diff --git a/.dockerignore b/.dockerignore index 75bd672..5619f97 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,7 @@ /node_modules /dist /docs +/orchestration *.log .git .env diff --git a/.gitignore b/.gitignore index 8ac9642..781964a 100644 --- a/.gitignore +++ b/.gitignore @@ -39,6 +39,8 @@ lerna-debug.log* .env.local .env.* .env.*.local +orchestration/**/.env* +!orchestration/**/.env.example # yarn .yarn/* @@ -46,3 +48,6 @@ lerna-debug.log* !.yarn/plugins !.yarn/patches .pnp.* + +# hard links +orchestration/shared/scripts \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index be4cff8..e0f7585 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,7 +33,7 @@ WORKDIR /app COPY --from=build /app/dist dist COPY --from=build /app/node_modules node_modules -# To avoid +# To avoid string interpolation in CMD instruction RUN ln -vs dist/apps/${OFFICE_TYPE}/main.js main.js CMD ["node", "main.js"] diff --git a/orchestration/branch-office/.env.example b/orchestration/branch-office/.env.example new file mode 100644 index 0000000..ab7746d --- /dev/null +++ b/orchestration/branch-office/.env.example @@ -0,0 +1,12 @@ +# OFFICES CONFIG +HEAD_OFFICE=HO +SEND_EXCHANGE=HEAD_EXCHANGE +CONSUME_EXCHANGE=BRANCHES_EXCHANGE + +# MISC CONFIG +PORT=3000 +NODE_ENV=development + +# DATABASE CONFIG +DB_HOST=localhost +DB_NAME=db diff --git a/orchestration/branch-office/deployment.yaml b/orchestration/branch-office/deployment.yaml new file mode 100644 index 0000000..799dac3 --- /dev/null +++ b/orchestration/branch-office/deployment.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bo-deployment +spec: + selector: + matchLabels: + app: branch-office + db: branch-office-db + replicas: 3 # tells deployment to run 3 pods matching the template + template: + metadata: + labels: + app: branch-office + db: branch-office-db + spec: + initContainers: + - name: init-secrets + image: finalgene/openssh + restartPolicy: never + command: + [ + "/bin/bash", + "-c", + "TEMP_DIR=/secrets /scripts/generate_secrets.sh", + ] + volumeMounts: + - name: scripts + mountPath: /scripts + - name: secrets + mountPath: secrets + - name: init-ssl-certs + image: finalgene/openssh + restartPolicy: never + command: + [ + "/bin/bash", + "-c", + "TEMP_DIR=/ssl /scripts/generate_ssl_certificates.sh", + ] + volumeMounts: + - name: scripts + mountPath: /scripts + - name: ssl-certs + mountPath: ssl + containers: + - name: app + image: omarbesbes/database-synchronization-app:branch-office + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 250m + memory: 128Mi + command: [ + "/bin/bash", + "-c", + " + DB_PASSWORD=$(cat /secrets/db_password.txt) + DB_USERNAME=$(cat /secrets/db_username.txt) + node main.js + ", + ] + env: + - name: DB_TYPE + value: postgres + - name: DB_PORT + value: "5432" + - name: ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: QUEUE + value: $(ID) + envFrom: + - configMapRef: + name: app-config + volumeMounts: + - name: secrets + mountPath: secrets + - name: db + image: postgres:16 + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 250m + memory: 128Mi + command: ["/usr/local/bin/database_entrypoint.sh"] + env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: app-config + key: DB_NAME + volumeMounts: + - name: secrets + mountPath: secrets + - name: ssl-certs + mountPath: ssl + - name: scripts + mountPath: usr/local/bin/database_entrypoint.sh + subPath: database_entrypoint.sh + volumes: + - name: scripts + configMap: + defaultMode: 055 # This is specified so that scripts are executable when mounted + name: scripts + - name: secrets + emptyDir: {} + - name: ssl-certs + emptyDir: {} diff --git a/orchestration/branch-office/kustomization.yaml b/orchestration/branch-office/kustomization.yaml new file mode 100644 index 0000000..ce3a063 --- /dev/null +++ b/orchestration/branch-office/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deployment.yaml + - ../shared + +configMapGenerator: + - name: app-config + behavior: merge + envs: + - .env.example diff --git a/orchestration/head-office/.env.example b/orchestration/head-office/.env.example new file mode 100644 index 0000000..2d58c8e --- /dev/null +++ b/orchestration/head-office/.env.example @@ -0,0 +1,14 @@ +# OFFICES CONFIG +ID=HO +HEAD_OFFICE=HO +SEND_EXCHANGE=BRANCHES_EXCHANGE +CONSUME_EXCHANGE=HEAD_EXCHANGE +QUEUE=HO + +# MISC CONFIG +PORT=3000 +NODE_ENV=development + +# DATABASE CONFIG +DB_HOST=localhost +DB_NAME=db diff --git a/orchestration/head-office/deployment.yaml b/orchestration/head-office/deployment.yaml new file mode 100644 index 0000000..e0b80a3 --- /dev/null +++ b/orchestration/head-office/deployment.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ho-deployment +spec: + selector: + matchLabels: + app: head-office + db: head-office-db + replicas: 1 # tells deployment to run 1 pod matching the template + template: + metadata: + labels: + app: head-office + db: head-office-db + spec: + initContainers: + - name: init-secrets + image: finalgene/openssh + restartPolicy: never + command: + [ + "/bin/bash", + "-c", + "TEMP_DIR=/secrets /scripts/generate_secrets.sh", + ] + volumeMounts: + - name: scripts + mountPath: scripts + - name: secrets + mountPath: secrets + - name: init-ssl-certs + image: finalgene/openssh + restartPolicy: never + command: + [ + "/bin/bash", + "-c", + "TEMP_DIR=/ssl /scripts/generate_ssl_certificates.sh", + ] + volumeMounts: + - name: scripts + mountPath: /scripts + - name: ssl-certs + mountPath: ssl + containers: + - name: app + image: omarbesbes/database-synchronization-app:head-office + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 250m + memory: 128Mi + command: [ + "/bin/bash", + "-c", + " + DB_PASSWORD=$(cat /secrets/db_password.txt) + DB_USERNAME=$(cat /secrets/db_username.txt) + node main.js + ", + ] + env: + - name: DB_TYPE + value: postgres + - name: DB_PORT + value: "5432" + envFrom: + - configMapRef: + name: app-config + volumeMounts: + - name: secrets + mountPath: secrets + - name: db + image: postgres:16 + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 250m + memory: 128Mi + command: ["/bin/bash", "-c", "/usr/local/bin/database_entrypoint.sh"] + env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: app-config + key: DB_NAME + volumeMounts: + - name: secrets + mountPath: secrets + - name: ssl-certs + mountPath: ssl + - name: scripts + mountPath: usr/local/bin/database_entrypoint.sh + subPath: database_entrypoint.sh + volumes: + - name: scripts + configMap: + defaultMode: 0555 # This is specified so that scripts are executable when mounted + name: scripts + - name: secrets + emptyDir: {} + - name: ssl-certs + emptyDir: {} diff --git a/orchestration/head-office/kustomization.yaml b/orchestration/head-office/kustomization.yaml new file mode 100644 index 0000000..ce3a063 --- /dev/null +++ b/orchestration/head-office/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deployment.yaml + - ../shared + +configMapGenerator: + - name: app-config + behavior: merge + envs: + - .env.example diff --git a/orchestration/rabbitmq/deployment.yaml b/orchestration/rabbitmq/deployment.yaml new file mode 100644 index 0000000..8b68e18 --- /dev/null +++ b/orchestration/rabbitmq/deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rabbitmq-deployment +spec: + selector: + matchLabels: + app: rabbitmq + replicas: 1 # tells deployment to run 1 pod matching the template + template: + metadata: + labels: + app: rabbitmq + spec: + containers: + - name: rabbitmq + image: rabbitmq:management + resources: + limits: + cpu: 500m + memory: 1.5Gi + requests: + cpu: 250m + memory: 512M + ports: + - containerPort: 5672 + - containerPort: 15672 diff --git a/orchestration/rabbitmq/kustomization.yaml b/orchestration/rabbitmq/kustomization.yaml new file mode 100644 index 0000000..5b98e94 --- /dev/null +++ b/orchestration/rabbitmq/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deployment.yaml + - service.yaml diff --git a/orchestration/rabbitmq/service.yaml b/orchestration/rabbitmq/service.yaml new file mode 100644 index 0000000..246305b --- /dev/null +++ b/orchestration/rabbitmq/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: rabbitmq +spec: + selector: + app: rabbitmq + ports: + - name: rabbitmq-api-port + protocol: TCP + port: 5672 + targetPort: 5672 + - name: rabbitmq-management-ui-port + protocol: TCP + port: 15672 + targetPort: 15672 \ No newline at end of file diff --git a/orchestration/shared/.env.example b/orchestration/shared/.env.example new file mode 100644 index 0000000..a5ddd3b --- /dev/null +++ b/orchestration/shared/.env.example @@ -0,0 +1,2 @@ +HEAD_OFFICE=HO +RABBITMQ_URL=amqp://guest:guest@rabbitmq:5672 \ No newline at end of file diff --git a/orchestration/shared/kustomization.yaml b/orchestration/shared/kustomization.yaml new file mode 100644 index 0000000..2255c49 --- /dev/null +++ b/orchestration/shared/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../rabbitmq + +configMapGenerator: + - name: scripts + files: + - scripts/generate_secrets.sh + - scripts/generate_ssl_certificates.sh + - scripts/database_entrypoint.sh + - name: app-config + envs: + - .env.example diff --git a/scripts/database_entrypoint.sh b/scripts/database_entrypoint.sh index 2075c77..829e609 100755 --- a/scripts/database_entrypoint.sh +++ b/scripts/database_entrypoint.sh @@ -1,5 +1,9 @@ #!/bin/bash +# Setting credentials from default location if not set +[ -z "$POSTGRES_PASSWORD" ] && export POSTGRES_PASSWORD=$(cat /secrets/db_password.txt) +[ -z "$POSTGRES_USER" ] && export POSTGRES_USER=$(cat /secrets/db_username.txt) + # Changing owner of `server.key` is required by postgres, # see https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-SETUP chown postgres:postgres /ssl/server.key \ diff --git a/scripts/generate_secrets.sh b/scripts/generate_secrets.sh index 230aab5..9f6a412 100755 --- a/scripts/generate_secrets.sh +++ b/scripts/generate_secrets.sh @@ -1,7 +1,7 @@ #!/bin/bash # Prepare secrets folder -TEMP_DIR=$(mktemp -d /tmp/tmp.XXXXXX) +[ ! -d "$TEMP_DIR" ] && TEMP_DIR=$(mktemp -d /tmp/tmp.XXXXXX) cd "$TEMP_DIR" || exit # Generate database credentials diff --git a/scripts/generate_ssl_certificates.sh b/scripts/generate_ssl_certificates.sh index 22a9615..f9ea82d 100755 --- a/scripts/generate_ssl_certificates.sh +++ b/scripts/generate_ssl_certificates.sh @@ -1,7 +1,7 @@ #!/bin/bash # Prepare ssl folder -TEMP_DIR=$(mktemp -d /tmp/tmp.XXXXXX) +[ ! -d "$TEMP_DIR" ] && TEMP_DIR=$(mktemp -d /tmp/tmp.XXXXXX) chmod o+x "$TEMP_DIR" cd "$TEMP_DIR" || exit