Cadoles
/
hydra-sql
21
0
Fork 0
Code Issues 4 Pull Requests 1 Projects Releases Wiki Activity

issue-14: modification Dockerfile + structure k8S (à compléter) #15

Closed
rmasson wants to merge 5 commits from issue-14 into develop
pull from: issue-14
merge into: Cadoles:develop
Conversation 26 Commits 5 Files Changed 45 +308 -73
29 changed files with 308 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 22231f791f - Show all commits

50
Makefile
View File

@ -1,46 +1,10 @@
CI_COMPOSE=FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose -f docker-compose.yml
HYDRA_SQL_SHELL_USER ?= www-data:
DOCKER_CMD ?=
DOCKER_IMAGE_NAME ?= login-app-sql_hydra-sql
up:
FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose up --build
################################
# Makefile for Cadoles SP
################################
down:
docker-compose down -v
IMAGE_REPO ?= reg.cadoles.com/cadoles
IMAGE_VERSION ?= 0.0.1
purge:
docker-compose down -v --remove-orphans --rmi local
DAY_SUFFIX_TAG ?= $(shell date +%Y%m%d)
hydra-sql-shell:
$(CI_COMPOSE) exec \
-u "$(HYDRA_SQL_SHELL_USER)" \
hydra-sql \
/bin/bash
APP_LOCALES ?= fr,en
HYDRA_ADMIN_BASE_URL ?= http://hydra:4445
TRUSTED_PROXIES ?= 127.0.0.1,REMOTE_ADDR,localhost
ISSUER_URL ?= http://localhost:8000
BASE_URL ?= http://localhost:8080
DB_USER ?= lasql
DB_PASSWORD ?= lasql
DEFAULT_LOCALE ?= fr
BDD ?= postgres
DSN_REMOTE_DATABASE=mysql:host=mariadb;port=3306;dbname=lasql
up-mysql:
docker run \
-it --rm \
-p 8080:80 \
-e APP_LOCALES=$(APP_LOCALES) \
-e HYDRA_ADMIN_BASE_URL=$(HYDRA_ADMIN_BASE_URL) \
-e TRUSTED_PROXIES=$(TRUSTED_PROXIES) \
-e ISSUER_URL=$(ISSUER_URL) \
-e BASE_URL=$(BASE_URL) \
-e DB_USER=$(DB_USER) \
-e DB_PASSWORD=$(DB_PASSWORD) \
-e DEFAULT_LOCALE=$(DEFAULT_LOCALE) \
-e DSN_REMOTE_DATABASE=$(DSN_REMOTE_DATABASE) \
$(DOCKER_IMAGE_NAME):latest \
$(DOCKER_CMD)
include main.mk

4
config/packages/cache.yaml
View File

@ -8,8 +8,8 @@ framework:
# Other options include:
# Redis
app: cache.adapter.redis
default_redis_provider: '%env(REDIS_URL)%'
# app: cache.adapter.redis
# default_redis_provider: '%env(REDIS_URL)%'
# APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
#app: cache.adapter.apcu

2
config/packages/framework.yaml
View File

@ -12,7 +12,7 @@ framework:
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:
handler_id: '%env(REDIS_URL)%'
handler_id: null
cookie_secure: auto
cookie_samesite: lax
storage_factory_id: session.storage.factory.native

13
docker-compose.yml
View File

@ -28,6 +28,7 @@ services:
DSN_REMOTE_DATABASE: pgsql:host='postgres';port=5432;dbname=lasql;
HASH_ALGO_LEGACY: sha256
SECURITY_PATTERN: password,salt,pepper
REDIS_URL: redis://redis:6379
oidc-test:
image: bornholm/oidc-test:v0.0.0-1-g936a77e
environment:
@ -108,12 +109,12 @@ services:
- ./containers/compose/mariadb/init-db.d:/docker-entrypoint-initdb.d/:ro
- mariadb:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
redis:
image: redis:7.2-rc2-alpine
environment:
- TZ=Europe/Paris
volumes:
- /etc/localtime:/etc/localtime:ro
# redis:
# image: redis:7.2-rc2-alpine
# environment:
# - TZ=Europe/Paris
# volumes:
# - /etc/localtime:/etc/localtime:ro
volumes:
postgres:
mariadb:

80
main.mk Normal file
View File

@ -0,0 +1,80 @@
IMAGES_DIR := ./misc/images
#
# $1: IMAGE_NAME
#
define build_image
echo "Building ${IMAGE_REPO}/$1";\
docker build \
-t "${IMAGE_REPO}/$1:$(IMAGE_VERSION)" \
-f ${IMAGES_DIR}/$1/Dockerfile \
.
endef
#
# $1: IMAGE_NAME
# $2: IMAGE_TAG
#
define scan_image
echo "Scanning ${IMAGE_REPO}/$1"; \
mkdir -p .trivy/$(IMAGE_REPO)/$1; \
tools/trivy/bin/trivy --cache-dir .trivy/.cache image -o ".trivy/$(IMAGE_REPO)/$1/$2/report.txt" $(TRIVY_ARGS) $(IMAGE_REPO)/$1:$2 ; \
cat ".trivy/$(IMAGE_REPO)/$1/$2report.txt"
endef
define install_trivy
mkdir -p tools/trivy/bin ; \
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
endef
define release_image
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG) ; \
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:$(IMAGE_VERSION); \
docker tag $(IMAGE_REPO)/$1:$(IMAGE_VERSION) $(IMAGE_REPO)/$1:latest ; \
docker push $(IMAGE_REPO)/$1:latest ; \
docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION) ; \
docker push $(IMAGE_REPO)/$1:$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
endef
#list:
build: ${IMAGES_DIR}/*
@for name in $(basename $(notdir $^)); do \
$(call build_image,$${name}); \
done;\
scan: ${IMAGES_DIR}/*
$(call install_trivy)
@for name in $(basename $(notdir $^)); do \
$(call scan_image,$${name}); \
done;\
tools/trivy/bin/trivy:
mkdir -p tools/trivy/bin
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.27.1
release: ${IMAGES_DIR}/*
@for name in $(basename $(notdir $^)); do \
$(call release_image,$${name},base); \
done;\
_release:
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
docker tag $(IMAGE_FULL_NAME):$(IMAGE_TAG) $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)-$(DAY_SUFFIX_TAG)
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-$(IMAGE_VERSION)
docker push $(IMAGE_FULL_NAME):$(IMAGE_TAG)-latest
_test: tools/bin/bash_unit
tools/bin/bash_unit ./tests/test_$(IMAGE_TAG).sh
tools/bin/bash_unit:
mkdir -p tools/bin
cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
up:
skaffold dev -p dev --default-repo ${IMAGE_REPO}
##include recipes/*.mk

12
misc/images/hydra-sql-kube/Dockerfile
View File

@ -1,11 +1,3 @@
ARG ADDITIONAL_PACKAGES="
bash
mysql-client
php81-cli
php81-pdo_pgsql
php81-pdo_mysql
php81-mysqli
php81-pgsql
"
ARG ADDITIONAL_PACKAGES="bash mysql-client php81-cli php81-pdo_pgsql php81-pdo_mysql php81-mysqli php81-pgsql"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-base
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone

10
misc/images/hydra-sql-standalone/Dockerfile
View File

@ -1,11 +1,3 @@
ARG ADDITIONAL_PACKAGES="
bash
mysql-client
php81-cli
php81-pdo_pgsql
php81-pdo_mysql
php81-mysqli
php81-pgsql
"
ARG ADDITIONAL_PACKAGES="bash mysql-client php81-cli php81-pdo_pgsql php81-pdo_mysql php81-mysqli php81-pgsql"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone

0
misc/images/k8s/kind/cluster/kustomization.yaml → misc/k8s/kind/cluster/kustomization.yaml
View File

0
misc/images/k8s/kind/cluster/lb/kustomization.yaml → misc/k8s/kind/cluster/lb/kustomization.yaml
View File

0
misc/images/k8s/kind/cluster/lb/resources/advertise.yaml → misc/k8s/kind/cluster/lb/resources/advertise.yaml
View File

0
misc/images/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml → misc/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml
View File

0
misc/images/k8s/kind/kind-cluster.yaml → misc/k8s/kind/kind-cluster.yaml
View File

8
misc/k8s/kustomization/base/components/app-cnpg/configurations/cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,8 @@
---
nameReference:
- kind: Secret
fieldSpecs:
- path: spec/superuserSecret/name
kind: Cluster
- path: spec/bootstrap/initdb/secret/name
kind: Cluster

32
misc/k8s/kustomization/base/components/app-cnpg/kustomization.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
generatorOptions:
disableNameSuffixHash: true
configurations:
- ./configurations/cnpg-cluster.yaml
resources:
- ./resources/hydra-sql-cnpg-cluster.yaml
secretgenerator:
- name: hydra-sql-postgres-admin
type: secret
literals:
- username=postgres
- password=notsosecret
- name: hydra-sql-postgres-user
type: Secret
literals:
- username=hydra-sql
- password=NotSoSecretButThisIsBad
vars:
- name: APP_DATABASE_SERVICE_NAME
objref:
name: hydra-sql-postgres
kind: Cluster
apiVersion: postgresql.cnpg.io/v1
fieldref:
fieldpath: metadata.name

17
misc/k8s/kustomization/base/components/app-cnpg/resources/hydra-sql-cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: hydra-sql-postgres
spec:
instances: 3
primaryUpdateStrategy: unsupervised
superuserSecret:
name: hydra-sql-postgres-admin
bootstrap:
initdb:
database: hydra-sql
owner: hydra-sql
secret:
name: hydra-sql-postgres-user
storage:
size: 20Gi

10
misc/k8s/kustomization/base/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: hydra-sql-
components:
- components/hydra-sql-cnpg
resources:
- resources/hydra-sql-kube

6
misc/k8s/kustomization/base/resources/app-kube/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./resources/hydra-sql-service.yaml
- ./resources/hydra-sql-deployment.yaml

55
misc/k8s/kustomization/base/resources/app-kube/resources/hydra-sql-deployment.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: hydra-sql
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: hydra-sql
spec:
restartPolicy: Always
containers:
- image: reg.cadoles.com/cadoles/hydra-sql-kube
imagePullPolicy: Always
name: hydra-sql-php-fpm
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
resources: {}
env:
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LOG_LEVEL
value: warning
- name: APP_DATABASE_SERVICE_NAME
value: $(APP_DATABASE_SERVICE_NAME)-rw
- image: reg.cadoles.com/cadoles/hydra-sql-kube
imagePullPolicy: Always
name: hydra-sql-nginx
args: ["/usr/sbin/nginx"]
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports:
- containerPort: 8080
resources: {}

14
misc/k8s/kustomization/base/resources/app-kube/resources/hydra-sql-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
type: ClusterIP
ports:
- name: hydra-sql-http
port: 80
targetPort: 8080
selector:
io.kompose.service: hydra-sql

3
misc/k8s/kustomization/base/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/base/secrets/.gitkeep Normal file
View File

21
misc/k8s/kustomization/overlays/dev/kustomization.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: hydra-sql-dev
resources:
- ../../base
- resources/namespace.yaml
- resources/ingress.yaml
patches:
- path: patches/update-replicas-for-hydra-sql.yaml
- path: patches/add-registry-pull-secret.yaml
target:
kind: Deployment
version: v1
secretGenerator:
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson

4
misc/k8s/kustomization/overlays/dev/patches/add-registry-pull-secret.yaml Normal file
View File

@ -0,0 +1,4 @@
- op: add
path: "/spec/template/spec/imagePullSecrets"
value:
- name: regcred-dev

8
misc/k8s/kustomization/overlays/dev/patches/update-replicas-for-app.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: hydra-sql
name: hydra-sql
spec:
replicas: 1

21
misc/k8s/kustomization/overlays/dev/resources/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hydra-sql
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
spec:
ingressClassName: nginx
rules:
- host: hydra-sql.dev.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hydra-sql
port:
number: 8080

4
misc/k8s/kustomization/overlays/dev/resources/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: hydra-sql-dev

3
misc/k8s/kustomization/overlays/dev/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/overlays/dev/secrets/.gitkeep Normal file
View File

4
skaffold.yaml
View File

@ -29,7 +29,7 @@ build:
sha256: {}
artifacts:
- image: reg.cadoles.com/cadoles/app-kube
- image: reg.cadoles.com/cadoles/hydra-sql-kube
context: .
sync:
infer:
@ -39,7 +39,7 @@ build:
- scripts/**
- templates/**
kaniko:
dockerfile: misc/images/app-kube/Dockerfile
dockerfile: misc/images/hydra-sql-kube/Dockerfile
cache: {}
deploy: