From 0cad13cbb182ba4f98648be93db0b1e13e952fc8 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Tue, 23 Jul 2019 14:52:20 +0200 Subject: wip --- apps/.gitignore | 1 + apps/ansible.cfg | 2 + apps/k8s/.gitignore | 1 + apps/k8s/mi.yaml | 135 ++++++++++++++++++++++++++++++++++++++++++++ apps/k8s/secrets.yaml.j2 | 8 +++ apps/kubernetes.secrets | 10 ++++ apps/secrets-playbook.retry | 1 + apps/secrets-playbook.yml | 7 +++ 8 files changed, 165 insertions(+) create mode 100644 apps/.gitignore create mode 100644 apps/ansible.cfg create mode 100644 apps/k8s/.gitignore create mode 100644 apps/k8s/mi.yaml create mode 100644 apps/k8s/secrets.yaml.j2 create mode 100644 apps/kubernetes.secrets create mode 100644 apps/secrets-playbook.retry create mode 100644 apps/secrets-playbook.yml (limited to 'apps') diff --git a/apps/.gitignore b/apps/.gitignore new file mode 100644 index 0000000..cd8b3d6 --- /dev/null +++ b/apps/.gitignore @@ -0,0 +1 @@ +.vault-password* diff --git a/apps/ansible.cfg b/apps/ansible.cfg new file mode 100644 index 0000000..96eecd6 --- /dev/null +++ b/apps/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +vault_password_file = .vault-password diff --git a/apps/k8s/.gitignore b/apps/k8s/.gitignore new file mode 100644 index 0000000..03cdeec --- /dev/null +++ b/apps/k8s/.gitignore @@ -0,0 +1 @@ +secrets.yaml diff --git a/apps/k8s/mi.yaml b/apps/k8s/mi.yaml new file mode 100644 index 0000000..c838f02 --- /dev/null +++ b/apps/k8s/mi.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mi-processor-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: mi-processor-pod + template: + metadata: + labels: + app: mi-processor-pod + spec: + containers: + - name: mi-processor + image: trygvis/mi-processor:latest + ports: + - containerPort: 8080 + +# volumeMounts: +# - name: pgpass +# mountPath: /secret/pgpass +# volumes: +# - name: pgpass +# secret: +# secretName: membership-import-admin + +--- +kind: Service +apiVersion: v1 +metadata: + name: pg +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + +--- +kind: Endpoints +apiVersion: v1 +metadata: + name: pg +subsets: + - addresses: + - ip: 10.88.80.3 + ports: + - port: 5432 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mi-gateway-deployment +spec: + replicas: 3 + selector: + matchLabels: + app: mi-gateway-pod + template: + metadata: + labels: + app: mi-gateway-pod + spec: + containers: + - name: mi-gateway + image: trygvis/mi-gateway:latest + ports: + - containerPort: 8080 + env: + - name: PGDATABASE + value: iqey + - name: PGUSER + valueFrom: + secretKeyRef: + name: membership-import-admin + key: username + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: membership-import-admin + key: password + - name: PGHOST + value: pg.default.svc.cluster.local + +# volumeMounts: +# - name: pgpass +# mountPath: /secret/pgpass +# volumes: +# - name: pgpass +# secret: +# secretName: membership-import-admin + +#--- +#apiVersion: v1 +#kind: Service +#metadata: +# name:mi-gateway-service +#spec: +# selector: +# app: mi-gateway-pod +# type: LoadBalancer +# ports: +# - protocol: TCP +# port: 80 +# targetPort: 8080 + +--- +apiVersion: v1 +kind: Service +metadata: + name: mi-gateway-service +spec: + selector: + app: mi-gateway-pod + ports: + - protocol: TCP + port: 80 + targetPort: 8080 + +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: mi-gateway-ingress +spec: + rules: +# - host: my-server.10.0.0.8.xip.io + - http: + paths: + - path: / + backend: + serviceName: mi-gateway-service + servicePort: 80 diff --git a/apps/k8s/secrets.yaml.j2 b/apps/k8s/secrets.yaml.j2 new file mode 100644 index 0000000..f23a233 --- /dev/null +++ b/apps/k8s/secrets.yaml.j2 @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: membership-import-admin +type: Opaque +data: + username: {{ membership_import_admin.username | b64encode }} + password: {{ membership_import_admin.password | b64encode }} diff --git a/apps/kubernetes.secrets b/apps/kubernetes.secrets new file mode 100644 index 0000000..8495051 --- /dev/null +++ b/apps/kubernetes.secrets @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +63363838613731363833316466363138306335306264366232356633633935373461316665636530 +6463393739386336626133636362333331663735396239620a333130383236363866393266636630 +38316231323236336535366663396633653437626163623736333335363261316232323537386136 +6131343537636639360a306233326164343736323932313666366537366563313233646237626334 +36333237323362613562643134336461666339636539356238636535363235313261376331376235 +64663334376463326236383063383566663734356633393334303664343938666365623366366666 +63393563386334366233363730313333363132303064383237363664376136336139383936646165 +31623134366361623035613531303534626435653730636261343230616161333131336235336331 +3864 diff --git a/apps/secrets-playbook.retry b/apps/secrets-playbook.retry new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/apps/secrets-playbook.retry @@ -0,0 +1 @@ +localhost diff --git a/apps/secrets-playbook.yml b/apps/secrets-playbook.yml new file mode 100644 index 0000000..7a63eb8 --- /dev/null +++ b/apps/secrets-playbook.yml @@ -0,0 +1,7 @@ +- hosts: localhost + vars_files: + - kubernetes.secrets + tasks: + - template: + src: k8s/secrets.yaml.j2 + dest: k8s/secrets.yaml -- cgit v1.2.3