diff --git a/.gitignore b/.gitignore index 0d87681..8b9ea4b 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ npm-debug.log* yarn-debug.log* yarn-error.log* +zabo-server-deployment/base/**/secret.yaml *.log diff --git a/zabo-server-deployment/base/kustomization.yaml b/zabo-server-deployment/base/kustomization.yaml new file mode 100644 index 0000000..fb8d4fa --- /dev/null +++ b/zabo-server-deployment/base/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./server/deployment.yaml +- ./server/configmap.yaml +- ./server/service.yaml +- ./server/ingress.yaml +- ./server/sealed-secret.yaml +- ./redis/deployment.yaml +- ./redis/service.yaml \ No newline at end of file diff --git a/zabo-server-deployment/base/redis/deployment.yaml b/zabo-server-deployment/base/redis/deployment.yaml new file mode 100644 index 0000000..a7001a2 --- /dev/null +++ b/zabo-server-deployment/base/redis/deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zabo-redis + labels: + app: zabo-redis +spec: + replicas: 1 + selector: + matchLabels: + app: zabo-redis + template: + metadata: + labels: + app: zabo-redis + spec: + containers: + - name: zabo-redis + image: redis:7.0.4-alpine + ports: + - containerPort: 6379 + name: zabo-redis-port \ No newline at end of file diff --git a/zabo-server-deployment/base/redis/service.yaml b/zabo-server-deployment/base/redis/service.yaml new file mode 100644 index 0000000..a481294 --- /dev/null +++ b/zabo-server-deployment/base/redis/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: zabo-redis-service +spec: + selector: + app: zabo-redis + ports: + - name: zabo-redis-service-port + protocol: TCP + port: 6379 + targetPort: zabo-redis-port diff --git a/zabo-server-deployment/base/server/configmap.yaml b/zabo-server-deployment/base/server/configmap.yaml new file mode 100644 index 0000000..3adc6f8 --- /dev/null +++ b/zabo-server-deployment/base/server/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: zabo-env +data: + NODE_ENV: "production" + SSO_CLIENT_ID: "01" + AWS_ACCESS_KEY_ID: "00" + S3_BUCKET: "sparcs-kaist-zabo-prod" + REDIS_URL: "zabo-redis-service" diff --git a/zabo-server-deployment/base/server/deployment.yaml b/zabo-server-deployment/base/server/deployment.yaml new file mode 100644 index 0000000..ffff95a --- /dev/null +++ b/zabo-server-deployment/base/server/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zabo-server + labels: + app: zabo-server +spec: + replicas: 2 + selector: + matchLabels: + app: zabo-server + template: + metadata: + labels: + app: zabo-server + spec: + containers: + - name: zabo-server + image: ghcr.io/sparcs-kaist/zabo-server:dev + ports: + - containerPort: 6001 + envFrom: + - secretRef: + name: zabo-secret + env: + - name: NODE_ENV + valueFrom: + configMapKeyRef: + name: zabo-env + key: NODE_ENV + - name: MINIMUM_LOG_LEVEL + value: "info" + - name: SSO_CLIENT_ID + valueFrom: + configMapKeyRef: + name: zabo-env + key: SSO_CLIENT_ID + - name: AWS_ACCESS_KEY_ID + valueFrom: + configMapKeyRef: + name: zabo-env + key: AWS_ACCESS_KEY_ID + - name: S3_BUCKET + valueFrom: + configMapKeyRef: + name: zabo-env + key: S3_BUCKET + - name: REDIS_URL + valueFrom: + configMapKeyRef: + name: zabo-env + key: REDIS_URL + - name: MONGODB_URL + valueFrom: + secretKeyRef: + name: zabo-mongodb-admin-zabo + key: connectionString.standardSrv diff --git a/zabo-server-deployment/base/server/ingress.yaml b/zabo-server-deployment/base/server/ingress.yaml new file mode 100644 index 0000000..c0ce1bb --- /dev/null +++ b/zabo-server-deployment/base/server/ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/healthcheck-path: /api/hc + alb.ingress.kubernetes.io/target-type: 'instance' + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:666583083672:certificate/2f5020e0-01dd-43dd-aa7e-0699015d6b89 + alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-2016-08 + name: zabo-ingress + namespace: zabo + finalizers: + - ingress.k8s.aws/resources + labels: + app: zabo-ingress +spec: + ingressClassName: alb + rules: + - host: zabo-staging.sparcs.org + http: + paths: + - path: / + backend: + service: + name: zabo-svc + port: + number: 6001 + pathType: Prefix + tls: + - hosts: + - zabo-staging.sparcs.org diff --git a/zabo-server-deployment/base/server/sealed-secret.yaml b/zabo-server-deployment/base/server/sealed-secret.yaml new file mode 100644 index 0000000..b1c11ad --- /dev/null +++ b/zabo-server-deployment/base/server/sealed-secret.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: zabo-secret + namespace: zabo +spec: + encryptedData: + AWS_S3_DUMP_BUCKET_SECRET_ACCESS_KEY: AgADxUswBoLymD+z1iguT6xvxqK2w/cAhVa1WGhun3o5hrqDWa1ydUuJUW2Z6CcsogYVRY6ycRtgYOM+l3TlIVogenGfL+33zORwMeYV8IYnzFAuIeQ6AsLmR0iLPSkWxP1Cr0UrV9zpPQWH/YiXNYmoinhK/iRGF9PYN2F9AtazGWe36dgruyhDkvOWBCQzpkFk5grtym7ZxLTWGLGnYR2ZbxXudx3IhZHovM7k3LhDSsHWGna3F5C2BcsA2NBNOWe7bdtvzeZGIC0Zc8qPIe4nHHLdQO5Q+F6VSgAhFXbmNZkObfKnPUo/LiznhAQyxjIgVLCDKb2GIJoZp6S0Jp+nhizyMeOQ99TwHyFICugMM51bSK9vrYDKMecdHY4dh1N12nijLue1ApMk7WaMXL6nbTF7PS5oD6o97uoKk3mHaxDW2DOtgGUa/r1cVpxGWa/forA39DkzoF3NsPxzPZCIDQmnZ+Xkjgm2ouvYgyEG40gm4O3qIYYUfXDlDRkDi1FT+QtHnRhLRm4RAurhNmYUKiqBJuthnThxF3Bait+GCEDwv/nQ0F2VzMOE+cbf5goQLxuH3j73KlGSlZ1w5r/c5yxBDKMIlMTUXM3YOk8iVu/IXkjeAcOn5Lk+t3jVcYhsWm1srcG0+qOsNQIAGjx6ikiHU5wf0Yib0rCtTR5shr6cHzaADrIGljfJJiHZtdjvwg== + AWS_SECRET_ACCESS_KEY: AgBvlNxFSKVGycqe+xl4hT8wQvTzBD4Q6tv1C+HmamDKKiF2oG2soBrbQNNtZYWkgMFnBIco7xFpf1gd7fs/p3HKqlV9kvQhuvEyQnvCNq/5ju4bQhCJ/6bqARS9cGjz8TFum/09Lk8VBo15m1k7DvBQX2G//QfLaivPV9K+B0b5KleNq/LiGIKA3FNA434TAzGvaw9cGZf82uPLihKs6a98cS0OwzSYgt7g7BmFx8m25jWQGdfX5sgoDGSVYW0BmgJp+5ajQ+TTWk4XjeatPVcNh/4Yw/0ihnYC/Wo3HYl4w/HjNaf+RDEe+1TWdJYIMCw5pX78Iv40RZZomkUUYiE3pOEgx93o9mE4l7aSPhz1y7Ho6Kfk/tTpnTGvRzJafvIwhlJozf9yPZ4dswKSQO/7dHg7dTdzmorcxer8/AYzIhLlcViqx/BWQ84hdC4g+bHbhARIyg9uGkUxZLPwyofUV2OQTWb2a7bs0N2q3/3RgQZc4p51h+jH4iI5nMgKoPfb3UJa7cB/Eyexf3nLIVGL/EjF80c4l2cwMYqM2wVGy2vN0dQjTrFjJcIm+zve4G1AXi2k/twGFO+4xeNu3RdVSgkJ8D6X/oTzm1Fsr5YT4N9Kf0B0J34c/3YZxOVPpY8LXed9TZ5sRUiyw+x9IzOWTK/EofHN0VbNh2lZzj4PmgVzelg8PLuvlHsHlzrEkgaOjw== + JWT_SECRET: AgAWoPDXFiGSajnwrViQqbsksM+hxtdARRngJ5R0CSCWLGEQjqaDDUmHBsDbVbfaBXHmB642hbJCBzNjUbEbQW3T8weGFsfZ1Hlk9KXBJtDJhMLuI+z1pQpuzh3Ebbci8Boy7NzX9tjUUzvy448FdbsVnkDxqxfWcHxR5qV3txajUE8aNUXqabAfs0b62AIWi5JCMHXPWIKPDIIqj6RA3LjZvOwziw0OTn4KQNQycgaVAM9S/gl0x3ytACdiw4JCDm7WwuJGlqxovgakqHwbWniQwDH3bWiwC8A5K0yEO3LTR95MbT3pwM5unOnD+V+7aqJ6CaBo2hFhpnY39wDSBA5nYVmnRGoLhKxV1GrFMr3SkB505Yf4YnqRcv+DKMQQoPhEcEcnOvAg8NiZDQv76v4zuGwZtICOaDsl2Apn9I8kcUo1cRuJpTgIl4oEhi42pyH/NKXa7RBY91lbVAqHubs8mavA9UhSlIc8fk0XXoN3XAkGc7M4snFgCzugzFVB8C4CkGi+diLkD426W6p1JKMLqPSdGbDOzDZbKYtB8Z5REFDxufi5+nsHsYZCVFSA+LARtp49hBy0+mXxnegI0c1KPmoXE+DNHUUeoOySkxCGpbC1hwTQClRw4uomvZ3Y4AE3wwTsT+qzqoc8aVLQlccO4CpyMcPIMrNGrLIzTriLa2vR8EEAkLWcZd1wS57IyxE0qg== + SESSION_SECRET: AgAefdqsaL9a9S4EkhQmRcQzzJ1FI8hjau+RBeR6dB8frozIYLQzPwX5DaWFDRF/Xlys7n563NGN/zYsf2qPQaKdlwfcwLLiWp+McPxQQwk3uwyKg/nkGyVQvt7l9AxOjCinLPGq04a+mpJq1/vPt9BnLhqYerkkadSo8icPQvBi4oD/r6c6kgE6ucWKQL/nQl+gQ0FyiV+Tis9EPRhk0p5ZvEjfoF1/PAs7laqBx1wBIWOAQT1ojDEXdMjGd/4e1A05dHkIPn5RvkYOqnzB/7RfaFc2IPyUMlZJ5Z7KwkbtSlzoSn9Vc1F0SduHJNZ7fTSoM5KlNaNUX32u+lng/y3XJ/WTwrSEK8now2Y4IfSdQAHxpOgu6kNCaY7hJfpqab1qBsH9S9AfEAHRgzGuy9H6kkIt2IQhpY6jho+IEgvdGJ4iY2PtnVAY4rGqkjrzNi9ono2qAamFZ0yPbvlr73wYvhlLpDGIvFcBl2Rxw6r2xE0wey0yO0qAdLzC0V/2mU7qQxhyitA+6+SgowolA0nUHNJJRVHati0F62tTwz9+QqEYwY3ejAfhS5TgNYUiH1F3iFo00xUIT+5aXeETMMDi+U0igYQDHh6YynQSKtwzlN9eX3T4uFHl4LvfAzrtgQdkjRzd8X66+axZy8u8Ca1XmVaI5YThANUEAaSOhbL8KZBB59m7ouUxoBXe4vkqxNQ+Ow== + SLACK_WEBHOOK_URL: AgA8OC8GscPOaPocrwKDhBQGaSJbnaVP+T2XJ3SCCCmQwfARzb9JoWrB+Gff26vvcGXekbGdDc2W4pQf2ThrnLjZBRwmXfTdpj9QNyKzQv2K20kUQWro//U/BaOv4ERyI7wwFS/23/naKawYiZejNUQwLp6mda0oJE1m0iGa7Dlrv8/cjNAc7xHrPbVM2drDKnNwbxaYJw3/58s+OQA0yvCAxu8Jq7HOMBCNAaQlw6DJMjEf8Nn+3YwEELU4+jCAd8yorG0F3+aSxMyoloylxGTS/GsQn0mRJljCUiTAyQAujAnf4LJ23yB9WX2Jcvwkox5e/pdooT6tSWIcDbYWgFNZCG37TJ7OkqN32LfEvFeSIz2S8sX3f56wKKW4f+G/blgFrxCC633eU20t+5ByfHgiQxMCqeWoBOljWr/Vf3KxE8f7ur18qGBTAbjjfNW0fkPtxQPwGX7CFvQLG8yIJjZwpfqVfsX4ZtEEJPXZ75kGK7fzEsYxaqr2HTEDlvgYGsDGbhNY9g0UfKKvSMaiQBUsXaw3zGcBDs/9bajoFxGqZacrEW546fb5cMu2EW20zXQx1xDt0Yhyd216bBIz8xaRHgvbw+3ivnuKknJb2R1Kh50qo492f8SbYe6fqdlkMj4+TycOceeyods0pFPTq0Uc6IbMyheaPBO4lAKQqWvFub7YmhTqhfNGOMlaNxA/AnXd9NOWqyUOkEDG1dZ+3yZWFcw= + SSO_SECRET: AgCw1q974uRVbw1Vt1nW6WRHFgTO+/J51xbwcKumXv6hUabp1TBtIil3J6bAQ7M0DBCcFHCAKHq1rwp5G8fvlzABBWTR1FqxfdEXdnMJmstyUovsWw2IVE4GuJb2+zulEXDG5Gowr3Oh/0M6xBtvzU6N82NizXPPlckBbsqj5w7D9bT/IHT0gs+aVhD53IJdMEV8xFeANDE9Hc8pDHCjFrwsoAS/5KcjKgNYTGekom8VfAi+u5DmC00jUJP/Gkm7aTndJftaZs0M9w0rkVuracX9MDYDBMb5jMVgbXrabLUh82ITM58VbJICFuNl3RkPfkUZT77Ca3ASlcFeUHndnbH+wJJzBmtTn37a5eTL+Mr/Y3eV+HK245VTiFRflN9gpp7qgxOxlWWqA8yj0Eqn9M6KLX/NqTrvEuDNuT1cy5odIgbUPouiBO83Xq5RsFR0WMlD5ZB81w66E9iQtKn1sRswEhCKVY0K3P89BWTYCtNw8wEeNphJg/RgMX3JiBJzIb3w8NITLNF8wWg1lonVR0p1qMB/O1XfccvOxh9TUfBZfQtoRqTwi5tdODnWzg1lgHYuKGWzZn+7wPuallA55lIovq/4wdEvBvGJMlPlfnmy3ohZm9HlzY8t8B4Q4+9lEePv5E43yp2FvA6n96lEQUd0xBFvECXaaFqAdO2hNxZACUjmhkGUhh8nQ5A8D+5WeUMQew== + template: + metadata: + creationTimestamp: null + name: zabo-secret + namespace: zabo + type: Opaque diff --git a/zabo-server-deployment/base/server/secret-template.yaml b/zabo-server-deployment/base/server/secret-template.yaml new file mode 100644 index 0000000..13303af --- /dev/null +++ b/zabo-server-deployment/base/server/secret-template.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: zabo-secret + namespace: zabo +type: Opaque +data: + SSO_SECRET: base64encodedvalue + AWS_SECRET_ACCESS_KEY: base64encodedvalue + SESSION_SECRET: base64encodedvalue + JWT_SECRET: base64encodedvalue + SLACK_WEBHOOK_URL: base64encodedvalue + AWS_S3_DUMP_BUCKET_SECRET_ACCESS_KEY: base64encodedvalue \ No newline at end of file diff --git a/zabo-server-deployment/base/server/service.yaml b/zabo-server-deployment/base/server/service.yaml new file mode 100644 index 0000000..06e5ce9 --- /dev/null +++ b/zabo-server-deployment/base/server/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: zabo-svc +spec: + type: NodePort + selector: + app: zabo-server + ports: + - protocol: TCP + port: 6001 + targetPort: 6001 \ No newline at end of file diff --git a/zabo-server-deployment/overlays/dev/kustomization.yaml b/zabo-server-deployment/overlays/dev/kustomization.yaml new file mode 100644 index 0000000..f7a6001 --- /dev/null +++ b/zabo-server-deployment/overlays/dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: ghcr.io/sparcs-kaist/zabo-server + newTag: latest +resources: +- ../../base \ No newline at end of file