diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..eca807e --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +.github +manifests +.gitignore +Dockerfile +docker-compose.yml +helmfile.yaml +LICENSE +README.md \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6ef1290 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM cgr.dev/chainguard/python:latest-dev as builder +WORKDIR /app +COPY . /app +RUN pip install --no-cache-dir -r requirements.txt --user + +FROM cgr.dev/chainguard/python:latest-dev +WORKDIR /app +COPY --from=builder /home/nonroot/.local/lib/python3.12/site-packages /home/nonroot/.local/lib/python3.12/site-packages +COPY --from=builder /app /app + +ENV REDIS_HOST="redis-server" +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD curl --fail http://localhost:5000/health || exit 1 +ENTRYPOINT ["python", "-m", "flask", "run", "--host=0.0.0.0"] \ No newline at end of file diff --git a/Dockerfile.redis b/Dockerfile.redis new file mode 100644 index 0000000..a62ab60 --- /dev/null +++ b/Dockerfile.redis @@ -0,0 +1,7 @@ +FROM cgr.dev/chainguard/redis:latest + +COPY redis.conf /etc/redis/redis.conf + +EXPOSE 6379 + +ENTRYPOINT [ "redis-server", "/etc/redis/redis.conf" ] \ No newline at end of file diff --git a/giropops-senhas/app.py b/app.py similarity index 95% rename from giropops-senhas/app.py rename to app.py index fe4d61c..5e09677 100644 --- a/giropops-senhas/app.py +++ b/app.py @@ -5,7 +5,6 @@ import os from prometheus_client import Counter, start_http_server, generate_latest - app = Flask(__name__) redis_host = os.environ.get('REDIS_HOST', 'redis-service') @@ -16,7 +15,6 @@ senha_gerada_counter = Counter('senha_gerada', 'Contador de senhas geradas') - def criar_senha(tamanho, incluir_numeros, incluir_caracteres_especiais): caracteres = string.ascii_letters @@ -46,7 +44,6 @@ def index(): return render_template('index.html', senhas_geradas=senhas_geradas, senha=senhas_geradas[0]['senha'] or '' ) return render_template('index.html') - @app.route('/api/gerar-senha', methods=['POST']) def gerar_senha_api(): dados = request.get_json() @@ -72,8 +69,12 @@ def listar_senhas(): def metrics(): return generate_latest() +@app.route('/health') +def health(): + return jsonify({"status": "healthy"}), 200 + if __name__ == '__main__': import logging logging.basicConfig(filename='error.log', level=logging.DEBUG) start_http_server(8088) - app.run(debug=False) + app.run(debug=False) \ No newline at end of file diff --git a/charts/giropops-senhas-chart/Chart.yaml b/charts/giropops-senhas-chart/Chart.yaml deleted file mode 100644 index 0f2d007..0000000 --- a/charts/giropops-senhas-chart/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: giropops-senhas -description: Esse é o chart do Giropops-Senhas, utilizados nos laboratórios de Kubernetes. -version: 0.1.0 -appVersion: 0.1.0 -sources: - - https://github.com/Tech-Preta/giropops-senhas diff --git a/charts/giropops-senhas-chart/templates/_helpers.tpl b/charts/giropops-senhas-chart/templates/_helpers.tpl deleted file mode 100644 index 0b7bab9..0000000 --- a/charts/giropops-senhas-chart/templates/_helpers.tpl +++ /dev/null @@ -1,58 +0,0 @@ -{{/* -Criar as nossas tags -*/}} -{{- define "app.labels" -}} -app: {{ .labels.app | quote }} -env: {{ .labels.env | quote }} -live: {{ .labels.live | quote }} -{{- end }} - -{{/* -Definir os limites de recursos -*/}} -{{- define "app.resources" -}} -requests: - memory: {{ .resources.requests.memory }} - cpu: {{ .resources.requests.cpu }} -limits: - memory: {{ .resources.limits.memory }} - cpu: {{ .resources.limits.cpu }} -{{- end }} - - -{{/* -Definir as portas dos containers -*/}} -{{- define "app.ports" -}} -{{ range .ports }} -- containerPort: {{ .port }} -{{- end }} -{{- end }} - - -{{/* -Definindo os nossos configmaps -*/}} -{{- define "database.configmap" -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .component }}-db-config -data: - app-config.yaml: | - {{- toYaml .config | nindent 4 }} -{{- end }} - - -{{/* -Definindo os nossos configmaps -*/}} -{{- define "observability.configmap" -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .component }}-observability-config -data: - app-config.json: | - {{ toJson .config }} -{{- end }} diff --git a/charts/giropops-senhas-chart/templates/database-configmap.yaml b/charts/giropops-senhas-chart/templates/database-configmap.yaml deleted file mode 100644 index a61c3c1..0000000 --- a/charts/giropops-senhas-chart/templates/database-configmap.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range $component, $config := .Values.databases }} - {{- $data := dict "component" $component "config" $config }} - {{- include "database.configmap" $data | nindent 0 }} -{{- end }} diff --git a/charts/giropops-senhas-chart/templates/giropops-senhas-deployments.yaml b/charts/giropops-senhas-chart/templates/giropops-senhas-deployments.yaml deleted file mode 100644 index e1baacb..0000000 --- a/charts/giropops-senhas-chart/templates/giropops-senhas-deployments.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- range $component, $config := .Values.deployments }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $component }} - labels: - {{- include "app.labels" $config | nindent 4 }} -spec: - replicas: {{ $config.replicas | default 2 }} - selector: - matchLabels: - app: {{ $config.labels.app }} - template: - metadata: - labels: - {{- include "app.labels" $config | nindent 8 }} - spec: - containers: - - name: {{ $component }} - image: {{ $config.image }} - ports: - {{- include "app.ports" $config | nindent 10 }} - resources: - {{- include "app.resources" $config | nindent 12 }} ---- -{{- end }} diff --git a/charts/giropops-senhas-chart/templates/giropops-senhas-service.yaml b/charts/giropops-senhas-chart/templates/giropops-senhas-service.yaml deleted file mode 100644 index 3b7dcc7..0000000 --- a/charts/giropops-senhas-chart/templates/giropops-senhas-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $component, $config := .Values.services }} - {{- range $port := $config.ports }} -apiVersion: v1 -kind: Service -metadata: - name: {{ $component }}-{{ $port.name }} - labels: - {{- include "app.labels" $config | nindent 4 }} -spec: - type: {{ $port.serviceType }} - ports: - - port: {{ $port.port }} - targetPort: {{ $port.targetPort }} - protocol: TCP - name: {{ $port.name }} - {{- if eq $port.serviceType "NodePort" }} - nodePort: {{ $port.nodePort }} - {{- end }} - selector: - app: {{ $config.labels.app }} ---- - {{- end }} -{{- end }} diff --git a/charts/giropops-senhas-chart/templates/observability-configmap.yaml b/charts/giropops-senhas-chart/templates/observability-configmap.yaml deleted file mode 100644 index b98be33..0000000 --- a/charts/giropops-senhas-chart/templates/observability-configmap.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range $component, $config := .Values.observability }} - {{- $data := dict "component" $component "config" $config }} - {{- include "observability.configmap" $data | nindent 0 }} -{{- end }} diff --git a/charts/giropops-senhas-chart/values.yaml b/charts/giropops-senhas-chart/values.yaml deleted file mode 100644 index 0a46dcf..0000000 --- a/charts/giropops-senhas-chart/values.yaml +++ /dev/null @@ -1,79 +0,0 @@ -deployments: - giropops-senhas: - name: "giropops-senhas" - image: "linuxtips/giropops-senhas:1.0" - replicas: "3" - ports: - - port: 5000 - targetPort: 5000 - name: "giropops-senhas-port" - serviceType: "NodePort" - NodePort: 32500 - - port: 8088 - targetPort: 8088 - name: "giropops-senhas-metrics" - serviceType: "ClusterIP" - labels: - app: "giropops-senhas" - env: "labs" - live: "true" - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "128Mi" - cpu: "500m" - redis: - name: "redis-helm" - image: "redis" - replicas: "1" - labels: - app: "redis" - env: "labs" - live: "true" - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "128Mi" - cpu: "500m" -services: - giropops-senhas: - ports: - - port: 5000 - targetPort: 5000 - name: "app" - serviceType: "NodePort" - NodePort: 32500 - - port: 8088 - targetPort: 8088 - name: "metrics" - serviceType: "ClusterIP" - labels: - app: "giropops-senhas" - env: "labs" - live: "true" - redis: - ports: - - port: 6379 - targetPort: 6379 - name: "service" - serviceType: "ClusterIP" - labels: - app: "redis" - env: "labs" - live: "true" -observability: - giropops-senhas: - logging: true - metrics: - enabled: true - path: "/metrics" -databases: - giropops-senhas: - mysql: - host: "mysql.svc.cluster.local" - port: 3306 - name: "MyDB" diff --git a/docker-compose.yml b/docker-compose.yml index 66cdd80..96dc06f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,6 @@ -version: '3.9' - services: giropops-senhas: - build: . + image: nataliagranato/giropops-senhas:v1.0.0 ports: - "5000:5000" networks: @@ -20,21 +18,28 @@ services: limits: cpus: '0.50' memory: 256M + depends_on: + - redis redis: - image: redis - command: redis-server --appendonly yes + image: nataliagranato/redis:v1.0.0 networks: - giropops-senhas + ports: + - "6380:6379" + volumes: + - redis-data:/data healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:5000"] + test: ["CMD", "redis-cli", "ping"] interval: 30s timeout: 5s retries: 3 start_period: 10s + networks: giropops-senhas: driver: bridge volumes: - natalia: + redis-data: + natalia: \ No newline at end of file diff --git a/giropops-senhas/Dockerfile b/giropops-senhas/Dockerfile deleted file mode 100644 index ddcc7b8..0000000 --- a/giropops-senhas/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Etapa de construção -FROM cgr.dev/chainguard/python:latest-dev@sha256:da05d36d8450c8dbc560eb0becf38e6c989b9b0af89770fa42437d4f6b479649 as build - -# Definir o diretório de trabalho -WORKDIR /app - -# Copiar arquivos para o diretório de trabalho -COPY . /app - -# Instalar dependências -RUN pip install -r requirements.txt --user - -# Etapa final -FROM cgr.dev/chainguard/python:latest@sha256:1e753aa0ea651af8aaf7dd675d9dcfc2139bf13acd2cceb2dba3c39286a6172f - -# Definir o diretório de trabalho -WORKDIR /app - -COPY --from=build /home/nonroot/.local/lib/python3.12/site-packages /home/nonroot/.local/lib/python3.12/site-packages - -# Copiar o diretório de trabalho da etapa de construção para o diretório de trabalho da etapa final -COPY --from=build /app /app - -# Definir o comando padrão do contêiner -ENTRYPOINT ["python", "-m", "flask", "run", "--host=0.0.0.0"] \ No newline at end of file diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..6f16acb --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1 @@ +teste diff --git a/manifests/giropops-senhas-deployment.yaml b/manifests/giropops-senhas-deployment.yaml index 4a3d3f3..cef75b0 100644 --- a/manifests/giropops-senhas-deployment.yaml +++ b/manifests/giropops-senhas-deployment.yaml @@ -19,7 +19,18 @@ spec: name: giropops-senhas ports: - containerPort: 5000 - imagePullPolicy: Always + securityContext: + runAsGroup: 10001 + runAsUser: 10001 + allowPrivilegeEscalation: false + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + imagePullPolicy: IfNotPresent resources: limits: memory: "256Mi" diff --git a/manifests/redis-deployment.yaml b/manifests/redis-deployment.yaml index 841a695..04123cb 100644 --- a/manifests/redis-deployment.yaml +++ b/manifests/redis-deployment.yaml @@ -15,10 +15,21 @@ spec: app: redis spec: containers: - - image: redis + - image: cgr.dev/chainguard/redis name: redis ports: - - containerPort: 6379 + - containerPort: 6379 + securityContext: + runAsGroup: 10001 + runAsUser: 10001 + allowPrivilegeEscalation: false + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true resources: limits: memory: "256Mi" diff --git a/redis.conf b/redis.conf new file mode 100644 index 0000000..81dc2c8 --- /dev/null +++ b/redis.conf @@ -0,0 +1 @@ +appendonly yes diff --git a/giropops-senhas/requirements.txt b/requirements.txt similarity index 100% rename from giropops-senhas/requirements.txt rename to requirements.txt diff --git a/giropops-senhas/static/.dockerignore b/static/.dockerignore similarity index 100% rename from giropops-senhas/static/.dockerignore rename to static/.dockerignore diff --git a/giropops-senhas/static/css/output.css b/static/css/output.css similarity index 100% rename from giropops-senhas/static/css/output.css rename to static/css/output.css diff --git a/giropops-senhas/static/css/styles.css b/static/css/styles.css similarity index 100% rename from giropops-senhas/static/css/styles.css rename to static/css/styles.css diff --git a/giropops-senhas/static/js/main.js b/static/js/main.js similarity index 100% rename from giropops-senhas/static/js/main.js rename to static/js/main.js diff --git a/giropops-senhas/static/linuxtips-logo.png b/static/linuxtips-logo.png similarity index 100% rename from giropops-senhas/static/linuxtips-logo.png rename to static/linuxtips-logo.png diff --git a/giropops-senhas/tailwind.config.js b/tailwind.config.js similarity index 100% rename from giropops-senhas/tailwind.config.js rename to tailwind.config.js diff --git a/giropops-senhas/static/templates/index.html b/templates/index.html similarity index 100% rename from giropops-senhas/static/templates/index.html rename to templates/index.html diff --git a/giropops-senhas/static/templates/lista_senhas.html b/templates/lista_senhas.html similarity index 100% rename from giropops-senhas/static/templates/lista_senhas.html rename to templates/lista_senhas.html