init

.github/workflows/master.yaml

@@ -0,0 +1,16 @@
+name: Deploy app
+on:
+  push:
+    branches:
+      - master
+jobs:
+  api-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Download kubectl
+        run: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+      - name: Setting up kubeconfig
+        run: echo ${{ secrets.KUBE_CONFIG }} > kube.config
+      - name: Check if it works
+        run: ./kubectl --kubeconfig ./kube.config get nodes

.gitignore

@@ -0,0 +1 @@
+*.env

kustomization/bases/cert-manager.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: florian@nocodelytics.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+            class: traefik

kustomization/bases/clickhouse.yaml

@@ -0,0 +1,51 @@
+apiVersion: "clickhouse.altinity.com/v1"
+kind: "ClickHouseInstallation"
+metadata:
+  name: "pv-simple"
+spec:
+  defaults:
+    templates:
+      podTemplate: pod-template-with-volumes
+      dataVolumeClaimTemplate: data-volume-template
+      logVolumeClaimTemplate: log-volume-template
+  configuration:
+    clusters:
+      - name: "simple"
+        layout:
+          shardsCount: 0
+          replicasCount: 0
+  templates:
+    podTemplates:
+      - name: pod-template-with-volumes
+        spec:
+          containers:
+            - name: clickhouse
+              image: clickhouse/clickhouse-server:22.3
+          nodeSelector:
+            database: clickhouse
+          tolerations:
+            - key: "arch"
+              operator: "Equal"
+              value: "arm64"
+              effect: "NoSchedule"
+    volumeClaimTemplates:
+      - name: data-volume-template
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          storageClassName: local-path
+          resources:
+            requests:
+              storage: 100Gi
+          nodeSelector:
+            database: clickhouse
+      - name: log-volume-template
+        spec:
+          storageClassName: local-path
+          nodeSelector:
+            database: clickhouse
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

kustomization/bases/kustomization.yaml

@@ -0,0 +1,15 @@
+resources:
+  - ./namespace.yaml
+  - ./nocodelytics-dashboard.yaml
+  # - ./nocodelytics-tracker-api.yaml
+  # - ./clickhouse.yaml
+  - ./cert-manager.yaml
+secretGenerator:
+  - name: regcred
+    type: kubernetes.io/dockerconfigjson
+    envs:
+      - ./secrets/.dockerconfigjson.env
+  - name: secrets
+    type: Secret
+    envs:
+      - ./secrets/.secrets.env

kustomization/bases/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: default

kustomization/bases/nats.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nats-lb
+  namespace: stage
+spec:
+  type: NodePort
+  selector:
+    app.kubernetes.io/name: nats
+  ports:
+    - protocol: TCP
+      port: 4222
+      targetPort: 4222
+      name: nats
+      nodePort: 30022
+    - protocol: TCP
+      port: 8222
+      targetPort: 8222
+      name: nats-monitor
+      nodePort: 30023

kustomization/bases/nocodelytics-dashboard.yaml

@@ -0,0 +1,95 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nocodelytics-dashboard
+spec:
+  secretName: nocodelytics-dashboard-net-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: Issuer
+  commonName: default.nocodelytics.com
+  dnsNames:
+    - default.nocodelytics.com
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nocodelytics-dashboard
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ms: nocodelytics-dashboard
+  template:
+    metadata:
+      labels:
+        ms: nocodelytics-dashboard
+    spec:
+      imagePullSecrets:
+        - name: regcred
+      containers:
+        - name: nocodelytics-dashboard
+          imagePullPolicy: Always
+          image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest
+          env:
+            - name: PORT
+              value: "8080"
+            - name: ENCRYPTION_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: secrets
+                  key: ENCRYPTION_KEY
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "100m"
+      nodeSelector:
+        kubernetes.io/arch: arm64
+      tolerations:
+        - key: "arch"
+          operator: "Equal"
+          value: "arm64"
+          effect: "NoSchedule"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nocodelytics-dashboard
+spec:
+  type: NodePort
+  selector:
+    ms: nocodelytics-dashboard
+  ports:
+    - port: 8080
+      targetPort: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nocodelytics-dashboard-nginx-ingress
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    cert-manager.io/issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    cert-manager.io/acme-challenge-type: http01
+spec:
+  rules:
+    - host: default.nocodelytics.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nocodelytics-dashboard
+  tls:
+    - hosts:
+        - default.nocodelytics.com
+      secretName: nocodelytics-dashboard-net-tls

kustomization/bases/nocodelytics-tracker-api.yaml

@@ -0,0 +1,89 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nocodelytics-tracker-api
+spec:
+  secretName: nocodelytics-tracker-api-net-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: Issuer
+  commonName: nocodelytics-tracker-api.nocodelytics.com
+  dnsNames:
+    - nocodelytics-tracker-api.nocodelytics.com
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nocodelytics-tracker-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ms: nocodelytics-tracker-api
+  template:
+    metadata:
+      labels:
+        ms: nocodelytics-tracker-api
+    spec:
+      imagePullSecrets:
+        - name: regcred
+      containers:
+        - name: nocodelytics-tracker-api
+          imagePullPolicy: Always
+          image: container-registry.nocodelytics.com/nocodelytics-tracker-api:latest
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "100m"
+      nodeSelector:
+        kubernetes.io/arch: arm64
+      tolerations:
+        - key: "arch"
+          operator: "Equal"
+          value: "arm64"
+          effect: "NoSchedule"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nocodelytics-tracker-api
+spec:
+  type: NodePort
+  selector:
+    ms: nocodelytics-tracker-api
+  ports:
+    - port: 3001
+      targetPort: 3001
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nocodelytics-tracker-api-nginx-ingress
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    cert-manager.io/issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    cert-manager.io/acme-challenge-type: http01
+spec:
+  rules:
+    - host: nocodelytics-tracker-api.nocodelytics.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nocodelytics-tracker-api
+                # port:
+                #   number: 3001
+  tls:
+    - hosts:
+        - nocodelytics-tracker-api.nocodelytics.com
+      secretName: nocodelytics-tracker-api-net-tls

kustomization/bases/secrets/dockerconfigjson.txt

@@ -0,0 +1,2 @@
+# kubectl create secret docker-registry --dry-run=client regcred --docker-server=... --docker-username=... --docker-password=... -o yaml
+.dockerconfigjson=${DOCKERCONFIG_JSON}

kustomization/bases/secrets/generate.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+cat ./dockerconfigjson.txt | envsubst > ./.dockerconfigjson.env
+cat ./secrets.txt | envsubst > ./.secrets.env

kustomization/bases/secrets/secrets.txt

@@ -0,0 +1 @@
+ENCRYPTION_KEY=${ENCRYPTION_KEY}

kustomization/overlays/staging/kustomization.yaml

@@ -0,0 +1,14 @@
+namespace: staging
+resources:
+  - ../../bases
+patchesStrategicMerge:
+  - ./nocodelytics-dashboard.yaml
+# - ./nocodelytics-tracker-api.yaml
+patches:
+  - target:
+      kind: Namespace
+      name: default
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: staging

kustomization/overlays/staging/nocodelytics-dashboard.yaml

@@ -0,0 +1,57 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nocodelytics-dashboard
+spec:
+  commonName: staging.nocodelytics.com
+  dnsNames:
+    - staging.nocodelytics.com
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nocodelytics-dashboard-nginx-ingress
+spec:
+  rules:
+    - host: staging.nocodelytics.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nocodelytics-dashboard
+                port:
+                  number: 8080
+  tls:
+    - hosts:
+        - staging.nocodelytics.com
+      secretName: nocodelytics-dashboard-net-tls
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nocodelytics-dashboard
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ms: nocodelytics-dashboard
+  template:
+    metadata:
+      labels:
+        ms: nocodelytics-dashboard
+    spec:
+      containers:
+        - name: nocodelytics-dashboard
+          image: container-registry.nocodelytics.com/nocodelytics/dashboard:latest
+          env:
+            - name: NODE_ENV
+              value: stage

kustomization/overlays/staging/nocodelytics-tracker-api.yaml

@@ -0,0 +1,36 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nocodelytics-tracker-api
+spec:
+  commonName: stagingtracker.nocodelytics.com
+  dnsNames:
+    - stagingtracker.nocodelytics.com
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nocodelytics-tracker-api-nginx-ingress
+spec:
+  rules:
+    - host: stagingtracker.nocodelytics.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nocodelytics-tracker-api
+                port:
+                  number: 3001
+  tls:
+    - hosts:
+        - stagingtracker.nocodelytics.com
+      secretName: nocodelytics-tracker-api-net-tls