old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First Complete Working Version

Browse Source
This commit is contained in:
Vitor Hideyoshi
2024-10-16 00:10:00 -03:00
parent abe800dd5e
commit c1b2deaa6e
16 changed files with 186 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
deploy.sh
View File

@@ -1,63 +1,162 @@
#!/bin/sh
# eval "$(awk 'BEGIN{
# for (i in ENVIRON) {
# if (i ~ /^(KUBE_)[a-zA-Z_][a-zA-Z0-9_]*$/) {
# printf "export " i "_B64=";
# system("echo \"$"i"\" | base64 -w0");
# print;
# }
# }
# }' /dev/null)"
function read_env_file() {
if [[ -f $1 ]]; then
read_env_file() {
if [ -f $1 ]; then
set -a && source $1 && set +a;
fi
}
function build_secret_envs() {
build_secret_envs() {
for i in $(env | grep -E '^KUBE_[a-zA-Z_][a-zA-Z0-9_]*=' | cut -d= -f1); do
eval "export ${i}_B64=$(echo ${!i} | base64 -w0)"
eval "export ${i}_B64=$(echo -n ${!i} | base64 -w0)"
done
}
function deploy_kubernetes() {
apply_template() {
echo -e "\n\n----------------------------------------------------\n"
echo -e "Applying: $1\n"
echo -e "----------------------------------------------------\n\n\n"
envsubst < $1 | kubectl apply -f -
}
apply_deployment() {
for file in $(find $1 -type f); do
apply_template $file
done
}
configure_nginx_minikube() {
if [[ $1 == "true" ]]; then
minikube start --driver kvm2 --cpus 2 --memory 4Gib
fi
minikube addons enable ingress-dns
minikube addons enable ingress
}
configure_nginx_ingress() {
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=120s
}
configure_cert_manager() {
helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.14.2 \
--set installCRDs=true \
--timeout=600s || echo "Cert Manager already installed"
}
configure_postgres() {
helm repo add cnpg https://cloudnative-pg.github.io/charts
helm upgrade --install cnpg \
--namespace ${KUBE_NAMESPACE} \
--create-namespace \
cnpg/cloudnative-pg
kubectl wait --for=condition=available \
--timeout=600s \
deployment.apps/cnpg-cloudnative-pg \
-n ${KUBE_NAMESPACE}
apply_template "./template/postgres/cn-cluster.template.yaml"
kubectl wait --for=condition=Ready \
--timeout=600s \
cluster/postgres-cn-cluster \
-n ${KUBE_NAMESPACE}
}
configure_ingress() {
apply_template "./template/nginx-ingress/nginx-ingress-root.template.yaml"
if [[ $1 == "local" ]]; then
apply_template "./template/cert-manager/cert-manager-issuer-dev.yaml"
else
apply_template "./template/cert-manager/cert-manager-issuer.yaml"
fi
apply_template "./template/cert-manager/cert-manager-certificate.template.yaml"
}
deploy_kubernetes() {
if [[ $1 == "local" ]]; then
configure_nginx_minikube $2
else
configure_nginx_ingress
fi
configure_cert_manager
KUBE_FILES=(
"./template/portfolio-namespace.template.yaml"
"./template/portfolio-secret.template.yml"
)
for file in ${KUBE_FILES[@]}; do
echo -e "\n\n----------------------------------------------------\n"
echo -e "Deploying: $file\n"
echo -e "----------------------------------------------------\n\n\n"
envsubst < $file
apply_template $file
done
configure_postgres
apply_deployment "./template/redis"
apply_deployment "./template/frontend"
apply_deployment "./template/storage"
apply_deployment "./template/backend"
configure_ingress $1
}
function main() {
main() {
build_secret_envs
deploy_kubernetes
deploy_kubernetes $@
}
while getopts ":f:" opt; do
environment="remote"
setup_minikube="false"
while getopts ":f:e:m:h:" opt; do
case ${opt} in
f)
echo "Reading env file: ${OPTARG}"
read_env_file ${OPTARG}
;;
\? )
echo "Usage: deploy.sh [-f <env_file>]"
e)
[[ ${OPTARG} == "local" ]] && environment="local"
;;
m)
setup_minikube="true"
;;
*)
echo "Usage: deploy.sh [-f <env_file>] [-e <environment>] [-m <minikube>]"
exit 1
;;
esac
done
main
main $environment $setup_minikube

4
deployment/portfolio-namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: portfolio

4
deployment/backend/backend-config.yaml → template/backend/backend-config.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: backend-config
data:
backend_url: backend-service
backend_port: "8070"
backend_db_name: portfolio
backend_db_name: ${KUBE_DATABASE_NAME}

32
template/backend/backend.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: backend-deployment
spec:
replicas: 1
@@ -43,49 +43,49 @@ spec:
valueFrom:
secretKeyRef:
name: frontend-secret
key: frontendPath
key: frontendUrl
- name: TOKEN_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: tokenSecret
key: backendTokenSecret
- name: ACCESS_TOKEN_DURATION
valueFrom:
secretKeyRef:
name: backend-secret
key: accessTokenDuration
key: backendAccessTokenDuration
- name: REFRESH_TOKEN_DURATION
valueFrom:
secretKeyRef:
name: backend-secret
key: refreshTokenDuration
key: backendRefreshTokenDuration
- name: DEFAULT_USER_FULLNAME
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserFullName
key: backendDefaultUserFullName
- name: DEFAULT_USER_EMAIL
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserEmail
key: backendDefaultUserEmail
- name: DEFAULT_USER_USERNAME
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserUsername
key: backendDefaultUserUsername
- name: DEFAULT_USER_PASSWORD
valueFrom:
secretKeyRef:
name: backend-secret
key: defaultUserPassword
key: backendDefaultUserPassword
- name: PORT
valueFrom:
@@ -97,37 +97,37 @@ spec:
valueFrom:
secretKeyRef:
name: backend-secret
key: googleClientId
key: backendGoogleClientId
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: googleClientSecret
key: backendGoogleClientSecret
- name: GOOGLE_REDIRECT_URL
valueFrom:
secretKeyRef:
name: backend-secret
key: googleRedirectUrl
key: backendGoogleRedirectUrl
- name: GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: githubClientId
key: backendGithubClientId
- name: GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: githubClientSecret
key: backendGithubClientSecret
- name: GITHUB_REDIRECT_URL
valueFrom:
secretKeyRef:
name: backend-secret
key: githubRedirectUrl
key: backendGithubRedirectUrl
- name: POSTGRES_URL
valueFrom:
@@ -193,7 +193,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: backend-service
spec:
selector:

8
template/cert-manager/cert-manager-certificate.template.yaml
View File

@@ -2,15 +2,15 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: letsencrypt-cluster-certificate
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
spec:
dnsNames:
- ${DOMAIN}
- ${API_DOMAIN}
- ${KUBE_DOMAIN}
- ${KUBE_API_DOMAIN}
secretName: letsencrypt-cluster-certificate-tls
issuerRef:
name: cluster-certificate-issuer
kind: ClusterIssuer
subject:
organizations:
- Hideyoshi
- ${KUBE_DOMAIN_ORGANIZATION}

0
deployment/cert-manager/cert-manager-issuer-dev.yaml → template/cert-manager/cert-manager-issuer-dev.yaml
View File

4
deployment/cert-manager/cert-manager-issuer.yaml → template/cert-manager/cert-manager-issuer.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: cluster-certificate-issuer
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: vitor.h.n.batista@gmail.com
server: ${KUBE_CERT_SERVER}
email: ${KUBE_DOMAIN_EMAIL}
privateKeySecretRef:
name: cluster-certificate-issuer
solvers:

2
deployment/frontend/frontend-config.yaml → template/frontend/frontend-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: frontend-config
data:
frontend_url: frontend-service

10
template/frontend/frontend.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: frontend-deployment
labels:
app: frontend
@@ -47,23 +47,23 @@ spec:
valueFrom:
secretKeyRef:
name: frontend-secret
key: backendUrl
key: frontendBackendUrl
- name: BACKEND_OAUTH_URL
valueFrom:
secretKeyRef:
name: frontend-secret
key: backendOAuthUrl
key: frontendOAuthUrl
- name: GITHUB_USER
valueFrom:
secretKeyRef:
name: frontend-secret
key: githubUser
key: frontendGithubUser
---
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: frontend-service
spec:
selector:

10
template/nginx-ingress/nginx-ingress-root.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
@@ -10,11 +10,11 @@ metadata:
spec:
tls:
- hosts:
- ${DOMAIN}
- ${API_DOMAIN}
- ${KUBE_DOMAIN}
- ${KUBE_API_DOMAIN}
secretName: letsencrypt-cluster-certificate-tls
rules:
- host: ${DOMAIN}
- host: ${KUBE_DOMAIN}
http:
paths:
- path: /
@@ -24,7 +24,7 @@ spec:
name: frontend-service
port:
number: 5000
- host: ${API_DOMAIN}
- host: ${KUBE_API_DOMAIN}
http:
paths:
- path: /

2
template/postgres/cn-cluster.template.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres-cn-cluster
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
spec:
instances: 1
primaryUpdateStrategy: unsupervised

2
deployment/redis/redis-config.yaml → template/redis/redis-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: redis-config
data:
redis-url: redis-service

6
deployment/redis/redis.yaml → template/redis/redis.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: redis-deployment
spec:
replicas: 1
@@ -15,7 +15,7 @@ spec:
spec:
containers:
- name: redis
image: bitnami/redis
image: bitnami/redis:6.2.16
imagePullPolicy: "IfNotPresent"
resources:
requests:
@@ -37,7 +37,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: redis-service
spec:
selector:

2
deployment/storage/storage-config.yaml → template/storage/storage-config.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: storage-config
data:
storage_url: storage-service

18
template/storage/storage-processor.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: storage-processor-deployment
spec:
replicas: 1
@@ -44,13 +44,13 @@ spec:
valueFrom:
secretKeyRef:
name: frontend-secret
key: backendUrl
key: frontendBackendUrl
- name: EXPIRES_IN
valueFrom:
secretKeyRef:
name: backend-secret
key: accessTokenDuration
key: backendAccessTokenDuration
- name: SERVER_PORT
valueFrom:
@@ -86,34 +86,34 @@ spec:
valueFrom:
secretKeyRef:
name: storage-secret
key: awsAccessKeyId
key: storageAwsAccessKeyId
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: storage-secret
key: awsSecretAccessKey
key: storageAwsSecretAccessKey
- name: AWS_REGION_NAME
valueFrom:
secretKeyRef:
name: storage-secret
key: awsRegion
key: storageAwsRegion
- name: AWS_BUCKET_NAME
valueFrom:
secretKeyRef:
name: storage-secret
key: awsBucket
key: storageAwsBucket
- name: VIRUS_CHECKER_TYPE
valueFrom:
secretKeyRef:
name: storage-secret
key: virusCheckerType
key: storageVirusCheckerType
- name: VIRUS_CHECKER_API_KEY
valueFrom:
secretKeyRef:
name: storage-secret
key: virusCheckerApiKey
key: storageVirusCheckerApiKey

20
template/storage/storage.template.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: storage-deployment
spec:
replicas: 1
@@ -43,13 +43,13 @@ spec:
valueFrom:
secretKeyRef:
name: frontend-secret
key: backendUrl
key: frontendBackendUrl
- name: EXPIRES_IN
valueFrom:
secretKeyRef:
name: backend-secret
key: accessTokenDuration
key: backendAccessTokenDuration
- name: SERVER_PORT
valueFrom:
@@ -85,43 +85,43 @@ spec:
valueFrom:
secretKeyRef:
name: storage-secret
key: awsAccessKeyId
key: storageAwsAccessKeyId
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: storage-secret
key: awsSecretAccessKey
key: storageAwsSecretAccessKey
- name: AWS_REGION_NAME
valueFrom:
secretKeyRef:
name: storage-secret
key: awsRegion
key: storageAwsRegion
- name: AWS_BUCKET_NAME
valueFrom:
secretKeyRef:
name: storage-secret
key: awsBucket
key: storageAwsBucket
- name: VIRUS_CHECKER_TYPE
valueFrom:
secretKeyRef:
name: storage-secret
key: virusCheckerType
key: storageVirusCheckerType
- name: VIRUS_CHECKER_API_KEY
valueFrom:
secretKeyRef:
name: storage-secret
key: virusCheckerApiKey
key: storageVirusCheckerApiKey
---
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
namespace: ${KUBE_NAMESPACE}
name: storage-service
spec:
selector: