From e5e7befb9a26288098bff853b5ba78f10e496033 Mon Sep 17 00:00:00 2001 From: 42Atomys Date: Sat, 23 Apr 2022 11:43:22 +0200 Subject: [PATCH] feat: Add deployer for next and live env (#71) * feat: Add basic kustomize base with overlays * feat: Use kustomize --- .github/workflows/deployer.yaml | 85 +++++++++++++++++++ .github/workflows/review-apps.yaml | 48 ----------- .../app/jwkts-service/base/certificate.yaml | 11 +++ deploy/app/jwkts-service/base/configmap.yaml | 29 +++++++ deploy/app/jwkts-service/base/deployment.yaml | 36 ++++++++ .../app/jwkts-service/base/kustomization.yaml | 14 +++ deploy/app/jwkts-service/base/service.yaml | 17 ++++ .../jwkts-service/base/virtual-service.yaml | 21 +++++ .../overlays/live/kustomization.yaml | 10 +++ .../overlays/next/kustomization.yaml | 10 +++ .../cert-manager/certificates/dev.s42.yaml | 2 + 11 files changed, 235 insertions(+), 48 deletions(-) create mode 100644 .github/workflows/deployer.yaml delete mode 100644 .github/workflows/review-apps.yaml create mode 100644 deploy/app/jwkts-service/base/certificate.yaml create mode 100644 deploy/app/jwkts-service/base/configmap.yaml create mode 100644 deploy/app/jwkts-service/base/deployment.yaml create mode 100644 deploy/app/jwkts-service/base/kustomization.yaml create mode 100644 deploy/app/jwkts-service/base/service.yaml create mode 100644 deploy/app/jwkts-service/base/virtual-service.yaml create mode 100644 deploy/app/jwkts-service/overlays/live/kustomization.yaml create mode 100644 deploy/app/jwkts-service/overlays/next/kustomization.yaml diff --git a/.github/workflows/deployer.yaml b/.github/workflows/deployer.yaml new file mode 100644 index 00000000..fa68103b --- /dev/null +++ b/.github/workflows/deployer.yaml @@ -0,0 +1,85 @@ +name: 'Review App - Build 🔧' +on: + pull_request: + branches: + - main + push: + branches: + - main + release: + types: + - prereleased + - published +jobs: + build_and_push: + name: 'Build & push to ghcr.io 🔧' + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + github-token: ${{ github.token }} + + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + file: build/Dockerfile + + deploy_next: + name: Deploy to next 🎉 + runs-on: ubuntu-latest + needs: [ build_and_push ] + if: github.event.release.action == "prereleased" + steps: + - uses: actions/checkout@v3 + - uses: azure/setup-kubectl@v2.0 + - uses: imranismail/setup-kustomize@v1 + - uses: azure/k8s-set-context@v2 + with: + method: kubeconfig + kubeconfig: ${{ secrets.KUBECONFIG_ADMIN }} + cluster-type: generic + - run: | + cd deploy/app/jwkts-service/overlays/next + kustomize edit set image app=ghcr.io/42atomys/stud42:${{ github.event.release.tag_name }} + kustomize build . | kubectl apply -f - + + deploy_live: + name: Deploy to live 🚀 + runs-on: ubuntu-latest + needs: [ build_and_push, deploy_next ] + if: github.event.release.action == "prereleased" + steps: + - uses: actions/checkout@v3 + - uses: azure/setup-kubectl@v2.0 + - uses: azure/k8s-set-context@v2 + with: + method: kubeconfig + kubeconfig: ${{ secrets.KUBECONFIG_ADMIN }} + cluster-type: generic + - run: | + cd deploy/app/jwkts-service/overlays/live + kustomize edit set image app=ghcr.io/42atomys/stud42:${{ github.event.release.tag_name }} + kustomize build . | kubectl apply -f - \ No newline at end of file diff --git a/.github/workflows/review-apps.yaml b/.github/workflows/review-apps.yaml deleted file mode 100644 index 961361f5..00000000 --- a/.github/workflows/review-apps.yaml +++ /dev/null @@ -1,48 +0,0 @@ -name: 'Review App - Build 🔧' -on: - pull_request: - branches: - - main - push: - branches: - - main - release: - types: - - prereleased - - published -jobs: - build_and_push: - name: 'Build & push to ghcr.io 🔧' - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Log in to the Container registry - uses: docker/login-action@v1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v3 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - github-token: ${{ github.token }} - - - name: Build and push Docker image - uses: docker/build-push-action@v2 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - file: build/Dockerfile \ No newline at end of file diff --git a/deploy/app/jwkts-service/base/certificate.yaml b/deploy/app/jwkts-service/base/certificate.yaml new file mode 100644 index 00000000..2317daa8 --- /dev/null +++ b/deploy/app/jwkts-service/base/certificate.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: jwtks-service +spec: + dnsNames: + - jwtks.review-apps.svc.cluster.local + issuerRef: + kind: ClusterIssuer + name: selfsigned-issuer + secretName: jwtks-service-tls diff --git a/deploy/app/jwkts-service/base/configmap.yaml b/deploy/app/jwkts-service/base/configmap.yaml new file mode 100644 index 00000000..ba3891b2 --- /dev/null +++ b/deploy/app/jwkts-service/base/configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stud42-config +data: + stud42.yaml: | + # API relatives configurations + api: {} + + # Interface relatives configurations + interface: {} + + # jwtks service relatives configurations + jwtks: + # Endpoint of the public JWKSet can be used to validate + # a JWT Token + endpoint: https://s42.app/.well-known/jwks + # Certs used to sign and validate the JWT + # Also called : The JWK + jwk: + cert_private_key: /etc/certs/tls.key + cert_public_key: /etc/certs/tls.crt + # Certs used to secure the GRPC Endpoint with SSL/TLS + grpc: + cert_private_key: /etc/certs/tls.key + cert_public_key: /etc/certs/tls.crt + + discord: + guild_id: '248936708379246593' \ No newline at end of file diff --git a/deploy/app/jwkts-service/base/deployment.yaml b/deploy/app/jwkts-service/base/deployment.yaml new file mode 100644 index 00000000..bc039c6a --- /dev/null +++ b/deploy/app/jwkts-service/base/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jwtks-service +spec: + selector: {} + template: + spec: + imagePullSecrets: + - name: ghcr-creds + containers: + - name: service + image: app + env: + - name: GO_ENV + value: review-apps + - name: SENTRY_DSN + valueFrom: + secretKeyRef: + key: 'JWTKS_SERVICE_DSN' + name: 'sentry-dsns' + volumeMounts: + - name: certs + mountPath: '/etc/certs' + readOnly: true + resources: + limits: + memory: "42Mi" + cpu: "5m" + ports: + - containerPort: 5000 + - containerPort: 5500 + volumes: + - name: certs + secret: + secretName: jwtks-service-tls \ No newline at end of file diff --git a/deploy/app/jwkts-service/base/kustomization.yaml b/deploy/app/jwkts-service/base/kustomization.yaml new file mode 100644 index 00000000..1a5a8315 --- /dev/null +++ b/deploy/app/jwkts-service/base/kustomization.yaml @@ -0,0 +1,14 @@ +resources: +- certificate.yaml +- configmap.yaml +- deployment.yaml +- service.yaml +- virtual-service.yaml + +commonLabels: + kubernetes.io/name: jwtks-service + app.kubernetes.io/version: '0.1' + app.kubernetes.io/component: micro-service + app.kubernetes.io/part-of: s42-app + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: github-actions \ No newline at end of file diff --git a/deploy/app/jwkts-service/base/service.yaml b/deploy/app/jwkts-service/base/service.yaml new file mode 100644 index 00000000..fbfeb031 --- /dev/null +++ b/deploy/app/jwkts-service/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: jwtks-service-grpc +spec: + ports: + - port: 5000 + targetPort: 5000 +--- +apiVersion: v1 +kind: Service +metadata: + name: jwtks-service-http +spec: + ports: + - port: 5500 + targetPort: 5500 \ No newline at end of file diff --git a/deploy/app/jwkts-service/base/virtual-service.yaml b/deploy/app/jwkts-service/base/virtual-service.yaml new file mode 100644 index 00000000..9943c103 --- /dev/null +++ b/deploy/app/jwkts-service/base/virtual-service.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: jwtks-service-http +spec: + hosts: + - next.s42.dev + http: + - name: "jwtks-service-http" + match: + - method: + exact: GET + uri: + prefix: "/.well-known/jwks" + rewrite: + uri: "/jwks" + route: + - destination: + host: jwtks-service-http + port: + number: 5500 \ No newline at end of file diff --git a/deploy/app/jwkts-service/overlays/live/kustomization.yaml b/deploy/app/jwkts-service/overlays/live/kustomization.yaml new file mode 100644 index 00000000..d1f5d61d --- /dev/null +++ b/deploy/app/jwkts-service/overlays/live/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namePrefix: prod- +resources: +- ../../base +namespace: staging +images: +- name: app + newName: ghcr.io/42atomys/stud42 + newTag: latest \ No newline at end of file diff --git a/deploy/app/jwkts-service/overlays/next/kustomization.yaml b/deploy/app/jwkts-service/overlays/next/kustomization.yaml new file mode 100644 index 00000000..586c78df --- /dev/null +++ b/deploy/app/jwkts-service/overlays/next/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namePrefix: next- +resources: +- ../../base +namespace: staging +images: +- name: app + newName: ghcr.io/42atomys/stud42 + newTag: latest diff --git a/deploy/cluster/cert-manager/certificates/dev.s42.yaml b/deploy/cluster/cert-manager/certificates/dev.s42.yaml index d0a93280..eae0e5af 100644 --- a/deploy/cluster/cert-manager/certificates/dev.s42.yaml +++ b/deploy/cluster/cert-manager/certificates/dev.s42.yaml @@ -7,6 +7,8 @@ spec: dnsNames: - s42.dev - '*.s42.dev' + - '*.next.s42.dev' + - '*.reviews.s42.dev' issuerRef: kind: ClusterIssuer name: ovh-issuer