Merge pull request #100 from CSCI-GA-2820-SP24-001/k3-cluster

K3 cluster

Dockerfile

@@ -0,0 +1,25 @@
+FROM python:3.11-slim
+
+# Create working folder and install dependencies
+WORKDIR /app
+COPY pyproject.toml poetry.lock ./
+RUN python -m pip install --upgrade pip poetry && \
+    poetry config virtualenvs.create false && \
+    poetry install --without dev
+
+# Copy the application contents
+COPY wsgi.py .
+COPY service/ ./service/
+
+# Switch to a non-root user
+RUN useradd --uid 1000 flask && chown -R flask /app
+USER flask
+
+# Expose any ports the app is expecting in the environment
+ENV FLASK_APP=wsgi:app
+ENV PORT 8080
+EXPOSE $PORT
+
+ENV GUNICORN_BIND 0.0.0.0:$PORT
+ENTRYPOINT ["gunicorn"]
+CMD ["--log-level=info", "wsgi:app"]

Makefile

@@ -62,3 +62,32 @@ cluster-rm: ## Remove a K3D Kubernetes cluster
 depoy: ## Deploy the service on local Kubernetes
 	$(info Deploying service locally...)
 	kubectl apply -f k8s/
+
+.PHONY: setup-cluster
+setup-cluster: ## Setup the cluster and deploy the service
+	$(info Destroying the cluster if any...)
+	make cluster-rm
+	$(info Creating a cluster...)
+	make cluster
+	$(info Building the docker image and pushing it to the registry...)
+	docker build -t shopcarts:1.0 .
+	docker tag shopcarts:1.0 cluster-registry:32000/shopcarts:1.0
+	docker push cluster-registry:32000/shopcarts:1.0
+	$(info Creating the namespace for the resource...)
+	kubectl create namespace shopcarts-dev
+	kubectl get ns
+	kubectl config set-context --current --namespace shopcarts-dev
+	alias kns='kubectl config set-context --current --namespace'
+	$(info Creating the postgresql deployment and service...)
+	kubectl apply -f k8s/pv.yaml
+	kubectl apply -f k8s/postgresql.yaml 
+	$(info Exposing the DB URI and password...)
+	export DATABASE_URI='postgresql+psycopg://postgres:pgs3cr3t@postgres:5432/shopcarts'
+	export POSTGRES_PASSWORD='pgs3cr3t'
+	$(info Creating a secret...)
+	kubectl create secret generic postgres-creds --from-literal=database_uri=$DATABASE_URI --from-literal=password=$POSTGRES_PASSWORD
+	$(info Finally generating the cluster with all the information...)
+	kubectl apply -f k8s/secret.yaml
+	kubectl apply -f k8s/deployment.yaml
+	kubectl apply -f k8s/service.yaml
+	kubectl apply -f k8s/ingress.yaml

k8s/deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: shopcarts
+  labels:
+    app: shopcarts
+spec:
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0%
+      maxUnavailable: 50%
+  selector:
+    matchLabels:
+      app: shopcarts
+  template:
+    metadata:
+      labels:
+        app: shopcarts
+    spec:
+      imagePullSecrets:
+        - name: all-icr-io
+      restartPolicy: Always
+      containers:
+        - name: shopcarts
+          image: cluster-registry:32000/shopcarts:1.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          env:
+            - name: RETRY_COUNT
+              value: "10"
+            - name: DATABASE_URI
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-creds
+                  key: database_uri
+          readinessProbe:
+            initialDelaySeconds: 5
+            periodSeconds: 30
+            httpGet:
+              path: /health
+              port: 8080
+          resources:
+            limits:
+              cpu: "0.50"
+              memory: "128Mi"
+            requests:
+              cpu: "0.25"
+              memory: "64Mi"

k8s/ingress.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: shopcarts
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: shopcarts
+                port:
+                  number: 8080

k8s/postgresql.yaml

@@ -0,0 +1,75 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  serviceName: "postgres"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:alpine
+          ports:
+            - containerPort: 5432
+              protocol: TCP
+          env:
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-creds
+                  key: password
+            - name: POSTGRES_DB
+              value: "shopcarts"
+          volumeMounts:
+            - name: postgres-storage
+              mountPath: /var/lib/postgresql/data
+          resources:
+            limits:
+              cpu: "0.50"
+              memory: "128Mi"
+            requests:
+              cpu: "0.25"
+              memory: "64Mi"
+      volumes:
+        - name: postgres-storage
+          persistentVolumeClaim:
+            claimName: postgres-pvc
+          # emptyDir: {}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: "default"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  type: ClusterIP
+  selector:
+    app: postgres
+  ports:
+    - port: 5432
+      targetPort: 5432

k8s/pv.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv0001
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Recycle
+  hostPath:
+    path: /data/pv0001
+  storageClassName: "default"

k8s/secret.yaml

@@ -0,0 +1,17 @@
+---
+# This secret can also be created from the command line using environment variables
+#
+# export DATABASE_URI='postgresql+psycopg://<userid>:<password>@<hostname>:<port>/<database-name>'
+# export POSTGRES_PASSWORD='<place-password-here>'
+#
+# kubectl create secret generic postgres-creds \
+#     --from-literal=password=$POSTGRES_PASSWORD
+#     --from-literal=database_uri=$DATABASE_URI
+#
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-creds
+data:
+  password: cGdzM2NyM3Q=
+  database_uri: cG9zdGdyZXNxbCtwc3ljb3BnOi8vcG9zdGdyZXM6cGdzM2NyM3RAcG9zdGdyZXM6NTQzMi9zaG9wY2FydHM=

k8s/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: shopcarts
+spec:
+  selector:
+    app: shopcarts
+  type: ClusterIP
+  internalTrafficPolicy: Local
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8080