Skip to content

Commit 09d4201

Browse files
v-morlockv-morlock
committedJun 22, 2023
Working deployment
1 parent a399b2f commit 09d4201

13 files changed

+878
-52
lines changed
 

‎content_service.tf

+57-20
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,20 @@
11
resource "kubernetes_deployment" "gits_content_service" {
2+
depends_on = [helm_release.content_service_db, helm_release.dapr, helm_release.keel, kubernetes_secret.image_pull]
23
metadata {
4+
35
name = "gits-content-service"
46
labels = {
57
app = "gits-content-service"
68
}
79
namespace = kubernetes_namespace.gits.metadata[0].name
10+
annotations = {
11+
"dapr.io/enabled" = true
12+
"dapr.io/app-id" = "content-service"
13+
"dapr.io/app-port" = 4000
14+
"keel.sh/policy" = "force"
15+
"keel.sh/match-tag" = "true"
16+
"keel.sh/trigger" = "poll"
17+
}
818
}
919

1020
spec {
@@ -22,23 +32,20 @@ resource "kubernetes_deployment" "gits_content_service" {
2232
app = "gits-content-service"
2333

2434
}
25-
annotations = {
26-
"dapr.io/app-id" = "content-service"
27-
"dapr.io/app-port" = 4000
28-
}
29-
3035
}
3136

3237
spec {
3338

3439
image_pull_secrets {
35-
name = "github-pull-secret"
40+
name = kubernetes_secret.image_pull.metadata[0].name
3641
}
3742

3843

3944
container {
40-
image = "ghcr.io/it-rex-platform/content_service:latest"
41-
name = "gits-content-service"
45+
image = "ghcr.io/it-rex-platform/content_service:latest"
46+
image_pull_policy = "Always"
47+
48+
name = "gits-content-service"
4249

4350
resources {
4451
limits = {
@@ -66,16 +73,27 @@ resource "kubernetes_deployment" "gits_content_service" {
6673
value = random_password.content_service_db_pass.result
6774
}
6875

69-
liveness_probe {
70-
http_get {
71-
path = "/"
72-
port = 4000
76+
# liveness_probe {
77+
# http_get {
78+
# path = "/graphql"
79+
# port = 4001
7380

74-
}
81+
# }
7582

76-
initial_delay_seconds = 9
77-
period_seconds = 9
78-
}
83+
# initial_delay_seconds = 30
84+
# period_seconds = 9
85+
# }
86+
87+
# readiness_probe {
88+
# http_get {
89+
# path = "/graphql"
90+
# port = 4001
91+
92+
# }
93+
94+
# initial_delay_seconds = 30
95+
# period_seconds = 9
96+
# }
7997
}
8098
}
8199
}
@@ -94,22 +112,41 @@ resource "helm_release" "content_service_db" {
94112
namespace = kubernetes_namespace.gits.metadata[0].name
95113

96114
set {
97-
name = "postgresql.auth.database"
115+
name = "global.postgresql.auth.database"
98116
value = "content-service"
99117
}
100118

101119
set {
102-
name = "postgresql.auth.enablePostgresUser"
120+
name = "postgres.auth.enablePostgresUser"
103121
value = "false"
104122
}
105123

106124
set {
107-
name = "postgresql.auth.username"
125+
name = "global.postgresql.auth.username"
108126
value = "gits"
109127
}
110128

111129
set {
112-
name = "postgresql.auth.password"
130+
name = "global.postgresql.auth.password"
113131
value = random_password.content_service_db_pass.result
114132
}
115133
}
134+
135+
resource "kubernetes_service" "gits_content_service" {
136+
metadata {
137+
name = "gits-content-service"
138+
namespace = kubernetes_namespace.gits.metadata[0].name
139+
}
140+
spec {
141+
selector = {
142+
app = kubernetes_deployment.gits_content_service.metadata[0].labels.app
143+
}
144+
145+
port {
146+
port = 80
147+
target_port = 4001
148+
}
149+
150+
type = "NodePort"
151+
}
152+
}

‎course_service.tf

+57-19
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,19 @@
11
resource "kubernetes_deployment" "gits_course_service" {
2+
depends_on = [helm_release.course_service_db, helm_release.dapr, helm_release.keel, kubernetes_secret.image_pull]
23
metadata {
34
name = "gits-course-service"
45
labels = {
56
app = "gits-course-service"
67
}
78
namespace = kubernetes_namespace.gits.metadata[0].name
9+
annotations = {
10+
"dapr.io/enabled" = true
11+
"dapr.io/app-id" = "course-service"
12+
"dapr.io/app-port" = 2000
13+
"keel.sh/policy" = "force"
14+
"keel.sh/match-tag" = "true"
15+
"keel.sh/trigger" = "poll"
16+
}
817
}
918

1019
spec {
@@ -22,23 +31,21 @@ resource "kubernetes_deployment" "gits_course_service" {
2231
app = "gits-course-service"
2332

2433
}
25-
annotations = {
26-
"dapr.io/app-id" = "course-service"
27-
"dapr.io/app-port" = 4000
28-
}
2934

3035
}
3136

3237
spec {
3338

3439
image_pull_secrets {
35-
name = "github-pull-secret"
40+
name = kubernetes_secret.image_pull.metadata[0].name
3641
}
3742

3843

3944
container {
40-
image = "ghcr.io/it-rex-platform/course_service:latest"
41-
name = "gits-course-service"
45+
image = "ghcr.io/it-rex-platform/course_service:latest"
46+
image_pull_policy = "Always"
47+
48+
name = "gits-course-service"
4249

4350
resources {
4451
limits = {
@@ -66,16 +73,27 @@ resource "kubernetes_deployment" "gits_course_service" {
6673
value = random_password.course_service_db_pass.result
6774
}
6875

69-
liveness_probe {
70-
http_get {
71-
path = "/"
72-
port = 4000
76+
# liveness_probe {
77+
# http_get {
78+
# path = "/graphql"
79+
# port = 2001
7380

74-
}
81+
# }
7582

76-
initial_delay_seconds = 9
77-
period_seconds = 9
78-
}
83+
# initial_delay_seconds = 30
84+
# period_seconds = 9
85+
# }
86+
87+
# readiness_probe {
88+
# http_get {
89+
# path = "/graphql"
90+
# port = 2001
91+
92+
# }
93+
94+
# initial_delay_seconds = 30
95+
# period_seconds = 9
96+
# }
7997
}
8098
}
8199
}
@@ -94,22 +112,42 @@ resource "helm_release" "course_service_db" {
94112
namespace = kubernetes_namespace.gits.metadata[0].name
95113

96114
set {
97-
name = "postgresql.auth.database"
115+
name = "global.postgresql.auth.database"
98116
value = "course-service"
99117
}
100118

101119
set {
102-
name = "postgresql.auth.enablePostgresUser"
120+
name = "postgres.auth.enablePostgresUser"
103121
value = "false"
104122
}
105123

106124
set {
107-
name = "postgresql.auth.username"
125+
name = "global.postgresql.auth.username"
108126
value = "gits"
109127
}
110128

111129
set {
112-
name = "postgresql.auth.password"
130+
name = "global.postgresql.auth.password"
113131
value = random_password.course_service_db_pass.result
114132
}
115133
}
134+
135+
136+
resource "kubernetes_service" "gits_course_service" {
137+
metadata {
138+
name = "gits-course-service"
139+
namespace = kubernetes_namespace.gits.metadata[0].name
140+
}
141+
spec {
142+
selector = {
143+
app = kubernetes_deployment.gits_course_service.metadata[0].labels.app
144+
}
145+
146+
port {
147+
port = 80
148+
target_port = 2001
149+
}
150+
151+
type = "NodePort"
152+
}
153+
}

‎flashcard_service.tf

+151
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
resource "kubernetes_deployment" "gits_flashcard_service" {
2+
depends_on = [helm_release.flashcard_service_db, helm_release.dapr, helm_release.keel, kubernetes_secret.image_pull]
3+
metadata {
4+
name = "gits-flashcard-service"
5+
labels = {
6+
app = "gits-flashcard-service"
7+
}
8+
namespace = kubernetes_namespace.gits.metadata[0].name
9+
annotations = {
10+
"dapr.io/enabled" = true
11+
"dapr.io/app-id" = "flashcard-service"
12+
"dapr.io/app-port" = 4000
13+
"keel.sh/policy" = "force"
14+
"keel.sh/match-tag" = "true"
15+
"keel.sh/trigger" = "poll"
16+
}
17+
}
18+
19+
spec {
20+
replicas = 1
21+
22+
selector {
23+
match_labels = {
24+
app = "gits-flashcard-service"
25+
}
26+
}
27+
28+
template {
29+
metadata {
30+
labels = {
31+
app = "gits-flashcard-service"
32+
33+
}
34+
}
35+
36+
spec {
37+
38+
image_pull_secrets {
39+
name = kubernetes_secret.image_pull.metadata[0].name
40+
}
41+
42+
43+
container {
44+
image = "ghcr.io/it-rex-platform/flashcard_service:latest"
45+
image_pull_policy = "Always"
46+
47+
name = "gits-flashcard-service"
48+
49+
resources {
50+
limits = {
51+
cpu = "0.5"
52+
memory = "512Mi"
53+
}
54+
requests = {
55+
cpu = "50m"
56+
memory = "50Mi"
57+
}
58+
}
59+
60+
env {
61+
name = "SPRING_DATASOURCE_URL"
62+
value = "jdbc:postgresql://flashcard-service-db-postgresql:5432/flashcard-service"
63+
}
64+
65+
env {
66+
name = "SPRING_DATASOURCE_USERNAME"
67+
value = "gits"
68+
}
69+
70+
env {
71+
name = "SPRING_DATASOURCE_PASSWORD"
72+
value = random_password.flashcard_service_db_pass.result
73+
}
74+
75+
# liveness_probe {
76+
# http_get {
77+
# path = "/graphql"
78+
# port = 4001
79+
80+
# }
81+
82+
# initial_delay_seconds = 30
83+
# period_seconds = 9
84+
# }
85+
86+
# readiness_probe {
87+
# http_get {
88+
# path = "/graphql"
89+
# port = 4001
90+
91+
# }
92+
93+
# initial_delay_seconds = 30
94+
# period_seconds = 9
95+
# }
96+
}
97+
}
98+
}
99+
}
100+
}
101+
102+
resource "random_password" "flashcard_service_db_pass" {
103+
length = 32
104+
special = false
105+
}
106+
107+
resource "helm_release" "flashcard_service_db" {
108+
name = "flashcard-service-db"
109+
repository = "oci://registry-1.docker.io/bitnamicharts"
110+
chart = "postgresql"
111+
namespace = kubernetes_namespace.gits.metadata[0].name
112+
113+
set {
114+
name = "global.postgresql.auth.database"
115+
value = "flashcard-service"
116+
}
117+
118+
set {
119+
name = "postgres.auth.enablePostgresUser"
120+
value = "false"
121+
}
122+
123+
set {
124+
name = "global.postgresql.auth.username"
125+
value = "gits"
126+
}
127+
128+
set {
129+
name = "global.postgresql.auth.password"
130+
value = random_password.flashcard_service_db_pass.result
131+
}
132+
}
133+
134+
resource "kubernetes_service" "gits_flashcard_service" {
135+
metadata {
136+
name = "gits-flashcard-service"
137+
namespace = kubernetes_namespace.gits.metadata[0].name
138+
}
139+
spec {
140+
selector = {
141+
app = kubernetes_deployment.gits_flashcard_service.metadata[0].labels.app
142+
}
143+
144+
port {
145+
port = 80
146+
target_port = 3001
147+
}
148+
149+
type = "NodePort"
150+
}
151+
}

‎frontend.tf

+31-5
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "kubernetes_deployment" "gits_frontend" {
55
app = "gits-frontend"
66
}
77
namespace = kubernetes_namespace.gits.metadata[0].name
8+
9+
annotations = {
10+
"keel.sh/policy" = "force"
11+
"keel.sh/match-tag" = "true"
12+
"keel.sh/trigger" = "poll"
13+
}
814
}
915

1016
spec {
@@ -25,12 +31,14 @@ resource "kubernetes_deployment" "gits_frontend" {
2531

2632
spec {
2733
image_pull_secrets {
28-
name = "github-pull-secret"
34+
name = kubernetes_secret.image_pull.metadata[0].name
2935
}
3036

3137
container {
32-
image = "ghcr.io/it-rex-platform/gits-fronted:e01eb5e2"
33-
name = "gits-frontend"
38+
image = "ghcr.io/it-rex-platform/frontend:latest"
39+
image_pull_policy = "Always"
40+
41+
name = "gits-frontend"
3442

3543
resources {
3644
limits = {
@@ -43,6 +51,23 @@ resource "kubernetes_deployment" "gits_frontend" {
4351
}
4452
}
4553

54+
env {
55+
name = "NEXT_PUBLIC_BACKEND_URL"
56+
value = "/api"
57+
}
58+
env {
59+
name = "NEXT_PUBLIC_OAUTH_REDIRECT_URL"
60+
value = "http://orange.informatik.uni-stuttgart.de"
61+
}
62+
env {
63+
name = "NEXT_PUBLIC_OAUTH_CLIENT_ID"
64+
value = "gits-frontend"
65+
}
66+
env {
67+
name = "NEXT_PUBLIC_OAUTH_AUTHORITY"
68+
value = "http://orange.informatik.uni-stuttgart.de/keycloak/realms/GITS"
69+
}
70+
4671
liveness_probe {
4772
http_get {
4873
path = "/"
@@ -61,15 +86,16 @@ resource "kubernetes_deployment" "gits_frontend" {
6186

6287
resource "kubernetes_service" "gits_frontend" {
6388
metadata {
64-
name = "gits-frontend"
89+
name = "gits-frontend"
90+
namespace = kubernetes_namespace.gits.metadata[0].name
6591
}
6692
spec {
6793
selector = {
6894
app = kubernetes_deployment.gits_frontend.metadata[0].labels.app
6995
}
7096

7197
port {
72-
port = 3000
98+
port = 80
7399
target_port = 3000
74100
}
75101

‎gateway.tf

+127
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,127 @@
1+
resource "kubernetes_deployment" "gits_graphql_gateway" {
2+
depends_on = [helm_release.dapr, helm_release.keel, kubernetes_secret.image_pull]
3+
metadata {
4+
name = "gits-gateway"
5+
labels = {
6+
app = "gits-gateway"
7+
}
8+
namespace = kubernetes_namespace.gits.metadata[0].name
9+
annotations = {
10+
"keel.sh/policy" = "force"
11+
"keel.sh/match-tag" = "true"
12+
"keel.sh/trigger" = "poll"
13+
}
14+
}
15+
16+
spec {
17+
replicas = 1
18+
19+
selector {
20+
match_labels = {
21+
app = "gits-gateway"
22+
}
23+
}
24+
25+
template {
26+
metadata {
27+
labels = {
28+
app = "gits-gateway"
29+
30+
}
31+
}
32+
33+
spec {
34+
35+
image_pull_secrets {
36+
name = kubernetes_secret.image_pull.metadata[0].name
37+
}
38+
39+
40+
container {
41+
image = "ghcr.io/it-rex-platform/graphql_gateway:latest"
42+
image_pull_policy = "Always"
43+
44+
name = "gits-gateway"
45+
46+
resources {
47+
limits = {
48+
cpu = "0.5"
49+
memory = "512Mi"
50+
}
51+
requests = {
52+
cpu = "50m"
53+
memory = "50Mi"
54+
}
55+
}
56+
57+
env {
58+
name = "GATEWAY_HOSTNAME"
59+
value = "0.0.0.0"
60+
}
61+
env {
62+
name = "GATEWAY_PORT"
63+
value = "8080"
64+
}
65+
env {
66+
name = "COURSE_SERVICE_URL"
67+
value = "http://gits-course-service/graphql"
68+
}
69+
env {
70+
name = "MEDIA_SERVICE_URL"
71+
value = "http://gits-media-service/graphql"
72+
}
73+
env {
74+
name = "CONTENT_SERVICE_URL"
75+
value = "http://gits-content-service/graphql"
76+
}
77+
env {
78+
name = "JWKS_URL"
79+
value = "http://keycloak:80/keycloak/realms/GITS/protocol/openid-connect/certs"
80+
}
81+
82+
83+
liveness_probe {
84+
http_get {
85+
path = "/graphql"
86+
port = 8080
87+
88+
}
89+
90+
initial_delay_seconds = 30
91+
period_seconds = 9
92+
}
93+
94+
readiness_probe {
95+
http_get {
96+
path = "/graphql"
97+
port = 8080
98+
99+
}
100+
101+
initial_delay_seconds = 30
102+
period_seconds = 9
103+
}
104+
}
105+
}
106+
}
107+
}
108+
}
109+
110+
resource "kubernetes_service" "gits_graphql_gateway" {
111+
metadata {
112+
name = "gits-graphql-gateway"
113+
namespace = kubernetes_namespace.gits.metadata[0].name
114+
}
115+
spec {
116+
selector = {
117+
app = kubernetes_deployment.gits_graphql_gateway.metadata[0].labels.app
118+
}
119+
120+
port {
121+
port = 80
122+
target_port = 8080
123+
}
124+
125+
type = "NodePort"
126+
}
127+
}

‎ingress.tf

+45-2
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,11 @@ resource "kubernetes_ingress_v1" "gits" {
55
name = "gits"
66
namespace = kubernetes_namespace.gits.metadata[0].name
77
annotations = {
8-
"kubernetes.io/ingress.class" = "nginx"
8+
"kubernetes.io/ingress.class" = "nginx"
9+
"nginx.ingress.kubernetes.io/ssl-redirect" = "true"
10+
"cert-manager.io/cluster-issuer" = "ca-issuer"
11+
"nginx.ingress.kubernetes.io/proxy-body-size" = "10m"
12+
"nginx.ingress.kubernetes.io/proxy-buffer-size" = "10m"
913
}
1014

1115
}
@@ -15,7 +19,7 @@ resource "kubernetes_ingress_v1" "gits" {
1519
service {
1620
name = "gits-frontend"
1721
port {
18-
number = 3000
22+
number = 80
1923
}
2024
}
2125
}
@@ -36,5 +40,44 @@ resource "kubernetes_ingress_v1" "gits" {
3640
}
3741
}
3842
}
43+
44+
rule {
45+
http {
46+
path {
47+
backend {
48+
service {
49+
name = "gits-graphql-gateway"
50+
port {
51+
number = 80
52+
}
53+
}
54+
}
55+
56+
path = "/graphql"
57+
}
58+
}
59+
}
60+
61+
rule {
62+
http {
63+
path {
64+
backend {
65+
service {
66+
name = "keycloak"
67+
port {
68+
number = 80
69+
}
70+
}
71+
}
72+
73+
path = "/keycloak"
74+
}
75+
}
76+
}
77+
tls {
78+
secret_name = "orange-tls-cert"
79+
hosts = ["orange.informatik.uni-stuttgart.de"]
80+
}
81+
3982
}
4083
}

‎keycloak.tf

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
resource "helm_release" "keycloak" {
2+
name = "keycloak"
3+
repository = "oci://registry-1.docker.io/bitnamicharts"
4+
chart = "keycloak"
5+
namespace = kubernetes_namespace.gits.metadata[0].name
6+
7+
set {
8+
name = "auth.adminUser"
9+
value = "admin"
10+
}
11+
12+
set {
13+
name = "auth.adminPassword"
14+
value = var.keycloak_admin_pw
15+
}
16+
set {
17+
name = "production"
18+
value = "true"
19+
}
20+
set {
21+
name = "proxy"
22+
value = "edge"
23+
}
24+
set {
25+
name = "httpRelativePath"
26+
value = "/keycloak/"
27+
}
28+
set {
29+
name = "global.imagePullSecrets.0"
30+
value = kubernetes_secret.image_pull.metadata[0].name
31+
}
32+
set {
33+
name = "image.registry"
34+
value = "ghcr.io"
35+
}
36+
set {
37+
name = "image.repository"
38+
value = "it-rex-platform/keycloak"
39+
}
40+
set {
41+
name = "image.tag"
42+
value = "latest"
43+
}
44+
}

‎main.tf

+14
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,17 @@ resource "kubernetes_namespace" "gits" {
1212
name = "gits"
1313
}
1414
}
15+
16+
resource "kubernetes_secret" "image_pull" {
17+
metadata {
18+
name = "github-container-secret"
19+
namespace = kubernetes_namespace.gits.metadata[0].name
20+
}
21+
22+
data = {
23+
".dockerconfigjson" = var.image_pull_secret
24+
}
25+
26+
type = "kubernetes.io/dockerconfigjson"
27+
}
28+

‎media_service.tf

+188
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,188 @@
1+
resource "kubernetes_deployment" "gits_media_service" {
2+
depends_on = [helm_release.media_service_db, helm_release.dapr, helm_release.keel, kubernetes_secret.image_pull, helm_release.minio]
3+
metadata {
4+
name = "gits-media-service"
5+
labels = {
6+
app = "gits-media-service"
7+
}
8+
namespace = kubernetes_namespace.gits.metadata[0].name
9+
annotations = {
10+
"dapr.io/enabled" = true
11+
"dapr.io/app-id" = "media-service"
12+
"dapr.io/app-port" = 3000
13+
"keel.sh/policy" = "force"
14+
"keel.sh/match-tag" = "true"
15+
"keel.sh/trigger" = "poll"
16+
}
17+
}
18+
19+
spec {
20+
replicas = 1
21+
22+
selector {
23+
match_labels = {
24+
app = "gits-media-service"
25+
}
26+
}
27+
28+
template {
29+
metadata {
30+
labels = {
31+
app = "gits-media-service"
32+
33+
}
34+
}
35+
36+
spec {
37+
38+
image_pull_secrets {
39+
name = kubernetes_secret.image_pull.metadata[0].name
40+
}
41+
42+
43+
container {
44+
image = "ghcr.io/it-rex-platform/media_service:latest"
45+
image_pull_policy = "Always"
46+
47+
name = "gits-media-service"
48+
49+
resources {
50+
limits = {
51+
cpu = "0.5"
52+
memory = "512Mi"
53+
}
54+
requests = {
55+
cpu = "50m"
56+
memory = "50Mi"
57+
}
58+
}
59+
60+
env {
61+
name = "SPRING_DATASOURCE_URL"
62+
value = "jdbc:postgresql://media-service-db-postgresql:5432/media-service"
63+
}
64+
65+
env {
66+
name = "SPRING_DATASOURCE_USERNAME"
67+
value = "gits"
68+
}
69+
70+
env {
71+
name = "SPRING_DATASOURCE_PASSWORD"
72+
value = random_password.media_service_db_pass.result
73+
}
74+
75+
env {
76+
name = "MINIO_URL"
77+
value = "minio"
78+
}
79+
env {
80+
name = "MINIO_ACCESS_KEY"
81+
value = "gits"
82+
}
83+
env {
84+
name = "MINIO_ACCESS_SECRET"
85+
value = random_password.media_service_minio_pass.result
86+
}
87+
88+
# liveness_probe {
89+
# http_get {
90+
# path = "/graphql"
91+
# port = 3001
92+
93+
# }
94+
95+
# initial_delay_seconds = 30
96+
# period_seconds = 9
97+
# }
98+
99+
# readiness_probe {
100+
# http_get {
101+
# path = "/graphql"
102+
# port = 3001
103+
104+
# }
105+
106+
# initial_delay_seconds = 30
107+
# period_seconds = 9
108+
# }
109+
}
110+
}
111+
}
112+
}
113+
}
114+
115+
resource "random_password" "media_service_db_pass" {
116+
length = 32
117+
special = false
118+
}
119+
120+
resource "helm_release" "media_service_db" {
121+
name = "media-service-db"
122+
repository = "oci://registry-1.docker.io/bitnamicharts"
123+
chart = "postgresql"
124+
namespace = kubernetes_namespace.gits.metadata[0].name
125+
126+
set {
127+
name = "global.postgresql.auth.database"
128+
value = "media-service"
129+
}
130+
131+
set {
132+
name = "postgres.auth.enablePostgresUser"
133+
value = "false"
134+
}
135+
136+
set {
137+
name = "global.postgresql.auth.username"
138+
value = "gits"
139+
}
140+
141+
set {
142+
name = "global.postgresql.auth.password"
143+
value = random_password.media_service_db_pass.result
144+
}
145+
}
146+
147+
148+
resource "random_password" "media_service_minio_pass" {
149+
length = 32
150+
special = false
151+
}
152+
153+
154+
resource "helm_release" "minio" {
155+
name = "minio"
156+
repository = "oci://registry-1.docker.io/bitnamicharts"
157+
chart = "minio"
158+
namespace = kubernetes_namespace.gits.metadata[0].name
159+
160+
set {
161+
name = "auth.rootUser"
162+
value = "gits"
163+
}
164+
165+
set {
166+
name = "auth.rootPassword"
167+
value = random_password.media_service_minio_pass.result
168+
}
169+
}
170+
171+
resource "kubernetes_service" "gits_media_service" {
172+
metadata {
173+
name = "gits-media-service"
174+
namespace = kubernetes_namespace.gits.metadata[0].name
175+
}
176+
spec {
177+
selector = {
178+
app = kubernetes_deployment.gits_media_service.metadata[0].labels.app
179+
}
180+
181+
port {
182+
port = 80
183+
target_port = 3001
184+
}
185+
186+
type = "NodePort"
187+
}
188+
}

‎minio.tf

-6
This file was deleted.

‎readme.md

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# create image pull secret contens:
2+
3+
login to docker such that sth like `docker pull ghcr.io/it-rex-platform/course_service:latest` is working
4+
run this:
5+
6+
```sh
7+
echo "image_pull_secret = \"$(cat ~/.docker/config.json | tr -d '[:space:]' | sed -e s/\"/\\\\\"/g)\"" > terraform.tfvars
8+
```

‎user_service.tf

+152
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,152 @@
1+
resource "kubernetes_deployment" "gits_user_service" {
2+
depends_on = [helm_release.user_service_db, helm_release.dapr, helm_release.keel, kubernetes_secret.image_pull]
3+
metadata {
4+
name = "gits-user-service"
5+
labels = {
6+
app = "gits-user-service"
7+
}
8+
namespace = kubernetes_namespace.gits.metadata[0].name
9+
annotations = {
10+
"dapr.io/enabled" = true
11+
"dapr.io/app-id" = "user-service"
12+
"dapr.io/app-port" = 4000
13+
"keel.sh/policy" = "force"
14+
"keel.sh/match-tag" = "true"
15+
"keel.sh/trigger" = "poll"
16+
}
17+
}
18+
19+
spec {
20+
replicas = 1
21+
22+
selector {
23+
match_labels = {
24+
app = "gits-user-service"
25+
}
26+
}
27+
28+
template {
29+
metadata {
30+
labels = {
31+
app = "gits-user-service"
32+
33+
}
34+
}
35+
36+
spec {
37+
38+
image_pull_secrets {
39+
name = kubernetes_secret.image_pull.metadata[0].name
40+
}
41+
42+
43+
container {
44+
image = "ghcr.io/it-rex-platform/user_service:latest"
45+
image_pull_policy = "Always"
46+
47+
name = "gits-user-service"
48+
49+
resources {
50+
limits = {
51+
cpu = "0.5"
52+
memory = "512Mi"
53+
}
54+
requests = {
55+
cpu = "50m"
56+
memory = "50Mi"
57+
}
58+
}
59+
60+
env {
61+
name = "SPRING_DATASOURCE_URL"
62+
value = "jdbc:postgresql://user-service-db-postgresql:5432/user-service"
63+
}
64+
65+
env {
66+
name = "SPRING_DATASOURCE_USERNAME"
67+
value = "gits"
68+
}
69+
70+
env {
71+
name = "SPRING_DATASOURCE_PASSWORD"
72+
value = random_password.user_service_db_pass.result
73+
}
74+
75+
# liveness_probe {
76+
# http_get {
77+
# path = "/graphql"
78+
# port = 4001
79+
80+
# }
81+
82+
# initial_delay_seconds = 30
83+
# period_seconds = 9
84+
# }
85+
86+
# readiness_probe {
87+
# http_get {
88+
# path = "/graphql"
89+
# port = 4001
90+
91+
# }
92+
93+
# initial_delay_seconds = 30
94+
# period_seconds = 9
95+
# }
96+
}
97+
}
98+
}
99+
}
100+
}
101+
102+
resource "random_password" "user_service_db_pass" {
103+
length = 32
104+
special = false
105+
}
106+
107+
resource "helm_release" "user_service_db" {
108+
name = "user-service-db"
109+
repository = "oci://registry-1.docker.io/bitnamicharts"
110+
chart = "postgresql"
111+
namespace = kubernetes_namespace.gits.metadata[0].name
112+
113+
set {
114+
name = "global.postgresql.auth.database"
115+
value = "user-service"
116+
}
117+
118+
set {
119+
name = "postgres.auth.enablePostgresUser"
120+
value = "false"
121+
}
122+
123+
set {
124+
name = "global.postgresql.auth.username"
125+
value = "gits"
126+
}
127+
128+
set {
129+
name = "global.postgresql.auth.password"
130+
value = random_password.user_service_db_pass.result
131+
}
132+
}
133+
134+
resource "kubernetes_service" "gits_user_service" {
135+
metadata {
136+
name = "gits-user-service"
137+
namespace = kubernetes_namespace.gits.metadata[0].name
138+
}
139+
spec {
140+
selector = {
141+
app = kubernetes_deployment.gits_user_service.metadata[0].labels.app
142+
}
143+
144+
port {
145+
port = 80
146+
target_port = 4000
147+
}
148+
149+
type = "NodePort"
150+
}
151+
}
152+

‎variables.tf

+4
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,7 @@ variable "image_pull_secret" {
22
sensitive = true
33
type = string
44
}
5+
variable "keycloak_admin_pw" {
6+
sensitive = true
7+
type = string
8+
}

0 commit comments

Comments
 (0)
Please sign in to comment.