diff --git a/.dockerignore b/.dockerignore index 93f13619..ae9b6d70 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,3 @@ node_modules npm-debug.log +integrativeprojectchart diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..24502afe --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,60 @@ +name: 'Deploy' + +on: + + workflow_dispatch: + +jobs: + + deployHelmChart: + name: Deploy Helm chart to Kubernetes Cluster + runs-on: ubuntu-latest + environment: Test + + defaults: + run: + shell: bash + + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Import Secrets + uses: hashicorp/vault-action@v2.4.0 + with: + url: ${{ secrets.VAULT_IP }} + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + kv/azure username | AZURE_VAULT_USERNAME; + kv/azure password | AZURE_VAULT_PASSWORD; + kv/azure_container username | AZURE_VAULT_CONTAINER_USERNAME; + kv/azure_container password | AZURE_VAULT_CONTAINER_PASSWORD; + + - name: Login to Azure CLI + run: | + az login -u $AZURE_VAULT_USERNAME -p $AZURE_VAULT_PASSWORD + + - name: Set aks context + uses: azure/aks-set-context@v2.0 + with: + resource-group: Integrative-DevOps-Project + cluster-name: example-aks1 + + - name: Create a new namespace named pacman-namespace + run: | + kubectl create namespace pacman-namespace + + - name: Create docker-registry secret for K8s + run: | + kubectl create secret docker-registry acr-secret \ + --namespace pacman-namespace \ + --docker-server=containerregistry1123581321.azurecr.io \ + --docker-username=$AZURE_VAULT_CONTAINER_USERNAME \ + --docker-password=$AZURE_VAULT_CONTAINER_PASSWORD + + - name: Installing integrativeprojectchart + working-directory: integrativeprojectchart/charts + run: | + helm install pacman-chart integrativeprojectchart-0.1.0.tgz --namespace pacman-namespace + diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..64c17a03 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,37 @@ +name: 'Push Image ACR' + +on: + + workflow_dispatch: + +jobs: + ContainerRegistry: + runs-on: ubuntu-latest + defaults: + run: + shell: bash + + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Import Secrets + uses: hashicorp/vault-action@v2.4.0 + with: + url: ${{ secrets.VAULT_IP }} + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + kv/azure username | AZURE_VAULT_USERNAME; + kv/azure password | AZURE_VAULT_PASSWORD; + + - name: Login to Azure CLI and Azure Container Registry + run: | + az login -u $AZURE_VAULT_USERNAME -p $AZURE_VAULT_PASSWORD + az acr login --name ${{ secrets.CONTAINER_NAME }} + + - name: Build and push docker image to azure registry + working-directory: ./docker + run: | + docker build . -t ${{ secrets.CONTAINER_NAME }}/jesus/pacman-nodejs-app:latest + docker push ${{ secrets.CONTAINER_NAME }}/jesus/pacman-nodejs-app:latest diff --git a/.github/workflows/remove_deploy.yml b/.github/workflows/remove_deploy.yml new file mode 100644 index 00000000..de0c145f --- /dev/null +++ b/.github/workflows/remove_deploy.yml @@ -0,0 +1,48 @@ +name: 'Remove deploy' + +on: + + workflow_dispatch: + +jobs: + + uninstallHelm: + name: 'Update image on deployment' + runs-on: ubuntu-latest + + defaults: + run: + shell: bash + + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Import Secrets + uses: hashicorp/vault-action@v2.4.0 + with: + url: ${{ secrets.VAULT_IP }} + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + kv/azure username | AZURE_VAULT_USERNAME; + kv/azure password | AZURE_VAULT_PASSWORD; + + - name: "Login to Azure CLI" + run: | + az login -u $AZURE_VAULT_USERNAME -p $AZURE_VAULT_PASSWORD + + - name: Set aks context + uses: azure/aks-set-context@v2.0 + with: + resource-group: Integrative-DevOps-Project + cluster-name: example-aks1 + + + - name: 'Uninstalling helm chart' + run: | + helm uninstall pacman-chart --namespace pacman-namespace + + - name: 'Delete pacman-namespace' + run: | + kubectl delete namespace pacman-namespace \ No newline at end of file diff --git a/.github/workflows/update_deploy.yml b/.github/workflows/update_deploy.yml new file mode 100644 index 00000000..be50fb6c --- /dev/null +++ b/.github/workflows/update_deploy.yml @@ -0,0 +1,45 @@ +name: 'Update deployment' + +on: + + workflow_dispatch: + +jobs: + + restartDeployment: + name: 'Update the the image from the replicas' + runs-on: ubuntu-latest + + defaults: + run: + shell: bash + + steps: + + - name: Checkout + uses: actions/checkout@v3 + + + - name: Import Secrets + uses: hashicorp/vault-action@v2.4.0 + with: + url: ${{ secrets.VAULT_IP }} + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + kv/azure username | AZURE_VAULT_USERNAME; + kv/azure password | AZURE_VAULT_PASSWORD; + + - name: "Login to Azure CLI" + run: | + az login -u $AZURE_VAULT_USERNAME -p $AZURE_VAULT_PASSWORD + + + - name: Set aks context + uses: azure/aks-set-context@v2.0 + with: + resource-group: Integrative-DevOps-Project + cluster-name: example-aks1 + + - name: Rolling restart deployment deployment.apps/pacman + run: | + kubectl rollout restart deployment.apps/pacman -n pacman-namespace \ No newline at end of file diff --git a/ansible-vault/.DS_Store b/ansible-vault/.DS_Store new file mode 100644 index 00000000..2cb4acb2 Binary files /dev/null and b/ansible-vault/.DS_Store differ diff --git a/ansible-vault/inventory.ini b/ansible-vault/inventory.ini new file mode 100644 index 00000000..90ee506f --- /dev/null +++ b/ansible-vault/inventory.ini @@ -0,0 +1,5 @@ +#13.67.215.79 ansible_user=azureuser +#proyectvm.centralus.cloudapp.azure.com ansible_user=azureuser +#40.77.26.179 ansible_user=azureuser +#secretsvm.centralus.cloudapp.azure.com ansible_user=azureuser +13.89.245.9 ansible_user=azureuser \ No newline at end of file diff --git a/ansible-vault/playbook.yml b/ansible-vault/playbook.yml new file mode 100644 index 00000000..8e87f21d --- /dev/null +++ b/ansible-vault/playbook.yml @@ -0,0 +1,17 @@ +--- +- hosts: all + become: true + remote_user: azureuser + become_user: root + become_method: sudo + roles: + - vault + +- hosts: all + vars: + unseal_keys_dir_output: "{{ playbook_dir }}/unsealKey/" + root_token_dir_output: "{{ playbook_dir }}/rootKey/" + roles: + - vault-init + - vault-unseal + \ No newline at end of file diff --git a/ansible-vault/roles/vault-init/.travis.yml b/ansible-vault/roles/vault-init/.travis.yml new file mode 100644 index 00000000..36bbf620 --- /dev/null +++ b/ansible-vault/roles/vault-init/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/ansible-vault/roles/vault-init/README.md b/ansible-vault/roles/vault-init/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/ansible-vault/roles/vault-init/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible-vault/roles/vault-init/defaults/main.yml b/ansible-vault/roles/vault-init/defaults/main.yml new file mode 100644 index 00000000..3a82d921 --- /dev/null +++ b/ansible-vault/roles/vault-init/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# defaults file for roles/vault-init +unseal_keys_dir_output: "{{ playbook_dir }}/unsealKey/" +root_token_dir_output: "{{ playbook_dir }}/rootKey/" +vault_addr: 'http://0.0.0.0:8200' +#vault_addr: 'http://127.0.0.1:8200' \ No newline at end of file diff --git a/ansible-vault/roles/vault-init/tasks/main.yml b/ansible-vault/roles/vault-init/tasks/main.yml new file mode 100644 index 00000000..b207ba24 --- /dev/null +++ b/ansible-vault/roles/vault-init/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# tasks file for roles/vault-init +- name: Create unseal directories + file: + path: "{{ unseal_keys_dir_output }}" + state: "directory" + delegate_to: localhost + +- name: Create root key directories + file: + path: "{{ root_token_dir_output }}" + state: "directory" + delegate_to: localhost + +- name: Initialise Vault operator + shell: vault operator init -key-shares=5 -key-threshold=3 -format json + environment: + VAULT_ADDR: '{{ vault_addr }}' + register: vault_init_results + + +- name: Parse output of vault init + set_fact: + vault_init_parsed: "{{ vault_init_results.stdout | from_json }}" + +- name: Write unseal keys to files + copy: + dest: "{{ unseal_keys_dir_output }}/unseal_key_{{ item.0 }}" + content: "{{ item.1 }}" + with_indexed_items: "{{ vault_init_parsed.unseal_keys_hex }}" + delegate_to: localhost + +- name: Write root token to file + copy: + content: "{{ vault_init_parsed.root_token }}" + dest: "{{root_token_dir_output}}/rootkey" + delegate_to: localhost diff --git a/ansible-vault/roles/vault-init/tests/inventory b/ansible-vault/roles/vault-init/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/ansible-vault/roles/vault-init/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/ansible-vault/roles/vault-init/tests/test.yml b/ansible-vault/roles/vault-init/tests/test.yml new file mode 100644 index 00000000..038634ea --- /dev/null +++ b/ansible-vault/roles/vault-init/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - roles/vault-init diff --git a/ansible-vault/roles/vault-init/vars/main.yml b/ansible-vault/roles/vault-init/vars/main.yml new file mode 100644 index 00000000..6dc31cc1 --- /dev/null +++ b/ansible-vault/roles/vault-init/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for roles/vault-init diff --git a/ansible-vault/roles/vault-unseal/.travis.yml b/ansible-vault/roles/vault-unseal/.travis.yml new file mode 100644 index 00000000..36bbf620 --- /dev/null +++ b/ansible-vault/roles/vault-unseal/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/ansible-vault/roles/vault-unseal/README.md b/ansible-vault/roles/vault-unseal/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/ansible-vault/roles/vault-unseal/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible-vault/roles/vault-unseal/defaults/main.yml b/ansible-vault/roles/vault-unseal/defaults/main.yml new file mode 100644 index 00000000..969ae935 --- /dev/null +++ b/ansible-vault/roles/vault-unseal/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# defaults file for roles/vault-unseal +unseal_keys_dir_output: "{{ playbook_dir }}/unsealKey/" +vault_addr: 'http://0.0.0.0:8200' \ No newline at end of file diff --git a/ansible-vault/roles/vault-unseal/tasks/main.yml b/ansible-vault/roles/vault-unseal/tasks/main.yml new file mode 100644 index 00000000..264aa9b4 --- /dev/null +++ b/ansible-vault/roles/vault-unseal/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# tasks file for roles/vault-unseal +- name: Reading unseal key contents + command: cat {{item}} + register: unseal_keys + with_fileglob: "{{ unseal_keys_dir_output }}/*" + delegate_to: localhost + become: false + +- name: Unseal vault with unseal keys + shell: | + vault operator unseal {{ item.stdout }} + environment: + VAULT_ADDR: "{{ vault_addr }}" + with_items: "{{unseal_keys.results}}" \ No newline at end of file diff --git a/ansible-vault/roles/vault-unseal/tests/inventory b/ansible-vault/roles/vault-unseal/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/ansible-vault/roles/vault-unseal/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/ansible-vault/roles/vault-unseal/tests/test.yml b/ansible-vault/roles/vault-unseal/tests/test.yml new file mode 100644 index 00000000..60cd695a --- /dev/null +++ b/ansible-vault/roles/vault-unseal/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - roles/vault-unseal diff --git a/ansible-vault/roles/vault-unseal/vars/main.yml b/ansible-vault/roles/vault-unseal/vars/main.yml new file mode 100644 index 00000000..27166ece --- /dev/null +++ b/ansible-vault/roles/vault-unseal/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for roles/vault-unseal diff --git a/ansible-vault/roles/vault/.travis.yml b/ansible-vault/roles/vault/.travis.yml new file mode 100644 index 00000000..36bbf620 --- /dev/null +++ b/ansible-vault/roles/vault/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/ansible-vault/roles/vault/README.md b/ansible-vault/roles/vault/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/ansible-vault/roles/vault/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible-vault/roles/vault/defaults/main.yml b/ansible-vault/roles/vault/defaults/main.yml new file mode 100644 index 00000000..a96d9056 --- /dev/null +++ b/ansible-vault/roles/vault/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# defaults file for roles/vault +vault_version: "1.10.2" +vault_install_prerequisites: ['unzip','jq'] +vault_config_path: "/etc/config.hcl" diff --git a/ansible-vault/roles/vault/handlers/main.yml b/ansible-vault/roles/vault/handlers/main.yml new file mode 100644 index 00000000..f7536551 --- /dev/null +++ b/ansible-vault/roles/vault/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# handlers file for roles/vault +- name: Reload systemd + command: systemctl daemon-reload + listen: systemd_reload \ No newline at end of file diff --git a/ansible-vault/roles/vault/tasks/main.yml b/ansible-vault/roles/vault/tasks/main.yml new file mode 100644 index 00000000..c0a739c7 --- /dev/null +++ b/ansible-vault/roles/vault/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Install prerequisites + package: + name: "{{ item }}" + update_cache: yes + with_items: "{{ vault_install_prerequisites }}" + become: true + +- name: Download binary + get_url: + url: https://releases.hashicorp.com/vault/{{vault_version}}/vault_{{vault_version}}_linux_amd64.zip + dest: /tmp/vault_{{vault_version}}_linux_amd64.zip + register: vault_download + +- name: "Unzip vault archive" + unarchive: + src: "{{ vault_download.dest }}" + dest: /usr/bin + copy: no + +- name: Copy systemd init file + template: + src: templates/init.service.j2 + dest: /etc/systemd/system/vault.service + notify: systemd_reload + +- name: config file + template: + src: templates/config.hcl.j2 + dest: "{{ vault_config_path }}" + +- name: vault service + systemd: + name: vault + state: started + daemon_reload: yes + become: true +- pause: + seconds: 15 diff --git a/ansible-vault/roles/vault/templates/config.hcl.j2 b/ansible-vault/roles/vault/templates/config.hcl.j2 new file mode 100644 index 00000000..24924714 --- /dev/null +++ b/ansible-vault/roles/vault/templates/config.hcl.j2 @@ -0,0 +1,17 @@ +ui=true +disable_mlock = true +api_addr = "http://0.0.0.0:8200" +cluster_addr = "0.0.0.0:8201" + +storage "file" { + path = "/tmp/vault-data" +} + +listener "tcp" { + address = "0.0.0.0:8200" + tls_disable = "true" +} + + + + diff --git a/ansible-vault/roles/vault/templates/init.service.j2 b/ansible-vault/roles/vault/templates/init.service.j2 new file mode 100644 index 00000000..6350fd6a --- /dev/null +++ b/ansible-vault/roles/vault/templates/init.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=a tool for managing secrets +Documentation=https://vaultproject.io/docs/ +After=network.target +ConditionFileNotEmpty=/etc/config.hcl + +[Service] +ExecStart=/usr/bin/vault server -config=/etc/config.hcl +ExecReload=/usr/local/bin/kill --signal HUP $MAINPID +CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK +Capabilities=CAP_IPC_LOCK+ep +SecureBits=keep-caps +NoNewPrivileges=yes +KillSignal=SIGINT + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/ansible-vault/roles/vault/tests/inventory.ini b/ansible-vault/roles/vault/tests/inventory.ini new file mode 100644 index 00000000..c49a0b6f --- /dev/null +++ b/ansible-vault/roles/vault/tests/inventory.ini @@ -0,0 +1,4 @@ +localhost + +#13.67.215.79 ansible_user=azureuser +proyectvm.centralus.cloudapp.azure.com ansible_user=azureuser \ No newline at end of file diff --git a/ansible-vault/roles/vault/tests/test.yml b/ansible-vault/roles/vault/tests/test.yml new file mode 100644 index 00000000..123e9853 --- /dev/null +++ b/ansible-vault/roles/vault/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - roles/vault diff --git a/ansible-vault/roles/vault/vars/main.yml b/ansible-vault/roles/vault/vars/main.yml new file mode 100644 index 00000000..e2b568a9 --- /dev/null +++ b/ansible-vault/roles/vault/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for roles/vault diff --git a/ansible-vault/rootKey/rootkey b/ansible-vault/rootKey/rootkey new file mode 100644 index 00000000..744d268d --- /dev/null +++ b/ansible-vault/rootKey/rootkey @@ -0,0 +1 @@ +hvs.WSHsBts5SCe5GSP9bJXtIkpE \ No newline at end of file diff --git a/ansible-vault/unsealKey/unseal_key_0 b/ansible-vault/unsealKey/unseal_key_0 new file mode 100644 index 00000000..5b3d48b2 --- /dev/null +++ b/ansible-vault/unsealKey/unseal_key_0 @@ -0,0 +1 @@ +617402a4591b8d412a9cb6ef6c9246a7abf532bdbe8abc5ab703fd0a7935cb639c \ No newline at end of file diff --git a/ansible-vault/unsealKey/unseal_key_1 b/ansible-vault/unsealKey/unseal_key_1 new file mode 100644 index 00000000..15a86c82 --- /dev/null +++ b/ansible-vault/unsealKey/unseal_key_1 @@ -0,0 +1 @@ +53f83494864c3f37df6604bfe5d3b6fb6560a0e52b80992d93fff1721255714c1d \ No newline at end of file diff --git a/ansible-vault/unsealKey/unseal_key_2 b/ansible-vault/unsealKey/unseal_key_2 new file mode 100644 index 00000000..23991338 --- /dev/null +++ b/ansible-vault/unsealKey/unseal_key_2 @@ -0,0 +1 @@ +61d4b3233447edc232b191b3fe0aa2e60a9807b1f932fd74b01c1de98887c4326c \ No newline at end of file diff --git a/ansible-vault/unsealKey/unseal_key_3 b/ansible-vault/unsealKey/unseal_key_3 new file mode 100644 index 00000000..6e4b15a4 --- /dev/null +++ b/ansible-vault/unsealKey/unseal_key_3 @@ -0,0 +1 @@ +d07ae98e4ead2a117cff73a4dc969bde05f339190b9f902654da10bf46fee4a071 \ No newline at end of file diff --git a/ansible-vault/unsealKey/unseal_key_4 b/ansible-vault/unsealKey/unseal_key_4 new file mode 100644 index 00000000..9e4c9c5d --- /dev/null +++ b/ansible-vault/unsealKey/unseal_key_4 @@ -0,0 +1 @@ +ca8b7eaa1a1e2d1d554a7df7ce946e8a602483bc3fa57d979cec67dea9530ad6d6 \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index c3001311..37ad5d9c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -7,7 +7,7 @@ RUN mkdir -p /usr/src/app WORKDIR /usr/src/app # Clone game source code -RUN git clone https://github.com/font/pacman.git . +RUN git clone https://github.com/jfernando0911/pacman_jesus_test.git . # Install app dependencies RUN npm install diff --git a/integrativeprojectchart/.helmignore b/integrativeprojectchart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/integrativeprojectchart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/integrativeprojectchart/Chart.yaml b/integrativeprojectchart/Chart.yaml new file mode 100644 index 00000000..ba533892 --- /dev/null +++ b/integrativeprojectchart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: integrativeprojectchart +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/integrativeprojectchart/charts/integrativeprojectchart-0.1.0.tgz b/integrativeprojectchart/charts/integrativeprojectchart-0.1.0.tgz new file mode 100644 index 00000000..6a8f6baf Binary files /dev/null and b/integrativeprojectchart/charts/integrativeprojectchart-0.1.0.tgz differ diff --git a/integrativeprojectchart/templates/_helpers.tpl b/integrativeprojectchart/templates/_helpers.tpl new file mode 100644 index 00000000..789abaab --- /dev/null +++ b/integrativeprojectchart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "integrativeprojectchart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "integrativeprojectchart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "integrativeprojectchart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "integrativeprojectchart.labels" -}} +helm.sh/chart: {{ include "integrativeprojectchart.chart" . }} +{{ include "integrativeprojectchart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "integrativeprojectchart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "integrativeprojectchart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "integrativeprojectchart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "integrativeprojectchart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/integrativeprojectchart/templates/hpa.yaml b/integrativeprojectchart/templates/hpa.yaml new file mode 100644 index 00000000..e11c5d49 --- /dev/null +++ b/integrativeprojectchart/templates/hpa.yaml @@ -0,0 +1,18 @@ +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: pacman +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: pacman + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 50 # % \ No newline at end of file diff --git a/integrativeprojectchart/templates/mongo-deployment.yaml b/integrativeprojectchart/templates/mongo-deployment.yaml new file mode 100644 index 00000000..c7032d6f --- /dev/null +++ b/integrativeprojectchart/templates/mongo-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + name: mongo + name: mongo +spec: + replicas: 1 + selector: + matchLabels: + name: mongo + template: + metadata: + labels: + name: mongo + spec: + containers: + - image: mongo + name: mongo + ports: + - name: mongo + containerPort: 27017 + volumeMounts: + - name: mongo-db + mountPath: /data/db + volumes: + - name: mongo-db + persistentVolumeClaim: + claimName: mongo-storage diff --git a/integrativeprojectchart/templates/mongo-pvc.yaml b/integrativeprojectchart/templates/mongo-pvc.yaml new file mode 100644 index 00000000..3c11448e --- /dev/null +++ b/integrativeprojectchart/templates/mongo-pvc.yaml @@ -0,0 +1,10 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mongo-storage +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/integrativeprojectchart/templates/mongo-service.yaml b/integrativeprojectchart/templates/mongo-service.yaml new file mode 100644 index 00000000..88bcbb88 --- /dev/null +++ b/integrativeprojectchart/templates/mongo-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + name: mongo + name: mongo +spec: + type: LoadBalancer + ports: + - port: 27017 + targetPort: 27017 + selector: + name: mongo diff --git a/integrativeprojectchart/templates/pacman-deployment.yaml b/integrativeprojectchart/templates/pacman-deployment.yaml new file mode 100644 index 00000000..5f618d6f --- /dev/null +++ b/integrativeprojectchart/templates/pacman-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + name: pacman + name: pacman +spec: + replicas: 1 + selector: + matchLabels: + name: pacman + template: + metadata: + labels: + name: pacman + spec: + containers: + - image: containerregistry1123581321.azurecr.io/jesus/pacman-nodejs-app:latest + name: pacman + imagePullPolicy: Always + resources: + requests: + memory: "64Mi" + cpu: "200m" + limits: + memory: "128Mi" + cpu: "500m" + ports: + - containerPort: 8080 + name: http-server + imagePullSecrets: + - name: acr-secret + + diff --git a/integrativeprojectchart/templates/pacman-service.yaml b/integrativeprojectchart/templates/pacman-service.yaml new file mode 100644 index 00000000..924c7043 --- /dev/null +++ b/integrativeprojectchart/templates/pacman-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: pacman + labels: + name: pacman +spec: + type: LoadBalancer + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + selector: + name: pacman diff --git a/integrativeprojectchart/templates/tests/test-connection.yaml b/integrativeprojectchart/templates/tests/test-connection.yaml new file mode 100644 index 00000000..0fbd38e5 --- /dev/null +++ b/integrativeprojectchart/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "integrativeprojectchart.fullname" . }}-test-connection" + labels: + {{- include "integrativeprojectchart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "integrativeprojectchart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/integrativeprojectchart/values.yaml b/integrativeprojectchart/values.yaml new file mode 100644 index 00000000..c8cd4597 --- /dev/null +++ b/integrativeprojectchart/values.yaml @@ -0,0 +1,82 @@ +# Default values for integrativeprojectchart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {}