Merge pull request #18 from FIAP-3SOAT-G15/use-kubernetes

Use Kubernetes

.github/workflows/deploy.yml

@@ -0,0 +1,44 @@
+name: Deploy
+
+on:
+    push:
+        branches:
+            - main
+        paths:
+            - .github/workflows/deploy.yml
+            - 'k8s/**'
+    pull_request:
+        branches:
+            - main
+        paths:
+            - .github/workflows/deploy.yml
+            - 'k8s/**'
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: ./k8s
+        permissions:
+            id-token: write
+            contents: read
+            pull-requests: write
+
+        steps:
+            - name: Checkout Repository
+              uses: actions/checkout@v4
+
+            - name: Configure AWS Credentials
+              uses: aws-actions/configure-aws-credentials@v4
+              with:
+                  role-to-assume: ${{ vars.AWS_IAM_ROLE }}
+                  aws-region: ${{ vars.AWS_REGION }}
+
+            - name: Update kubeconfig
+              #if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+              run: aws eks update-kubeconfig --name ${{ vars.AWS_EKS_CLUSTER_NAME }} --region ${{ vars.AWS_REGION }}
+
+            - name: Deploy to EKS
+              #if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+              run: kubectl apply -f .

docker-compose.yml

@@ -31,10 +31,10 @@ services:
             DB_USERNAME: meduser
             DB_PASSWORD: health@Med123!
         ports:
-            - "8082:8082"
+            - "8080:8080"
         restart: unless-stopped
         healthcheck:
-            test: [ "CMD-SHELL", "curl -sf http://localhost:8082/actuator/health | grep -q \"UP\" || exit 1" ]
+            test: [ "CMD-SHELL", "curl -sf http://localhost:8080/actuator/health | grep -q \"UP\" || exit 1" ]
             interval: 10s
             timeout: 5s
             retries: 5

k8s/deployment.yml

@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: healthmed-deployment
+    namespace: healthmed
+    labels:
+        app: healthmed
+spec:
+    replicas: 1
+    strategy:
+        type: RollingUpdate
+    selector:
+        matchLabels:
+            app: healthmed
+    template:
+        metadata:
+            namespace: healthmed
+            labels:
+                app: healthmed
+        spec:
+            serviceAccountName: healthmed-service-account
+            volumes:
+                - name: secrets-store-inline
+                  csi:
+                      driver: secrets-store.csi.k8s.io
+                      readOnly: true
+                      volumeAttributes:
+                          secretProviderClass: healthmed-aws-secrets
+            containers:
+                - name: healthmed
+                  image: 202062340677.dkr.ecr.us-east-1.amazonaws.com/fiap-3soat-g15-healthmed:latest
+                  imagePullPolicy: Always
+                  ports:
+                      - containerPort: 8080
+                  resources:
+                      requests:
+                          cpu: "100m"
+                      limits:
+                          cpu: "200m"
+                  volumeMounts:
+                      - name: secrets-store-inline
+                        mountPath: "/mnt/secrets-store"
+                        readOnly: true
+                  livenessProbe:
+                      httpGet:
+                          path: /actuator/health
+                          port: 8080
+                      periodSeconds: 30
+                      failureThreshold: 10
+                      initialDelaySeconds: 20
+                      timeoutSeconds: 5
+                  readinessProbe:
+                      httpGet:
+                          path: /actuator/health
+                          port: 8080
+                      periodSeconds: 30
+                      failureThreshold: 10
+                      initialDelaySeconds: 20
+                      timeoutSeconds: 5
+                  env:
+                      - name: SPRING_PROFILES_ACTIVE
+                        value: live
+                      - name: DB_ENDPOINT
+                        valueFrom:
+                            secretKeyRef:
+                                name: healthmed-db-secrets
+                                key: endpoint
+                      - name: DB_NAME
+                        valueFrom:
+                            secretKeyRef:
+                                name: healthmed-db-secrets
+                                key: name
+                      - name: DB_USERNAME
+                        valueFrom:
+                            secretKeyRef:
+                                name: healthmed-db-secrets
+                                key: username
+                      - name: DB_PASSWORD
+                        valueFrom:
+                            secretKeyRef:
+                                name: healthmed-db-secrets
+                                key: password
+                      - name: ADMIN_ACCESS_TOKEN
+                        value: token

k8s/hpa.yml

@@ -0,0 +1,13 @@
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+    name: healthmed-hpa
+    namespace: healthmed
+spec:
+    scaleTargetRef:
+        apiVersion: apps/v1
+        kind: Deployment
+        name: healthmed-deployment
+    minReplicas: 1
+    maxReplicas: 4
+    targetCPUUtilizationPercentage: 50

k8s/secret-provider.yml

@@ -0,0 +1,35 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+    name: healthmed-aws-secrets
+    namespace: healthmed
+spec:
+    provider: aws
+    secretObjects:
+        - secretName: healthmed-db-secrets
+          type: Opaque
+          data:
+              - objectName: endpoint
+                key: endpoint
+              - objectName: name
+                key: name
+              - objectName: username
+                key: username
+              - objectName: password
+                key: password
+    parameters:
+        region: us-east-1
+        objects: |
+            - objectName: "/live/healthmed/db"
+              objectType: "ssmparameter"
+              jmesPath:
+                - path: "endpoint"
+                  objectAlias: "endpoint"
+                - path: "name"
+                  objectAlias: "name"
+            - objectName: "arn:aws:secretsmanager:us-east-1:202062340677:secret:rds!db-f331d325-a112-4936-9fd3-a52b5cc5eb94-1s21Ou"
+              jmesPath:
+                - path: "username"
+                  objectAlias: "username"
+                - path: "password"
+                  objectAlias: "password"

k8s/service.yml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: healthmed-load-balancer
+    namespace: healthmed
+    labels:
+        app: healthmed
+    annotations:
+        service.beta.kubernetes.io/aws-load-balancer-name: healthmed-load-balancer
+        service.beta.kubernetes.io/aws-load-balancer-type: external
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+spec:
+    type: LoadBalancer
+    selector:
+        app: healthmed
+    ports:
+        - name: http
+          protocol: TCP
+          port: 80
+          targetPort: 8080

src/main/resources/application.yml

@@ -28,4 +28,4 @@ admin:
     access-token: ${ADMIN_ACCESS_TOKEN}
 
 server:
-    port: 8082
+    port: 8080

terraform/ecr.tf

@@ -1,5 +1,3 @@
-data "aws_caller_identity" "current" {}
-
 module "ecr" {
   source  = "terraform-aws-modules/ecr/aws"
   version = "1.6.0"