Implements Better Deployment System (#4) (#5)

* Initial Work of Better Deployment Script * Checks if .secret is Present on Test Setup * Implements Custom Routing per Profile * Rewriting Setup Tools - Adds Postgres and Redis * Rewriting Setup Tools - Adds Frontend * Rewriting Setup Tools - Adds Backend * Rewriting Setup Tools - Adds CertManager * Rewriting Setup Tools - Adds Frontend * Adds Nginx-Ingress and Fixes Staging Environment * Updates CertManager and Nginx-Ingress * Implements New Setup Process Initial Adjustments to CI/CD Adjusts CI/CD test * Adds CI/CD for Prod Environment
2023-07-10 06:14:42 -03:00
parent 7c928b3ace
commit 2b92706be0
31 changed files with 1407 additions and 1037 deletions
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -0,0 +1,62 @@
 name: remote ssh command
 on:
    push:
        branches:
            - "main"
 jobs:
    build:
        name: Build
        environment: prod
        runs-on: ubuntu-latest
        steps:
            - name: checkout
              uses: actions/checkout@v2
            - name: Make Env File
              uses: SpicyPizza/create-envfile@v2.0
              with:
                envkey_FRONTEND_PATH: ${{ secrets.FRONTEND_PATH }}
                envkey_TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
                envkey_ACCESS_TOKEN_DURATION: ${{ secrets.ACCESS_TOKEN_DURATION }}
                envkey_REFRESH_TOKEN_DURATION: ${{ secrets.REFRESH_TOKEN_DURATION }}
                envkey_DEFAULT_USER_FULLNAME: ${{ secrets.DEFAULT_USER_FULLNAME }}
                envkey_DEFAULT_USER_EMAIL: ${{ secrets.DEFAULT_USER_EMAIL }}
                envkey_DEFAULT_USER_USERNAME: ${{ secrets.DEFAULT_USER_USERNAME }}
                envkey_DEFAULT_USER_PASSWORD: ${{ secrets.DEFAULT_USER_PASSWORD }}
                envkey_GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
                envkey_GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
                envkey_GOOGLE_REDIRECT_URL: ${{ secrets.GOOGLE_REDIRECT_URL }}
                envkey_OAUTH_GITHUB_CLIENT_ID: ${{ secrets.OAUTH_GITHUB_CLIENT_ID }}
                envkey_OAUTH_GITHUB_CLIENT_SECRET: ${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }}
                envkey_OAUTH_GITHUB_REDIRECT_URL: ${{ secrets.OAUTH_GITHUB_REDIRECT_URL }}
                envkey_POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
                envkey_POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
                envkey_POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
                envkey_REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
            - name: Inserts Prod Enviromental Variables
              run: |
                ./setup.sh --prod .env
            - name: copy file via ssh
              uses: appleboy/scp-action@master
              with:
                host: ${{ secrets.SSH_HOST }}
                username: ${{ secrets.SSH_USER }}
                port: ${{ secrets.SSH_PORT }}
                key: ${{ secrets.SSH_KEY }}
                source: "."
                target: "infra-hideyoshi.com"
            - name: executing remote ssh commands
              uses: appleboy/ssh-action@master
              with:
                host: ${{ secrets.SSH_HOST }}
                username: ${{ secrets.SSH_USER }}
                port: ${{ secrets.SSH_PORT }}
                key: ${{ secrets.SSH_KEY }}
                script: |
                  cd infra-hideyoshi.com
                  ./deploy.sh
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -0,0 +1,62 @@
 name: remote ssh command
 on:
    push:
        branches:
            - "staging"
 jobs:
    build:
        name: Build
        environment: staging
        runs-on: ubuntu-latest
        steps:
            - name: checkout
              uses: actions/checkout@v2
            - name: Make Env File
              uses: SpicyPizza/create-envfile@v2.0
              with:
                envkey_FRONTEND_PATH: ${{ secrets.FRONTEND_PATH }}
                envkey_TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
                envkey_ACCESS_TOKEN_DURATION: ${{ secrets.ACCESS_TOKEN_DURATION }}
                envkey_REFRESH_TOKEN_DURATION: ${{ secrets.REFRESH_TOKEN_DURATION }}
                envkey_DEFAULT_USER_FULLNAME: ${{ secrets.DEFAULT_USER_FULLNAME }}
                envkey_DEFAULT_USER_EMAIL: ${{ secrets.DEFAULT_USER_EMAIL }}
                envkey_DEFAULT_USER_USERNAME: ${{ secrets.DEFAULT_USER_USERNAME }}
                envkey_DEFAULT_USER_PASSWORD: ${{ secrets.DEFAULT_USER_PASSWORD }}
                envkey_GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
                envkey_GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
                envkey_GOOGLE_REDIRECT_URL: ${{ secrets.GOOGLE_REDIRECT_URL }}
                envkey_OAUTH_GITHUB_CLIENT_ID: ${{ secrets.OAUTH_GITHUB_CLIENT_ID }}
                envkey_OAUTH_GITHUB_CLIENT_SECRET: ${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }}
                envkey_OAUTH_GITHUB_REDIRECT_URL: ${{ secrets.OAUTH_GITHUB_REDIRECT_URL }}
                envkey_POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
                envkey_POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
                envkey_POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
                envkey_REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
            - name: Inserts Prod Enviromental Variables
              run: |
                ./setup.sh --staging .env
            - name: copy file via ssh
              uses: appleboy/scp-action@master
              with:
                host: ${{ secrets.SSH_HOST }}
                username: ${{ secrets.SSH_USER }}
                port: ${{ secrets.SSH_PORT }}
                key: ${{ secrets.SSH_KEY }}
                source: "."
                target: "infra-hideyoshi.com"
            - name: executing remote ssh commands
              uses: appleboy/ssh-action@master
              with:
                host: ${{ secrets.SSH_HOST }}
                username: ${{ secrets.SSH_USER }}
                port: ${{ secrets.SSH_PORT }}
                key: ${{ secrets.SSH_KEY }}
                script: |
                  cd infra-hideyoshi.com
                  ./deploy.sh --staging
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,66 +0,0 @@
 name: remote ssh command
 on:
    push:
        branches:
            - "main"
 env:
    FRONTEND_PATH: ${{ secrets.FRONTEND_PATH }}
    TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
    ACCESS_TOKEN_DURATION: ${{ secrets.ACCESS_TOKEN_DURATION }}
    REFRESH_TOKEN_DURATION: ${{ secrets.REFRESH_TOKEN_DURATION }}
    DEFAULT_USER_FULLNAME: ${{ secrets.DEFAULT_USER_FULLNAME }}
    DEFAULT_USER_EMAIL: ${{ secrets.DEFAULT_USER_EMAIL }}
    DEFAULT_USER_USERNAME: ${{ secrets.DEFAULT_USER_USERNAME }}
    DEFAULT_USER_PASSWORD: ${{ secrets.DEFAULT_USER_PASSWORD }}
    GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
    GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
    GOOGLE_REDIRECT_URL: ${{ secrets.GOOGLE_REDIRECT_URL }}
    OAUTH_GITHUB_CLIENT_ID: ${{ secrets.OAUTH_GITHUB_CLIENT_ID }}
    OAUTH_GITHUB_CLIENT_SECRET: ${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }}
    OAUTH_GITHUB_REDIRECT_URL: ${{ secrets.OAUTH_GITHUB_REDIRECT_URL }}
    POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
    POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
    POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
    REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
 jobs:
    build:
        name: Build
        runs-on: ubuntu-latest
        steps:
            - name: checkout
              uses: actions/checkout@v2
            - name: Inserts Prod Enviromental Variables
              run: |
                  envsubst < $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml > $GITHUB_WORKSPACE/frontend/frontend-secret.yaml;
                  envsubst < $GITHUB_WORKSPACE/backend/backend-secret.template.yaml > $GITHUB_WORKSPACE/backend/backend-secret.yaml;
                  envsubst < $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml > $GITHUB_WORKSPACE/postgres/postgres-secret.yaml;
                  envsubst < $GITHUB_WORKSPACE/redis/redis-secret.template.yaml > $GITHUB_WORKSPACE/redis/redis-secret.yaml;
                  rm $GITHUB_WORKSPACE/frontend/frontend-secret.template.yaml; 
                  rm $GITHUB_WORKSPACE/redis/redis-secret.template.yaml; 
                  rm $GITHUB_WORKSPACE/postgres/postgres-secret.template.yaml; 
                  rm $GITHUB_WORKSPACE/backend/backend-secret.template.yaml;
            - name: copy file via ssh
              uses: appleboy/scp-action@master
              with:
                  host: ${{ secrets.HOST }}
                  username: ${{ secrets.USERNAME }}
                  key: ${{ secrets.SSH_KEY }}
                  port: ${{ secrets.PORT }}
                  source: "."
                  target: "infra-hideyoshi.com"
            - name: executing remote ssh commands using password
              uses: appleboy/ssh-action@master
              with:
                  host: ${{ secrets.HOST }}
                  username: ${{ secrets.USERNAME }}
                  key: ${{ secrets.SSH_KEY }}
                  port: ${{ secrets.PORT }}
                  script: |
                      cd infra-hideyoshi.com;
                      ./deploy.sh
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,21 @@
 .env
-backend/backend-secret.yaml
+.secret*
-postgres/postgres-secret.yaml
+.idea/
-redis/redis-secret.yaml
+.vscode/
 **/backend-secret.yaml
 **/frontend-secret.yaml
 **/postgres-secret.yaml
 **/redis-secret.yaml
 **/cert-manager-certificate.yaml
 **/deployment/nginx-ingress/nginx-ingress-api.yaml
 **/deployment/nginx-ingress/nginx-ingress-root.yaml
--- a/cert-manager/cert-manager-issuer-staging.yaml
+++ b/cert-manager/cert-manager-issuer-staging.yaml
@@ -1,14 +0,0 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
    name: cluster-certificate-issuer
 spec:
    acme:
        server: https://acme-staging-v02.api.letsencrypt.org/directory
        email: vitor.h.n.batista@gmail.com
        privateKeySecretRef:
            name: cluster-certificate-issuer
        solvers:
            - http01:
                  ingress:
                      class: nginx
--- a/deploy.sh
+++ b/deploy.sh
@@ -2,15 +2,14 @@
 function check_k3s_installation() {
    if [ ! -f /usr/local/bin/k3s ]; then
-        export INSTALL_K3S_EXEC="--no-deploy traefik";
+        curl -sfL https://get.k3s.io | sh - 
        curl -sfL https://get.k3s.io | sh - ;
        sudo chmod 644 /etc/rancher/k3s/k3s.yaml;
    fi
 }
-function start_cert_manager {
+function start_cert_manager() {
-    kubectl apply -f ./cert-manager/cert-manager.yaml;
+    kubectl apply -f ./deployment/cert-manager/cert-manager.yaml;
    kubectl wait --for=condition=available \
        --timeout=600s \
        deployment.apps/cert-manager \
@@ -20,45 +19,45 @@ function start_cert_manager {
 }
-function application_deploy {
+function application_deploy() {
-    kubectl apply -f ./portfolio-namespace.yaml;
+    kubectl apply -f ./deployment/portfolio-namespace.yaml;
    kubectl apply -f \
-        ./cert-manager/cert-manager-certificate.yaml;
+        ./deployment/cert-manager/cert-manager-certificate.yaml;
-    kubectl apply -f ./postgres;
+    kubectl apply -f ./deployment/postgres;
    kubectl wait --for=condition=available \
        --timeout=600s \
        deployment.apps/postgres-deployment \
        -n portfolio;
-    kubectl apply -f ./redis;
+    kubectl apply -f ./deployment/redis;
    kubectl wait --for=condition=available \
        --timeout=600s \
        deployment.apps/redis-deployment \
        -n portfolio;
-    kubectl apply -f ./frontend;
+    kubectl apply -f ./deployment/frontend;
    kubectl wait --for=condition=available \
        --timeout=600s \
        deployment.apps/frontend-deployment \
        -n portfolio;
-    kubectl apply -f ./backend;
+    kubectl apply -f ./deployment/backend;
    kubectl wait --for=condition=available \
        --timeout=600s \
        deployment.apps/backend-deployment \
        -n portfolio;
    kubectl apply -f \
-        ./nginx-ingress/nginx-ingress-root.yaml;
+        ./deployment/nginx-ingress/nginx-ingress-root.yaml;
    kubectl apply -f \
-        ./nginx-ingress/nginx-ingress-api.yaml;
+        ./deployment/nginx-ingress/nginx-ingress-api.yaml;
 }
-function main {
+function main() {
    if [[ $1 == "--test" || $1 == "-t" ]]; then
@@ -67,29 +66,30 @@ function main {
        }
        minikube start --driver kvm2;
        minikube addons enable ingress-dns;
        minikube addons enable ingress;
        start_cert_manager
        kubectl apply -f \
-            ./cert-manager/cert-manager-issuer-dev.yaml;
+            ./deployment/cert-manager/cert-manager-issuer-dev.yaml;
        application_deploy
-        echo "http://$(/usr/local/bin/minikube ip)";
+        echo "http://$(/usr/bin/minikube ip)";
    elif [[ $1 == "--staging" || $1 == "-s" ]]; then
        check_k3s_installation
-        kubectl apply -f ./nginx-ingress/nginx-ingress.yaml;
+        kubectl apply -f ./deployment/nginx-ingress/nginx-ingress.yaml;
        kubectl wait --namespace ingress-nginx \
        --for=condition=ready pod \
        --selector=app.kubernetes.io/component=controller \
        --timeout=120s;
        start_cert_manager
-        kubectl apply -f ./cert-manager/cert-manager-issuer-staging.yaml;
+        kubectl apply -f ./deployment/cert-manager/cert-manager-issuer.yaml;
        application_deploy
@@ -97,14 +97,14 @@ function main {
        check_k3s_installation
-        kubectl apply -f ./nginx-ingress/nginx-ingress.yaml;
+        kubectl apply -f ./deployment/nginx-ingress/nginx-ingress.yaml;
        kubectl wait --namespace ingress-nginx \
        --for=condition=ready pod \
        --selector=app.kubernetes.io/component=controller \
        --timeout=120s;
        start_cert_manager
-        kubectl apply -f ./cert-manager/cert-manager-issuer-prod.yaml;
+        kubectl apply -f ./deployment/cert-manager/cert-manager-issuer.yaml;
        application_deploy
--- a/deployment/backend/backend-config.yaml
+++ b/deployment/backend/backend-config.yaml
@@ -6,4 +6,3 @@ metadata:
 data:
    backend_url: backend-service
    backend_port: "8070"
--- a/deployment/backend/backend.yaml
+++ b/deployment/backend/backend.yaml
--- a/deployment/cert-manager/cert-manager-issuer-dev.yaml
+++ b/deployment/cert-manager/cert-manager-issuer-dev.yaml
--- a/deployment/cert-manager/cert-manager-issuer.yaml
+++ b/deployment/cert-manager/cert-manager-issuer.yaml
--- a/deployment/cert-manager/cert-manager.yaml
+++ b/deployment/cert-manager/cert-manager.yaml
--- a/deployment/frontend/frontend-config.yaml
+++ b/deployment/frontend/frontend-config.yaml
--- a/deployment/frontend/frontend.yaml
+++ b/deployment/frontend/frontend.yaml
@@ -24,6 +24,16 @@ spec:
                  env:
                      - name: PORT
                        value: "5000"
                      - name: BACKEND_URL
                        valueFrom:
                            secretKeyRef:
                                name: frontend-secret
                                key: backend_url
                      - name: BACKEND_OAUTH_URL
                        valueFrom:
                            secretKeyRef:
                                name: frontend-secret
                                key: backend_oauth_url
 ---
 apiVersion: v1
--- a/deployment/nginx-ingress/nginx-ingress.yaml
+++ b/deployment/nginx-ingress/nginx-ingress.yaml
@@ -0,0 +1,645 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - endpoints
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - coordination.k8s.io
    resourceNames:
      - ingress-nginx-leader
    resources:
      - leases
    verbs:
      - get
      - update
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - discovery.k8s.io
    resources:
      - endpointslices
    verbs:
      - list
      - watch
      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx
 rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
      - namespaces
    verbs:
      - list
      - watch
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - discovery.k8s.io
    resources:
      - endpointslices
    verbs:
      - list
      - watch
      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission
 rules:
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
 subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
 subjects:
  - kind: ServiceAccount
    name: ingress-nginx-admission
    namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
 subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
 subjects:
  - kind: ServiceAccount
    name: ingress-nginx-admission
    namespace: ingress-nginx
 ---
 apiVersion: v1
 data:
  allow-snippet-annotations: "true"
 kind: ConfigMap
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
  externalTrafficPolicy: Local
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - appProtocol: http
      name: http
      port: 80
      protocol: TCP
      targetPort: http
    - appProtocol: https
      name: https
      port: 443
      protocol: TCP
      targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
  ports:
    - appProtocol: https
      name: https-webhook
      port: 443
      targetPort: webhook
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: ClusterIP
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.8.0
    spec:
      containers:
        - args:
            - /nginx-ingress-controller
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
            - --election-id=ingress-nginx-leader
            - --controller-class=k8s.io/ingress-nginx
            - --ingress-class=nginx
            - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
            - --validating-webhook=:8443
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
          image: registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          name: controller
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              name: https
              protocol: TCP
            - containerPort: 8443
              name: webhook
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources:
            requests:
              cpu: 100m
              memory: 90Mi
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              add:
                - NET_BIND_SERVICE
              drop:
                - ALL
            runAsUser: 101
          volumeMounts:
            - mountPath: /usr/local/certificates/
              name: webhook-cert
              readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
        - name: webhook-cert
          secret:
            secretName: ingress-nginx-admission
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.8.0
      name: ingress-nginx-admission-create
    spec:
      containers:
        - args:
            - create
            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
            - --namespace=$(POD_NAMESPACE)
            - --secret-name=ingress-nginx-admission
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
          imagePullPolicy: IfNotPresent
          name: create
          securityContext:
            allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.8.0
      name: ingress-nginx-admission-patch
    spec:
      containers:
        - args:
            - patch
            - --webhook-name=ingress-nginx-admission
            - --namespace=$(POD_NAMESPACE)
            - --patch-mutating=false
            - --secret-name=ingress-nginx-admission
            - --patch-failure-policy=Fail
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
          imagePullPolicy: IfNotPresent
          name: patch
          securityContext:
            allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
 ---
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.0
  name: ingress-nginx-admission
 webhooks:
  - admissionReviewVersions:
      - v1
    clientConfig:
      service:
        name: ingress-nginx-controller-admission
        namespace: ingress-nginx
        path: /networking/v1/ingresses
    failurePolicy: Fail
    matchPolicy: Equivalent
    name: validate.nginx.ingress.kubernetes.io
    rules:
      - apiGroups:
          - networking.k8s.io
        apiVersions:
          - v1
        operations:
          - CREATE
          - UPDATE
        resources:
          - ingresses
    sideEffects: None
--- a/deployment/portfolio-namespace.yaml
+++ b/deployment/portfolio-namespace.yaml
--- a/deployment/postgres/postgres-config.yaml
+++ b/deployment/postgres/postgres-config.yaml
--- a/deployment/postgres/postgres-storage.yaml
+++ b/deployment/postgres/postgres-storage.yaml
--- a/deployment/postgres/postgres.yaml
+++ b/deployment/postgres/postgres.yaml
@@ -40,4 +40,6 @@ spec:
        app: postgres
    ports:
        - port: 5432
          protocol: TCP
          targetPort: 5432
    type: ClusterIP
--- a/deployment/redis/redis-config.yaml
+++ b/deployment/redis/redis-config.yaml
--- a/deployment/redis/redis.yaml
+++ b/deployment/redis/redis.yaml
--- a/nginx-ingress/nginx-ingress-api.yaml
+++ b/nginx-ingress/nginx-ingress-api.yaml
@@ -1,34 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
    namespace: portfolio 
    name: nginx-ingress-api
    annotations:
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/use-regex: "true"
        nginx.ingress.kubernetes.io/rewrite-target: /$2
 spec:
    tls:
        - hosts:
          - hideyoshi.com.br
          secretName: letsencrypt-cluster-certificate-tls
    rules:
        - host: hideyoshi.com.br
          http:
              paths:
                  - path: /api(/|$)(.*)
                    pathType: Prefix
                    backend:
                        service:
                            name: backend-service
                            port:
                                number: 8070
        - http:
              paths:
                  - path: /api(/|$)(.*)
                    pathType: Prefix
                    backend:
                        service:
                            name: backend-service
                            port:
                                number: 8070
--- a/nginx-ingress/nginx-ingress-root.yaml
+++ b/nginx-ingress/nginx-ingress-root.yaml
@@ -1,45 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
    namespace: portfolio 
    name: nginx-ingress
    annotations:
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/use-regex: "true"
        nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
    tls:
        - hosts:
          - hideyoshi.com.br
          - api.hideyoshi.com.br
          secretName: letsencrypt-cluster-certificate-tls
    rules:
        - host: hideyoshi.com.br
          http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: frontend-service
                            port:
                                number: 5000
        - host: api.hideyoshi.com.br
          http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: backend-service
                            port:
                                number: 8070
        - http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: frontend-service
                            port:
                                number: 5000
--- a/nginx-ingress/nginx-ingress.yaml
+++ b/nginx-ingress/nginx-ingress.yaml
@@ -1,617 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
 - apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
 - apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - secrets
  - endpoints
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resourceNames:
  - ingress-controller-leader
  resources:
  - configmaps
  verbs:
  - get
  - update
 - apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
 rules:
 - apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  - namespaces
  verbs:
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
 - apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
 rules:
 - apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
 subjects:
 - kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
 subjects:
 - kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
 subjects:
 - kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
 subjects:
 - kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
 apiVersion: v1
 data:
  allow-snippet-annotations: "true"
 kind: ConfigMap
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
  externalTrafficPolicy: Local
  ports:
  - appProtocol: http
    name: http
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
  ports:
  - appProtocol: https
    name: https-webhook
    port: 443
    targetPort: webhook
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: ClusterIP
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
    spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        - --election-id=ingress-controller-leader
        - --controller-class=k8s.io/ingress-nginx
        - --ingress-class=nginx
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
        image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /wait-shutdown
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: controller
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        - containerPort: 8443
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 100m
            memory: 90Mi
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 101
        volumeMounts:
        - mountPath: /usr/local/certificates/
          name: webhook-cert
          readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.2.0
      name: ingress-nginx-admission-create
    spec:
      containers:
      - args:
        - create
        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
        - --namespace=$(POD_NAMESPACE)
        - --secret-name=ingress-nginx-admission
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.2.0
      name: ingress-nginx-admission-patch
    spec:
      containers:
      - args:
        - patch
        - --webhook-name=ingress-nginx-admission
        - --namespace=$(POD_NAMESPACE)
        - --patch-mutating=false
        - --secret-name=ingress-nginx-admission
        - --patch-failure-policy=Fail
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
 ---
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
      path: /networking/v1/ingresses
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: validate.nginx.ingress.kubernetes.io
  rules:
  - apiGroups:
    - networking.k8s.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ingresses
  sideEffects: None
--- a/setup.sh
+++ b/setup.sh
@@ -0,0 +1,62 @@
 #!/bin/bash
 TEMPLATE='./template'
 WORK_DIR='./deployment'
 function set_working_dir {
    mkdir -p $WORK_DIR;
    mkdir -p $WORK_DIR/redis;
    mkdir -p $WORK_DIR/postgres;
    mkdir -p $WORK_DIR/frontend;
    mkdir -p $WORK_DIR/backend;
    envsubst < $TEMPLATE/redis/redis-secret.template.yaml > $WORK_DIR/redis/redis-secret.yaml;
    envsubst < $TEMPLATE/postgres/postgres-secret.template.yaml > $WORK_DIR/postgres/postgres-secret.yaml;
    envsubst < $TEMPLATE/frontend/frontend-secret.template.yaml > $WORK_DIR/frontend/frontend-secret.yaml;
    envsubst < $TEMPLATE/backend/backend-secret.template.yaml > $WORK_DIR/backend/backend-secret.yaml;
    envsubst < $TEMPLATE/nginx-ingress/nginx-ingress-api.yaml > $WORK_DIR/nginx-ingress/nginx-ingress-api.yaml;
    envsubst < $TEMPLATE/nginx-ingress/nginx-ingress-root.yaml > $WORK_DIR/nginx-ingress/nginx-ingress-root.yaml;
    envsubst < $TEMPLATE/cert-manager/cert-manager-certificate.template.yaml > $WORK_DIR/cert-manager/cert-manager-certificate.yaml;
 }
 function main {
    if [[ $1 == "--prod" || $1 == "-a" ]]; then
        DOMAIN="hideyoshi.com.br"
        API_DOMAIN="api.hideyoshi.com.br"
    elif [[ $1 == "--staging" || $1 == "-a" ]]; then
        DOMAIN="staging.hideyoshi.com.br"
        API_DOMAIN="api.staging.hideyoshi.com.br"
    elif [[ $1 == "--dev" || $1 == "-d" ]]; then
        DOMAIN="hideyoshi.com.br"
        API_DOMAIN="api.hideyoshi.com.br"
    fi
    [[ -z $2 ]] && secret_file=".secret" || secret_file=$2
    if [[ -e $secret_file ]]; then
        set -a
        while read line; do
            if [[ $line != "" ]]; then
                variable=$(echo -n "$line" | cut -f 1 -d '=')
                value=$(echo -n $(echo -n "$line" | cut -f 2- -d '=') | base64 -w 0)
                declare "$variable=$value"
            fi
        done < $secret_file
        set +a
    else 
        echo "ERROR: Secret file not found.";
        exit 1;
    fi
    set_working_dir
 }
 main $@
--- a/template/backend/backend-secret.template.yaml
+++ b/template/backend/backend-secret.template.yaml
--- a/template/cert-manager/cert-manager-certificate.template.yaml
+++ b/template/cert-manager/cert-manager-certificate.template.yaml
@@ -5,8 +5,8 @@ metadata:
    namespace: portfolio
 spec:
    dnsNames:
-        - hideyoshi.com.br
+        - ${DOMAIN}
-        - api.hideyoshi.com.br
+        - ${API_DOMAIN}
    secretName: letsencrypt-cluster-certificate-tls
    issuerRef:
        name: cluster-certificate-issuer
--- a/template/frontend/frontend-secret.template.yaml
+++ b/template/frontend/frontend-secret.template.yaml
@@ -6,3 +6,5 @@ metadata:
 type: Opaque
 data:
    frontend_path: $FRONTEND_PATH
    backend_url: $BACKEND_URL
    backend_oauth_url: $BACKEND_OAUTH_URL
--- a/template/nginx-ingress/nginx-ingress-api.yaml
+++ b/template/nginx-ingress/nginx-ingress-api.yaml
@@ -0,0 +1,34 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  namespace: portfolio
  name: nginx-ingress-api
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
 spec:
  tls:
    - hosts:
        - ${API_DOMAIN}
      secretName: letsencrypt-cluster-certificate-tls
  rules:
    - host: ${DOMAIN}
      http:
        paths:
          - path: /api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: backend-service
                port:
                  number: 8070
    - http:
        paths:
          - path: /api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: backend-service
                port:
                  number: 8070
--- a/template/nginx-ingress/nginx-ingress-root.yaml
+++ b/template/nginx-ingress/nginx-ingress-root.yaml
@@ -0,0 +1,45 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  namespace: portfolio
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
  tls:
    - hosts:
        - ${DOMAIN}
        - ${API_DOMAIN}
      secretName: letsencrypt-cluster-certificate-tls
  rules:
    - host: ${DOMAIN}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-service
                port:
                  number: 5000
    - host: ${API_DOMAIN}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: backend-service
                port:
                  number: 8070
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-service
                port:
                  number: 5000
--- a/template/postgres/postgres-secret.template.yaml
+++ b/template/postgres/postgres-secret.template.yaml
--- a/template/redis/redis-secret.template.yaml
+++ b/template/redis/redis-secret.template.yaml