Fixes Deployment

.gitignore

@@ -13,3 +13,4 @@
 **/deployment/nginx-ingress/nginx-ingress-api.yaml
 
 **/deployment/nginx-ingress/nginx-ingress-root.yaml
+*.patch

deploy.sh

@@ -1,53 +1,67 @@
 #!/bin/bash
 
+function configure_nginx_ingress() {
+    kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml
+    kubectl wait --namespace ingress-nginx \
+        --for=condition=ready pod \
+        --selector=app.kubernetes.io/component=controller \
+        --timeout=120s
+}
+
+function configure_cert_manager() {
+    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.5/cert-manager.yaml
+    kubectl wait --for=condition=available \
+        --timeout=600s \
+        deployment.apps/cert-manager \
+        deployment.apps/cert-manager-cainjector \
+        deployment.apps/cert-manager-webhook \
+        -n cert-manager
+}
 
 function application_deploy() {
 
-    kubectl apply -f ./deployment/portfolio-namespace.yaml;
+    kubectl apply -f ./deployment/portfolio-namespace.yaml
 
-    kubectl create secret generic backend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json);
-    kubectl create secret generic frontend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json);
-    kubectl create secret generic postgres-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/postgresSecret.json);
-    kubectl create secret generic redis-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json);
-    kubectl create secret generic storage-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json);
+    kubectl create secret generic backend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json)
+    kubectl create secret generic frontend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json)
+    kubectl create secret generic postgres-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/postgresSecret.json)
+    kubectl create secret generic redis-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json)
+    kubectl create secret generic storage-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json)
 
-    kubectl apply -f \
-        ./deployment/cert-manager/cert-manager-certificate.yaml;
-
-    kubectl apply -f ./deployment/postgres;
+    kubectl apply -f ./deployment/postgres
     kubectl wait --for=condition=available \
         --timeout=600s \
         deployment.apps/postgres-deployment \
-        -n portfolio;
+        -n portfolio
 
-    kubectl apply -f ./deployment/redis;
+    kubectl apply -f ./deployment/redis
     kubectl wait --for=condition=available \
         --timeout=600s \
         deployment.apps/redis-deployment \
-        -n portfolio;
+        -n portfolio
 
-    kubectl apply -f ./deployment/frontend;
+    kubectl apply -f ./deployment/frontend
     kubectl wait --for=condition=available \
         --timeout=600s \
         deployment.apps/frontend-deployment \
-        -n portfolio;
+        -n portfolio
 
-    kubectl apply -f ./deployment/storage;
+    kubectl apply -f ./deployment/storage
     kubectl wait --for=condition=available \
         --timeout=600s \
         deployment.apps/storage-deployment \
-        -n portfolio;
+        -n portfolio
 
-    kubectl apply -f ./deployment/backend;
+    kubectl apply -f ./deployment/backend
     kubectl wait --for=condition=available \
         --timeout=600s \
         deployment.apps/backend-deployment \
-        -n portfolio;
+        -n portfolio
 
     kubectl apply -f \
-        ./deployment/nginx-ingress/nginx-ingress-root.yaml;
+        ./deployment/nginx-ingress/nginx-ingress-root.yaml
     kubectl apply -f \
-        ./deployment/nginx-ingress/nginx-ingress-api.yaml;
+        ./deployment/nginx-ingress/nginx-ingress-api.yaml
 
 }
 
@@ -59,31 +73,37 @@ function main() {
             minikube kubectl -- $@
         }
 
-        minikube start --driver kvm2;
-        minikube addons enable ingress-dns;
-        minikube addons enable ingress;
-        
-        kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
-
-        kubectl apply -f ./deployment/cert-manager/cert-manager-issuer-dev.yaml;
+        minikube start --driver kvm2
+        minikube addons enable ingress-dns
+        minikube addons enable ingress
 
         application_deploy
 
-        echo "http://$(/usr/bin/minikube ip)";
+        configure_cert_manager
+
+        kubectl apply -f ./deployment/cert-manager/cert-manager-issuer-dev.yaml
+
+        kubectl apply -f \
+            ./deployment/cert-manager/cert-manager-certificate.yaml
+
+        echo "http://$(/usr/bin/minikube ip)"
 
     else
 
-        kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/baremetal/deploy.yaml
-
-        kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
-
-        kubectl apply -f ./deployment/cert-manager/cert-manager-issuer.yaml;
+        configure_nginx_ingress
 
         application_deploy
 
+        configure_cert_manager
+
+        kubectl apply -f ./deployment/cert-manager/cert-manager-issuer.yaml
+
+        kubectl apply -f \
+            ./deployment/cert-manager/cert-manager-certificate.yaml
+
     fi
 
-    exit 0;
+    exit 0
 
 }
 

deployment/nginx-ingress/nginx-ingress-load-balancer.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ingress-nginx-controller-loadbalancer
+  namespace: ingress-nginx
+spec:
+  selector:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 80
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  type: LoadBalancer

deployment/nginx-ingress/nginx-ingress.yaml

@@ -1 +0,0 @@
-Not Found

deployment/storage/storage-processor.yaml

@@ -20,7 +20,7 @@ spec:
                   args: [ "-q" ]
                   imagePullPolicy: "Always"
                   env:
-                      - name: REDIS_HOST
+                      - name: REDIS_BASE_URL
                         valueFrom:
                             configMapKeyRef:
                                 name: redis-config
@@ -38,6 +38,9 @@ spec:
                                 name: redis-secret
                                 key: redisPassword
 
+                      - name: REDIS_URL
+                        value: "redis://:$(REDIS_PASSWORD)@$(REDIS_BASE_URL):$(REDIS_PORT)/rq"
+
                       - name: STORAGE_TYPE
                         valueFrom:
                             secretKeyRef:

deployment/storage/storage.yaml

@@ -24,7 +24,7 @@ spec:
                         valueFrom:
                             secretKeyRef:
                                 name: frontend-secret
-                                key: frontendPath
+                                key: backendUrl
 
                       - name: EXPIRES_IN
                         valueFrom:

setup.py

@@ -36,11 +36,6 @@ def configure_templates(environment: str):
         "deployment/cert-manager/cert-manager-certificate.yaml"
     )
 
-    write_template(
-        "template/nginx-ingress/nginx-ingress-api.yaml",
-        "deployment/nginx-ingress/nginx-ingress-api.yaml"
-    )
-
     write_template(
         "template/nginx-ingress/nginx-ingress-root.yaml",
         "deployment/nginx-ingress/nginx-ingress-root.yaml"
@@ -120,6 +115,16 @@ def validate_storage_secret(secret: str):
             raise ValueError(f"Key {key} not found in storageSecret")
 
 
+def validate_certmanager_secret(secret: str):
+    required_keys = [
+        'dnsApiKey',
+    ]
+
+    for key in required_keys:
+        if key not in secret:
+            raise ValueError(f"Key {key} not found in certmanagerSecret")
+
+
 
 
 def validate_env(env: dict):
@@ -129,6 +134,7 @@ def validate_env(env: dict):
         'postgresSecret',
         'redisSecret',
         'storageSecret',
+        'certmanagerSecret'
     ]
 
     for secret in required_secrets:
@@ -150,6 +156,9 @@ def validate_env(env: dict):
         if secret == 'storageSecret':
             validate_storage_secret(env[secret])
 
+        if secret == 'certmanagerSecret':
+            validate_certmanager_secret(env[secret])
+
 def write_secrets_to_file(env: dict):
     for key, secret in env.items():
         secrets_dir = Path("deployment", "secrets")

template/nginx-ingress/nginx-ingress-api.yaml

@@ -1,34 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  namespace: portfolio
-  name: nginx-ingress-api
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/use-regex: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-spec:
-  tls:
-    - hosts:
-        - ${API_DOMAIN}
-      secretName: letsencrypt-cluster-certificate-tls
-  rules:
-    - host: ${DOMAIN}
-      http:
-        paths:
-          - path: /api(/|$)(.*)
-            pathType: Prefix
-            backend:
-              service:
-                name: backend-service
-                port:
-                  number: 8070
-    - http:
-        paths:
-          - path: /api(/|$)(.*)
-            pathType: Prefix
-            backend:
-              service:
-                name: backend-service
-                port:
-                  number: 8070