Added K8s files. Doc fixes

Signed-off-by: Marco Emilio "sphakka" Poleggi <marcoep@ieee.org>

Added K8s files. Doc fixes
e659f054 · Marco Emilio "sphakka" Poleggi · d2ed6350 · e659f054 · e659f054 · e659f054
Unverified Commit e659f054 authored 6 months ago by Marco Emilio "sphakka" Poleggi
--- a/Ansible/playbooks/files/backend-deployment.yaml
+++ b/Ansible/playbooks/files/backend-deployment.yaml
+# backend-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  labels:
+    app: web-sso
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web-sso
+      tier: backend
+  template:
+    metadata:
+      labels:
+        app: web-sso
+        tier: backend
+    spec:
+      containers:
+      - name: backend
+        image: web-sso-backend:latest
+        ports:
+        - containerPort: 8000
+        # @TODO: declare env from config map
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "200m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+spec:
+  selector:
+    app: web-sso
+    tier: backend
+  ports:
+  - port: 8000
+    targetPort: 8000
+  type: ClusterIP
--- a/Ansible/playbooks/files/configmaps.yaml
+++ b/Ansible/playbooks/files/configmaps.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backend-config
+data:
+  FLASK_APP: main.py
+  FLASK_ENV: development
+  S3_BUCKET_NAME: project-web-sso
+  SWITCH_ENDPOINT_URL: "<your-s3-endpoint>"
+  SWITCH_ACCESS_KEY_ID: "<your-s3-access-key-id>"
+  SWITCH_SECRET_ACCESS_KEY: "<your-s3-secret-key>"
--- a/Ansible/playbooks/files/frontend-deployment.yaml
+++ b/Ansible/playbooks/files/frontend-deployment.yaml
+# frontend-deployment.yaml
+# This is very similar to the backend-deployment.yaml manifest
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  labels:
+    app: web-sso
+    tier: frontend
+spec:
+  # @TODO: complete this part
+  #   * use the right port, labels, image
+  #   * two replicas
+  #   * no need for a config map
+  #   * limit resources: cpu and memory to half compared to the backend
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-service
+spec:
+  # @TODO: complete this part
+  #   * use the right selector, app, tier, port
+  #   * use appropriate _type_ for a load-balancer (see the old lb-deployment.yaml)
--- a/Ansible/playbooks/files/lb-deployment.yaml
+++ b/Ansible/playbooks/files/lb-deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: http-echo
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: http-echo
-  template:
-    metadata:
-      labels:
-        app: http-echo
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: kind-worker  # Schedule pods on one worker node
-      containers:
-      - name: http-echo
-        image: hashicorp/http-echo
-        args:
-        - >-
-          -text=Hello from Kubernetes! My IP is $(POD_IP)
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - containerPort: 5678
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: loadbalancer
-spec:
-  type: LoadBalancer
-  selector:
-    app: http-echo
-  ports:
-  - port: 80
-    targetPort: 5678
--- a/Makefile
+++ b/Makefile
@@ -137,7 +137,7 @@ _s3cred:
 	}
 	$(echoo) "$(_s3_creds)" > $(s3_cred_file) || exit 1
 	chmod 0600 $(s3_cred_file)
-	ln -s $(application_dir)/backend/.env $(s3_cred_file)
+	# ln -s $(application_dir)/backend/.env $(s3_cred_file)
 	$(log-info) "Please adapt your AWS/S3 credentials in file '$(s3_cred_file)'"

 install:

--- a/README.md
+++ b/README.md
@@ -353,7 +353,7 @@ map:
   plus an S3 storage bucket -- no KinD/Kubectl package installation. Commit
   your recipe files and in directory `Terraform/` -- Cloud-init files are
   already in sub-folder `conf/`.
-5. Complete your Ansible playbook `lb-deployment.yaml`, starting from the
+5. Complete your Ansible playbook `kind-metallb.yml`, starting from the
   version you developed in
   [Lab-Ansible](https://gitedu.hesge.ch/lsds/teaching/bachelor/cloud-and-deployment/lab-ansible)
   Task #10, to (commit all related files in directory `Ansible/`):
@@ -369,8 +369,9 @@ Your **deliverables** are the following files:
  * Terraform: a single `main.tf` recipe (vars and outputs files  are also OK)
  * Ansible: a single `kind-metallb.yml` playbook. **N.B. Any other playbook
    will be ignored!**
-  * K8s: the `lb-deployment.yaml` service manifest. The remaining files
-    shouldn't need to be modified.
+  * K8s: two service deployment manifests `backend-deployment.yaml` and
+    `frontend-deployment.yaml`. The remaining MetalLB files shouldn't need to
+    be modified.

 :bulb: References:

@@ -499,9 +500,9 @@ though it is not safe for production use, it is enough for our purposes.

 :hammer_and_wrench: You shall

-  1. write a ConfigMap file `s3_credentials.yaml` based on the
+  1. complete the provided ConfigMap file `configmaps.yaml` like the
     `s3_credentials.env` used for Docker;
-  2. extend your K8s deployment YAML file with
+  2. extend your K8s deployment YAML files with
     * support for the two app containers -- the front-end shall be
     load-balanced;
     * a `configMapRef` for the back-end using the above ConfigMap file.
@@ -510,8 +511,8 @@ Of course, once all files are ready, any related operations shall be handled
 by Ansible. Specifically, a change in the ConfigMap shall trigger a back-end
 service redeployment.

-:bulb: For better security, you may use K8s secrets. This would be a
-**bonus**.
+:bulb: For better security, you may use a K8s Secret manifest instead of the
+ConfigMap. This would be a **bonus**.

 :bulb: References: