Merge pull request #5 from joswayski/genkey

Gibs key on FE, docs

.gitignore

@@ -0,0 +1 @@
+root*

k8s/templates/deployment.yaml

@@ -1,44 +1,69 @@
-{{- if .Values.deployments }}
+{{- if .Values.deployment }}
+{{- with .Values.deployment }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Values.deployments.name }}
+  name: {{ .metadata.name }}
   labels:
-    app: {{ .Values.deployments.name }}
+    app: {{ .metadata.name }}
 spec:
-  replicas: {{ .Values.deployments.replicas }}
+  replicas: {{ .spec.replicas }}
   selector:
     matchLabels:
-      app: {{ .Values.deployments.name }}
+      app: {{ .metadata.name }}
   strategy:
     type: RollingUpdate
     rollingUpdate:
-      maxUnavailable: {{ .Values.deployments.maxUnavailable }}
-      maxSurge: {{ .Values.deployments.maxSurge }}
+      maxUnavailable: {{ .spec.strategy.rollingUpdate.maxUnavailable }}
+      maxSurge: {{ .spec.strategy.rollingUpdate.maxSurge }}
   template:
     metadata:
       labels:
-        app: {{ .Values.deployments.name }}
+        app: {{ .metadata.name }}
     spec:
-      terminationGracePeriodSeconds: {{ $.Values.common.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .spec.template.spec.terminationGracePeriodSeconds }}
       containers:
-        {{- range .Values.deployments.containers }}
+        {{- range .spec.template.spec.containers }}
         - name: {{ .name }}
           image: {{ .image }}
+          imagePullPolicy: Always
           ports:
-            - containerPort: {{ .port }}
+            # - name: metrics
+            #   containerPort: {{ .port }}
+            - name: http
+              containerPort: {{ .port }}
           env:
+            # Add the pod name for logging - TODO
             - name: POD_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.name
-            {{- range $key, $value := .env }}
+              # Add any shared secrets
+            {{- range $key, $value := $.Values.env }}
             - name: {{ $key }}
+              {{- if $value.value }}
+              value: {{ $value.value | quote }}
+              {{- else if $value.secretKeyRef }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ $value.secretKeyRef.name }}
-                  key: {{ $value.secretKeyRef.key }}
+                  name: {{ $value.secretKeyRef.name | quote }}
+                  key: {{ $value.secretKeyRef.key | quote }}
+              {{- end }}
             {{- end }}
+              # Add application specific secrets
+            {{- range $key, $value := .env }}
+            - name: {{ $key }}
+              {{- if $value.value }}
+              value: {{ $value.value | quote }}
+              {{- else if $value.secretKeyRef }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $value.secretKeyRef.name | quote }}
+                  key: {{ $value.secretKeyRef.key | quote }}
+              {{- end }}
+            {{- end }}  
+
+
           volumeMounts:
             {{- range .volumeMounts }}
             - name: {{ .name }}
@@ -48,23 +73,18 @@ spec:
           lifecycle:
             preStop:
               exec:
-                command:
-                  [
-                    "sh",
-                    "-c",
-                    "sleep {{ $.Values.deployments.preStopSleepSeconds }}",
-                  ]
+                command: {{ .lifecycle.preStop.exec.command }}
           readinessProbe:
             httpGet:
-              path: {{ $.Values.deployments.healthCheckPath }}
+              path: {{ .readinessProbe.httpGet.path  }}
               port: {{ .port }}
-            initialDelaySeconds: {{ $.Values.deployments.initialDelaySeconds }}
-            periodSeconds: {{ $.Values.deployments.periodSeconds }}
+            initialDelaySeconds: {{ .readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .readinessProbe.periodSeconds }}
             timeoutSeconds: 5
             failureThreshold: 3
         {{- end }}
       volumes:
-        {{- range .Values.deployments.volumes }}
+        {{- range .spec.template.spec.volumes }}
         - name: {{ .name }}
           {{- if .secret }}
           secret:
@@ -77,3 +97,4 @@ spec:
           {{- end }}
         {{- end }}
 {{- end }}
+{{- end }}

k8s/templates/ingress.yaml

@@ -3,14 +3,14 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ .name }}
+  name: {{ .metadata.name }}
   annotations:
-    {{- range $key, $value := .annotations }}
+    {{- range $key, $value := .metadata.annotations }}
     {{ $key }}: {{ $value | quote }}
     {{- end }}
 spec:
   rules:
-    {{- range .rules }}
+    {{- range .spec.rules }}
     - host: "{{ .host }}"
       http:
         paths:
@@ -24,5 +24,13 @@ spec:
                   number: {{ .backend.service.port.number }}
           {{- end }}
     {{- end }}
+  tls:
+    {{- range .spec.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - "{{ . }}"
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
 {{- end }}
 {{- end }}

k8s/templates/service.yaml

@@ -1,18 +1,18 @@
-{{- if .Values.services }}
-{{- with .Values.services }}
+{{- if .Values.service }}
+{{- with .Values.service }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .name }}
+  name: {{ .metadata.name }}
 spec:
-  clusterIP: {{ .clusterIP }}
+  clusterIP: {{ .spec.clusterIP }}
   selector:
-    app: {{ .name }}
+    app: {{ .spec.selector.app }}
   ports:
+    {{- range .spec.ports }}
     - protocol: TCP
-      # Port the pod listens on - global value from common.yaml
-      port: {{ .defaultContainerPort }}
-      # Port that the service is exposed on
-      targetPort: {{ .port }}
+      port: {{ .port }}
+      targetPort: {{ .targetPort }}
+    {{- end }}
 {{- end }}
 {{- end }}

k8s/values/api.yaml

@@ -0,0 +1,39 @@
+service:
+  metadata:
+    name: api
+  spec:
+    # clusterIP: None
+    selector:
+      app: api
+    ports:
+      - port: 80
+        targetPort: 8080
+
+
+deployment:
+  metadata:
+    name: api
+
+  spec:
+    replicas: 1 # :D
+    template:
+      spec:
+        terminationGracePeriodSeconds: 10
+        containers:
+          - name: api
+            image: joswayski/averagedatabase-api:latest
+            port: 8080
+
+            readinessProbe:
+              periodSeconds: 10
+              initialDelaySeconds: 10
+              httpGet:
+                path: /health
+            lifecycle:
+              preStop:
+                exec:
+                  command: ["sh", "-c", "sleep 10"]
+    strategy:
+      rollingUpdate:
+        maxSurge: 1
+        maxUnavailable: 0

k8s/values/ingress.yaml

@@ -1,55 +1,53 @@
-# Must start with 'ingress' key
 ingress:
-  name: ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-  rules:
-    - host: "averagedatabase.com"
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: web
-                port:
-                  number: 80
-          # - path: /api/
-          #   pathType: Prefix
-          #   backend:
-          #     service:
-          #       name: api
-          #       port:
-          #         number: 80
-    - host: "averagedatabase.com/api/"
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: api
-                port:
-                  number: 80
-    - host: "*.averagedatabase.com" 
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: web
-                port:
-                  number: 80
-  # Temporarily disabled while i get unbanned from lets-encrypt
-  # tls: 
-  #   - hosts:
-  #       - "plutomi.com"
-  #       # HAVE TO USE DNS FOR WILDCARD CERT
-  #       # CURRENTLY BANNED :D
-  #       # https://stackoverflow.com/questions/68219076/cert-manager-no-configured-challenge-solvers-can-be-used-for-this-challenge
-  #       # https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/
-  #       - "services.plutomi.com" # not being used just needed a new cert
-  #     secretName: plutomi-tls-secret
-
-
+  metadata:
+    name: ingress
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt
+  spec:
+    rules:
+      - host: "averagedatabase.com"
+        http:
+          paths:
+          # Redirect to the API
+            - path: /api/
+              pathType: Prefix
+              backend:
+                service:
+                  name: api
+                  port:
+                    number: 80
+            - path: /api
+              pathType: Prefix
+              backend:
+                service:
+                  name: api
+                  port:
+                    number: 80
+          # Everything else goes to web
+            - path: /
+              pathType: Prefix
+              backend:
+                service:
+                  name: web
+                  port:
+                    number: 80
+      - host: "*.averagedatabase.com" 
+        http:
+          paths:
+            - path: /
+              pathType: Prefix
+              backend:
+                service:
+                  name: web
+                  port:
+                    number: 80
+    # tls:
+    #   - hosts:
+    #       - "plutomi.com"
+    #       # YOU HAVE TO USE DNS FOR WILDCARD CERT
+    #       # https://stackoverflow.com/questions/68219076/cert-manager-no-configured-challenge-solvers-can-be-used-for-this-challenge
+    #       # https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/
+    #       # If you get banned for too many cert attempts, just add a new domain
+    #       # and you can create a new cert. Wildcard, ideally, is best.
+    #       - "*.plutomi.com" 
+    #     secretName: plutomi-tls-secret

k8s/values/production.yaml

@@ -0,0 +1,6 @@
+
+env:
+  ENVIRONMENT:
+    value: production
+  BASE_API_URL:
+    value: http://api.default.svc.cluster.local:80