From 6aa8c2e94bcc58de0596c14f5b952b985ab8379e Mon Sep 17 00:00:00 2001 From: Brage Sekse Aarset Date: Thu, 11 Apr 2024 13:37:43 +0300 Subject: [PATCH 1/3] feat: set up abax-vwfs in new cluster --- stacks/abax-vwfs/Pulumi.yaml | 133 +++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 stacks/abax-vwfs/Pulumi.yaml diff --git a/stacks/abax-vwfs/Pulumi.yaml b/stacks/abax-vwfs/Pulumi.yaml new file mode 100644 index 00000000..888e6a4c --- /dev/null +++ b/stacks/abax-vwfs/Pulumi.yaml @@ -0,0 +1,133 @@ +name: abax-vwfs +runtime: yaml +description: Abax-VWFS integration +config: + host: + type: string + ext-image: + type: string +resources: + namespace: + type: kubernetes:core/v1:Namespace + properties: + metadata: + name: ${pulumi.project}-${pulumi.stack} + database: + type: gcp:sql/database:Database + properties: + name: abax_vwfs + instance: ${database:instanceName} + databasePassword: + type: random:RandomPassword + properties: + length: 16 + special: true + overrideSpecial: "_%@" + databaseUser: + type: gcp:sql/user:User + properties: + name: abax_vwfs + instance: ${database:instanceName} + password: ${databasePassword.result} + databaseSecret: + type: kubernetes:core/v1:Secret + properties: + metadata: + name: ${pulumi.project}-${pulumi.stack}-database + namespace: ${namespace.metadata.name} + stringData: + DATABASE_NAME: ${database.name} + DATABASE_USERNAME: ${databaseUser.name} + DATABASE_PASSWORD: ${databasePassword.result} + serviceAccount: + type: kubernetes:core/v1:ServiceAccount + properties: + metadata: + name: ${pulumi.project}-${pulumi.stack} + namespace: ${namespace.metadata.name} + annotations: + "iam.gke.io/gcp-service-account": ${database:serviceAccountEmail} + serviceAccountIamBinding: + type: gcp:serviceaccount:IAMBinding + properties: + serviceAccountId: ${database:serviceAccountId} + role: roles/iam.workloadIdentityUser + members: + - serviceAccount:${gcp:project}.svc.id.goog[${namespace.metadata.name}/${serviceAccount.metadata.name}] + deployment: + type: kubernetes:apps/v1:Deployment + properties: + metadata: + name: ${pulumi.project}-${pulumi.stack} + namespace: ${namespace.metadata.name} + annotations: + pulumi.com/skipAwait: "true" + pulumi.com/patchForce: "true" + spec: + replicas: 1 + selector: + matchLabels: ${appLabels} + template: + metadata: + labels: ${appLabels} + spec: + serviceAccountName: ${serviceAccount.metadata.name} + nodeSelector: + "iam.gke.io/gke-metadata-server-enabled": "true" + containers: + - name: app + image: ${ext-image} + ports: + - containerPort: 8484 + envFrom: + - secretRef: + name: ${databaseSecret.metadata.name} + env: + - name: DATABASE_SSL + value: "false" + - name: HTTP_PORT + value: "8484" + - name: cloud-sql-proxy + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.8.0 + args: + - --structured-logs=true + - --port=5432 + - ${database:connectionName} + securityContext: + runAsNonRoot: true + + service: + type: kubernetes:core/v1:Service + properties: + metadata: + name: ${pulumi.project}-${pulumi.stack} + namespace: ${namespace.metadata.name} + spec: + selector: ${appLabels} + ports: + - port: 5173 + targetPort: 5173 + ingress: + type: kubernetes:networking.k8s.io/v1:Ingress + properties: + metadata: + name: ${pulumi.project}-${pulumi.stack} + namespace: ${namespace.metadata.name} + annotations: + pulumi.com/skipAwait: "true" + kubernetes.io/ingress.class: "caddy" + spec: + rules: + - host: ${host} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ${pulumi.project}-${pulumi.stack} + port: + number: 5173 +variables: + appLabels: + app: ${pulumi.project}-${pulumi.stack} From 7c5b7c0d0de776bec11bdcc389f49d38b2992328 Mon Sep 17 00:00:00 2001 From: Brage Sekse Aarset Date: Thu, 11 Apr 2024 15:01:08 +0300 Subject: [PATCH 2/3] feat: add config, rename values --- stacks/abax-vwfs/Pulumi.prod.yaml | 6 ++++++ stacks/abax-vwfs/Pulumi.yaml | 6 ++++-- 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 stacks/abax-vwfs/Pulumi.prod.yaml diff --git a/stacks/abax-vwfs/Pulumi.prod.yaml b/stacks/abax-vwfs/Pulumi.prod.yaml new file mode 100644 index 00000000..87ada23d --- /dev/null +++ b/stacks/abax-vwfs/Pulumi.prod.yaml @@ -0,0 +1,6 @@ +environment: + - abax-vwfs-prod +config: + portal-image: europe-north1-docker.pkg.dev/branches-org-main/branches-org-main/abax-vwfs/ui + tag: main-3e4a710 + host: abax-vwfs.branches.no diff --git a/stacks/abax-vwfs/Pulumi.yaml b/stacks/abax-vwfs/Pulumi.yaml index 888e6a4c..6de56a4e 100644 --- a/stacks/abax-vwfs/Pulumi.yaml +++ b/stacks/abax-vwfs/Pulumi.yaml @@ -4,7 +4,9 @@ description: Abax-VWFS integration config: host: type: string - ext-image: + portal-image: + type: string + tag: type: string resources: namespace: @@ -76,7 +78,7 @@ resources: "iam.gke.io/gke-metadata-server-enabled": "true" containers: - name: app - image: ${ext-image} + image: ${portal-image}:${tag} ports: - containerPort: 8484 envFrom: From c99301353280a38142ceaa8861cfbfaa3c97a410 Mon Sep 17 00:00:00 2001 From: Brage Sekse Aarset Date: Thu, 11 Apr 2024 17:55:37 +0300 Subject: [PATCH 3/3] portal, not ui --- stacks/abax-vwfs/Pulumi.prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks/abax-vwfs/Pulumi.prod.yaml b/stacks/abax-vwfs/Pulumi.prod.yaml index 87ada23d..97762e78 100644 --- a/stacks/abax-vwfs/Pulumi.prod.yaml +++ b/stacks/abax-vwfs/Pulumi.prod.yaml @@ -1,6 +1,6 @@ environment: - abax-vwfs-prod config: - portal-image: europe-north1-docker.pkg.dev/branches-org-main/branches-org-main/abax-vwfs/ui + portal-image: europe-north1-docker.pkg.dev/branches-org-main/branches-org-main/abax-vwfs/portal tag: main-3e4a710 host: abax-vwfs.branches.no