From e659f05469b6efa06e994089054b606e118dde87 Mon Sep 17 00:00:00 2001
From: "Marco Emilio \"sphakka\" Poleggi" <marcoep@ieee.org>
Date: Mon, 16 Dec 2024 20:09:10 +0100
Subject: [PATCH] Added K8s files. Doc fixes

Signed-off-by: Marco Emilio "sphakka" Poleggi <marcoep@ieee.org>
---
 .../playbooks/files/backend-deployment.yaml   | 46 +++++++++++++++++++
 Ansible/playbooks/files/configmaps.yaml       | 11 +++++
 .../playbooks/files/frontend-deployment.yaml  | 24 ++++++++++
 Ansible/playbooks/files/lb-deployment.yaml    | 41 -----------------
 Makefile                                      |  2 +-
 README.md                                     | 15 +++---
 6 files changed, 90 insertions(+), 49 deletions(-)
 create mode 100644 Ansible/playbooks/files/backend-deployment.yaml
 create mode 100644 Ansible/playbooks/files/configmaps.yaml
 create mode 100644 Ansible/playbooks/files/frontend-deployment.yaml
 delete mode 100644 Ansible/playbooks/files/lb-deployment.yaml

diff --git a/Ansible/playbooks/files/backend-deployment.yaml b/Ansible/playbooks/files/backend-deployment.yaml
new file mode 100644
index 0000000..cf6a0b6
--- /dev/null
+++ b/Ansible/playbooks/files/backend-deployment.yaml
@@ -0,0 +1,46 @@
+# backend-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  labels:
+    app: web-sso
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web-sso
+      tier: backend
+  template:
+    metadata:
+      labels:
+        app: web-sso
+        tier: backend
+    spec:
+      containers:
+      - name: backend
+        image: web-sso-backend:latest
+        ports:
+        - containerPort: 8000
+        # @TODO: declare env from config map
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "200m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+spec:
+  selector:
+    app: web-sso
+    tier: backend
+  ports:
+  - port: 8000
+    targetPort: 8000
+  type: ClusterIP
diff --git a/Ansible/playbooks/files/configmaps.yaml b/Ansible/playbooks/files/configmaps.yaml
new file mode 100644
index 0000000..962c6b8
--- /dev/null
+++ b/Ansible/playbooks/files/configmaps.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backend-config
+data:
+  FLASK_APP: main.py
+  FLASK_ENV: development
+  S3_BUCKET_NAME: project-web-sso
+  SWITCH_ENDPOINT_URL: "<your-s3-endpoint>"
+  SWITCH_ACCESS_KEY_ID: "<your-s3-access-key-id>"
+  SWITCH_SECRET_ACCESS_KEY: "<your-s3-secret-key>"
diff --git a/Ansible/playbooks/files/frontend-deployment.yaml b/Ansible/playbooks/files/frontend-deployment.yaml
new file mode 100644
index 0000000..eb81942
--- /dev/null
+++ b/Ansible/playbooks/files/frontend-deployment.yaml
@@ -0,0 +1,24 @@
+# frontend-deployment.yaml
+# This is very similar to the backend-deployment.yaml manifest
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  labels:
+    app: web-sso
+    tier: frontend
+spec:
+  # @TODO: complete this part
+  #   * use the right port, labels, image
+  #   * two replicas
+  #   * no need for a config map
+  #   * limit resources: cpu and memory to half compared to the backend
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+spec:
+  # @TODO: complete this part
+  #   * use the right selector, app, tier, port
+  #   * use appropriate _type_ for a load-balancer (see the old lb-deployment.yaml)
diff --git a/Ansible/playbooks/files/lb-deployment.yaml b/Ansible/playbooks/files/lb-deployment.yaml
deleted file mode 100644
index a05ea07..0000000
--- a/Ansible/playbooks/files/lb-deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: http-echo
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: http-echo
-  template:
-    metadata:
-      labels:
-        app: http-echo
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: kind-worker  # Schedule pods on one worker node
-      containers:
-      - name: http-echo
-        image: hashicorp/http-echo
-        args:
-        - >-
-          -text=Hello from Kubernetes! My IP is $(POD_IP)
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - containerPort: 5678
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: loadbalancer
-spec:
-  type: LoadBalancer
-  selector:
-    app: http-echo
-  ports:
-  - port: 80
-    targetPort: 5678
diff --git a/Makefile b/Makefile
index 56938ae..7e4f55e 100644
--- a/Makefile
+++ b/Makefile
@@ -137,7 +137,7 @@ _s3cred:
 	}
 	$(echoo) "$(_s3_creds)" > $(s3_cred_file) || exit 1
 	chmod 0600 $(s3_cred_file)
-	ln -s $(application_dir)/backend/.env $(s3_cred_file)
+	# ln -s $(application_dir)/backend/.env $(s3_cred_file)
 	$(log-info) "Please adapt your AWS/S3 credentials in file '$(s3_cred_file)'"
 
 install:
diff --git a/README.md b/README.md
index 712c80d..bdbf28b 100644
--- a/README.md
+++ b/README.md
@@ -353,7 +353,7 @@ map:
    plus an S3 storage bucket -- no KinD/Kubectl package installation. Commit
    your recipe files and in directory `Terraform/` -- Cloud-init files are
    already in sub-folder `conf/`.
-5. Complete your Ansible playbook `lb-deployment.yaml`, starting from the
+5. Complete your Ansible playbook `kind-metallb.yml`, starting from the
    version you developed in
    [Lab-Ansible](https://gitedu.hesge.ch/lsds/teaching/bachelor/cloud-and-deployment/lab-ansible)
    Task #10, to (commit all related files in directory `Ansible/`):
@@ -369,8 +369,9 @@ Your **deliverables** are the following files:
   * Terraform: a single `main.tf` recipe (vars and outputs files  are also OK)
   * Ansible: a single `kind-metallb.yml` playbook. **N.B. Any other playbook
     will be ignored!**
-  * K8s: the `lb-deployment.yaml` service manifest. The remaining files
-    shouldn't need to be modified.
+  * K8s: two service deployment manifests `backend-deployment.yaml` and
+    `frontend-deployment.yaml`. The remaining MetalLB files shouldn't need to
+    be modified.
 
 :bulb: References:
 
@@ -499,9 +500,9 @@ though it is not safe for production use, it is enough for our purposes.
 
 :hammer_and_wrench: You shall
 
-  1. write a ConfigMap file `s3_credentials.yaml` based on the
+  1. complete the provided ConfigMap file `configmaps.yaml` like the
      `s3_credentials.env` used for Docker;
-  2. extend your K8s deployment YAML file with
+  2. extend your K8s deployment YAML files with
      * support for the two app containers -- the front-end shall be
      load-balanced;
      * a `configMapRef` for the back-end using the above ConfigMap file.
@@ -510,8 +511,8 @@ Of course, once all files are ready, any related operations shall be handled
 by Ansible. Specifically, a change in the ConfigMap shall trigger a back-end
 service redeployment.
 
-:bulb: For better security, you may use K8s secrets. This would be a
-**bonus**.
+:bulb: For better security, you may use a K8s Secret manifest instead of the
+ConfigMap. This would be a **bonus**.
 
 :bulb: References:
 
-- 
GitLab