feat(docker): adding first Dockerfile and kustomization

misc/k8s/kind/cluster/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/metrics?ref=develop
+- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop

misc/k8s/kind/cluster/lb/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: metallb-system
+
+resources:
+- ./resources/ipaddresspoool.yaml
+- ./resources/advertise.yaml

misc/k8s/kind/cluster/lb/resources/advertise.yaml

@@ -0,0 +1,9 @@
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: l2-ip-pool-ad
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - main-pool
+

misc/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml

@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: main-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 172.18.10.100-172.18.10.200

misc/k8s/kind/kind-cluster.yaml

@@ -0,0 +1,48 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: mse-dev
+networking:
+  podSubnet: "10.110.0.0/16"
+  serviceSubnet: "10.115.0.0/16"
+nodes:
+- role: control-plane
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 31000
+    hostPort: 31000
+    listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+  - containerPort: 80
+    hostPort: 8080
+    listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+  labels:
+    ingress-ready: true
+- role: worker
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=2Gi
+- role: worker
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=2Gi
+- role: worker
+  image: kindest/node:v1.27.2
+  kubeadmConfigPatches:
+  - |
+    kind: JoinConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        system-reserved: memory=2Gi

misc/k8s/kustomization/base/components/app-cnpg/configurations/cnpg-cluster.yaml

@@ -0,0 +1,8 @@
+---
+nameReference:
+- kind: Secret
+  fieldSpecs:
+  - path: spec/superuserSecret/name
+    kind: Cluster
+  - path: spec/bootstrap/initdb/secret/name
+    kind: Cluster

misc/k8s/kustomization/base/components/app-cnpg/kustomization.yaml

@@ -0,0 +1,32 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configurations:
+- ./configurations/cnpg-cluster.yaml
+
+resources:
+- ./resources/app-cnpg-cluster.yaml
+
+secretgenerator:
+- name: app-postgres-admin
+  type: secret
+  literals:
+  - username=postgres
+  - password=notsosecret
+- name: app-postgres-user
+  type: Secret
+  literals:
+  - username=app
+  - password=NotSoSecretButThisIsBad
+
+vars:
+- name: APP_DATABASE_SERVICE_NAME
+  objref:
+    name: app-postgres
+    kind: Cluster
+    apiVersion: postgresql.cnpg.io/v1
+  fieldref:
+    fieldpath: metadata.name

misc/k8s/kustomization/base/components/app-cnpg/resources/app-cnpg-cluster.yaml

@@ -0,0 +1,17 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: app-postgres
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  superuserSecret:
+    name: app-postgres-admin
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      secret:
+        name: app-postgres-user
+  storage:
+    size: 20Gi

misc/k8s/kustomization/base/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namePrefix: app-
+
+components:
+- components/app-cnpg
+
+resources:
+- resources/app-kube

misc/k8s/kustomization/base/resources/app-kube/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ./resources/app-service.yaml
+- ./resources/app-deployment.yaml

misc/k8s/kustomization/base/resources/app-kube/resources/app-deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: app
+  name: app
+spec:
+  replicas: 3
+
+  selector:
+    matchLabels:
+      io.kompose.service: app
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        io.kompose.service: app
+    spec:
+      restartPolicy: Always
+      containers:
+      - image: reg.cadoles.com/cadoles/app-kube
+        imagePullPolicy: Always
+        name: app-php-fpm
+        args: ["/usr/sbin/php-fpm81", "-F", "-e"]
+        resources: {}
+        env:
+        - name: PHP_FPM_LISTEN
+          value: 127.0.0.1:9000
+        - name: PHP_MEMORY_LIMIT
+          value: 128m
+        - name: PHP_FPM_MEMORY_LIMIT
+          value: 128m
+        - name: PHP_FPM_LOG_LEVEL
+          value: warning
+        - name: APP_DATABASE_SERVICE_NAME
+          value: $(APP_DATABASE_SERVICE_NAME)-rw
+      - image: reg.cadoles.com/cadoles/app-kube
+        imagePullPolicy: Always
+        name: app-nginx
+        args: ["/usr/sbin/nginx"]
+        env:
+        - name: NGINX_APP_UPSTREAM_BACKEND_SERVER
+          value: 127.0.0.1:9000
+        - name: NGINX_APP_ROOT
+          value: "/public"
+        - name: NGINX_APP_PHP_INDEX
+          value: "/index.php"
+        - name: NGINX_ERROR_LOG_LEVEL
+          value: "warn"
+        - name: NGINX_APP_PHP_NON_FILE_PATTERN
+          value: "^/index\\.php(/|$)"
+        ports:
+        - containerPort: 8080
+        resources: {}

misc/k8s/kustomization/base/resources/app-kube/resources/app-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: app
+  name: app
+spec:
+  type: ClusterIP
+  ports:
+  - name: app-http
+    port: 80
+    targetPort: 8080
+  selector:
+    io.kompose.service: app

misc/k8s/kustomization/base/secrets/.gitignore

@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.gitkeep

misc/k8s/kustomization/overlays/dev/kustomization.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: app-dev
+
+resources:
+- ../../base
+- resources/namespace.yaml
+- resources/ingress.yaml
+
+patches:
+- path: patches/update-replicas-for-app.yaml
+- path: patches/add-registry-pull-secret.yaml
+  target:
+    kind: Deployment
+    version: v1
+
+secretGenerator:
+- files:
+  - secrets/dockerconfig/.dockerconfigjson
+  name: regcred-dev
+  type: kubernetes.io/dockerconfigjson

misc/k8s/kustomization/overlays/dev/patches/add-registry-pull-secret.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: "/spec/template/spec/imagePullSecrets"
+  value:
+  - name: regcred-dev

misc/k8s/kustomization/overlays/dev/patches/update-replicas-for-app.yaml

@@ -0,0 +1,8 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: app
+  name: app
+spec:
+  replicas: 1

misc/k8s/kustomization/overlays/dev/resources/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: app
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "138m"
+    nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
+    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: app.dev.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: app
+            port:
+              number: 8080

misc/k8s/kustomization/overlays/dev/resources/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: app-dev

misc/k8s/kustomization/overlays/dev/secrets/.gitignore

@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.gitkeep