first commit

misc/k8s/kustomization/base/components/app-cnpg/configurations/cnpg-cluster.yaml

@@ -0,0 +1,8 @@
+---
+nameReference:
+- kind: Secret
+  fieldSpecs:
+  - path: spec/superuserSecret/name
+    kind: Cluster
+  - path: spec/bootstrap/initdb/secret/name
+    kind: Cluster

misc/k8s/kustomization/base/components/app-cnpg/kustomization.yaml

@@ -0,0 +1,32 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configurations:
+- ./configurations/cnpg-cluster.yaml
+
+resources:
+- ./resources/app-cnpg-cluster.yaml
+
+secretgenerator:
+- name: postgres-admin
+  type: secret
+  literals:
+  - username=postgres
+  - password=notsosecret
+- name: postgres-user
+  type: Secret
+  literals:
+  - username=app
+  - password=NotSoSecretButThisIsBad
+
+vars:
+- name: POSTGRES_DATABASE_SERVICE_NAME
+  objref:
+    name: postgres
+    kind: Cluster
+    apiVersion: postgresql.cnpg.io/v1
+  fieldref:
+    fieldpath: metadata.name

misc/k8s/kustomization/base/components/app-cnpg/resources/app-cnpg-cluster.yaml

@@ -0,0 +1,17 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  superuserSecret:
+    name: postgres-admin
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      secret:
+        name: postgres-user
+  storage:
+    size: 20Gi

misc/k8s/kustomization/base/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+components:
+- components/app-cnpg
+
+resources:
+- resources/app
+- resources/redis

misc/k8s/kustomization/base/resources/adminer/adminer-deployment.yaml

@@ -0,0 +1,26 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    io.kompose.service: adminer
+  name: adminer
+spec:
+  selector:
+    matchLabels:
+      io.kompose.service: adminer
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        io.kompose.service: adminer
+    spec:
+      containers:
+      - name: adminer
+        image: reg.cadoles.com/afornerot/adminer
+        imagePullPolicy: "Always"
+        env:
+            - name: ADMINER_DESIGN
+              value: "pappu687"
+        ports:
+        - containerPort: 80
+        resources: {}

misc/k8s/kustomization/base/resources/adminer/adminer-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: adminer
+  name: adminer
+spec:
+  type: ClusterIP
+  ports:
+  - name: adminer
+    port: 8080
+    targetPort: 80
+  selector:
+    io.kompose.service: adminer

misc/k8s/kustomization/base/resources/adminer/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- adminer-deployment.yaml
+- adminer-service.yaml

misc/k8s/kustomization/base/resources/app/app-deployment.yaml

@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: app
+  name: app
+spec:
+  replicas: 3
+
+  selector:
+    matchLabels:
+      io.kompose.service: app
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        io.kompose.service: app
+    spec:
+      restartPolicy: Always
+      containers:
+      - image: reg.cadoles.com/afornerot/nuosso
+        imagePullPolicy: Always
+        name: app-php-fpm
+        args: ["/usr/sbin/php-fpm81", "-F", "-e"]
+        resources: {}        
+        env:
+        - name: PHP_MEMORY_LIMIT
+          value: 128m
+
+        - name: PHP_FPM_LISTEN
+          value: 127.0.0.1:9000
+        - name: PHP_FPM_MEMORY_LIMIT
+          value: 128m
+        - name: PHP_FPM_LOG_LEVEL
+          value: warning
+
+        - name: POSTGRES_DATABASE_SERVICE_NAME
+          value: $(POSTGRES_DATABASE_SERVICE_NAME)-rw
+        - name: POSTGRES_DATABASE_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: postgres-user
+              key: username
+        - name: POSTGRES_DATABASE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-user
+              key: password
+
+        - name: APP_AUTH
+          value: "SQL"    
+        - name: APP_MASTERIDENTITY
+          value: "SQL"    
+        - name: DATABASE_URL
+          value: "postgresql://$(POSTGRES_DATABASE_USERNAME):$(POSTGRES_DATABASE_PASSWORD)@$(POSTGRES_DATABASE_SERVICE_NAME)-rw:5432/app"
+        - name: REDIS_HOST
+          value: rfs-$(REDIS_SERVICE_NAME)
+        - name: REDIS_PORT
+          value: "26379"
+        - name: REDIS_SERVICE
+          value: "mymaster"  
+                  
+        lifecycle:
+          postStart:
+            exec:
+              command: ["/bin/sh", "-c", "/app/bin/console d:s:u --force --complete && /app/bin/console app:Init"]   
+
+      - image: reg.cadoles.com/afornerot/nuosso
+        imagePullPolicy: Always
+        name: app-nginx
+        args: ["/usr/sbin/nginx"]
+        env:
+        - name: NGINX_APP_UPSTREAM_BACKEND_SERVER
+          value: 127.0.0.1:9000
+        - name: NGINX_APP_ROOT
+          value: "/public"
+        - name: NGINX_APP_PHP_INDEX
+          value: "/index.php"
+        - name: NGINX_ERROR_LOG_LEVEL
+          value: "warn"
+        - name: NGINX_APP_PHP_NON_FILE_PATTERN
+          value: "^/index\\.php(/|$)"
+        ports:
+        - containerPort: 8080
+        resources: {}

misc/k8s/kustomization/base/resources/app/app-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: app
+  name: app
+spec:
+  type: ClusterIP
+  ports:
+  - name: app
+    port: 8080
+    targetPort: 8080
+  selector:
+    io.kompose.service: app

misc/k8s/kustomization/base/resources/app/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- app-service.yaml
+- app-deployment.yaml

misc/k8s/kustomization/base/resources/redis/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- redis-redisfailover.yaml
+
+vars:
+- name: REDIS_SERVICE_NAME
+  objref:
+    name: redis
+    apiVersion: databases.spotahome.com/v1
+    kind: RedisFailover
+  fieldref:
+    fieldpath: metadata.name

misc/k8s/kustomization/base/resources/redis/redis-redisfailover.yaml

@@ -0,0 +1,21 @@
+apiVersion: databases.spotahome.com/v1
+kind: RedisFailover
+metadata:
+  name: redis
+spec:
+  sentinel:
+    replicas: 3
+    resources:
+      requests:
+        cpu: 100m
+      limits:
+        memory: 100Mi
+  redis:
+    replicas: 3
+    resources:
+      requests:
+        cpu: 100m
+        memory: 100Mi
+      limits:
+        cpu: 400m
+        memory: 500Mi

misc/k8s/kustomization/base/secrets/.gitignore

@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.gitkeep

misc/k8s/kustomization/overlays/dev/kustomization.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: app-dev
+
+namePrefix: nuosso-
+
+resources:
+- ../../base
+- ../../base/resources/adminer
+- resources/namespace.yaml
+- resources/ingress.yaml
+
+patches:
+- path: patches/app-deployment.yaml
+- path: patches/add-registry-pull-secret.yaml
+  target:
+    kind: Deployment
+    version: v1
+
+secretGenerator:
+- files:
+  - secrets/dockerconfig/.dockerconfigjson
+  name: regcred-dev
+  type: kubernetes.io/dockerconfigjson

misc/k8s/kustomization/overlays/dev/patches/add-registry-pull-secret.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: "/spec/template/spec/imagePullSecrets"
+  value:
+  - name: regcred-dev

misc/k8s/kustomization/overlays/dev/patches/app-deployment.yaml

@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: app
+  name: app
+spec:
+  template:
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: app-php-fpm
+        env:
+        - name: APP_ENV
+          value: dev

misc/k8s/kustomization/overlays/dev/resources/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: app
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "138m"
+    nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
+    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: app.dev.local
+    http:
+      paths:
+      - path: /adminer
+        pathType: Prefix
+        backend:
+          service:
+            name: adminer
+            port:
+              number: 8080        
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: app
+            port:
+              number: 8080

misc/k8s/kustomization/overlays/dev/resources/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: app-dev

misc/k8s/kustomization/overlays/dev/secrets/.gitignore

@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.gitkeep