old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #70 from HideyoshiSolutions/implements-helm

Browse Source 
Implements Helm and CloudNativePG
This commit is contained in:
Vitor Hideyoshi
2024-02-13 23:44:13 -03:00
committed by GitHub
parent 89b71b13bb 72210c5e47
commit cb199dce37
7 changed files with 111 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
deploy.sh
View File

@@ -1,7 +1,25 @@
#!/bin/bash #!/bin/bash
function check_for_dependencies() {
if ! command -v kubectl &>/dev/null; then
echo "kubectl could not be found"
exit 1
fi
if ! command -v jq &>/dev/null; then
echo "jq could not be found"
exit 1
fi
if ! command -v helm &>/dev/null; then
echo "helm could not be found"
exit 1
fi
}
function configure_nginx_ingress() { function configure_nginx_ingress() {
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
kubectl wait --namespace ingress-nginx \ kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \ --for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \ --selector=app.kubernetes.io/component=controller \
@@ -9,30 +27,47 @@ function configure_nginx_ingress() {
} }
function configure_cert_manager() { function configure_cert_manager() {
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.5/cert-manager.yaml helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.14.2 \
--set installCRDs=true
}
function configure_postgres() {
helm repo add cnpg https://cloudnative-pg.github.io/charts
helm upgrade --install cnpg \
--namespace portfolio \
--create-namespace \
cnpg/cloudnative-pg
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
--timeout=600s \ --timeout=600s \
deployment.apps/cert-manager \ deployment.apps/cnpg-cloudnative-pg \
deployment.apps/cert-manager-cainjector \ -n portfolio
deployment.apps/cert-manager-webhook \
-n cert-manager kubectl apply -f ./deployment/postgres/cn-cluster.yaml
kubectl wait --for=condition=Ready \
--timeout=600s \
cluster/postgres-cn-cluster \
-n portfolio
} }
function application_deploy() { function application_deploy() {
kubectl apply -f ./deployment/portfolio-namespace.yaml kubectl create secret generic backend-secret -n portfolio \
--from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json)
kubectl create secret generic backend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json) kubectl create secret generic frontend-secret -n portfolio \
kubectl create secret generic frontend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json) --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json)
kubectl create secret generic postgres-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/postgresSecret.json)
kubectl create secret generic redis-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json)
kubectl create secret generic storage-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json)
kubectl apply -f ./deployment/postgres kubectl create secret generic redis-secret -n portfolio \
kubectl wait --for=condition=available \ --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json)
--timeout=600s \
deployment.apps/postgres-deployment \ kubectl create secret generic storage-secret -n portfolio \
-n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json)
kubectl apply -f ./deployment/redis kubectl apply -f ./deployment/redis
kubectl wait --for=condition=available \ kubectl wait --for=condition=available \
@@ -67,21 +102,36 @@ function application_deploy() {
function main() { function main() {
check_for_dependencies
if [[ $1 == "--local" || $1 == "-l" ]]; then if [[ $1 == "--local" || $1 == "-l" ]]; then
function kubectl { function kubectl {
minikube kubectl -- $@ minikube kubectl -- $@
} }
minikube start --driver kvm2 --cpus 3 --memory 3Gib minikube start --driver kvm2 --cpus 4 --memory 4Gib
minikube addons enable ingress-dns minikube addons enable ingress-dns
minikube addons enable ingress minikube addons enable ingress
application_deploy else
configure_cert_manager configure_nginx_ingress
kubectl apply -f ./deployment/cert-manager/cert-manager-issuer-dev.yaml fi
kubectl apply -f ./deployment/portfolio-namespace.yaml
configure_postgres
application_deploy
configure_cert_manager
if [[ $1 == "--local" || $1 == "-l" ]]; then
kubectl apply -f \
./deployment/cert-manager/cert-manager-issuer-dev.yaml
kubectl apply -f \ kubectl apply -f \
./deployment/cert-manager/cert-manager-certificate.yaml ./deployment/cert-manager/cert-manager-certificate.yaml
@@ -90,19 +140,6 @@ function main() {
else else
configure_nginx_ingress
application_deploy
external_ip=""
while [ -z $external_ip ]; do
echo "Waiting for end point..."
external_ip=$(kubectl get svc --namespace=ingress-nginx ingress-nginx-controller --template="{{range .status.loadBalancer.ingress}}{{.ip}}{{end}}")
[ -z "$external_ip" ] && sleep 10
done
configure_cert_manager
kubectl apply -f \ kubectl apply -f \
./deployment/cert-manager/cert-manager-issuer.yaml ./deployment/cert-manager/cert-manager-issuer.yaml

1
deployment/backend/backend-config.yaml
View File

@@ -6,3 +6,4 @@ metadata:
data: data:
backend_url: backend-service backend_url: backend-service
backend_port: "8070" backend_port: "8070"
backend_db_name: portfolio

30
deployment/backend/backend.yaml
View File

@@ -18,12 +18,12 @@ spec:
image: yoshiunfriendly/backend-hideyoshi.com image: yoshiunfriendly/backend-hideyoshi.com
imagePullPolicy: Always imagePullPolicy: Always
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"
cpu: "250m" cpu: "250m"
limits: limits:
memory: "256Mi" memory: "256Mi"
cpu: "250m" cpu: "250m"
ports: ports:
- containerPort: 8070 - containerPort: 8070
env: env:
@@ -119,15 +119,15 @@ spec:
- name: POSTGRES_URL - name: POSTGRES_URL
valueFrom: valueFrom:
configMapKeyRef: secretKeyRef:
name: postgres-config name: postgres-cn-cluster-app
key: postgres_url key: host
- name: POSTGRES_DB - name: POSTGRES_DB
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-secret name: postgres-cn-cluster-app
key: postgresDatabase key: dbname
- name: DATABASE_URL - name: DATABASE_URL
value: "postgresql://$(POSTGRES_URL):5432/$(POSTGRES_DB)" value: "postgresql://$(POSTGRES_URL):5432/$(POSTGRES_DB)"
@@ -135,14 +135,14 @@ spec:
- name: DATABASE_USERNAME - name: DATABASE_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-secret name: postgres-cn-cluster-app
key: postgresUser key: user
- name: DATABASE_PASSWORD - name: DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-secret name: postgres-cn-cluster-app
key: postgresPassword key: password
- name: REDIS_URL - name: REDIS_URL
valueFrom: valueFrom:

23
deployment/postgres/cn-cluster.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres-cn-cluster
namespace: portfolio
spec:
instances: 3
primaryUpdateStrategy: unsupervised
imageName: ghcr.io/cloudnative-pg/postgresql:14.10-18
storage:
size: 5Gi
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "75m"
monitoring:
enablePodMonitor: true

7
deployment/postgres/postgres-config.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
name: postgres-config
data:
postgres_url: postgres-service

31
deployment/postgres/postgres-storage.yaml
View File

@@ -1,31 +0,0 @@
kind: PersistentVolume
apiVersion: v1
metadata:
namespace: portfolio
name: postgres-pv-volume
labels:
type: local
app: postgres
spec:
storageClassName: manual
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/data"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: portfolio
name: postgres-pv-claim
labels:
app: postgres
spec:
storageClassName: manual
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi

67
deployment/postgres/postgres.yaml
View File

@@ -1,67 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
name: postgres-deployment
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:14-bullseye
imagePullPolicy: "IfNotPresent"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "250m"
ports:
- containerPort: 5432
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresPassword
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresUser
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresDatabase
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: postgres-pv-claim
---
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
name: postgres-service
spec:
selector:
app: postgres
ports:
- port: 5432
protocol: TCP
targetPort: 5432
type: ClusterIP