diff --git a/02_hetzner/01_prod/efc/deployment.yaml b/02_hetzner/01_prod/efc/deployment.yaml index 72398ad..75930b0 100644 --- a/02_hetzner/01_prod/efc/deployment.yaml +++ b/02_hetzner/01_prod/efc/deployment.yaml @@ -20,7 +20,7 @@ spec: spec: containers: - name: efc-frontend - image: packages.semapp.lan:5000/efc-admin_frontend:prod + image: packages.semapp.lan:5000/efc-admin_frontend:1.0.8-rc1 resources: requests: memory: "256Mi" @@ -41,7 +41,7 @@ spec: - configMapRef: name: efc-prod-config - name: efc-backend - image: packages.semapp.lan:5000/efc-admin_backend:prod + image: packages.semapp.lan:5000/efc-admin_backend:1.0.8-rc1 resources: requests: memory: "256Mi" diff --git a/02_hetzner/01_prod/semapp-wagtail/deployment.yaml b/02_hetzner/01_prod/semapp-wagtail/deployment.yaml index 68f7116..d5878d8 100644 --- a/02_hetzner/01_prod/semapp-wagtail/deployment.yaml +++ b/02_hetzner/01_prod/semapp-wagtail/deployment.yaml @@ -41,7 +41,7 @@ spec: - configMapRef: name: semapp-prod-config volumeMounts: - - mountPath: /app/media/ + - mountPath: semapp_wagtail/media/. name: semapp-pv-prod volumes: - name: semapp-pv-prod diff --git a/02_hetzner/01_prod/semcust/deployment.yaml b/02_hetzner/01_prod/semcust/deployment.yaml index a8029fe..01a5337 100644 --- a/02_hetzner/01_prod/semcust/deployment.yaml +++ b/02_hetzner/01_prod/semcust/deployment.yaml @@ -20,7 +20,7 @@ spec: spec: containers: - name: semcust-frontend - image: packages.semapp.lan:5000/semcust_frontend:1.2.2 + image: packages.semapp.lan:5000/semcust_frontend:1.3.1 resources: requests: memory: "256Mi" @@ -38,7 +38,7 @@ spec: name: nginx-conf imagePullPolicy: Always - name: semcust-backend - image: packages.semapp.lan:5000/semcust_backend:1.2.2 + image: packages.semapp.lan:5000/semcust_backend:1.3.1 resources: requests: memory: "256Mi" @@ -93,13 +93,13 @@ data: EMAIL_HOST_PASSWORD: "uN1zPIqN9@br" # BASELINE NEDDED VARIABLES (this will be need changed then keyclak will be on internet) - BASELINE_KEY: "AESNEwfqJVwaI4aLwyVl7kzTqdmWeQQq9hCpLRGahYI" - BASE_KEYCLOAK_URL: "http://keycloak.semprod.local" + BASELINE_KEY: "AESNEwfqJVwaI4aLwyVl7kzTqdmWeQQq9hCpLRGahYI=" + BASE_KEYCLOAK_URL: "https://kc.semapp.de/" BASELINE_KEYCLOAK_CLIENT_ID: "baseline_prod" - BASELINE_KEYCLOAK_REALM: "baseline_production" + BASELINE_KEYCLOAK_REALM: "baseline" KEYCLOAK_ADMIN_USERNAME: "admin" - KEYCLOAK_ADMIN_PASSWORD: "admin" + KEYCLOAK_ADMIN_PASSWORD: "yEu2hr7j8WjYW2wXp3UQq6qN" KEYCLOAK_ADMIN_CLIENT_ID: "admin-cli" --- diff --git a/02_hetzner/03_baseline/baseline-demo/deployment.yaml b/02_hetzner/03_baseline/baseline-demo/deployment.yaml new file mode 100644 index 0000000..39030f4 --- /dev/null +++ b/02_hetzner/03_baseline/baseline-demo/deployment.yaml @@ -0,0 +1,229 @@ +# Deployment description +apiVersion: apps/v1 +kind: Deployment +metadata: + name: baseline-demo-deployment + namespace: baseline-environment + labels: + app: baseline-demo +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: baseline-demo + template: + metadata: + labels: + app: baseline-demo + spec: + containers: + - name: baseline-frontend + image: packages.semapp.lan:5000/baseline_frontend:qa1 + workingDir: /srv/web + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 8000 + name: baseline-http + protocol: TCP + volumeMounts: + - mountPath: /etc/nginx/conf.d + readOnly: true + name: baseline-demo-frontend-conf + env: + - name: KEYCLOAK_REALM + value: "baseline_demo" + - name: KEYCLOAK_CLIENT + value: "baseline_demo" + - name: KEYCLOAK_TOKEN_VALIDITY + value: "600" + - name: KEYCLOAK_URL + value: "https://kc.semapp.de/auth/" + imagePullPolicy: Always + + - name: baseline-backend + image: packages.semapp.lan:5000/baseline_backend:qa1 + workingDir: /opt/www + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "4" + ports: + - containerPort: 5000 + name: bl-bck-http + protocol: TCP + imagePullPolicy: Always + envFrom: + - configMapRef: + name: baseline-demo-backend-conf + volumes: + - name: baseline-demo-frontend-conf + configMap: + name: baseline-demo-frontend-conf + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: baseline-environment + name: baseline-demo-backend-conf + labels: + app: baseline-demo +data: + DB_CONNECTION: "pgsql" + DB_HOST: "psql.semprod.local" + DB_PORT: "5432" + DB_DATABASE: "baseline_demo" + DB_USERNAME: "baseline_demo" + DB_PASSWORD: "SZH8wYW4RTEtj6jg" + + APP_NAME: "Baseline" + APP_ENV: "production" + APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw=" + + APPLICATION_KEY: "0X6UivJQtB1rqMFtBGTTsDcRq2OpTHo1jb8z6tDj2EQ=" + SEMCUST_URL: "https://portal.semapp.de/" + + APP_DEBUG: "true" + APP_URL: "https://demo-baseline.semapp.de/" + + LOG_CHANNEL: "stack" + BROADCAST_DRIVER: "log" + CACHE_DRIVER: "file" + QUEUE_CONNECTION: "sync" + SESSION_DRIVER: "cookie" + SESSION_LIFETIME: "120" + + + SANCTUM_STATEFUL_DOMAINS: "demo-baseline.semapp.de" + SESSION_DOMAIN: "demo-baseline.semapp.de" + + THROTTLE_MAX_ATTEMPTS: "80" + + KEYCLOAK_URL: "https://kc.semapp.de" + KEYCLOAK_PORT: "80" + KEYCLOAK_REALM: "baseline_demo" + + REDIRECT_URL: "https://demo-baseline.semapp.de/" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: baseline-environment + name: baseline-demo-frontend-conf +data: + default.conf: | + upstream backend { + server baseline-backend-demo:5000; + } + + server { + listen 8000; + + access_log /var/log/nginx/access.log; + charset utf-8; + client_max_body_size 1G; + + location / { + root /srv/web; + add_header X-Frame-Options "SAMEORIGIN"; + index index.html index.htm; + try_files $uri $uri /index.html =404; + } + + location ~ ^/api { + proxy_pass http://backend; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + } + + error_page 404 =200 /index.html; + + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + + expires off; + open_file_cache off; + sendfile off; + } + +--- +# EFC Service +apiVersion: v1 +kind: Service +metadata: + name: baseline-frontend-demo + namespace: basline-environment +spec: + selector: + app: baseline-demo + ports: + - name: baseline-http + port: 8000 + targetPort: baseline-http + type: NodePort + +--- +# EFC backend +apiVersion: v1 +kind: Service +metadata: + name: baseline-backend-demo + namespace: baseline-environment +spec: + selector: + app: baseline-demo + ports: + - name: bl-bck-http + port: 5000 + targetPort: bl-bck-http + type: NodePort +--- + +# Ingress description +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: baseline-demo-ingress + namespace: baseline-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: baseline-demo.k8s.semprod.local + http: + paths: + - backend: + service: + name: baseline-frontend-demo + port: + number: 8000 + path: / + pathType: ImplementationSpecific + - host: demo-baseline.semapp.de + http: + paths: + - backend: + service: + name: baseline-frontend-demo + port: + number: 8000 + path: / + pathType: ImplementationSpecific \ No newline at end of file diff --git a/02_hetzner/01_prod/baseline/deployment.yaml b/02_hetzner/03_baseline/baseline/deployment.yaml similarity index 76% rename from 02_hetzner/01_prod/baseline/deployment.yaml rename to 02_hetzner/03_baseline/baseline/deployment.yaml index 64a3205..1929603 100644 --- a/02_hetzner/01_prod/baseline/deployment.yaml +++ b/02_hetzner/03_baseline/baseline/deployment.yaml @@ -2,8 +2,8 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: baseline-deployment - namespace: prod-environment + name: baseline-prod-deployment + namespace: baseline-environment labels: app: baseline-prod spec: @@ -20,7 +20,8 @@ spec: spec: containers: - name: baseline-frontend - image: packages.semapp.lan:5000/baseline_frontend:qa1 + image: packages.semapp.lan:5000/baseline_frontend:1.1.1-baseline + workingDir: /srv/web resources: requests: @@ -45,11 +46,12 @@ spec: - name: KEYCLOAK_TOKEN_VALIDITY value: "600" - name: KEYCLOAK_URL - value: "http://keycloak.semprod.local/auth/" + value: "https://kc.semapp.de/auth/" imagePullPolicy: Always - name: baseline-backend - image: packages.semapp.lan:5000/baseline_backend:qa1 + image: packages.semapp.lan:5000/baseline_backend:1.1.1-baseline + workingDir: /opt/www resources: requests: @@ -75,7 +77,7 @@ spec: apiVersion: v1 kind: ConfigMap metadata: - namespace: prod-environment + namespace: baseline-environment name: baseline-prod-backend-conf labels: app: baseline-prod @@ -90,8 +92,12 @@ data: APP_NAME: "Baseline" APP_ENV: "production" APP_KEY: "base64:14Vg4rilGKEk34XeqNR7ffg6GhFTzA7/z5T1aqy6JHw=" + + APPLICATION_KEY: "0X6UivJQtB1rqMFtBGTTsDcRq2OpTHo1jb8z6tDj2EQ=" + SEMCUST_URL: "https://portal.semapp.de/" + APP_DEBUG: "true" - APP_URL: "http://baseline.k8s.semprod.local/" + APP_URL: "https://baseline.semapp.de/" LOG_CHANNEL: "stack" BROADCAST_DRIVER: "log" @@ -101,22 +107,22 @@ data: SESSION_LIFETIME: "120" - SANCTUM_STATEFUL_DOMAINS: "baseline.k8s.semprod.local" - SESSION_DOMAIN: "baseline.k8s.semprod.local" + SANCTUM_STATEFUL_DOMAINS: "baseline.semapp.de" + SESSION_DOMAIN: "baseline.semapp.de" THROTTLE_MAX_ATTEMPTS: "80" - KEYCLOAK_URL: "http://keycloak.semprod.local" - KEYCLOAK_PORT: "80" - KEYCLOAK_REALM: "baseline_production" + KEYCLOAK_URL: "http://kc.k8s.semprod.local" + KEYCLOAK_PORT: "8080" + KEYCLOAK_REALM: "baseline" - REDIRECT_URL: "http://baseline.k8s.semprod.local/" + REDIRECT_URL: "https://baseline.semapp.de/" --- apiVersion: v1 kind: ConfigMap metadata: - namespace: prod-environment + namespace: baseline-environment name: baseline-prod-frontend-conf data: default.conf: | @@ -166,7 +172,7 @@ apiVersion: v1 kind: Service metadata: name: baseline-frontend-prod - namespace: prod-environment + namespace: baseline-environment spec: selector: app: baseline-prod @@ -182,7 +188,7 @@ apiVersion: v1 kind: Service metadata: name: baseline-backend-prod - namespace: prod-environment + namespace: baseline-environment spec: selector: app: baseline-prod @@ -194,11 +200,11 @@ spec: --- # Ingress description -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: baseline-prod-ingress - namespace: prod-environment + namespace: baseline-environment annotations: kubernetes.io/ingress.class: "traefik" spec: @@ -206,7 +212,20 @@ spec: - host: baseline.k8s.semprod.local http: paths: - - path: / - backend: - serviceName: baseline-frontend-prod - servicePort: 8000 \ No newline at end of file + - backend: + service: + name: baseline-frontend-prod + port: + number: 8000 + path: / + pathType: ImplementationSpecific + - host: baseline.semapp.de + http: + paths: + - backend: + service: + name: baseline-frontend-prod + port: + number: 8000 + path: / + pathType: ImplementationSpecific \ No newline at end of file diff --git a/02_hetzner/03_baseline/keycloak/deployment.yaml b/02_hetzner/03_baseline/keycloak/deployment.yaml new file mode 100644 index 0000000..24867a8 --- /dev/null +++ b/02_hetzner/03_baseline/keycloak/deployment.yaml @@ -0,0 +1,92 @@ +--- + apiVersion: "apps/v1" + kind: "Deployment" + metadata: + name: "keycloak" + namespace: "baseline-environment" + spec: + selector: + matchLabels: + app: "keycloak" + replicas: 1 + template: + metadata: + labels: + app: "keycloak" + spec: + containers: + - name: "keycloak-prod" + image: "jboss/keycloak" + resources: + requests: + memory: "512Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "4" + imagePullPolicy: "Always" + env: + - name: "KEYCLOAK_USER" + value: "admin" + - name: "KEYCLOAK_PASSWORD" + value: "yEu2hr7j8WjYW2wXp3UQq6qN" + - name: DB_VENDOR + value: postgres + - name: DB_ADDR + value: psql.semprod.local + - name: DB_DATABASE + value: keycloak_db + - name: DB_USER + value: keycloak + - name: DB_PASSWORD + value: e7ov7xx45qr1erk9 + - name: KEYCLOAK_FRONTEND_URL + value: https://kc.semapp.de/auth/ + ports: + - name: keycloak-http + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: kc-srv + namespace: baseline-environment +spec: + selector: + app: keycloak + ports: + - name: keycloak-http + port: 8080 + targetPort: keycloak-http + type: NodePort + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress + namespace: baseline-environment + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + rules: + - host: kc.k8s.semprod.local + http: + paths: + - backend: + service: + name: kc-srv + port: + number: 8080 + path: / + pathType: ImplementationSpecific + - host: kc.semapp.de + http: + paths: + - backend: + service: + name: kc-srv + port: + number: 8080 + path: / + pathType: ImplementationSpecific \ No newline at end of file