old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes Deployment

Browse Source
This commit is contained in:
Vitor Hideyoshi
2023-10-01 17:44:53 -03:00
parent 63e5f19aa0
commit 4413305baa
9 changed files with 97 additions and 5702 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -12,4 +12,5 @@
**/deployment/nginx-ingress/nginx-ingress-api.yaml **/deployment/nginx-ingress/nginx-ingress-api.yaml
**/deployment/nginx-ingress/nginx-ingress-root.yaml **/deployment/nginx-ingress/nginx-ingress-root.yaml
*.patch

92
deploy.sh
View File

@@ -1,89 +1,109 @@
#!/bin/bash #!/bin/bash
function configure_nginx_ingress() {
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=120s
}
function configure_cert_manager() {
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.5/cert-manager.yaml
kubectl wait --for=condition=available \
--timeout=600s \
deployment.apps/cert-manager \
deployment.apps/cert-manager-cainjector \
deployment.apps/cert-manager-webhook \
-n cert-manager
}
function application_deploy() { function application_deploy() {
kubectl apply -f ./deployment/portfolio-namespace.yaml; kubectl apply -f ./deployment/portfolio-namespace.yaml
kubectl create secret generic backend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json); kubectl create secret generic backend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json)
kubectl create secret generic frontend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json); kubectl create secret generic frontend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json)
kubectl create secret generic postgres-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/postgresSecret.json); kubectl create secret generic postgres-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/postgresSecret.json)
kubectl create secret generic redis-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json); kubectl create secret generic redis-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json)
kubectl create secret generic storage-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json); kubectl create secret generic storage-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json)
kubectl apply -f \ kubectl apply -f ./deployment/postgres
./deployment/cert-manager/cert-manager-certificate.yaml;
kubectl apply -f ./deployment/postgres;
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
--timeout=600s \ --timeout=600s \
deployment.apps/postgres-deployment \ deployment.apps/postgres-deployment \
-n portfolio; -n portfolio
kubectl apply -f ./deployment/redis; kubectl apply -f ./deployment/redis
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
--timeout=600s \ --timeout=600s \
deployment.apps/redis-deployment \ deployment.apps/redis-deployment \
-n portfolio; -n portfolio
kubectl apply -f ./deployment/frontend; kubectl apply -f ./deployment/frontend
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
--timeout=600s \ --timeout=600s \
deployment.apps/frontend-deployment \ deployment.apps/frontend-deployment \
-n portfolio; -n portfolio
kubectl apply -f ./deployment/storage; kubectl apply -f ./deployment/storage
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
--timeout=600s \ --timeout=600s \
deployment.apps/storage-deployment \ deployment.apps/storage-deployment \
-n portfolio; -n portfolio
kubectl apply -f ./deployment/backend; kubectl apply -f ./deployment/backend
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
--timeout=600s \ --timeout=600s \
deployment.apps/backend-deployment \ deployment.apps/backend-deployment \
-n portfolio; -n portfolio
kubectl apply -f \ kubectl apply -f \
./deployment/nginx-ingress/nginx-ingress-root.yaml; ./deployment/nginx-ingress/nginx-ingress-root.yaml
kubectl apply -f \ kubectl apply -f \
./deployment/nginx-ingress/nginx-ingress-api.yaml; ./deployment/nginx-ingress/nginx-ingress-api.yaml
} }
function main() { function main() {
if [[ $1 == "--test" || $1 == "-t" ]]; then if [[ $1 == "--test" || $1 == "-t" ]]; then
function kubectl { function kubectl {
minikube kubectl -- $@ minikube kubectl -- $@
} }
minikube start --driver kvm2; minikube start --driver kvm2
minikube addons enable ingress-dns; minikube addons enable ingress-dns
minikube addons enable ingress; minikube addons enable ingress
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
kubectl apply -f ./deployment/cert-manager/cert-manager-issuer-dev.yaml;
application_deploy application_deploy
echo "http://$(/usr/bin/minikube ip)"; configure_cert_manager
kubectl apply -f ./deployment/cert-manager/cert-manager-issuer-dev.yaml
kubectl apply -f \
./deployment/cert-manager/cert-manager-certificate.yaml
echo "http://$(/usr/bin/minikube ip)"
else else
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/baremetal/deploy.yaml configure_nginx_ingress
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
kubectl apply -f ./deployment/cert-manager/cert-manager-issuer.yaml;
application_deploy application_deploy
configure_cert_manager
kubectl apply -f ./deployment/cert-manager/cert-manager-issuer.yaml
kubectl apply -f \
./deployment/cert-manager/cert-manager-certificate.yaml
fi fi
exit 0; exit 0
} }

5623
deployment/cert-manager/cert-manager.yaml
View File

File diff suppressed because it is too large Load Diff

20
deployment/nginx-ingress/nginx-ingress-load-balancer.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller-loadbalancer
namespace: ingress-nginx
spec:
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
type: LoadBalancer

1
deployment/nginx-ingress/nginx-ingress.yaml
View File

@@ -1 +0,0 @@
Not Found

5
deployment/storage/storage-processor.yaml
View File

@@ -20,7 +20,7 @@ spec:
args: [ "-q" ] args: [ "-q" ]
imagePullPolicy: "Always" imagePullPolicy: "Always"
env: env:
- name: REDIS_HOST - name: REDIS_BASE_URL
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: redis-config name: redis-config
@@ -38,6 +38,9 @@ spec:
name: redis-secret name: redis-secret
key: redisPassword key: redisPassword
- name: REDIS_URL
value: "redis://:$(REDIS_PASSWORD)@$(REDIS_BASE_URL):$(REDIS_PORT)/rq"
- name: STORAGE_TYPE - name: STORAGE_TYPE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

2
deployment/storage/storage.yaml
View File

@@ -24,7 +24,7 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: frontendPath key: backendUrl
- name: EXPIRES_IN - name: EXPIRES_IN
valueFrom: valueFrom:

19
setup.py
View File

@@ -36,11 +36,6 @@ def configure_templates(environment: str):
"deployment/cert-manager/cert-manager-certificate.yaml" "deployment/cert-manager/cert-manager-certificate.yaml"
) )
write_template(
"template/nginx-ingress/nginx-ingress-api.yaml",
"deployment/nginx-ingress/nginx-ingress-api.yaml"
)
write_template( write_template(
"template/nginx-ingress/nginx-ingress-root.yaml", "template/nginx-ingress/nginx-ingress-root.yaml",
"deployment/nginx-ingress/nginx-ingress-root.yaml" "deployment/nginx-ingress/nginx-ingress-root.yaml"
@@ -120,6 +115,16 @@ def validate_storage_secret(secret: str):
raise ValueError(f"Key {key} not found in storageSecret") raise ValueError(f"Key {key} not found in storageSecret")
def validate_certmanager_secret(secret: str):
required_keys = [
'dnsApiKey',
]
for key in required_keys:
if key not in secret:
raise ValueError(f"Key {key} not found in certmanagerSecret")
def validate_env(env: dict): def validate_env(env: dict):
@@ -129,6 +134,7 @@ def validate_env(env: dict):
'postgresSecret', 'postgresSecret',
'redisSecret', 'redisSecret',
'storageSecret', 'storageSecret',
'certmanagerSecret'
] ]
for secret in required_secrets: for secret in required_secrets:
@@ -150,6 +156,9 @@ def validate_env(env: dict):
if secret == 'storageSecret': if secret == 'storageSecret':
validate_storage_secret(env[secret]) validate_storage_secret(env[secret])
if secret == 'certmanagerSecret':
validate_certmanager_secret(env[secret])
def write_secrets_to_file(env: dict): def write_secrets_to_file(env: dict):
for key, secret in env.items(): for key, secret in env.items():
secrets_dir = Path("deployment", "secrets") secrets_dir = Path("deployment", "secrets")

34
template/nginx-ingress/nginx-ingress-api.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: portfolio
name: nginx-ingress-api
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
tls:
- hosts:
- ${API_DOMAIN}
secretName: letsencrypt-cluster-certificate-tls
rules:
- host: ${DOMAIN}
http:
paths:
- path: /api(/|$)(.*)
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 8070
- http:
paths:
- path: /api(/|$)(.*)
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 8070