diff --git a/Ansible/playbooks/files/backend-deployment.yaml b/Ansible/playbooks/files/backend-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cf6a0b675567704344a04ce320b4497bee4c38bf --- /dev/null +++ b/Ansible/playbooks/files/backend-deployment.yaml @@ -0,0 +1,46 @@ +# backend-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + labels: + app: web-sso + tier: backend +spec: + replicas: 1 + selector: + matchLabels: + app: web-sso + tier: backend + template: + metadata: + labels: + app: web-sso + tier: backend + spec: + containers: + - name: backend + image: web-sso-backend:latest + ports: + - containerPort: 8000 + # @TODO: declare env from config map + resources: + requests: + memory: "256Mi" + cpu: "200m" + limits: + memory: "512Mi" + cpu: "500m" +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service +spec: + selector: + app: web-sso + tier: backend + ports: + - port: 8000 + targetPort: 8000 + type: ClusterIP diff --git a/Ansible/playbooks/files/configmaps.yaml b/Ansible/playbooks/files/configmaps.yaml new file mode 100644 index 0000000000000000000000000000000000000000..962c6b85de46c119269c08ab5e8b6d9602db5370 --- /dev/null +++ b/Ansible/playbooks/files/configmaps.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: backend-config +data: + FLASK_APP: main.py + FLASK_ENV: development + S3_BUCKET_NAME: project-web-sso + SWITCH_ENDPOINT_URL: "<your-s3-endpoint>" + SWITCH_ACCESS_KEY_ID: "<your-s3-access-key-id>" + SWITCH_SECRET_ACCESS_KEY: "<your-s3-secret-key>" diff --git a/Ansible/playbooks/files/frontend-deployment.yaml b/Ansible/playbooks/files/frontend-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eb81942393a091015c3fc01554de00b27b895a66 --- /dev/null +++ b/Ansible/playbooks/files/frontend-deployment.yaml @@ -0,0 +1,24 @@ +# frontend-deployment.yaml +# This is very similar to the backend-deployment.yaml manifest +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + labels: + app: web-sso + tier: frontend +spec: + # @TODO: complete this part + # * use the right port, labels, image + # * two replicas + # * no need for a config map + # * limit resources: cpu and memory to half compared to the backend +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service +spec: + # @TODO: complete this part + # * use the right selector, app, tier, port + # * use appropriate _type_ for a load-balancer (see the old lb-deployment.yaml) diff --git a/Ansible/playbooks/files/lb-deployment.yaml b/Ansible/playbooks/files/lb-deployment.yaml deleted file mode 100644 index a05ea071992ce109bafc0c3417e8076158eef5f1..0000000000000000000000000000000000000000 --- a/Ansible/playbooks/files/lb-deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: http-echo -spec: - replicas: 2 - selector: - matchLabels: - app: http-echo - template: - metadata: - labels: - app: http-echo - spec: - nodeSelector: - kubernetes.io/hostname: kind-worker # Schedule pods on one worker node - containers: - - name: http-echo - image: hashicorp/http-echo - args: - - >- - -text=Hello from Kubernetes! My IP is $(POD_IP) - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - containerPort: 5678 ---- -apiVersion: v1 -kind: Service -metadata: - name: loadbalancer -spec: - type: LoadBalancer - selector: - app: http-echo - ports: - - port: 80 - targetPort: 5678 diff --git a/Makefile b/Makefile index 56938aeb13e7ca2ea9b29a5b9370e1fe4ef979e9..7e4f55ea7e8233fa640fa78787b95b6f7451d290 100644 --- a/Makefile +++ b/Makefile @@ -137,7 +137,7 @@ _s3cred: } $(echoo) "$(_s3_creds)" > $(s3_cred_file) || exit 1 chmod 0600 $(s3_cred_file) - ln -s $(application_dir)/backend/.env $(s3_cred_file) + # ln -s $(application_dir)/backend/.env $(s3_cred_file) $(log-info) "Please adapt your AWS/S3 credentials in file '$(s3_cred_file)'" install: diff --git a/README.md b/README.md index 712c80dca8501838f618f902e189cf02e3af6a6e..bdbf28bc17ee73866f2a1f4516bcd2bad5c418d7 100644 --- a/README.md +++ b/README.md @@ -353,7 +353,7 @@ map: plus an S3 storage bucket -- no KinD/Kubectl package installation. Commit your recipe files and in directory `Terraform/` -- Cloud-init files are already in sub-folder `conf/`. -5. Complete your Ansible playbook `lb-deployment.yaml`, starting from the +5. Complete your Ansible playbook `kind-metallb.yml`, starting from the version you developed in [Lab-Ansible](https://gitedu.hesge.ch/lsds/teaching/bachelor/cloud-and-deployment/lab-ansible) Task #10, to (commit all related files in directory `Ansible/`): @@ -369,8 +369,9 @@ Your **deliverables** are the following files: * Terraform: a single `main.tf` recipe (vars and outputs files are also OK) * Ansible: a single `kind-metallb.yml` playbook. **N.B. Any other playbook will be ignored!** - * K8s: the `lb-deployment.yaml` service manifest. The remaining files - shouldn't need to be modified. + * K8s: two service deployment manifests `backend-deployment.yaml` and + `frontend-deployment.yaml`. The remaining MetalLB files shouldn't need to + be modified. :bulb: References: @@ -499,9 +500,9 @@ though it is not safe for production use, it is enough for our purposes. :hammer_and_wrench: You shall - 1. write a ConfigMap file `s3_credentials.yaml` based on the + 1. complete the provided ConfigMap file `configmaps.yaml` like the `s3_credentials.env` used for Docker; - 2. extend your K8s deployment YAML file with + 2. extend your K8s deployment YAML files with * support for the two app containers -- the front-end shall be load-balanced; * a `configMapRef` for the back-end using the above ConfigMap file. @@ -510,8 +511,8 @@ Of course, once all files are ready, any related operations shall be handled by Ansible. Specifically, a change in the ConfigMap shall trigger a back-end service redeployment. -:bulb: For better security, you may use K8s secrets. This would be a -**bonus**. +:bulb: For better security, you may use a K8s Secret manifest instead of the +ConfigMap. This would be a **bonus**. :bulb: References: