k8s setup deployment (#57)

Deco-Team · Feb 25, 2024 · a452446 · a452446
1 parent c742951
commit a452446
Show file tree

Hide file tree

Showing 4 changed files with 173 additions and 1 deletion.
diff --git a/.github/workflows/k8s-develop.yml b/.github/workflows/k8s-develop.yml
@@ -0,0 +1,99 @@
+name: NestJS CI/CD on Kubernetes
+
+on:
+  push:
+    branches: [ "develop" ]
+
+jobs:
+  build:
+    name: CI/CD on EKS
+    runs-on: ubuntu-latest
+    environment: develop
+    env:
+      ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
+
+    steps:
+    - name: Cancel Previous Runs               
+      uses: styfle/cancel-workflow-action@0.4.1
+      with:                                    
+        access_token: ${{ github.token }} 
+
+    - name: Set short git commit SHA
+      id: commit
+      uses: prompt/actions-commit-hash@v2
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Make .env file
+      uses: SpicyPizza/create-envfile@v2.0
+      with:
+        envkey_NODE_ENV: ${{ vars.NODE_ENV }}
+        envkey_PORT: ${{ vars.PORT }}
+        envkey_MONGODB_CONNECTION_STRING: ${{ secrets.MONGODB_CONNECTION_STRING }}
+        envkey_CORS_VALID_ORIGINS: ${{ vars.CORS_VALID_ORIGINS }}
+
+        envkey_JWT_ACCESS_SECRET: ${{ vars.JWT_ACCESS_SECRET }}
+        envkey_JWT_ACCESS_EXPIRATION: ${{ vars.JWT_ACCESS_EXPIRATION }}
+        envkey_JWT_REFRESH_SECRET: ${{ vars.JWT_REFRESH_SECRET }}
+        envkey_JWT_REFRESH_EXPIRATION: ${{ vars.JWT_REFRESH_EXPIRATION }}    
+
+        envkey_SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
+        envkey_SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}    
+        envkey_SMTP_HOST: ${{ vars.SMTP_HOST }}
+        envkey_SMTP_PORT: ${{ vars.SMTP_PORT }}
+        envkey_SMTP_FROM_EMAIL: ${{ vars.SMTP_FROM_EMAIL }}
+        envkey_SMTP_FROM_NAME: ${{ vars.SMTP_FROM_NAME }}   
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ vars.AWS_REGION }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Set up Docker Buildx                             
+      id: buildx                                             
+      uses: docker/setup-buildx-action@master
+
+    - name: Docker cache layers                              
+      uses: actions/cache@v2                                 
+      with:                                                  
+        path: /tmp/.buildx-cache                             
+        key: ${{ runner.os }}-single-buildx-${{ github.sha }}
+        restore-keys: |                                      
+          ${{ runner.os }}-single-buildx  
+
+    - name: Build & Push Image                                                                                      
+      env:                                                                                                          
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        IMAGE_TAG: ${{ steps.commit.outputs.short }}
+
+      run: |
+        docker buildx create --use
+
+        docker buildx build \
+          --cache-from=type=local,src=/tmp/.buildx-cache \
+          --cache-to=type=local,dest=/tmp/.buildx-cache-new \
+          --tag ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} \
+          --push \
+          .                                 
+
+        rm -rf /tmp/.buildx-cache
+        mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+    - name: Update kube config
+      run: aws eks update-kubeconfig --name ${{ vars.EKS_CLUSTER_NAME }} --region ${{ vars.AWS_REGION }}
+
+    - name: Deploy to EKS
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        IMAGE_TAG: ${{ steps.commit.outputs.short }}
+      run: |
+        sed -i.bak "s|DOCKER_IMAGE|${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}|g" k8s/deployment.yaml && \
+        kubectl apply -f k8s/deployment.yaml
+        kubectl apply -f k8s/ingress.yaml
diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-svc
+  namespace: furnique
+spec:
+  selector:
+    app: api
+  ports:
+    - protocol: TCP
+      port: 5000
+      targetPort: 5000
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api
+  namespace: furnique
+  labels:
+    app: api
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: api
+  template:
+    metadata:
+      labels:
+        app: api
+    spec:
+      containers:
+      - name: api
+        image: DOCKER_IMAGE
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "250m"
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 5000
+        imagePullPolicy: Always
+      serviceAccountName: default
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-ingress
+  namespace: furnique
+  annotations:
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: "api.dms-swp.me"
+    http:
+      paths:
+      - path: "/(.*)"
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: api-svc
+            port:
+              number: 5000
diff --git a/src/i18n/vn/auth.json b/src/i18n/vn/auth.json
@@ -1,4 +1,4 @@
 {
-  "welcome": "Xin chào!",
+  "welcome": "Furnique xin chào!",
   "invalid_email_or_password": "Email hoặc mật khẩu không đúng. Vui lòng thử lại."
 }