From 84c95fbb8713b2fd5222096747d3b82ad55f8d16 Mon Sep 17 00:00:00 2001 From: Maxence Date: Mon, 25 Mar 2024 12:15:54 +0100 Subject: [PATCH 1/5] suppression logging, utilisation de cloud logging plutot que ECK --- logging/fleet.yml | 175 ---------------------------------------------- 1 file changed, 175 deletions(-) delete mode 100644 logging/fleet.yml diff --git a/logging/fleet.yml b/logging/fleet.yml deleted file mode 100644 index 3f59139e..00000000 --- a/logging/fleet.yml +++ /dev/null @@ -1,175 +0,0 @@ -apiVersion: agent.k8s.elastic.co/v1alpha1 -kind: Agent -metadata: - name: fleet-server-quickstart - namespace: default -spec: - version: 8.12.2 - kibanaRef: - name: kibana-quickstart - elasticsearchRefs: - - name: elasticsearch-quickstart - mode: fleet - fleetServerEnabled: true - policyID: eck-fleet-server - deployment: - replicas: 1 - podTemplate: - spec: - serviceAccountName: elastic-agent - automountServiceAccountToken: true - securityContext: - runAsUser: 0 ---- -apiVersion: agent.k8s.elastic.co/v1alpha1 -kind: Agent -metadata: - name: elastic-agent-quickstart - namespace: default -spec: - version: 8.12.2 - kibanaRef: - name: kibana-quickstart - fleetServerRef: - name: fleet-server-quickstart - mode: fleet - policyID: eck-agent - daemonSet: - podTemplate: - spec: - serviceAccountName: elastic-agent - automountServiceAccountToken: true - securityContext: - runAsUser: 0 - volumes: - - name: agent-data - emptyDir: {} ---- -apiVersion: kibana.k8s.elastic.co/v1 -kind: Kibana -metadata: - name: kibana-quickstart - namespace: default -spec: - version: 8.12.2 - count: 1 - elasticsearchRef: - name: elasticsearch-quickstart - http: - service: - spec: - type: LoadBalancer # default is ClusterIP - tls: - selfSignedCertificate: - subjectAltNames: - - ip: 1.2.3.4 - - dns: kibana.example.com - config: - xpack.fleet.agents.elasticsearch.hosts: - ["https://elasticsearch-quickstart-es-http.default.svc:9200"] - xpack.fleet.agents.fleet_server.hosts: - ["https://fleet-server-quickstart-agent-http.default.svc:8220"] - xpack.fleet.packages: - - name: system - version: latest - - name: elastic_agent - version: latest - - name: fleet_server - version: latest - xpack.fleet.agentPolicies: - - name: Fleet Server on ECK policy - id: eck-fleet-server - namespace: default - monitoring_enabled: - - logs - - metrics - unenroll_timeout: 900 - package_policies: - - name: fleet_server-1 - id: fleet_server-1 - package: - name: fleet_server - - name: Elastic Agent on ECK policy - id: eck-agent - namespace: default - monitoring_enabled: - - logs - - metrics - unenroll_timeout: 900 - package_policies: - - name: system-1 - id: system-1 - package: - name: system ---- -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: elasticsearch-quickstart - namespace: default -spec: - version: 8.12.2 - - nodeSets: - - name: default - count: 3 - config: - node.store.allow_mmap: false - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent -rules: - - apiGroups: [""] # "" indicates the core API group - resources: - - pods - - nodes - - namespaces - verbs: - - get - - watch - - list - - apiGroups: ["apps"] - resources: - - deployments - verbs: - - get - - watch - - list - - apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: - - get - - watch - - list - - apiGroups: [""] - resources: - - services - verbs: - - get - - watch - - list ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: default ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: default -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- - From e62777950d4a35b4f1a32ac76fca170a6773394e Mon Sep 17 00:00:00 2001 From: Maxence Date: Mon, 25 Mar 2024 16:10:14 +0100 Subject: [PATCH 2/5] suppr env var des deploiements gke dans prod.yml --- .github/workflows/prod.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 7cf52b82..ecda3ee5 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -215,9 +215,7 @@ jobs: run: | gcloud auth configure-docker europe-west1-docker.pkg.dev kubectl apply -f ./client/prod-front.yml - env: - PROJECT_ID: ${{ secrets.GCP_PROJECT }} - BUCKET: ${{ vars.CLOUDBUILD_BUCKET }} + ##### Deploy back to GKE ###### ############################### @@ -253,6 +251,3 @@ jobs: run: | gcloud auth configure-docker europe-west1-docker.pkg.dev kubectl apply -f ./server/prod-back.yml - env: - PROJECT_ID: ${{ secrets.GCP_PROJECT }} - BUCKET: ${{ vars.CLOUDBUILD_BUCKET }} From 9089c1449e541a0859cdcdbf7aeea47911d28b94 Mon Sep 17 00:00:00 2001 From: Maxence Date: Mon, 25 Mar 2024 18:43:38 +0100 Subject: [PATCH 3/5] fix auto scaller et add comments --- .github/workflows/prod.yml | 48 +++++++++++++++++++------------------- client/prod-front.yml | 1 + server/prod-back.yml | 47 +++++++++++++++++++------------------ 3 files changed, 49 insertions(+), 47 deletions(-) diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index ecda3ee5..d19bbefc 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -1,8 +1,8 @@ name: Pipeline Prod -on: - pull_request: - branches: +on: # Triggers the workflow + pull_request: # This workflow will run only for pull requests + branches: # This workflow will run only for the main branch - main permissions: @@ -17,35 +17,35 @@ jobs: ##### Check de l'image Front ###### ################################### check-front-image: - runs-on: ubuntu-latest + runs-on: ubuntu-latest # OS steps: - - name: Checkout - uses: actions/checkout@v3 + - name: Checkout # Checkout the repository + uses: actions/checkout@v3 # Checkout the repository - - name: Login to Docker Hub - uses: docker/login-action@v2 + - name: Login to Docker Hub # Login to Docker Hub + uses: docker/login-action@v2 # Docker login action with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Extract Docker Front metadata - id: meta - uses: docker/metadata-action@v4.4.0 - with: - images: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ vars.DOCKER_FRONT }} + username: ${{ secrets.DOCKER_HUB_USERNAME }} # Docker Hub username + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} # Docker Hub access token + + - name: Extract Docker Front metadata # Extract Docker Front metadata + id: meta # Step ID + uses: docker/metadata-action@v4.4.0 # Docker metadata action + with: + images: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ vars.DOCKER_FRONT }} # Docker Front image labels: | - org.opencontainers.image.revision=${{ env.SHA }} + org.opencontainers.image.revision=${{ env.SHA }} tags: | - type=edge,branch=$repo.default_branch + type=edge,branch=$repo.default_branch type=semver,pattern=v{{version}} type=sha,prefix=,suffix=,format=short - - name: Check Front image - uses: docker/scout-action@v0.18.1 - with: - command: cves - image: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ vars.DOCKER_FRONT }}:${{ vars.DOCKER_FRONT_VERSION }} - exit-code: true + - name: Check Front image # Check Front image + uses: docker/scout-action@v0.18.1 # Docker scout action + with: + command: cves # Command to run on the image + image: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ vars.DOCKER_FRONT }}:${{ vars.DOCKER_FRONT_VERSION }} # Docker Front image version to check + exit-code: true # Exit code ##### Check de l'image Back ###### ################################### diff --git a/client/prod-front.yml b/client/prod-front.yml index f074047e..f589bdd3 100644 --- a/client/prod-front.yml +++ b/client/prod-front.yml @@ -21,6 +21,7 @@ spec: ports: - containerPort: 80 - containerPort: 7000 + resources: --- apiVersion: "autoscaling/v2" kind: "HorizontalPodAutoscaler" diff --git a/server/prod-back.yml b/server/prod-back.yml index 7fcd2cf3..04a7dc1e 100644 --- a/server/prod-back.yml +++ b/server/prod-back.yml @@ -1,30 +1,31 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: khagu-dev-back - namespace: default - labels: - app: khagu-dev -spec: - replicas: 1 - selector: - matchLabels: - app: khagu-dev-back - template: - metadata: - labels: - app: khagu-dev-back - spec: - containers: - - name: khagu-dev-back - image: "europe-west1-docker.pkg.dev/khagu-devops/khagu-dev-images-registry/khagu-dev-back:1.0.9.8" # Remplacer par votre repo - ports: - - containerPort: 7000 +apiVersion: apps/v1 # Version de l'API +kind: Deployment # Type de ressource +metadata: # Métadonnées + name: khagu-dev-back # Nom de la ressource + namespace: default # Espace de nom + labels: # Labels + app: khagu-dev # Nom de l'application +spec: # Spécification + replicas: 1 # Nombre de réplicas + selector: # Sélecteur + matchLabels: # Labels de correspondance + app: khagu-dev-back # Nom de l'application du pod + template: # Modèle de déploiement des pods + metadata: # Métadonnées du modèle + labels: # Labels de correspondance + app: khagu-dev-back # Nom de l'application du pod + spec: # Spécification du pod + containers: # Conteneurs du pod + - name: khagu-dev-back # Nom du conteneu + image: "europe-west1-docker.pkg.dev/khagu-devops/khagu-dev-images-registry/khagu-dev-back:1.0.9.8" # Image du conteneur + ports: # Ports du conteneur + - containerPort: 7000 # Port du conteneur + resources: --- apiVersion: "autoscaling/v2" kind: "HorizontalPodAutoscaler" metadata: - name: "khagu-dev-front-hpa" + name: "khagu-dev-back-hpa" namespace: default labels: app: "khagu-dev-back" From ec7724c6acbcdad27a44d3cb3fd204924fd2597c Mon Sep 17 00:00:00 2001 From: Maxence Date: Mon, 25 Mar 2024 19:25:27 +0100 Subject: [PATCH 4/5] try fix hpa, ajout resources requests et limits --- client/prod-front.yml | 7 +++++++ server/prod-back.yml | 9 ++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/client/prod-front.yml b/client/prod-front.yml index f589bdd3..2db273f4 100644 --- a/client/prod-front.yml +++ b/client/prod-front.yml @@ -22,6 +22,12 @@ spec: - containerPort: 80 - containerPort: 7000 resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" --- apiVersion: "autoscaling/v2" kind: "HorizontalPodAutoscaler" @@ -37,6 +43,7 @@ spec: apiVersion: "apps/v1" minReplicas: 1 maxReplicas: 5 + targetCPUUtilizationPercentage: 80 metrics: - type: "Resource" resource: diff --git a/server/prod-back.yml b/server/prod-back.yml index 04a7dc1e..491c1e0a 100644 --- a/server/prod-back.yml +++ b/server/prod-back.yml @@ -20,7 +20,13 @@ spec: # Spécification image: "europe-west1-docker.pkg.dev/khagu-devops/khagu-dev-images-registry/khagu-dev-back:1.0.9.8" # Image du conteneur ports: # Ports du conteneur - containerPort: 7000 # Port du conteneur - resources: + resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "200m" + memory: "256Mi" --- apiVersion: "autoscaling/v2" kind: "HorizontalPodAutoscaler" @@ -36,6 +42,7 @@ spec: apiVersion: "apps/v1" minReplicas: 1 maxReplicas: 5 + targetCPUUtilizationPercentage: 80 metrics: - type: "Resource" resource: From bc74deee101991164355f0488d51380f967643a0 Mon Sep 17 00:00:00 2001 From: Maxence Date: Mon, 25 Mar 2024 19:30:05 +0100 Subject: [PATCH 5/5] remove targetCPUUtilizationPercentage --- client/prod-front.yml | 1 - server/prod-back.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/client/prod-front.yml b/client/prod-front.yml index 2db273f4..607d3682 100644 --- a/client/prod-front.yml +++ b/client/prod-front.yml @@ -43,7 +43,6 @@ spec: apiVersion: "apps/v1" minReplicas: 1 maxReplicas: 5 - targetCPUUtilizationPercentage: 80 metrics: - type: "Resource" resource: diff --git a/server/prod-back.yml b/server/prod-back.yml index 491c1e0a..f245b5e8 100644 --- a/server/prod-back.yml +++ b/server/prod-back.yml @@ -42,7 +42,6 @@ spec: apiVersion: "apps/v1" minReplicas: 1 maxReplicas: 5 - targetCPUUtilizationPercentage: 80 metrics: - type: "Resource" resource: