fix: mise en place deploy folder with front and back helm chart

batleforc · Aug 15, 2024 · 754e6f4 · 754e6f4
1 parent 95273a6
commit 754e6f4
Show file tree

Hide file tree

Showing 17 changed files with 486 additions and 46 deletions.
diff --git a/.github/workflows/rust-audit.yml b/.github/workflows/rust-audit.yml
@@ -2,15 +2,15 @@ name: Security audit
 on:
   push:
     paths:
-    - '**/Cargo.toml'
-    - '**/Cargo.lock'
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
   schedule:
-  - cron: '50 23 * * *'
+    - cron: '50 23 * * *'
 jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: rustsec/[email protected]
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/checkout@v4
+      - uses: rustsec/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml
@@ -11,12 +11,12 @@ name: rust-clippy analyze
 
 on:
   push:
-    branches: ["main", "*"]
+    branches: ['main', '*']
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: ["main"]
+    branches: ['main']
   schedule:
-  - cron: '50 23 * * *'
+    - cron: '50 23 * * *'
 
 jobs:
   rust-clippy-analyze:
@@ -27,24 +27,24 @@ jobs:
       security-events: write
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-    - name: Install Rust toolchain
-      uses: dtolnay/rust-toolchain@stable
-      with:
-        toolchain: stable
-        components: clippy, rustfmt
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          components: clippy, rustfmt
 
-    - name: Install required cargo
-      run: cargo install clippy-sarif sarif-fmt cargo-audit
+      - name: Install required cargo
+        run: cargo install clippy-sarif sarif-fmt cargo-audit
 
-    - name: Run rust-clippy
-      run: cargo clippy --all-features --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
-      continue-on-error: true
+      - name: Run rust-clippy
+        run: cargo clippy --all-features --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
+        continue-on-error: true
 
-    - name: Upload analysis results to GitHub
-      uses: github/codeql-action/upload-sarif@v3
-      with:
-        sarif_file: rust-clippy-results.sarif
-        wait-for-processing: true
+      - name: Upload analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: rust-clippy-results.sarif
+          wait-for-processing: true
diff --git a/.github/workflows/rust-coverage.yml b/.github/workflows/rust-coverage.yml
@@ -2,12 +2,12 @@ name: rust-coverage
 
 on:
   push:
-    branches: ["main", "*"]
+    branches: ['main', '*']
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: ["main"]
+    branches: ['main']
   schedule:
-  - cron: '50 23 * * *'
+    - cron: '50 23 * * *'
 
 jobs:
   rust-coverage:
@@ -18,23 +18,23 @@ jobs:
       security-events: write
       actions: read
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-    - name: Install Rust toolchain
-      uses: dtolnay/rust-toolchain@stable
-      with:
-        toolchain: stable
-        components: llvm-tools-preview
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          components: llvm-tools-preview
 
-    - uses: taiki-e/install-action@cargo-llvm-cov
+      - uses: taiki-e/install-action@cargo-llvm-cov
 
-    - name: Collect coverage data (including doctests)
-      run: |
-        cargo llvm-cov --lcov --output-path lcov.info --ignore-filename-regex 'init'
+      - name: Collect coverage data (including doctests)
+        run: |
+          cargo llvm-cov --lcov --output-path lcov.info --ignore-filename-regex 'init'
 
-    - name: Upload coverage reports to Codecov
-      uses: codecov/[email protected]
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-        files: lcov.info
+      - name: Upload coverage reports to Codecov
+        uses: codecov/[email protected]
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: lcov.info
diff --git a/deploy/back/.helmignore b/deploy/back/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deploy/back/Chart.yaml b/deploy/back/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: monofolio-backend
+description: Helm chart for the monofolio backend
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/deploy/back/templates/_helpers.tpl b/deploy/back/templates/_helpers.tpl
@@ -0,0 +1,41 @@
+{{/* Generate object name */}}
+{{- define "mychart.name" }}
+{{- regexMatch "^v[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag | ternary "prod" (regexReplaceAll "\\W+" .Values.image.tag "_") -}}
+{{- end }}
+
+{{/* Generate labels */}}
+{{- define "mychart.labels" -}}
+{{- with .Values.labels }}
+{{- range $key, $value := . }}
+  {{ $key }}: {{ tpl $value $ | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+ {{/* Generate annotations */}}
+{{- define "mychart.annotations" -}}
+{{- with .Values.annotations}}
+{{- range $key, $value := . }}
+  {{ $key }}: {{ tpl $value $ | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/* Generate container env & envSecrets */}}
+{{- define "mychart.env" -}}
+{{- with .Values.env }}
+{{- range $key, $value := . }}
+    - name: {{ $key }}
+        value: {{ tpl $value $ | quote }}
+{{- end }}
+{{- end }}
+{{- with .Values.envSecrets}}
+{{- range $key, $value := . }}
+    - name: {{ $key }}
+        valueFrom:
+            secretKeyRef:
+                name: {{ tpl $value.secretName $ | quote }}
+                key: {{ tpl $value.secretKey $ | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/deploy/back/templates/deployment.yaml b/deploy/back/templates/deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+  labels:
+    app: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+{{- include "mychart.labels" . | nindent 2 }}
+  annotations:
+{{- include "mychart.annotations" . | nindent 2 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+    spec:
+      {{- with .Values.image.pullSecret }}
+      imagePullSecrets:
+        - name: {{ . }}
+      {{- end }}
+      containers:
+        - name: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5437
+              name: http
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- include "mychart.env" . | nindent 12 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
diff --git a/deploy/back/templates/ingress.yaml b/deploy/back/templates/ingress.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+  labels:
+    app: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+{{- include "mychart.labels" . | nindent 2 }}
+  annotations:
+{{- include "mychart.annotations" . | nindent 2 }}
+    {{- if .Values.ingress.annotations }}
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  tls:
+    - hosts:
+        - {{ tpl .Values.ingress.host . | quote }}
+      secretName: "{{- template "mychart.name" . -}}-monofolio-tls"
+  rules:
+    - host: {{ tpl .Values.ingress.host . | quote }}
+      http:
+        paths:
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+                port:
+                  number: 5437
diff --git a/deploy/back/templates/service.yaml b/deploy/back/templates/service.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+  labels:
+    app: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+{{- include "mychart.labels" . | nindent 2 }}
+  annotations:
+{{- include "mychart.annotations" . | nindent 2 }}
+spec:
+  ports:
+    - port: 5437
+      targetPort: 5437
+      name: http
+  selector:
+    app: "{{ .Chart.Name }}-{{- template "mychart.name" . -}}"
+  type: ClusterIP
diff --git a/deploy/back/values.yaml b/deploy/back/values.yaml
@@ -0,0 +1,34 @@
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 20m
+    memory: 64Mi
+
+image:
+  repository: ""
+  pullPolicy: Always
+  tag: "main"
+  pullSecret: "harbor-pull"
+
+labels:
+  app.kubernetes.io/name: "monofolio-backend"
+  app.kubernetes.io/instance: "monofolio-backend-{{- template \"mychart.name\" . }}"
+  app.kubernetes.io/component: backend
+  app.kubernetes.io/part-of: "monofolio-{{- template \"mychart.name\" . }}"
+
+annotations:
+  deployment.kubernetes.io/revision: "{{ .Release.Revision }}"
+  deployment.git-branch: "{{ .Values.image.tag }}"
+
+ingress:
+  annotations:
+    kubernetes.io/ingress.class: "haproxy"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  host: '{{- template "mychart.name" . }}.dev.mono-folio.com'
+
+
+env: []
+
+envSecrets: []
diff --git a/deploy/front/.helmignore b/deploy/front/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/