Skip to content

Commit

Permalink
Merge pull request #459 from sparcs-kaist/deploy
Browse files Browse the repository at this point in the history
k8s migration
  • Loading branch information
SnowSuno authored Jan 18, 2024
2 parents 40e203d + 7840876 commit a0d5f31
Show file tree
Hide file tree
Showing 14 changed files with 237 additions and 3 deletions.
64 changes: 64 additions & 0 deletions .github/workflows/push_image_ecr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
name: Push Prod Image to Amazon ECR

# when tagging action success
on:
pull_request:
types:
- closed
branches:
- main

env:
AWS_REGION: ap-northeast-2

jobs:
image-build-and-push:
name: Build and Push
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}

- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build Image and Push to AWS ECR
id: build_image_and_push
uses: docker/build-push-action@v5
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: biseo-server
with:
file: .docker/api.Dockerfile
push: true
tags: |
"${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new

- name: Remove old cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
3 changes: 3 additions & 0 deletions .prettierignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
pnpm-lock.yaml
**/dist
deployment/**/*.yaml
.github/**/*.yml
**/*.md
1 change: 1 addition & 0 deletions deployment/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
**/secret.yaml
32 changes: 32 additions & 0 deletions deployment/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Deployment Resource Definitions for Taxi Backend Service

### directories
```
├── README.md
├── base
│ ├── kustomization.yaml
│ ├── db
│ │ ├── deployment.yaml
│ │ └── service.yaml
│ └── server
│ ├── configmap.yaml
│ ├── deployment.yaml
│ ├── ingress.yaml
│ ├── sealed-secret.yaml
│ ├── secret-template.yaml
│ ├── secret.yaml
│ └── service.yaml
└── overlays
└── dev
└── kustomization.yaml
```

*under base folder*
- shared resource definitions for all environments

*under overlay folder*
- environment specific settings
- you can add more environments

### Using kubeseal
[Document Notion Link](https://www.notion.so/sparcs/K8S-Sealed-Secret-kubeseal-c3e315e429c442bebf8998b048404e17) [sparcs only]
8 changes: 8 additions & 0 deletions deployment/base/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./server/deployment.yaml
- ./server/configmap.yaml
- ./server/service.yaml
- ./server/ingress.yaml
- ./server/sealed-secret.yaml
10 changes: 10 additions & 0 deletions deployment/base/server/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: biseo-env
data:
NODE_ENV: "production"
SERVER_PORT: "8000"
DB_NAME: biseo
DB_USER: mysql
DB_ROOT_HOST: '%'
29 changes: 29 additions & 0 deletions deployment/base/server/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: biseo-server
labels:
app: biseo-server
spec:
replicas: 2
selector:
matchLabels:
app: biseo-server
template:
metadata:
labels:
app: biseo-server
spec:
containers:
- name: biseo-server
image: 666583083672.dkr.ecr.ap-northeast-2.amazonaws.com/biseo-server:latest
ports:
- containerPort: 8000
envFrom:
- secretRef:
name: biseo-secret
env:
- name: NODE_ENV
value: "production"
- name: SERVER_PORT
value: "8000"
34 changes: 34 additions & 0 deletions deployment/base/server/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/healthcheck-path: /api
alb.ingress.kubernetes.io/target-type: 'instance'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:666583083672:certificate/2f5020e0-01dd-43dd-aa7e-0699015d6b89
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-2016-08
name: biseo-ingress
namespace: biseo
finalizers:
- ingress.k8s.aws/resources
labels:
app: biseo-ingress
spec:
ingressClassName: alb
rules:
- host: biseo-staging.sparcs.org
http:
paths:
- path: /
backend:
service:
name: biseo-svc
port:
number: 8000
pathType: Prefix
tls:
- hosts:
- biseo-staging.sparcs.org
21 changes: 21 additions & 0 deletions deployment/base/server/sealed-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: biseo-secret
namespace: biseo
spec:
encryptedData:
DB_PASSWORD: AgDQqGE3NnusAsJkHwP6MC39ZJlmN184ABTCC6CspSVaSZH8xfMFg4QD1G1i82rj1drWjmcL+U++zEtWXQruVocmACbBoE4AtRr9TbDpfRNKXJ4zCR0aU56t6NP07JUma6ON0HO7RKqv5Dx7+BE8eriKq+Ye8AEm9YbDHQgZ/vsRcBQpwY/qoIPZiFyc7yb/sIGEUmBDDURT6EAgHAhF6Ys+BB6K0Zt1diqKsyEuGj5G0UEVADiuv8Ijhog33Ni7VvCkAmVK6dVis05JE08HEAUuBplqu/WN1lrsP4UXcid0Rtn03my32B/e+mvljXlQiKcBFGeGhD+cKrd3XgSn/QpxpggIZ3+TzxdhWIfg5L6HGdlG6jU205S4Gc2UAyVIsxzUv+mKUg1/XWSKa2I0vQ4nk8nvan8MOtduu0v8pOQc8Zr/1qaHI3fMuXlUSki6++h3j84aiBmnBBpQwZg0npqNnb/S/4s0Lya5m8TA5xITLD3BovUZ+vzKqvbwTPt1vjBb4GTVg7UDnz7PoSFHLW5A+A/B+UoBpW4qJK7UhNnagBWe/djCsRxexApkC/x5Z7Xjroxr6/8Xw3ncAIbn7jKur3HgCjQLVsz8SoD+zuFiaOm939FonlQ5T5EQZJqC1oxJaPUPkKedxW73x39CD4HMbHJrchqEbkQJ/kpOUFeAnu4cMZiYBPWjg6FHNeI2ictExiiN
DB_URL: AgAhPXnLilS6ibEvkHK4Y5wa2HXoIPbWm3thLaSxi2x+1gwJmBqUd6tf6zzyweQtdSrlDX7Q8KGJ+fT1IUNDnG0rDAUceeObatX44l5q18YxG23EoB+jAm9su4DFmArZOXLd4W9eY1vm0cEGYJklpMYM5hztVc/MvlB9lqh0kGmyfPSFU4QL5zXg562Iu8kyrvbOM8BnqmEj5epfikusSIxO4UBC8UjC+B2Uh0FfOJvqTzZzPUjcaqWIrajE20lSZyCP+oKWbFGP8OWT47zaBPYuTgAGYrPEOAcXiP6EUJJhg29DbK/n/YPx31BcWIH7FJG+406NpL2uzk8qjmPO2wee9Q0VBn2kdluAxP28J9TcsNxpKFgYfTiMB8lPR/jxwYTd3uH81LMh8FObRR8IB3zuleeRPsHRFNr0i5ZNgjgf7JvIKhtEZNpazeBK+EiIOuMsM1Dy8u3U6HcSHjP/fdV19JGWUC5VwqlwsPyfFGl5LaGMh+lYHl0J5tjRzdKltZJqcjNhNLIa1LwG/bsLlQQPzK2Z8MxU24pX73/UGqgr9L9bnai5eiP84PU2g6K2rmgLo7OfbgrtKQZn/9TCA3JZBeL1VtFtAx1LG89K5a7NFfmUB5CT2VaKO+hqKzwEjmf0GjAnrKDxGUeQtGTYiW+kN3ngjBFz4WlyQaRceRv3xhLT8usJ6556CoKoBMwx0+5bfC6UOhS8FAbgT9EUU9CXneWQJ+SYamYRTO4APzWmY95IHHqf
SECRET_KEY: AgA1OaVQrQh7xJ53dRc4yb3cgqIBKf9bifM/g2bor6FTjO0/0mYIiEOhly+WRfGmJD2BUcM6Zi3bNULl0cCZTImNfGkTCAr4zF/CCpIsZ2dR2nthwaMjBVGGghTcuAgYE1bo8AtawSm+/RrJWNgPhjcg+mfuFM8d4SS+CsO4PH9yKHIZrb/Be1LJ2zdrXc/1S6rrsbjwC2dDCaFcXiCcdkCoIQzBMVC2xfQ0QXOnSMnZtF7UOu8M3iYGFdHdMrWLYgW94AjtpSEr+19glZo4ZkMSswcPAw2TZWT8pd9Dn4TfOctS/eUGGmCVKsFdre5q937/oL14PN+RREOwEaMdK7qPnJ5XZAY5RpFmw4WUWMBMz5plqliIbLNkPlV/3WoTDvsyDJ5Z6LrVf62/VGAlasChaQ8b8Nn2LuEprSZoHlmOFabraUE+UOF5BupW3up/MEBT9tCekSZSH96KpE8/QB3qyr4yHEhbN9mJUYJd4pwHf/b8K26c5a0dnLBIo73fKof+wm/7E8734v1Zb0tae/ZKcpHYa4+7UIS6beGPksV5zfM6eW82oSCG74uhoMKNLreaAVZUeO9UAJRg5fW1CxymeaTZEUVOZNqPjQclDnUPrfbuovfO9dcjoqKhTDOa12X3t/s3Cn+HA+GqObWpWPGMclVtQ2y+mK9RZI0BTCOGHaBPAzPa73szboBGwE26OgovgOGwMw==
rootHost: AgAlhEkc4mCV1BbzDpFnP+aLW/Gmfo2Oq9sPj++E09nJg1mEEfzbWxjosZECOPFPJQKZCJT7z8KUxVRSa0UZ2kmvFwPeDnQDKSJmXcIl1iwn6PU1XgE6n0L/f+gRNkNmJ3+OYCKnUlGvisIFd913IDjL3/sQ7IEYXRt1UoRChF53k/Z7G7ub7CkBG2Vv4Ghmid2nzYJwitDrPVb/CGdoLAxvU1CEeJcifbZIR6ZZJQ+4D94m1WzVIGAXRU9uggQZGQpsj8Xk+USGbzAa+oKh2o+Oa2iDaGFLCq0Ue6k/2A/AtEbBzqBfCFTfMzPiP+mIRQwCmKfeGfy7YLwzdLiZl101VJWCW5S3iHg5JAivpuMBcwvUQFf/9nzPvoKygXBh5nQAonP7ddhCDtI+PEE8R09jJiKYaLjWn1lsg+HcW2IwLmUFOh1OF2PxmKJhiN8V517yzfXB9i2pZ6T0rcD0qpEzlRrJZ9DhFOdVcIRtCGAsDQXkJ1MBa61+gN/7la9Rry+iCxYJ7/L1DBzalZygSlnqoVTaGbFVmf+G0N2pUXRATnvH6X/px0zF3ffwq40fIkpj5a/0zazqmkUvpRbeCs5rDNRQNmuVMo3j+elRbqvXRYXcWTf/LT9zyVZIHahzDVnGdQ6Djh1udpliBU8pzQJsvrFcAZEkQ/xq3b1pwRb9Lkzf9gM3qtdibRIZr2VNLMWP
rootPassword: AgCPAEcagvd9tBjNdb/xPMsDLrgVooYEZXU3stUf5d6ozJdEpj8v+m1/98ktVSOAmofu2CtDqjWJyPhB00238aLaOzcQNvfDrt25GOsWW+mxuQVhgSsxuBDO8zVuR1dme3z+sy5xyy7Nh4FGmeiEH38Tyep827TTqCGRWwv0QLcesoakgt3qvW5NJ4TXR4dVGz4ybTIQ9g+cTuzQD80i0l00eXnzic3OXkTQFdcLgHBkK4agYGQ02dSfxtrkYrQqk9mVoxQAmaXZa5jcSbmzWt3l5FL6JWrT8OLb1Qcucm2a8IaNJhzpY6o53Yackfk2HotbRk3D87srpa454FLbsH/laeAPrIFMwU64jFU12YHwRThMTto1tdBVczBiNXd/2cDVYZ4fhd+vNigJh8LgugsNY7uBNfqGlC4gPcLvrFyH/Ax3nPOkrHLUWT+2YX5htwSYQjedMsak6htw1Z3j6qbnTGgfhlRXnvWAtapJIsT/X5LL5GFtOWREioKhehQ4Nh53dbld897r6TOYbC8rMfW/G33IBj9HfSHvAC3H4DccRP1nEzJ06h7Z7s8IaC7kyI069ert5+QSLhAr+ZZz4ScqAzwoakvN6jHoXpimQPc2typFb7yKraC7Wb8maQ17SopNlLm/S2I7N5xYfyq5oDDimm0+ZkeYKKLAxen3lXg+LUSXFvN4Z1QziiTvsVq/TJfCnSqS
rootUser: AgAMk97SMwm5SBY/OE+1RepQ0w6s7yTYaRAA8nvfP7dHagFqJ23w5EwA8l6KE2JG12YCVpwvrjCd7Y+Z/x0Y4VTjIodyhNK6zQGu+C74s9/4u+ZrKJA9nOyc0cUA1HLGOea567eVfbHooTSSGseF6fts2sbg2NllbRUU3nvflyhIz+CH3quQilDyiSgcYpEefbu1BvDOGeQFSJOz6mh1U+iZyKFprlkPIents6UKRnvdVoJu4sXHzHMyvr8b9EcORaIR8gLemf0QWxpcNEvpjjHBmnJUTaWoNuzh64WAisqNspSEu7Hd3jsXawkJUDkM1IJDS0WUHY99BipmAgr8gFPzZYtJYabQv2P+tBeaKwozYLGWMHV4ZiKdF/Tlbrkoz3LoLdJF0BbO32io+5nyodokYXdc57DwTBTeliI6pRj1tvav8r2ili4X9+Mm7eryg2Bi1TwOtj9KKjs7NcwkWpShUajal4AxT/FsCze6GSZX4cPsFsydHPH5h1kcykfukbeaorvkEYlbe5iXWRTMkYLEhR6rmLxeYZiqbpQ1S/EyMHGUK6lugBNgo/FMV7PztCsNpKdLUjCmrMvXDsKu3sMxSrBl33FKJeSPIoYQHm/PDCzrGk8osO0FmlbinJwnWmipdaEe4M0fz7ldXIDk8F/0j2quQ21qI/d+rsGI1mQb9svPakuDGcxW1M7ZkCda8ixjXZPD
template:
metadata:
creationTimestamp: null
name: biseo-secret
namespace: biseo
type: Opaque
10 changes: 10 additions & 0 deletions deployment/base/server/secret-template.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: biseo-secret
namespace: biseo
type: Opaque
data:
DATABASE_URL: base64encodedvalue
DB_PASSWORD: base64encodedvalue
SECRET_KEY: base64encodedvalue
12 changes: 12 additions & 0 deletions deployment/base/server/service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: biseo-svc
spec:
type: NodePort
selector:
app: biseo-server
ports:
- protocol: TCP
port: 8000
targetPort: 8000
7 changes: 7 additions & 0 deletions deployment/overlays/dev/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: ghcr.io/sparcs-kaist/biseo-server
newTag: latest
resources:
- ../../base
2 changes: 1 addition & 1 deletion packages/api/prisma/schema.prisma
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ generator client {

datasource db {
provider = "mysql"
url = env("DATABASE_URL")
url = env("DB_URL")
}

model Agenda {
Expand Down
7 changes: 5 additions & 2 deletions packages/api/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,19 @@ import { agendaRouter } from "@biseo/api/listener/agenda";
import { agendaTemplateRouter } from "@biseo/api/listener/agenda.template";
import { userTagRouter } from "@biseo/api/listener/user.tag";

const corsOrigin =
env.NODE_ENV === "development" ? "*" : [/sparcs\.org$/, /kaist\.ac\.kr$/];

const app = express();
const httpServer = createServer(app);
const io: BiseoServer = new Server(httpServer, {
path: "/api/socket",
cors: { origin: "*" },
cors: { origin: corsOrigin },
});
const port = env.SERVER_PORT ?? 8000;

app.use(express.json());
app.use(cors());
app.use(cors({ origin: corsOrigin }));

app.get("/api", (req, res) => {
res.send("Hello World!");
Expand Down

0 comments on commit a0d5f31

Please sign in to comment.