Workers prod

Backend/kube-manifests/CronJobs/Dev/1 - Secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: api-key
+type: Opaque
+data:
+  key: ZG9wX3YxXzJlMmFiMDMxYzNjMjVmMTI4ZjA2MGYwMThiZjM3OTc3YmUyYTc4N2FjMmQ2YmZiMTlhMjBmOTYxYmQ0NGRlYmY=

Backend/kube-manifests/CronJobs/Dev/2 - CronJob.yaml

@@ -0,0 +1,26 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: kuikwork-cron
+spec:
+  schedule: "*/5 * * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: kuikwork-cron
+              image: juampynr/digital-ocean-cronjob:latest
+              env:
+                - name: DIGITALOCEAN_ACCESS_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: api-key
+                      key: key
+              command: ["/bin/sh", "-c"]
+              args:
+                - doctl kubernetes cluster kubeconfig save 6c15b3d8-c73f-4881-bc85-2f813b74e4db
+                - POD_NAME=$(kubectl get pods -o=jsonpath='{.items[0].metadata.name}' -n dev-workers-ns -l app=dev-workers-ap)
+                - kubectl exec -n dev-workers-ns POD_NAME -- php -v
+          restartPolicy: OnFailure

Backend/kube-manifests/Dev/.dockerconfigjson

@@ -0,0 +1,10 @@
+{
+    "auths": {
+        "https://registry.gitlab.com": {
+            "username": "kube-puller",
+            "password": "gldt-KsuiWhf3z4qBSyxnMXC8",
+            "email": "jorge.sanchez@articulacion.com.co",
+            "auth": "a3ViZS1wdWxsZXI6Z2xkdC1Lc3VpV2hmM3o0cUJTeXhuTVhDOA=="
+        }
+    }
+}

Backend/kube-manifests/Dev/1 - namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dev-workers-ns

Backend/kube-manifests/Dev/2 - gitlab-img.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: workers-gitlab-img
+  namespace: dev-workers-ns
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: ewogICAgImF1dGhzIjogewogICAgICAgICJodHRwczovL3JlZ2lzdHJ5LmdpdGxhYi5jb20iOiB7CiAgICAgICAgICAgICJ1c2VybmFtZSI6ICJrdWJlLXB1bGxlciIsCiAgICAgICAgICAgICJwYXNzd29yZCI6ICJnbGR0LUtzdWlXaGYzejRxQlN5eG5NWEM4IiwKICAgICAgICAgICAgImVtYWlsIjogImpvcmdlLnNhbmNoZXpAYXJ0aWN1bGFjaW9uLmNvbS5jbyIsCiAgICAgICAgICAgICJhdXRoIjogImEzVmlaUzF3ZFd4c1pYSTZaMnhrZEMxTGMzVnBWMmhtTTNvMGNVSlRlWGh1VFZoRE9BPT0iCiAgICAgICAgfQogICAgfQp9Cg==

Backend/kube-manifests/Dev/3 - deployment.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dev-workers-dp
+  namespace: dev-workers-ns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dev-workers-ap
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: dev-workers-ap
+    spec:
+      containers:
+        - name: dev-workers-pd
+          image: registry.gitlab.com/articulacion/workers:dev
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "100Mi"
+              cpu: "100m"
+            limits:
+              memory: "150Gi"
+              cpu: "150m"
+      imagePullSecrets:
+        - name: workers-gitlab-img

Backend/sample-cronjob.yaml

@@ -0,0 +1,20 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: dev-workers-cronjob
+spec:
+  schedule: "*/1 * * * *"
+  jobTemplate:
+    metadata:
+      name: hello
+    spec:
+      template:
+        spec:
+          containers:
+            - name: hello
+              image: busybox
+              command:
+                - /bin/sh
+                - -c
+                - date; echo Hello from the Kubernetes cluster
+          restartPolicy: OnFailure

Backend/utility-deploy.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: utilities
+  labels:
+    app: utilities
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: utilities
+  template:
+    metadata:
+      labels:
+        app: utilities
+    spec:
+      containers:
+        - name: utilities
+          image: quay.io/sudermanjr/utilities:latest
+          # Just spin & wait forever
+          command: ["/bin/bash", "-c", "--"]
+          args: ["while true; do sleep 30; done;"]
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 10324
+            capabilities:
+              drop:
+                - ALL
+          resources:
+            requests:
+              cpu: 30m
+              memory: 64Mi
+            limits:
+              cpu: 100m
+              memory: 128Mi

Workers/kube-manifests/CronJobs/Dev/1 - Secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: api-key
+type: Opaque
+data:
+  key: ZG9wX3YxXzJlMmFiMDMxYzNjMjVmMTI4ZjA2MGYwMThiZjM3OTc3YmUyYTc4N2FjMmQ2YmZiMTlhMjBmOTYxYmQ0NGRlYmY=

Workers/kube-manifests/CronJobs/Dev/2 - CronJob.yaml

@@ -0,0 +1,26 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: kuikwork-cron
+spec:
+  schedule: "*/5 * * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: kuikwork-cron
+              image: juampynr/digital-ocean-cronjob:latest
+              env:
+                - name: DIGITALOCEAN_ACCESS_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: api-key
+                      key: key
+              command: ["/bin/sh", "-c"]
+              args:
+                - doctl kubernetes cluster kubeconfig save 6c15b3d8-c73f-4881-bc85-2f813b74e4db
+                - POD_NAME=$(kubectl get pods -o=jsonpath='{.items[0].metadata.name}' -n dev-workers-ns -l app=dev-workers-ap)
+                - kubectl exec -n dev-workers-ns POD_NAME -- php -v
+          restartPolicy: OnFailure

Workers/kube-manifests/Dev/3 - deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dev-workers-pd
-          image: registry.gitlab.com/articulacion/workers:dev-0.0.1
+          image: registry.gitlab.com/articulacion/workers:dev
           imagePullPolicy: Always
           resources:
             requests:

Workers/kube-manifests/Prod/.dockerconfigjson

@@ -0,0 +1,10 @@
+{
+    "auths": {
+        "https://registry.gitlab.com": {
+            "username": "kube-puller",
+            "password": "gldt-KsuiWhf3z4qBSyxnMXC8",
+            "email": "jorge.sanchez@articulacion.com.co",
+            "auth": "a3ViZS1wdWxsZXI6Z2xkdC1Lc3VpV2hmM3o0cUJTeXhuTVhDOA=="
+        }
+    }
+}

Workers/kube-manifests/Prod/1 - namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: prod-workers-ns

Workers/kube-manifests/Prod/2 - gitlab-img.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: workers-gitlab-img
+  namespace: prod-workers-ns
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: ewogICAgImF1dGhzIjogewogICAgICAgICJodHRwczovL3JlZ2lzdHJ5LmdpdGxhYi5jb20iOiB7CiAgICAgICAgICAgICJ1c2VybmFtZSI6ICJrdWJlLXB1bGxlciIsCiAgICAgICAgICAgICJwYXNzd29yZCI6ICJnbGR0LUtzdWlXaGYzejRxQlN5eG5NWEM4IiwKICAgICAgICAgICAgImVtYWlsIjogImpvcmdlLnNhbmNoZXpAYXJ0aWN1bGFjaW9uLmNvbS5jbyIsCiAgICAgICAgICAgICJhdXRoIjogImEzVmlaUzF3ZFd4c1pYSTZaMnhrZEMxTGMzVnBWMmhtTTNvMGNVSlRlWGh1VFZoRE9BPT0iCiAgICAgICAgfQogICAgfQp9Cg==

Workers/kube-manifests/Prod/3 - deployment.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prod-workers-dp
+  namespace: prod-workers-ns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prod-workers-ap
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: prod-workers-ap
+    spec:
+      containers:
+        - name: prod-workers-pd
+          image: registry.gitlab.com/articulacion/workers:latest
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "100Mi"
+              cpu: "100m"
+            limits:
+              memory: "150Gi"
+              cpu: "150m"
+      imagePullSecrets:
+        - name: workers-gitlab-img

gitlab-ci-main.yml

@@ -0,0 +1,91 @@
+variables:
+  BUILD_VERSION: $CI_COMMIT_SHORT_SHA
+  IMAGE_NAME: panel-workers
+  FRONT_URL: $FRONT_URL
+  DB_HOST: $DB_HOST
+  DB_PORT: $DB_PORT
+  DB_DATABASE: $DB_DATABASE
+  DB_USERNAME: $DB_USERNAME
+  DB_PASSWORD: $DB_PASSWORD
+
+
+stages:
+  - build_bkp
+  - build
+
+pre_build_image:
+  tags:
+    - workers-dind
+  stage: build_bkp
+  image: docker:25.0.1
+  services:
+    - docker:25.0.1-dind
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      variables:
+        IMAGE_TAG: $CI_COMMIT_SHORT_SHA
+  before_script:
+    - echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
+  script:
+    # Building Docker image (tag $CI_COMMIT_SHORT_SHA)...
+    - echo "Building Docker images (tag $CI_COMMIT_SHORT_SHA)..."
+    - docker build
+      --pull
+      --build-arg FRONT_URL=$FRONT_URL
+      --build-arg DB_HOST=$DB_HOST
+      --build-arg DB_PORT=$DB_PORT
+      --build-arg DB_DATABASE=$DB_DATABASE
+      --build-arg DB_USERNAME=$DB_USERNAME
+      --build-arg DB_PASSWORD=$DB_PASSWORD
+      --cache-from $CI_REGISTRY_IMAGE:$IMAGE_TAG
+      --label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
+      --label "org.opencontainers.image.url=$CI_PROJECT_URL"
+      --label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
+      --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
+      --label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
+      --tag $CI_REGISTRY_IMAGE:$IMAGE_TAG .
+    # Pushing Docker image to GitLab container registry (tag $IMAGE_TAG)...
+    - echo "Pushing Docker image to GitLab container registry (tag $IMAGE_TAG)..."
+    - docker push $CI_REGISTRY_IMAGE:$IMAGE_TAG
+
+build_image:
+  tags:
+    - workers-dind
+  stage: build
+  variables:
+    DOCKER_TLS_CERTDIR: /certs
+  image: docker:25.0.1
+  services:
+    - docker:25.0.1-dind
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      variables:
+        IMAGE_TAG: latest
+    - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+      variables:
+        IMAGE_TAG: $CI_COMMIT_BRANCH
+  before_script:
+    - echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
+    - echo "tag=$IMAGE_TAG"
+  script:
+    # Building Docker image (tag $IMAGE_TAG)...
+    - echo "Building Docker image (tag $IMAGE_TAG)..."
+    - docker build
+      --pull
+      --build-arg FRONT_URL=$FRONT_URL
+      --build-arg DB_HOST=$DB_HOST
+      --build-arg DB_PORT=$DB_PORT
+      --build-arg DB_DATABASE=$DB_DATABASE
+      --build-arg DB_USERNAME=$DB_USERNAME
+      --build-arg DB_PASSWORD=$DB_PASSWORD
+      --cache-from $CI_REGISTRY_IMAGE:$IMAGE_TAG
+      --label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
+      --label "org.opencontainers.image.url=$CI_PROJECT_URL"
+      --label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
+      --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
+      --label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
+      --tag $CI_REGISTRY_IMAGE:$IMAGE_TAG .
+    # Pushing Docker image to GitLab container registry (tag $IMAGE_TAG)...
+    - echo "Pushing Docker image to GitLab container registry (tag $IMAGE_TAG)..."
+    - docker push $CI_REGISTRY_IMAGE:$IMAGE_TAG
+