Add kubernetes deployment specs

This commit is contained in:
Garrett Mills 2022-06-25 21:42:00 -05:00
parent 3406e1c4cb
commit c72b57a0f8
8 changed files with 215 additions and 0 deletions

17
Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM node:14
RUN mkdir /app
COPY package.json /app
COPY yarn.lock /app
RUN cd /app && yarn install
COPY . /app
RUN rm -rf /app/.env
RUN touch /app/.env
WORKDIR /app
CMD ["node", "index.js"]

4
deploy/0-namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: noded

94
deploy/1-deployment.yaml Normal file
View File

@ -0,0 +1,94 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: noded-backend
namespace: noded
spec:
selector:
matchLabels:
app: noded-backend
template:
metadata:
name: noded-backend
labels:
app: noded-backend
spec:
volumes:
- name: noded-secrets-vol
secret:
secretName: noded-secrets
optional: false
containers:
- name: noded-web
image: ${DOCKER_REGISTRY}/noded/backend
imagePullPolicy: Always
volumeMounts:
- mountPath: /secrets
readOnly: true
name: noded-secrets-vol
env:
- name: APP_URL
value: "https://${NODED_DOMAIN}/"
- name: DATABASE_HOST
value: '${NODED_DATABASE_HOST}'
- name: DATABASE_NAME
value: '${NODED_DATABASE_NAME}'
- name: SECRET
valueFrom:
secretKeyRef:
key: SECRET
name: noded-secrets
optional: false
- name: AUTH_COREID_CLIENT_ID
valueFrom:
secretKeyRef:
key: AUTH_COREID_CLIENT_ID
name: noded-secrets
optional: false
- name: AUTH_COREID_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: AUTH_COREID_CLIENT_SECRET
name: noded-secrets
optional: false
- name: APP_NAME
value: "Noded"
- name: SERVER_PORT
value: '8000'
- name: DATABASE_PORT
value: '27017'
- name: DATABASE_AUTH
value: 'false'
- name: ENVIRONMENT
value: production
- name: SSL_ENABLE
value: 'false'
- name: AUTH_FLITTER_ENABLE
value: 'true'
- name: AUTH_COREID_ENABLE
value: 'true'
- name: SESSION_MAX_AGE
value: '2678400000'
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: '0'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: noded-frontend
namespace: noded
spec:
selector:
matchLabels:
app: noded-frontend
template:
metadata:
name: noded-frontend
labels:
app: noded-frontend
spec:
containers:
- name: noded-web
image: ${DOCKER_REGISTRY}/noded/frontend
imagePullPolicy: Always

24
deploy/2-service.yaml Normal file
View File

@ -0,0 +1,24 @@
---
apiVersion: v1
kind: Service
metadata:
name: noded-backend
namespace: noded
spec:
selector:
app: noded-backend
ports:
- port: 80
targetPort: 8000
---
apiVersion: v1
kind: Service
metadata:
name: noded-frontend
namespace: noded
spec:
selector:
app: noded-frontend
ports:
- port: 80
targetPort: 80

13
deploy/3-certificate.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: noded-tls
namespace: noded
spec:
secretName: noded-tls-secret
dnsNames:
- ${NODED_DOMAIN}
issuerRef:
name: letsencrypt-ca
kind: ClusterIssuer

32
deploy/4-ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: noded-ingress
namespace: noded
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
spec:
tls:
- hosts:
- ${NODED_DOMAIN}
secretName: noded-tls-secret
ingressClassName: nginx
rules:
- host: ${NODED_DOMAIN}
http:
paths:
- pathType: Prefix
path: '/i/'
backend:
service:
name: noded-frontend
port:
number: 80
- pathType: Prefix
path: '/'
backend:
service:
name: noded-backend
port:
number: 80

27
deploy/README.md Normal file
View File

@ -0,0 +1,27 @@
This deployment is parameterized for use with `envsubst(1)`.
Before proceeding, you should also build and push the image from `noded/frontend.git`.
You will need to set up the secret values and environment variables (see below).
```shell
bash -c 'for f in *.yaml; do envsubst < $f | kubectl apply -f -; done'
```
## Supported environment variables
Set these environment variables in your shell before running the above command to apply the Kubernetes spec.
- `NODED_DOMAIN` - domain name where CoreID is accessed (e.g. `coreid.mydomain.com`)
- `DOCKER_REGISTRY` - host of the docker registry to pull the image from (e.g. `registry.mydomain.com`)
- this is the same registry that is used by `yarn docker:build` and `yarn docker:push`
- `NODED_DATABASE_HOST` - MongoDB host (e.g. `mongo.mylan.net`)
- `NODED_DATABASE_NAME` - MongoDB database name to use (e.g. `coreid_p1`)
## Secret values
The spec expects there to be a `coreid-secrets` secret in the `starship` namespace with the following values:
- `SECRET` - hash seed used by CoreID (e.g. `df8db5a2-429b-4597-a013-18efee2465e0`)
- `AUTH_COREID_CLIENT_ID` - Starship CoreID OAuth2 client ID
- `AUTH_COREID_CLIENT_SECRET` - Starship CoreID OAuth2 client secret

View File

@ -7,6 +7,10 @@
"type": "git", "type": "git",
"url": "https://git.garrettmills.dev/flitter/flitter" "url": "https://git.garrettmills.dev/flitter/flitter"
}, },
"scripts": {
"docker:build": "docker build -t ${DOCKER_REGISTRY}/noded/backend .",
"docker:push": "docker push ${DOCKER_REGISTRY}/noded/backend"
},
"keywords": [ "keywords": [
"flitter", "flitter",
"glmdev", "glmdev",