Cadoles
/
hydra-sql
21
0
Fork 0
Code Issues 4 Pull Requests 1 Projects Releases Wiki Activity

issue-14: structure kubernetes
Cadoles/hydra-sql/pipeline/pr-develop This commit looks good Details

This commit is contained in:
Rudy Masson 2023-06-15 15:38:14 +02:00
parent 6e3f0e7a61
commit 22231f791f
29 changed files with 308 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Makefile
View File

@ -1,46 +1,10 @@
CI_COMPOSE=FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose -f docker-compose.yml ################################
HYDRA_SQL_SHELL_USER ?= www-data: # Makefile for Cadoles SP
DOCKER_CMD ?= ################################
DOCKER_IMAGE_NAME ?= login-app-sql_hydra-sql
up:
FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose up --build
down: IMAGE_REPO ?= reg.cadoles.com/cadoles
docker-compose down -v IMAGE_VERSION ?= 0.0.1
purge: DAY_SUFFIX_TAG ?= $(shell date +%Y%m%d)
docker-compose down -v --remove-orphans --rmi local
hydra-sql-shell: include main.mk
$(CI_COMPOSE) exec \
-u "$(HYDRA_SQL_SHELL_USER)" \
hydra-sql \
/bin/bash
APP_LOCALES ?= fr,en
HYDRA_ADMIN_BASE_URL ?= http://hydra:4445
TRUSTED_PROXIES ?= 127.0.0.1,REMOTE_ADDR,localhost
ISSUER_URL ?= http://localhost:8000
BASE_URL ?= http://localhost:8080
DB_USER ?= lasql
DB_PASSWORD ?= lasql
DEFAULT_LOCALE ?= fr
BDD ?= postgres
DSN_REMOTE_DATABASE=mysql:host=mariadb;port=3306;dbname=lasql
up-mysql:
docker run \
-it --rm \
-p 8080:80 \
-e APP_LOCALES=$(APP_LOCALES) \
-e HYDRA_ADMIN_BASE_URL=$(HYDRA_ADMIN_BASE_URL) \
-e TRUSTED_PROXIES=$(TRUSTED_PROXIES) \
-e ISSUER_URL=$(ISSUER_URL) \
-e BASE_URL=$(BASE_URL) \
-e DB_USER=$(DB_USER) \
-e DB_PASSWORD=$(DB_PASSWORD) \
-e DEFAULT_LOCALE=$(DEFAULT_LOCALE) \
-e DSN_REMOTE_DATABASE=$(DSN_REMOTE_DATABASE) \
$(DOCKER_IMAGE_NAME):latest \
$(DOCKER_CMD)

4
config/packages/cache.yaml
View File

@ -8,8 +8,8 @@ framework:
# Other options include: # Other options include:
# Redis # Redis
app: cache.adapter.redis # app: cache.adapter.redis
default_redis_provider: '%env(REDIS_URL)%' # default_redis_provider: '%env(REDIS_URL)%'
# APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues) # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
#app: cache.adapter.apcu #app: cache.adapter.apcu

2
config/packages/framework.yaml
View File

@ -12,7 +12,7 @@ framework:
# Enables session support. Note that the session will ONLY be started if you read or write from it. # Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support. # Remove or comment this section to explicitly disable session support.
session: session:
handler_id: '%env(REDIS_URL)%' handler_id: null
cookie_secure: auto cookie_secure: auto
cookie_samesite: lax cookie_samesite: lax
storage_factory_id: session.storage.factory.native storage_factory_id: session.storage.factory.native

13
docker-compose.yml
View File

@ -28,6 +28,7 @@ services:
DSN_REMOTE_DATABASE: pgsql:host='postgres';port=5432;dbname=lasql; DSN_REMOTE_DATABASE: pgsql:host='postgres';port=5432;dbname=lasql;
HASH_ALGO_LEGACY: sha256 HASH_ALGO_LEGACY: sha256
SECURITY_PATTERN: password,salt,pepper SECURITY_PATTERN: password,salt,pepper
REDIS_URL: redis://redis:6379
oidc-test: oidc-test:
image: bornholm/oidc-test:v0.0.0-1-g936a77e image: bornholm/oidc-test:v0.0.0-1-g936a77e
environment: environment:
@ -108,12 +109,12 @@ services:
- ./containers/compose/mariadb/init-db.d:/docker-entrypoint-initdb.d/:ro - ./containers/compose/mariadb/init-db.d:/docker-entrypoint-initdb.d/:ro
- mariadb:/var/lib/mysql - mariadb:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
redis: # redis:
image: redis:7.2-rc2-alpine # image: redis:7.2-rc2-alpine
environment: # environment:
- TZ=Europe/Paris # - TZ=Europe/Paris
volumes: # volumes:
- /etc/localtime:/etc/localtime:ro # - /etc/localtime:/etc/localtime:ro
volumes: volumes:
postgres: postgres:
mariadb: mariadb:

80
main.mk Normal file
View File

@ -0,0 +1,80 @@
IMAGES_DIR := ./misc/images
#
# $1: IMAGE_NAME
#
define build_image
echo "Building ${IMAGE_REPO}/$1";\
docker build \
-t "${IMAGE_REPO}/$1:$(IMAGE_VERSION)" \
-f ${IMAGES_DIR}/$1/Dockerfile \
.
endef
#
# $1: IMAGE_NAME
# $2: IMAGE_TAG
#
define scan_image
echo "Scanning ${IMAGE_REPO}/$1"; \
mkdir -p .trivy/$(IMAGE_REPO)/$1; \
tools/trivy/bin/trivy --cache-dir .trivy/.cache image -o ".trivy/$(IMAGE_REPO)/$1/$2/report.txt" $(TRIVY_ARGS) $(IMAGE_REPO)/$1:$2 ; \
cat ".trivy/$(IMAGE_REPO)/$1/$2report.txt"
endef
define install_trivy
mkdir -p tools/trivy/bin ; \
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
endef
define release_image
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) ; \
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION); \
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:latest ; \
docker push $(IMAGE_REPO)/$1:latest ; \
docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION) ; \
docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
endef
#list:
build: ${IMAGES_DIR}/*
@for name in $(basename $(notdir $^)); do \
$(call build_image,$${name}); \
done;\
scan: ${IMAGES_DIR}/*
$(call install_trivy)
@for name in $(basename $(notdir $^)); do \
$(call scan_image,$${name}); \
done;\
tools/trivy/bin/trivy:
mkdir -p tools/trivy/bin
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
release: ${IMAGES_DIR}/*
@for name in $(basename $(notdir $^)); do \
$(call release_image,$${name},base); \
done;\
_release:
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
_test: tools/bin/bash_unit
tools/bin/bash_unit ./tests/test_$(IMAGE_TAG).sh
tools/bin/bash_unit:
mkdir -p tools/bin
cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
up:
skaffold dev -p dev --default-repo ${IMAGE_REPO}
##include recipes/*.mk

12
misc/images/hydra-sql-kube/Dockerfile
View File

@ -1,11 +1,3 @@
ARG ADDITIONAL_PACKAGES=" ARG ADDITIONAL_PACKAGES="bash mysql-client php81-cli php81-pdo_pgsql php81-pdo_mysql php81-mysqli php81-pgsql"
bash
mysql-client
php81-cli
php81-pdo_pgsql
php81-pdo_mysql
php81-mysqli
php81-pgsql
"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-base FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone

10
misc/images/hydra-sql-standalone/Dockerfile
View File

@ -1,11 +1,3 @@
ARG ADDITIONAL_PACKAGES=" ARG ADDITIONAL_PACKAGES="bash mysql-client php81-cli php81-pdo_pgsql php81-pdo_mysql php81-mysqli php81-pgsql"
bash
mysql-client
php81-cli
php81-pdo_pgsql
php81-pdo_mysql
php81-mysqli
php81-pgsql
"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone

0
misc/images/k8s/kind/cluster/kustomization.yaml → misc/k8s/kind/cluster/kustomization.yaml
View File

0
misc/images/k8s/kind/cluster/lb/kustomization.yaml → misc/k8s/kind/cluster/lb/kustomization.yaml
View File

0
misc/images/k8s/kind/cluster/lb/resources/advertise.yaml → misc/k8s/kind/cluster/lb/resources/advertise.yaml
View File

0
misc/images/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml → misc/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml
View File

0
misc/images/k8s/kind/kind-cluster.yaml → misc/k8s/kind/kind-cluster.yaml
View File

8
misc/k8s/kustomization/base/components/app-cnpg/configurations/cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,8 @@
---
nameReference:
- kind: Secret
fieldSpecs:
- path: spec/superuserSecret/name
kind: Cluster
- path: spec/bootstrap/initdb/secret/name
kind: Cluster

32
misc/k8s/kustomization/base/components/app-cnpg/kustomization.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
generatorOptions:
disableNameSuffixHash: true
configurations:
- ./configurations/cnpg-cluster.yaml
resources:
- ./resources/hydra-sql-cnpg-cluster.yaml
secretgenerator:
- name: hydra-sql-postgres-admin
type: secret
literals:
- username=postgres
- password=notsosecret
- name: hydra-sql-postgres-user
type: Secret
literals:
- username=hydra-sql
- password=NotSoSecretButThisIsBad
vars:
- name: APP_DATABASE_SERVICE_NAME
objref:
name: hydra-sql-postgres
kind: Cluster
apiVersion: postgresql.cnpg.io/v1
fieldref:
fieldpath: metadata.name

17
misc/k8s/kustomization/base/components/app-cnpg/resources/hydra-sql-cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: hydra-sql-postgres
spec:
instances: 3
primaryUpdateStrategy: unsupervised
superuserSecret:
name: hydra-sql-postgres-admin
bootstrap:
initdb:
database: hydra-sql
owner: hydra-sql
secret:
name: hydra-sql-postgres-user
storage:
size: 20Gi

10
misc/k8s/kustomization/base/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: hydra-sql-
components:
- components/hydra-sql-cnpg
resources:
- resources/hydra-sql-kube

6
misc/k8s/kustomization/base/resources/app-kube/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./resources/hydra-sql-service.yaml
- ./resources/hydra-sql-deployment.yaml

55
misc/k8s/kustomization/base/resources/app-kube/resources/hydra-sql-deployment.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: hydra-sql
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: hydra-sql
spec:
restartPolicy: Always
containers:
- image: reg.cadoles.com/cadoles/hydra-sql-kube
imagePullPolicy: Always
name: hydra-sql-php-fpm
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
resources: {}
env:
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LOG_LEVEL
value: warning
- name: APP_DATABASE_SERVICE_NAME
value: $(APP_DATABASE_SERVICE_NAME)-rw
- image: reg.cadoles.com/cadoles/hydra-sql-kube
imagePullPolicy: Always
name: hydra-sql-nginx
args: ["/usr/sbin/nginx"]
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports:
- containerPort: 8080
resources: {}

14
misc/k8s/kustomization/base/resources/app-kube/resources/hydra-sql-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
type: ClusterIP
ports:
- name: hydra-sql-http
port: 80
targetPort: 8080
selector:
io.kompose.service: hydra-sql

3
misc/k8s/kustomization/base/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/base/secrets/.gitkeep Normal file
View File

21
misc/k8s/kustomization/overlays/dev/kustomization.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: hydra-sql-dev
resources:
- ../../base
- resources/namespace.yaml
- resources/ingress.yaml
patches:
- path: patches/update-replicas-for-hydra-sql.yaml
- path: patches/add-registry-pull-secret.yaml
target:
kind: Deployment
version: v1
secretGenerator:
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson

4
misc/k8s/kustomization/overlays/dev/patches/add-registry-pull-secret.yaml Normal file
View File

@ -0,0 +1,4 @@
- op: add
path: "/spec/template/spec/imagePullSecrets"
value:
- name: regcred-dev

8
misc/k8s/kustomization/overlays/dev/patches/update-replicas-for-app.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
replicas: 1

21
misc/k8s/kustomization/overlays/dev/resources/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hydra-sql
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
spec:
ingressClassName: nginx
rules:
- host: hydra-sql.dev.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hydra-sql
port:
number: 8080

4
misc/k8s/kustomization/overlays/dev/resources/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: hydra-sql-dev

3
misc/k8s/kustomization/overlays/dev/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/overlays/dev/secrets/.gitkeep Normal file
View File

4
skaffold.yaml
View File

@ -29,7 +29,7 @@ build:
sha256: {} sha256: {}
artifacts: artifacts:
- image: reg.cadoles.com/cadoles/app-kube - image: reg.cadoles.com/cadoles/hydra-sql-kube
context: . context: .
sync: sync:
infer: infer:
@ -39,7 +39,7 @@ build:
- scripts/** - scripts/**
- templates/** - templates/**
kaniko: kaniko:
dockerfile: misc/images/app-kube/Dockerfile dockerfile: misc/images/hydra-sql-kube/Dockerfile
cache: {} cache: {}
deploy: deploy: