lukas/uis-cloud-computing
1
0
Fork 0
mirror of https://github.com/dat515-2025/Group-8.git synced 2026-03-22 15:12:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: lukas:merge/deployment_envs
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations
..
compare: lukas:607c5eadd7fa98f8bfbafa6f575c898f05fd34da
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations

8 Commits
merge/depl ... 607c5eadd7

Author SHA1 Message Date
Lukáš Trkan
607c5eadd7 feat(infrastructure): remove old deployment 2025-10-20 19:20:56 +02:00
Lukáš Trkan
2617c640a8 fix(app): add missing env variables
Some checks failed
Deploy Prod / Build and push image (reusable) (push) Has been cancelled
Details
Deploy Prod / Generate Production URLs (push) Has been cancelled
Details
Deploy Prod / Frontend - Build and Deploy to Cloudflare Pages (prod) (push) Has been cancelled
Details
Deploy Prod / Helm upgrade/install (prod) (push) Has been cancelled
Details
2025-10-17 16:04:52 +02:00
Lukáš Trkan
cb9ef5e461 feat(app): add sentry loging 2025-10-17 15:59:18 +02:00
Lukáš Trkan
d593f7a994 feat(infrastructure): move to secrets
Some checks are pending
Deploy Prod / Build and push image (reusable) (push) Waiting to run
Details
Deploy Prod / Generate Production URLs (push) Waiting to run
Details
Deploy Prod / Frontend - Build and Deploy to Cloudflare Pages (prod) (push) Blocked by required conditions
Details
Deploy Prod / Helm upgrade/install (prod) (push) Blocked by required conditions
Details
2025-10-16 18:30:13 +02:00
Lukáš Trkan
ef5b3f2d30 feat(infrastructure): move to secrets 2025-10-16 18:25:06 +02:00
Lukáš Trkan
60109c4a35 fix(infrastructure): add oauth keys as secret 2025-10-16 18:18:19 +02:00
Lukáš Trkan
b6f9ee8fc7 fix(infrastructure): add missing slash 2025-10-16 18:11:19 +02:00
Lukáš Trkan
52333b24d5 Merge pull request #29 from dat515-2025/merge/deployment_envs 
fix(infrastructure): add env variables to deployment
 2025-10-16 18:05:59 +02:00
15 changed files with 102 additions and 191 deletions
Expand all files Collapse all files

7
.github/workflows/deploy-prod.yaml vendored
View File

@@ -85,7 +85,7 @@ jobs:
BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }}
MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }}
MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
run: |
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n prod --create-namespace \
@@ -97,8 +97,9 @@ jobs:
--set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
--set image.digest="$DIGEST" \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"
--set-string database.password="$DB_PASSWORD" \
--set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \
--set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \
--set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \
--set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET"
--set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \
--set-string sentry_dsn="$SENTRY_DSN" \

16
7project/backend/app/app.py
View File

@@ -1,3 +1,5 @@
import os
from fastapi import Depends, FastAPI
from fastapi.middleware.cors import CORSMiddleware
@@ -9,6 +11,16 @@ from app.api.categories import router as categories_router
from app.api.transactions import router as transactions_router
from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider
from fastapi import FastAPI
import sentry_sdk
sentry_sdk.init(
dsn=os.getenv("SENTRY_DSN"),
send_default_pii=True,
)
app = FastAPI()
fastApi = FastAPI()
# CORS for frontend dev server
@@ -59,3 +71,7 @@ async def root():
@fastApi.get("/authenticated-route")
async def authenticated_route(user: User = Depends(current_active_verified_user)):
return {"message": f"Hello {user.email}!"}
@fastApi.get("/sentry-debug")
async def trigger_error():
division_by_zero = 1 / 0

2
7project/backend/requirements.txt
View File

@@ -50,6 +50,7 @@ python-dateutil==2.9.0.post0
python-dotenv==1.1.1
python-multipart==0.0.20
PyYAML==6.0.2
sentry-sdk==2.42.0
six==1.17.0
sniffio==1.3.1
SQLAlchemy==2.0.43
@@ -58,6 +59,7 @@ tomli==2.2.1
typing-inspection==0.4.1
typing_extensions==4.15.0
tzdata==2025.2
urllib3==2.5.0
uvicorn==0.37.0
uvloop==0.21.0
vine==5.1.0

45
7project/charts/myapp-chart/templates/app-deployment.yaml
View File

@@ -20,7 +20,7 @@ spec:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
drop: [ "ALL" ]
ports:
- containerPort: {{ .Values.app.port }}
env:
@@ -29,21 +29,27 @@ spec:
- name: MARIADB_PORT
value: '3306'
- name: MARIADB_DB
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_DB
- name: MARIADB_USER
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_USER
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
key: password
name: prod
key: MARIADB_PASSWORD
- name: RABBITMQ_USERNAME
value: {{ .Values.rabbitmq.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
key: password
name: prod
key: RABBITMQ_PASSWORD
- name: RABBITMQ_HOST
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
- name: RABBITMQ_PORT
@@ -53,13 +59,25 @@ spec:
- name: MAIL_QUEUE
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
- name: MOJEID_CLIENT_ID
value: {{ .Values.oauth.mojeid.clientId | quote }}
valueFrom:
secretKeyRef:
name: prod
key: MOJEID_CLIENT_ID
- name: MOJEID_CLIENT_SECRET
value: {{ .Values.oauth.mojeid.clientSecret | quote }}
valueFrom:
secretKeyRef:
name: prod
key: MOJEID_CLIENT_SECRET
- name: BANKID_CLIENT_ID
value: {{ .Values.oauth.bankid.clientId | quote }}
valueFrom:
secretKeyRef:
name: prod
key: BANKID_CLIENT_ID
- name: BANKID_CLIENT_SECRET
value: {{ .Values.oauth.bankid.clientSecret | quote }}
valueFrom:
secretKeyRef:
name: prod
key: BANKID_CLIENT_SECRET
- name: DOMAIN
value: {{ required "Set .Values.domain" .Values.domain | quote }}
- name: DOMAIN_SCHEME
@@ -68,6 +86,11 @@ spec:
value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }}
- name: FRONTEND_DOMAIN_SCHEME
value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }}
- name: SENTRY_DSN
valueFrom:
secretKeyRef:
name: prod
key: SENTRY_DSN
livenessProbe:
httpGet:
path: /

18
7project/charts/myapp-chart/templates/prod.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Secret
metadata:
name: prod
type: Opaque
stringData:
MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }}
MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }}
BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }}
BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }}
# Database credentials
MARIADB_DB: {{ required "Set .Values.deployment" .Values.deployment | quote }}
MARIADB_USER: {{ required "Set .Values.deployment" .Values.deployment | quote }}
MARIADB_PASSWORD: {{ .Values.database.password | default "" | quote }}
# RabbitMQ credentials
RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }}
RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }}
SENTRY_DSN: {{ .Values.sentry_dsn | quote }}

28
7project/charts/myapp-chart/templates/worker-deployment.yaml
View File

@@ -31,13 +31,32 @@ spec:
- --loglevel
- INFO
env:
- name: MARIADB_HOST
value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
- name: MARIADB_PORT
value: '3306'
- name: MARIADB_DB
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_DB
- name: MARIADB_USER
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_USER
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_PASSWORD
- name: RABBITMQ_USERNAME
value: {{ .Values.rabbitmq.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
key: password
name: prod
key: RABBITMQ_PASSWORD
- name: RABBITMQ_HOST
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
- name: RABBITMQ_PORT
@@ -46,3 +65,8 @@ spec:
value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
- name: MAIL_QUEUE
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
- name: SENTRY_DSN
valueFrom:
secretKeyRef:
name: prod
key: SENTRY_DSN

2
7project/charts/myapp-chart/values.yaml
View File

@@ -16,6 +16,8 @@ domain_scheme: ""
frontend_domain: ""
frontend_domain_scheme: ""
sentry_dsn: ""
image:
repository: lukastrkan/cc-app-demo
# You can use a tag or digest. If digest is provided, it takes precedence.

20
7project/deployment/app-demo-database-grant.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: grant
spec:
mariaDbRef:
name: mariadb-repl
namespace: mariadb-operator
privileges:
- "ALL PRIVILEGES"
database: "app-demo-database"
table: "*"
username: "app-demo-user"
grantOption: true
host: "%"
# Delete the resource in the database whenever the CR gets deleted.
# Alternatively, you can specify Skip in order to omit deletion.
cleanupPolicy: Skip
requeueInterval: 10h
retryInterval: 30s

7
7project/deployment/app-demo-database-secret.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: app-demo-database-secret
type: kubernetes.io/basic-auth
stringData:
password: "strongpassword"

20
7project/deployment/app-demo-database-user.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: app-demo-user
spec:
# If you want the user to be created with a different name than the resource name
# name: user-custom
mariaDbRef:
name: mariadb-repl
namespace: mariadb-operator
passwordSecretKeyRef:
name: app-demo-database-secret
key: password
maxUserConnections: 20
host: "%"
# Delete the resource in the database whenever the CR gets deleted.
# Alternatively, you can specify Skip in order to omit deletion.
cleanupPolicy: Skip
requeueInterval: 10h
retryInterval: 30s

15
7project/deployment/app-demo-database.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: app-demo-database
spec:
mariaDbRef:
name: mariadb-repl
namespace: mariadb-operator
characterSet: utf8
collate: utf8_general_ci
# Delete the resource in the database whenever the CR gets deleted.
# Alternatively, you can specify Skip in order to omit deletion.
cleanupPolicy: Skip
requeueInterval: 10h
retryInterval: 30s

48
7project/deployment/app-demo-deployment.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-demo
spec:
replicas: 3
revisionHistoryLimit: 3
selector:
matchLabels:
app: app-demo
template:
metadata:
labels:
app: app-demo
spec:
containers:
- image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
name: app-demo
ports:
- containerPort: 8000
env:
- name: MARIADB_HOST
value: mariadb-repl.mariadb-operator.svc.cluster.local
- name: MARIADB_PORT
value: '3306'
- name: MARIADB_DB
value: app-demo-database
- name: MARIADB_USER
value: app-demo-user
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: app-demo-database-secret
key: password
livenessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3

10
7project/deployment/app-demo-svc.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: app-demo
spec:
ports:
- port: 80
targetPort: 8000
selector:
app: app-demo

41
7project/deployment/app-demo-worker-deployment.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-demo-worker
spec:
replicas: 3
revisionHistoryLimit: 3
selector:
matchLabels:
app: app-demo-worker
template:
metadata:
labels:
app: app-demo-worker
spec:
containers:
- image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
name: app-demo-worker
command:
- celery
- -A
- app.celery_app
- worker
- -Q
- $(MAIL_QUEUE)
- --loglevel
- INFO
env:
- name: RABBITMQ_USERNAME
value: demo-app
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: demo-app-user-credentials
key: password
- name: RABBITMQ_HOST
value: rabbitmq.rabbitmq.svc.cluster.local
- name: RABBITMQ_PORT
value: '5672'
- name: RABBITMQ_VHOST
value: "/"

14
7project/deployment/tunnel.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: networking.cfargotunnel.com/v1alpha1
kind: TunnelBinding
metadata:
name: guestbook-tunnel-binding
namespace: group-project
subjects:
- name: app-server
spec:
target: http://app-demo.group-project.svc.cluster.local
fqdn: demo.ltrk.cz
noTlsVerify: true
tunnelRef:
kind: ClusterTunnel
name: cluster-tunnel