Merge pull request #99 from zevisert/ops/kubeify

Deploy with k8s and dev with skaffold

.dockerignore

@@ -0,0 +1,10 @@
+build/
+node_modules/
+
+test/integration/screenshots-current/
+_site/
+
+server/uploads
+!server/uploads/.gitfolder
+
+*.env

.gitignore

@@ -8,3 +8,4 @@ server/uploads
 !server/uploads/.gitfolder
 
 *.env
+k8s/**/*.secret.yaml

k8s/api.service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: api
+  name: api
+
+spec:
+  type: ClusterIP
+  selector:
+    app: server
+  ports:
+  - name: api
+    port: 80
+    protocol: TCP
+    targetPort: 80

k8s/ca-issuer.yaml

@@ -0,0 +1,8 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: ca-issuer
+  namespace: cert-manager
+spec:
+  ca:
+    secretName: ca-key-pair

k8s/dev/ingress.yaml

@@ -0,0 +1,32 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: zuzi-ingress
+
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: kubernetes.docker.internal
+    http:
+      paths:
+      - path: /api/v1
+        pathType: Prefix
+        backend:
+          service:
+            name: api
+            port:
+              name: api
+      - path: /uploads
+        pathType: Prefix
+        backend:
+          service:
+            name: api
+            port:
+              name: api
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: http
+            port:
+              name: http

k8s/dev/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zuzi-dev

k8s/frontend.deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: frontend
+  name: frontend
+
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: frontend
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+      - image: zevisert/zuzi-site-frontend
+        imagePullPolicy: IfNotPresent
+        name: zuzi-site
+        ports:
+          - containerPort: 80
+        resources:
+          limits:
+            cpu: 500m
+            memory: 500M
+          requests:
+            cpu: 100m
+            memory: 100M
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 5

k8s/http.service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: http
+  name: http
+
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 80
+

k8s/mongodb.yaml

@@ -0,0 +1,108 @@
+# yaml-language-server: $schema=../schemas/mongodb-kubernetes-operator/master/mongodbcommunity.mongodbcommunity.mongodb.com-v1.json
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: mongodb
+spec:
+  members: 2
+  arbiters: 1
+  type: ReplicaSet
+  version: "5.0.3"
+  security:
+    authentication:
+      modes: 
+        - SCRAM
+  users:
+    - name: koa
+      db: admin
+      passwordSecretRef:
+        name: env
+        key: MONGO_PW
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: dbAdminAnyDatabase
+          db: admin
+        - name: dbOwner
+          db: admin
+        - name: readWriteAnyDatabase
+          db: admin
+      scramCredentialsSecretName: mongodb-scram
+  statefulSet:
+    spec:
+      template:
+        metadata:
+          labels:
+            environment: production
+        spec:
+          affinity:
+            podAntiAffinity:
+              # read: A pod should not be scheduled on the node if a pod with 
+              # the label environment=production is already running on it.
+              preferredDuringSchedulingIgnoredDuringExecution:
+              - weight: 100
+                podAffinityTerm:
+                  labelSelector:
+                    matchExpressions:
+                    - key: environment
+                      operator: In
+                      values:
+                      - production
+                  topologyKey: kubernetes.io/hostname
+          containers:
+            - name: mongod
+              resources:
+                limits:
+                  cpu: 600m
+                  memory: 500M
+                requests:
+                  cpu: 200m
+                  memory: 200M
+            - name: mongodb-agent
+              resources:
+                limits:
+                  cpu: 500m
+                  memory: 250M
+                requests:
+                  cpu: 100m
+                  memory: 100M
+---
+
+# These resources are from the mongodb-kubernetes-operator repository
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-kubernetes-operator
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: mongodb-kubernetes-operator
+rules:
+- apiGroups: [""]
+  verbs:     ["create", "delete", "get", "list", "patch", "update", "watch"]
+  resources: ["pods", "services", "configmaps", "secrets"]
+
+- apiGroups: ["apps"]
+  verbs:     ["create", "delete", "get", "list", "patch", "update", "watch"]
+  resources: ["statefulsets"]
+
+- apiGroups: ["mongodbcommunity.mongodb.com"]
+  verbs:     ["get", "patch", "list", "update", "watch"]
+  resources:
+  - mongodbcommunity
+  - mongodbcommunity/status
+  - mongodbcommunity/spec
+  - mongodbcommunity/finalizers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: mongodb-kubernetes-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mongodb-kubernetes-operator
+subjects:
+- kind: ServiceAccount
+  name: mongodb-kubernetes-operator

k8s/prod/ingress.yaml

@@ -0,0 +1,38 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: zuzi-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: zuzanariha.art
+    http:
+      paths:
+      - path: /api/v1
+        pathType: Prefix
+        backend:
+          service:
+            name: api
+            port:
+              name: api
+      - path: /uploads
+        pathType: Prefix
+        backend:
+          service:
+            name: api
+            port:
+              name: api
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: http
+            port:
+              name: http
+  tls:
+    - hosts: 
+      - zuzanariha.art
+      secretName: zuzi-art-cert

k8s/prod/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zuzi-site

k8s/server.deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: server
+  name: server
+
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: server
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: server
+    spec:
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 10
+      containers:
+      - name: zuzi-site
+        image: zevisert/zuzi-site-server
+        imagePullPolicy: IfNotPresent
+        envFrom:
+        - secretRef:
+            name: env
+        volumeMounts:
+          - mountPath: /secrets/mongodb
+            name: mongodb-creds
+            readOnly: true
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 800m
+            memory: 500M
+          requests:
+            cpu: 200m
+            memory: 100M
+      volumes:
+        - name: mongodb-creds
+          secret:
+            secretName: mongodb-admin-koa