diff --git a/.env b/.env index 3fcacbf..3f8569c 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -REACT_APP_API_ROOT="https://los-backend.andrew.mesh.nycmesh.net" \ No newline at end of file +REACT_APP_API_ROOT="https://los-backend.mesh.nycmesh.net" \ No newline at end of file diff --git a/.github/workflows/helm-deploy.yaml b/.github/workflows/helm-deploy.yaml new file mode 100644 index 0000000..8ef493d --- /dev/null +++ b/.github/workflows/helm-deploy.yaml @@ -0,0 +1,54 @@ +name: Deploy Helm Chart +permissions: read-all + +on: + workflow_call: + inputs: + environment: + required: true + type: string + +jobs: + helm_deploy: + name: Deploy helm chart + environment: ${{ inputs.environment }} + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Install SSH key + uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 + with: + key: ${{ secrets.SSH_PRIVATE_KEY }} + name: id_ed25519 # optional + known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} + if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) + + - name: Setup WireGuard + run: | + sudo apt install wireguard + echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey + sudo ip link add dev wg1 type wireguard + sudo ip address add dev wg1 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.SSH_TARGET_IP }} + sudo wg set wg1 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} + sudo ip link set up dev wg1 + + - name: Install Helm Chart + run: | + scp ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }}:~/.kube/config ./ + helm upgrade \ + los \ + ./infra/los \ + --install \ + --kubeconfig ./config \ + --kube-apiserver https://${{ secrets.SSH_TARGET_IP }}:6443 \ + -n ${{ vars.APP_NAMESPACE }} \ + --create-namespace \ + -f ./infra/los/values.yaml \ + --set backend.database_url="${{ secrets.BACKEND_DATABASE_URL }}" \ + --set backend.los_database_url="${{ secrets.BACKEND_LOS_DATABASE_URL }}" \ + --set backend.database_user="${{ secrets.BACKEND_DATABASE_USER }}" \ + --set backend.database_password="${{ secrets.BACKEND_DATABASE_PASSWORD }}" \ + --set los_backend.fqdn="${{ vars.BACKEND_FQDN }}" \ + --set los.fqdn="${{ vars.FQDN }}" diff --git a/.github/workflows/publish-and-deploy.yaml b/.github/workflows/publish-and-deploy.yaml index 3ea7351..4667169 100644 --- a/.github/workflows/publish-and-deploy.yaml +++ b/.github/workflows/publish-and-deploy.yaml @@ -5,10 +5,13 @@ on: branches: - meshdb +permissions: read-all + jobs: push_to_registry: name: Push Docker Image to Docker Hub runs-on: ubuntu-latest + if: github.ref == 'refs/heads/meshdb' steps: - name: Check out the repo uses: actions/checkout@v4 @@ -31,22 +34,24 @@ jobs: context: . file: ./Dockerfile push: true - tags: ${{ steps.meta.outputs.tags }} + tags: willnilges/meshdb-line-of-sight:helm + #tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - deploy_to_grandsvc: - name: Deploy to grandsvc + deploy_to_dev3: + name: Deploy to dev 3 needs: push_to_registry - runs-on: ubuntu-latest - steps: - - name: Install SSH key - uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 - with: - key: ${{ secrets.GRANDSVC_KEY }} - name: id_ed25519 # optional - known_hosts: ${{ secrets.GRANDSVC_KNOWN_HOSTS }} - #config: ${{ secrets.CONFIG }} # ssh_config; optional - if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - - name: Pull new Docker image - # Not a huge fan of this GITHUB_REF shenanigans - run: ssh ${{ secrets.GRANDSVC_SSH_TARGET }} "cd network-map-${{ github.ref_name }} && git pull && docker compose pull && docker compose up -d" + uses: ./.github/workflows/helm-deploy.yaml + with: + environment: dev3 + secrets: inherit + if: github.ref == 'refs/heads/meshdb' + + deploy_to_prod1: + name: Deploy to prod 1 + needs: push_to_registry + uses: ./.github/workflows/helm-deploy.yaml + with: + environment: prod1 + secrets: inherit + if: github.ref == 'refs/heads/meshdb' diff --git a/infra/los/.helmignore b/infra/los/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/infra/los/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra/los/Chart.yaml b/infra/los/Chart.yaml new file mode 100644 index 0000000..ec2baba --- /dev/null +++ b/infra/los/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: los +description: A Helm chart for Kubernetes + +type: application + +version: 0.1.0 + +appVersion: "1.16.0" diff --git a/infra/los/templates/_helpers.tpl b/infra/los/templates/_helpers.tpl new file mode 100644 index 0000000..7100d8e --- /dev/null +++ b/infra/los/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "los.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "los.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "los.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "los.labels" -}} +helm.sh/chart: {{ include "los.chart" . }} +{{ include "los.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "los.selectorLabels" -}} +app.kubernetes.io/name: {{ include "los.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "los.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "los.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/infra/los/templates/backend.yaml b/infra/los/templates/backend.yaml new file mode 100644 index 0000000..2f9ba0d --- /dev/null +++ b/infra/los/templates/backend.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "los.fullname" . }}-backend + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "los.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: los-backend + {{- include "los.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }}-backend + image: "{{ .Values.los_backend.image.repository }}:{{ .Values.los_backend.image.tag }}" + imagePullPolicy: {{ .Values.los_backend.image.pullPolicy }} + envFrom: + - secretRef: + name: backend-secrets + ports: + - name: http + containerPort: {{ .Values.los_backend.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/los/templates/backend_ingress.yaml b/infra/los/templates/backend_ingress.yaml new file mode 100644 index 0000000..6377f5c --- /dev/null +++ b/infra/los/templates/backend_ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "los.fullname" . }}-backend + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + rules: + - host: {{ .Values.los_backend.fqdn }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "los.fullname" . }}-backend + port: + number: {{ .Values.los_backend.port }} diff --git a/infra/los/templates/backend_secrets.yaml b/infra/los/templates/backend_secrets.yaml new file mode 100644 index 0000000..09ae450 --- /dev/null +++ b/infra/los/templates/backend_secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: backend-secrets + namespace: {{ .Values.los_namespace }} +type: Opaque +data: + DATABASE_URL: {{ .Values.backend.database_url | b64enc | quote }} + LOS_DATABASE_URL: {{ .Values.backend.los_database_url | b64enc | quote }} diff --git a/infra/los/templates/backend_service.yaml b/infra/los/templates/backend_service.yaml new file mode 100644 index 0000000..81d6d59 --- /dev/null +++ b/infra/los/templates/backend_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "los.fullname" . }}-backend + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.los_backend.port }} + targetPort: {{ .Values.los_backend.port }} + protocol: TCP + name: http + selector: + app: los-backend diff --git a/infra/los/templates/frontend.yaml b/infra/los/templates/frontend.yaml new file mode 100644 index 0000000..cdbb333 --- /dev/null +++ b/infra/los/templates/frontend.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "los.fullname" . }} + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "los.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: los + {{- include "los.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.los.image.repository }}:{{ .Values.los.image.tag }}" + imagePullPolicy: {{ .Values.los.image.pullPolicy }} + env: + - name: NODE_ENV + value: production + ports: + - name: http + containerPort: {{ .Values.los.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/los/templates/frontend_ingress.yaml b/infra/los/templates/frontend_ingress.yaml new file mode 100644 index 0000000..6541371 --- /dev/null +++ b/infra/los/templates/frontend_ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "los.fullname" . }} + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + rules: + - host: {{ .Values.los.fqdn }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "los.fullname" . }} + port: + number: {{ .Values.los.port }} diff --git a/infra/los/templates/frontend_service.yaml b/infra/los/templates/frontend_service.yaml new file mode 100644 index 0000000..d45a3ac --- /dev/null +++ b/infra/los/templates/frontend_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "los.fullname" . }} + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.los.port }} + targetPort: {{ .Values.los.port }} + protocol: TCP + name: http + selector: + app: los diff --git a/infra/los/templates/los_config.yaml b/infra/los/templates/los_config.yaml new file mode 100644 index 0000000..6633b6c --- /dev/null +++ b/infra/los/templates/los_config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: los-config + namespace: {{ .Values.los_namespace }} +data: + POSTGRES_HOST_AUTH_METHOD: trust + POSTGRES_DB: {{ .Values.los_database.db_name }} diff --git a/infra/los/templates/los_database.yaml b/infra/los/templates/los_database.yaml new file mode 100644 index 0000000..0ecb2f7 --- /dev/null +++ b/infra/los/templates/los_database.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "los.fullname" . }}-los-database + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "los.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: los-database + {{- include "los.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }}-los-database + image: "{{ .Values.los_database.image.repository }}:{{ .Values.los_database.image.tag }}" + imagePullPolicy: {{ .Values.los_database.image.pullPolicy }} + envFrom: + - secretRef: + name: los-secrets + - configMapRef: + name: los-config + volumeMounts: + - name: pg-data-vol + mountPath: /var/lib/postgresql/data + subPath: postgres + ports: + - name: db + containerPort: {{ .Values.los_database.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: pg-data-vol + persistentVolumeClaim: + claimName: {{ .Values.los_database.pvc_name }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/infra/los/templates/los_database_pvc.yaml b/infra/los/templates/los_database_pvc.yaml new file mode 100644 index 0000000..e76a88b --- /dev/null +++ b/infra/los/templates/los_database_pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.los_database.pvc_name }} + namespace: {{ .Values.los_namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: {{ .Values.los_database.pvc_size }} \ No newline at end of file diff --git a/infra/los/templates/los_database_service.yaml b/infra/los/templates/los_database_service.yaml new file mode 100644 index 0000000..76eb7dc --- /dev/null +++ b/infra/los/templates/los_database_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "los.fullname" . }}-database-service + namespace: {{ .Values.los_namespace }} + labels: + {{- include "los.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.los_database.port }} + targetPort: {{ .Values.los_database.port }} + protocol: TCP + name: db + selector: + app: los-database diff --git a/infra/los/templates/los_secrets.yaml b/infra/los/templates/los_secrets.yaml new file mode 100644 index 0000000..77efa3e --- /dev/null +++ b/infra/los/templates/los_secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: los-secrets + namespace: {{ .Values.los_namespace }} +type: Opaque +data: + POSTGRES_USER: {{ .Values.backend.database_user | b64enc | quote }} + POSTGRES_PASSWORD: {{ .Values.backend.database_password | b64enc | quote }} diff --git a/infra/los/values.yaml b/infra/los/values.yaml new file mode 100644 index 0000000..7cd57be --- /dev/null +++ b/infra/los/values.yaml @@ -0,0 +1,50 @@ +replicaCount: 1 + +los_namespace: "los" + +los: + image: + repository: willnilges/meshdb-line-of-sight + tag: helm + pullPolicy: Always + port: 3000 + +los_backend: + image: + repository: andrewdickinson/meshdb-los-tool + tag: latest + pullPolicy: Always + port: 3000 + +los_database: + image: + repository: postgis/postgis + tag: latest + pullPolicy: Always + port: 5432 + db_name: los + pvc_name: "los-postgis-pvc" + pvc_size: "3Gi" + +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} +podLabels: {} + +resources: {} + +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +nodeSelector: {} + +tolerations: [] + +affinity: {}