init kuberentes

Author: Innokentii Kozlov

.github/workflows/cloud-deploy.yaml

@@ -22,8 +22,8 @@ jobs:
     uses: ./.github/workflows/lint-iac.yaml
     secrets: inherit
 
-  aws-infra-deploy:
-    name: AWS Infrastructure Deploy
-    needs: lint-iac
-    uses: ./.github/workflows/aws-infra-deploy.yaml
-    secrets: inherit
+  # aws-infra-deploy:
+  #   name: AWS Infrastructure Deploy
+  #   needs: lint-iac
+  #   uses: ./.github/workflows/aws-infra-deploy.yaml
+  #   secrets: inherit

Makefile

@@ -32,9 +32,13 @@ generate-tls-certificates:
 	@sudo chmod 600 ${SSL_DIR}/server.key
 
 
-.PHONY: database-start-local
-database-start-local:
+.PHONY: database-start
+database-start:
 	docker compose -f $(shell pwd)/infrastructure/docker/docker-compose.database.yaml up -d
+
+
+.PHONY: run-migrations
+run-migrations:
 	docker run \
 		-ti \
 		--rm \
@@ -44,14 +48,19 @@ database-start-local:
 		--volume $(shell pwd)/infrastructure/docker/ssl/server.crt:/migrations/ssl/server.crt \
 		--volume $(shell pwd)/infrastructure/docker/ssl/server.key.bak:/migrations/ssl/server.key \
 		ghcr.io/kesha123/nodejs-rest-api/migrations:${MIGRATIONS_IMAGE_TAG}
+
+
+.PHONY: insert-data
+insert-data:
 	docker exec postgres sh -c "psql -U postgres -d postgres -f /opt/sql/insert.sql"
 
 
-.PHONY: api-start-local
-api-start-local:
+.PHONY: api-start
+api-start:
 	docker compose -f $(shell pwd)/infrastructure/docker/docker-compose.yaml up -d
 
-.PHONY: stack-stop-local
-stack-stop-local:
+
+.PHONY: stack-stop
+stack-stop:
 	docker compose -f $(shell pwd)/infrastructure/docker/docker-compose.database.yaml down
 	docker compose -f $(shell pwd)/infrastructure/docker/docker-compose.yaml down

infrastructure/cloud/index.ts

@@ -77,7 +77,7 @@ const prodSg = createProdSg(projectConfig.project_name, 'prod-sg', {
   },
 });
 
-const kubernetesNode = new aws.ec2.Instance(
+const node = new aws.ec2.Instance(
   `${projectConfig.project_name}-kubernetes-node`,
   {
     ami: projectConfig.ami,
@@ -86,12 +86,21 @@ const kubernetesNode = new aws.ec2.Instance(
     associatePublicIpAddress: true,
     vpcSecurityGroupIds: [stageSg.id, prodSg.id],
     keyName: keyPair.keyName,
-    userData: `
-    #!/bin/bash
-    curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
-    sudo dpkg -i minikube_latest_amd64.deb
-    minikube addons enable ingress
-  `,
+    userData: pulumi.interpolate`#!/bin/bash
+      echo "Installing Docker..."
+      curl -fsSL https://get.docker.com -o get-docker.sh
+      sh get-docker.sh
+      sudo usermod -aG docker $USER
+      newgrp docker
+      rm get-docker.sh
+
+      echo "Installing Minikube..."
+      curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
+      sudo dpkg -i minikube_latest_amd64.deb
+      minikube start --driver=docker
+      minikube addons enable ingress
+
+      `,
     tags: {
       ...projectConfig.tags,
       Name: `${projectConfig.project_name}-kubernetes-node`,
@@ -108,13 +117,13 @@ new aws.route53.Record(`${projectConfig.project_name}-a-record`, {
   name: projectConfig.project_domain,
   type: aws.route53.RecordType.A,
   ttl: 30,
-  records: [kubernetesNode.publicIp],
+  records: [node.publicIp],
 });
 
 export const resources = {
   sshKeys: {
     privateKey: privateKey.privateKeyOpenssh,
     publicKey: privateKey.publicKeyOpenssh,
   },
-  nodeIp: kubernetesNode.publicIp,
+  nodeIp: node.publicIp,
 };

infrastructure/docker/nginx.conf

@@ -5,7 +5,7 @@ events {
 http {
 
   upstream api {
-      server api:3000;
+    server api:3000;
   }
 
   server {

infrastructure/kubernetes/charts/api/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: api
+description: NodeJS API application chart
+type: application
+version: 0.0.1
+appVersion: "0.0.1"

infrastructure/kubernetes/charts/api/templates/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "api.fullname" . }}
+  labels:
+    app: {{ include "api.name" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "api.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "api.name" . }}
+    spec:
+      containers:
+        - name: {{ include "api.name" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          ports:
+            - containerPort: 3000
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}

infrastructure/kubernetes/charts/api/templates/ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "api.fullname" . }}
+  labels:
+    app: {{ include "api.name" . }}
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: {{ .Values.ingress.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "api.fullname" . }}
+                port:
+                  number: {{ .Values.service.port | default 80 }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host | quote }}
+      secretName: {{ .Values.ingress.tlsSecret | quote }}

infrastructure/kubernetes/charts/api/templates/migrations-job.yaml

@@ -0,0 +1,24 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "api.fullname" . }}-migrations
+  labels:
+    app: {{ include "api.name" . }}
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: migrations
+          image: "{{ .Values.migrations.image.repository }}:{{ .Values.migrations.image.tag }}"
+          envFrom:
+            - secretRef:
+                name: {{ .Values.migrations.envSecretName }}
+          volumeMounts:
+            - name: ssl-certs
+              mountPath: /migrations/ssl
+              readOnly: true
+      volumes:
+        - name: ssl-certs
+          secret:
+            secretName: {{ .Values.migrations.sslSecretName }}

infrastructure/kubernetes/charts/api/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "api.fullname" . }}
+  labels:
+    app: {{ include "api.name" . }}
+spec:
+  type: {{ .Values.service.type | default "ClusterIP" }}
+  ports:
+    - port: {{ .Values.service.port | default 80 }}
+      targetPort: 3000
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ include "api.name" . }}

infrastructure/kubernetes/charts/api/values.yaml

@@ -0,0 +1,30 @@
+replicaCount: 1
+
+image:
+  repository: ghcr.io/kesha123/nodejs-rest-api/api
+  tag: b44e2d404186bab1789d0b5cee39f7bc38897293
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: true
+  host: nodejs-rest-api.innokentii-kozlov.com
+  tls:
+   - secretName: nodejs-rest-api-tls
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+migrations:
+  image:
+    repository: ghcr.io/kesha123/nodejs-rest-api/migrations
+    tag: b44e2d404186bab1789d0b5cee39f7bc38897293
+  envSecretName: postgres-credentials
+  sslSecretName: migrations-ssl-certs