commit 81e211f6fb91cfa58b5d20b11624e8db74ba574a Author: Grzegorz Leoniec Date: Thu Jan 17 14:10:38 2019 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..da61c76ef --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*secrets*.yaml diff --git a/README.md b/README.md new file mode 100644 index 000000000..fe28119cf --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# Human-Connection Nitro | Deployment Configuration + +> Currently the deployment is not primetime ready as you still have to do some manual work. That we need to change, the following list gives some glimpse of the missing steps. + +## Todo`s +- [ ] check labels and selectors if they all are correct +- [ ] configure NGINX from yaml +- [ ] configure Let's Encrypt cert-manager from yaml +- [ ] configure ingress form yaml +- [ ] configure persistent & shared storage between nodes +- [ ] reproduce setup locally + +> The dummy directory has some lb configurations that did not work properly on Digital Ocean but could be used as a starting point for getting it right + + +## Apply the config map to staging namespace +```shell +cd ./staging +kubectl apply -f configmap-neo4j.yaml -f configmap-backend.yaml -f configmap-web.yaml +``` + + +## Setup secrets and deploy themn +```shell +cd ./staging +cp secrets.yaml.template secrets.yaml +# change all vars as needed and deploy it afterwards +kubectl apply -f secrets.yaml +``` + +## Deploy the app +```shell +cd ./staging +kubectl apply -f deployment-neo4j.yaml -f deployment-backend.yaml -f deployment-web.yaml +``` diff --git a/dummies/backend-service.yaml b/dummies/backend-service.yaml new file mode 100644 index 000000000..48fffbc24 --- /dev/null +++ b/dummies/backend-service.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: nitro-backend + name: nitro-backend + namespace: staging +spec: + ports: + - port: 4000 + targetPort: 4000 + selector: + k8s-app: nitro-backend diff --git a/dummies/do-loadbalancer.yaml b/dummies/do-loadbalancer.yaml new file mode 100644 index 000000000..9c700e082 --- /dev/null +++ b/dummies/do-loadbalancer.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: sample-load-balancer + namespace: staging +spec: + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 80 + name: http diff --git a/dummies/ingress-backend.yaml b/dummies/ingress-backend.yaml new file mode 100644 index 000000000..0640b49fd --- /dev/null +++ b/dummies/ingress-backend.yaml @@ -0,0 +1,15 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: backend-ingress + namespace: staging + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - http: + paths: + - path: / + backend: + serviceName: backend + servicePort: 4000 diff --git a/dummies/nginx.yaml b/dummies/nginx.yaml new file mode 100644 index 000000000..1f5136b4b --- /dev/null +++ b/dummies/nginx.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: ingress-nginx + namespace: staging + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + type: NodePort + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + - name: https + port: 443 + targetPort: 443 + protocol: TCP + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx diff --git a/dummies/web-service.yaml b/dummies/web-service.yaml new file mode 100644 index 000000000..847ba3c05 --- /dev/null +++ b/dummies/web-service.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: nitro-web + name: nitro-web + namespace: staging +spec: + ports: + - port: 3000 + targetPort: 3000 + selector: + k8s-app: nitro-web diff --git a/staging/backend-configmap.yaml b/staging/backend-configmap.yaml new file mode 100644 index 000000000..ba7c819bc --- /dev/null +++ b/staging/backend-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +data: + GRAPHQL_PORT: "4000" + GRAPHQL_URI: "https://api-nitro-staging.human-connection.org" + MOCK: "false" +metadata: + name: staging-backend + namespace: staging diff --git a/staging/backend-deployment.yaml b/staging/backend-deployment.yaml new file mode 100644 index 000000000..ee0dfcef6 --- /dev/null +++ b/staging/backend-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nitro-backend + namespace: staging +spec: + replicas: 2 + minReadySeconds: 15 + progressDeadlineSeconds: 60 + # strategy: + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + # type: RollingUpdate + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-staging-backend + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-staging-backend + name: "nitro-backend" + spec: + containers: + - env: + - name: MOCK + value: "false" + - name: CLIENT_URI + valueFrom: + configMapKeyRef: + name: staging-web + key: CLIENT_URI + - name: GRAPHQL_PORT + valueFrom: + configMapKeyRef: + name: staging-backend + key: GRAPHQL_PORT + - name: GRAPHQL_URI + valueFrom: + configMapKeyRef: + name: staging-backend + key: GRAPHQL_URI + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: staging + key: JWT_SECRET + optional: false + - name: NEO4J_URI + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_URI + image: humanconnection/nitro-backend:latest + name: nitro-backend + ports: + - containerPort: 4000 + resources: {} + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 +status: {} diff --git a/staging/deployment.yaml b/staging/deployment.yaml new file mode 100644 index 000000000..9d68db535 --- /dev/null +++ b/staging/deployment.yaml @@ -0,0 +1,260 @@ +apiVersion: v1 +items: +- apiVersion: extensions/v1beta1 + kind: Deployment + metadata: + name: backend + namespace: staging + spec: + minReadySeconds: 15 + progressDeadlineSeconds: 60 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + cattle.io/creator: norman + workload.user.cattle.io/workloadselector: deployment-staging-backend + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + spec: + containers: + - env: + - name: MOCK + valueFrom: + configMapKeyRef: + key: MOCK + name: staging-backend + optional: false + - name: NEO4J_URI + valueFrom: + configMapKeyRef: + key: NEO4J_URI + name: staging-neo4j + optional: false + - name: JWT_SECRET + valueFrom: + secretKeyRef: + key: JWT_SECRET + name: staging + optional: false + - name: NEO4J_AUTH + valueFrom: + configMapKeyRef: + key: NEO4J_AUTH + name: staging-neo4j + optional: false + - name: CLIENT_URI + valueFrom: + configMapKeyRef: + key: CLIENT_URI + name: staging-web + optional: false + - name: GRAPHQL_PORT + valueFrom: + configMapKeyRef: + key: GRAPHQL_PORT + name: staging-backend + optional: false + - name: GRAPHQL_URI + valueFrom: + configMapKeyRef: + key: GRAPHQL_URI + name: staging-backend + optional: false + image: humanconnection/nitro-backend:latest + imagePullPolicy: Always + name: backend + resources: {} + tty: true + restartPolicy: Always + terminationGracePeriodSeconds: 30 +#- apiVersion: extensions/v1beta1 +# kind: Deployment +# metadata: +# annotations: +# deployment.kubernetes.io/revision: "2" +# field.cattle.io/creatorId: user-x8jr4 +# field.cattle.io/publicEndpoints: '[{"nodeName":"c-2kbhr:m-bmgq4","addresses":["104.248.30.130"],"port":7687,"protocol":"TCP","podName":"staging:neo4j-2-6589cbc4d5-q4bxl","allNodes":false},{"nodeName":"c-2kbhr:m-bmgq4","addresses":["104.248.30.130"],"port":7474,"protocol":"TCP","podName":"staging:neo4j-2-6589cbc4d5-q4bxl","allNodes":false},{"nodeName":"c-2kbhr:m-bmgq4","addresses":["104.248.30.130"],"port":7473,"protocol":"TCP","podName":"staging:neo4j-2-6589cbc4d5-q4bxl","allNodes":false}]' +# creationTimestamp: 2018-12-10T19:07:58Z +# generation: 8 +# labels: +# cattle.io/creator: norman +# workload.user.cattle.io/workloadselector: deployment-staging-neo4j-2 +# name: neo4j-2 +# namespace: staging +# resourceVersion: "2380945" +# selfLink: /apis/extensions/v1beta1/namespaces/staging/deployments/neo4j-2 +# uid: e80460f6-fcae-11e8-943a-c6c288d5f6fa +# spec: +# progressDeadlineSeconds: 600 +# replicas: 1 +# revisionHistoryLimit: 10 +# selector: +# matchLabels: +# workload.user.cattle.io/workloadselector: deployment-staging-neo4j-2 +# strategy: +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 0 +# type: RollingUpdate +# template: +# metadata: +# annotations: +# cattle.io/timestamp: 2018-12-11T11:11:09Z +# field.cattle.io/ports: '[[{"containerPort":7687,"dnsName":"neo4j-2-hostport","hostPort":7687,"kind":"HostPort","name":"7687tcp76870","protocol":"TCP","sourcePort":7687},{"containerPort":7474,"dnsName":"neo4j-2-hostport","hostPort":7474,"kind":"HostPort","name":"7474tcp74740","protocol":"TCP","sourcePort":7474},{"containerPort":7473,"dnsName":"neo4j-2-hostport","hostPort":7473,"kind":"HostPort","name":"7473tcp74730","protocol":"TCP","sourcePort":7473}]]' +# creationTimestamp: null +# labels: +# workload.user.cattle.io/workloadselector: deployment-staging-neo4j-2 +# spec: +# containers: +# - env: +# - name: NEO4J_AUTH +# value: none +# image: humanconnection/neo4j:latest +# imagePullPolicy: IfNotPresent +# name: neo4j-2 +# ports: +# - containerPort: 7687 +# hostPort: 7687 +# name: 7687tcp76870 +# protocol: TCP +# - containerPort: 7474 +# hostPort: 7474 +# name: 7474tcp74740 +# protocol: TCP +# - containerPort: 7473 +# hostPort: 7473 +# name: 7473tcp74730 +# protocol: TCP +# resources: {} +# securityContext: +# allowPrivilegeEscalation: false +# capabilities: {} +# privileged: false +# readOnlyRootFilesystem: false +# runAsNonRoot: false +# stdin: true +# terminationMessagePath: /dev/termination-log +# terminationMessagePolicy: File +# tty: true +# dnsPolicy: ClusterFirst +# restartPolicy: Always +# schedulerName: default-scheduler +# securityContext: {} +# terminationGracePeriodSeconds: 30 +# status: +# availableReplicas: 1 +# conditions: +# - lastTransitionTime: 2018-12-10T19:07:58Z +# lastUpdateTime: 2018-12-11T11:11:18Z +# message: ReplicaSet "neo4j-2-6589cbc4d5" has successfully progressed. +# reason: NewReplicaSetAvailable +# status: "True" +# type: Progressing +# - lastTransitionTime: 2018-12-11T12:12:41Z +# lastUpdateTime: 2018-12-11T12:12:41Z +# message: Deployment has minimum availability. +# reason: MinimumReplicasAvailable +# status: "True" +# type: Available +# observedGeneration: 8 +# readyReplicas: 1 +# replicas: 1 +# updatedReplicas: 1 +##- apiVersion: extensions/v1beta1 +# kind: Deployment +# metadata: +# annotations: +# deployment.kubernetes.io/revision: "15" +# field.cattle.io/creatorId: user-x8jr4 +# field.cattle.io/publicEndpoints: '[{"addresses":["68.183.211.116"],"port":31726,"protocol":"TCP","serviceName":"staging:web-nodeport","allNodes":true},{"addresses":["104.248.25.205"],"port":80,"protocol":"HTTP","serviceName":"staging:ingress-ef72b2ceebfff95d50b0537c0e9e98d8","ingressName":"staging:web","hostname":"web.staging.104.248.25.205.xip.io","allNodes":true}]' +# creationTimestamp: 2018-11-30T13:56:41Z +# generation: 56 +# labels: +# cattle.io/creator: norman +# workload.user.cattle.io/workloadselector: deployment-staging-web +# name: web +# namespace: staging +# resourceVersion: "2401610" +# selfLink: /apis/extensions/v1beta1/namespaces/staging/deployments/web +# uid: c3870196-f4a7-11e8-943a-c6c288d5f6fa +# spec: +# progressDeadlineSeconds: 600 +# replicas: 1 +# revisionHistoryLimit: 10 +# selector: +# matchLabels: +# workload.user.cattle.io/workloadselector: deployment-staging-web +# strategy: +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 0 +# type: RollingUpdate +# template: +# metadata: +# labels: +# workload.user.cattle.io/workloadselector: deployment-staging-web +# spec: +# containers: +# - env: +# - name: HOST +# value: 0.0.0.0 +# - name: JWT_SECRET +# valueFrom: +# secretKeyRef: +# key: JWT_SECRET +# name: jwt-secret +# optional: false +# - name: BACKEND_URL +# valueFrom: +# configMapKeyRef: +# key: GRAPHQL_URI +# name: staging-configs +# optional: false +# image: humanconnection/nitro-web:latest +# imagePullPolicy: Always +# name: web +# ports: +# - containerPort: 3000 +# name: 3000tcp01 +# protocol: TCP +# resources: {} +# securityContext: +# allowPrivilegeEscalation: false +# capabilities: {} +# privileged: false +# readOnlyRootFilesystem: false +# runAsNonRoot: false +# stdin: true +# terminationMessagePath: /dev/termination-log +# terminationMessagePolicy: File +# tty: true +# dnsPolicy: ClusterFirst +# restartPolicy: Always +# schedulerName: default-scheduler +# securityContext: {} +# terminationGracePeriodSeconds: 30 +# status: +# availableReplicas: 1 +# conditions: +# - lastTransitionTime: 2018-11-30T14:53:36Z +# lastUpdateTime: 2018-12-11T11:17:34Z +# message: ReplicaSet "web-5864d6db9c" has successfully progressed. +# reason: NewReplicaSetAvailable +# status: "True" +# type: Progressing +# - lastTransitionTime: 2018-12-11T11:23:17Z +# lastUpdateTime: 2018-12-11T11:23:17Z +# message: Deployment has minimum availability. +# reason: MinimumReplicasAvailable +# status: "True" +# type: Available +# observedGeneration: 56 +# readyReplicas: 1 +# replicas: 1 +# updatedReplicas: 1 +kind: List diff --git a/staging/neo4j-configmap.yaml b/staging/neo4j-configmap.yaml new file mode 100644 index 000000000..2f5ece848 --- /dev/null +++ b/staging/neo4j-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +data: + NEO4J_URI: "bolt://neo4j:7687" + NEO4J_USER: "neo4j" + NEO4J_AUTH: none +metadata: + name: staging-neo4j + namespace: staging diff --git a/staging/neo4j-deployment.yaml b/staging/neo4j-deployment.yaml new file mode 100644 index 000000000..66cf5a966 --- /dev/null +++ b/staging/neo4j-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nitro-neo4j + namespace: staging +spec: + replicas: 1 + strategy: {} + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-staging-neo4j + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-staging-neo4j + name: "nitro-neo4j" + spec: + containers: + - env: + - name: NEO4J_dbms_memory_pagecache_size + value: 1G + - name: NEO4J_dbms_memory_heap_max__size + value: 1G + - name: NEO4J_AUTH + value: none + - name: NEO4J_URI + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_URI + - name: NEO4J_USER + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_USER + - name: NEO4J_AUTH + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_AUTH + image: humanconnection/neo4j:latest + name: nitro-neo4j + ports: + - containerPort: 7687 + - containerPort: 7474 + # - containerPort: 7473 + resources: {} + imagePullPolicy: IfNotPresent + restartPolicy: Always +status: {} diff --git a/staging/neo4j-service.yaml b/staging/neo4j-service.yaml new file mode 100644 index 000000000..0f66d7474 --- /dev/null +++ b/staging/neo4j-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + field.cattle.io/ipAddresses: "null" + field.cattle.io/targetDnsRecordIds: "null" + field.cattle.io/targetWorkloadIds: '["deployment:staging:nitro-neo4j"]' + labels: + cattle.io/creator: norman + name: neo4j + namespace: staging +spec: + clusterIP: None + ports: + - name: default + port: 42 + protocol: TCP + targetPort: 42 + selector: + workloadID_neo4j: "true" + sessionAffinity: None + type: ClusterIP diff --git a/staging/secrets.yaml.template b/staging/secrets.yaml.template new file mode 100644 index 000000000..33b8e472b --- /dev/null +++ b/staging/secrets.yaml.template @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +data: + JWT_SECRET: "HgfiztF679FvIZtvv3" +metadata: + name: staging + namespace: staging diff --git a/staging/web-configmap.yaml b/staging/web-configmap.yaml new file mode 100644 index 000000000..a05140fb8 --- /dev/null +++ b/staging/web-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +data: + CLIENT_URI: "https://nitro-staging.human-connection.org" +metadata: + name: staging-web + namespace: staging diff --git a/staging/web-deployment.yaml b/staging/web-deployment.yaml new file mode 100644 index 000000000..97b53a7bf --- /dev/null +++ b/staging/web-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nitro-web + namespace: staging +spec: + replicas: 2 + minReadySeconds: 15 + progressDeadlineSeconds: 60 + # strategy: + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + # type: RollingUpdate + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-staging-web + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-staging-web + name: nitro-web + spec: + containers: + - env: + - name: HOST + value: 0.0.0.0 + - name: BACKEND_URL + valueFrom: + configMapKeyRef: + name: staging-backend + key: GRAPHQL_URI + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: staging + key: JWT_SECRET + optional: false + image: humanconnection/nitro-web:latest + name: web + ports: + - containerPort: 3000 + resources: {} + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 +status: {}