commit 48613802ac85e92568c116a03b66069ad90f67e5 Author: Florian Herrengt Date: Mon Dec 5 23:30:33 2022 +0000 init diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml new file mode 100644 index 0000000..dfbaa93 --- /dev/null +++ b/.github/workflows/master.yaml @@ -0,0 +1,16 @@ +name: Deploy app +on: + push: + branches: + - master +jobs: + api-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Download kubectl + run: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + - name: Setting up kubeconfig + run: echo ${{ secrets.KUBE_CONFIG }} > kube.config + - name: Check if it works + run: ./kubectl --kubeconfig ./kube.config get nodes diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f509e5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.env \ No newline at end of file diff --git a/kustomization/bases/.DS_Store b/kustomization/bases/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/kustomization/bases/.DS_Store differ diff --git a/kustomization/bases/cert-manager.yaml b/kustomization/bases/cert-manager.yaml new file mode 100644 index 0000000..4ad355c --- /dev/null +++ b/kustomization/bases/cert-manager.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: florian@nocodelytics.com + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + class: traefik diff --git a/kustomization/bases/clickhouse.yaml b/kustomization/bases/clickhouse.yaml new file mode 100644 index 0000000..96983dc --- /dev/null +++ b/kustomization/bases/clickhouse.yaml @@ -0,0 +1,51 @@ +apiVersion: "clickhouse.altinity.com/v1" +kind: "ClickHouseInstallation" +metadata: + name: "pv-simple" +spec: + defaults: + templates: + podTemplate: pod-template-with-volumes + dataVolumeClaimTemplate: data-volume-template + logVolumeClaimTemplate: log-volume-template + configuration: + clusters: + - name: "simple" + layout: + shardsCount: 0 + replicasCount: 0 + templates: + podTemplates: + - name: pod-template-with-volumes + spec: + containers: + - name: clickhouse + image: clickhouse/clickhouse-server:22.3 + nodeSelector: + database: clickhouse + tolerations: + - key: "arch" + operator: "Equal" + value: "arm64" + effect: "NoSchedule" + volumeClaimTemplates: + - name: data-volume-template + spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 100Gi + nodeSelector: + database: clickhouse + - name: log-volume-template + spec: + storageClassName: local-path + nodeSelector: + database: clickhouse + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/kustomization/bases/kustomization.yaml b/kustomization/bases/kustomization.yaml new file mode 100644 index 0000000..ae396f3 --- /dev/null +++ b/kustomization/bases/kustomization.yaml @@ -0,0 +1,15 @@ +resources: + - ./namespace.yaml + - ./nocodelytics-dashboard.yaml + # - ./nocodelytics-tracker-api.yaml + # - ./clickhouse.yaml + - ./cert-manager.yaml +secretGenerator: + - name: regcred + type: kubernetes.io/dockerconfigjson + envs: + - ./secrets/.dockerconfigjson.env + - name: secrets + type: Secret + envs: + - ./secrets/.secrets.env diff --git a/kustomization/bases/namespace.yaml b/kustomization/bases/namespace.yaml new file mode 100644 index 0000000..5efde87 --- /dev/null +++ b/kustomization/bases/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: default diff --git a/kustomization/bases/nats.yaml b/kustomization/bases/nats.yaml new file mode 100644 index 0000000..54a7b2d --- /dev/null +++ b/kustomization/bases/nats.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: nats-lb + namespace: stage +spec: + type: NodePort + selector: + app.kubernetes.io/name: nats + ports: + - protocol: TCP + port: 4222 + targetPort: 4222 + name: nats + nodePort: 30022 + - protocol: TCP + port: 8222 + targetPort: 8222 + name: nats-monitor + nodePort: 30023 diff --git a/kustomization/bases/nocodelytics-dashboard.yaml b/kustomization/bases/nocodelytics-dashboard.yaml new file mode 100644 index 0000000..329c9a6 --- /dev/null +++ b/kustomization/bases/nocodelytics-dashboard.yaml @@ -0,0 +1,95 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nocodelytics-dashboard +spec: + secretName: nocodelytics-dashboard-net-tls + issuerRef: + name: letsencrypt-prod + kind: Issuer + commonName: default.nocodelytics.com + dnsNames: + - default.nocodelytics.com +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nocodelytics-dashboard +spec: + replicas: 1 + selector: + matchLabels: + ms: nocodelytics-dashboard + template: + metadata: + labels: + ms: nocodelytics-dashboard + spec: + imagePullSecrets: + - name: regcred + containers: + - name: nocodelytics-dashboard + imagePullPolicy: Always + image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest + env: + - name: PORT + value: "8080" + - name: ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: secrets + key: ENCRYPTION_KEY + resources: + limits: + memory: "512Mi" + cpu: "100m" + nodeSelector: + kubernetes.io/arch: arm64 + tolerations: + - key: "arch" + operator: "Equal" + value: "arm64" + effect: "NoSchedule" +--- +apiVersion: v1 +kind: Service +metadata: + name: nocodelytics-dashboard +spec: + type: NodePort + selector: + ms: nocodelytics-dashboard + ports: + - port: 8080 + targetPort: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nocodelytics-dashboard-nginx-ingress + annotations: + kubernetes.io/ingress.class: "traefik" + cert-manager.io/issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/redirect-entry-point: https + cert-manager.io/acme-challenge-type: http01 +spec: + rules: + - host: default.nocodelytics.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: / + pathType: Prefix + backend: + service: + name: nocodelytics-dashboard + tls: + - hosts: + - default.nocodelytics.com + secretName: nocodelytics-dashboard-net-tls diff --git a/kustomization/bases/nocodelytics-tracker-api.yaml b/kustomization/bases/nocodelytics-tracker-api.yaml new file mode 100644 index 0000000..e44ad84 --- /dev/null +++ b/kustomization/bases/nocodelytics-tracker-api.yaml @@ -0,0 +1,89 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nocodelytics-tracker-api +spec: + secretName: nocodelytics-tracker-api-net-tls + issuerRef: + name: letsencrypt-prod + kind: Issuer + commonName: nocodelytics-tracker-api.nocodelytics.com + dnsNames: + - nocodelytics-tracker-api.nocodelytics.com +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nocodelytics-tracker-api +spec: + replicas: 1 + selector: + matchLabels: + ms: nocodelytics-tracker-api + template: + metadata: + labels: + ms: nocodelytics-tracker-api + spec: + imagePullSecrets: + - name: regcred + containers: + - name: nocodelytics-tracker-api + imagePullPolicy: Always + image: container-registry.nocodelytics.com/nocodelytics-tracker-api:latest + resources: + limits: + memory: "512Mi" + cpu: "100m" + nodeSelector: + kubernetes.io/arch: arm64 + tolerations: + - key: "arch" + operator: "Equal" + value: "arm64" + effect: "NoSchedule" +--- +apiVersion: v1 +kind: Service +metadata: + name: nocodelytics-tracker-api +spec: + type: NodePort + selector: + ms: nocodelytics-tracker-api + ports: + - port: 3001 + targetPort: 3001 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nocodelytics-tracker-api-nginx-ingress + annotations: + kubernetes.io/ingress.class: "traefik" + cert-manager.io/issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/redirect-entry-point: https + cert-manager.io/acme-challenge-type: http01 +spec: + rules: + - host: nocodelytics-tracker-api.nocodelytics.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: / + pathType: Prefix + backend: + service: + name: nocodelytics-tracker-api + # port: + # number: 3001 + tls: + - hosts: + - nocodelytics-tracker-api.nocodelytics.com + secretName: nocodelytics-tracker-api-net-tls diff --git a/kustomization/bases/secrets/dockerconfigjson.txt b/kustomization/bases/secrets/dockerconfigjson.txt new file mode 100644 index 0000000..3b08aed --- /dev/null +++ b/kustomization/bases/secrets/dockerconfigjson.txt @@ -0,0 +1,2 @@ +# kubectl create secret docker-registry --dry-run=client regcred --docker-server=... --docker-username=... --docker-password=... -o yaml +.dockerconfigjson=${DOCKERCONFIG_JSON} \ No newline at end of file diff --git a/kustomization/bases/secrets/generate.sh b/kustomization/bases/secrets/generate.sh new file mode 100755 index 0000000..ce3a3f0 --- /dev/null +++ b/kustomization/bases/secrets/generate.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cat ./dockerconfigjson.txt | envsubst > ./.dockerconfigjson.env +cat ./secrets.txt | envsubst > ./.secrets.env \ No newline at end of file diff --git a/kustomization/bases/secrets/secrets.txt b/kustomization/bases/secrets/secrets.txt new file mode 100644 index 0000000..5441339 --- /dev/null +++ b/kustomization/bases/secrets/secrets.txt @@ -0,0 +1 @@ +ENCRYPTION_KEY=${ENCRYPTION_KEY} \ No newline at end of file diff --git a/kustomization/overlays/staging/kustomization.yaml b/kustomization/overlays/staging/kustomization.yaml new file mode 100644 index 0000000..a18303e --- /dev/null +++ b/kustomization/overlays/staging/kustomization.yaml @@ -0,0 +1,14 @@ +namespace: staging +resources: + - ../../bases +patchesStrategicMerge: + - ./nocodelytics-dashboard.yaml +# - ./nocodelytics-tracker-api.yaml +patches: + - target: + kind: Namespace + name: default + patch: |- + - op: replace + path: /metadata/name + value: staging diff --git a/kustomization/overlays/staging/nocodelytics-dashboard.yaml b/kustomization/overlays/staging/nocodelytics-dashboard.yaml new file mode 100644 index 0000000..cd91ae1 --- /dev/null +++ b/kustomization/overlays/staging/nocodelytics-dashboard.yaml @@ -0,0 +1,57 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nocodelytics-dashboard +spec: + commonName: staging.nocodelytics.com + dnsNames: + - staging.nocodelytics.com +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nocodelytics-dashboard-nginx-ingress +spec: + rules: + - host: staging.nocodelytics.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: / + pathType: Prefix + backend: + service: + name: nocodelytics-dashboard + port: + number: 8080 + tls: + - hosts: + - staging.nocodelytics.com + secretName: nocodelytics-dashboard-net-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nocodelytics-dashboard +spec: + replicas: 1 + selector: + matchLabels: + ms: nocodelytics-dashboard + template: + metadata: + labels: + ms: nocodelytics-dashboard + spec: + containers: + - name: nocodelytics-dashboard + image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest + env: + - name: NODE_ENV + value: stage diff --git a/kustomization/overlays/staging/nocodelytics-tracker-api.yaml b/kustomization/overlays/staging/nocodelytics-tracker-api.yaml new file mode 100644 index 0000000..cfd4af5 --- /dev/null +++ b/kustomization/overlays/staging/nocodelytics-tracker-api.yaml @@ -0,0 +1,36 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nocodelytics-tracker-api +spec: + commonName: stagingtracker.nocodelytics.com + dnsNames: + - stagingtracker.nocodelytics.com +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nocodelytics-tracker-api-nginx-ingress +spec: + rules: + - host: stagingtracker.nocodelytics.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: / + pathType: Prefix + backend: + service: + name: nocodelytics-tracker-api + port: + number: 3001 + tls: + - hosts: + - stagingtracker.nocodelytics.com + secretName: nocodelytics-tracker-api-net-tls