From e659f05469b6efa06e994089054b606e118dde87 Mon Sep 17 00:00:00 2001 From: "Marco Emilio \"sphakka\" Poleggi" <marcoep@ieee.org> Date: Mon, 16 Dec 2024 20:09:10 +0100 Subject: [PATCH] Added K8s files. Doc fixes Signed-off-by: Marco Emilio "sphakka" Poleggi <marcoep@ieee.org> --- .../playbooks/files/backend-deployment.yaml | 46 +++++++++++++++++++ Ansible/playbooks/files/configmaps.yaml | 11 +++++ .../playbooks/files/frontend-deployment.yaml | 24 ++++++++++ Ansible/playbooks/files/lb-deployment.yaml | 41 ----------------- Makefile | 2 +- README.md | 15 +++--- 6 files changed, 90 insertions(+), 49 deletions(-) create mode 100644 Ansible/playbooks/files/backend-deployment.yaml create mode 100644 Ansible/playbooks/files/configmaps.yaml create mode 100644 Ansible/playbooks/files/frontend-deployment.yaml delete mode 100644 Ansible/playbooks/files/lb-deployment.yaml diff --git a/Ansible/playbooks/files/backend-deployment.yaml b/Ansible/playbooks/files/backend-deployment.yaml new file mode 100644 index 0000000..cf6a0b6 --- /dev/null +++ b/Ansible/playbooks/files/backend-deployment.yaml @@ -0,0 +1,46 @@ +# backend-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + labels: + app: web-sso + tier: backend +spec: + replicas: 1 + selector: + matchLabels: + app: web-sso + tier: backend + template: + metadata: + labels: + app: web-sso + tier: backend + spec: + containers: + - name: backend + image: web-sso-backend:latest + ports: + - containerPort: 8000 + # @TODO: declare env from config map + resources: + requests: + memory: "256Mi" + cpu: "200m" + limits: + memory: "512Mi" + cpu: "500m" +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service +spec: + selector: + app: web-sso + tier: backend + ports: + - port: 8000 + targetPort: 8000 + type: ClusterIP diff --git a/Ansible/playbooks/files/configmaps.yaml b/Ansible/playbooks/files/configmaps.yaml new file mode 100644 index 0000000..962c6b8 --- /dev/null +++ b/Ansible/playbooks/files/configmaps.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: backend-config +data: + FLASK_APP: main.py + FLASK_ENV: development + S3_BUCKET_NAME: project-web-sso + SWITCH_ENDPOINT_URL: "<your-s3-endpoint>" + SWITCH_ACCESS_KEY_ID: "<your-s3-access-key-id>" + SWITCH_SECRET_ACCESS_KEY: "<your-s3-secret-key>" diff --git a/Ansible/playbooks/files/frontend-deployment.yaml b/Ansible/playbooks/files/frontend-deployment.yaml new file mode 100644 index 0000000..eb81942 --- /dev/null +++ b/Ansible/playbooks/files/frontend-deployment.yaml @@ -0,0 +1,24 @@ +# frontend-deployment.yaml +# This is very similar to the backend-deployment.yaml manifest +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + labels: + app: web-sso + tier: frontend +spec: + # @TODO: complete this part + # * use the right port, labels, image + # * two replicas + # * no need for a config map + # * limit resources: cpu and memory to half compared to the backend +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service +spec: + # @TODO: complete this part + # * use the right selector, app, tier, port + # * use appropriate _type_ for a load-balancer (see the old lb-deployment.yaml) diff --git a/Ansible/playbooks/files/lb-deployment.yaml b/Ansible/playbooks/files/lb-deployment.yaml deleted file mode 100644 index a05ea07..0000000 --- a/Ansible/playbooks/files/lb-deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: http-echo -spec: - replicas: 2 - selector: - matchLabels: - app: http-echo - template: - metadata: - labels: - app: http-echo - spec: - nodeSelector: - kubernetes.io/hostname: kind-worker # Schedule pods on one worker node - containers: - - name: http-echo - image: hashicorp/http-echo - args: - - >- - -text=Hello from Kubernetes! My IP is $(POD_IP) - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - containerPort: 5678 ---- -apiVersion: v1 -kind: Service -metadata: - name: loadbalancer -spec: - type: LoadBalancer - selector: - app: http-echo - ports: - - port: 80 - targetPort: 5678 diff --git a/Makefile b/Makefile index 56938ae..7e4f55e 100644 --- a/Makefile +++ b/Makefile @@ -137,7 +137,7 @@ _s3cred: } $(echoo) "$(_s3_creds)" > $(s3_cred_file) || exit 1 chmod 0600 $(s3_cred_file) - ln -s $(application_dir)/backend/.env $(s3_cred_file) + # ln -s $(application_dir)/backend/.env $(s3_cred_file) $(log-info) "Please adapt your AWS/S3 credentials in file '$(s3_cred_file)'" install: diff --git a/README.md b/README.md index 712c80d..bdbf28b 100644 --- a/README.md +++ b/README.md @@ -353,7 +353,7 @@ map: plus an S3 storage bucket -- no KinD/Kubectl package installation. Commit your recipe files and in directory `Terraform/` -- Cloud-init files are already in sub-folder `conf/`. -5. Complete your Ansible playbook `lb-deployment.yaml`, starting from the +5. Complete your Ansible playbook `kind-metallb.yml`, starting from the version you developed in [Lab-Ansible](https://gitedu.hesge.ch/lsds/teaching/bachelor/cloud-and-deployment/lab-ansible) Task #10, to (commit all related files in directory `Ansible/`): @@ -369,8 +369,9 @@ Your **deliverables** are the following files: * Terraform: a single `main.tf` recipe (vars and outputs files are also OK) * Ansible: a single `kind-metallb.yml` playbook. **N.B. Any other playbook will be ignored!** - * K8s: the `lb-deployment.yaml` service manifest. The remaining files - shouldn't need to be modified. + * K8s: two service deployment manifests `backend-deployment.yaml` and + `frontend-deployment.yaml`. The remaining MetalLB files shouldn't need to + be modified. :bulb: References: @@ -499,9 +500,9 @@ though it is not safe for production use, it is enough for our purposes. :hammer_and_wrench: You shall - 1. write a ConfigMap file `s3_credentials.yaml` based on the + 1. complete the provided ConfigMap file `configmaps.yaml` like the `s3_credentials.env` used for Docker; - 2. extend your K8s deployment YAML file with + 2. extend your K8s deployment YAML files with * support for the two app containers -- the front-end shall be load-balanced; * a `configMapRef` for the back-end using the above ConfigMap file. @@ -510,8 +511,8 @@ Of course, once all files are ready, any related operations shall be handled by Ansible. Specifically, a change in the ConfigMap shall trigger a back-end service redeployment. -:bulb: For better security, you may use K8s secrets. This would be a -**bonus**. +:bulb: For better security, you may use a K8s Secret manifest instead of the +ConfigMap. This would be a **bonus**. :bulb: References: -- GitLab