diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..d8275937f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,115 @@ +name: ashley actions + +on: + workflow_dispatch + +env: + AWS_REGION: us-east-1 + ECR_REPOSITORY: gitopsrepo + EKS_CLUSTER: gitops-eks + +jobs: + Testing: + runs-on: ubuntu-latest + steps: + - name: code checkout + uses: actions/checkout@v4 + + - name: Maven test + run: mvn test + + - name: Checkstyle + run: mvn checkstyle:checkstyle + + - name: set java 11 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '11' + + - name: setup sonarqube + uses: warchant/setup-sonar-scanner@v7 + + - name: SonarQube Scan + run: | + sonar-scanner \ + -Dsonar.host.url=${{ secrets.SONAR_URL }} \ + -Dsonar.login=${{ secrets.SONAR_TOKEN }} \ + -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \ + -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} \ + -Dsonar.sources=src/ \ + -Dsonar.junit.reportsPath=target/surefire-reports/ \ + -Dsonar.jacoco.reportsPath=target/jacoco.exec \ + -Dsonar.java.checkstyle.reportPaths=target/checkstyle-result.xml \ + -Dsonar.java.binaries=target/test-classes/com/visualpathit/account/controllerTest/ + + BUILD_AND_PUBLISH: + needs: Testing + runs-on: ubuntu-latest + steps: + - name: code checkout + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Log in to Amazon ECR + run: | + aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com + + - name: Build & Upload image to ECR + uses: appleboy/docker-ecr-action@master + with: + access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} + secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com + repo: ${{ env.ECR_REPOSITORY }} + region: ${{ env.AWS_REGION }} + tags: latest,${{ github.run_number }} + daemon_off: false + dockerfile: ./Dockerfile + context: ./ + + DeployToEKS: + needs: BUILD_AND_PUBLISH + runs-on: ubuntu-latest + steps: + - name: code checkout + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Get Kube config file + run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER }} + + - name: Print config file + run: cat ~/.kube/config + + - name: Delete existing regcred secret (if it exists) + run: | + kubectl delete secret regcred || true + + - name: Login to ECR + run: kubectl create secret docker-registry regcred --docker-server=${{ secrets.REGISTRY }} --docker-username=AWS --docker-password=$(aws ecr get-login-password) + + - name: Deploy Helm + uses: bitovi/github-actions-deploy-eks-helm@v1.2.8 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + cluster-name: ${{ env.EKS_CLUSTER }} + #config-files: .github/values/dev.yaml + chart-path: helm/ashgitopscharts + namespace: default + values: appimage=${{ secrets.REGISTRY }}/${{ env.ECR_REPOSITORY }},apptag=${{ github.run_number }} + name: ashley-stack diff --git a/helm/ashgitopscharts/.helmignore b/helm/ashgitopscharts/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/helm/ashgitopscharts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/ashgitopscharts/Chart.yaml b/helm/ashgitopscharts/Chart.yaml new file mode 100644 index 000000000..7a192ad5f --- /dev/null +++ b/helm/ashgitopscharts/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ashgitopscharts +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/ashgitopscharts/templates/app-secret.yml b/helm/ashgitopscharts/templates/app-secret.yml new file mode 100644 index 000000000..17771a782 --- /dev/null +++ b/helm/ashgitopscharts/templates/app-secret.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: app-secret +type: Opaque +data: + db-pass: dnByb2RicGFzcw== + rmq-pass: Z3Vlc3Q= diff --git a/helm/ashgitopscharts/templates/db-CIP.yml b/helm/ashgitopscharts/templates/db-CIP.yml new file mode 100644 index 000000000..2ecb8da72 --- /dev/null +++ b/helm/ashgitopscharts/templates/db-CIP.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: vprodb +spec: + ports: + - port: 3306 + targetPort: vprodb-port + protocol: TCP + selector: + app: vprodb + type: ClusterIP diff --git a/helm/ashgitopscharts/templates/mc-CIP.yml b/helm/ashgitopscharts/templates/mc-CIP.yml new file mode 100644 index 000000000..ab74ddb75 --- /dev/null +++ b/helm/ashgitopscharts/templates/mc-CIP.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: vprocache01 +spec: + ports: + - port: 11211 + targetPort: vpromc-port + protocol: TCP + selector: + app: vpromc + type: ClusterIP diff --git a/helm/ashgitopscharts/templates/mcdep.yml b/helm/ashgitopscharts/templates/mcdep.yml new file mode 100644 index 000000000..d7e1804eb --- /dev/null +++ b/helm/ashgitopscharts/templates/mcdep.yml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vpromc + labels: + app: vpromc +spec: + selector: + matchLabels: + app: vpromc + replicas: 1 + template: + metadata: + labels: + app: vpromc + spec: + containers: + - name: vpromc + image: memcached + ports: + - name: vpromc-port + containerPort: 11211 diff --git a/helm/ashgitopscharts/templates/rmq-CIP-service.yml b/helm/ashgitopscharts/templates/rmq-CIP-service.yml new file mode 100644 index 000000000..129c62435 --- /dev/null +++ b/helm/ashgitopscharts/templates/rmq-CIP-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: vpromq01 +spec: + ports: + - port: 5672 + targetPort: vpromq01-port + protocol: TCP + selector: + app: vpromq01 + type: ClusterIP diff --git a/helm/ashgitopscharts/templates/rmq-dep.yml b/helm/ashgitopscharts/templates/rmq-dep.yml new file mode 100644 index 000000000..b8c6ea4ad --- /dev/null +++ b/helm/ashgitopscharts/templates/rmq-dep.yml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vpromq01 + labels: + app: vpromq01 +spec: + selector: + matchLabels: + app: vpromq01 + replicas: 1 + template: + metadata: + labels: + app: vpromq01 + spec: + containers: + - name: vpromq01 + image: rabbitmq + ports: + - name: vpromq01-port + containerPort: 15672 + env: + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + name: app-secret + key: rmq-pass + - name: RABBITMQ_DEFAULT_USER + value: "guest" + diff --git a/helm/ashgitopscharts/templates/vproapp-service.yml b/helm/ashgitopscharts/templates/vproapp-service.yml new file mode 100644 index 000000000..3c5510cc9 --- /dev/null +++ b/helm/ashgitopscharts/templates/vproapp-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-app +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: vproapp + type: ClusterIP diff --git a/helm/ashgitopscharts/templates/vproappdep.yml b/helm/ashgitopscharts/templates/vproappdep.yml new file mode 100644 index 000000000..79a6b5155 --- /dev/null +++ b/helm/ashgitopscharts/templates/vproappdep.yml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vproapp + labels: + app: vproapp +spec: + replicas: 1 + selector: + matchLabels: + app: vproapp + template: + metadata: + labels: + app: vproapp + spec: + containers: + - name: vproapp + image: vprofile/vprofileapp + ports: + - name: vproapp-port + containerPort: 8080 + initContainers: + - name: init-mydb + image: busybox + command: ['sh', '-c', 'until nslookup vprodb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done;'] + - name: init-memcache + image: busybox + command: ['sh', '-c', 'until nslookup vprocache01.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done;'] diff --git a/helm/ashgitopscharts/templates/vprodbdep.yml b/helm/ashgitopscharts/templates/vprodbdep.yml new file mode 100644 index 000000000..a11b9e9c0 --- /dev/null +++ b/helm/ashgitopscharts/templates/vprodbdep.yml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vprodb + labels: + app: vprodb +spec: + selector: + matchLabels: + app: vprodb + replicas: 1 + template: + metadata: + labels: + app: vprodb + spec: + containers: + - name: vprodb + image: vprofile/vprofiledb + ports: + - name: vprodb-port + containerPort: 3306 + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: app-secret + key: db-pass +# env: +# - name: MYSQL_ROOT_PASSWORD +# value: "vprodbpass" + diff --git a/helm/ashgitopscharts/templates/vproingress.yaml b/helm/ashgitopscharts/templates/vproingress.yaml new file mode 100644 index 000000000..9c6a1cd22 --- /dev/null +++ b/helm/ashgitopscharts/templates/vproingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vpro-ingress + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: vprofile.thehkh.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: my-app + port: + number: 8080 diff --git a/helm/ashgitopscharts/values.yaml b/helm/ashgitopscharts/values.yaml new file mode 100644 index 000000000..da13c07ff --- /dev/null +++ b/helm/ashgitopscharts/values.yaml @@ -0,0 +1,123 @@ +# Default values for ashgitopscharts. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +replicaCount: 1 + +# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ +image: + repository: nginx + # This sets the pull policy for images. + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# This is to override the chart name. +nameOverride: "" +fullnameOverride: "" + +#This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} +# This is for setting Kubernetes Labels to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ +service: + # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: ClusterIP + # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports + port: 80 + +# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +#This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {}