From 40131cf7caa51a97335d1b19c83ea7f1748f3d99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Sun, 5 Oct 2025 18:06:53 +0200 Subject: [PATCH] feat(infrastructure): automatic deploy --- .github/workflows/deploy-pr.yaml | 151 ++++++++++++++++++ .github/workflows/deploy-prod.yaml | 94 +++++++++++ 7project/charts/myapp-chart/Chart.yaml | 6 + .../charts/myapp-chart/templates/NOTES.txt | 54 +++++++ .../myapp-chart/templates/app-deployment.yaml | 49 ++++++ .../myapp-chart/templates/database-grant.yaml | 18 +++ .../templates/database-secret.yaml | 7 + .../myapp-chart/templates/database-user.yaml | 16 ++ .../myapp-chart/templates/database.yaml | 14 ++ .../charts/myapp-chart/templates/service.yaml | 10 ++ .../charts/myapp-chart/templates/tunnel.yaml | 14 ++ .../templates/worker-deployment.yaml | 37 +++++ 7project/charts/myapp-chart/values-dev.yaml | 5 + 7project/charts/myapp-chart/values-prod.yaml | 7 + 7project/charts/myapp-chart/values.yaml | 52 ++++++ 7project/tofu/modules/rabbitmq/main.tf | 85 ++++------ 16 files changed, 565 insertions(+), 54 deletions(-) create mode 100644 .github/workflows/deploy-pr.yaml create mode 100644 .github/workflows/deploy-prod.yaml create mode 100644 7project/charts/myapp-chart/Chart.yaml create mode 100644 7project/charts/myapp-chart/templates/NOTES.txt create mode 100644 7project/charts/myapp-chart/templates/app-deployment.yaml create mode 100644 7project/charts/myapp-chart/templates/database-grant.yaml create mode 100644 7project/charts/myapp-chart/templates/database-secret.yaml create mode 100644 7project/charts/myapp-chart/templates/database-user.yaml create mode 100644 7project/charts/myapp-chart/templates/database.yaml create mode 100644 7project/charts/myapp-chart/templates/service.yaml create mode 100644 7project/charts/myapp-chart/templates/tunnel.yaml create mode 100644 7project/charts/myapp-chart/templates/worker-deployment.yaml create mode 100644 7project/charts/myapp-chart/values-dev.yaml create mode 100644 7project/charts/myapp-chart/values-prod.yaml create mode 100644 7project/charts/myapp-chart/values.yaml diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml new file mode 100644 index 0000000..c1ca03e --- /dev/null +++ b/.github/workflows/deploy-pr.yaml @@ -0,0 +1,151 @@ +name: Deploy Preview (PR) + +on: + pull_request: + types: [opened, reopened, synchronize, closed] + +permissions: + contents: read + pull-requests: write + +jobs: + deploy: + if: github.event.action != 'closed' + name: Helm upgrade/install (PR preview) + runs-on: ubuntu-latest + concurrency: + group: pr-${{ github.event.pull_request.number }} + cancel-in-progress: false + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Helm + uses: azure/setup-helm@v4 + + - name: Setup kubectl + uses: azure/setup-kubectl@v4 + + - name: Configure kubeconfig + env: + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + run: | + mkdir -p ~/.kube + if [ -z "$KUBE_CONFIG" ]; then + echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi + echo "$KUBE_CONFIG" > ~/.kube/config + chmod 600 ~/.kube/config + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Compute image repo and tags (PR) + run: | + IMAGE_REPO="${IMAGE_REPO:-lukastrkan/cc-app-demo}" + echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV + PR=${{ github.event.pull_request.number }} + SHA_SHORT="${GITHUB_SHA::12}" + echo "TAG1=pr-$PR" >> $GITHUB_ENV + echo "TAG2=pr-$PR-$SHA_SHORT" >> $GITHUB_ENV + + - name: Build and push image + id: build + uses: docker/build-push-action@v5 + with: + context: 7project/backend + push: true + tags: | + ${{ env.IMAGE_REPO }}:${{ env.TAG1 }} + ${{ env.IMAGE_REPO }}:${{ env.TAG2 }} + platforms: linux/amd64 + + - name: Helm upgrade/install PR preview + env: + DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} + RABBITMQ_PASSWORD: ${{ secrets.RABBITMQ_PASSWORD }} + DB_PASSWORD: ${{ secrets.DB_PASSWORD }} + IMAGE_REPO: ${{ env.IMAGE_REPO }} + run: | + PR=${{ github.event.pull_request.number }} + if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi + if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi + if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi + if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi + RELEASE=myapp-pr-$PR + NAMESPACE=pr-$PR + DOMAIN=pr-$PR.$DEV_BASE_DOMAIN + DIGEST='${{ steps.build.outputs.digest }}' + if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi + helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \ + -n "$NAMESPACE" --create-namespace \ + -f 7project/charts/myapp-chart/values-dev.yaml \ + --set prNumber="$PR" \ + --set domain="$DOMAIN" \ + --set image.repository="$IMAGE_REPO" \ + --set image.digest="$DIGEST" \ + --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ + --set-string database.password="$DB_PASSWORD" + + - name: Post preview URL as PR comment + uses: actions/github-script@v7 + env: + DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} + with: + script: | + const pr = context.payload.pull_request; + if (!pr) { core.setFailed('No pull_request context'); return; } + const prNumber = pr.number; + const domainBase = process.env.DEV_BASE_DOMAIN; + if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; } + const domain = `pr-${prNumber}.${domainBase}`; + const url = `https://${domain}`; + const marker = ''; + const body = `${marker}\nPreview environment is running: ${url}\n`; + const { owner, repo } = context.repo; + const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 }); + const existing = comments.find(c => c.body && c.body.includes(marker)); + if (existing) { + await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body }); + } else { + await github.rest.issues.createComment({ owner, repo, issue_number: prNumber, body }); + } + + uninstall: + if: github.event.action == 'closed' + name: Helm uninstall (PR preview) + runs-on: ubuntu-latest + steps: + - name: Setup Helm + uses: azure/setup-helm@v4 + + - name: Setup kubectl + uses: azure/setup-kubectl@v4 + + - name: Configure kubeconfig + env: + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + run: | + mkdir -p ~/.kube + if [ -z "$KUBE_CONFIG" ]; then + echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi + echo "$KUBE_CONFIG" > ~/.kube/config + chmod 600 ~/.kube/config + + - name: Helm uninstall release and cleanup namespace + run: | + PR=${{ github.event.pull_request.number }} + RELEASE=myapp-pr-$PR + NAMESPACE=pr-$PR + helm uninstall "$RELEASE" -n "$NAMESPACE" || true + # Optionally delete the namespace if empty + kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml new file mode 100644 index 0000000..4cdb1e4 --- /dev/null +++ b/.github/workflows/deploy-prod.yaml @@ -0,0 +1,94 @@ +name: Deploy Prod + +on: + push: + branches: [ "main" ] + paths: + - 7project/backend/** + +permissions: + contents: read + +concurrency: + group: deploy-prod + cancel-in-progress: false + +jobs: + deploy: + name: Helm upgrade/install (prod) + runs-on: vhs + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Helm + uses: azure/setup-helm@v4 + + - name: Setup kubectl + uses: azure/setup-kubectl@v4 + + - name: Configure kubeconfig + env: + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + run: | + mkdir -p ~/.kube + if [ -z "$KUBE_CONFIG" ]; then + echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi + echo "$KUBE_CONFIG" > ~/.kube/config + chmod 600 ~/.kube/config + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Compute image repo and tags (prod) + run: | + IMAGE_REPO="${IMAGE_REPO:-lukastrkan/cc-app-demo}" + echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV + SHA_SHORT="${GITHUB_SHA::12}" + echo "TAG1=prod-$SHA_SHORT" >> $GITHUB_ENV + echo "TAG2=latest" >> $GITHUB_ENV + + - name: Build and push image + id: build + uses: docker/build-push-action@v5 + with: + context: 7project/backend + push: true + tags: | + ${{ env.IMAGE_REPO }}:${{ env.TAG1 }} + ${{ env.IMAGE_REPO }}:${{ env.TAG2 }} + platforms: linux/amd64 + + - name: Helm upgrade/install prod + env: + DOMAIN: ${{ secrets.PROD_DOMAIN }} + RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} + DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} + IMAGE_REPO: ${{ env.IMAGE_REPO }} + run: | + if [ -z "$DOMAIN" ]; then + echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi + if [ -z "$RABBITMQ_PASSWORD" ]; then + echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi + if [ -z "$DB_PASSWORD" ]; then + echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi + DIGEST="${{ steps.build.outputs.digest }}" + if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi + helm upgrade --install myapp ./7project/charts/myapp-chart \ + -n prod --create-namespace \ + -f 7project/charts/myapp-chart/values-prod.yaml \ + --set domain="$DOMAIN" \ + --set image.repository="$IMAGE_REPO" \ + --set image.digest="$DIGEST" \ + --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ + --set-string database.password="$DB_PASSWORD" diff --git a/7project/charts/myapp-chart/Chart.yaml b/7project/charts/myapp-chart/Chart.yaml new file mode 100644 index 0000000..3d1dbfb --- /dev/null +++ b/7project/charts/myapp-chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: myapp-chart +version: 0.1.0 +description: Helm chart for my app with MariaDB Database CR +appVersion: "1.0.0" +type: application diff --git a/7project/charts/myapp-chart/templates/NOTES.txt b/7project/charts/myapp-chart/templates/NOTES.txt new file mode 100644 index 0000000..9eeb1e5 --- /dev/null +++ b/7project/charts/myapp-chart/templates/NOTES.txt @@ -0,0 +1,54 @@ +Thank you for installing myapp-chart. + +This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access. + +Namespaces per developer (important): +- Install each developer's environment into their own namespace using Helm's -n/--namespace flag. +- No hardcoded namespace is used in templates; resources are created in .Release.Namespace. +- Example namespaces: dev-alice, dev-bob, pr-123, etc. + +Key values: +- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER) +- image.repository/tag or image.digest -> container image +- domain -> public FQDN used by TunnelBinding (required to expose app) +- app/worker names, replicas, ports + +Examples: +- Dev install (Alice): + helm upgrade --install myapp ./7project/charts/myapp-chart \ + -n dev-alice --create-namespace \ + -f values-dev.yaml \ + --set domain=alice.demo.example.com \ + --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ + --set-string database.password="$DB_PASSWORD" + +- Dev install (Bob): + helm upgrade --install myapp ./7project/charts/myapp-chart \ + -n dev-bob --create-namespace \ + -f values-dev.yaml \ + --set domain=bob.demo.example.com + +- Prod install (different cleanupPolicy): + helm upgrade --install myapp ./7project/charts/myapp-chart \ + -n prod --create-namespace \ + -f values-prod.yaml \ + --set domain=app.example.com + +- PR (preview) install with DB name containing PR number (also its own namespace): + PR=123 + helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \ + -n pr-$PR --create-namespace \ + -f values-dev.yaml \ + --set prNumber=$PR \ + --set deployment=preview-$PR \ + --set domain=pr-$PR.example.com + +- Use a custom deployment identifier to suffix DB name, DB username and Secret name: + helm upgrade --install myapp ./7project/charts/myapp-chart \ + -n dev-alice --create-namespace \ + -f values-dev.yaml \ + --set deployment=alice \ + --set domain=alice.demo.example.com + +Render locally (dry run): + helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30 diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml new file mode 100644 index 0000000..9bda2cd --- /dev/null +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.app.name }} +spec: + replicas: {{ .Values.app.replicas }} + revisionHistoryLimit: 3 + selector: + matchLabels: + app: {{ .Values.app.name }} + template: + metadata: + labels: + app: {{ .Values.app.name }} + spec: + containers: + - name: {{ .Values.app.name }} + image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.app.port }} + env: + - name: MARIADB_HOST + value: {{ printf "%s.%s.svc.cluster.local" .Values.mariadb.mariaDbRef.name .Values.mariadb.mariaDbRef.namespace | quote }} + - name: MARIADB_PORT + value: '3306' + - name: MARIADB_DB + value: {{ required "Set .Values.deployment" .Values.deployment | quote }} + - name: MARIADB_USER + value: {{ required "Set .Values.deployment" .Values.deployment | quote }} + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ required "Set .Values.database.secretName" .Values.database.secretName }} + key: password + livenessProbe: + httpGet: + path: / + port: {{ .Values.app.port }} + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 3 + readinessProbe: + httpGet: + path: / + port: {{ .Values.app.port }} + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 3 diff --git a/7project/charts/myapp-chart/templates/database-grant.yaml b/7project/charts/myapp-chart/templates/database-grant.yaml new file mode 100644 index 0000000..2e41f7e --- /dev/null +++ b/7project/charts/myapp-chart/templates/database-grant.yaml @@ -0,0 +1,18 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: grant +spec: + mariaDbRef: + name: {{ .Values.mariadb.mariaDbRef.name }} + namespace: {{ .Values.mariadb.mariaDbRef.namespace }} + privileges: + - "ALL PRIVILEGES" + database: {{ required "Set .Values.deployment" .Values.deployment | quote }} + table: "*" + username: {{ required "Set .Values.deployment" .Values.deployment | quote }} + grantOption: true + host: "%" + cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }} + requeueInterval: {{ .Values.mariadb.requeueInterval | quote }} + retryInterval: {{ .Values.mariadb.retryInterval | quote }} diff --git a/7project/charts/myapp-chart/templates/database-secret.yaml b/7project/charts/myapp-chart/templates/database-secret.yaml new file mode 100644 index 0000000..2d6c851 --- /dev/null +++ b/7project/charts/myapp-chart/templates/database-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ required "Set .Values.database.secretName" .Values.database.secretName }} +type: kubernetes.io/basic-auth +stringData: + password: {{ required "Set .Values.database.password" .Values.database.password | quote }} diff --git a/7project/charts/myapp-chart/templates/database-user.yaml b/7project/charts/myapp-chart/templates/database-user.yaml new file mode 100644 index 0000000..c97897a --- /dev/null +++ b/7project/charts/myapp-chart/templates/database-user.yaml @@ -0,0 +1,16 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: {{ required "Set .Values.deployment" .Values.deployment }} +spec: + mariaDbRef: + name: {{ .Values.mariadb.mariaDbRef.name }} + namespace: {{ .Values.mariadb.mariaDbRef.namespace }} + passwordSecretKeyRef: + name: {{ required "Set .Values.database.secretName" .Values.database.secretName }} + key: password + maxUserConnections: 20 + host: "%" + cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }} + requeueInterval: {{ .Values.mariadb.requeueInterval | quote }} + retryInterval: {{ .Values.mariadb.retryInterval | quote }} diff --git a/7project/charts/myapp-chart/templates/database.yaml b/7project/charts/myapp-chart/templates/database.yaml new file mode 100644 index 0000000..cb4e3bc --- /dev/null +++ b/7project/charts/myapp-chart/templates/database.yaml @@ -0,0 +1,14 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: {{ required "Set .Values.deployment" .Values.deployment }} +spec: + mariaDbRef: + name: {{ .Values.mariadb.mariaDbRef.name | required "Values mariadb.mariaDbRef.name is required" }} + namespace: {{ .Values.mariadb.mariaDbRef.namespace | default .Release.Namespace }} + characterSet: utf8mb4 + collate: utf8_general_ci + cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }} + requeueInterval: {{ .Values.mariadb.requeueInterval | quote }} + retryInterval: {{ .Values.mariadb.retryInterval | quote }} + diff --git a/7project/charts/myapp-chart/templates/service.yaml b/7project/charts/myapp-chart/templates/service.yaml new file mode 100644 index 0000000..fee4e3c --- /dev/null +++ b/7project/charts/myapp-chart/templates/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.app.name }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.app.port }} + selector: + app: {{ .Values.app.name }} diff --git a/7project/charts/myapp-chart/templates/tunnel.yaml b/7project/charts/myapp-chart/templates/tunnel.yaml new file mode 100644 index 0000000..6e0d2af --- /dev/null +++ b/7project/charts/myapp-chart/templates/tunnel.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.cfargotunnel.com/v1alpha1 +kind: TunnelBinding +metadata: + name: guestbook-tunnel-binding + namespace: {{ .Release.Namespace }} +subjects: + - name: app-server + spec: + target: {{ printf "http://%s.%s.svc.cluster.local" .Values.app.name .Release.Namespace | quote }} + fqdn: {{ required "Set .Values.domain via --set domain=example.com" .Values.domain | quote }} + noTlsVerify: true +tunnelRef: + kind: ClusterTunnel + name: cluster-tunnel diff --git a/7project/charts/myapp-chart/templates/worker-deployment.yaml b/7project/charts/myapp-chart/templates/worker-deployment.yaml new file mode 100644 index 0000000..b228a98 --- /dev/null +++ b/7project/charts/myapp-chart/templates/worker-deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.worker.name }} +spec: + replicas: {{ .Values.worker.replicas }} + revisionHistoryLimit: 3 + selector: + matchLabels: + app: {{ .Values.worker.name }} + template: + metadata: + labels: + app: {{ .Values.worker.name }} + spec: + containers: + - name: {{ .Values.worker.name }} + image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - celery + - -A + - app.celery_app + - worker + - -Q + - $(MAIL_QUEUE) + - --loglevel + - INFO + env: + - name: RABBITMQ_USERNAME + value: {{ .Values.rabbitmq.username | quote }} + - name: RABBITMQ_PASSWORD + value: {{ required "Set .Values.rabbitmq.password" .Values.rabbitmq.password | quote }} + - name: RABBITMQ_HOST + value: {{ .Values.rabbitmq.host | quote }} + - name: RABBITMQ_PORT + value: {{ .Values.rabbitmq.port | quote }} diff --git a/7project/charts/myapp-chart/values-dev.yaml b/7project/charts/myapp-chart/values-dev.yaml new file mode 100644 index 0000000..a9d4125 --- /dev/null +++ b/7project/charts/myapp-chart/values-dev.yaml @@ -0,0 +1,5 @@ +env: dev + +mariadb: + cleanupPolicy: Delete + diff --git a/7project/charts/myapp-chart/values-prod.yaml b/7project/charts/myapp-chart/values-prod.yaml new file mode 100644 index 0000000..b7100de --- /dev/null +++ b/7project/charts/myapp-chart/values-prod.yaml @@ -0,0 +1,7 @@ +env: prod + +app: + replicas: 3 + +worker: + replicas: 3 diff --git a/7project/charts/myapp-chart/values.yaml b/7project/charts/myapp-chart/values.yaml new file mode 100644 index 0000000..03327db --- /dev/null +++ b/7project/charts/myapp-chart/values.yaml @@ -0,0 +1,52 @@ +# Base values shared across environments +env: dev + +# Optional PR number used to suffix DB name, set via --set prNumber=123 in CI +prNumber: "" + +# Optional deployment identifier used to suffix resource names (db, user, secret) +# Example: --set deployment=alice or --set deployment=feature123 +deployment: "" + +# Public domain to expose the app under (used by TunnelBinding fqdn) +# Set at install time: --set domain=example.com +domain: "" + +image: + repository: lukastrkan/cc-app-demo + # You can use a tag or digest. If digest is provided, it takes precedence. + digest: "" + pullPolicy: IfNotPresent + +app: + name: "" + replicas: 1 + port: 8000 + +worker: + name: app-demo-worker + replicas: 1 + +service: + port: 80 + +rabbitmq: + host: rabbitmq.rabbitmq.svc.cluster.local + port: "5672" + username: demo-app + password: "" + +mariadb: + name: app-demo-database + cleanupPolicy: Skip + requeueInterval: 10h + retryInterval: 30s + mariaDbRef: + name: mariadb-repl + namespace: mariadb-operator + +# Database access resources +database: + userName: app-demo-user + secretName: app-demo-database-secret + password: "" diff --git a/7project/tofu/modules/rabbitmq/main.tf b/7project/tofu/modules/rabbitmq/main.tf index 5276f42..a752bed 100644 --- a/7project/tofu/modules/rabbitmq/main.tf +++ b/7project/tofu/modules/rabbitmq/main.tf @@ -1,81 +1,58 @@ terraform { required_providers { - kubectl = { - source = "gavinbunney/kubectl" - version = "1.19.0" - } helm = { source = "hashicorp/helm" - version = "3.0.2" + version = "3.0.2" # Doporučuji použít novější verzi providera } kubernetes = { source = "hashicorp/kubernetes" - version = "2.38.0" - } - kustomization = { - source = "kbst/kustomization" - version = "0.9.6" - } - time = { - source = "hashicorp/time" - version = "0.13.1" + version = "2.38.0" # Doporučuji použít novější verzi providera } + # Ostatní provideři mohou zůstat } } -# Define the Helm release for RabbitMQ. -# This resource will install the RabbitMQ chart from the Bitnami repository. -resource "helm_release" "rabbitmq" { - # The name of the release in Kubernetes. - name = "rabbitmq" - # The repository where the chart is located. - repository = "https://charts.bitnami.com/bitnami" +resource "helm_release" "rabbitmq_operator" { + name = "rabbitmq-cluster-operator" + repository = "oci://registry-1.docker.io/bitnamicharts" + chart = "rabbitmq-cluster-operator" - # The name of the chart to deploy. - chart = "rabbitmq" + version = "4.4.34" - # The version of the chart to deploy. It's best practice to pin the version. - version = "14.4.1" - - # The Kubernetes namespace to deploy into. - # If the namespace doesn't exist, you can create it with a kubernetes_namespace resource. - namespace = "rabbitmq" + namespace = "rabbitmq-system" create_namespace = true - # Override default chart values. - # This is where you customize your RabbitMQ deployment. + # Zde můžete přepsat výchozí hodnoty chartu, pokud by bylo potřeba + # Například sledovat jen určité namespace, nastavit tolerations atd. + # Pro základní instalaci není potřeba nic měnit. + # values = [ + # templatefile("${path.module}/values/operator-values.yaml", {}) + # ] set = [ { - name = "auth.username" - value = "admin" + name = "rabbitmqImage.repository" + value = "bitnamilegacy/rabbitmq" }, { - name = "auth.password" - value = var.rabbitmq-password + name = "clusterOperator.image.repository" + value = "bitnamilegacy/rabbitmq-cluster-operator" }, { - name = "persistence.enabled" + name = "msgTopologyOperator.image.repository" + value = "bitnamilegacy/rmq-messaging-topology-operator" + }, + { + name = "credentialUpdaterImage.repository" + value = "bitnamilegacy/rmq-default-credential-updater" + }, + { + name = "clusterOperator.metrics.service.enabled" value = "true" }, { - name = "replicaCount" - value = "1" - }, - { - name = "podAntiAffinityPreset" - value = "soft" - }, - { - name = "image.repository" - value = "bitnamilegacy/rabbitmq" - }, + name = "clusterOperator.metrics.service.enabled" + value = "true" + } ] } - -resource "kubectl_manifest" "rabbitmq_ui" { - yaml_body = templatefile("${path.module}/rabbit-ui.yaml", { - base_domain = var.base_domain - }) - depends_on = [helm_release.rabbitmq] -}