mirror of
https://github.com/dat515-2025/Group-8.git
synced 2026-03-22 15:12:08 +01:00
Compare commits
36 Commits
fdf7cef39d
...
merge/pr_d
| Author | SHA1 | Date | |
|---|---|---|---|
| 00bd885873 | |||
| f492e0cc03 | |||
| cb3747357e | |||
| 31bebaf247 | |||
| 316939b53c | |||
| 101bb34cb0 | |||
| 9a7759ab3d | |||
| c15dea5456 | |||
| fae5d828bf | |||
| 7ee45b451e | |||
| d4da625408 | |||
| 5c4e155546 | |||
| edfa42eee5 | |||
| ba7cc381cf | |||
| fc1b614f19 | |||
| 7b9d72791f | |||
| 48d56681fb | |||
| c45ecbc5bc | |||
| a940e257ee | |||
| bc219338b1 | |||
| 384d5004eb | |||
| 8e1d65a078 | |||
| 35e2ca6a72 | |||
| bda4cafcf6 | |||
| 29422f6500 | |||
| d03ff463a0 | |||
| e0fd68b135 | |||
| 8cef7467cf | |||
| c9705616dd | |||
| 40131cf7ca | |||
| 3a6ee3dace | |||
| d58d553945 | |||
| 291305c2e5 | |||
| 9cbe121b11 | |||
| 8edaaee117 | |||
|
4cb09bb053 |
105
.github/workflows/build-image.yaml
vendored
Normal file
105
.github/workflows/build-image.yaml
vendored
Normal file
@@ -0,0 +1,105 @@
|
||||
name: Build and Push Image
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
mode:
|
||||
description: "Build mode: 'prod' or 'pr'"
|
||||
required: true
|
||||
type: string
|
||||
image_repo:
|
||||
description: "Docker image repository (e.g., user/app)"
|
||||
required: false
|
||||
default: "lukastrkan/cc-app-demo"
|
||||
type: string
|
||||
context:
|
||||
description: "Docker build context path"
|
||||
required: false
|
||||
default: "7project/backend"
|
||||
type: string
|
||||
pr_number:
|
||||
description: "PR number (required when mode=pr)"
|
||||
required: false
|
||||
type: string
|
||||
secrets:
|
||||
DOCKER_USER:
|
||||
required: true
|
||||
DOCKER_PASSWORD:
|
||||
required: true
|
||||
outputs:
|
||||
digest:
|
||||
description: "Built image digest"
|
||||
value: ${{ jobs.build.outputs.digest }}
|
||||
image_repo:
|
||||
description: "Image repository used"
|
||||
value: ${{ jobs.build.outputs.image_repo }}
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
digest: ${{ steps.set.outputs.digest }}
|
||||
image_repo: ${{ steps.set.outputs.image_repo }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USER }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Compute image repo and tags
|
||||
id: meta
|
||||
env:
|
||||
MODE: ${{ inputs.mode }}
|
||||
IMAGE_REPO: ${{ inputs.image_repo }}
|
||||
PR: ${{ inputs.pr_number }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
if [ -z "${IMAGE_REPO:-}" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
|
||||
echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV
|
||||
SHA_SHORT="${GITHUB_SHA::12}"
|
||||
case "$MODE" in
|
||||
prod)
|
||||
TAG1="prod-$SHA_SHORT"
|
||||
TAG2="latest"
|
||||
;;
|
||||
pr)
|
||||
if [ -z "${PR:-}" ]; then echo "pr_number input is required for mode=pr"; exit 1; fi
|
||||
TAG1="pr-$PR"
|
||||
TAG2="pr-$PR-$SHA_SHORT"
|
||||
;;
|
||||
*)
|
||||
echo "Unknown mode '$MODE' (expected 'prod' or 'pr')"; exit 1;
|
||||
;;
|
||||
esac
|
||||
echo "TAG1=$TAG1" >> $GITHUB_ENV
|
||||
echo "TAG2=$TAG2" >> $GITHUB_ENV
|
||||
|
||||
- name: Build and push image
|
||||
id: build
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: ${{ inputs.context }}
|
||||
push: true
|
||||
tags: |
|
||||
${{ env.IMAGE_REPO }}:${{ env.TAG1 }}
|
||||
${{ env.IMAGE_REPO }}:${{ env.TAG2 }}
|
||||
platforms: linux/amd64
|
||||
|
||||
- name: Set outputs
|
||||
id: set
|
||||
env:
|
||||
IMAGE_REPO: ${{ env.IMAGE_REPO }}
|
||||
run: |
|
||||
echo "digest=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
|
||||
echo "image_repo=$IMAGE_REPO" >> $GITHUB_OUTPUT
|
||||
131
.github/workflows/deploy-pr.yaml
vendored
Normal file
131
.github/workflows/deploy-pr.yaml
vendored
Normal file
@@ -0,0 +1,131 @@
|
||||
name: Deploy Preview (PR)
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, reopened, synchronize, closed]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
build:
|
||||
if: github.event.action != 'closed'
|
||||
name: Build and push image (reusable)
|
||||
uses: ./.github/workflows/build-image.yaml
|
||||
with:
|
||||
mode: pr
|
||||
image_repo: lukastrkan/cc-app-demo
|
||||
context: 7project/backend
|
||||
pr_number: ${{ github.event.pull_request.number }}
|
||||
secrets: inherit
|
||||
|
||||
deploy:
|
||||
if: github.event.action != 'closed'
|
||||
name: Helm upgrade/install (PR preview)
|
||||
runs-on: vhs
|
||||
concurrency:
|
||||
group: pr-${{ github.event.pull_request.number }}
|
||||
cancel-in-progress: false
|
||||
needs: [build]
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Helm
|
||||
uses: azure/setup-helm@v4
|
||||
|
||||
- name: Setup kubectl
|
||||
uses: azure/setup-kubectl@v4
|
||||
|
||||
- name: Configure kubeconfig
|
||||
env:
|
||||
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
|
||||
run: |
|
||||
mkdir -p ~/.kube
|
||||
if [ -z "$KUBE_CONFIG" ]; then
|
||||
echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
|
||||
echo "$KUBE_CONFIG" > ~/.kube/config
|
||||
chmod 600 ~/.kube/config
|
||||
|
||||
- name: Helm upgrade/install PR preview
|
||||
env:
|
||||
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
|
||||
RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
|
||||
DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
|
||||
IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
|
||||
DIGEST: ${{ needs.build.outputs.digest }}
|
||||
run: |
|
||||
PR=${{ github.event.pull_request.number }}
|
||||
if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi
|
||||
if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi
|
||||
if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi
|
||||
if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi
|
||||
RELEASE=myapp-pr-$PR
|
||||
NAMESPACE=pr-$PR
|
||||
DOMAIN=pr-$PR.$DEV_BASE_DOMAIN
|
||||
if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
|
||||
helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \
|
||||
-n "$NAMESPACE" --create-namespace \
|
||||
-f 7project/charts/myapp-chart/values-dev.yaml \
|
||||
--set prNumber="$PR" \
|
||||
--set deployment="pr-$PR" \
|
||||
--set domain="$DOMAIN" \
|
||||
--set image.repository="$IMAGE_REPO" \
|
||||
--set image.digest="$DIGEST" \
|
||||
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
|
||||
--set-string database.password="$DB_PASSWORD"
|
||||
|
||||
- name: Post preview URL as PR comment
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
|
||||
with:
|
||||
script: |
|
||||
const pr = context.payload.pull_request;
|
||||
if (!pr) { core.setFailed('No pull_request context'); return; }
|
||||
const prNumber = pr.number;
|
||||
const domainBase = process.env.DEV_BASE_DOMAIN;
|
||||
if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; }
|
||||
const domain = `pr-${prNumber}.${domainBase}`;
|
||||
const url = `https://${domain}`;
|
||||
const marker = '<!-- preview-link -->';
|
||||
const body = `${marker}\nPreview environment is running: ${url}\n`;
|
||||
const { owner, repo } = context.repo;
|
||||
const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 });
|
||||
const existing = comments.find(c => c.body && c.body.includes(marker));
|
||||
if (existing) {
|
||||
await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
|
||||
} else {
|
||||
await github.rest.issues.createComment({ owner, repo, issue_number: prNumber, body });
|
||||
}
|
||||
|
||||
uninstall:
|
||||
if: github.event.action == 'closed'
|
||||
name: Helm uninstall (PR preview)
|
||||
runs-on: vhs
|
||||
steps:
|
||||
- name: Setup Helm
|
||||
uses: azure/setup-helm@v4
|
||||
|
||||
- name: Setup kubectl
|
||||
uses: azure/setup-kubectl@v4
|
||||
|
||||
- name: Configure kubeconfig
|
||||
env:
|
||||
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
|
||||
run: |
|
||||
mkdir -p ~/.kube
|
||||
if [ -z "$KUBE_CONFIG" ]; then
|
||||
echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
|
||||
echo "$KUBE_CONFIG" > ~/.kube/config
|
||||
chmod 600 ~/.kube/config
|
||||
|
||||
- name: Helm uninstall release and cleanup namespace
|
||||
run: |
|
||||
PR=${{ github.event.pull_request.number }}
|
||||
RELEASE=myapp-pr-$PR
|
||||
NAMESPACE=pr-$PR
|
||||
helm uninstall "$RELEASE" -n "$NAMESPACE" || true
|
||||
# Optionally delete the namespace if empty
|
||||
kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true
|
||||
78
.github/workflows/deploy-prod.yaml
vendored
Normal file
78
.github/workflows/deploy-prod.yaml
vendored
Normal file
@@ -0,0 +1,78 @@
|
||||
name: Deploy Prod
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
paths:
|
||||
- 7project/backend/**
|
||||
- 7project/charts/myapp-chart/**
|
||||
- .github/workflows/deploy-prod.yaml
|
||||
- .github/workflows/build-image.yaml
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
concurrency:
|
||||
group: deploy-prod
|
||||
cancel-in-progress: false
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build and push image (reusable)
|
||||
uses: ./.github/workflows/build-image.yaml
|
||||
with:
|
||||
mode: prod
|
||||
image_repo: lukastrkan/cc-app-demo
|
||||
context: 7project/backend
|
||||
secrets: inherit
|
||||
|
||||
deploy:
|
||||
name: Helm upgrade/install (prod)
|
||||
runs-on: vhs
|
||||
needs: [build]
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Helm
|
||||
uses: azure/setup-helm@v4
|
||||
|
||||
- name: Setup kubectl
|
||||
uses: azure/setup-kubectl@v4
|
||||
|
||||
- name: Configure kubeconfig
|
||||
env:
|
||||
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
|
||||
run: |
|
||||
mkdir -p ~/.kube
|
||||
if [ -z "$KUBE_CONFIG" ]; then
|
||||
echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
|
||||
echo "$KUBE_CONFIG" > ~/.kube/config
|
||||
chmod 600 ~/.kube/config
|
||||
|
||||
- name: Helm upgrade/install prod
|
||||
env:
|
||||
DOMAIN: ${{ secrets.PROD_DOMAIN }}
|
||||
RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
|
||||
DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
|
||||
IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
|
||||
DIGEST: ${{ needs.build.outputs.digest }}
|
||||
run: |
|
||||
if [ -z "$DOMAIN" ]; then
|
||||
echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi
|
||||
if [ -z "$RABBITMQ_PASSWORD" ]; then
|
||||
echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi
|
||||
if [ -z "$DB_PASSWORD" ]; then
|
||||
echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi
|
||||
if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
|
||||
helm upgrade --install myapp ./7project/charts/myapp-chart \
|
||||
-n prod --create-namespace \
|
||||
-f 7project/charts/myapp-chart/values-prod.yaml \
|
||||
--set deployment="prod" \
|
||||
--set domain="$DOMAIN" \
|
||||
--set image.repository="$IMAGE_REPO" \
|
||||
--set image.digest="$DIGEST" \
|
||||
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
|
||||
--set-string database.password="$DB_PASSWORD"
|
||||
54
.github/workflows/workflow.yml
vendored
54
.github/workflows/workflow.yml
vendored
@@ -1,54 +0,0 @@
|
||||
name: Build, Push and Update Image in Manifest
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
paths:
|
||||
- 'backend/**'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build-and-update:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USER }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
id: build
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: ./backend
|
||||
push: true
|
||||
tags: ${{ secrets.DOCKER_USER }}/cc-app-demo:latest
|
||||
|
||||
- name: Get image digest
|
||||
run: echo "IMAGE_DIGEST=${{ steps.build.outputs.digest }}" >> $GITHUB_ENV
|
||||
|
||||
- name: Update manifests with new image digest
|
||||
uses: OpsVerseIO/image-updater-action@0.1.0
|
||||
with:
|
||||
branch: main
|
||||
targetBranch: main
|
||||
createPR: 'false'
|
||||
message: "${{ github.event.head_commit.message }}"
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
changes: |
|
||||
{
|
||||
"deployment/app-demo-deployment.yaml": {
|
||||
"spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
|
||||
},
|
||||
"deployment/app-demo-worker-deployment.yaml": {
|
||||
"spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
|
||||
}
|
||||
}
|
||||
0
.gitignore → 7project/.gitignore
vendored
0
.gitignore → 7project/.gitignore
vendored
@@ -1,4 +1,5 @@
|
||||
FROM python:3.11-slim
|
||||
|
||||
WORKDIR /app
|
||||
COPY requirements.txt .
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
@@ -48,7 +48,7 @@ app.include_router(
|
||||
# Liveness/root endpoint
|
||||
@app.get("/", include_in_schema=False)
|
||||
async def root():
|
||||
return {"status": "ok"}
|
||||
return {"status": "ok", "message": "Welcome to the FastAPI application!"}
|
||||
|
||||
|
||||
@app.get("/authenticated-route")
|
||||
6
7project/charts/myapp-chart/Chart.yaml
Normal file
6
7project/charts/myapp-chart/Chart.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: myapp-chart
|
||||
version: 0.1.0
|
||||
description: Helm chart for my app with MariaDB Database CR
|
||||
appVersion: "1.0.0"
|
||||
type: application
|
||||
54
7project/charts/myapp-chart/templates/NOTES.txt
Normal file
54
7project/charts/myapp-chart/templates/NOTES.txt
Normal file
@@ -0,0 +1,54 @@
|
||||
Thank you for installing myapp-chart.
|
||||
|
||||
This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access.
|
||||
|
||||
Namespaces per developer (important):
|
||||
- Install each developer's environment into their own namespace using Helm's -n/--namespace flag.
|
||||
- No hardcoded namespace is used in templates; resources are created in .Release.Namespace.
|
||||
- Example namespaces: dev-alice, dev-bob, pr-123, etc.
|
||||
|
||||
Key values:
|
||||
- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER)
|
||||
- image.repository/tag or image.digest -> container image
|
||||
- domain -> public FQDN used by TunnelBinding (required to expose app)
|
||||
- app/worker names, replicas, ports
|
||||
|
||||
Examples:
|
||||
- Dev install (Alice):
|
||||
helm upgrade --install myapp ./7project/charts/myapp-chart \
|
||||
-n dev-alice --create-namespace \
|
||||
-f values-dev.yaml \
|
||||
--set domain=alice.demo.example.com \
|
||||
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
|
||||
--set-string database.password="$DB_PASSWORD"
|
||||
|
||||
- Dev install (Bob):
|
||||
helm upgrade --install myapp ./7project/charts/myapp-chart \
|
||||
-n dev-bob --create-namespace \
|
||||
-f values-dev.yaml \
|
||||
--set domain=bob.demo.example.com
|
||||
|
||||
- Prod install (different cleanupPolicy):
|
||||
helm upgrade --install myapp ./7project/charts/myapp-chart \
|
||||
-n prod --create-namespace \
|
||||
-f values-prod.yaml \
|
||||
--set domain=app.example.com
|
||||
|
||||
- PR (preview) install with DB name containing PR number (also its own namespace):
|
||||
PR=123
|
||||
helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \
|
||||
-n pr-$PR --create-namespace \
|
||||
-f values-dev.yaml \
|
||||
--set prNumber=$PR \
|
||||
--set deployment=preview-$PR \
|
||||
--set domain=pr-$PR.example.com
|
||||
|
||||
- Use a custom deployment identifier to suffix DB name, DB username and Secret name:
|
||||
helm upgrade --install myapp ./7project/charts/myapp-chart \
|
||||
-n dev-alice --create-namespace \
|
||||
-f values-dev.yaml \
|
||||
--set deployment=alice \
|
||||
--set domain=alice.demo.example.com
|
||||
|
||||
Render locally (dry run):
|
||||
helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30
|
||||
68
7project/charts/myapp-chart/templates/app-deployment.yaml
Normal file
68
7project/charts/myapp-chart/templates/app-deployment.yaml
Normal file
@@ -0,0 +1,68 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ .Values.app.name }}
|
||||
spec:
|
||||
replicas: {{ .Values.app.replicas }}
|
||||
revisionHistoryLimit: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .Values.app.name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ .Values.app.name }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ .Values.app.name }}
|
||||
image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
ports:
|
||||
- containerPort: {{ .Values.app.port }}
|
||||
env:
|
||||
- name: MARIADB_HOST
|
||||
value: {{ printf "%s.%s.svc.cluster.local" .Values.mariadb.mariaDbRef.name .Values.mariadb.mariaDbRef.namespace | quote }}
|
||||
- name: MARIADB_PORT
|
||||
value: '3306'
|
||||
- name: MARIADB_DB
|
||||
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
|
||||
- name: MARIADB_USER
|
||||
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
|
||||
- name: MARIADB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
|
||||
key: password
|
||||
- name: RABBITMQ_USERNAME
|
||||
value: {{ .Values.rabbitmq.username | quote }}
|
||||
- name: RABBITMQ_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
|
||||
key: password
|
||||
- name: RABBITMQ_HOST
|
||||
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
|
||||
- name: RABBITMQ_PORT
|
||||
value: {{ .Values.rabbitmq.port | quote }}
|
||||
- name: RABBITMQ_VHOST
|
||||
value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
|
||||
- name: MAIL_QUEUE
|
||||
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.app.port }}
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.app.port }}
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
failureThreshold: 3
|
||||
18
7project/charts/myapp-chart/templates/database-grant.yaml
Normal file
18
7project/charts/myapp-chart/templates/database-grant.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: k8s.mariadb.com/v1alpha1
|
||||
kind: Grant
|
||||
metadata:
|
||||
name: grant
|
||||
spec:
|
||||
mariaDbRef:
|
||||
name: {{ .Values.mariadb.mariaDbRef.name }}
|
||||
namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
|
||||
privileges:
|
||||
- "ALL PRIVILEGES"
|
||||
database: {{ required "Set .Values.deployment" .Values.deployment | quote }}
|
||||
table: "*"
|
||||
username: {{ required "Set .Values.deployment" .Values.deployment | quote }}
|
||||
grantOption: true
|
||||
host: "%"
|
||||
cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
|
||||
requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
|
||||
retryInterval: {{ .Values.mariadb.retryInterval | quote }}
|
||||
@@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
|
||||
type: kubernetes.io/basic-auth
|
||||
stringData:
|
||||
password: {{ required "Set .Values.database.password" .Values.database.password | quote }}
|
||||
16
7project/charts/myapp-chart/templates/database-user.yaml
Normal file
16
7project/charts/myapp-chart/templates/database-user.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: k8s.mariadb.com/v1alpha1
|
||||
kind: User
|
||||
metadata:
|
||||
name: {{ required "Set .Values.deployment" .Values.deployment }}
|
||||
spec:
|
||||
mariaDbRef:
|
||||
name: {{ .Values.mariadb.mariaDbRef.name }}
|
||||
namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
|
||||
passwordSecretKeyRef:
|
||||
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
|
||||
key: password
|
||||
maxUserConnections: 20
|
||||
host: "%"
|
||||
cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
|
||||
requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
|
||||
retryInterval: {{ .Values.mariadb.retryInterval | quote }}
|
||||
14
7project/charts/myapp-chart/templates/database.yaml
Normal file
14
7project/charts/myapp-chart/templates/database.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: k8s.mariadb.com/v1alpha1
|
||||
kind: Database
|
||||
metadata:
|
||||
name: {{ required "Set .Values.deployment" .Values.deployment }}
|
||||
spec:
|
||||
mariaDbRef:
|
||||
name: {{ .Values.mariadb.mariaDbRef.name | required "Values mariadb.mariaDbRef.name is required" }}
|
||||
namespace: {{ .Values.mariadb.mariaDbRef.namespace | default .Release.Namespace }}
|
||||
characterSet: utf8
|
||||
collate: utf8_general_ci
|
||||
cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
|
||||
requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
|
||||
retryInterval: {{ .Values.mariadb.retryInterval | quote }}
|
||||
|
||||
10
7project/charts/myapp-chart/templates/rabbitmq-cluster.yaml
Normal file
10
7project/charts/myapp-chart/templates/rabbitmq-cluster.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
apiVersion: rabbitmq.com/v1beta1
|
||||
kind: RabbitmqCluster
|
||||
metadata:
|
||||
name: "rabbitmq-cluster"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: {{ .Values.rabbitmq.replicas | default 1 }}
|
||||
persistence:
|
||||
storage: {{ .Values.rabbitmq.storage | default "1Gi" }}
|
||||
resources: {}
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: rabbitmq.com/v1beta1
|
||||
kind: Permission
|
||||
metadata:
|
||||
name: {{ printf "%s-permission" (.Values.rabbitmq.username | default "demo-app") }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
rabbitmqClusterReference:
|
||||
name: rabbitmq-cluster
|
||||
namespace: {{ .Release.Namespace }}
|
||||
vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
|
||||
user: {{ .Values.rabbitmq.username | default "demo-app" }}
|
||||
permissions:
|
||||
configure: ".*"
|
||||
read: ".*"
|
||||
write: ".*"
|
||||
12
7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
Normal file
12
7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: rabbitmq.com/v1beta1
|
||||
kind: Queue
|
||||
metadata:
|
||||
name: {{ .Values.worker.mailQueueName | replace "_" "-" | lower }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
rabbitmqClusterReference:
|
||||
name: rabbitmq-cluster
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: {{ .Values.worker.mailQueueName }}
|
||||
vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
|
||||
durable: true
|
||||
@@ -0,0 +1,10 @@
|
||||
{{- if .Values.rabbitmq.password }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
stringData:
|
||||
password: {{ .Values.rabbitmq.password | quote }}
|
||||
username: {{ .Values.rabbitmq.username | quote }}
|
||||
{{- end }}
|
||||
13
7project/charts/myapp-chart/templates/rabbitmq-user.yaml
Normal file
13
7project/charts/myapp-chart/templates/rabbitmq-user.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
apiVersion: rabbitmq.com/v1beta1
|
||||
kind: User
|
||||
metadata:
|
||||
name: {{ .Values.rabbitmq.username | default "demo-app" }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
rabbitmqClusterReference:
|
||||
name: rabbitmq-cluster
|
||||
namespace: {{ .Release.Namespace }}
|
||||
tags:
|
||||
- management
|
||||
importCredentialsSecret:
|
||||
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
|
||||
10
7project/charts/myapp-chart/templates/service.yaml
Normal file
10
7project/charts/myapp-chart/templates/service.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ .Values.app.name }}
|
||||
spec:
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: {{ .Values.app.port }}
|
||||
selector:
|
||||
app: {{ .Values.app.name }}
|
||||
14
7project/charts/myapp-chart/templates/tunnel.yaml
Normal file
14
7project/charts/myapp-chart/templates/tunnel.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: networking.cfargotunnel.com/v1alpha1
|
||||
kind: TunnelBinding
|
||||
metadata:
|
||||
name: guestbook-tunnel-binding
|
||||
namespace: {{ .Release.Namespace }}
|
||||
subjects:
|
||||
- name: app-server
|
||||
spec:
|
||||
target: {{ printf "http://%s.%s.svc.cluster.local" .Values.app.name .Release.Namespace | quote }}
|
||||
fqdn: {{ required "Set .Values.domain via --set domain=example.com" .Values.domain | quote }}
|
||||
noTlsVerify: true
|
||||
tunnelRef:
|
||||
kind: ClusterTunnel
|
||||
name: cluster-tunnel
|
||||
48
7project/charts/myapp-chart/templates/worker-deployment.yaml
Normal file
48
7project/charts/myapp-chart/templates/worker-deployment.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ printf "%s-worker" .Values.app.name }}
|
||||
spec:
|
||||
replicas: {{ .Values.worker.replicas }}
|
||||
revisionHistoryLimit: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ printf "%s-worker" .Values.app.name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ printf "%s-worker" .Values.app.name }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ printf "%s-worker" .Values.app.name }}
|
||||
image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
command:
|
||||
- celery
|
||||
- -A
|
||||
- app.celery_app
|
||||
- worker
|
||||
- -Q
|
||||
- $(MAIL_QUEUE)
|
||||
- --loglevel
|
||||
- INFO
|
||||
env:
|
||||
- name: RABBITMQ_USERNAME
|
||||
value: {{ .Values.rabbitmq.username | quote }}
|
||||
- name: RABBITMQ_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
|
||||
key: password
|
||||
- name: RABBITMQ_HOST
|
||||
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
|
||||
- name: RABBITMQ_PORT
|
||||
value: {{ .Values.rabbitmq.port | quote }}
|
||||
- name: RABBITMQ_VHOST
|
||||
value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
|
||||
- name: MAIL_QUEUE
|
||||
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
|
||||
5
7project/charts/myapp-chart/values-dev.yaml
Normal file
5
7project/charts/myapp-chart/values-dev.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
env: dev
|
||||
|
||||
mariadb:
|
||||
cleanupPolicy: Delete
|
||||
|
||||
7
7project/charts/myapp-chart/values-prod.yaml
Normal file
7
7project/charts/myapp-chart/values-prod.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
env: prod
|
||||
|
||||
app:
|
||||
replicas: 3
|
||||
|
||||
worker:
|
||||
replicas: 3
|
||||
59
7project/charts/myapp-chart/values.yaml
Normal file
59
7project/charts/myapp-chart/values.yaml
Normal file
@@ -0,0 +1,59 @@
|
||||
# Base values shared across environments
|
||||
env: dev
|
||||
|
||||
# Optional PR number used to suffix DB name, set via --set prNumber=123 in CI
|
||||
prNumber: ""
|
||||
|
||||
# Optional deployment identifier used to suffix resource names (db, user, secret)
|
||||
# Example: --set deployment=alice or --set deployment=feature123
|
||||
deployment: ""
|
||||
|
||||
# Public domain to expose the app under (used by TunnelBinding fqdn)
|
||||
# Set at install time: --set domain=example.com
|
||||
domain: ""
|
||||
|
||||
image:
|
||||
repository: lukastrkan/cc-app-demo
|
||||
# You can use a tag or digest. If digest is provided, it takes precedence.
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
app:
|
||||
name: "finance-tracker"
|
||||
replicas: 1
|
||||
port: 8000
|
||||
|
||||
worker:
|
||||
name: app-demo-worker
|
||||
replicas: 1
|
||||
# Queue name for Celery worker and for CRD Queue
|
||||
mailQueueName: "mail_queue"
|
||||
|
||||
service:
|
||||
port: 80
|
||||
|
||||
rabbitmq:
|
||||
create: true
|
||||
replicas: 1
|
||||
storage: 5Gi
|
||||
# Optional: override the generated cluster name; default is "<app.name>-rabbit[-<deployment>]"
|
||||
clusterName: ""
|
||||
port: "5672"
|
||||
username: demo-app
|
||||
password: ""
|
||||
vhost: "/"
|
||||
|
||||
mariadb:
|
||||
name: app-demo-database
|
||||
cleanupPolicy: Skip
|
||||
requeueInterval: 10h
|
||||
retryInterval: 30s
|
||||
mariaDbRef:
|
||||
name: mariadb-repl
|
||||
namespace: mariadb-operator
|
||||
|
||||
# Database access resources
|
||||
database:
|
||||
userName: app-demo-user
|
||||
secretName: app-demo-database-secret
|
||||
password: ""
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
app: app-demo
|
||||
spec:
|
||||
containers:
|
||||
- image: lukastrkan/cc-app-demo@sha256:d320eefb9dee05dc0f0ec5a2ca90daae7ca8c2af0088dc6b88eee076486c0f3b
|
||||
- image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
|
||||
name: app-demo
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
app: app-demo-worker
|
||||
spec:
|
||||
containers:
|
||||
- image: lukastrkan/cc-app-demo@sha256:d320eefb9dee05dc0f0ec5a2ca90daae7ca8c2af0088dc6b88eee076486c0f3b
|
||||
- image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
|
||||
name: app-demo-worker
|
||||
command:
|
||||
- celery
|
||||
@@ -29,8 +29,13 @@ spec:
|
||||
- name: RABBITMQ_USERNAME
|
||||
value: demo-app
|
||||
- name: RABBITMQ_PASSWORD
|
||||
value: StrongPassword123!
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: demo-app-user-credentials
|
||||
key: password
|
||||
- name: RABBITMQ_HOST
|
||||
value: rabbitmq.rabbitmq.svc.cluster.local
|
||||
- name: RABBITMQ_PORT
|
||||
value: '5672'
|
||||
- name: RABBITMQ_VHOST
|
||||
value: "/"
|
||||
@@ -53,7 +53,8 @@ module "loadbalancer" {
|
||||
}
|
||||
|
||||
module "cert-manager" {
|
||||
source = "${path.module}/modules/cert-manager"
|
||||
source = "${path.module}/modules/cert-manager"
|
||||
depends_on = [module.loadbalancer]
|
||||
}
|
||||
|
||||
module "cloudflare" {
|
||||
@@ -67,10 +68,16 @@ module "cloudflare" {
|
||||
cloudflare_account_id = var.cloudflare_account_id
|
||||
}
|
||||
|
||||
module "monitoring" {
|
||||
source = "${path.module}/modules/prometheus"
|
||||
depends_on = [module.cloudflare]
|
||||
cloudflare_domain = var.cloudflare_domain
|
||||
}
|
||||
|
||||
|
||||
module "database" {
|
||||
source = "${path.module}/modules/maxscale"
|
||||
depends_on = [module.storage, module.loadbalancer, module.cloudflare]
|
||||
depends_on = [module.monitoring]
|
||||
|
||||
mariadb_password = var.mariadb_password
|
||||
mariadb_root_password = var.mariadb_root_password
|
||||
@@ -87,23 +94,23 @@ module "database" {
|
||||
cloudflare_domain = var.cloudflare_domain
|
||||
}
|
||||
|
||||
module "argocd" {
|
||||
source = "${path.module}/modules/argocd"
|
||||
depends_on = [module.storage, module.loadbalancer, module.cloudflare]
|
||||
#module "argocd" {
|
||||
# source = "${path.module}/modules/argocd"
|
||||
# depends_on = [module.storage, module.loadbalancer, module.cloudflare]
|
||||
|
||||
argocd_admin_password = var.argocd_admin_password
|
||||
cloudflare_domain = var.cloudflare_domain
|
||||
}
|
||||
# argocd_admin_password = var.argocd_admin_password
|
||||
# cloudflare_domain = var.cloudflare_domain
|
||||
#}
|
||||
|
||||
module "redis" {
|
||||
source = "${path.module}/modules/redis"
|
||||
depends_on = [module.storage]
|
||||
cloudflare_base_domain = var.cloudflare_domain
|
||||
}
|
||||
#module "redis" {
|
||||
# source = "${path.module}/modules/redis"
|
||||
# depends_on = [module.storage]
|
||||
# cloudflare_base_domain = var.cloudflare_domain
|
||||
#}
|
||||
|
||||
module "rabbitmq" {
|
||||
source = "${path.module}/modules/rabbitmq"
|
||||
depends_on = [module.storage]
|
||||
depends_on = [module.database]
|
||||
base_domain = var.cloudflare_domain
|
||||
rabbitmq-password = var.rabbitmq-password
|
||||
}
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: networking.cfargotunnel.com/v1alpha2
|
||||
kind: ClusterTunnel
|
||||
metadata:
|
||||
name: cluster-tunnel # The ClusterTunnel Custom Resource Name
|
||||
name: cluster-tunnel
|
||||
spec:
|
||||
newTunnel:
|
||||
name: ${cloudflare_tunnel_name} # Name of your new tunnel on Cloudflare
|
||||
name: ${cloudflare_tunnel_name}
|
||||
cloudflare:
|
||||
email: ${cloudflare_email}
|
||||
domain: ${cloudflare_domain}
|
||||
@@ -41,10 +41,10 @@ resource "kubectl_manifest" "cloudflare-api-token" {
|
||||
resource "kubectl_manifest" "cloudflare-tunnel" {
|
||||
yaml_body = templatefile("${path.module}/cluster-tunnel.yaml", {
|
||||
cloudflare_tunnel_name = var.cloudflare_tunnel_name
|
||||
cloudflare_email = var.cloudflare_email
|
||||
cloudflare_domain = var.cloudflare_domain
|
||||
cloudflare_account_id = var.cloudflare_account_id
|
||||
cloudflare_email = var.cloudflare_email
|
||||
cloudflare_domain = var.cloudflare_domain
|
||||
cloudflare_account_id = var.cloudflare_account_id
|
||||
})
|
||||
|
||||
depends_on = [kustomization_resource.cloudflare]
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: v2
|
||||
name: maxscale-helm
|
||||
version: 1.0.2
|
||||
version: 1.0.7
|
||||
description: Helm chart for MaxScale related Kubernetes manifests
|
||||
@@ -54,6 +54,12 @@ spec:
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
prometheusRelease: kube-prometheus-stack
|
||||
jobLabel: mariadb-monitoring
|
||||
|
||||
tls:
|
||||
enabled: true
|
||||
@@ -106,7 +112,17 @@ spec:
|
||||
key: dsn
|
||||
|
||||
affinity:
|
||||
antiAffinityEnabled: true
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- mariadb-repl
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
tolerations:
|
||||
- key: "k8s.mariadb.com/ha"
|
||||
@@ -149,6 +165,12 @@ spec:
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
prometheusRelease: kube-prometheus-stack
|
||||
jobLabel: mariadb-monitoring
|
||||
|
||||
tls:
|
||||
enabled: true
|
||||
@@ -33,7 +33,7 @@ spec:
|
||||
value: "3306"
|
||||
- name: PHPMYADMIN_ALLOW_NO_PASSWORD
|
||||
value: "false"
|
||||
image: "docker.io/bitnami/phpmyadmin:5.2.2"
|
||||
image: "bitnamilegacy/phpmyadmin:5.2.2"
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -58,7 +58,7 @@ resource "helm_release" "mariadb-operator" {
|
||||
resource "helm_release" "maxscale_helm" {
|
||||
name = "maxscale-helm"
|
||||
chart = "${path.module}/charts/maxscale-helm"
|
||||
version = "1.0.2"
|
||||
version = "1.0.7"
|
||||
depends_on = [ helm_release.mariadb-operator-crds, kubectl_manifest.secrets ]
|
||||
timeout = 3600
|
||||
|
||||
14
7project/tofu/modules/prometheus/grafana-ui.yaml
Normal file
14
7project/tofu/modules/prometheus/grafana-ui.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: networking.cfargotunnel.com/v1alpha1
|
||||
kind: TunnelBinding
|
||||
metadata:
|
||||
name: grafana-tunnel-binding
|
||||
namespace: monitoring
|
||||
subjects:
|
||||
- name: grafana
|
||||
spec:
|
||||
target: http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local
|
||||
fqdn: grafana.${base_domain}
|
||||
noTlsVerify: true
|
||||
tunnelRef:
|
||||
kind: ClusterTunnel
|
||||
name: cluster-tunnel
|
||||
66
7project/tofu/modules/prometheus/main.tf
Normal file
66
7project/tofu/modules/prometheus/main.tf
Normal file
@@ -0,0 +1,66 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
kubectl = {
|
||||
source = "gavinbunney/kubectl"
|
||||
version = "1.19.0"
|
||||
}
|
||||
helm = {
|
||||
source = "hashicorp/helm"
|
||||
version = "3.0.2"
|
||||
}
|
||||
kubernetes = {
|
||||
source = "hashicorp/kubernetes"
|
||||
version = "2.38.0"
|
||||
}
|
||||
kustomization = {
|
||||
source = "kbst/kustomization"
|
||||
version = "0.9.6"
|
||||
}
|
||||
time = {
|
||||
source = "hashicorp/time"
|
||||
version = "0.13.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Create namespace for monitoring
|
||||
resource "kubernetes_namespace" "monitoring" {
|
||||
metadata {
|
||||
name = "monitoring"
|
||||
labels = {
|
||||
"pod-security.kubernetes.io/enforce" = "privileged"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Deploy kube-prometheus-stack
|
||||
resource "helm_release" "kube_prometheus_stack" {
|
||||
name = "kube-prometheus-stack"
|
||||
repository = "https://prometheus-community.github.io/helm-charts"
|
||||
chart = "kube-prometheus-stack"
|
||||
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
||||
version = "67.2.1" # Check for latest version
|
||||
|
||||
# Wait for CRDs to be created
|
||||
wait = true
|
||||
timeout = 600
|
||||
force_update = false
|
||||
recreate_pods = false
|
||||
|
||||
# Reference the values file
|
||||
values = [
|
||||
file("${path.module}/values.yaml")
|
||||
]
|
||||
|
||||
depends_on = [
|
||||
kubernetes_namespace.monitoring
|
||||
]
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "argocd-tunnel-bind" {
|
||||
depends_on = [helm_release.kube_prometheus_stack]
|
||||
|
||||
yaml_body = templatefile("${path.module}/grafana-ui.yaml", {
|
||||
base_domain = var.cloudflare_domain
|
||||
})
|
||||
}
|
||||
189
7project/tofu/modules/prometheus/values.yaml
Normal file
189
7project/tofu/modules/prometheus/values.yaml
Normal file
@@ -0,0 +1,189 @@
|
||||
# Prometheus configuration
|
||||
prometheus:
|
||||
prometheusSpec:
|
||||
retention: 30d
|
||||
retentionSize: "45GB"
|
||||
|
||||
# Storage configuration
|
||||
storageSpec:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
# storageClassName: "your-storage-class" # Uncomment and specify if needed
|
||||
|
||||
# Resource limits
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 2Gi
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
|
||||
# Scrape interval
|
||||
scrapeInterval: 30s
|
||||
evaluationInterval: 30s
|
||||
|
||||
# Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 9090
|
||||
|
||||
# Ingress (disabled by default)
|
||||
ingress:
|
||||
enabled: false
|
||||
# ingressClassName: nginx
|
||||
# hosts:
|
||||
# - prometheus.example.com
|
||||
# tls:
|
||||
# - secretName: prometheus-tls
|
||||
# hosts:
|
||||
# - prometheus.example.com
|
||||
|
||||
# Grafana configuration
|
||||
grafana:
|
||||
enabled: true
|
||||
|
||||
# Admin credentials
|
||||
adminPassword: "admin" # CHANGE THIS IN PRODUCTION!
|
||||
|
||||
# Persistence
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
# storageClassName: "your-storage-class" # Uncomment and specify if needed
|
||||
|
||||
# Resource limits
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
|
||||
# Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
|
||||
# Ingress (disabled by default)
|
||||
ingress:
|
||||
enabled: false
|
||||
# ingressClassName: nginx
|
||||
# hosts:
|
||||
# - grafana.example.com
|
||||
# tls:
|
||||
# - secretName: grafana-tls
|
||||
# hosts:
|
||||
# - grafana.example.com
|
||||
|
||||
# Default dashboards
|
||||
defaultDashboardsEnabled: true
|
||||
defaultDashboardsTimezone: Europe/Prague
|
||||
|
||||
# Alertmanager configuration
|
||||
alertmanager:
|
||||
enabled: true
|
||||
|
||||
alertmanagerSpec:
|
||||
# Storage configuration
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
# storageClassName: "your-storage-class" # Uncomment and specify if needed
|
||||
|
||||
# Resource limits
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
|
||||
# Service configuration
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 9093
|
||||
|
||||
# Ingress (disabled by default)
|
||||
ingress:
|
||||
enabled: false
|
||||
# ingressClassName: nginx
|
||||
# hosts:
|
||||
# - alertmanager.example.com
|
||||
# tls:
|
||||
# - secretName: alertmanager-tls
|
||||
# hosts:
|
||||
# - alertmanager.example.com
|
||||
|
||||
# Alertmanager configuration
|
||||
config:
|
||||
global:
|
||||
resolve_timeout: 5m
|
||||
|
||||
route:
|
||||
group_by: [ 'alertname', 'cluster', 'service' ]
|
||||
group_wait: 10s
|
||||
group_interval: 10s
|
||||
repeat_interval: 12h
|
||||
receiver: 'null'
|
||||
routes:
|
||||
- match:
|
||||
alertname: Watchdog
|
||||
receiver: 'null'
|
||||
|
||||
receivers:
|
||||
- name: 'null'
|
||||
# Add your receivers here (email, slack, pagerduty, etc.)
|
||||
# - name: 'slack'
|
||||
# slack_configs:
|
||||
# - api_url: 'YOUR_SLACK_WEBHOOK_URL'
|
||||
# channel: '#alerts'
|
||||
# title: '{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}'
|
||||
# text: '{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}'
|
||||
|
||||
# Node Exporter
|
||||
nodeExporter:
|
||||
enabled: true
|
||||
|
||||
# Kube State Metrics
|
||||
kubeStateMetrics:
|
||||
enabled: true
|
||||
|
||||
# Prometheus Operator
|
||||
prometheusOperator:
|
||||
enabled: true
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
|
||||
# Service Monitors
|
||||
# Automatically discover and monitor services with appropriate labels
|
||||
prometheus-node-exporter:
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: true
|
||||
|
||||
# Additional ServiceMonitors can be defined here
|
||||
# additionalServiceMonitors: []
|
||||
|
||||
# Global settings
|
||||
global:
|
||||
rbac:
|
||||
create: true
|
||||
5
7project/tofu/modules/prometheus/variables.tf
Normal file
5
7project/tofu/modules/prometheus/variables.tf
Normal file
@@ -0,0 +1,5 @@
|
||||
variable "cloudflare_domain" {
|
||||
type = string
|
||||
default = "Base cloudflare domain, e.g. example.com"
|
||||
nullable = false
|
||||
}
|
||||
85
7project/tofu/modules/rabbitmq/main.tf
Normal file
85
7project/tofu/modules/rabbitmq/main.tf
Normal file
@@ -0,0 +1,85 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
kubectl = {
|
||||
source = "gavinbunney/kubectl"
|
||||
version = "1.19.0"
|
||||
}
|
||||
helm = {
|
||||
source = "hashicorp/helm"
|
||||
version = "3.0.2" # Doporučuji použít novější verzi providera
|
||||
}
|
||||
kubernetes = {
|
||||
source = "hashicorp/kubernetes"
|
||||
version = "2.38.0" # Doporučuji použít novější verzi providera
|
||||
}
|
||||
# Ostatní provideři mohou zůstat
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
resource "helm_release" "rabbitmq_operator" {
|
||||
name = "rabbitmq-cluster-operator"
|
||||
repository = "oci://registry-1.docker.io/bitnamicharts"
|
||||
chart = "rabbitmq-cluster-operator"
|
||||
|
||||
version = "4.4.34"
|
||||
|
||||
namespace = "rabbitmq-system"
|
||||
create_namespace = true
|
||||
|
||||
# Zde můžete přepsat výchozí hodnoty chartu, pokud by bylo potřeba
|
||||
# Například sledovat jen určité namespace, nastavit tolerations atd.
|
||||
# Pro základní instalaci není potřeba nic měnit.
|
||||
# values = [
|
||||
# templatefile("${path.module}/values/operator-values.yaml", {})
|
||||
# ]
|
||||
set = [
|
||||
{
|
||||
name = "rabbitmqImage.repository"
|
||||
value = "bitnamilegacy/rabbitmq"
|
||||
},
|
||||
{
|
||||
name = "clusterOperator.image.repository"
|
||||
value = "bitnamilegacy/rabbitmq-cluster-operator"
|
||||
},
|
||||
{
|
||||
name = "msgTopologyOperator.image.repository"
|
||||
value = "bitnamilegacy/rmq-messaging-topology-operator"
|
||||
},
|
||||
{
|
||||
name = "credentialUpdaterImage.repository"
|
||||
value = "bitnamilegacy/rmq-default-credential-updater"
|
||||
},
|
||||
{
|
||||
name = "clusterOperator.metrics.service.enabled"
|
||||
value = "true"
|
||||
},
|
||||
{
|
||||
name = "clusterOperator.metrics.service.enabled"
|
||||
value = "true"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
|
||||
resource "kubectl_manifest" "rabbitmq_cluster" {
|
||||
yaml_body = templatefile("${path.module}/rabbit-cluster.yaml", {
|
||||
replicas = var.rabbitmq_replicas
|
||||
password = var.rabbitmq-password
|
||||
})
|
||||
|
||||
depends_on = [
|
||||
helm_release.rabbitmq_operator
|
||||
]
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "rabbit_ui" {
|
||||
yaml_body = templatefile("${path.module}/rabbit-ui.yaml", {
|
||||
base_domain = var.base_domain
|
||||
})
|
||||
|
||||
depends_on = [
|
||||
kubectl_manifest.rabbitmq_cluster
|
||||
]
|
||||
}
|
||||
5
7project/tofu/modules/rabbitmq/rabbit-cluster.yaml
Normal file
5
7project/tofu/modules/rabbitmq/rabbit-cluster.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
apiVersion: rabbitmq.com/v1beta1
|
||||
kind: RabbitmqCluster
|
||||
metadata:
|
||||
name: 'rabbitmq-cluster'
|
||||
namespace: "rabbitmq"
|
||||
@@ -6,7 +6,7 @@ metadata:
|
||||
subjects:
|
||||
- name: rabbit-gui
|
||||
spec:
|
||||
target: http://rabbitmq.rabbitmq.svc.cluster.local:15672
|
||||
target: http://rabbitmq-cluster.rabbitmq.svc.cluster.local:15672
|
||||
fqdn: rabbitmq.${base_domain}
|
||||
noTlsVerify: true
|
||||
tunnelRef:
|
||||
@@ -4,8 +4,14 @@ variable "base_domain" {
|
||||
}
|
||||
|
||||
variable "rabbitmq-password" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
description = "Admin password for RabbitMQ user"
|
||||
}
|
||||
|
||||
variable "rabbitmq_replicas" {
|
||||
type = number
|
||||
description = "Number of replicas for the RabbitMQ cluster"
|
||||
default = 1
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user