From 1693375235690ae7cf008e115aabf614f78f8b35 Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Tue, 30 Nov 2021 11:56:03 +0100 Subject: [PATCH 01/17] added skr prod --- .../01_prod/shubbkoarnsru/deployment.yaml | 122 ++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 02_hetzner/01_prod/shubbkoarnsru/deployment.yaml diff --git a/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml b/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml new file mode 100644 index 0000000..e8ad698 --- /dev/null +++ b/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml @@ -0,0 +1,122 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: skr-deployment + namespace: prod-environment + labels: + app: skr-prod +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: skr-prod + template: + metadata: + labels: + app: skr-prod + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + containers: + - name: schubbkoarnsru + image: packages.semapp.lan:5000/schubbkoarnsru:v0.0.11 + imagePullPolicy: Always + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "4" + ports: + - containerPort: 8000 + name: skr-http + protocol: TCP + envFrom: + - configMapRef: + name: skr-prod-config-prod + volumeMounts: + - mountPath: /app/media/ + name: skr-pv-prod + volumes: + - name: skr-pv-prod + persistentVolumeClaim: + claimName: skr-pvc-prod +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: skr-prod-config-prod + labels: + app: skr-prod +data: + DJANGO_DB_ENGINE: "django.db.backends.postgresql_psycopg2" + DJANGO_DB_NAME: "schubbkoarnsruh" + DJANGO_DB_USER: "schubbkoarnsruh" + DJANGO_DB_PASSWORD: "rHeVZxhSBc6UPsnF" + DJANGO_DB_HOST: "psql.semprod.local" + DJANGO_DB_PORT: "5432" + +--- +# Persistent Volume Claim description +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: skr-pvc-prod + namespace: prod-environment + labels: + app: skr-prod +spec: + storageClassName: longhorn + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +# schubbkoarnsru Service +apiVersion: v1 +kind: Service +metadata: + name: skr + namespace: prod-environment +spec: + selector: + app: skr-prod + ports: + - name: skr-http + port: 8000 + targetPort: skr-http + type: NodePort +--- + +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: skr-prod-ingress + namespace: prod-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: schubbkoarnsru.k8s.semprod.local + http: + paths: + - path: / + backend: + serviceName: skr + servicePort: 8000 + - host: schubbkoarnsruh.semapp.de + http: + paths: + - path: / + backend: + serviceName: skr + servicePort: 8000 \ No newline at end of file From 0a60e7ce158f0fea4dea9d67f6ccce21c393ac77 Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Tue, 30 Nov 2021 15:15:18 +0100 Subject: [PATCH 02/17] passbolt dev added --- 01_onsite/01_dev/passbolt/deployment.yaml | 85 +++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 01_onsite/01_dev/passbolt/deployment.yaml diff --git a/01_onsite/01_dev/passbolt/deployment.yaml b/01_onsite/01_dev/passbolt/deployment.yaml new file mode 100644 index 0000000..98aa7a2 --- /dev/null +++ b/01_onsite/01_dev/passbolt/deployment.yaml @@ -0,0 +1,85 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: passbolt-deployment + namespace: dev-environment + labels: + app: passbolt-dev +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: passbolt-dev + template: + metadata: + labels: + app: passbolt-dev + spec: + containers: + - name: passbolt + image: passbolt/passbolt:3.3.1 + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8080 + name: passbolt-http + protocol: TCP + envFrom: + - configMapRef: + name: passbolt-dev-config-dev +--- +# passbolt ConfigMap +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: dev-environment + name: passbolt-dev-config-dev + labels: + app: efc-dev +data: + DATASOURCES_DEFAULT_HOST: mariadb-lb + DATASOURCES_DEFAULT_PASSWORD: passbolt + DATASOURCES_DEFAULT_USERNAME: passbolt + DATASOURCES_DEFAULT_DATABASE: passbolt + APP_FULL_BASE_URL: http://passbolt-dev.k3s.semapp.lan +--- +# passbolt Service +apiVersion: v1 +kind: Service +metadata: + name: passbolt + namespace: dev-environment +spec: + selector: + app: passbolt-dev + ports: + - name: passbolt-http + port: 8080 + targetPort: passbolt-http + type: NodePort +--- +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: passbolt-dev-ingress + namespace: dev-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: passbolt-dev.k3s.semapp.lan + http: + paths: + - path: / + backend: + serviceName: passbolt + servicePort: 8080 \ No newline at end of file From 5020ad18bd472ad2839b55081055f7d85ead1c26 Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Mon, 6 Dec 2021 16:21:56 +0100 Subject: [PATCH 03/17] mariadb and phpmyadmin infra deployment --- 01_onsite/00_infra/mariadb/deployment.yaml | 89 +++++++++++++++++++ 01_onsite/00_infra/phpmyadmin/deployment.yaml | 71 +++++++++++++++ 2 files changed, 160 insertions(+) create mode 100644 01_onsite/00_infra/mariadb/deployment.yaml create mode 100644 01_onsite/00_infra/phpmyadmin/deployment.yaml diff --git a/01_onsite/00_infra/mariadb/deployment.yaml b/01_onsite/00_infra/mariadb/deployment.yaml new file mode 100644 index 0000000..5896ebb --- /dev/null +++ b/01_onsite/00_infra/mariadb/deployment.yaml @@ -0,0 +1,89 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb-deployment + namespace: infra-environment + labels: + app: mariadb-infra +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: mariadb-infra + template: + metadata: + labels: + app: mariadb-infra + spec: + containers: + - name: mariadb + image: mariadb:10.7.1 + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 3306 + envFrom: + - configMapRef: + name: mariadb-config + volumeMounts: + - mountPath: /var/lib/mysql + name: mariadb-pv-infra + subPath: mariadb + volumes: + - name: mariadb-pv-infra + persistentVolumeClaim: + claimName: mariadb-pvc-infra +--- +# Persistent Volume Claim description +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-pvc-infra + namespace: infra-environment + labels: + app: mariadb-infra +spec: + storageClassName: longhorn + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +--- +# ConfigMap description +apiVersion: v1 +kind: ConfigMap +metadata: + name: mariadb-config + namespace: infra-environment + labels: + app: mariadb-infra +data: + MYSQL_ROOT_PASSWORD: Semapp123456! + MYSQL_DATABASE: mariadb + MYSQL_USER: mysqluser + MYSQL_PASSWORD: Semapp123456! +--- +# mariadb StatefulSet Service +apiVersion: v1 +kind: Service +metadata: + name: mariadb-infra + namespace: infra-environment +spec: + selector: + app: mariadb-infra + type: LoadBalancer + ports: + - port: 3306 + targetPort: 3306 + +--- \ No newline at end of file diff --git a/01_onsite/00_infra/phpmyadmin/deployment.yaml b/01_onsite/00_infra/phpmyadmin/deployment.yaml new file mode 100644 index 0000000..1d09b5e --- /dev/null +++ b/01_onsite/00_infra/phpmyadmin/deployment.yaml @@ -0,0 +1,71 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpmyadmin-deployment + namespace: infra-environment + labels: + app: phpmyadmin-infra +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: phpmyadmin-infra + template: + metadata: + labels: + app: phpmyadmin-infra + spec: + containers: + - name: phpmyadmin + image: phpmyadmin/phpmyadmin + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 80 + name: phpmyadmin-http + protocol: TCP + env: + - name: PMA_HOST + value: "mariadb-infra" +--- +# phpmyadmin Service +apiVersion: v1 +kind: Service +metadata: + name: phpmyadmin + namespace: infra-environment +spec: + selector: + app: phpmyadmin-infra + ports: + - name: phpmyadmin-http + port: 80 + targetPort: phpmyadmin-http + type: NodePort +--- + +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: phpmyadmin-infra-ingress + namespace: infra-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: phpmyadmin.k3s.semapp.lan + http: + paths: + - path: / + backend: + serviceName: phpmyadmin + servicePort: 80 \ No newline at end of file From bb5af35a005b5d43abb30bf9240b33b02082461a Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Tue, 7 Dec 2021 13:47:22 +0100 Subject: [PATCH 04/17] added passbolt infra --- 01_onsite/00_infra/passbolt/deployment.yaml | 93 +++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 01_onsite/00_infra/passbolt/deployment.yaml diff --git a/01_onsite/00_infra/passbolt/deployment.yaml b/01_onsite/00_infra/passbolt/deployment.yaml new file mode 100644 index 0000000..03cd8b6 --- /dev/null +++ b/01_onsite/00_infra/passbolt/deployment.yaml @@ -0,0 +1,93 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: passbolt-deployment + namespace: infra-environment + labels: + app: passbolt-infra +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: passbolt-infra + template: + metadata: + labels: + app: passbolt-infra + spec: + containers: + - name: passbolt + image: passbolt/passbolt:3.3.1 + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8080 + name: passbolt-http + protocol: TCP + envFrom: + - configMapRef: + name: passbolt-config-infra +--- +# passbolt ConfigMap +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: infra-environment + name: passbolt-config-infra + labels: + app: passbolt-infra +data: + DATASOURCES_DEFAULT_HOST: mariadb-infra + DATASOURCES_DEFAULT_PASSWORD: passbolt + DATASOURCES_DEFAULT_USERNAME: passbolt + DATASOURCES_DEFAULT_DATABASE: passbolt + APP_FULL_BASE_URL: http://passbolt.k3s.semapp.lan + ## Email config + EMAIL_DEFAULT_FROM: support@semantic-applications.de + EMAIL_TRANSPORT_DEFAULT_HOST: smtp.strato.de + EMAIL_TRANSPORT_DEFAULT_PORT: "587" + EMAIL_TRANSPORT_DEFAULT_USERNAME: support@semantic-applications.de + EMAIL_TRANSPORT_DEFAULT_PASSWORD: "uN1zPIqN9@br" + EMAIL_TRANSPORT_DEFAULT_TLS: "true" + +--- +# passbolt Service +apiVersion: v1 +kind: Service +metadata: + name: passbolt + namespace: infra-environment +spec: + selector: + app: passbolt-infra + ports: + - name: passbolt-http + port: 8080 + targetPort: passbolt-http + type: NodePort +--- +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: passbolt-infra-ingress + namespace: infra-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: passbolt.k3s.semapp.lan + http: + paths: + - path: / + backend: + serviceName: passbolt + servicePort: 8080 \ No newline at end of file From 0e4ee6d31ad3086916dc2e178ffd9648988b219e Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Tue, 7 Dec 2021 13:54:01 +0100 Subject: [PATCH 05/17] skr to rc1 --- 01_onsite/01_dev/shubbkoarnsru/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01_onsite/01_dev/shubbkoarnsru/deployment.yaml b/01_onsite/01_dev/shubbkoarnsru/deployment.yaml index 9a9ebea..ebda1d4 100644 --- a/01_onsite/01_dev/shubbkoarnsru/deployment.yaml +++ b/01_onsite/01_dev/shubbkoarnsru/deployment.yaml @@ -24,7 +24,7 @@ spec: fsGroup: 1000 containers: - name: schubbkoarnsru - image: packages.semapp.lan:5000/schubbkoarnsru:v0.0.10 + image: packages.semapp.lan:5000/schubbkoarnsru:v1.0.0RC1 imagePullPolicy: Always resources: requests: From 012f4ea56c11054db4d80897f2308b3dcb6ffcfb Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Tue, 7 Dec 2021 15:28:49 +0100 Subject: [PATCH 06/17] skr to V1.0.0RC1 --- 02_hetzner/01_prod/shubbkoarnsru/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml b/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml index e8ad698..5a6919f 100644 --- a/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml +++ b/02_hetzner/01_prod/shubbkoarnsru/deployment.yaml @@ -24,7 +24,7 @@ spec: fsGroup: 1000 containers: - name: schubbkoarnsru - image: packages.semapp.lan:5000/schubbkoarnsru:v0.0.11 + image: packages.semapp.lan:5000/schubbkoarnsru:v1.0.0RC1 imagePullPolicy: Always resources: requests: From a82a5579bc05175a369bdbb6209805e7575d5515 Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Mon, 13 Dec 2021 16:50:50 +0100 Subject: [PATCH 07/17] added semapp homepage --- .../01_dev/semapp-wagtail/deployment.yaml | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 01_onsite/01_dev/semapp-wagtail/deployment.yaml diff --git a/01_onsite/01_dev/semapp-wagtail/deployment.yaml b/01_onsite/01_dev/semapp-wagtail/deployment.yaml new file mode 100644 index 0000000..981280d --- /dev/null +++ b/01_onsite/01_dev/semapp-wagtail/deployment.yaml @@ -0,0 +1,115 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: semapp-deployment + namespace: dev-environment + labels: + app: semapp-dev +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: semapp-dev + template: + metadata: + labels: + app: semapp-dev + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + containers: + - name: semapp + image: packages.semapp.lan:5000/semapp-wagtail:V0.0.1 + imagePullPolicy: Always + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "4" + ports: + - containerPort: 8000 + name: semapp-http + protocol: TCP + envFrom: + - configMapRef: + name: semapp-dev-config-dev + volumeMounts: + - mountPath: /app/media/ + name: semapp-pv-dev + volumes: + - name: semapp-pv-dev + persistentVolumeClaim: + claimName: semapp-pvc-dev +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: dev-environment + name: semapp-dev-config-dev + labels: + app: semapp-dev +data: + DJANGO_DB_ENGINE: "django.db.backends.postgresql_psycopg2" + DJANGO_DB_NAME: "semapp-wagtail" + DJANGO_DB_USER: "semapp-wagtail" + DJANGO_DB_PASSWORD: "semapp-wagtail" + DJANGO_DB_HOST: "postgres-lb" + DJANGO_DB_PORT: "5432" + +--- +# Persistent Volume Claim description +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: semapp-pvc-dev + namespace: dev-environment + labels: + app: semapp-dev +spec: + storageClassName: longhorn + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +# semapp Service +apiVersion: v1 +kind: Service +metadata: + name: semapp + namespace: dev-environment +spec: + selector: + app: semapp-dev + ports: + - name: semapp-http + port: 8000 + targetPort: semapp-http + type: NodePort +--- + +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: semapp-dev-ingress + namespace: dev-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: semapp-dev.k3s.semapp.lan + http: + paths: + - path: / + backend: + serviceName: semapp + servicePort: 8000 \ No newline at end of file From 0d545a948c20c340d44cd5969582881e8be12d58 Mon Sep 17 00:00:00 2001 From: Antun Franjin Date: Tue, 7 Dec 2021 14:55:50 +0100 Subject: [PATCH 08/17] Add qa baseline deployment. Trying to make it work and react use modified env variables. --- 01_onsite/02_qa/baseline/deployment.yaml | 226 +++++++++++++++++++ 02_hetzner/00_infra/keycloak/deployment.yaml | 84 +++++++ 2 files changed, 310 insertions(+) create mode 100644 01_onsite/02_qa/baseline/deployment.yaml create mode 100644 02_hetzner/00_infra/keycloak/deployment.yaml diff --git a/01_onsite/02_qa/baseline/deployment.yaml b/01_onsite/02_qa/baseline/deployment.yaml new file mode 100644 index 0000000..b482302 --- /dev/null +++ b/01_onsite/02_qa/baseline/deployment.yaml @@ -0,0 +1,226 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: baseline-deployment + namespace: qa-environment + labels: + app: baseline-qa +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: baseline-qa + template: + metadata: + labels: + app: baseline-qa + spec: + containers: + - name: baseline-frontend + image: packages.semapp.lan:5000/baseline_frontend:qa1 + workingDir: /opt/web + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8000 + name: baseline-http + protocol: TCP + volumeMounts: + - mountPath: /etc/nginx/conf.d + readOnly: true + name: baseline-qa-frontend-conf + - mountPath: /etc/web/src/appConf.json + subPath: appConf.json + name: basiline-env-frontend + readOnly: true + imagePullPolicy: Always + + - name: baseline-backend + image: packages.semapp.lan:5000/baseline_backend:qa1 + workingDir: /opt/www + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 5000 + name: bl-bck-http + protocol: TCP + imagePullPolicy: Always + envFrom: + - configMapRef: + name: baseline-qa-backend-conf + volumes: + - name: basiline-env-frontend + configMap: + name: basiline-env-frontend + - name: baseline-qa-frontend-conf + configMap: + name: baseline-qa-frontend-conf + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: basiline-env-frontend + namespace: qa-environment + labels: + app: baseline-qa +data: + appConf.json: | + { + "REACT_APP_KEYCLOAK_REALM": "baseline_test", + "REACT_APP_KEYCLOAK_CLIENT_ID": "baseline_qa", + "REACT_APP_TOKEN_MIN_VALIDITY": "600" + } + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: qa-environment + name: baseline-qa-backend-conf + labels: + app: baseline-qa +data: + DB_CONNECTION: "pgsql" + DB_HOST: "dbpg11.semapp.lan" + DB_PORT: "5432" + DB_DATABASE: "baseline_k8s_db" + DB_USERNAME: "baseline_qa" + DB_PASSWORD: "baseline_qa" + + APP_NAME: "Baseline" + APP_ENV: "development" + APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw=" + APP_DEBUG: "true" + APP_URL: "http://baseline-qa.k3s.semapp.lan/" + + LOG_CHANNEL: "stack" + BROADCAST_DRIVER: "log" + CACHE_DRIVER: "file" + QUEUE_CONNECTION: "sync" + SESSION_DRIVER: "cookie" + SESSION_LIFETIME: "120" + + + SANCTUM_STATEFUL_DOMAINS: "baseline-qa.k3s.semapp.lan" + SESSION_DOMAIN: "baseline-qa.k3s.semapp.lan" + + THROTTLE_MAX_ATTEMPTS: "80" + + KEYCLOAK_URL: "http://keycloak.semapp.lan" + KEYCLOAK_PORT: "80" + KEYCLOAK_REALM: "baseline_test" + + REDIRECT_URL: "http://baseline-qa.k3s.semapp.lan/" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: qa-environment + name: baseline-qa-frontend-conf +data: + default.conf: | + upstream backend { + server baseline-backend-qa:5000; + } + + server { + listen 8000; + + access_log /var/log/nginx/access.log; + charset utf-8; + client_max_body_size 1G; + + location / { + root /srv/web; + add_header X-Frame-Options "SAMEORIGIN"; + index index.html index.htm; + try_files $uri $uri /index.html =404; + } + + location ~ ^/api { + proxy_pass http://backend; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + } + + error_page 404 =200 /index.html; + + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + + expires off; + open_file_cache off; + sendfile off; + } + +--- +# EFC Service +apiVersion: v1 +kind: Service +metadata: + name: baseline-frontend-qa + namespace: qa-environment +spec: + selector: + app: baseline-qa + ports: + - name: baseline-http + port: 8000 + targetPort: baseline-http + type: NodePort + +--- +# EFC backend +apiVersion: v1 +kind: Service +metadata: + name: baseline-backend-qa + namespace: qa-environment +spec: + selector: + app: baseline-qa + ports: + - name: bl-bck-http + port: 5000 + targetPort: bl-bck-http + type: NodePort +--- + +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: baseline-qa-ingress + namespace: qa-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: baseline-qa.k3s.semapp.lan + http: + paths: + - path: / + backend: + serviceName: baseline-frontend-qa + servicePort: 8000 \ No newline at end of file diff --git a/02_hetzner/00_infra/keycloak/deployment.yaml b/02_hetzner/00_infra/keycloak/deployment.yaml new file mode 100644 index 0000000..0816570 --- /dev/null +++ b/02_hetzner/00_infra/keycloak/deployment.yaml @@ -0,0 +1,84 @@ +--- + apiVersion: "apps/v1" + kind: "Deployment" + metadata: + name: "keycloak" + namespace: "infra-environment" + spec: + selector: + matchLabels: + app: "keycloak" + replicas: 1 + template: + metadata: + labels: + app: "keycloak" + spec: + containers: + - name: "keycloak-prod" + image: "jboss/keycloak" + resources: + requests: + memory: "512Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "4" + imagePullPolicy: "Always" + env: + - name: "KEYCLOAK_USER" + value: "admin" + - name: "KEYCLOAK_PASSWORD" + value: "admin" + - name: DB_VENDOR + value: postgres + - name: DB_ADDR + value: psql.semprod.local + - name: DB_DATABASE + value: keycloak_db + - name: DB_USER + value: keycloak + - name: DB_PASSWORD + value: e7ov7xx45qr1erk9 + ports: + - name: keycloak-http + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: keycloak-srv + namespace: infra-environment +spec: + selector: + app: keycloak + ports: + - name: keycloak-http + port: 8080 + targetPort: keycloak-http + type: NodePort + +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: keycloak-ingress + namespace: infra-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: keycloak.k8s.semprod.local + http: + paths: + - path: / + backend: + serviceName: keycloak-srv + servicePort: 8080 + # - host: keycloak.semapp.lan + # http: + # paths: + # - path: / + # backend: + # serviceName: keycloack-srv + # servicePort: 8080 \ No newline at end of file From 7f871b4014b71a930100fa9150f03c35d5789557 Mon Sep 17 00:00:00 2001 From: Antun Franjin Date: Tue, 14 Dec 2021 03:52:25 +0100 Subject: [PATCH 09/17] Add qa baseline working instzance and add production deployment(not final). --- 01_onsite/01_dev/baseline/deployment.yaml | 21 +- 01_onsite/02_qa/baseline/deployment.yaml | 42 ++-- 02_hetzner/01_prod/baseline/deployment.yaml | 229 ++++++++++++++++++++ 3 files changed, 250 insertions(+), 42 deletions(-) create mode 100644 02_hetzner/01_prod/baseline/deployment.yaml diff --git a/01_onsite/01_dev/baseline/deployment.yaml b/01_onsite/01_dev/baseline/deployment.yaml index 4c0d2e0..b11e709 100644 --- a/01_onsite/01_dev/baseline/deployment.yaml +++ b/01_onsite/01_dev/baseline/deployment.yaml @@ -21,6 +21,7 @@ spec: containers: - name: baseline-frontend image: packages.semapp.lan:5000/baseline_frontend:develop + workingDir: /srv/web resources: requests: memory: "256Mi" @@ -37,23 +38,15 @@ spec: readOnly: true name: baseline-dev-frontend-conf imagePullPolicy: Always - env: - - name: PORT - value: "8000" - - name: REACT_APP_PROD_API_URL - value: "http://baseline-dev.k3s.semapp.lan/api/" - - name: REACT_APP_DEV_API_URL - value: "http://baseline-dev.k3s.semapp.lan/api/" - - name: REACT_APP_VERSION - value: "v1" - - name: REACT_APP_KEYCLOAK_URL - value: "http://keycloak.semapp.lan/auth/" - - name: REACT_APP_KEYCLOAK_REALM + env: + - name: KEYCLOAK_REALM value: "baseline" - - name: REACT_APP_KEYCLOAK_CLIENT_ID + - name: KEYCLOAK_CLIENT value: "baseline" - - name: REACT_APP_TOKEN_MIN_VALIDITY + - name: KEYCLOAK_TOKEN_VALIDITY value: "600" + - name: KEYCLOAK_URL + value: "http://keycloak.semapp.lan/auth/" - name: baseline-backend image: packages.semapp.lan:5000/baseline_backend:develop diff --git a/01_onsite/02_qa/baseline/deployment.yaml b/01_onsite/02_qa/baseline/deployment.yaml index b482302..cc57d5e 100644 --- a/01_onsite/02_qa/baseline/deployment.yaml +++ b/01_onsite/02_qa/baseline/deployment.yaml @@ -21,7 +21,7 @@ spec: containers: - name: baseline-frontend image: packages.semapp.lan:5000/baseline_frontend:qa1 - workingDir: /opt/web + workingDir: /srv/web resources: requests: memory: "256Mi" @@ -34,13 +34,18 @@ spec: name: baseline-http protocol: TCP volumeMounts: - - mountPath: /etc/nginx/conf.d - readOnly: true - name: baseline-qa-frontend-conf - - mountPath: /etc/web/src/appConf.json - subPath: appConf.json - name: basiline-env-frontend - readOnly: true + - mountPath: /etc/nginx/conf.d + readOnly: true + name: baseline-qa-frontend-conf + env: + - name: KEYCLOAK_REALM + value: "baseline_test" + - name: KEYCLOAK_CLIENT + value: "baseline_qa" + - name: KEYCLOAK_TOKEN_VALIDITY + value: "600" + - name: KEYCLOAK_URL + value: "http://keycloak.semapp.lan/auth/" imagePullPolicy: Always - name: baseline-backend @@ -62,29 +67,10 @@ spec: - configMapRef: name: baseline-qa-backend-conf volumes: - - name: basiline-env-frontend - configMap: - name: basiline-env-frontend - name: baseline-qa-frontend-conf configMap: name: baseline-qa-frontend-conf ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: basiline-env-frontend - namespace: qa-environment - labels: - app: baseline-qa -data: - appConf.json: | - { - "REACT_APP_KEYCLOAK_REALM": "baseline_test", - "REACT_APP_KEYCLOAK_CLIENT_ID": "baseline_qa", - "REACT_APP_TOKEN_MIN_VALIDITY": "600" - } - --- apiVersion: v1 kind: ConfigMap @@ -97,7 +83,7 @@ data: DB_CONNECTION: "pgsql" DB_HOST: "dbpg11.semapp.lan" DB_PORT: "5432" - DB_DATABASE: "baseline_k8s_db" + DB_DATABASE: "baseline_k8s_qa" DB_USERNAME: "baseline_qa" DB_PASSWORD: "baseline_qa" diff --git a/02_hetzner/01_prod/baseline/deployment.yaml b/02_hetzner/01_prod/baseline/deployment.yaml new file mode 100644 index 0000000..9ab995c --- /dev/null +++ b/02_hetzner/01_prod/baseline/deployment.yaml @@ -0,0 +1,229 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: baseline-deployment + namespace: prod-environment + labels: + app: baseline-prod +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: baseline-prod + template: + metadata: + labels: + app: baseline-prod + spec: + containers: + - name: baseline-frontend + image: packages.semapp.lan:5000/baseline_frontend:qa1 + workingDir: /srv/web + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8000 + name: baseline-http + protocol: TCP + volumeMounts: + - mountPath: /etc/nginx/conf.d + readOnly: true + name: baseline-prod-frontend-conf + + - mountPath: /srv/web/appConfiguration.json + subPath: appConfiguration.json + name: basiline-prod-env-frontend + readOnly: true + + imagePullPolicy: Always + + - name: baseline-backend + image: packages.semapp.lan:5000/baseline_backend:qa1 + workingDir: /opt/www + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 5000 + name: bl-bck-http + protocol: TCP + imagePullPolicy: Always + envFrom: + - configMapRef: + name: baseline-prod-backend-conf + volumes: + - name: basiline-prod-env-frontend + configMap: + name: basiline-env-frontend + - name: baseline-prod-frontend-conf + configMap: + name: baseline-prod-frontend-conf + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: basiline-prod-env-frontend + namespace: prod-environment + labels: + app: baseline-prod +data: + appConfiguration.json: | + { + "REACT_APP_KEYCLOAK_URL": "http://keycloak.semapp.lan/auth/", + "REACT_APP_KEYCLOAK_REALM": "baseline_prod", + "REACT_APP_KEYCLOAK_CLIENT_ID": "baseline_prod", + "REACT_APP_TOKEN_MIN_VALIDITY": "600" + } + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: baseline-prod-backend-conf + labels: + app: baseline-prod +data: + DB_CONNECTION: "pgsql" + DB_HOST: "psql.semprod.local" + DB_PORT: "5432" + DB_DATABASE: "baseline_prod" + DB_USERNAME: "baseline_prod" + DB_PASSWORD: "yZLi2WZ037l9Xcgg" + + APP_NAME: "Baseline" + APP_ENV: "production" + APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw=" + APP_DEBUG: "true" + APP_URL: "http://baseline.k8s.semprod.local/" + + LOG_CHANNEL: "stack" + BROADCAST_DRIVER: "log" + CACHE_DRIVER: "file" + QUEUE_CONNECTION: "sync" + SESSION_DRIVER: "cookie" + SESSION_LIFETIME: "120" + + + SANCTUM_STATEFUL_DOMAINS: "baseline.k8s.semprod.local" + SESSION_DOMAIN: "baseline.k8s.semprod.local" + + THROTTLE_MAX_ATTEMPTS: "80" + + KEYCLOAK_URL: "http://keycloak.semapp.lan" + KEYCLOAK_PORT: "80" + KEYCLOAK_REALM: "baseline_prod" + + REDIRECT_URL: "http://baseline.k8s.semprod.local/" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: baseline-prod-frontend-conf +data: + default.conf: | + upstream backend { + server baseline-backend-prod:5000; + } + + server { + listen 8000; + + access_log /var/log/nginx/access.log; + charset utf-8; + client_max_body_size 1G; + + location / { + root /srv/web; + add_header X-Frame-Options "SAMEORIGIN"; + index index.html index.htm; + try_files $uri $uri /index.html =404; + } + + location ~ ^/api { + proxy_pass http://backend; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + } + + error_page 404 =200 /index.html; + + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + + expires off; + open_file_cache off; + sendfile off; + } + +--- +# EFC Service +apiVersion: v1 +kind: Service +metadata: + name: baseline-frontend-prod + namespace: prod-environment +spec: + selector: + app: baseline-prod + ports: + - name: baseline-http + port: 8000 + targetPort: baseline-http + type: NodePort + +--- +# EFC backend +apiVersion: v1 +kind: Service +metadata: + name: baseline-backend-prod + namespace: prod-environment +spec: + selector: + app: baseline-prod + ports: + - name: bl-bck-http + port: 5000 + targetPort: bl-bck-http + type: NodePort +--- + +# Ingress description +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: baseline-prod-ingress + namespace: prod-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: baseline.k8s.semprod.local + http: + paths: + - path: / + backend: + serviceName: baseline-frontend-prod + servicePort: 8000 \ No newline at end of file From 0c638329d74c0b7595d6841a571c825a4b88cb49 Mon Sep 17 00:00:00 2001 From: Antun Franjin Date: Wed, 15 Dec 2021 00:48:22 +0100 Subject: [PATCH 10/17] Add trialytix production deployment and baseline prod deployment. For baseline just need entry domain for its infra keycloak instance to run working deployment. --- 01_onsite/01_dev/baseline/deployment.yaml | 8 +- 01_onsite/02_qa/trialytix/deployment.yaml | 4 +- 02_hetzner/01_prod/baseline/deployment.yaml | 35 +--- 02_hetzner/01_prod/trialytix/deployment.yaml | 184 +++++++++++++++++++ 4 files changed, 199 insertions(+), 32 deletions(-) create mode 100644 02_hetzner/01_prod/trialytix/deployment.yaml diff --git a/01_onsite/01_dev/baseline/deployment.yaml b/01_onsite/01_dev/baseline/deployment.yaml index b11e709..f25ee79 100644 --- a/01_onsite/01_dev/baseline/deployment.yaml +++ b/01_onsite/01_dev/baseline/deployment.yaml @@ -20,7 +20,7 @@ spec: spec: containers: - name: baseline-frontend - image: packages.semapp.lan:5000/baseline_frontend:develop + image: packages.semapp.lan:5000/baseline_frontend:qa1 workingDir: /srv/web resources: requests: @@ -40,7 +40,7 @@ spec: imagePullPolicy: Always env: - name: KEYCLOAK_REALM - value: "baseline" + value: "baseline_develop" - name: KEYCLOAK_CLIENT value: "baseline" - name: KEYCLOAK_TOKEN_VALIDITY @@ -49,7 +49,7 @@ spec: value: "http://keycloak.semapp.lan/auth/" - name: baseline-backend - image: packages.semapp.lan:5000/baseline_backend:develop + image: packages.semapp.lan:5000/baseline_backend:qa1 workingDir: /opt/www resources: requests: @@ -110,7 +110,7 @@ data: KEYCLOAK_URL: "http://keycloak.semapp.lan" KEYCLOAK_PORT: "80" - KEYCLOAK_REALM: "baseline" + KEYCLOAK_REALM: "baseline_develop" REDIRECT_URL: "http://baseline-dev.k3s.semapp.lan/" diff --git a/01_onsite/02_qa/trialytix/deployment.yaml b/01_onsite/02_qa/trialytix/deployment.yaml index 41c60c8..2a94884 100644 --- a/01_onsite/02_qa/trialytix/deployment.yaml +++ b/01_onsite/02_qa/trialytix/deployment.yaml @@ -18,7 +18,7 @@ spec: containers: # Backend container - name: trialytix-backend - image: packages.semapp.lan:5000/trialytix_backend:$IMAGE_TAG + image: packages.semapp.lan:5000/trialytix_backend:develop resources: requests: @@ -37,7 +37,7 @@ spec: imagePullPolicy: Always # Frontend container - name: trialytix-frontend - image: packages.semapp.lan:5000/trialytix_frontend:$IMAGE_TAG + image: packages.semapp.lan:5000/trialytix_frontend:develop resources: requests: diff --git a/02_hetzner/01_prod/baseline/deployment.yaml b/02_hetzner/01_prod/baseline/deployment.yaml index 9ab995c..5be1db7 100644 --- a/02_hetzner/01_prod/baseline/deployment.yaml +++ b/02_hetzner/01_prod/baseline/deployment.yaml @@ -37,12 +37,15 @@ spec: - mountPath: /etc/nginx/conf.d readOnly: true name: baseline-prod-frontend-conf - - - mountPath: /srv/web/appConfiguration.json - subPath: appConfiguration.json - name: basiline-prod-env-frontend - readOnly: true - + env: + - name: KEYCLOAK_REALM + value: "baseline_production" + - name: KEYCLOAK_CLIENT + value: "baseline_prod" + - name: KEYCLOAK_TOKEN_VALIDITY + value: "600" + - name: KEYCLOAK_URL + value: "http://keycloak.semapp.lan/auth/" imagePullPolicy: Always - name: baseline-backend @@ -64,30 +67,10 @@ spec: - configMapRef: name: baseline-prod-backend-conf volumes: - - name: basiline-prod-env-frontend - configMap: - name: basiline-env-frontend - name: baseline-prod-frontend-conf configMap: name: baseline-prod-frontend-conf ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: basiline-prod-env-frontend - namespace: prod-environment - labels: - app: baseline-prod -data: - appConfiguration.json: | - { - "REACT_APP_KEYCLOAK_URL": "http://keycloak.semapp.lan/auth/", - "REACT_APP_KEYCLOAK_REALM": "baseline_prod", - "REACT_APP_KEYCLOAK_CLIENT_ID": "baseline_prod", - "REACT_APP_TOKEN_MIN_VALIDITY": "600" - } - --- apiVersion: v1 kind: ConfigMap diff --git a/02_hetzner/01_prod/trialytix/deployment.yaml b/02_hetzner/01_prod/trialytix/deployment.yaml new file mode 100644 index 0000000..504fbdf --- /dev/null +++ b/02_hetzner/01_prod/trialytix/deployment.yaml @@ -0,0 +1,184 @@ +# Deployment description +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trialytix-deployment + namespace: prod-environment +spec: + replicas: 1 + selector: + matchLabels: + app: trialytix-prod + template: + metadata: + labels: + app: trialytix-prod + spec: + containers: + # Backend container + - name: trialytix-backend + image: packages.semapp.lan:5000/trialytix_backend:develop + + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 5100 + name: trialytix-back + protocol: TCP + envFrom: + - configMapRef: + name: trialytix-config-backend-prod + imagePullPolicy: Always + # Frontend container + - name: trialytix-frontend + image: packages.semapp.lan:5000/trialytix_frontend:develop + + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8100 + name: trialytix-front + protocol: TCP + volumeMounts: + - mountPath: /etc/nginx/conf.d + readOnly: true + name: nginx-trialytix-prod-conf + envFrom: + - configMapRef: + name: trialytix-config-backend-prod + imagePullPolicy: Always + volumes: + - name: nginx-trialytix-prod-conf + configMap: + name: nginx-trialytix-prod-conf + +# Env Configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: trialytix-config-backend-prod + labels: + app: trialytix-prod +data: + DJANGO_DB_ENGINE: 'django.db.backends.postgresql' + DJANGO_DB_NAME: 'trialytix_prod' + DJANGO_DB_USER: 'trialytix_prod' + DJANGO_DB_PASSWORD: '1E45fbe8sbmPESHu' + DJANGO_DB_HOST: 'psql.semprod.local' + DJANGO_DB_PORT: '5432' + ALLOWED_HOSTS: '["*"]' + FRONTEND_URL: 'http://trialytix.k8s.semprod.local' + API_URL: 'http://trialytix.k8s.semprod.local' + FRONTEND_PORT: '8100' + BACKEND_PORT: '5100' + +# Nginx configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: nginx-trialytix-prod-conf +data: + default.conf: | + upstream backend { + server backend-trialytix-prod:5100; + } + + server { + listen 8100; + + access_log /var/log/nginx/access.log; + charset utf-8; + client_max_body_size 1G; + + location / { + root /srv/trialytix; + index index.html index.htm; + try_files $uri /index.html =404; + } + + location ~ ^/api { + proxy_pass http://backend; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + } + + error_page 404 =200 /index.html; + + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + + expires off; + open_file_cache off; + sendfile off; + } + +# Trialytix service +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-trialytix-prod + namespace: prod-environment +spec: + selector: + app: trialytix-prod + ports: + - name: trialytix-back + port: 5100 + targetPort: trialytix-back + type: NodePort + +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-trialytix-prod + namespace: prod-environment +spec: + selector: + app: trialytix-prod + ports: + - name: trialytix-front + port: 8100 + targetPort: trialytix-front + type: NodePort + +# Ingress description +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: trialytix-prod-ingress + namespace: prod-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: trialytix.k8s.semprod.local + http: + paths: + - path: / + backend: + serviceName: frontend-trialytix-prod + servicePort: 8100 \ No newline at end of file From ef0e22badf5e18d0b865edc669858e71a8e9ee17 Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Wed, 15 Dec 2021 11:39:06 +0100 Subject: [PATCH 11/17] added keycloak.semprod.local url to ingress --- 02_hetzner/00_infra/keycloak/deployment.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/02_hetzner/00_infra/keycloak/deployment.yaml b/02_hetzner/00_infra/keycloak/deployment.yaml index 0816570..bb41d03 100644 --- a/02_hetzner/00_infra/keycloak/deployment.yaml +++ b/02_hetzner/00_infra/keycloak/deployment.yaml @@ -75,10 +75,10 @@ spec: backend: serviceName: keycloak-srv servicePort: 8080 - # - host: keycloak.semapp.lan - # http: - # paths: - # - path: / - # backend: - # serviceName: keycloack-srv - # servicePort: 8080 \ No newline at end of file + - host: keycloak.semprod.local + http: + paths: + - path: / + backend: + serviceName: keycloak-srv + servicePort: 8080 \ No newline at end of file From 12a191e5a7cee3d42efa355655b3b00523c9d564 Mon Sep 17 00:00:00 2001 From: Antun Franjin Date: Wed, 15 Dec 2021 14:36:26 +0100 Subject: [PATCH 12/17] Configure valoid keycloak realm, client. --- 02_hetzner/01_prod/baseline/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/02_hetzner/01_prod/baseline/deployment.yaml b/02_hetzner/01_prod/baseline/deployment.yaml index 5be1db7..64a3205 100644 --- a/02_hetzner/01_prod/baseline/deployment.yaml +++ b/02_hetzner/01_prod/baseline/deployment.yaml @@ -45,7 +45,7 @@ spec: - name: KEYCLOAK_TOKEN_VALIDITY value: "600" - name: KEYCLOAK_URL - value: "http://keycloak.semapp.lan/auth/" + value: "http://keycloak.semprod.local/auth/" imagePullPolicy: Always - name: baseline-backend @@ -106,9 +106,9 @@ data: THROTTLE_MAX_ATTEMPTS: "80" - KEYCLOAK_URL: "http://keycloak.semapp.lan" + KEYCLOAK_URL: "http://keycloak.semprod.local" KEYCLOAK_PORT: "80" - KEYCLOAK_REALM: "baseline_prod" + KEYCLOAK_REALM: "baseline_production" REDIRECT_URL: "http://baseline.k8s.semprod.local/" From fee7aa76773c16af4ff26affc9a6c19c7d17d6e6 Mon Sep 17 00:00:00 2001 From: Antun Franjin Date: Fri, 17 Dec 2021 10:16:47 +0100 Subject: [PATCH 13/17] Add trialytix deployment. --- 02_hetzner/01_prod/trialytix/deployment.yaml | 184 +++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 02_hetzner/01_prod/trialytix/deployment.yaml diff --git a/02_hetzner/01_prod/trialytix/deployment.yaml b/02_hetzner/01_prod/trialytix/deployment.yaml new file mode 100644 index 0000000..504fbdf --- /dev/null +++ b/02_hetzner/01_prod/trialytix/deployment.yaml @@ -0,0 +1,184 @@ +# Deployment description +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trialytix-deployment + namespace: prod-environment +spec: + replicas: 1 + selector: + matchLabels: + app: trialytix-prod + template: + metadata: + labels: + app: trialytix-prod + spec: + containers: + # Backend container + - name: trialytix-backend + image: packages.semapp.lan:5000/trialytix_backend:develop + + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 5100 + name: trialytix-back + protocol: TCP + envFrom: + - configMapRef: + name: trialytix-config-backend-prod + imagePullPolicy: Always + # Frontend container + - name: trialytix-frontend + image: packages.semapp.lan:5000/trialytix_frontend:develop + + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8100 + name: trialytix-front + protocol: TCP + volumeMounts: + - mountPath: /etc/nginx/conf.d + readOnly: true + name: nginx-trialytix-prod-conf + envFrom: + - configMapRef: + name: trialytix-config-backend-prod + imagePullPolicy: Always + volumes: + - name: nginx-trialytix-prod-conf + configMap: + name: nginx-trialytix-prod-conf + +# Env Configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: trialytix-config-backend-prod + labels: + app: trialytix-prod +data: + DJANGO_DB_ENGINE: 'django.db.backends.postgresql' + DJANGO_DB_NAME: 'trialytix_prod' + DJANGO_DB_USER: 'trialytix_prod' + DJANGO_DB_PASSWORD: '1E45fbe8sbmPESHu' + DJANGO_DB_HOST: 'psql.semprod.local' + DJANGO_DB_PORT: '5432' + ALLOWED_HOSTS: '["*"]' + FRONTEND_URL: 'http://trialytix.k8s.semprod.local' + API_URL: 'http://trialytix.k8s.semprod.local' + FRONTEND_PORT: '8100' + BACKEND_PORT: '5100' + +# Nginx configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: prod-environment + name: nginx-trialytix-prod-conf +data: + default.conf: | + upstream backend { + server backend-trialytix-prod:5100; + } + + server { + listen 8100; + + access_log /var/log/nginx/access.log; + charset utf-8; + client_max_body_size 1G; + + location / { + root /srv/trialytix; + index index.html index.htm; + try_files $uri /index.html =404; + } + + location ~ ^/api { + proxy_pass http://backend; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + } + + error_page 404 =200 /index.html; + + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + + expires off; + open_file_cache off; + sendfile off; + } + +# Trialytix service +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-trialytix-prod + namespace: prod-environment +spec: + selector: + app: trialytix-prod + ports: + - name: trialytix-back + port: 5100 + targetPort: trialytix-back + type: NodePort + +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-trialytix-prod + namespace: prod-environment +spec: + selector: + app: trialytix-prod + ports: + - name: trialytix-front + port: 8100 + targetPort: trialytix-front + type: NodePort + +# Ingress description +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: trialytix-prod-ingress + namespace: prod-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: trialytix.k8s.semprod.local + http: + paths: + - path: / + backend: + serviceName: frontend-trialytix-prod + servicePort: 8100 \ No newline at end of file From 985bc036e765f1f75bedc12b6905b03c3956ea41 Mon Sep 17 00:00:00 2001 From: Antun Franjin Date: Fri, 17 Dec 2021 10:18:10 +0100 Subject: [PATCH 14/17] Remove trialytix prod deployment. --- 02_hetzner/01_prod/trialytix/deployment.yaml | 184 ------------------- 1 file changed, 184 deletions(-) delete mode 100644 02_hetzner/01_prod/trialytix/deployment.yaml diff --git a/02_hetzner/01_prod/trialytix/deployment.yaml b/02_hetzner/01_prod/trialytix/deployment.yaml deleted file mode 100644 index 504fbdf..0000000 --- a/02_hetzner/01_prod/trialytix/deployment.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# Deployment description ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: trialytix-deployment - namespace: prod-environment -spec: - replicas: 1 - selector: - matchLabels: - app: trialytix-prod - template: - metadata: - labels: - app: trialytix-prod - spec: - containers: - # Backend container - - name: trialytix-backend - image: packages.semapp.lan:5000/trialytix_backend:develop - - resources: - requests: - memory: "256Mi" - cpu: "100m" - limits: - memory: "512Mi" - cpu: "4" - ports: - - containerPort: 5100 - name: trialytix-back - protocol: TCP - envFrom: - - configMapRef: - name: trialytix-config-backend-prod - imagePullPolicy: Always - # Frontend container - - name: trialytix-frontend - image: packages.semapp.lan:5000/trialytix_frontend:develop - - resources: - requests: - memory: "256Mi" - cpu: "100m" - limits: - memory: "512Mi" - cpu: "4" - ports: - - containerPort: 8100 - name: trialytix-front - protocol: TCP - volumeMounts: - - mountPath: /etc/nginx/conf.d - readOnly: true - name: nginx-trialytix-prod-conf - envFrom: - - configMapRef: - name: trialytix-config-backend-prod - imagePullPolicy: Always - volumes: - - name: nginx-trialytix-prod-conf - configMap: - name: nginx-trialytix-prod-conf - -# Env Configuration ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: prod-environment - name: trialytix-config-backend-prod - labels: - app: trialytix-prod -data: - DJANGO_DB_ENGINE: 'django.db.backends.postgresql' - DJANGO_DB_NAME: 'trialytix_prod' - DJANGO_DB_USER: 'trialytix_prod' - DJANGO_DB_PASSWORD: '1E45fbe8sbmPESHu' - DJANGO_DB_HOST: 'psql.semprod.local' - DJANGO_DB_PORT: '5432' - ALLOWED_HOSTS: '["*"]' - FRONTEND_URL: 'http://trialytix.k8s.semprod.local' - API_URL: 'http://trialytix.k8s.semprod.local' - FRONTEND_PORT: '8100' - BACKEND_PORT: '5100' - -# Nginx configuration ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: prod-environment - name: nginx-trialytix-prod-conf -data: - default.conf: | - upstream backend { - server backend-trialytix-prod:5100; - } - - server { - listen 8100; - - access_log /var/log/nginx/access.log; - charset utf-8; - client_max_body_size 1G; - - location / { - root /srv/trialytix; - index index.html index.htm; - try_files $uri /index.html =404; - } - - location ~ ^/api { - proxy_pass http://backend; - proxy_redirect off; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - } - - error_page 404 =200 /index.html; - - add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - - expires off; - open_file_cache off; - sendfile off; - } - -# Trialytix service ---- -apiVersion: v1 -kind: Service -metadata: - name: backend-trialytix-prod - namespace: prod-environment -spec: - selector: - app: trialytix-prod - ports: - - name: trialytix-back - port: 5100 - targetPort: trialytix-back - type: NodePort - ---- -apiVersion: v1 -kind: Service -metadata: - name: frontend-trialytix-prod - namespace: prod-environment -spec: - selector: - app: trialytix-prod - ports: - - name: trialytix-front - port: 8100 - targetPort: trialytix-front - type: NodePort - -# Ingress description ---- -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: trialytix-prod-ingress - namespace: prod-environment - annotations: - kubernetes.io/ingress.class: "traefik" -spec: - rules: - - host: trialytix.k8s.semprod.local - http: - paths: - - path: / - backend: - serviceName: frontend-trialytix-prod - servicePort: 8100 \ No newline at end of file From 36a7b397d4cd77a453d1863a88af620b7359a54c Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Fri, 17 Dec 2021 16:02:49 +0100 Subject: [PATCH 15/17] added trialytix demo --- .../trialytix-demo/deployment.yaml | 189 ++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 02_hetzner/02_trialytix/trialytix-demo/deployment.yaml diff --git a/02_hetzner/02_trialytix/trialytix-demo/deployment.yaml b/02_hetzner/02_trialytix/trialytix-demo/deployment.yaml new file mode 100644 index 0000000..a2bea22 --- /dev/null +++ b/02_hetzner/02_trialytix/trialytix-demo/deployment.yaml @@ -0,0 +1,189 @@ +# Deployment description +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trialytix-demo + namespace: trialytix-environment +spec: + replicas: 1 + selector: + matchLabels: + app: trialytix-demo + template: + metadata: + labels: + app: trialytix-demo + spec: + containers: + # Backend container + - name: trialytix-backend + image: packages.semapp.lan:5000/trialytix_backend:develop + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 5100 + name: trialytix-back + protocol: TCP + envFrom: + - configMapRef: + name: trialytix-config-backend-prod + imagePullPolicy: Always + # Frontend container + - name: trialytix-frontend + image: packages.semapp.lan:5000/trialytix_frontend:develop + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8100 + name: trialytix-front + protocol: TCP + volumeMounts: + - mountPath: /etc/nginx/conf.d + readOnly: true + name: nginx-trialytix-demo-conf + envFrom: + - configMapRef: + name: trialytix-config-backend-prod + imagePullPolicy: Always + volumes: + - name: nginx-trialytix-demo-conf + configMap: + name: nginx-trialytix-demo-conf + +# Env Configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: trialytix-environment + name: trialytix-config-backend-prod + labels: + app: trialytix-demo +data: + DJANGO_DB_ENGINE: 'django.db.backends.postgresql' + DJANGO_DB_NAME: 'trialytix-demo' + DJANGO_DB_USER: 'trialytix-demo' + DJANGO_DB_PASSWORD: 'CiF\9G{;/Y~y--}V,<' + DJANGO_DB_HOST: 'psql.semprod.local' + DJANGO_DB_PORT: '5432' + ALLOWED_HOSTS: '["*"]' + FRONTEND_URL: 'http://demo.trialytix.io' + API_URL: 'http://demo.trialytix.io' + FRONTEND_PORT: '8100' + BACKEND_PORT: '5100' + +# Nginx configuration +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: trialytix-environment + name: nginx-trialytix-demo-conf +data: + default.conf: | + upstream backend { + server backend-trialytix-demo:5100; + } + + server { + listen 8100; + + access_log /var/log/nginx/access.log; + charset utf-8; + client_max_body_size 1G; + + location / { + root /srv/trialytix; + index index.html index.htm; + try_files $uri /index.html =404; + } + + location ~ ^/api { + proxy_pass http://backend; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + } + + error_page 404 =200 /index.html; + + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + + expires off; + open_file_cache off; + sendfile off; + } + +# Trialytix service +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-trialytix-demo + namespace: trialytix-environment +spec: + selector: + app: trialytix-demo + ports: + - name: trialytix-back + port: 5100 + targetPort: trialytix-back + type: NodePort + +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-trialytix-demo + namespace: trialytix-environment +spec: + selector: + app: trialytix-demo + ports: + - name: trialytix-front + port: 8100 + targetPort: trialytix-front + type: NodePort + +# Ingress description +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: trialytix-demo-ingress + namespace: trialytix-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: trialytix-demo.k8s.semprod.local + http: + paths: + - path: / + backend: + serviceName: frontend-trialytix-demo + servicePort: 8100 + - host: demo.trialytix.io + http: + paths: + - path: / + backend: + serviceName: frontend-trialytix-demo + servicePort: 8100 \ No newline at end of file From 17b1143e6f83601218e550530875d245556951a7 Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Fri, 17 Dec 2021 16:06:25 +0100 Subject: [PATCH 16/17] added texlive domain from outside ns --- 01_onsite/00_infra/texservice/deployment.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/01_onsite/00_infra/texservice/deployment.yaml b/01_onsite/00_infra/texservice/deployment.yaml index ca18653..c36d56f 100644 --- a/01_onsite/00_infra/texservice/deployment.yaml +++ b/01_onsite/00_infra/texservice/deployment.yaml @@ -60,6 +60,14 @@ metadata: spec: rules: - host: texservice.k3s.semapp.lan + http: + paths: + - path: / + backend: + serviceName: texservice + servicePort: 5010 + rules: + - host: texservice.semapp.lan http: paths: - path: / From 4f163446b1dd19a0f2fa675389f6a800e8da491c Mon Sep 17 00:00:00 2001 From: Domagoj Zecevic Date: Fri, 17 Dec 2021 16:11:06 +0100 Subject: [PATCH 17/17] rm-qa texservice fix --- 01_onsite/02_qa/rm/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01_onsite/02_qa/rm/deployment.yaml b/01_onsite/02_qa/rm/deployment.yaml index ecd6c32..d6bb647 100644 --- a/01_onsite/02_qa/rm/deployment.yaml +++ b/01_onsite/02_qa/rm/deployment.yaml @@ -106,7 +106,7 @@ data: auto_from = support@semantic-applications.de [tex] - host = texservice.k3s.semapp.lan + host = texservice.semapp.lan delete_after_render = False [media-storage]