diff --git a/code/kubernetes/mongo/deployment.yaml b/code/kubernetes/mongo/deployment.yaml index 6f788ff..ab16f15 100644 --- a/code/kubernetes/mongo/deployment.yaml +++ b/code/kubernetes/mongo/deployment.yaml @@ -26,12 +26,12 @@ spec: - name: MONGO_INITDB_ROOT_USERNAME valueFrom: secretKeyRef: - name: mongodb-credentials + name: mongo-secret key: MONGO_INITDB_ROOT_USERNAME - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: - name: mongodb-credentials + name: mongo-secret key: MONGO_INITDB_ROOT_PASSWORD volumeMounts: - name: mongodb-data @@ -40,3 +40,14 @@ spec: - name: mongodb-data persistentVolumeClaim: claimName: mongo-pvc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongo-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi diff --git a/code/kubernetes/mongo/mongo-pv.yaml b/code/kubernetes/mongo/mongo-pv.yaml deleted file mode 100644 index 4a4a6fe..0000000 --- a/code/kubernetes/mongo/mongo-pv.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mongo-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi diff --git a/code/kubernetes/mongo/mongo-secret.yaml b/code/kubernetes/mongo/mongo-secret.yaml deleted file mode 100644 index 4ff02c8..0000000 --- a/code/kubernetes/mongo/mongo-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: mongodb-credentials -type: Opaque -data: - MONGO_INITDB_ROOT_USERNAME: YWRtaW4= - MONGO_INITDB_ROOT_PASSWORD: cGFzc3dvcmQ= \ No newline at end of file diff --git a/code/kubernetes/scripts/README.md b/code/kubernetes/scripts/README.md index 96fa94e..ad025b0 100644 --- a/code/kubernetes/scripts/README.md +++ b/code/kubernetes/scripts/README.md @@ -13,18 +13,20 @@ $ ./create-cluster.sh ``` ### 2. Deployment -Builds and pushes Docker images to **Google Container Registry (GCR)**, and deploys all services to the cluster using `kubectl` +Deploys all services and components to the cluster using `kubectl`. ```bash $ ./deploy.sh ``` -#### Optional: Skip Image Build & Push +This will deploy using the latest available Docker images in **Google Container Registry (GCR)**. -If you've already built and pushed your Docker images, you can skip that step to speed up re-deployments: +#### Optional: Build & Push + +If you want to build and push the Docker images before deploying, use the --build flag: ```bash -$ ./deploy.sh --skip-build +$ ./deploy.sh --build ``` ### 3. View Cluster Info diff --git a/code/kubernetes/scripts/deploy.sh b/code/kubernetes/scripts/deploy.sh index d8117c1..854279f 100644 --- a/code/kubernetes/scripts/deploy.sh +++ b/code/kubernetes/scripts/deploy.sh @@ -1,62 +1,75 @@ #!/bin/bash set -e +BUILD=false +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" PROJECT_ID="threadit-api" CLUSTER_NAME="threadit-cluster" ZONE="europe-west1-b" +SERVICES=(db community thread comment vote search popular) -SKIP_BUILD=false - -# Check for --skip-build flag -if [[ "$1" == "--skip-build" ]]; then - SKIP_BUILD=true - echo "Skipping image build and push..." -fi - +# Set project and set up cluster context gcloud config set project $PROJECT_ID +gcloud container clusters get-credentials $CLUSTER_NAME --zone=$ZONE -# Auth Docker with GCR -gcloud auth configure-docker +GCS_KEY="gcs-key" +BUCKET_SECRET=$(gcloud secrets versions access latest --secret=$GCS_KEY) +MONGO_USER=$(gcloud secrets versions access latest --secret="mongo-user") +MONGO_PASS=$(gcloud secrets versions access latest --secret="mongo-pass") -# Move to repo code root (Threadit/code/) -cd "$(dirname "$0")/../../" +# Check for --build flag +if [[ "$1" == "--build" ]]; then + BUILD=true + echo "Building and pushing images..." +fi + +# Build and push docker images +build_and_push_images() { + cd "$SCRIPT_DIR/../../" || exit 1 -# Services list -SERVICES=(db-service community-service thread-service comment-service vote-service search-service popular-service) + gcloud auth configure-docker -if [ "$SKIP_BUILD" = false ]; then - # Build and push all service images for SERVICE in "${SERVICES[@]}"; do - docker build -t gcr.io/$PROJECT_ID/$SERVICE:latest -f services/$SERVICE/Dockerfile . - docker push gcr.io/$PROJECT_ID/$SERVICE:latest + docker build -t gcr.io/$PROJECT_ID/"$SERVICE-service":latest -f services/"$SERVICE-service"/Dockerfile . + docker push gcr.io/$PROJECT_ID/"$SERVICE-service":latest done - # gRPC Gateway docker build -t gcr.io/$PROJECT_ID/grpc-gateway:latest -f grpc-gateway/Dockerfile . docker push gcr.io/$PROJECT_ID/grpc-gateway:latest -fi -# Move to Kubernetes directory -cd kubernetes + cd "$SCRIPT_DIR" || exit 1 +} -# Authenticate and set up cluster context -gcloud container clusters get-credentials $CLUSTER_NAME --zone=$ZONE +# Build and push images if --build is passed +if [ "$BUILD" = true ]; then + build_and_push_images +fi -# Apply general config -kubectl apply -n $CLUSTER_NAME -f config.yaml +cd "$SCRIPT_DIR/.." || exit 1 -# Traefik +# Deploy traefik +helm repo add traefik https://traefik.github.io/charts +helm repo update helm upgrade --install traefik traefik/traefik -n $CLUSTER_NAME -f traefik/values.yaml + kubectl apply -n $CLUSTER_NAME -f traefik/cors.yaml kubectl apply -n $CLUSTER_NAME -f traefik/strip-prefix.yaml -# MongoDB +# Deploy threadit application +kubectl create secret generic "bucket-secret" \ + --from-literal="$GCS_KEY.json=$BUCKET_SECRET" \ + -n $CLUSTER_NAME --dry-run=client -o yaml | kubectl apply -f - + +kubectl create secret generic "mongo-secret" \ + --from-literal="MONGO_INITDB_ROOT_USERNAME=$MONGO_USER" \ + --from-literal="MONGO_INITDB_ROOT_PASSWORD=$MONGO_PASS" \ + -n $CLUSTER_NAME --dry-run=client -o yaml | kubectl apply -f - + +kubectl apply -n $CLUSTER_NAME -f config.yaml kubectl apply -n $CLUSTER_NAME -f mongo/ -# Services for SERVICE in "${SERVICES[@]}"; do - kubectl apply -n $CLUSTER_NAME -f services/$SERVICE/ + kubectl apply -n $CLUSTER_NAME -f services/"$SERVICE-service"/ done -# gRPC Gateway kubectl apply -n $CLUSTER_NAME -f grpc-gateway/ \ No newline at end of file diff --git a/code/kubernetes/services/db-service/db-secret.yaml b/code/kubernetes/services/db-service/db-secret.yaml deleted file mode 100644 index ef347a5..0000000 --- a/code/kubernetes/services/db-service/db-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: db-secret -type: Opaque -data: - gcs-key.json: ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAidGhyZWFkaXQtYXBpIiwKICAicHJpdmF0ZV9rZXlfaWQiOiAiZTBmYzJiYWE2NDFlYjNlNTAwYzU4ZTU4Nzg4NmY4ODNkMWEwYTRmNCIsCiAgInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZnSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2d3Z2dTa0FnRUFBb0lCQVFDdVNXQ3UvTDFOazkxeFxuTFJQNzVrV1dqRGtXVC9ESVBlQmw5QmtBL21nQVRPVXN5cnU3b2NqL0dnMVNSMk9VSUVXbXhTSmtiZFducklja1xub2ZCWDJEOU8wV3FOa05XdmgrUU9iTlRnb0pNT2ptVmJ2YnZmdVdPRjFjMFd6VzVhbG14aiswNUJFWVJTUWlIaFxuTnVoMHQ2MWwwTWNYa2owTmhnVGdYN2NHY1VaYzE0OVgyVkVzM3Y5amVIY0pqMC9jZVYvL0NDNWFyOFJvZ214clxuSnY5RGoycjV2ckYvRjR6OUo1NlI1dFptVWp2ZkwwRFZjbXBPYmZBMkR3dUR6anRvSWFKZzYwL3BpUTVxZHdrWlxuVit4cnJYWlhTcVVReW9rbUpXVDZJT3UrRUg1YXByVS9QWUFiNjZKbzRSbmwxSXNpQWE2WE5meWowQ3pPT2pjUVxuUDVFTHRXTk5BZ01CQUFFQ2dnRUFDZForZ2ZkN2xXREpXU3JGa1ZjdGltZno0NmN6aDQ5bWxwcXhacUJMQXBQL1xuUTdOVjV0WWxDd2FreGR1SWFzTnFRR3IrOFZMNTE4aDNWY0ZicmJtNUtSdk5FSnlpVXp3dnlxMzkvaktuaFE5OVxuOTlzU2tIaGQwOG9wRk5FWHhPbEV5UWdBZDNwNCs2T3hWemgxai91N2xVbTBVMGVmOFVsNnNQejJKSU9mQ0gwblxuMEFxTmJVZDhSV1R4TGVFM1lvbjAwU3NtRW44Tk00aEozVVkwbXBrMWpGamtHVTNqNmsyMmJJdnNXUm0ySzgxTVxuZ0RUL1VmdVFscW9QQTZEVDU4VEhrUEh0Q1BXVE5HRzV5Y0RReUx6YlcreTEzaWordWl0TUttdjl2ZTYyeWtRZ1xuQzdXSXNGaHg3Y1FDZ0xhT3NyclpEalFmNWppM08rQUF4cWNQM05DTmdRS0JnUURyUWpaZ2J1L3drSHAvRWxicFxuNWhCZ0lHc0g1Q1VtMFJDakdQd05vVThnZVlvRW1OMUFMeVZ3MDNDb2ZjVW1DNUR3YUdnZVNwaDMzUzFqeFluMlxucUkwWkJXTUFJUDJzR0FqdVdMZ1djeGtjQ1U5YWx6eEFteUZFVG5iOCtMWGhCV20vMitndm1XMk5jWEt1cmJRU1xuQjIxM1crcU9DbEVEdXdhREx4bTFJOGd2TVFLQmdRQzlwd2JuaHRVUnQwWUpmRzNmYzVLRTErMCsvQ2xLK0hSUlxueFZDQmVMSnEzeXFLaEFJZHUvTVdxS21DM1FOc282RVByL2hLaEZscjFETStRV1JGb1RqMXAzVnhyVlE5K0phTlxuZW96dC9lanBGUzl2N0FCemFlUFBjbjRNS2ZFT0hDY1J1ZDFLa1JXMDhqanVNT2NUa0tzZEFDa3hjcEFWVmJBNFxuZUhybE1BR0czUUtCZ0V1Q2JnZVhzK1dueWRsOVhtNG1qTHo5eXJ5MnFvSUIrbkFPOWQrK0ZiS2JzQVAzdUpRQVxuVGVrZnhIb2dIQ1l3OGkxbnBYdUxmOUtCS0M5czJQSlZlU3c5d1YvcU51R0V1V0VmRXI4SjVGWk9XcXo5KzdYVVxuMU9HaXVhaEtmNzRneWFkdUF1RThRcUJ5ZUZlK294eGlTKzFTa0Q5VTZsbmpMcHp1Z2piVXJFMFJBb0dCQUk2NFxuYm1xM3ZncUorSXZVOXI1TXMvdUNuMGhoN1JVOUtoUUxRQTFlN2kyYzZkKzVmZm93WWJ3d2l2Z3ZLSStPQi92TlxuT2pXaHFjV0t1RkZtVm5aTDRKaUZQODJmV2FFVlBQOFZOWTg0SUJtZjFzWU1QVDZkZGxHNzRIMTQ1cTN1bzd3a1xuT2hNT1lkNTgxamp4MWtPVUFDRmY2S0FNamI5d2I1L2ZrdVI4bnZtRkFvR0JBTmNNTWhKQUxOeXlMTHRsWG81R1xuT1RORVFGRXJGT3NPckJ4cldKWDNLN2lmUTNTemVqNXUzZGg3bFBtUCs3WG5WbHBtai9mUE05bS9uM2h5UGd0RVxuUGIvQTdkbU1WRmtobGo5ZmlnL0N0MGNpYzNRQlZpamhWL0NaLytVaGdsQXlSeXBieHV6S1NacDNVeGk4M256blxuVnBBUWFlZzVoMVpPWmczZTN2NE5nTHhsXG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAogICJjbGllbnRfZW1haWwiOiAidGhyZWFkaXQtc2VydmljZS1hY2NvdW50QHRocmVhZGl0LWFwaS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6ICIxMTQwNzMyNzcwODg2NTQ2MzQ4MDUiLAogICJhdXRoX3VyaSI6ICJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvYXV0aCIsCiAgInRva2VuX3VyaSI6ICJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3RocmVhZGl0LXNlcnZpY2UtYWNjb3VudCU0MHRocmVhZGl0LWFwaS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgInVuaXZlcnNlX2RvbWFpbiI6ICJnb29nbGVhcGlzLmNvbSIKfQo= \ No newline at end of file diff --git a/code/kubernetes/services/db-service/deployment.yaml b/code/kubernetes/services/db-service/deployment.yaml index 2b5038e..0ca80e8 100644 --- a/code/kubernetes/services/db-service/deployment.yaml +++ b/code/kubernetes/services/db-service/deployment.yaml @@ -28,17 +28,17 @@ spec: value: "mongodb://$(MONGO_INITDB_ROOT_USERNAME):$(MONGO_INITDB_ROOT_PASSWORD)@mongodb:27017/$(MONGO_INITDB_DATABASE)?authSource=admin" envFrom: - secretRef: - name: mongodb-credentials + name: mongo-secret - configMapRef: name: threadit-config volumeMounts: - mountPath: /var/secret/gcp/ - name: gcs-credentials + name: bucket-credentials readOnly: true volumes: - - name: gcs-credentials + - name: bucket-credentials secret: - secretName: db-secret + secretName: bucket-secret items: - key: gcs-key.json path: gcs-key.json