diff --git a/.github/workflows/google-registry-cloudrun.yml b/.github/workflows/google-registry-cloudrun.yml deleted file mode 100644 index d2cbf3c..0000000 --- a/.github/workflows/google-registry-cloudrun.yml +++ /dev/null @@ -1,141 +0,0 @@ -# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Cloud Run when a commit is pushed to the "main" branch -# -# To configure this workflow: -# -# 1. Ensure the required Google Cloud APIs are enabled in the project: -# -# Cloud Build cloudbuild.googleapis.com -# Cloud Run run.googleapis.com -# Artifact Registry artifactregistry.googleapis.com -# -# 2. Create a service account (if you don't have one) with the following fields: -# -# Service Account Name -github-actions -# Service Account ID -github-actions -# -# 3. Ensure the service account have the required IAM permissions granted: -# -# Cloud Build -# roles/cloudbuild.builds.editor (cloud build editor) -# roles/cloudbuild.builds.builder (cloud build service account) -# -# Cloud Run -# roles/run.admin (cloud run admin) -# -# Artifact Registry -# roles/artifactregistry.repoAdmin (artifact registry repository administrator) -# roles/artifactregistry.admin (artifact registry administrator) -# -# Service Account -# roles/iam.serviceAccountUser (act as the Cloud Run runtime service account) -# -# Basic Roles -# roles/viewer (viewer) -# -# NOTE: You should always follow the principle of least privilege when assigning IAM roles -# -# 4. Ensure you have the following GitHub Secrets and Variables: -# -# GitHub Secrets -# GCP_SA_KEY (Google Cloud Project Service Account Key) ref visit https://github.com/Datawheel/company/wiki/Setting-Up-a-Service-Account-for-Workflows#use-the-service-account-on-github-secrets -# TESSERACT_BACKEND (Tesseract Database Connection String) -# -# GitHub Variables -# GCP_PROJECT_ID (Google Cloud Project ID) -# GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name) -# GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location) -# -# 5. Ensure you have the following GitHub Variables for each environment that you will set up: -# -# GitHub Variables -# GCP_CLOUDRUN_SERVICE (CloudRun Service Name of the environment) -# GCP_CLOUDRUN_REGION (CloudRun Service Region of the environment) -# TESSERACT_SCHEMA (Tesseract Schema Folder) -# TESSERACT_DEBUG (Tesseract Debug Value) -# -# Further reading: -# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying -# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles -# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry -# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege -# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: "[Google Cloud] Build to Artifact Registry and Deploy to Cloud Run" - -on: - push: - branches: [ "main" ] - -env: - GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} - GCP_ARTIFACT_REGISTRY_NAME: ${{ vars.GCP_ARTIFACT_REGISTRY_NAME }} - GCP_ARTIFACT_REGISTRY_LOCATION: ${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }} - GCP_CLOUDRUN_SERVICE: ${{ vars.GCP_CLOUDRUN_SERVICE }} - GCP_CLOUDRUN_REGION: ${{ vars.GCP_CLOUDRUN_REGION }} - TESSERACT_SCHEMA: ${{ vars.TESSERACT_SCHEMA }} - TESSERACT_DEBUG: ${{ vars.TESSERACT_DEBUG }} - -jobs: - build: - runs-on: ubuntu-latest - environment: prod - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Authentication via credentials json - - name: Google Auth - id: auth - uses: 'google-github-actions/auth@v0' - with: - project_id: '${{ env.GCP_PROJECT_ID }}' - credentials_json: '${{ secrets.GCP_SA_KEY }}' - - # Build image on Google Cloud Artifact Registry - - name: Build Docker Image - run: |- - gcloud builds submit \ - --quiet \ - --timeout=20m \ - --tag ${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }} - - # Uncomment for adding the latest tag to the latest image created - - name: Add 'Latest' Tag to Environment - run: |- - gcloud beta artifacts docker tags add \ - --quiet \ - ${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }} \ - ${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:latest - - deploy: - needs: build - runs-on: ubuntu-latest - environment: prod - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Authentication via credentials json - - name: Google Auth - id: auth - uses: 'google-github-actions/auth@v0' - with: - project_id: '${{ vars.GCP_PROJECT_ID }}' - credentials_json: '${{ secrets.GCP_SA_KEY }}' - - # Deploy image in Cloud Run - - name: Deploy to Cloud Run - id: 'deploy' - uses: 'google-github-actions/deploy-cloudrun@v1' - with: - service: '${{ env.GCP_CLOUDRUN_SERVICE }}' - image: '${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }}' - region: '${{ env.GCP_CLOUDRUN_REGION }}' - flags: '--port=7777 --min-instances=0 --max-instances=4 --allow-unauthenticated' - env_vars: | - TESSERACT_BACKEND=${{ secrets.TESSERACT_BACKEND }} - TESSERACT_SCHEMA=${{ env.TESSERACT_SCHEMA }} - TESSERACT_DEBUG=${{ env.TESSERACT_DEBUG }} - - # If required, use the Cloud Run url output in later steps - - name: Show Output - run: echo ${{ steps.deploy.outputs.url }} diff --git a/.github/workflows/google-registry-gke.yml b/.github/workflows/google-registry-gke.yml index fbd7937..2dec9e3 100644 --- a/.github/workflows/google-registry-gke.yml +++ b/.github/workflows/google-registry-gke.yml @@ -1,12 +1,11 @@ -# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Google Kubernetes Engine when a commit is pushed to the "develop" branch +# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Cloud Run when a commit is pushed to the "develop" branch # # To configure this workflow: # # 1. Ensure the required Google Cloud APIs are enabled in the project: # -# Cloud Build cloudbuild.googleapis.com -# Kubernetes Engine API container.googleapis.com -# Artifact Registry artifactregistry.googleapis.com +# Cloud Build cloudbuild.googleapis.com +# Artifact Registry artifactregistry.googleapis.com # # 2. Create a service account (if you don't have one) with the following fields: # @@ -15,8 +14,9 @@ # # 3. Ensure the service account have the required IAM permissions granted: # -# Kubernetes Engine Developer -# roles/container.developer (kubernetes engine developer) +# Cloud Build +# roles/cloudbuild.builds.editor (cloud build editor) +# roles/cloudbuild.builds.builder (cloud build service account) # # Artifact Registry # roles/artifactregistry.repoAdmin (artifact registry repository administrator) @@ -40,26 +40,27 @@ # GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name) # GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location) # -# 5. Ensure you have the following GitHub Variables for each environment that you will set up: +# 5. Ensure you have the following GitHub Vatiables for each environment that you will set up: # # GitHub Variables # GCP_IMAGE_NAME (Docker Image Name) -# GKE_APP_NAME (Google Kubernetes Engine Deployment Name) -# GKE_APP_NAMESPACE (Google Kubernetes Engine Deployment Namespace) -# GKE_CLUSTER (Google Kubernetes Engine Cluster Name) -# GKE_ZONE (Google Kubernetes Engine Cluster Zone) +# GKE_APP_NAME (Kubernetes Application Name) +# GKE_APP_RELEASE (Kubernetes Application Release Version) +# GKE_APP_NAMESPACE (Kubernetes Application Namespace) +# GKE_CLUSTER (Kubernetes Cluster Name) +# GKE_ZONE (Kubernetes Cluster Location) # # Further reading: -# Kubernetes Developer - https://cloud.google.com/iam/docs/understanding-roles#container.developer -# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles -# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry -# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege -# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: "[Google Cloud] Build to Artifact Registry and Deploy to GKE" +# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying +# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles +# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry +# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege +# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun +name: Build to Artifact Registry and Deploy to GKE on: push: - branches: [ "main" ] + branches: [ "develop" ] env: GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} @@ -67,6 +68,7 @@ env: GCP_ARTIFACT_REGISTRY_LOCATION: ${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }} GCP_IMAGE_NAME: ${{ vars.GCP_IMAGE_NAME }} GKE_APP_NAME: ${{ vars.GKE_APP_NAME }} + GKE_APP_RELEASE: ${{ vars.GKE_APP_RELEASE }} GKE_APP_NAMESPACE: ${{ vars.GKE_APP_NAMESPACE }} GKE_CLUSTER: ${{ vars.GKE_CLUSTER }} GKE_ZONE: ${{ vars.GKE_ZONE }} @@ -74,7 +76,7 @@ env: jobs: build: runs-on: ubuntu-latest - environment: playground + environment: development steps: - name: Checkout uses: actions/checkout@v3 @@ -82,21 +84,22 @@ jobs: # Authentication via credentials json - name: Google Auth id: auth - uses: 'google-github-actions/auth@v0' + uses: google-github-actions/auth@v0 with: - project_id: '${{ env.GCP_PROJECT_ID }}' - credentials_json: '${{ secrets.GCP_SA_KEY }}' + project_id: ${{ env.GCP_PROJECT_ID }} + credentials_json: ${{ secrets.GCP_SA_KEY }} # Build image on Google Cloud Artifact Registry - name: Build Docker Image run: |- gcloud builds submit \ --quiet \ - --timeout=20m \ - --tag ${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }}:${{ github.sha }} - + --timeout=30m \ + --config=cloudbuild.yml \ + --substitutions=_GCP_ARTIFACT_REGISTRY_LOCATION=${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }},_GCP_PROJECT_ID=${{ env.GCP_PROJECT_ID }},_GCP_ARTIFACT_REGISTRY_NAME=${{ env.GCP_ARTIFACT_REGISTRY_NAME }},_GCP_IMAGE_NAME=${{ env.GCP_IMAGE_NAME }},_GITHUB_SHA=${{ github.sha }} + # Uncomment for adding the latest tag to the latest image created - - name: Add 'Latest' Tag to Development Environments + - name: Add 'Latest' Tag to Development Environments run: |- gcloud beta artifacts docker tags add \ --quiet \ @@ -106,7 +109,7 @@ jobs: deploy: needs: build runs-on: ubuntu-latest - environment: playground + environment: development steps: - name: Checkout uses: actions/checkout@v3 @@ -114,11 +117,11 @@ jobs: # Authentication via credentials json - name: Google Auth id: auth - uses: 'google-github-actions/auth@v0' + uses: google-github-actions/auth@v0 with: - project_id: '${{ vars.GCP_PROJECT_ID }}' - credentials_json: '${{ secrets.GCP_SA_KEY }}' - + project_id: ${{ env.GCP_PROJECT_ID }} + credentials_json: ${{ secrets.GCP_SA_KEY }} + # Get google kubernetes engine credentials - name: Get GKE Credentials uses: google-github-actions/get-gke-credentials@v0 @@ -126,6 +129,8 @@ jobs: cluster_name: ${{ env.GKE_CLUSTER }} location: ${{ env.GKE_ZONE }} - # Restart deployment by deleting old pod - - name: Restart Deployment - run: kubectl delete pod -n ${{ env.GKE_APP_NAMESPACE }} -l app=${{ env.GKE_APP_NAME }} + # Install Helm chart + - name: Helm install + uses: WyriHaximus/github-action-helm3@v2 + with: + exec: helm upgrade --install --create-namespace --namespace ${{ env.GKE_APP_NAMESPACE }} --set app.environment=${{ env.GKE_APP_NAMESPACE }} --set app.release=${{ env.GKE_APP_RELEASE }} --set image.repository=${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }} --set image.tag=${{ github.sha }} --set nameOverride=${{ env.GKE_APP_NAME }} --set fullnameOverride=${{ env.GKE_APP_NAME }} ${{ env.GKE_APP_NAME }} ./helm --values=./helm/values.yaml \ No newline at end of file diff --git a/cloudbuild.yml b/cloudbuild.yml new file mode 100644 index 0000000..eb26c74 --- /dev/null +++ b/cloudbuild.yml @@ -0,0 +1,9 @@ +steps: + # [START cloudbuild_image_yaml] + # Docker Build using Kaniko Cache (Google) + - name: 'gcr.io/kaniko-project/executor:latest' + args: + - --destination=$_GCP_ARTIFACT_REGISTRY_LOCATION-docker.pkg.dev/$_GCP_PROJECT_ID/$_GCP_ARTIFACT_REGISTRY_NAME/$_GCP_IMAGE_NAME:$_GITHUB_SHA + - --cache=true + - --cache-ttl=336h + # [END cloudbuild_image_yaml] \ No newline at end of file diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..f4243e4 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,18 @@ +# A description for the application chart +apiVersion: v2 +name: tesseract-api +description: A Helm chart for Kubernetes +icon: https://connect.redhat.com/sites/default/files/2021-05/helm.png + +# A chart can be either an 'application' or a 'library' chart. +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates. +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 1.0.0 diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt new file mode 100644 index 0000000..123f66e --- /dev/null +++ b/helm/templates/NOTES.txt @@ -0,0 +1,41 @@ +-------------------------------------------------------------------------------- + +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡤⠤⠖⢒⡒⠒⠲⠒⠲⠤⠤⢤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⠴⠚⠉⠁⠀⠀⠀⠀⠀⠀⠠⠀⠀⠀⠀⠑⠢⣉⠓⠦⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⢀⡤⠖⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠳⣄⠀⠉⠲⢤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⢀⡴⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣀⣤⡬⢧⣤⣀⣀⠙⢦⡀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⣰⣟⠄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⠶⢚⣉⣭⣤⣶⣶⣾⣿⣷⣾⣭⣦⣽⣦⡀⠀⠀⠀⠀⠀ +⠀⠀⣼⠛⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠋⣡⣶⣿⣿⣿⣿⣿⣿⠿⠛⠙⠛⠿⣿⣿⣿⣷⡄⠀⠀⠀⠀ +⠀⢰⡉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⠏⣰⣿⣿⣿⣿⣿⣿⣿⡟⠙⠲⢤⡀⠀⣀⠜⠛⠻⣿⣿⣦⠀⠀⠀ +⠀⡟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⠃⣼⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠹⣄⡏⠀⠀⠀⠘⢿⡯⢳⡀⠀ +⢸⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⢠⡟⣼⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀⠀⠀⠹⣿⠀⠀⠀⠀⠈⣷⣀⢧⠀ +⢸⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⢟⣸⣷⣿⣿⣿⣿⣿⣿⣿⣿⡇⠀⠀⣾⣷⣤⠀⠀⣿⡄⠀⣾⣧⠀⠈⣿⣼⡆ +⢸⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢻⡏⢸⡿⣿⣿⣿⣿⣿⣿⣿⣿⡇⠀⠀⠈⠉⠁⠀⠀⣿⣧⠀⠉⠁⠀⠀⢻⠁⡇ +⢸⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⣼⣼⡇⢿⣿⣿⣿⣿⣿⣿⣿⣿⡀⠀⠀⠀⠀⠀⣸⠁⢻⣆⠀⠀⠀⠀⣿⣳⡇ +⠀⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠴⠛⣿⣿⣷⠈⣿⣿⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⢀⡴⠃⠀⠀⠻⣇⠀⠀⣸⣏⡽⠀ +⠀⢱⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⢠⣰⣿⠙⡟⣧⠹⣿⣿⣿⣿⣿⣿⣿⣿⣧⡤⠖⠋⠀⠀⠀⠀⠀⠈⢁⣾⢟⡿⠃⠀ +⠀⠀⢣⡀⠀⠀⠀⠀⠀⠀⠀⠀⠐⠘⡌⠿⡈⠀⠀⠈⢳⣜⣿⣿⣿⣿⣿⣿⣿⣿⣿⣄⠀⠀⠀⠀⠀⣠⣴⣿⣿⠟⠀⠀⠀ +⠀⠀⠀⠳⡄⠀⠀⠀⠀⠐⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠻⣝⡻⢿⣿⣿⣿⣿⣿⣿⣷⣦⣤⣶⣿⣿⣿⡿⠃⠀⠀⠀⠀ +⠀⠀⠀⠀⠙⣄⠀⠀⠀⠀⠂⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠲⠦⢭⣉⡛⠛⠻⣿⣿⠟⠛⢉⡵⠋⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠈⠳⣄⡀⠀⠀⠀⠀⠀⠀⢀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠛⢹⣿⠀⣎⠁⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⢰⠏⠓⠶⣤⣤⣀⣀⡀⠙⢦⣄⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣋⣠⣴⣿⣿⠀⠈⢧⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⣸⠀⠀⠀⠀⡍⠛⢿⡿⡆⠀⠉⠁⠀⠉⠈⠉⠉⠙⠋⢹⡏⠀⠀⠀⠛⠋⡄⠀⢈⣇⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⢰⡇⠀⠀⠀⠀⢠⠀⠀⣻⡧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡇⠀⠀⠀⠀⠀⣷⣴⣿⣿⡄⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⡾⠀⠀⠀⠀⠀⠀⠀⢠⡟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⡇⠀⠀⠀⠀⠀⢹⣿⣿⣿⠇⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⢸⡇⠘⠀⠀⠀⠀⠀⣠⣿⣤⣶⠆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⢸⡿⠿⠋⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⢸⠁⣀⣴⣾⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡿⠀⠀⢀⣠⠴⠛⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠸⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣄⣀⣀⣀⣀⣀⣀⣀⣀⣀⣤⡤⠷⠒⠛⣉⣤⣴⣾⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠙⣿⣿⣿⣿⣿⡿⠟⠉⠀⠀⠀⠉⠉⢉⣉⣉⣉⣉⡀⠀⠀⢀⣴⣾⣿⣿⣿⡿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠉⠉⠉⣇⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⣿⣿⣿⣿⣷⣶⣿⣿⣿⣿⠟⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⢧⣀⣰⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠛⠋⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠻⠿⢿⣿⡿⠿⠟⠛⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + +Oh my God, they deployed the App! You Datawheelers! + +-------------------------------------------------------------------------------- + +CHART NAME: {{ .Values.fullnameOverride }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +-------------------------------------------------------------------------------- diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000..28c8a61 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart-app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "chart-app.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart-app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chart-app.labels" -}} +helm.sh/chart: {{ include "chart-app.chart" . }} +{{ include "chart-app.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chart-app.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart-app.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "chart-app.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "chart-app.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml new file mode 100644 index 0000000..4e121ac --- /dev/null +++ b/helm/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{.Values.fullnameOverride}} + labels: + {{- include "chart-app.labels" . | nindent 4 }} +data: + {{- with .Values.configMap }} + {{- toYaml . | nindent 2 }} + {{- end }} \ No newline at end of file diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000..e9f4165 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.Values.fullnameOverride}} + labels: + {{- include "chart-app.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "chart-app.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "chart-app.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{.Values.fullnameOverride}} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{.Values.fullnameOverride}} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{.Values.fullnameOverride}} + optional: true + - secretRef: + name: {{.Values.fullnameOverride}} + optional: true + env: + {{- range .Values.env }} + - name: "{{ .name }}" + value: "{{ .value }}" + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/helm/templates/hpa.yaml b/helm/templates/hpa.yaml new file mode 100644 index 0000000..0bf63cd --- /dev/null +++ b/helm/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "chart-app.fullname" . }} + labels: + {{- include "chart-app.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "chart-app.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml new file mode 100644 index 0000000..ff77c6a --- /dev/null +++ b/helm/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled }} +{{- $fullName := include "chart-app.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "chart-app.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: nginx + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/templates/secret.yaml b/helm/templates/secret.yaml new file mode 100644 index 0000000..1f4b02b --- /dev/null +++ b/helm/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{.Values.fullnameOverride}} + labels: + {{- include "chart-app.labels" . | nindent 4 }} +type: Opaque +data: +{{- with .Values.secrets }} + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000..da18945 --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{.Values.fullnameOverride}} + labels: + {{- include "chart-app.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "chart-app.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml new file mode 100644 index 0000000..94e29ac --- /dev/null +++ b/helm/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.fullnameOverride }} + labels: + {{- include "chart-app.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..e20a42c --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,86 @@ +image: + pullPolicy: Always + +imagePullSecrets: + - name: github + +replicaCount: 1 + +autoscaling: + enabled: false + # minReplicas: 1 + # maxReplicas: 10 + # targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 120 + +resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 1000m + memory: 4Gi + +livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 7777 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + +readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 7777 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 2 + +service: + type: ClusterIP + port: 7777 + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +configMap: + TESSERACT_DEBUG: "true" + TESSERACT_SCHEMA: "schema" + +secrets: + TESSERACT_BACKEND: Y2xpY2tob3VzZTovL2RlZmF1bHQ6NFpnRk1KWk5hNHM5SzdRb1VKc1VBUU16dHBkOUJnQDM1LjIzOC41LjY5OjkwMDAvYmxzX2Ri + +ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + acme.cert-manager.io/http01-edit-in-place: "true" + ingress.kubernetes.io/ssl-redirect: "true" + nginx.org/proxy-connect-timeout: "120s" + nginx.org/proxy-read-timeout: "120s" + nginx.org/proxy-buffers: "8 16k" + nginx.org/proxy-buffer-size: "16k" + nginx.org/proxy-busy-buffers-size: "64k" + nginx.org/location-snippets: | + add_header Access-Control-Allow-Origin *; + hosts: + - host: api-dev.datausa.io + paths: + - / + tls: + - secretName: tesseract-api-ingress-tls + hosts: + - api-dev.datausa.io \ No newline at end of file