0 +1,6 @@
backend/backend-secret.yaml
postgres/postgres-secret.yaml
redis/redis-secret.yaml

7
backend/backend-config.yaml
View File

@@ -1,8 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: portfolio
name: backend-config
data:
backend-url: backend-service
backend-port: "8070"
backend_url: backend-service
backend_port: "8070"

20
backend/backend-secret.template.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: backend-secret
type: Opaque
data:
token_secret: $TOKEN_SECRET
access_token_duration: $ACCESS_TOKEN_DURATION
refresh_token_duration: $REFRESH_TOKEN_DURATION
default_user_fullname: $DEFAULT_USER_FULLNAME
default_user_email: $DEFAULT_USER_EMAIL
default_user_username: $DEFAULT_USER_USERNAME
default_user_password: $DEFAULT_USER_PASSWORD
google_client_id: $GOOGLE_CLIENT_ID
google_client_secret: $GOOGLE_CLIENT_SECRET
google_redirect_url: $GOOGLE_REDIRECT_URL
github_client_id: $OAUTH_GITHUB_CLIENT_ID
github_client_secret: $OAUTH_GITHUB_CLIENT_SECRET
github_redirect_url: $OAUTH_GITHUB_REDIRECT_URL

14
backend/backend-secret.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: backend-secret
type: Opaque
data:
tokenSecret: c2VjcmV0
accessTokenDuration: MTgwMDAwMA==
refreshTokenDuration: MTMxNDkwMDAwMA==
defaultUserFullname: Vml0b3IgSGlkZXlvc2hp
defaultUserEmail: dml0b3IuaC5uLmJhdGlzdGFAZ21haWwuY29t
defaultUserUsername: WW9zaGlVbmZyaWVuZGx5
defaultUserPassword: cGFzc3dk

71
backend/backend.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
namespace: portfolio
name: backend-deployment
spec:
replicas: 1
@@ -13,7 +13,6 @@ spec:
labels:
app: backend
spec:
limits:
containers:
- name: backend
image: yoshiunfriendly/backend-hideyoshi.com
@@ -23,69 +22,99 @@ spec:
env:
- name: FRONTEND_PATH
valueFrom:
configMapKeyRef:
name: frontend-config
key: frontend-url
- name: FRONTEND_CONNECTION_TYPE
valueFrom:
configMapKeyRef:
name: frontend-config
key: frontend-type
secretKeyRef:
name: frontend-secret
key: frontend_path
- name: TOKEN_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: tokenSecret
key: token_secret
- name: ACCESS_TOKEN_DURATION
valueFrom:
secretKeyRef:
name: backend-secret
key: accessTokenDuration
key: access_token_duration
- name: REFRESH_TOKEN_DURATION
valueFrom:
secretKeyRef:
name: backend-secret
key: refreshTokenDuration
key: refresh_token_duration
- name: DEFAULT_USER_FULLNAME
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserFullname
key: default_user_fullname
- name: DEFAULT_USER_EMAIL
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserEmail
key: default_user_email
- name: DEFAULT_USER_USERNAME
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserUsername
key: default_user_username
- name: DEFAULT_USER_PASSWORD
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserPassword
key: default_user_password
- name: PORT
valueFrom:
configMapKeyRef:
name: backend-config
key: backend-port
key: backend_port
- name: GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: google_client_id
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: google_client_secret
- name: GOOGLE_REDIRECT_URL
valueFrom:
secretKeyRef:
name: backend-secret
key: google_redirect_url
- name: GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: github_client_id
- name: GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: github_client_secret
- name: GITHUB_REDIRECT_URL
valueFrom:
secretKeyRef:
name: backend-secret
key: github_redirect_url
- name: POSTGRES_URL
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-url
key: postgres_url
- name: POSTGRES_DB
valueFrom:
@@ -130,7 +159,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
namespace: portfolio
name: backend-service
spec:
selector:

4
deploy.sh
View File

@@ -3,7 +3,7 @@
function check_k3s_installation() {
if [ ! -f /usr/local/bin/k3s ]; then
export INSTALL_K3S_EXEC="--no-deploy traefik";
curl -sfL https://get.k3s.io | sh -s -;
curl -sfL https://get.k3s.io | sh - ;
sudo chmod 644 /etc/rancher/k3s/k3s.yaml;
fi
}
@@ -66,7 +66,7 @@ function main {
minikube kubectl -- $@
}
minikube start --driver docker;
minikube start --driver kvm2;
minikube addons enable ingress;
start_cert_manager

5
frontend/frontend-config.yaml
View File

@@ -1,8 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: portfolio
name: frontend-config
data:
frontend-url: frontend-service
frontend-type: unsecure
frontend_url: frontend-service

8
frontend/frontend-secret.template.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: frontend-secret
type: Opaque
data:
frontend_path: $FRONTEND_PATH

1
frontend/frontend.yaml
View File

@@ -19,7 +19,6 @@ spec:
- name: frontend
image: yoshiunfriendly/frontend-hideyoshi.com:latest
imagePullPolicy: "Always"
limits:
ports:
- containerPort: 5000
env:

4
postgres/postgres-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: portfolio
name: postgres-config
data:
postgres-url: postgres-service
postgres_url: postgres-service

10
postgres/postgres-secret.template.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: postgres-secret
type: Opaque
data:
POSTGRES_USER: $POSTGRES_USER
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_DB: $POSTGRES_DB

10
postgres/postgres-secret.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: postgres-secret
type: Opaque
data:
POSTGRES_USER: cG9zdGdyZXM=
POSTGRES_PASSWORD: cG9zdGdyZXM=
POSTGRES_DB: cG9ydGZvbGlv

3
postgres/postgres.yaml
View File

@@ -13,10 +13,9 @@ spec:
labels:
app: postgres
spec:
limits:
containers:
- name: postgres
image: postgres
image: postgres:14-bullseye
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432

2
redis/redis-secret.yaml → redis/redis-secret.template.yaml
View File

@@ -5,4 +5,4 @@ metadata:
name: redis-secret
type: Opaque
data:
redis-password: cGFzc3dk
redis-password: $REDIS_PASSWORD

1
redis/redis.yaml
View File

@@ -13,7 +13,6 @@ spec:
labels:
app: redis
spec:
limits:
containers:
- name: redis
image: bitnami/redis