4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Devops/removing old infra (#199)

Browse Source
This commit is contained in:
Yanis JEDRZEJCZAK 2024-05-07 16:46:44 +02:00 committed by GitHub
commit 05eb9f5391
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 0 additions and 570 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
.circleci/config.yml
View File

@ -1,105 +0,0 @@
version: 2.1
orbs:
kubernetes: circleci/kubernetes@1.0.0
helm: circleci/helm@2.0.1
jobs:
build-push-docker-image:
docker:
- image: cimg/base:stable
environment:
TAG: << pipeline.git.tag >>
steps:
- checkout
- add_ssh_keys:
fingerprints:
- "4c:8e:00:16:94:44:d9:ad:e9:e9:2c:8b:02:d4:8d:7a"
- run: cp $HOME/.ssh/id_rsa_4c8e00169444d9ade9e92c8b02d48d7a id_rsa
- setup_remote_docker:
version: 20.10.12
docker_layer_caching: true
- run: docker login rg.fr-par.scw.cloud/lecoffre -u nologin -p $SCW_SECRET_KEY_BIS
- run: docker build --tag rg.fr-par.scw.cloud/lecoffre/back:${CIRCLE_SHA1:0:7} .
- run: docker push rg.fr-par.scw.cloud/lecoffre/back:${CIRCLE_SHA1:0:7}
deploy-docker-image:
docker:
- image: cimg/base:stable
environment:
TAG: << pipeline.git.tag >>
parameters:
env:
type: string
default: ppd
steps:
- checkout
- kubernetes/install-kubeconfig:
kubeconfig: KUBECONFIG_DATA
- helm/install-helm-client
- run:
name: Deploy
command: >
helm upgrade
lecoffre-back devops/ -i -f devops/<<parameters.env>>.values.yaml
-n lecoffre-<<parameters.env>>
--create-namespace
--set lecoffreBack.image.repository='rg.fr-par.scw.cloud/lecoffre/back'
--set lecoffreBack.image.tag=${CIRCLE_SHA1:0:7}
--set lecoffreCron.image.repository='rg.fr-par.scw.cloud/lecoffre/back'
--set lecoffreCron.image.tag=${CIRCLE_SHA1:0:7}
workflows:
version: 2
build-and-register-stg:
jobs:
- build-push-docker-image:
filters:
branches:
only: staging
- deploy-docker-image:
env: stg
requires:
- build-push-docker-image
context:
- sc-shared-prd
filters:
branches:
only: staging
build-and-register-ppd:
jobs:
- build-push-docker-image:
filters:
branches:
only: preprod
- deploy-docker-image:
env: ppd
requires:
- build-push-docker-image
context:
- sc-shared-prd
filters:
branches:
only: preprod
build-and-register-prd:
jobs:
- build-push-docker-image:
filters:
branches:
only: main
- deploy-docker-image:
env: prd
requires:
- build-push-docker-image
context:
- sc-shared-prd
filters:
branches:
only: main

3
.github/workflows/prd.yml vendored
View File

@ -5,9 +5,6 @@ on:
branches: [main] branches: [main]
env: env:
PROJECT_ID: c0ed1e9e-d945-461f-920c-98c844ef1ad4
NAMESPACE_ID: 17374437-5428-468c-9f41-d89787ffce0e
CONTAINER_REGISTRY_ENDPOINT: rg.fr-par.scw.cloud/funcscwlecoffreprdg7h5bbub
PROJECT_ID_LECOFFRE: 72d08499-37c2-412b-877e-f8af0471654a PROJECT_ID_LECOFFRE: 72d08499-37c2-412b-877e-f8af0471654a
NAMESPACE_ID_LECOFFRE: 8fbbce9d-31d1-4368-94c4-445e79f10834 NAMESPACE_ID_LECOFFRE: 8fbbce9d-31d1-4368-94c4-445e79f10834

4
.github/workflows/stg.yml vendored
View File

@ -5,10 +5,6 @@ on:
branches: [staging] branches: [staging]
env: env:
PROJECT_ID: c0ed1e9e-d945-461f-920c-98c844ef1ad4
NAMESPACE_ID: 9f949ff2-97bc-4979-ade2-1994dcaabde0
CONTAINER_REGISTRY_ENDPOINT: rg.fr-par.scw.cloud/funcscwlecoffrestgqhhn4ixh
PROJECT_ID_LECOFFRE: 72d08499-37c2-412b-877e-f8af0471654a PROJECT_ID_LECOFFRE: 72d08499-37c2-412b-877e-f8af0471654a
NAMESPACE_ID_LECOFFRE: f8137e85-47ad-46a5-9e2e-18af5de829c5 NAMESPACE_ID_LECOFFRE: f8137e85-47ad-46a5-9e2e-18af5de829c5
CONTAINER_REGISTRY_ENDPOINT_LECOFFRE: rg.fr-par.scw.cloud/funcscwlecoffrestgbqbfhtv6 CONTAINER_REGISTRY_ENDPOINT_LECOFFRE: rg.fr-par.scw.cloud/funcscwlecoffrestgbqbfhtv6

23
devops/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

25
devops/Chart.yaml
View File

@ -1,25 +0,0 @@
apiVersion: v2
name: leCoffre-back
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: 0.5.7

57
devops/ppd.values.yaml
View File

@ -1,57 +0,0 @@
-tpdockerPullSecret: docker-pull-secret
scwSecretKey: AgChoEnPitXp4Ny/rVMEcevaWKNVpyj2cJYAcq+yFqKwVwnLB+ffDvwqz9XBHu+6d4Nyyjkf37zUAMoaM21lEDWA7x3zfG2/D/j+rvX1qxzZgLD0mjBk7fGElVm332I6JA83oInes8AMMYEDPLElzHnpKRb9KtkIP4NzgOcCeW0ijft3N7Vroez6LEHsBPCA1I9XjKSkGEDvrO0MhWX3iJOlfz+SPMfJAV7rPawOs0ZmohTHrPW8qIvGDn8HCzKyU8zRBoMt+Ogpf5pH4U3JryEFuqD61KAQgablAM8edPIvsgNno9HAEuC2QtRLYA9aUhuKdaKuS58c9P2E80PHWXIlbpFCg6EugQTgNfnYp+3qDUNz8edeCfapYLvF4s9eCMGyMsGnpDR8EDNOyuGy7Y3l7okX8Xqu464gMp9E+hX7bHkcD6a4xfyIgJcWxsku0tm1TH1dpn4M1UXRuyZZif8P08nuE6MTUL67sAR9J1lpn4lVEL4kflk0pP2tZ5ncgPQFafJrRz05krMb0eU5tb2H4gs7ao/LL6idWo8MM9K1yr8lIuT5x2WW5CX+RjA+i50ex114V6vX3PNP5oVyt+DynTUB9QmXzVm3oLfDc3Cae1uqh7X0CFd+xiztJBtg0VtJaD/xUJcuWfY4cV2lERo9fRrykltzlJqiXHO4nowt8OtN0BcViVV8NJhPhYFzyb4ympxpOlTjm3GETuT2TYhUqdgS9nzleEAbOmOHZdIO2COunPE=
lecoffreBack:
serviceAccountName: lecoffre-back-sa
command: "'sh', '-c', 'export $(xargs </etc/env/.env) && npm run api:start'"
envSecrets: ppd-env
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
ingress:
host: api-tp.ppd.lecoffre.smart-chain.fr
tls:
hosts:
- api-tp.ppd.lecoffre.smart-chain.fr
secretName: api-tls
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/client_max_body_size: 200m
nginx.ingress.kubernetes.io/client-body-buffer-size: 2M
nginx.ingress.kubernetes.io/proxy-body-size: 200m
env:
- key: .env
scwID: "id:430001f8-68ab-47b2-92e8-38024c35a80d"
lecoffreCron:
serviceAccountName: lecoffre-cron-sa
envSecrets: ppd-env
command: "'sh', '-c', 'export $(xargs </etc/env/.env) && npm run cron'"
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
# key is name of the environment variable, scwID is the secret ID in SCW with "id:" in front
env:
- key: .env
scwID: "id:430001f8-68ab-47b2-92e8-38024c35a80d"

57
devops/prd.values.yaml
View File

@ -1,57 +0,0 @@
dockerPullSecret: docker-pull-secret
scwSecretKey: AgChoEnPitXp4Ny/rVMEcevaWKNVpyj2cJYAcq+yFqKwVwnLB+ffDvwqz9XBHu+6d4Nyyjkf37zUAMoaM21lEDWA7x3zfG2/D/j+rvX1qxzZgLD0mjBk7fGElVm332I6JA83oInes8AMMYEDPLElzHnpKRb9KtkIP4NzgOcCeW0ijft3N7Vroez6LEHsBPCA1I9XjKSkGEDvrO0MhWX3iJOlfz+SPMfJAV7rPawOs0ZmohTHrPW8qIvGDn8HCzKyU8zRBoMt+Ogpf5pH4U3JryEFuqD61KAQgablAM8edPIvsgNno9HAEuC2QtRLYA9aUhuKdaKuS58c9P2E80PHWXIlbpFCg6EugQTgNfnYp+3qDUNz8edeCfapYLvF4s9eCMGyMsGnpDR8EDNOyuGy7Y3l7okX8Xqu464gMp9E+hX7bHkcD6a4xfyIgJcWxsku0tm1TH1dpn4M1UXRuyZZif8P08nuE6MTUL67sAR9J1lpn4lVEL4kflk0pP2tZ5ncgPQFafJrRz05krMb0eU5tb2H4gs7ao/LL6idWo8MM9K1yr8lIuT5x2WW5CX+RjA+i50ex114V6vX3PNP5oVyt+DynTUB9QmXzVm3oLfDc3Cae1uqh7X0CFd+xiztJBtg0VtJaD/xUJcuWfY4cV2lERo9fRrykltzlJqiXHO4nowt8OtN0BcViVV8NJhPhYFzyb4ympxpOlTjm3GETuT2TYhUqdgS9nzleEAbOmOHZdIO2COunPE=
lecoffreBack:
serviceAccountName: lecoffre-back-sa
command: "'sh', '-c', 'export $(xargs </etc/env/.env) && npm run api:start'"
envSecrets: prd-env
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
ingress:
host: api-tp.lecoffre.smart-chain.fr
tls:
hosts:
- api-tp.lecoffre.smart-chain.fr
secretName: api-tls
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/client_max_body_size: 200m
nginx.ingress.kubernetes.io/client-body-buffer-size: 2M
nginx.ingress.kubernetes.io/proxy-body-size: 200m
env:
- key: .env
scwID: "id:8f66af26-2481-4ef2-b4f0-7f076f9ee18b"
lecoffreCron:
serviceAccountName: lecoffre-cron-sa
envSecrets: prd-env
command: "'sh', '-c', 'export $(xargs </etc/env/.env) && npm run cron'"
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
# key is name of the environment variable, scwID is the secret ID in SCW with "id:" in front
env:
- key: .env
scwID: "id:8f66af26-2481-4ef2-b4f0-7f076f9ee18b"

57
devops/stg.values.yaml
View File

@ -1,57 +0,0 @@
dockerPullSecret: docker-pull-secret
scwSecretKey: AgChoEnPitXp4Ny/rVMEcevaWKNVpyj2cJYAcq+yFqKwVwnLB+ffDvwqz9XBHu+6d4Nyyjkf37zUAMoaM21lEDWA7x3zfG2/D/j+rvX1qxzZgLD0mjBk7fGElVm332I6JA83oInes8AMMYEDPLElzHnpKRb9KtkIP4NzgOcCeW0ijft3N7Vroez6LEHsBPCA1I9XjKSkGEDvrO0MhWX3iJOlfz+SPMfJAV7rPawOs0ZmohTHrPW8qIvGDn8HCzKyU8zRBoMt+Ogpf5pH4U3JryEFuqD61KAQgablAM8edPIvsgNno9HAEuC2QtRLYA9aUhuKdaKuS58c9P2E80PHWXIlbpFCg6EugQTgNfnYp+3qDUNz8edeCfapYLvF4s9eCMGyMsGnpDR8EDNOyuGy7Y3l7okX8Xqu464gMp9E+hX7bHkcD6a4xfyIgJcWxsku0tm1TH1dpn4M1UXRuyZZif8P08nuE6MTUL67sAR9J1lpn4lVEL4kflk0pP2tZ5ncgPQFafJrRz05krMb0eU5tb2H4gs7ao/LL6idWo8MM9K1yr8lIuT5x2WW5CX+RjA+i50ex114V6vX3PNP5oVyt+DynTUB9QmXzVm3oLfDc3Cae1uqh7X0CFd+xiztJBtg0VtJaD/xUJcuWfY4cV2lERo9fRrykltzlJqiXHO4nowt8OtN0BcViVV8NJhPhYFzyb4ympxpOlTjm3GETuT2TYhUqdgS9nzleEAbOmOHZdIO2COunPE=
lecoffreBack:
serviceAccountName: lecoffre-back-sa
envSecrets: stg-env
command: "'sh', '-c', 'export $(xargs </etc/env/.env) && npm run api:start'"
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
ingress:
host: api-tp.stg.lecoffre.smart-chain.fr
tls:
hosts:
- api-tp.stg.lecoffre.smart-chain.fr
secretName: api-tls
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/client_max_body_size: 200m
nginx.ingress.kubernetes.io/client-body-buffer-size: 2M
nginx.ingress.kubernetes.io/proxy-body-size: 200m
# key is name of the environment variable, scwID is the secret ID in SCW with "id:" in front
env:
- key: .env
scwID: "id:2be9510b-bb1f-4fbe-ab3e-3dc11fb49051"
lecoffreCron:
serviceAccountName: lecoffre-cron-sa
envSecrets: stg-env
command: "'sh', '-c', 'export $(xargs </etc/env/.env) && npm run cron'"
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
# key is name of the environment variable, scwID is the secret ID in SCW with "id:" in front
env:
- key: .env
scwID: "id:2be9510b-bb1f-4fbe-ab3e-3dc11fb49051"

19
devops/templates/docker-pull-secret.yaml
View File

@ -1,19 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: docker-pull-secret
spec:
refreshInterval: 1h
secretStoreRef:
name: secret-store
kind: SecretStore
target:
template:
type: kubernetes.io/dockerconfigjson
name: docker-pull-secret
creationPolicy: Owner
data:
- secretKey: .dockerconfigjson
remoteRef:
key: {{ .Values.dockerPullSecret }}
version: latest_enabled

74
devops/templates/lecoffre-back.yaml
View File

@ -1,74 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lecoffre-back
{{if .Values.lecoffreBack.ingress.annotations}}
annotations:
{{toYaml .Values.lecoffreBack.ingress.annotations | indent 4 }}
{{end}}
spec:
tls:
- hosts: {{ .Values.lecoffreBack.ingress.tls.hosts }}
secretName: {{ .Values.lecoffreBack.ingress.tls.secretName }}
rules:
- host: {{ .Values.lecoffreBack.ingress.host }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lecoffre-back-svc
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: lecoffre-back-svc
labels:
spec:
ports:
- port: 80
name: http
targetPort: 3001
selector:
app: lecoffre-back
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lecoffre-back
labels:
app: lecoffre-back
spec:
replicas: 1
selector:
matchLabels:
app: lecoffre-back
template:
metadata:
annotations:
labels:
app: lecoffre-back
spec:
serviceAccountName: {{ .Values.lecoffreBack.serviceAccountName }}
imagePullSecrets:
- name: docker-pull-secret
containers:
- name: lecoffre-back
image: "{{ .Values.lecoffreBack.image.repository }}:{{ .Values.lecoffreBack.image.tag }}"
{{if .Values.lecoffreBack.resources}}
resources:
{{toYaml .Values.lecoffreBack.resources | indent 10}}
{{end}}
imagePullPolicy: {{ .Values.lecoffreBack.image.pullPolicy }}
command: [{{ .Values.lecoffreBack.command }}]
volumeMounts:
- name: secret-volume
mountPath: /etc/env
volumes:
- name: secret-volume
secret:
secretName: {{ .Values.lecoffreBack.envSecrets }}

37
devops/templates/lecoffre-cron.yaml
View File

@ -1,37 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lecoffre-cron
labels:
app: lecoffre-cron
spec:
replicas: 1
selector:
matchLabels:
app: lecoffre-cron
template:
metadata:
annotations:
labels:
app: lecoffre-cron
spec:
serviceAccountName: {{ .Values.lecoffreCron.serviceAccountName }}
imagePullSecrets:
- name: docker-pull-secret
containers:
- name: lecoffre-cron
image: "{{ .Values.lecoffreCron.image.repository }}:{{ .Values.lecoffreCron.image.tag }}"
{{if .Values.lecoffreCron.resources}}
resources:
{{toYaml .Values.lecoffreCron.resources | indent 10}}
{{end}}
imagePullPolicy: {{ .Values.lecoffreCron.image.pullPolicy }}
command: [{{ .Values.lecoffreCron.command }}]
volumeMounts:
- name: secret-volume
mountPath: /etc/env
volumes:
- name: secret-volume
secret:
secretName: {{ .Values.lecoffreCron.envSecrets }}

12
devops/templates/sealed-secret.yaml
View File

@ -1,12 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: scw-secret-key
spec:
encryptedData:
SCW_SECRET_KEY: {{ .Values.scwSecretKey }}
template:
metadata:
creationTimestamp: null
name: scw-secret-key

15
devops/templates/secret-store.yaml
View File

@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: secret-store
spec:
provider:
scaleway:
region: fr-par
projectId: c0ed1e9e-d945-461f-920c-98c844ef1ad4
accessKey:
value: SCWNCSH22EMVGT3MNX09
secretKey:
secretRef:
name: scw-secret-key
key: SCW_SECRET_KEY

16
devops/templates/secrets.yaml
View File

@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .Values.lecoffreBack.envSecrets }}
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: secret-store
data:
{{ range $v := .Values.lecoffreBack.env }}
- secretKey: {{ $v.key }}
remoteRef:
key: {{ $v.scwID}}
version: latest_enabled
{{ end }}

30
devops/templates/service-account.yaml
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.lecoffreBack.serviceAccountName }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.lecoffreBack.serviceAccountName }}-token
annotations:
kubernetes.io/service-account.name: {{ .Values.lecoffreBack.serviceAccountName }}
type: kubernetes.io/service-account-token
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.lecoffreCron.serviceAccountName }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.lecoffreCron.serviceAccountName }}-token
annotations:
kubernetes.io/service-account.name: {{ .Values.lecoffreCron.serviceAccountName }}
type: kubernetes.io/service-account-token

36
devops/values.yaml
View File

@ -1,36 +0,0 @@
dockerPullSecret: docker-pull-secret
scwSecretKey: ss
lecoffreBack:
serviceAccountName: lecoffre-back-sa
command: "npm run api:start"
envSecrets: env-env
imagePullSecrets:
- name: docker-pull-secret
image:
pullPolicy: Always
repository: "rg.fr-par.scw.cloud/lecoffre/back"
tag:
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 2Gi
ingress:
host: api.ppd.lecoffre.smart-chain.fr
tls:
hosts:
- api.ppd.lecoffre.smart-chain.fr
secretName: api-tls
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
env:
- key: a
scwID: b