old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First Complete Working Version

Browse Source
This commit is contained in:
Vitor Hideyoshi
2024-10-16 00:10:00 -03:00
parent abe800dd5e
commit c1b2deaa6e
16 changed files with 186 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
deploy.sh
View File

@@ -1,63 +1,162 @@
#!/bin/sh #!/bin/sh
# eval "$(awk 'BEGIN{
# for (i in ENVIRON) {
# if (i ~ /^(KUBE_)[a-zA-Z_][a-zA-Z0-9_]*$/) {
# printf "export " i "_B64=";
# system("echo \"$"i"\" | base64 -w0");
# print;
# }
# }
# }' /dev/null)"
read_env_file() {
function read_env_file() { if [ -f $1 ]; then
if [[ -f $1 ]]; then
set -a && source $1 && set +a; set -a && source $1 && set +a;
fi fi
} }
function build_secret_envs() { build_secret_envs() {
for i in $(env | grep -E '^KUBE_[a-zA-Z_][a-zA-Z0-9_]*=' | cut -d= -f1); do for i in $(env | grep -E '^KUBE_[a-zA-Z_][a-zA-Z0-9_]*=' | cut -d= -f1); do
eval "export ${i}_B64=$(echo ${!i} | base64 -w0)" eval "export ${i}_B64=$(echo -n ${!i} | base64 -w0)"
done done
} }
function deploy_kubernetes() { apply_template() {
echo -e "\n\n----------------------------------------------------\n"
echo -e "Applying: $1\n"
echo -e "----------------------------------------------------\n\n\n"
envsubst < $1 | kubectl apply -f -
}
apply_deployment() {
for file in $(find $1 -type f); do
apply_template $file
done
}
configure_nginx_minikube() {
if [[ $1 == "true" ]]; then
minikube start --driver kvm2 --cpus 2 --memory 4Gib
fi
minikube addons enable ingress-dns
minikube addons enable ingress
}
configure_nginx_ingress() {
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=120s
}
configure_cert_manager() {
helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.14.2 \
--set installCRDs=true \
--timeout=600s || echo "Cert Manager already installed"
}
configure_postgres() {
helm repo add cnpg https://cloudnative-pg.github.io/charts
helm upgrade --install cnpg \
--namespace ${KUBE_NAMESPACE} \
--create-namespace \
cnpg/cloudnative-pg
kubectl wait --for=condition=available \
--timeout=600s \
deployment.apps/cnpg-cloudnative-pg \
-n ${KUBE_NAMESPACE}
apply_template "./template/postgres/cn-cluster.template.yaml"
kubectl wait --for=condition=Ready \
--timeout=600s \
cluster/postgres-cn-cluster \
-n ${KUBE_NAMESPACE}
}
configure_ingress() {
apply_template "./template/nginx-ingress/nginx-ingress-root.template.yaml"
if [[ $1 == "local" ]]; then
apply_template "./template/cert-manager/cert-manager-issuer-dev.yaml"
else
apply_template "./template/cert-manager/cert-manager-issuer.yaml"
fi
apply_template "./template/cert-manager/cert-manager-certificate.template.yaml"
}
deploy_kubernetes() {
if [[ $1 == "local" ]]; then
configure_nginx_minikube $2
else
configure_nginx_ingress
fi
configure_cert_manager
KUBE_FILES=( KUBE_FILES=(
"./template/portfolio-namespace.template.yaml" "./template/portfolio-namespace.template.yaml"
"./template/portfolio-secret.template.yml" "./template/portfolio-secret.template.yml"
) )
for file in ${KUBE_FILES[@]}; do for file in ${KUBE_FILES[@]}; do
echo -e "\n\n----------------------------------------------------\n" apply_template $file
echo -e "Deploying: $file\n"
echo -e "----------------------------------------------------\n\n\n"
envsubst < $file
done done
configure_postgres
apply_deployment "./template/redis"
apply_deployment "./template/frontend"
apply_deployment "./template/storage"
apply_deployment "./template/backend"
configure_ingress $1
} }
function main() { main() {
build_secret_envs build_secret_envs
deploy_kubernetes deploy_kubernetes $@
} }
while getopts ":f:" opt; do environment="remote"
setup_minikube="false"
while getopts ":f:e:m:h:" opt; do
case ${opt} in case ${opt} in
f ) f)
echo "Reading env file: ${OPTARG}" echo "Reading env file: ${OPTARG}"
read_env_file ${OPTARG} read_env_file ${OPTARG}
;; ;;
\? ) e)
echo "Usage: deploy.sh [-f <env_file>]" [[ ${OPTARG} == "local" ]] && environment="local"
;;
m)
setup_minikube="true"
;;
*)
echo "Usage: deploy.sh [-f <env_file>] [-e <environment>] [-m <minikube>]"
exit 1
;; ;;
esac esac
done done
main main $environment $setup_minikube

4
deployment/portfolio-namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: portfolio

4
deployment/backend/backend-config.yaml → template/backend/backend-config.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: backend-config name: backend-config
data: data:
backend_url: backend-service backend_url: backend-service
backend_port: "8070" backend_port: "8070"
backend_db_name: portfolio backend_db_name: ${KUBE_DATABASE_NAME}

32
template/backend/backend.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: backend-deployment name: backend-deployment
spec: spec:
replicas: 1 replicas: 1
@@ -43,49 +43,49 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: frontendPath key: frontendUrl
- name: TOKEN_SECRET - name: TOKEN_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: tokenSecret key: backendTokenSecret
- name: ACCESS_TOKEN_DURATION - name: ACCESS_TOKEN_DURATION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: accessTokenDuration key: backendAccessTokenDuration
- name: REFRESH_TOKEN_DURATION - name: REFRESH_TOKEN_DURATION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: refreshTokenDuration key: backendRefreshTokenDuration
- name: DEFAULT_USER_FULLNAME - name: DEFAULT_USER_FULLNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserFullName key: backendDefaultUserFullName
- name: DEFAULT_USER_EMAIL - name: DEFAULT_USER_EMAIL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserEmail key: backendDefaultUserEmail
- name: DEFAULT_USER_USERNAME - name: DEFAULT_USER_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserUsername key: backendDefaultUserUsername
- name: DEFAULT_USER_PASSWORD - name: DEFAULT_USER_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: defaultUserPassword key: backendDefaultUserPassword
- name: PORT - name: PORT
valueFrom: valueFrom:
@@ -97,37 +97,37 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: googleClientId key: backendGoogleClientId
- name: GOOGLE_CLIENT_SECRET - name: GOOGLE_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: googleClientSecret key: backendGoogleClientSecret
- name: GOOGLE_REDIRECT_URL - name: GOOGLE_REDIRECT_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: googleRedirectUrl key: backendGoogleRedirectUrl
- name: GITHUB_CLIENT_ID - name: GITHUB_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: githubClientId key: backendGithubClientId
- name: GITHUB_CLIENT_SECRET - name: GITHUB_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: githubClientSecret key: backendGithubClientSecret
- name: GITHUB_REDIRECT_URL - name: GITHUB_REDIRECT_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: githubRedirectUrl key: backendGithubRedirectUrl
- name: POSTGRES_URL - name: POSTGRES_URL
valueFrom: valueFrom:
@@ -193,7 +193,7 @@ spec:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: backend-service name: backend-service
spec: spec:
selector: selector:

8
template/cert-manager/cert-manager-certificate.template.yaml
View File

@@ -2,15 +2,15 @@ apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: letsencrypt-cluster-certificate name: letsencrypt-cluster-certificate
namespace: portfolio namespace: ${KUBE_NAMESPACE}
spec: spec:
dnsNames: dnsNames:
- ${DOMAIN} - ${KUBE_DOMAIN}
- ${API_DOMAIN} - ${KUBE_API_DOMAIN}
secretName: letsencrypt-cluster-certificate-tls secretName: letsencrypt-cluster-certificate-tls
issuerRef: issuerRef:
name: cluster-certificate-issuer name: cluster-certificate-issuer
kind: ClusterIssuer kind: ClusterIssuer
subject: subject:
organizations: organizations:
- Hideyoshi - ${KUBE_DOMAIN_ORGANIZATION}

0
deployment/cert-manager/cert-manager-issuer-dev.yaml → template/cert-manager/cert-manager-issuer-dev.yaml
View File

4
deployment/cert-manager/cert-manager-issuer.yaml → template/cert-manager/cert-manager-issuer.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: cluster-certificate-issuer name: cluster-certificate-issuer
spec: spec:
acme: acme:
server: https://acme-v02.api.letsencrypt.org/directory server: ${KUBE_CERT_SERVER}
email: vitor.h.n.batista@gmail.com email: ${KUBE_DOMAIN_EMAIL}
privateKeySecretRef: privateKeySecretRef:
name: cluster-certificate-issuer name: cluster-certificate-issuer
solvers: solvers:

2
deployment/frontend/frontend-config.yaml → template/frontend/frontend-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: frontend-config name: frontend-config
data: data:
frontend_url: frontend-service frontend_url: frontend-service

10
template/frontend/frontend.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: frontend-deployment name: frontend-deployment
labels: labels:
app: frontend app: frontend
@@ -47,23 +47,23 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: backendUrl key: frontendBackendUrl
- name: BACKEND_OAUTH_URL - name: BACKEND_OAUTH_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: backendOAuthUrl key: frontendOAuthUrl
- name: GITHUB_USER - name: GITHUB_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: githubUser key: frontendGithubUser
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: frontend-service name: frontend-service
spec: spec:
selector: selector:

10
template/nginx-ingress/nginx-ingress-root.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: nginx-ingress name: nginx-ingress
annotations: annotations:
kubernetes.io/ingress.class: nginx kubernetes.io/ingress.class: nginx
@@ -10,11 +10,11 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- ${DOMAIN} - ${KUBE_DOMAIN}
- ${API_DOMAIN} - ${KUBE_API_DOMAIN}
secretName: letsencrypt-cluster-certificate-tls secretName: letsencrypt-cluster-certificate-tls
rules: rules:
- host: ${DOMAIN} - host: ${KUBE_DOMAIN}
http: http:
paths: paths:
- path: / - path: /
@@ -24,7 +24,7 @@ spec:
name: frontend-service name: frontend-service
port: port:
number: 5000 number: 5000
- host: ${API_DOMAIN} - host: ${KUBE_API_DOMAIN}
http: http:
paths: paths:
- path: / - path: /

2
template/postgres/cn-cluster.template.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: postgresql.cnpg.io/v1
kind: Cluster kind: Cluster
metadata: metadata:
name: postgres-cn-cluster name: postgres-cn-cluster
namespace: portfolio namespace: ${KUBE_NAMESPACE}
spec: spec:
instances: 1 instances: 1
primaryUpdateStrategy: unsupervised primaryUpdateStrategy: unsupervised

2
deployment/redis/redis-config.yaml → template/redis/redis-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: redis-config name: redis-config
data: data:
redis-url: redis-service redis-url: redis-service

6
deployment/redis/redis.yaml → template/redis/redis.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: redis-deployment name: redis-deployment
spec: spec:
replicas: 1 replicas: 1
@@ -15,7 +15,7 @@ spec:
spec: spec:
containers: containers:
- name: redis - name: redis
image: bitnami/redis image: bitnami/redis:6.2.16
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
resources: resources:
requests: requests:
@@ -37,7 +37,7 @@ spec:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: redis-service name: redis-service
spec: spec:
selector: selector:

2
deployment/storage/storage-config.yaml → template/storage/storage-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: storage-config name: storage-config
data: data:
storage_url: storage-service storage_url: storage-service

18
template/storage/storage-processor.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: storage-processor-deployment name: storage-processor-deployment
spec: spec:
replicas: 1 replicas: 1
@@ -44,13 +44,13 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: backendUrl key: frontendBackendUrl
- name: EXPIRES_IN - name: EXPIRES_IN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: accessTokenDuration key: backendAccessTokenDuration
- name: SERVER_PORT - name: SERVER_PORT
valueFrom: valueFrom:
@@ -86,34 +86,34 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsAccessKeyId key: storageAwsAccessKeyId
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsSecretAccessKey key: storageAwsSecretAccessKey
- name: AWS_REGION_NAME - name: AWS_REGION_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsRegion key: storageAwsRegion
- name: AWS_BUCKET_NAME - name: AWS_BUCKET_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsBucket key: storageAwsBucket
- name: VIRUS_CHECKER_TYPE - name: VIRUS_CHECKER_TYPE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: virusCheckerType key: storageVirusCheckerType
- name: VIRUS_CHECKER_API_KEY - name: VIRUS_CHECKER_API_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: virusCheckerApiKey key: storageVirusCheckerApiKey

20
template/storage/storage.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: storage-deployment name: storage-deployment
spec: spec:
replicas: 1 replicas: 1
@@ -43,13 +43,13 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: frontend-secret name: frontend-secret
key: backendUrl key: frontendBackendUrl
- name: EXPIRES_IN - name: EXPIRES_IN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: backend-secret name: backend-secret
key: accessTokenDuration key: backendAccessTokenDuration
- name: SERVER_PORT - name: SERVER_PORT
valueFrom: valueFrom:
@@ -85,43 +85,43 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsAccessKeyId key: storageAwsAccessKeyId
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsSecretAccessKey key: storageAwsSecretAccessKey
- name: AWS_REGION_NAME - name: AWS_REGION_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsRegion key: storageAwsRegion
- name: AWS_BUCKET_NAME - name: AWS_BUCKET_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: awsBucket key: storageAwsBucket
- name: VIRUS_CHECKER_TYPE - name: VIRUS_CHECKER_TYPE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: virusCheckerType key: storageVirusCheckerType
- name: VIRUS_CHECKER_API_KEY - name: VIRUS_CHECKER_API_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: storage-secret name: storage-secret
key: virusCheckerApiKey key: storageVirusCheckerApiKey
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
namespace: portfolio namespace: ${KUBE_NAMESPACE}
name: storage-service name: storage-service
spec: spec:
selector: selector: