diff --git a/inventory/group_vars/local b/inventory/group_vars/local index 9e72108..0bd4efb 100644 --- a/inventory/group_vars/local +++ b/inventory/group_vars/local @@ -1,4 +1,20 @@ project_terraform: "/home/valentin/terraform" +project_backend: "/home/valentin/k8s_backend" +project_kubeconfig: "/home/valentin/.kube/config" region_k8s: "fr-par" -project_name: "terraform-test" -quarkus_project: "covas-quarkus" \ No newline at end of file +project_name_tf: "terraform-test" +quarkus_project: "covas-quarkus" + +mailer_host: "smtp.gmail.com" +mailer_from: "valczebackup@gmail.com" +mailer_port: "587" + +port: 8083 +targetPort: 8080 + + +backend_yaml: + - backend-deployment + - backend-service + - env-configmap + - secret \ No newline at end of file diff --git a/inventory/group_vars/local_vault b/inventory/group_vars/local_vault index c9ed39a..e6c23c7 100644 --- a/inventory/group_vars/local_vault +++ b/inventory/group_vars/local_vault @@ -1,11 +1,46 @@ $ANSIBLE_VAULT;1.1;AES256 -30366237393836333338316164656633656435383866666462663830643463633064356261396431 -3066613335326464373833346430373663333736353537630a653934316366383165346238663134 -30376439373634323636613566373534353138653964613236326464653662306136653964313861 -6135623361346639650a646533383761393435303833336138346164633161613739323765323664 -65623039633039343039303931626138316132613433666136633336326433653561343761316363 -66666230343165383130353939303633623264663161663030336533663437363630383565353064 -35376633323564623361613663356230663664323261383564653433656638306432343132343631 -32386232316234643464326533303065653535633064393438663931336334373965313064386532 -66306664303937356636366564623830623764386136663830636634326438373963666134613430 -6530323937303637393934376466396565343133613736663166 +30356465363432393266326366393162306331353564346565663139336538613832396135306537 +6262336438613736636266623766333233336631656661640a663838373936613666373133383632 +32613962623330303964333161373165363164646266396461633233346136336630646631306564 +3939363432643961610a313338306136303132666461393637643235623361393830653534643137 +38623038613364396538353533336631633863343834333030653164303231346263316435356231 +61383966663834333662393138303035613330366533663037326532356332633839363763356466 +63396536323864383933346434363231396164613838316162656333626634373936643738386565 +32326532346334343666383632306264636132613266333863626462366530306439613130333564 +38623461613739343461386564323865316332653530623862313163396566616230653030653266 +61613836303231363534393531373233363332316639316137653132336638356161333764373562 +34363034353935633437353466303364653039626137383534633239316563373663623030646330 +38383639326563643266346530616666646337373765643336326536303864613363663536643465 +34343663373131323437666462303763366439356362306337356131383932353731393935343931 +32613333373439343864653864636438646431306637613038313061663961653033643465643864 +31333366663037373835326330316535326134393761333662326665333464666164623336666439 +35313066303830343737343063396335383461653338303734353461643736343163346565323864 +65356437376663386535646437653566326532346462313932346435393730366530646164323537 +35363633333065356162653762623239343836356230303734316130383234313536623339626531 +36643434336233626234333235636566313566353939616433373465666362316663353336653162 +32346534333665353934653738343335356137643539376639323164393837383065323436363064 +35643762656365313261373030336339616266333765613735346565623138366533626335633033 +38373732626337353535656230636235373535363332376535343162666266393931303236653631 +33653432633337306230396434316230663438363630313038386538663732393863633837313638 +31663763303462343063613638663361626462623035336465383661646433643833636361346236 +32386263326664363338633861643264383462313863666662623033323761613132666130353235 +34633261303761623033633964323862666137333035306333323932346334356365333563316630 +34313263306561303538353134613233313337323636623230616532383133613561333439663337 +64376230363038306238656236653366353738633436623330383239373062313831393066313838 +38653532356632383765613530373034396639633064383336393934353061656266633463336333 +66356538616233313936376565386432303134306363343734333563333266643062666231303532 +37363664396165653333656661376334333432376566666237316232643234386332323936346630 +63303563363162356666643732366131393066333838363935613336353062633862353838613761 +64333939663733643132366334653835633733623539393735313961613131303934363731663231 +64313434613934336630306165343665376261353562656634356365613137346232633431343734 +63363532313765646434346132313434373366656332353133383530306639633062633365613932 +65383865643262666666383933363534623838653661376531303763623261323937626335373635 +32623262343130383462316462643338363433653133353737633562353330313533303835666634 +65386336616466316663356236316466353164353139326333316362303737343335353731366531 +36653062323764316332353136343738616338313465333261363664663934393038343237313135 +64363036636634646137616365366538613338343761646137623432396539363035663031313464 +66646663373838316161643161613838343139346165663331373334383334316562353235633461 +65316666616334653034393165616434306664633336613639636433663761363932396663396630 +64383961623136623639306435663965303632663039653538646463663235653333306434313931 +32636536643536636561663534346633663464333830646139383939626665393964353739616435 +35663834393738646130316564633966653765303033356132393961653831646362 diff --git a/inventory/hosts b/inventory/hosts index 093d215..d2cab72 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -1,9 +1,13 @@ -vps ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin +vps-host ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin valentin-nas ansible_connection=ssh ansible_host=151.80.37.38 ansible_port=2424 ansible_user=valentin drone-host ansible_connection=ssh ansible_host=151.80.37.38 ansible_port=2424 ansible_user=valentin -localhost ansible_host=127.0.0.1 +localhost ansible_host=127.0.0.1 ansible_python_interpreter=/usr/bin/python3.10 -[db] +[vps] +vps-host + +[db:children] +local vps [db_vault:children] diff --git a/playbook.yml b/playbook.yml index ab57557..c598e5a 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,5 @@ --- -- hosts: registry db drone +- hosts: registry vps remote_user: valentin roles: - server diff --git a/scaleway-k8s/files/requierements.txt b/scaleway-k8s/files/requierements.txt new file mode 100644 index 0000000..759a68d --- /dev/null +++ b/scaleway-k8s/files/requierements.txt @@ -0,0 +1 @@ +ovh \ No newline at end of file diff --git a/scaleway-k8s/tasks/create-build.yml b/scaleway-k8s/tasks/create-build.yml index 7773caa..20b479b 100644 --- a/scaleway-k8s/tasks/create-build.yml +++ b/scaleway-k8s/tasks/create-build.yml @@ -27,4 +27,34 @@ - name: Template env file template: src: "env-build.j2" - dest: "{{ home_dir }}/{{ quarkus_project }}/.env" \ No newline at end of file + dest: "{{ home_dir }}/{{ quarkus_project }}/.env" + +- name: Pause for build image + pause: + prompt: aller au dossier {{ home_dir }}/{{ quarkus_project }}, et exécuter le script build-image.sh + +- name: Get quarkus image + docker_image_info: + name: quarkus-native + register: result + +- name: Check quarkus image + assert: + that: + - result.images | length == 1 + +- name: Login to scaleway registry + docker_login: + registry_url: rg.fr-par.scw.cloud/covas + username: nologin + password: "{{ token_scaleway }}" + reauthorize: true + + +- name: Tag and push to custom registry + docker_image: + name: quarkus-native + repository: rg.fr-par.scw.cloud/covas/quarkus-native + tag: latest + push: yes + source: local diff --git a/scaleway-k8s/tasks/deploy-backend.yml b/scaleway-k8s/tasks/deploy-backend.yml new file mode 100644 index 0000000..0a09c15 --- /dev/null +++ b/scaleway-k8s/tasks/deploy-backend.yml @@ -0,0 +1,98 @@ +--- +# tasks file for create cluster k8s via terraform + +- name: Create directory {{ project_terraform }} + file: + path: "{{ project_backend }}" + state: directory + +- name: Copy backend k8s yaml + template: + src: "{{ item }}.yaml.j2" + dest: "{{ project_backend }}/{{ item }}.yaml" + with_items: "{{ backend_yaml }}" + +- name: Create a k8s namespace + kubernetes.core.k8s: + name: testing + api_version: v1 + kind: Namespace + state: present + + +- name: Apply deployment + kubernetes.core.k8s: + src: "{{ project_backend }}/backend-deployment.yaml" + state: present + +- name: Apply services + kubernetes.core.k8s: + src: "{{ project_backend }}/backend-service.yaml" + state: present + +- name: Apply configmap + kubernetes.core.k8s: + src: "{{ project_backend }}/env-configmap.yaml" + state: present + + +- name: Apply secret + kubernetes.core.k8s: + src: "{{ project_backend }}/secret.yaml" + state: present + +- name: En attente d'une adresse IP publique du cluster + ansible.builtin.pause: + minutes: 2 + +- name: Get IP Cluster + block: + - name: Fetch services + set_fact: + service: "{{ query('kubernetes.core.k8s', kind='Service', namespace='testing') }}" + register: result + + - name: debug services + debug: + msg: "{{ result.ansible_facts.service[0].status.loadBalancer.ingress[0].ip }}" + + - name: Test API Backend + ansible.builtin.uri: + url: "http://{{ result.ansible_facts.service[0].status.loadBalancer.ingress[0].ip }}:{{ port }}/api/hello" + status_code: 200 + method: GET + tags: ["services", "dns"] + +- name: Add DNS for IP Cluster + block: + - name: Copy script add or update DNS + template: + src: "dns_add_update.py.j2" + dest: "{{ project_backend }}/dns_add_update.py" + + - name: Copy requierements python + copy: + src: "requierements.txt" + dest: "{{ project_backend }}" + + - name: Pip install requierements + shell: "pip3.10 install -r {{ project_backend }}/requierements.txt" + + - name: En attente de l'installation des packages + ansible.builtin.pause: + minutes: 2 + + - name: Add or update DNS + shell: "python3.10 {{ project_backend }}/dns_add_update.py --ip {{ result.ansible_facts.service[0].status.loadBalancer.ingress[0].ip }}" + register: result + + - name: Display result script + debug: + msg: "{{ result }}" + + - name: Test API Backend with DNS + ansible.builtin.uri: + url: "http://api.valczeryba.ovh:{{ port }}/api/hello" + status_code: 200 + method: GET + tags: [ "dns" ] \ No newline at end of file diff --git a/scaleway-k8s/tasks/destroy-backend.yml b/scaleway-k8s/tasks/destroy-backend.yml new file mode 100644 index 0000000..9cdd82d --- /dev/null +++ b/scaleway-k8s/tasks/destroy-backend.yml @@ -0,0 +1,42 @@ +--- +# tasks file for create cluster k8s via terraform + +- name: Apply deployment + kubernetes.core.k8s: + src: "{{ project_backend }}/backend-deployment.yaml" + state: absent + +- name: Apply services + kubernetes.core.k8s: + src: "{{ project_backend }}/backend-service.yaml" + state: absent + +- name: Apply configmap + kubernetes.core.k8s: + src: "{{ project_backend }}/env-configmap.yaml" + state: absent + + +- name: Apply secret + kubernetes.core.k8s: + src: "{{ project_backend }}/secret.yaml" + state: absent + + +- name: Create a k8s namespace + kubernetes.core.k8s: + name: testing + api_version: v1 + kind: Namespace + state: absent + + +- name: Create directory {{ project_terraform }} + file: + path: "{{ project_backend }}" + state: absent + + + + + diff --git a/scaleway-k8s/tasks/kubeconfig.yml b/scaleway-k8s/tasks/kubeconfig.yml index f3cabab..77561a3 100644 --- a/scaleway-k8s/tasks/kubeconfig.yml +++ b/scaleway-k8s/tasks/kubeconfig.yml @@ -16,6 +16,10 @@ method: GET headers: X-Auth-Token: "{{ scw_secret_key }}" - when: item.name == "{{ project_name }}" + when: item.name == "{{ project_name_tf }}" with_items: "{{ (output.content |from_json).clusters }}" - \ No newline at end of file + +- name: Copy kubeconfig + copy: + src: "{{ project_terraform }}/kubeconfig" + dest: "{{ project_kubeconfig }}" \ No newline at end of file diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml index 80fb2c6..4a16e49 100644 --- a/scaleway-k8s/tasks/main.yml +++ b/scaleway-k8s/tasks/main.yml @@ -10,6 +10,15 @@ import_tasks: kubeconfig.yml tags: ["create-cluster", "kubeconfig"] +- name: Deploy a API backend + import_tasks: deploy-backend.yml + tags: ["deploy"] + +- name: Deploy a API backend + import_tasks: destroy-backend.yml + tags: ["destroy"] + + - name: Destroy cluster k8s scaleway via terraform import_tasks: destroy-cluster.yml tags: ["destroy-cluster"] diff --git a/scaleway-k8s/templates/backend-deployment.yaml.j2 b/scaleway-k8s/templates/backend-deployment.yaml.j2 new file mode 100644 index 0000000..b01033e --- /dev/null +++ b/scaleway-k8s/templates/backend-deployment.yaml.j2 @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f ../docker-compose.yml + kompose.version: 1.26.0 (40646f47) + creationTimestamp: null + labels: + io.kompose.service: backend + name: backend + namespace: testing +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: backend + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f ../docker-compose.yml + kompose.version: 1.26.0 (40646f47) + creationTimestamp: null + labels: + io.kompose.service: backend + spec: + imagePullSecrets: + - name: regcred + containers: + - env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + key: POSTGRES_DB + name: env + - name: POSTGRES_PASSWORD + valueFrom: + configMapKeyRef: + key: POSTGRES_PASSWORD + name: env + - name: POSTGRES_PORT + valueFrom: + configMapKeyRef: + key: POSTGRES_PORT + name: env + - name: POSTGRES_URL + valueFrom: + configMapKeyRef: + key: POSTGRES_URL + name: env + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + key: POSTGRES_USER + name: env + - name: REDIS_PORT + valueFrom: + configMapKeyRef: + key: REDIS_PORT + name: env + - name: REDIS_URL + valueFrom: + configMapKeyRef: + key: REDIS_URL + name: env + - name: MAILER_FROM + valueFrom: + configMapKeyRef: + key: MAILER_FROM + name: env + - name: MAILER_HOST + valueFrom: + configMapKeyRef: + key: MAILER_HOST + name: env + - name: MAILER_PORT + valueFrom: + configMapKeyRef: + key: MAILER_PORT + name: env + - name: MAILER_USERNAME + valueFrom: + configMapKeyRef: + key: MAILER_USERNAME + name: env + - name: MAILER_PASSWORD + valueFrom: + configMapKeyRef: + key: MAILER_PASSWORD + name: env + image: rg.fr-par.scw.cloud/covas/quarkus-native + name: backend + + ports: + - containerPort: 8080 + resources: {} + restartPolicy: Always +status: {} diff --git a/scaleway-k8s/templates/backend-service.yaml.j2 b/scaleway-k8s/templates/backend-service.yaml.j2 new file mode 100644 index 0000000..79ee8f5 --- /dev/null +++ b/scaleway-k8s/templates/backend-service.yaml.j2 @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f ../docker-compose.yml + kompose.version: 1.26.0 (40646f47) + creationTimestamp: null + labels: + io.kompose.service: backend + name: backend + namespace: testing +spec: + ports: + - name: "{{ port }}" + port: {{ port }} + targetPort: {{ targetPort }} + type: LoadBalancer + selector: + io.kompose.service: backend +status: + loadBalancer: {} diff --git a/scaleway-k8s/templates/dns_add_update.py.j2 b/scaleway-k8s/templates/dns_add_update.py.j2 new file mode 100644 index 0000000..c9ade17 --- /dev/null +++ b/scaleway-k8s/templates/dns_add_update.py.j2 @@ -0,0 +1,49 @@ +# -*- encoding: utf-8 -*- +''' +First, install the latest release of Python wrapper: $ pip install ovh +''' +import json +import ovh +import argparse + +parser = argparse.ArgumentParser() +parser.add_argument('--ip', help='foo help') +args = parser.parse_args() + +# Instanciate an OVH Client. +# You can generate new credentials with full access to your account on +# the token creation page +client = ovh.Client( + endpoint='ovh-eu', # Endpoint of API OVH Europe (List of available endpoints) + application_key='{{ application_key }}', # Application Key + application_secret='{{ application_secret }}', # Application Secret + consumer_key='{{ consumer_key }}', # Consumer Key +) + +result = client.get('/domain/zone/valczeryba.ovh/record', + fieldType='A', + subDomain='api', +) + +# Pretty print + +if len(result) > 0: + for idDns in result: + result = client.get('/domain/zone/valczeryba.ovh/record/{0}'.format(idDns)) + if result["target"] != args.ip: + result = client.put('/domain/zone/valczeryba.ovh/record/{0}'.format(idDns), + subDomain='api', + target=args.ip, + ) + print(result) + + + +else: + result = client.post('/domain/zone/valczeryba.ovh/record', + fieldType='A', + subDomain='api', + target=args.ip, + ttl=None, + ) + print(result) \ No newline at end of file diff --git a/scaleway-k8s/templates/env-build.j2 b/scaleway-k8s/templates/env-build.j2 index 6851bde..c6b9915 100644 --- a/scaleway-k8s/templates/env-build.j2 +++ b/scaleway-k8s/templates/env-build.j2 @@ -5,3 +5,10 @@ POSTGRES_URL={{ postgres_url }} POSTGRES_PORT={{ postgres_port }} REDIS_URL={{ redis_url }} REDIS_PORT={{ redis_port }} + + +MAILER_FROM={{ mailer_from }} +MAILER_HOST={{ mailer_host }} +MAILER_PORT={{ mailer_port }} +MAILER_USERNAME={{ mailer_username }} +MAILER_PASSWORD={{ mailer_password }} \ No newline at end of file diff --git a/scaleway-k8s/templates/env-configmap.yaml.j2 b/scaleway-k8s/templates/env-configmap.yaml.j2 new file mode 100644 index 0000000..ee8c114 --- /dev/null +++ b/scaleway-k8s/templates/env-configmap.yaml.j2 @@ -0,0 +1,22 @@ +apiVersion: v1 +data: + POSTGRES_DB: {{ postgres_db }} + POSTGRES_PASSWORD: {{ postgres_password }} + POSTGRES_PORT: "{{ postgres_port }}" + POSTGRES_URL: {{ postgres_url }} + POSTGRES_USER: {{ postgres_user }} + REDIS_PORT: "{{ redis_port }}" + REDIS_URL: {{ redis_url }} + MAILER_FROM: {{ mailer_from }} + MAILER_HOST: {{ mailer_host }} + MAILER_PORT: "{{ mailer_port }}" + MAILER_USERNAME: {{ mailer_username }} + MAILER_PASSWORD: {{ mailer_password }} +kind: ConfigMap +metadata: + creationTimestamp: null + labels: + io.kompose.service: backend-env + name: env + namespace: testing + diff --git a/scaleway-k8s/templates/main.tf.j2 b/scaleway-k8s/templates/main.tf.j2 index 0453bae..c5fe332 100644 --- a/scaleway-k8s/templates/main.tf.j2 +++ b/scaleway-k8s/templates/main.tf.j2 @@ -8,8 +8,8 @@ terraform { } - resource "scaleway_k8s_cluster" "{{ project_name }}" { - name = "{{ project_name }}" + resource "scaleway_k8s_cluster" "{{ project_name_tf }}" { + name = "{{ project_name_tf }}" version = "1.24.3" cni = "cilium" project_id = "{{ project_id }}" @@ -17,7 +17,7 @@ terraform { } resource "scaleway_k8s_pool" "john" { - cluster_id = scaleway_k8s_cluster.{{ project_name }}.id + cluster_id = scaleway_k8s_cluster.{{ project_name_tf }}.id name = "john" node_type = "DEV1-M" size = 1 @@ -26,9 +26,9 @@ terraform { resource "null_resource" "kubeconfig" { depends_on = [scaleway_k8s_pool.john] # at least one pool here triggers = { - host = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].host - token = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].token - cluster_ca_certificate = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].cluster_ca_certificate + host = scaleway_k8s_cluster.{{ project_name_tf }}.kubeconfig[0].host + token = scaleway_k8s_cluster.{{ project_name_tf }}.kubeconfig[0].token + cluster_ca_certificate = scaleway_k8s_cluster.{{ project_name_tf }}.kubeconfig[0].cluster_ca_certificate } } diff --git a/scaleway-k8s/templates/secret.yaml.j2 b/scaleway-k8s/templates/secret.yaml.j2 new file mode 100644 index 0000000..686913e --- /dev/null +++ b/scaleway-k8s/templates/secret.yaml.j2 @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + .dockerconfigjson: {{ dockerconfigjson }} +kind: Secret +metadata: + creationTimestamp: "2022-11-26T19:19:41Z" + name: regcred + namespace: testing + uid: {{ uid_secret }} +type: kubernetes.io/dockerconfigjson diff --git a/server/tasks/main.yml b/server/tasks/main.yml index 13efea6..362c108 100644 --- a/server/tasks/main.yml +++ b/server/tasks/main.yml @@ -8,17 +8,17 @@ - name: Deploy services import_tasks: deploy.yml - tags: ["deploy", "create"] + tags: ["configure", "create"] - name: Start services import_tasks: start.yml - tags: ["deploy", "start"] + tags: ["configure", "start"] - name: stop services import_tasks: stop.yml - tags: ["destroy", "stop"] + tags: ["deconfigure", "stop"] - name: Remove services import_tasks: remove.yml - tags: ["destroy"] + tags: ["deconfigure"] diff --git a/server/tasks/remove.yml b/server/tasks/remove.yml index 9c6e9f3..e8a6b83 100644 --- a/server/tasks/remove.yml +++ b/server/tasks/remove.yml @@ -15,4 +15,8 @@ - name: Remove project file: path: "{{ project_src }}" - state: absent \ No newline at end of file + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" \ No newline at end of file