old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #75 from HideyoshiSolutions/staging

Browse Source 
Staging - Implements Operators, Helm and CloudNativePG
This commit is contained in:
Vitor Hideyoshi
2024-02-14 02:20:14 -03:00
committed by GitHub
parent 9ec7efd55e cd2b3f2093
commit f9fd63d6d0
9 changed files with 119 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/deploy-prod.yml vendored
View File

@@ -12,6 +12,7 @@ jobs:
name: Build
environment: prod
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
@@ -48,7 +49,8 @@ jobs:
port: ${{ secrets.SSH_PORT }}
key: ${{ secrets.SSH_KEY }}
script: |
sudo apt update && sudo apt install -y jq python3-pip
sudo apt update && sudo apt install -y jq
source ~/.profile
cd infra-hideyoshi.com
./deploy.sh --prod
./refresh.sh

5
.github/workflows/deploy-staging.yml vendored
View File

@@ -10,6 +10,8 @@ jobs:
name: Build
environment: staging
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.8
@@ -45,7 +47,8 @@ jobs:
port: ${{ secrets.SSH_PORT }}
key: ${{ secrets.SSH_KEY }}
script: |
sudo apt update && sudo apt install -y jq python3-pip
sudo apt update && sudo apt install -y jq
source ~/.profile
cd infra-hideyoshi.com
./deploy.sh --staging
./refresh.sh

106
deploy.sh
View File

@@ -1,7 +1,25 @@
#!/bin/bash
function check_for_dependencies() {
if ! command -v kubectl &>/dev/null; then
echo "kubectl could not be found"
exit 1
fi
if ! command -v jq &>/dev/null; then
echo "jq could not be found"
exit 1
fi
if ! command -v helm &>/dev/null; then
echo "helm could not be found"
exit 1
fi
}
function configure_nginx_ingress() {
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
@@ -9,30 +27,48 @@ function configure_nginx_ingress() {
}
function configure_cert_manager() {
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.5/cert-manager.yaml
helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.14.2 \
--set installCRDs=true \
--timeout=600s
}
function configure_postgres() {
helm repo add cnpg https://cloudnative-pg.github.io/charts
helm upgrade --install cnpg \
--namespace portfolio \
--create-namespace \
cnpg/cloudnative-pg
kubectl wait --for=condition=available \
--timeout=600s \
deployment.apps/cert-manager \
deployment.apps/cert-manager-cainjector \
deployment.apps/cert-manager-webhook \
-n cert-manager
deployment.apps/cnpg-cloudnative-pg \
-n portfolio
kubectl apply -f ./deployment/postgres/cn-cluster.yaml
kubectl wait --for=condition=Ready \
--timeout=600s \
cluster/postgres-cn-cluster \
-n portfolio
}
function application_deploy() {
kubectl apply -f ./deployment/portfolio-namespace.yaml
kubectl create secret generic backend-secret -n portfolio \
--from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json)
kubectl create secret generic backend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/backendSecret.json)
kubectl create secret generic frontend-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json)
kubectl create secret generic postgres-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/postgresSecret.json)
kubectl create secret generic redis-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json)
kubectl create secret generic storage-secret -n portfolio --from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json)
kubectl create secret generic frontend-secret -n portfolio \
--from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/frontendSecret.json)
kubectl apply -f ./deployment/postgres
kubectl wait --for=condition=available \
--timeout=600s \
deployment.apps/postgres-deployment \
-n portfolio
kubectl create secret generic redis-secret -n portfolio \
--from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/redisSecret.json)
kubectl create secret generic storage-secret -n portfolio \
--from-env-file <(jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" ./deployment/secrets/storageSecret.json)
kubectl apply -f ./deployment/redis
kubectl wait --for=condition=available \
@@ -67,21 +103,36 @@ function application_deploy() {
function main() {
check_for_dependencies
if [[ $1 == "--local" || $1 == "-l" ]]; then
function kubectl {
minikube kubectl -- $@
}
minikube start --driver kvm2 --cpus 3 --memory 3Gib
minikube start --driver kvm2 --cpus 4 --memory 4Gib
minikube addons enable ingress-dns
minikube addons enable ingress
application_deploy
else
configure_cert_manager
configure_nginx_ingress
kubectl apply -f ./deployment/cert-manager/cert-manager-issuer-dev.yaml
fi
configure_cert_manager
kubectl apply -f ./deployment/portfolio-namespace.yaml
configure_postgres
application_deploy
if [[ $1 == "--local" || $1 == "-l" ]]; then
kubectl apply -f \
./deployment/cert-manager/cert-manager-issuer-dev.yaml
kubectl apply -f \
./deployment/cert-manager/cert-manager-certificate.yaml
@@ -90,19 +141,6 @@ function main() {
else
configure_nginx_ingress
application_deploy
external_ip=""
while [ -z $external_ip ]; do
echo "Waiting for end point..."
external_ip=$(kubectl get svc --namespace=ingress-nginx ingress-nginx-controller --template="{{range .status.loadBalancer.ingress}}{{.ip}}{{end}}")
[ -z "$external_ip" ] && sleep 10
done
configure_cert_manager
kubectl apply -f \
./deployment/cert-manager/cert-manager-issuer.yaml

3
deployment/backend/backend-config.yaml
View File

@@ -5,4 +5,5 @@ metadata:
name: backend-config
data:
backend_url: backend-service
backend_port: "8070"
backend_port: "8070"
backend_db_name: portfolio

30
deployment/backend/backend.yaml
View File

@@ -18,12 +18,12 @@ spec:
image: yoshiunfriendly/backend-hideyoshi.com
imagePullPolicy: Always
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "250m"
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "250m"
ports:
- containerPort: 8070
env:
@@ -119,15 +119,15 @@ spec:
- name: POSTGRES_URL
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres_url
secretKeyRef:
name: postgres-cn-cluster-app
key: host
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresDatabase
name: postgres-cn-cluster-app
key: dbname
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_URL):5432/$(POSTGRES_DB)"
@@ -135,14 +135,14 @@ spec:
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresUser
name: postgres-cn-cluster-app
key: user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresPassword
name: postgres-cn-cluster-app
key: password
- name: REDIS_URL
valueFrom:

23
deployment/postgres/cn-cluster.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres-cn-cluster
namespace: portfolio
spec:
instances: 3
primaryUpdateStrategy: unsupervised
imageName: ghcr.io/cloudnative-pg/postgresql:14.10-18
storage:
size: 5Gi
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "75m"
monitoring:
enablePodMonitor: true

7
deployment/postgres/postgres-config.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: portfolio
name: postgres-config
data:
postgres_url: postgres-service

31
deployment/postgres/postgres-storage.yaml
View File

@@ -1,31 +0,0 @@
kind: PersistentVolume
apiVersion: v1
metadata:
namespace: portfolio
name: postgres-pv-volume
labels:
type: local
app: postgres
spec:
storageClassName: manual
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/data"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: portfolio
name: postgres-pv-claim
labels:
app: postgres
spec:
storageClassName: manual
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi

67
deployment/postgres/postgres.yaml
View File

@@ -1,67 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: portfolio
name: postgres-deployment
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:14-bullseye
imagePullPolicy: "IfNotPresent"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "250m"
ports:
- containerPort: 5432
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresPassword
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresUser
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgresDatabase
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: postgres-pv-claim
---
apiVersion: v1
kind: Service
metadata:
namespace: portfolio
name: postgres-service
spec:
selector:
app: postgres
ports:
- port: 5432
protocol: TCP
targetPort: 5432
type: ClusterIP