From 81e211f6fb91cfa58b5d20b11624e8db74ba574a Mon Sep 17 00:00:00 2001 From: Grzegorz Leoniec Date: Thu, 17 Jan 2019 14:10:38 +0100 Subject: [PATCH] Initial commit --- .gitignore | 1 + README.md | 35 +++++ dummies/backend-service.yaml | 13 ++ dummies/do-loadbalancer.yaml | 12 ++ dummies/ingress-backend.yaml | 15 ++ dummies/nginx.yaml | 22 +++ dummies/web-service.yaml | 13 ++ staging/backend-configmap.yaml | 9 ++ staging/backend-deployment.yaml | 62 ++++++++ staging/deployment.yaml | 260 ++++++++++++++++++++++++++++++++ staging/neo4j-configmap.yaml | 9 ++ staging/neo4j-deployment.yaml | 50 ++++++ staging/neo4j-service.yaml | 22 +++ staging/secrets.yaml.template | 7 + staging/web-configmap.yaml | 7 + staging/web-deployment.yaml | 47 ++++++ 16 files changed, 584 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 dummies/backend-service.yaml create mode 100644 dummies/do-loadbalancer.yaml create mode 100644 dummies/ingress-backend.yaml create mode 100644 dummies/nginx.yaml create mode 100644 dummies/web-service.yaml create mode 100644 staging/backend-configmap.yaml create mode 100644 staging/backend-deployment.yaml create mode 100644 staging/deployment.yaml create mode 100644 staging/neo4j-configmap.yaml create mode 100644 staging/neo4j-deployment.yaml create mode 100644 staging/neo4j-service.yaml create mode 100644 staging/secrets.yaml.template create mode 100644 staging/web-configmap.yaml create mode 100644 staging/web-deployment.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..da61c76ef --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*secrets*.yaml diff --git a/README.md b/README.md new file mode 100644 index 000000000..fe28119cf --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# Human-Connection Nitro | Deployment Configuration + +> Currently the deployment is not primetime ready as you still have to do some manual work. That we need to change, the following list gives some glimpse of the missing steps. + +## Todo`s +- [ ] check labels and selectors if they all are correct +- [ ] configure NGINX from yaml +- [ ] configure Let's Encrypt cert-manager from yaml +- [ ] configure ingress form yaml +- [ ] configure persistent & shared storage between nodes +- [ ] reproduce setup locally + +> The dummy directory has some lb configurations that did not work properly on Digital Ocean but could be used as a starting point for getting it right + + +## Apply the config map to staging namespace +```shell +cd ./staging +kubectl apply -f configmap-neo4j.yaml -f configmap-backend.yaml -f configmap-web.yaml +``` + + +## Setup secrets and deploy themn +```shell +cd ./staging +cp secrets.yaml.template secrets.yaml +# change all vars as needed and deploy it afterwards +kubectl apply -f secrets.yaml +``` + +## Deploy the app +```shell +cd ./staging +kubectl apply -f deployment-neo4j.yaml -f deployment-backend.yaml -f deployment-web.yaml +``` diff --git a/dummies/backend-service.yaml b/dummies/backend-service.yaml new file mode 100644 index 000000000..48fffbc24 --- /dev/null +++ b/dummies/backend-service.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: nitro-backend + name: nitro-backend + namespace: staging +spec: + ports: + - port: 4000 + targetPort: 4000 + selector: + k8s-app: nitro-backend diff --git a/dummies/do-loadbalancer.yaml b/dummies/do-loadbalancer.yaml new file mode 100644 index 000000000..9c700e082 --- /dev/null +++ b/dummies/do-loadbalancer.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: sample-load-balancer + namespace: staging +spec: + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 80 + name: http diff --git a/dummies/ingress-backend.yaml b/dummies/ingress-backend.yaml new file mode 100644 index 000000000..0640b49fd --- /dev/null +++ b/dummies/ingress-backend.yaml @@ -0,0 +1,15 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: backend-ingress + namespace: staging + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - http: + paths: + - path: / + backend: + serviceName: backend + servicePort: 4000 diff --git a/dummies/nginx.yaml b/dummies/nginx.yaml new file mode 100644 index 000000000..1f5136b4b --- /dev/null +++ b/dummies/nginx.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: ingress-nginx + namespace: staging + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + type: NodePort + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + - name: https + port: 443 + targetPort: 443 + protocol: TCP + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx diff --git a/dummies/web-service.yaml b/dummies/web-service.yaml new file mode 100644 index 000000000..847ba3c05 --- /dev/null +++ b/dummies/web-service.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: nitro-web + name: nitro-web + namespace: staging +spec: + ports: + - port: 3000 + targetPort: 3000 + selector: + k8s-app: nitro-web diff --git a/staging/backend-configmap.yaml b/staging/backend-configmap.yaml new file mode 100644 index 000000000..ba7c819bc --- /dev/null +++ b/staging/backend-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +data: + GRAPHQL_PORT: "4000" + GRAPHQL_URI: "https://api-nitro-staging.human-connection.org" + MOCK: "false" +metadata: + name: staging-backend + namespace: staging diff --git a/staging/backend-deployment.yaml b/staging/backend-deployment.yaml new file mode 100644 index 000000000..ee0dfcef6 --- /dev/null +++ b/staging/backend-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nitro-backend + namespace: staging +spec: + replicas: 2 + minReadySeconds: 15 + progressDeadlineSeconds: 60 + # strategy: + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + # type: RollingUpdate + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-staging-backend + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-staging-backend + name: "nitro-backend" + spec: + containers: + - env: + - name: MOCK + value: "false" + - name: CLIENT_URI + valueFrom: + configMapKeyRef: + name: staging-web + key: CLIENT_URI + - name: GRAPHQL_PORT + valueFrom: + configMapKeyRef: + name: staging-backend + key: GRAPHQL_PORT + - name: GRAPHQL_URI + valueFrom: + configMapKeyRef: + name: staging-backend + key: GRAPHQL_URI + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: staging + key: JWT_SECRET + optional: false + - name: NEO4J_URI + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_URI + image: humanconnection/nitro-backend:latest + name: nitro-backend + ports: + - containerPort: 4000 + resources: {} + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 +status: {} diff --git a/staging/deployment.yaml b/staging/deployment.yaml new file mode 100644 index 000000000..9d68db535 --- /dev/null +++ b/staging/deployment.yaml @@ -0,0 +1,260 @@ +apiVersion: v1 +items: +- apiVersion: extensions/v1beta1 + kind: Deployment + metadata: + name: backend + namespace: staging + spec: + minReadySeconds: 15 + progressDeadlineSeconds: 60 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + cattle.io/creator: norman + workload.user.cattle.io/workloadselector: deployment-staging-backend + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + spec: + containers: + - env: + - name: MOCK + valueFrom: + configMapKeyRef: + key: MOCK + name: staging-backend + optional: false + - name: NEO4J_URI + valueFrom: + configMapKeyRef: + key: NEO4J_URI + name: staging-neo4j + optional: false + - name: JWT_SECRET + valueFrom: + secretKeyRef: + key: JWT_SECRET + name: staging + optional: false + - name: NEO4J_AUTH + valueFrom: + configMapKeyRef: + key: NEO4J_AUTH + name: staging-neo4j + optional: false + - name: CLIENT_URI + valueFrom: + configMapKeyRef: + key: CLIENT_URI + name: staging-web + optional: false + - name: GRAPHQL_PORT + valueFrom: + configMapKeyRef: + key: GRAPHQL_PORT + name: staging-backend + optional: false + - name: GRAPHQL_URI + valueFrom: + configMapKeyRef: + key: GRAPHQL_URI + name: staging-backend + optional: false + image: humanconnection/nitro-backend:latest + imagePullPolicy: Always + name: backend + resources: {} + tty: true + restartPolicy: Always + terminationGracePeriodSeconds: 30 +#- apiVersion: extensions/v1beta1 +# kind: Deployment +# metadata: +# annotations: +# deployment.kubernetes.io/revision: "2" +# field.cattle.io/creatorId: user-x8jr4 +# field.cattle.io/publicEndpoints: '[{"nodeName":"c-2kbhr:m-bmgq4","addresses":["104.248.30.130"],"port":7687,"protocol":"TCP","podName":"staging:neo4j-2-6589cbc4d5-q4bxl","allNodes":false},{"nodeName":"c-2kbhr:m-bmgq4","addresses":["104.248.30.130"],"port":7474,"protocol":"TCP","podName":"staging:neo4j-2-6589cbc4d5-q4bxl","allNodes":false},{"nodeName":"c-2kbhr:m-bmgq4","addresses":["104.248.30.130"],"port":7473,"protocol":"TCP","podName":"staging:neo4j-2-6589cbc4d5-q4bxl","allNodes":false}]' +# creationTimestamp: 2018-12-10T19:07:58Z +# generation: 8 +# labels: +# cattle.io/creator: norman +# workload.user.cattle.io/workloadselector: deployment-staging-neo4j-2 +# name: neo4j-2 +# namespace: staging +# resourceVersion: "2380945" +# selfLink: /apis/extensions/v1beta1/namespaces/staging/deployments/neo4j-2 +# uid: e80460f6-fcae-11e8-943a-c6c288d5f6fa +# spec: +# progressDeadlineSeconds: 600 +# replicas: 1 +# revisionHistoryLimit: 10 +# selector: +# matchLabels: +# workload.user.cattle.io/workloadselector: deployment-staging-neo4j-2 +# strategy: +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 0 +# type: RollingUpdate +# template: +# metadata: +# annotations: +# cattle.io/timestamp: 2018-12-11T11:11:09Z +# field.cattle.io/ports: '[[{"containerPort":7687,"dnsName":"neo4j-2-hostport","hostPort":7687,"kind":"HostPort","name":"7687tcp76870","protocol":"TCP","sourcePort":7687},{"containerPort":7474,"dnsName":"neo4j-2-hostport","hostPort":7474,"kind":"HostPort","name":"7474tcp74740","protocol":"TCP","sourcePort":7474},{"containerPort":7473,"dnsName":"neo4j-2-hostport","hostPort":7473,"kind":"HostPort","name":"7473tcp74730","protocol":"TCP","sourcePort":7473}]]' +# creationTimestamp: null +# labels: +# workload.user.cattle.io/workloadselector: deployment-staging-neo4j-2 +# spec: +# containers: +# - env: +# - name: NEO4J_AUTH +# value: none +# image: humanconnection/neo4j:latest +# imagePullPolicy: IfNotPresent +# name: neo4j-2 +# ports: +# - containerPort: 7687 +# hostPort: 7687 +# name: 7687tcp76870 +# protocol: TCP +# - containerPort: 7474 +# hostPort: 7474 +# name: 7474tcp74740 +# protocol: TCP +# - containerPort: 7473 +# hostPort: 7473 +# name: 7473tcp74730 +# protocol: TCP +# resources: {} +# securityContext: +# allowPrivilegeEscalation: false +# capabilities: {} +# privileged: false +# readOnlyRootFilesystem: false +# runAsNonRoot: false +# stdin: true +# terminationMessagePath: /dev/termination-log +# terminationMessagePolicy: File +# tty: true +# dnsPolicy: ClusterFirst +# restartPolicy: Always +# schedulerName: default-scheduler +# securityContext: {} +# terminationGracePeriodSeconds: 30 +# status: +# availableReplicas: 1 +# conditions: +# - lastTransitionTime: 2018-12-10T19:07:58Z +# lastUpdateTime: 2018-12-11T11:11:18Z +# message: ReplicaSet "neo4j-2-6589cbc4d5" has successfully progressed. +# reason: NewReplicaSetAvailable +# status: "True" +# type: Progressing +# - lastTransitionTime: 2018-12-11T12:12:41Z +# lastUpdateTime: 2018-12-11T12:12:41Z +# message: Deployment has minimum availability. +# reason: MinimumReplicasAvailable +# status: "True" +# type: Available +# observedGeneration: 8 +# readyReplicas: 1 +# replicas: 1 +# updatedReplicas: 1 +##- apiVersion: extensions/v1beta1 +# kind: Deployment +# metadata: +# annotations: +# deployment.kubernetes.io/revision: "15" +# field.cattle.io/creatorId: user-x8jr4 +# field.cattle.io/publicEndpoints: '[{"addresses":["68.183.211.116"],"port":31726,"protocol":"TCP","serviceName":"staging:web-nodeport","allNodes":true},{"addresses":["104.248.25.205"],"port":80,"protocol":"HTTP","serviceName":"staging:ingress-ef72b2ceebfff95d50b0537c0e9e98d8","ingressName":"staging:web","hostname":"web.staging.104.248.25.205.xip.io","allNodes":true}]' +# creationTimestamp: 2018-11-30T13:56:41Z +# generation: 56 +# labels: +# cattle.io/creator: norman +# workload.user.cattle.io/workloadselector: deployment-staging-web +# name: web +# namespace: staging +# resourceVersion: "2401610" +# selfLink: /apis/extensions/v1beta1/namespaces/staging/deployments/web +# uid: c3870196-f4a7-11e8-943a-c6c288d5f6fa +# spec: +# progressDeadlineSeconds: 600 +# replicas: 1 +# revisionHistoryLimit: 10 +# selector: +# matchLabels: +# workload.user.cattle.io/workloadselector: deployment-staging-web +# strategy: +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 0 +# type: RollingUpdate +# template: +# metadata: +# labels: +# workload.user.cattle.io/workloadselector: deployment-staging-web +# spec: +# containers: +# - env: +# - name: HOST +# value: 0.0.0.0 +# - name: JWT_SECRET +# valueFrom: +# secretKeyRef: +# key: JWT_SECRET +# name: jwt-secret +# optional: false +# - name: BACKEND_URL +# valueFrom: +# configMapKeyRef: +# key: GRAPHQL_URI +# name: staging-configs +# optional: false +# image: humanconnection/nitro-web:latest +# imagePullPolicy: Always +# name: web +# ports: +# - containerPort: 3000 +# name: 3000tcp01 +# protocol: TCP +# resources: {} +# securityContext: +# allowPrivilegeEscalation: false +# capabilities: {} +# privileged: false +# readOnlyRootFilesystem: false +# runAsNonRoot: false +# stdin: true +# terminationMessagePath: /dev/termination-log +# terminationMessagePolicy: File +# tty: true +# dnsPolicy: ClusterFirst +# restartPolicy: Always +# schedulerName: default-scheduler +# securityContext: {} +# terminationGracePeriodSeconds: 30 +# status: +# availableReplicas: 1 +# conditions: +# - lastTransitionTime: 2018-11-30T14:53:36Z +# lastUpdateTime: 2018-12-11T11:17:34Z +# message: ReplicaSet "web-5864d6db9c" has successfully progressed. +# reason: NewReplicaSetAvailable +# status: "True" +# type: Progressing +# - lastTransitionTime: 2018-12-11T11:23:17Z +# lastUpdateTime: 2018-12-11T11:23:17Z +# message: Deployment has minimum availability. +# reason: MinimumReplicasAvailable +# status: "True" +# type: Available +# observedGeneration: 56 +# readyReplicas: 1 +# replicas: 1 +# updatedReplicas: 1 +kind: List diff --git a/staging/neo4j-configmap.yaml b/staging/neo4j-configmap.yaml new file mode 100644 index 000000000..2f5ece848 --- /dev/null +++ b/staging/neo4j-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +data: + NEO4J_URI: "bolt://neo4j:7687" + NEO4J_USER: "neo4j" + NEO4J_AUTH: none +metadata: + name: staging-neo4j + namespace: staging diff --git a/staging/neo4j-deployment.yaml b/staging/neo4j-deployment.yaml new file mode 100644 index 000000000..66cf5a966 --- /dev/null +++ b/staging/neo4j-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nitro-neo4j + namespace: staging +spec: + replicas: 1 + strategy: {} + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-staging-neo4j + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-staging-neo4j + name: "nitro-neo4j" + spec: + containers: + - env: + - name: NEO4J_dbms_memory_pagecache_size + value: 1G + - name: NEO4J_dbms_memory_heap_max__size + value: 1G + - name: NEO4J_AUTH + value: none + - name: NEO4J_URI + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_URI + - name: NEO4J_USER + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_USER + - name: NEO4J_AUTH + valueFrom: + configMapKeyRef: + name: staging-neo4j + key: NEO4J_AUTH + image: humanconnection/neo4j:latest + name: nitro-neo4j + ports: + - containerPort: 7687 + - containerPort: 7474 + # - containerPort: 7473 + resources: {} + imagePullPolicy: IfNotPresent + restartPolicy: Always +status: {} diff --git a/staging/neo4j-service.yaml b/staging/neo4j-service.yaml new file mode 100644 index 000000000..0f66d7474 --- /dev/null +++ b/staging/neo4j-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + field.cattle.io/ipAddresses: "null" + field.cattle.io/targetDnsRecordIds: "null" + field.cattle.io/targetWorkloadIds: '["deployment:staging:nitro-neo4j"]' + labels: + cattle.io/creator: norman + name: neo4j + namespace: staging +spec: + clusterIP: None + ports: + - name: default + port: 42 + protocol: TCP + targetPort: 42 + selector: + workloadID_neo4j: "true" + sessionAffinity: None + type: ClusterIP diff --git a/staging/secrets.yaml.template b/staging/secrets.yaml.template new file mode 100644 index 000000000..33b8e472b --- /dev/null +++ b/staging/secrets.yaml.template @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +data: + JWT_SECRET: "HgfiztF679FvIZtvv3" +metadata: + name: staging + namespace: staging diff --git a/staging/web-configmap.yaml b/staging/web-configmap.yaml new file mode 100644 index 000000000..a05140fb8 --- /dev/null +++ b/staging/web-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +data: + CLIENT_URI: "https://nitro-staging.human-connection.org" +metadata: + name: staging-web + namespace: staging diff --git a/staging/web-deployment.yaml b/staging/web-deployment.yaml new file mode 100644 index 000000000..97b53a7bf --- /dev/null +++ b/staging/web-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nitro-web + namespace: staging +spec: + replicas: 2 + minReadySeconds: 15 + progressDeadlineSeconds: 60 + # strategy: + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + # type: RollingUpdate + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-staging-web + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-staging-web + name: nitro-web + spec: + containers: + - env: + - name: HOST + value: 0.0.0.0 + - name: BACKEND_URL + valueFrom: + configMapKeyRef: + name: staging-backend + key: GRAPHQL_URI + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: staging + key: JWT_SECRET + optional: false + image: humanconnection/nitro-web:latest + name: web + ports: + - containerPort: 3000 + resources: {} + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 +status: {}