diff --git a/.gitea/actions/get-build-options/action.yaml b/.gitea/actions/get-build-options/action.yaml new file mode 100644 index 0000000..3a128a0 --- /dev/null +++ b/.gitea/actions/get-build-options/action.yaml @@ -0,0 +1,26 @@ +name: "Get Build Options" +description: "Sanitizies and unifies the environment into build options" +outputs: + short-sha: + description: "Shortened hash if the current commit" + build-arch: + description: "Docker-compatible representation of build arch" + build-platform: + description: "Docker-compatible representation of build platform" +runs: + using: "composite" + steps: + - name: "Compute Build Options" + shell: "bash" + run: | + set -x + SHORT_SHA="${GITHUB_SHA::8}" + BUILD_ARCH="amd64" + BUILD_PLATFORM="linux/amd64" + if [ "${RUNNER_ARCH}" = "ARM64" ];then + BUILD_ARCH="arm64" + BUILD_PLATFORM="linux/arm64" + fi + echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT + echo "build-arch=$BUILD_ARCH" >> $GITHUB_OUTPUT + echo "build-platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT diff --git a/.gitea/actions/get-run-info/action.yaml b/.gitea/actions/get-run-info/action.yaml new file mode 100644 index 0000000..41dcf22 --- /dev/null +++ b/.gitea/actions/get-run-info/action.yaml @@ -0,0 +1,17 @@ +name: "Get Run Info" +description: "Sanitizies and unifies the environment into run info" +inputs: + compose-project-base: + description: "Base for the Compose project" + required: true +outputs: + compose-project: + description: "Compose project name" +runs: + using: "composite" + steps: + - name: "Compute Run Info" + shell: "bash" + run: | + set -x + echo "compose-project=${{ inputs.compose-project-base }}-${GITHUB_RUN_NUMBER}" >> $GITHUB_OUTPUT diff --git a/.gitea/actions/get-service-version/action.yaml b/.gitea/actions/get-service-version/action.yaml new file mode 100644 index 0000000..a116332 --- /dev/null +++ b/.gitea/actions/get-service-version/action.yaml @@ -0,0 +1,27 @@ +name: "Get Run Info" +description: "Sanitizies and unifies the environment into run info" +inputs: + service: + description: "The service to work on" + required: true +outputs: + version: + description: "Service version" + build-number: + description: "Build number" +runs: + using: "composite" + steps: + - name: "Compute Service Version" + shell: "bash" + run: | + set -x + if [[ ! -z "${GITHUB_HEAD_REF}" || "${GITHUB_REF_NAME}" = "development" ]]; then + VERSION="${GITHUB_SHA::8}" + BUILD="${GITHUB_RUN_NUMBER}" + else + VERSION="v$(grep -Po '(?<=^version\s=\s")[^"]+' services/${{ inputs.service }}/pyproject.toml)" + BUILD="01" + fi + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "build-number=$BUILD" >> $GITHUB_OUTPUT diff --git a/.gitea/actions/setup-k8s/action.yaml b/.gitea/actions/setup-k8s/action.yaml new file mode 100644 index 0000000..309a257 --- /dev/null +++ b/.gitea/actions/setup-k8s/action.yaml @@ -0,0 +1,32 @@ +name: "Set up k8s" +description: "Downloads and installs k8s tools" +inputs: + arch: + description: "Architecture" + required: true + kubectl-version: + description: "kubectl version to install" + required: false + default: "1.33.4" + kustomize-version: + description: "kustomize version to install" + required: false + default: "5.7.1" +runs: + using: "composite" + steps: + - name: "Install k8s tools" + shell: "bash" + run: | + set -x + mkdir -p /opt/k8s/bin /opt/k8s/etc /opt/k8s/src + + wget -O /opt/k8s/src/kubectl "https://nexus.bthlabs.pl/repository/ops-tools/k8s/kubectl-${{ inputs.kubectl-version }}-linux-${{ inputs.arch }}" + chmod a+x /opt/k8s/src/kubectl + mv /opt/k8s/src/kubectl /opt/k8s/bin + + wget -O /opt/k8s/src/kustomize "https://nexus.bthlabs.pl/repository/ops-tools/k8s/kustomize-${{ inputs.kustomize-version }}-linux-${{ inputs.arch }}" + chmod a+x /opt/k8s/src/kustomize + mv /opt/k8s/src/kustomize /opt/k8s/bin + + rm -rf /opt/k8s/src/ diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index 912efe5..c911991 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -19,23 +19,12 @@ jobs: uses: "actions/checkout@v2" - name: "Get run info" id: "get-run-info" - run: | - set -x - echo "COMPOSE_PROJECT=${{ vars.COMPOSE_PROJECT_BASE }}-${GITHUB_RUN_NUMBER}" >> $GITHUB_OUTPUT + uses: "./.gitea/actions/get-run-info" + with: + compose-project-base: "${{ vars.COMPOSE_PROJECT_BASE }}" - name: "Get build options" id: "get-build-options" - run: | - set -x - SHORT_SHA="${GITHUB_SHA::8}" - BUILD_ARCH="amd64" - BUILD_PLATFORM="linux/amd64" - if [ "${RUNNER_ARCH}" = "ARM64" ];then - BUILD_ARCH="arm64" - BUILD_PLATFORM="linux/arm64" - fi - echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_OUTPUT - echo "BUILD_ARCH=$BUILD_ARCH" >> $GITHUB_OUTPUT - echo "BUILD_PLATFORM=$BUILD_PLATFORM" >> $GITHUB_OUTPUT + uses: "./.gitea/actions/get-build-options" - name: "Set up Docker Buildx" id: "setup-docker-buildx" uses: "docker/setup-buildx-action@v3" @@ -53,8 +42,8 @@ jobs: context: "services/" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/postgres:15.13-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/postgres:15.13-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Build `keycloak` image" @@ -64,8 +53,8 @@ jobs: context: "services/" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/keycloak:22.0.3-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/keycloak:22.0.3-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Build `rabbitmq` image" @@ -75,8 +64,8 @@ jobs: context: "services/" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/rabbitmq:3.10.8-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/rabbitmq:3.10.8-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Build `backend-ci` image" @@ -87,8 +76,8 @@ jobs: target: "ci" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/backend:ci-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/backend:ci-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Build `packages-ci` image" @@ -99,8 +88,8 @@ jobs: target: "ci" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/packages:ci-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/packages:ci-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Build `extension-ci` image" @@ -111,8 +100,8 @@ jobs: target: "ci" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/extension:ci-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/extension:ci-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Build `apple-ci` image" @@ -123,21 +112,21 @@ jobs: target: "ci" push: false load: true - tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/apple:ci-${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" - platforms: "${{ steps.get-build-options.outputs.BUILD_PLATFORM }}" + tags: "docker-hosted.nexus.bthlabs.pl/hotpocket/apple:ci-${{ steps.get-run-info.outputs.compose-project }}" + platforms: "${{ steps.get-build-options.outputs.build-platform }}" cache-from: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" cache-to: "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" - name: "Prepare the build" id: "prepare" env: - COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" run: | set -x ./.gitea/tools/render-docker-compose-ci.sh - name: "Run `backend` checks" if: "steps.prepare.conclusion == 'success'" env: - COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" run: | set -x docker compose \ @@ -150,7 +139,7 @@ jobs: - name: "Run `packages` checks" if: "steps.prepare.conclusion == 'success'" env: - COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" run: | set -x docker compose \ @@ -163,7 +152,7 @@ jobs: - name: "Run `extension` checks" if: "steps.prepare.conclusion == 'success'" env: - COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" run: | set -x docker compose \ @@ -176,7 +165,7 @@ jobs: - name: "Run `apple` checks" if: "steps.prepare.conclusion == 'success'" env: - COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" run: | set -x docker compose \ @@ -189,7 +178,7 @@ jobs: - name: "Clean up" if: always() env: - COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.COMPOSE_PROJECT }}" + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" run: | set -x docker compose \ diff --git a/.gitea/workflows/development.yaml b/.gitea/workflows/development.yaml new file mode 100644 index 0000000..5cb3d18 --- /dev/null +++ b/.gitea/workflows/development.yaml @@ -0,0 +1,163 @@ +name: "Deploy to development" + +on: + push: + branches: + - "development" + +jobs: + build-deployment-images: + name: "Build deployment images" + runs-on: "ubuntu-latest" + steps: + - name: "Checkout the code" + uses: "actions/checkout@v2" + - name: "Get build options" + id: "get-build-options" + uses: "./.gitea/actions/get-build-options" + - name: "Get `backend` version" + id: "get-backend-version" + uses: "./.gitea/actions/get-service-version" + with: + service: "backend" + - name: "Import Secrets" + id: "import-secrets" + uses: "hashicorp/vault-action@v2" + with: + url: "https://vault.bthlabs.pl/" + method: "approle" + roleId: "${{ secrets.VAULT_ROLE_ID }}" + secretId: "${{ secrets.VAULT_SECRET_ID }}" + secrets: | + gitea/data/docker-hosted.nexus.bthlabs.pl username | DOCKER_USERNAME ; + gitea/data/docker-hosted.nexus.bthlabs.pl password | DOCKER_PASSWORD + - name: "Set up Docker Buildx" + id: "setup-docker-buildx" + uses: "docker/setup-buildx-action@v3" + with: + driver: "remote" + endpoint: "tcp://builder-01.bthlab:2375" + platforms: "linux/amd64" + append: | + - endpoint: "tcp://builder-mac-01.bthlab:2375" + platforms: "linux/arm64" + - name: "Login to Docket Registry" + uses: "docker/login-action@v3" + with: + registry: "docker-hosted.nexus.bthlabs.pl" + username: "${{ steps.import-secrets.outputs.DOCKER_USERNAME }}" + password: "${{ steps.import-secrets.outputs.DOCKER_PASSWORD }}" + - name: "Build `backend-deployment` image" + env: + SHORT_SHA: "${{ steps.get-build-options.outputs.short-sha }}" + VERSION: "${{ steps.get-backend-version.outputs.version }}" + BUILD: "${{ steps.get-backend-version.outputs.build-number }}" + run: | + set -x + docker buildx build \ + --cache-from "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" \ + --cache-to "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" \ + --push \ + --platform linux/amd64,linux/arm64 \ + --build-arg IMAGE_ID="deployment.${SHORT_SHA}" \ + -f services/backend/Dockerfile \ + --target deployment \ + -t "docker-hosted.nexus.bthlabs.pl/hotpocket/backend:deployment-${VERSION}-${BUILD}" \ + services/ + - name: "Build `backend-aio` image" + env: + SHORT_SHA: "${{ steps.get-build-options.outputs.short-sha }}" + VERSION: "${{ steps.get-backend-version.outputs.version }}" + BUILD: "${{ steps.get-backend-version.outputs.build-number }}" + run: | + set -x + docker buildx build \ + --cache-from "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket" \ + --cache-to "type=registry,ref=nexus.bthlab.bthlabs.net:8001/hotpocket,mode=max" \ + --push \ + --platform linux/amd64,linux/arm64 \ + --build-arg IMAGE_ID="aio.${SHORT_SHA}" \ + -f services/backend/Dockerfile \ + --target aio \ + -t "docker-hosted.nexus.bthlabs.pl/hotpocket/backend:aio-${VERSION}-${BUILD}" \ + services/ + + deploy: + name: "Deploy" + runs-on: "ubuntu-latest" + needs: + - "build-deployment-images" + env: + KUBERNETES_NAMESPACE: "hotpocket-development" + KUBERNETES_CLUSTER: "k8s.bthlab" + steps: + - name: "Checkout the code" + uses: "actions/checkout@v2" + - name: "Get run info" + id: "get-run-info" + uses: "./.gitea/actions/get-run-info" + with: + compose-project-base: "${{ vars.COMPOSE_PROJECT_BASE }}" + - name: "Get build options" + id: "get-build-options" + uses: "./.gitea/actions/get-build-options" + - name: "Get `backend` version" + id: "get-backend-version" + uses: "./.gitea/actions/get-service-version" + with: + service: "backend" + - name: "Setup k8s" + uses: "./.gitea/actions/setup-k8s" + with: + arch: "${{ steps.get-build-options.outputs.build-arch }}" + - name: "Import Secrets" + id: "import-secrets" + uses: "hashicorp/vault-action@v2" + with: + url: "https://vault.bthlabs.pl/" + method: "approle" + roleId: "${{ secrets.VAULT_ROLE_ID }}" + secretId: "${{ secrets.VAULT_SECRET_ID }}" + secrets: | + gitea/data/k8s.bthlab config | KUBECONFIG_PAYLOAD + - name: "Set up kubeconfig" + env: + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" + KUBECONFIG_PAYLOAD: "${{ steps.import-secrets.outputs.KUBECONFIG_PAYLOAD }}" + run: | + set -x + + echo ${KUBECONFIG_PAYLOAD} | base64 -d >"/opt/k8s/etc/kubeconfig" + export KUBECONFIG="/opt/k8s/etc/kubeconfig" + + /opt/k8s/bin/kubectl config use-context ${KUBERNETES_CLUSTER} + /opt/k8s/bin/kubectl get node + - name: "Run `backend` Django migrations" + env: + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" + BACKEND_TAG: "deployment-${{ steps.get-backend-version.outputs.version }}-${{ steps.get-backend-version.outputs.build-number }}" + run: | + set -x + + ( + cd deployment/hotpocket.bthlab ; + export KUBECONFIG="/opt/k8s/etc/kubeconfig" ; + /opt/k8s/bin/kubectl config use-context ${KUBERNETES_CLUSTER} ; + /opt/k8s/bin/kubectl -n ${KUBERNETES_NAMESPACE} set image cronjobs/backend-job-migrations migrations=docker-hosted.nexus.bthlabs.pl/hotpocket/backend:${BACKEND_TAG} ; + /opt/k8s/bin/kubectl -n ${KUBERNETES_NAMESPACE} delete jobs --ignore-not-found=true backend-job-migrations ; + /opt/k8s/bin/kubectl -n ${KUBERNETES_NAMESPACE} create job backend-job-migrations --from=cronjob/backend-job-migrations ; + /opt/k8s/bin/kubectl -n ${KUBERNETES_NAMESPACE} wait --for=condition=complete --timeout=300s job/backend-job-migrations + ) + - name: "Deploy" + env: + COMPOSE_PROJECT: "${{ steps.get-run-info.outputs.compose-project }}" + BACKEND_TAG: "deployment-${{ steps.get-backend-version.outputs.version }}-${{ steps.get-backend-version.outputs.build-number }}" + run: | + set -x + ( + cd deployment/hotpocket.bthlab ; + export KUBECONFIG="/opt/k8s/etc/kubeconfig" ; + /opt/k8s/bin/kubectl config use-context ${KUBERNETES_CLUSTER} ; + /opt/k8s/bin/kustomize edit set image hotpocket-backend=docker-hosted.nexus.bthlabs.pl/hotpocket/backend:${BACKEND_TAG} ; + /opt/k8s/bin/kustomize build . | /opt/k8s/bin/kubectl apply -f - + ) diff --git a/.gitignore b/.gitignore index 94bc380..4d62ef8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.ci/ .envrc* .ipythonhome/ /docker-compose-ci-*.yaml diff --git a/deployment/hotpocket.bthlab/configs/backend/admin b/deployment/hotpocket.bthlab/configs/backend/admin new file mode 100644 index 0000000..d274bbb --- /dev/null +++ b/deployment/hotpocket.bthlab/configs/backend/admin @@ -0,0 +1,5 @@ +DJANGO_SETTINGS_MODULE=hotpocket_backend.settings.deployment.admin +HOTPOCKET_BACKEND_GUNICORN_WORKERS=2 +HOTPOCKET_BACKEND_APP=admin +HOTPOCKET_BACKEND_SECRET_KEY=thisissecret +HOTPOCKET_BACKEND_ALLOWED_HOSTS=thisissecret diff --git a/deployment/hotpocket.bthlab/configs/backend/base b/deployment/hotpocket.bthlab/configs/backend/base new file mode 100644 index 0000000..a5fbbcc --- /dev/null +++ b/deployment/hotpocket.bthlab/configs/backend/base @@ -0,0 +1,8 @@ +HOTPOCKET_BACKEND_ENV=deployment +HOTPOCKET_BACKEND_DATABASE_NAME=hotpocket_development_backend +HOTPOCKET_BACKEND_DATABASE_USER=thisissecret +HOTPOCKET_BACKEND_DATABASE_PASSWORD=thisissecret +HOTPOCKET_BACKEND_DATABASE_HOST=databases.bthlab +HOTPOCKET_BACKEND_CELERY_BROKER_URL=thisissecret +HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND=thisissecret +HOTPOCKET_BACKEND_MODEL_AUTH_IS_DISABLED=false diff --git a/deployment/hotpocket.bthlab/configs/backend/webapp b/deployment/hotpocket.bthlab/configs/backend/webapp new file mode 100644 index 0000000..ecec2d8 --- /dev/null +++ b/deployment/hotpocket.bthlab/configs/backend/webapp @@ -0,0 +1,7 @@ +DJANGO_SETTINGS_MODULE=hotpocket_backend.settings.deployment.webapp +HOTPOCKET_BACKEND_GUNICORN_WORKERS=2 +HOTPOCKET_BACKEND_APP=webapp +HOTPOCKET_BACKEND_SECRET_KEY=thisissecret +HOTPOCKET_BACKEND_ALLOWED_HOSTS=thisissecret +HOTPOCKET_BACKEND_SAVES_SAVE_ADAPTER=hotpocket_backend.apps.saves.adapters.postgres:PostgresSaveAdapter +HOTPOCKET_BACKEND_SAVES_ASSOCIATION_ADAPTER=hotpocket_backend.apps.saves.adapters.postgres:PostgresAssociationAdapter diff --git a/deployment/hotpocket.bthlab/kustomization.yaml b/deployment/hotpocket.bthlab/kustomization.yaml new file mode 100644 index 0000000..d394780 --- /dev/null +++ b/deployment/hotpocket.bthlab/kustomization.yaml @@ -0,0 +1,39 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - resources/namespace.yaml + - resources/volumes.yaml + - resources/backend/job-migrations.yaml + - resources/backend/webapp.yaml + - resources/backend/webapp-service.yaml + - resources/backend/webapp-ingress.yaml + - resources/backend/admin.yaml + - resources/backend/admin-service.yaml + - resources/backend/admin-ingress.yaml + - resources/backend/celery-worker.yaml + - resources/backend/celery-beat.yaml + +configMapGenerator: + - behavior: create + namespace: hotpocket-development + envs: + - configs/backend/base + name: backend-base-config + - behavior: create + namespace: hotpocket-development + envs: + - configs/backend/webapp + name: backend-webapp-config + - behavior: create + namespace: hotpocket-development + envs: + - configs/backend/admin + name: backend-admin-config + +patches: [] + +images: + - name: hotpocket-backend + newName: docker-hosted.nexus.bthlabs.pl/hotpocket/backend + newTag: deployment-v25.10.4-01 diff --git a/deployment/hotpocket.bthlab/resources/backend/admin-ingress.yaml b/deployment/hotpocket.bthlab/resources/backend/admin-ingress.yaml new file mode 100644 index 0000000..d193542 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/admin-ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: backend-admin-ingress + namespace: hotpocket-development + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: "web" +spec: + rules: + - host: admin.hotpocket.bthlab.bthlabs.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: backend-admin-service + port: + name: http diff --git a/deployment/hotpocket.bthlab/resources/backend/admin-service.yaml b/deployment/hotpocket.bthlab/resources/backend/admin-service.yaml new file mode 100644 index 0000000..2835621 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/admin-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: backend-admin-service + namespace: hotpocket-development +spec: + type: ClusterIP + selector: + app.kubernetes.io/app: backend-admin + ports: + - name: http + protocol: TCP + port: 8000 + targetPort: http diff --git a/deployment/hotpocket.bthlab/resources/backend/admin.yaml b/deployment/hotpocket.bthlab/resources/backend/admin.yaml new file mode 100644 index 0000000..708a0b6 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/admin.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend-admin + namespace: hotpocket-development + labels: + app.kubernetes.io/app: backend-admin +spec: + minReadySeconds: 30 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/app: backend-admin + template: + metadata: + labels: + app.kubernetes.io/app: backend-admin + spec: + containers: + - name: app + image: hotpocket-backend:latest + command: + - "/srv/venv/bin/gunicorn" + - "-c" + - "/srv/lib/gunicorn.conf.py" + - "hotpocket_backend.wsgi:application" + envFrom: + - configMapRef: + name: backend-base-config + - configMapRef: + name: backend-admin-config + env: + - name: HOTPOCKET_BACKEND_SECRET_KEY + valueFrom: + secretKeyRef: + name: backend-admin + key: secret_key + - name: HOTPOCKET_BACKEND_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: backend-admin + key: allowed_hosts + - name: HOTPOCKET_BACKEND_DATABASE_USER + valueFrom: + secretKeyRef: + name: backend-postgres + key: username + - name: HOTPOCKET_BACKEND_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: backend-postgres + key: password + - name: HOTPOCKET_BACKEND_CELERY_BROKER_URL + valueFrom: + secretKeyRef: + name: backend-celery + key: broker_url + - name: HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND + valueFrom: + secretKeyRef: + name: backend-celery + key: result_backend + ports: + - containerPort: 8000 + name: http + protocol: TCP + - containerPort: 8001 + name: healthcheck + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: 8001 + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: "/" + port: 8001 + initialDelaySeconds: 2 + periodSeconds: 5 + volumeMounts: + - mountPath: /dev/shm + name: shm + - mountPath: /srv/run + name: backend-admin-srv-run + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - name: shm + emptyDir: + medium: Memory + - name: backend-admin-srv-run + emptyDir: {} diff --git a/deployment/hotpocket.bthlab/resources/backend/celery-beat.yaml b/deployment/hotpocket.bthlab/resources/backend/celery-beat.yaml new file mode 100644 index 0000000..3c396a1 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/celery-beat.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: backend-celery-beat + namespace: hotpocket-development + labels: + app.kubernetes.io/app: backend-celery-beat +spec: + minReadySeconds: 30 + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + app.kubernetes.io/app: backend-celery-beat + template: + metadata: + labels: + app.kubernetes.io/app: backend-celery-beat + spec: + containers: + - name: app + image: hotpocket-backend:latest + command: + - "/srv/venv/bin/celery" + - "-A" + - "hotpocket_backend.celery:app" + - "beat" + - "-l" + - "INFO" + - "-s" + - "/srv/run/celery-beat-schedule" + envFrom: + - configMapRef: + name: backend-base-config + - configMapRef: + name: backend-webapp-config + env: + - name: HOTPOCKET_BACKEND_SECRET_KEY + valueFrom: + secretKeyRef: + name: backend-webapp + key: secret_key + - name: HOTPOCKET_BACKEND_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: backend-webapp + key: allowed_hosts + - name: HOTPOCKET_BACKEND_DATABASE_USER + valueFrom: + secretKeyRef: + name: backend-postgres + key: username + - name: HOTPOCKET_BACKEND_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: backend-postgres + key: password + - name: HOTPOCKET_BACKEND_CELERY_BROKER_URL + valueFrom: + secretKeyRef: + name: backend-celery + key: broker_url + - name: HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND + valueFrom: + secretKeyRef: + name: backend-celery + key: result_backend + volumeMounts: + - mountPath: /dev/shm + name: shm + - mountPath: /srv/run + name: backend-celery-beat-srv-run + - mountPath: /srv/uploads + name: backend-celery-beat-srv-uploads + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - name: shm + emptyDir: + medium: Memory + - name: backend-celery-beat-srv-run + persistentVolumeClaim: + claimName: backend-celery-beat-run + - name: backend-celery-beat-srv-uploads + emptyDir: {} diff --git a/deployment/hotpocket.bthlab/resources/backend/celery-worker.yaml b/deployment/hotpocket.bthlab/resources/backend/celery-worker.yaml new file mode 100644 index 0000000..507d3c0 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/celery-worker.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend-celery-worker + namespace: hotpocket-development + labels: + app.kubernetes.io/app: backend-celery-worker +spec: + minReadySeconds: 30 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/app: backend-celery-worker + template: + metadata: + labels: + app.kubernetes.io/app: backend-celery-worker + spec: + containers: + - name: app + image: hotpocket-backend:latest + command: + - "/srv/venv/bin/celery" + - "-A" + - "hotpocket_backend.celery:app" + - "worker" + - "-l" + - "INFO" + - "-Q" + - "celery,webapp" + - "-c" + - "2" + envFrom: + - configMapRef: + name: backend-base-config + - configMapRef: + name: backend-webapp-config + env: + - name: HOTPOCKET_BACKEND_SECRET_KEY + valueFrom: + secretKeyRef: + name: backend-webapp + key: secret_key + - name: HOTPOCKET_BACKEND_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: backend-webapp + key: allowed_hosts + - name: HOTPOCKET_BACKEND_DATABASE_USER + valueFrom: + secretKeyRef: + name: backend-postgres + key: username + - name: HOTPOCKET_BACKEND_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: backend-postgres + key: password + - name: HOTPOCKET_BACKEND_CELERY_BROKER_URL + valueFrom: + secretKeyRef: + name: backend-celery + key: broker_url + - name: HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND + valueFrom: + secretKeyRef: + name: backend-celery + key: result_backend + volumeMounts: + - mountPath: /dev/shm + name: shm + - mountPath: /srv/run + name: backend-celery-worker-srv-run + - mountPath: /srv/uploads + name: backend-celery-worker-srv-uploads + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - name: shm + emptyDir: + medium: Memory + - name: backend-celery-worker-srv-run + emptyDir: {} + - name: backend-celery-worker-srv-uploads + persistentVolumeClaim: + claimName: backend-uploads diff --git a/deployment/hotpocket.bthlab/resources/backend/job-migrations.yaml b/deployment/hotpocket.bthlab/resources/backend/job-migrations.yaml new file mode 100644 index 0000000..7cee752 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/job-migrations.yaml @@ -0,0 +1,80 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: backend-job-migrations + namespace: hotpocket-development + labels: + app.kubernetes.io/app: backend-job-migrations +spec: + concurrencyPolicy: "Forbid" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + startingDeadlineSeconds: 180 + schedule: "* * * * *" + suspend: true + jobTemplate: + spec: + backoffLimit: 1 + completions: 1 + parallelism: 1 + template: + spec: + containers: + - name: migrations + image: hotpocket-backend:latest + command: + - "./manage.py" + - "migrate" + envFrom: + - configMapRef: + name: backend-base-config + - configMapRef: + name: backend-webapp-config + env: + - name: HOTPOCKET_BACKEND_SECRET_KEY + valueFrom: + secretKeyRef: + name: backend-webapp + key: secret_key + - name: HOTPOCKET_BACKEND_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: backend-webapp + key: allowed_hosts + - name: HOTPOCKET_BACKEND_DATABASE_USER + valueFrom: + secretKeyRef: + name: backend-postgres + key: username + - name: HOTPOCKET_BACKEND_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: backend-postgres + key: password + - name: HOTPOCKET_BACKEND_CELERY_BROKER_URL + valueFrom: + secretKeyRef: + name: backend-celery + key: broker_url + - name: HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND + valueFrom: + secretKeyRef: + name: backend-celery + key: result_backend + volumeMounts: + - mountPath: /dev/shm + name: shm + - mountPath: /srv/run + name: backend-webapp-srv-run + - mountPath: /srv/uploads + name: backend-webapp-srv-uploads + dnsPolicy: ClusterFirst + restartPolicy: Never + volumes: + - name: shm + emptyDir: + medium: Memory + - name: backend-webapp-srv-run + emptyDir: {} + - name: backend-webapp-srv-uploads + emptyDir: {} diff --git a/deployment/hotpocket.bthlab/resources/backend/webapp-ingress.yaml b/deployment/hotpocket.bthlab/resources/backend/webapp-ingress.yaml new file mode 100644 index 0000000..c5ed1b1 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/webapp-ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: backend-webapp-ingress + namespace: hotpocket-development + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: "web" +spec: + rules: + - host: app.hotpocket.bthlab.bthlabs.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: backend-webapp-service + port: + name: http diff --git a/deployment/hotpocket.bthlab/resources/backend/webapp-service.yaml b/deployment/hotpocket.bthlab/resources/backend/webapp-service.yaml new file mode 100644 index 0000000..9a09fb0 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/webapp-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: backend-webapp-service + namespace: hotpocket-development +spec: + type: ClusterIP + selector: + app.kubernetes.io/app: backend-webapp + ports: + - name: http + protocol: TCP + port: 8000 + targetPort: http diff --git a/deployment/hotpocket.bthlab/resources/backend/webapp.yaml b/deployment/hotpocket.bthlab/resources/backend/webapp.yaml new file mode 100644 index 0000000..69a2406 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/backend/webapp.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend-webapp + namespace: hotpocket-development + labels: + app.kubernetes.io/app: backend-webapp +spec: + minReadySeconds: 30 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/app: backend-webapp + template: + metadata: + labels: + app.kubernetes.io/app: backend-webapp + spec: + containers: + - name: app + image: hotpocket-backend:latest + command: + - "/srv/venv/bin/gunicorn" + - "-c" + - "/srv/lib/gunicorn.conf.py" + - "hotpocket_backend.wsgi:application" + envFrom: + - configMapRef: + name: backend-base-config + - configMapRef: + name: backend-webapp-config + env: + - name: HOTPOCKET_BACKEND_SECRET_KEY + valueFrom: + secretKeyRef: + name: backend-webapp + key: secret_key + - name: HOTPOCKET_BACKEND_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: backend-webapp + key: allowed_hosts + - name: HOTPOCKET_BACKEND_DATABASE_USER + valueFrom: + secretKeyRef: + name: backend-postgres + key: username + - name: HOTPOCKET_BACKEND_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: backend-postgres + key: password + - name: HOTPOCKET_BACKEND_CELERY_BROKER_URL + valueFrom: + secretKeyRef: + name: backend-celery + key: broker_url + - name: HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND + valueFrom: + secretKeyRef: + name: backend-celery + key: result_backend + ports: + - containerPort: 8000 + name: http + protocol: TCP + - containerPort: 8001 + name: healthcheck + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: 8001 + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: "/" + port: 8001 + initialDelaySeconds: 2 + periodSeconds: 5 + volumeMounts: + - mountPath: /dev/shm + name: shm + - mountPath: /srv/run + name: backend-webapp-srv-run + - mountPath: /srv/uploads + name: backend-webapp-srv-uploads + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - name: shm + emptyDir: + medium: Memory + - name: backend-webapp-srv-run + emptyDir: {} + - name: backend-webapp-srv-uploads + persistentVolumeClaim: + claimName: backend-uploads diff --git a/deployment/hotpocket.bthlab/resources/namespace.yaml b/deployment/hotpocket.bthlab/resources/namespace.yaml new file mode 100644 index 0000000..29aeab7 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: hotpocket-development diff --git a/deployment/hotpocket.bthlab/resources/volumes.yaml b/deployment/hotpocket.bthlab/resources/volumes.yaml new file mode 100644 index 0000000..f2374d0 --- /dev/null +++ b/deployment/hotpocket.bthlab/resources/volumes.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: backend-uploads + namespace: hotpocket-development +spec: + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: "1Gi" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: backend-celery-beat-run + namespace: hotpocket-development +spec: + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: "1Gi"