Merge pull request #78 from NIAEFEUP/feature/deploy-tts

feat: deploy tts
NIAEFEUP · Nov 9, 2024 · 258308f · 258308f
2 parents 82be4f7 + 5a37835
commit 258308f
Show file tree

Hide file tree

Showing 25 changed files with 798 additions and 26 deletions.
diff --git a/dev/create-harbor-pull-secret.sh b/dev/create-harbor-pull-secret.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+harbor_credential_path="$1"
+
+function get_docker_credentials() {
+    local harbor_credential_path="$1"
+
+    local username="$(yq -r '.name' -oj "$harbor_credential_path")"
+    local secret="$(yq -r '.secret' -oj "$harbor_credential_path")"
+    echo "$username:$secret"
+}
+
+credentials="$(get_docker_credentials "$harbor_credential_path")"
+encoded_credentials="$(echo -n "$credentials" | base64)"
+
+auth_settings=$(cat <<EOF
+{
+    "auths": {
+        "registry.niaefeup.pt": {
+            "auth": "$encoded_credentials"
+        }
+    }
+}
+EOF
+)
+
+encoded_auth_settings="$(echo "$auth_settings" | base64 -w 0)"
+
+cat <<EOF
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  namespace: <FILL-IN>
+  name: harbor-pull-secret
+  annotations:
+    replicator.v1.mittwald.de/replicate-to: "<FILL-IN>"
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: $encoded_auth_settings
+EOF
diff --git a/services/cluster-secret/01-harbor-pull-secret.yaml b/services/cluster-secret/01-harbor-pull-secret.yaml
@@ -11,5 +11,7 @@ matchNamespace:
   - nitsig
   - ni-website
   - sinf-website
+  - tts
+  - tts-staging
 data:
   .dockerconfigjson: <FILL-IN>
diff --git a/services/databases/postgresql/cnpg-cluster.yaml b/services/databases/postgresql/cnpg-cluster.yaml
@@ -7,13 +7,6 @@ metadata:
 spec:
   instances: 3
 
-  bootstrap:
-    initdb:
-      database: tts-db
-      owner: tts
-      secret:
-        name: tts-secret
-
   managed:
     roles:
       - name: ni
@@ -34,6 +27,18 @@ spec:
         login: true
         passwordSecret:
           name: sinf-website-2023-secret
+      - name: tts
+        ensure: present
+        createdb: false
+        login: true
+        passwordSecret:
+          name: tts-secret
+      - name: tts-staging
+        ensure: present
+        createdb: false
+        login: true
+        passwordSecret:
+          name: tts-staging-secret
 
   storage:
     size: 20Gi

diff --git a/services/databases/postgresql/cnpg-secrets.yaml b/services/databases/postgresql/cnpg-secrets.yaml
@@ -10,6 +10,15 @@ metadata:
 type: kubernetes.io/basic-auth
 ---
 apiVersion: v1
+stringData:
+  password: <FILL-IN>
+  username: tts-staging
+kind: Secret
+metadata:
+  name: tts-staging-secret
+type: kubernetes.io/basic-auth
+---
+apiVersion: v1
 stringData:
   password: <FILL-IN>
   username: ni

diff --git a/services/image-registry/keel-dev-deployment.yaml b/services/image-registry/keel-dev-deployment.yaml
@@ -144,7 +144,7 @@ spec:
         # {{ end }}
         - name: keel
           # Note that we use appVersion to get images tag.
-          image: keelhq/keel:0.19.1
+          image: keelhq/keel:0.19.2
           imagePullPolicy: Always
           command: ["/bin/keel"]
           securityContext:

diff --git a/services/pulumi/niployments/Pulumi.prod.yaml b/services/pulumi/niployments/Pulumi.prod.yaml
diff --git a/services/pulumi/niployments/index.ts b/services/pulumi/niployments/index.ts
@@ -1,5 +1,6 @@
 // ementas is an example pulumi service
 // import "./services/ementas/index.js";
+import "./services/tts/index.js";
 
 import { CommitSignal } from "./utils/pending.js";
 CommitSignal.globalParent.resolve();
diff --git a/services/pulumi/niployments/resources/mongodb/index.ts b/services/pulumi/niployments/resources/mongodb/index.ts
@@ -53,7 +53,7 @@ export class MongoDBCommunityController<
     opts?: pulumi.ComponentResourceOptions,
   ) {
     const users = new PendingValue<
-      pulumi.Input<crds.types.input.mongodbcommunity.v1.MongoDBCommunitySpecUsersArgs>[]
+      pulumi.Input<crds.types.input.mongodbcommunity.v1.MongoDBCommunitySpecUsers>[]
     >([]);
 
     super(
@@ -164,7 +164,7 @@ export class MongoDBCommunityController<
             name: credentialsSecret.metadata.name,
           },
           scramCredentialsSecretName: `${this.name}-${user.name}`,
-        }) satisfies crds.types.input.mongodbcommunity.v1.MongoDBCommunitySpecUsersArgs,
+        }) satisfies crds.types.input.mongodbcommunity.v1.MongoDBCommunitySpecUsers,
     );
 
     this.users.run((users) => users.push(userSpec));

diff --git a/services/pulumi/niployments/resources/mongodb/types.ts b/services/pulumi/niployments/resources/mongodb/types.ts
@@ -47,7 +47,7 @@ export type MongoDBCommunityControllerArgs<DB extends string> = {
   mdbc?: {
     metadata?: Omit<k8s.types.input.meta.v1.ObjectMeta, "namespace">;
     spec?: Omit<
-      crds.types.input.mongodbcommunity.v1.MongoDBCommunitySpecArgs,
+      crds.types.input.mongodbcommunity.v1.MongoDBCommunitySpec,
       "users"
     >;
   };

diff --git a/services/pulumi/niployments/services/ementas/certificates.ts b/services/pulumi/niployments/services/ementas/certificates.ts
@@ -2,7 +2,7 @@ import * as crds from "@pulumi/crds";
 import { namespace } from "./namespace.js";
 import { host } from "./values.js";
 
-export const certificate = new crds.certmanager.v1.Certificate(
+export const certificate = new crds.cert_manager.v1.Certificate(
   "ementas-certificate",
   {
     metadata: {

diff --git a/services/pulumi/niployments/services/tts/common/backend.ts b/services/pulumi/niployments/services/tts/common/backend.ts
@@ -0,0 +1,108 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as k8s from "@pulumi/kubernetes";
+import { Prefixer } from "#utils/prefixer.js";
+
+export class TTSBackend extends pulumi.ComponentResource {
+  public readonly name: pulumi.Output<string>;
+  public readonly port = pulumi.output(80);
+
+  constructor(
+    name: string,
+    args: {
+      namespace: pulumi.Input<string>;
+      branch: pulumi.Input<"main" | "develop">;
+      envSecretRef: pulumi.Input<string>;
+    },
+    opts?: pulumi.ComponentResourceOptions,
+  ) {
+    super("niployments:tts:TTSBackend", name, opts);
+
+    const prefixer = new Prefixer(name);
+
+    const backendLabels = { app: "tts-backend" };
+    const backendPort = 8000;
+
+    const deployment = new k8s.apps.v1.Deployment(
+      prefixer.deployment(),
+      {
+        metadata: {
+          namespace: args.namespace,
+          annotations: {
+            "keel.sh/policy": "force",
+            "keel.sh/match-tag": "true",
+          },
+        },
+        spec: {
+          replicas: 1,
+          selector: {
+            matchLabels: backendLabels,
+          },
+          template: {
+            metadata: {
+              labels: backendLabels,
+            },
+            spec: {
+              containers: [
+                {
+                  name: "tts-be",
+                  image: pulumi.interpolate`registry.niaefeup.pt/niaefeup/tts-be:${args.branch}`,
+                  imagePullPolicy: "Always",
+                  resources: {
+                    limits: {
+                      memory: "128Mi",
+                      cpu: "500m",
+                    },
+                  },
+                  ports: [
+                    {
+                      containerPort: backendPort,
+                    },
+                  ],
+                  envFrom: [
+                    {
+                      secretRef: {
+                        name: args.envSecretRef,
+                      },
+                    },
+                  ],
+                },
+              ],
+              imagePullSecrets: [
+                {
+                  name: "harbor-pull-secret",
+                },
+              ],
+            },
+          },
+        },
+      },
+      { parent: this },
+    );
+
+    const service = new k8s.core.v1.Service(
+      prefixer.service(),
+      {
+        metadata: {
+          namespace: args.namespace,
+        },
+        spec: {
+          ports: [
+            {
+              port: this.port,
+              targetPort: backendPort,
+            },
+          ],
+          selector: backendLabels,
+        },
+      },
+      { parent: this, dependsOn: [deployment] },
+    );
+
+    this.name = service.metadata.name;
+
+    this.registerOutputs({
+      serviceName: this.name,
+      servicePort: this.port,
+    });
+  }
+}
diff --git a/services/pulumi/niployments/services/tts/common/frontend.ts b/services/pulumi/niployments/services/tts/common/frontend.ts
@@ -0,0 +1,100 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as k8s from "@pulumi/kubernetes";
+import { Prefixer } from "#utils/prefixer.js";
+
+export class TTSFrontend extends pulumi.ComponentResource {
+  public readonly name: pulumi.Output<string>;
+  public readonly port = pulumi.output(80);
+
+  constructor(
+    name: string,
+    args: {
+      namespace: pulumi.Input<string>;
+      branch: pulumi.Input<"main" | "develop">;
+    },
+    opts?: pulumi.ComponentResourceOptions,
+  ) {
+    super("niployments:tts:TTSFrontend", name, opts);
+
+    const prefixer = new Prefixer(name);
+
+    const frontendLabels = { app: "tts-frontend" };
+    const frontendPort = 80;
+
+    const deployment = new k8s.apps.v1.Deployment(
+      prefixer.deployment(),
+      {
+        metadata: {
+          namespace: args.namespace,
+          annotations: {
+            "keel.sh/policy": "force",
+            "keel.sh/match-tag": "true",
+          },
+        },
+        spec: {
+          replicas: 1,
+          selector: {
+            matchLabels: frontendLabels,
+          },
+          template: {
+            metadata: {
+              labels: frontendLabels,
+            },
+            spec: {
+              containers: [
+                {
+                  name: "tts-fe",
+                  image: pulumi.interpolate`registry.niaefeup.pt/niaefeup/tts-fe:${args.branch}`,
+                  imagePullPolicy: "Always",
+                  resources: {
+                    limits: {
+                      memory: "128Mi",
+                      cpu: "500m",
+                    },
+                  },
+                  ports: [
+                    {
+                      containerPort: frontendPort,
+                    },
+                  ],
+                },
+              ],
+              imagePullSecrets: [
+                {
+                  name: "harbor-pull-secret",
+                },
+              ],
+            },
+          },
+        },
+      },
+      { parent: this },
+    );
+
+    const service = new k8s.core.v1.Service(
+      prefixer.service(),
+      {
+        metadata: {
+          namespace: args.namespace,
+        },
+        spec: {
+          ports: [
+            {
+              port: this.port,
+              targetPort: frontendPort,
+            },
+          ],
+          selector: frontendLabels,
+        },
+      },
+      { parent: this, dependsOn: [deployment] },
+    );
+
+    this.name = service.metadata.name;
+
+    this.registerOutputs({
+      serviceName: this.name,
+      servicePort: this.port,
+    });
+  }
+}
diff --git a/services/pulumi/niployments/services/tts/index.ts b/services/pulumi/niployments/services/tts/index.ts
@@ -0,0 +1,2 @@
+import "./production/index.js";
+import "./staging/index.js";