From bf4a86dcbcdeff35cda522f6917a0bb645a413cd Mon Sep 17 00:00:00 2001
From: Christian Meter <cmeter@googlemail.com>
Date: Tue, 12 Jul 2022 08:23:31 +0200
Subject: [PATCH] Add deployment config

---
 Dockerfile        | 35 ++++++++++++++++++
 deployment.yml    | 71 ++++++++++++++++++++++++++++++++++++
 nginx/schnaq.conf | 91 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 197 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 deployment.yml
 create mode 100644 nginx/schnaq.conf

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..31cea44b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,35 @@
+FROM clojure:openjdk-17-tools-deps-bullseye AS shadow-build
+
+WORKDIR /code
+
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    apt update && \
+    apt install -y yarn && \
+    yarn global add sass
+
+# Cache and install JavaScript dependencies
+COPY package.json .
+COPY yarn.lock .
+COPY .yarnrc .
+# COPY resources/public/node_modules/ resources/public/node_modules/
+RUN yarn install
+
+COPY deps.edn .
+RUN clojure -P -M:frontend
+
+COPY . .
+
+RUN yarn build
+
+# ------------------------------------------------------------------------------
+
+FROM nginx:alpine
+# Default value is robots.txt, only on other environments a custom var is needed
+RUN apk add --no-cache tzdata
+
+WORKDIR /usr/share/nginx/html
+COPY --from=shadow-build /code/resources/public .
+COPY nginx/schnaq.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
diff --git a/deployment.yml b/deployment.yml
new file mode 100644
index 00000000..aa273abe
--- /dev/null
+++ b/deployment.yml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: academy
+  name: academy
+  namespace: schnaq-academy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: academy
+  strategy: { }
+  template:
+    metadata:
+      labels:
+        io.kompose.service: academy
+    spec:
+      imagePullSecrets:
+        - name: gitlab-cs
+      containers:
+        - image: gitlab.cs.uni-duesseldorf.de:5001/dialogo/projects/academy
+          name: academy
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "0.5"
+            limits:
+              memory: "512Mi"
+              cpu: "1"
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: academy
+  namespace: schnaq-academy
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      targetPort: 80
+      protocol: TCP
+  selector:
+    io.kompose.service: academy
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: academy-ingress
+  namespace: schnaq-academy
+  annotations:
+    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  tls:
+    - hosts:
+        - academy.schnaq.com
+        - academy.schnaq.de
+      secretName: schnaq-academy-com
+  rules:
+    - host: academy.schnaq.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: academy
+                port:
+                  number: 80
diff --git a/nginx/schnaq.conf b/nginx/schnaq.conf
new file mode 100644
index 00000000..8293df3c
--- /dev/null
+++ b/nginx/schnaq.conf
@@ -0,0 +1,91 @@
+log_format json_analytics escape=json '{'
+        '"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
+        '"connection": "$connection", ' # connection serial number
+        '"connection_requests": "$connection_requests", ' # number of requests made in connection
+        '"pid": "$pid", ' # process pid
+        '"request_id": "$request_id", ' # the unique request id
+        '"request_length": "$request_length", ' # request length (including headers and body)
+        '"remote_addr": "$remote_addr", ' # client IP
+        '"remote_user": "$remote_user", ' # client HTTP username
+        '"remote_port": "$remote_port", ' # client port
+        '"time_local": "$time_local", '
+        '"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
+        '"request": "$request", ' # full path no arguments if the request
+        '"request_uri": "$request_uri", ' # full path and arguments if the request
+        '"args": "$args", ' # args
+        '"status": "$status", ' # response status code
+        '"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
+        '"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
+        '"http_referer": "$http_referer", ' # HTTP referer
+        '"http_user_agent": "$http_user_agent", ' # user agent
+        '"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
+        '"http_host": "$http_host", ' # the request Host: header
+        '"server_name": "$server_name", ' # the name of the vhost serving the request
+        '"request_time": "$request_time", ' # request processing time in seconds with msec resolution
+        '"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
+        '"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
+        '"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
+        '"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
+        '"upstream_response_length": "$upstream_response_length", ' # upstream response length
+        '"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
+        '"ssl_protocol": "$ssl_protocol", ' # TLS protocol
+        '"ssl_cipher": "$ssl_cipher", ' # TLS cipher
+        '"scheme": "$scheme", ' # http or https
+        '"request_method": "$request_method", ' # request method
+        '"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
+        '"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise
+        '"gzip_ratio": "$gzip_ratio", '
+        '"http_cf_ray": "$http_cf_ray"'
+        # '"geoip_country_code": "$geoip_country_code"'
+    '}';
+
+server {
+    include /etc/nginx/mime.types;
+    listen       80;
+    listen  [::]:80;
+    server_name  localhost;
+
+    #charset koi8-r;
+    access_log  /var/log/nginx/access.log json_analytics;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        error_page 404 = /index.html;
+    }
+
+    #error_page  404              /404.html;
+    location ~ ^/404/$ {
+        return 404;
+    }
+    error_page 404 /index.html;
+    location = /index.html {
+        root /usr/share/nginx/html;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_comp_level 6;
+    gzip_min_length 1100;
+    gzip_buffers 16 8k;
+    gzip_proxied any;
+    gzip_types
+        text/plain
+        text/css
+        text/js
+        text/xml
+        text/javascript
+        application/javascript
+        application/json
+        application/xml
+        application/rss+xml
+        image/svg+xml;
+}