diff --git a/argocd-monitor/alert-manager-configuration.yaml b/argocd-monitor/alert-manager-configuration.yaml new file mode 100644 index 0000000..52ab859 --- /dev/null +++ b/argocd-monitor/alert-manager-configuration.yaml @@ -0,0 +1,27 @@ +apiVersion: monitoring.coreos.com/v1alpha1 +kind: AlertmanagerConfig +metadata: + name: main-rules-alert-config + namespace: argocd +spec: + route: + receiver: 'email' + repeatInterval: 30m + routes: + - matchers: + - name: alertname + value: ArgocdServiceNotSynced + - name: alertname + value: ArgocdServiceUnhealthy + repeatInterval: 10m + receivers: + - name: 'email' + emailConfigs: + - to: 'chinmayapradhan10000@gmail.com' + from: 'chinmayapradhan10000@gmail.com' + smarthost: 'smtp.gmail.com:587' + authUsername: 'chinmayapradhan10000@gmail.com' + authIdentity: 'chinmayapradhan10000@gmail.com' + authPassword: + name: gmail-auth + key: password diff --git a/argocd-monitor/argocd-alert-rules.yaml b/argocd-monitor/argocd-alert-rules.yaml new file mode 100644 index 0000000..c8bf2a4 --- /dev/null +++ b/argocd-monitor/argocd-alert-rules.yaml @@ -0,0 +1,31 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: main-rules + namespace: argocd + labels: + app: kube-prometheus-stack + release: my-kube-prometheus-stack +spec: + groups: + - name: argocd.rules + rules: + - alert: ArgocdServiceNotSynced + expr: argocd_app_info{sync_status!="Synced"} != 0 + for: 15m + labels: + severity: warning + annotations: + summary: ArgoCD service not synced (instance {{ $labels.instance }}) + description: "Service {{ $labels.name }} run by argo is currently not in sync.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + - alert: ArgocdServiceUnhealthy + expr: argocd_app_info{health_status!="Healthy"} != 0 + for: 15m + labels: + severity: warning + annotations: + summary: ArgoCD service unhealthy (instance {{ $labels.instance }}) + description: "Service {{ $labels.name }} run by argo is currently not healthy.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + + diff --git a/argocd-monitor/argocd-service-monitor.yaml b/argocd-monitor/argocd-service-monitor.yaml new file mode 100644 index 0000000..805c1bf --- /dev/null +++ b/argocd-monitor/argocd-service-monitor.yaml @@ -0,0 +1,103 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-metrics + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-metrics + endpoints: + - port: metrics +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-server-metrics + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-server-metrics + endpoints: + - port: metrics +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-repo-server-metrics + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + endpoints: + - port: metrics +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-applicationset-controller-metrics + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + endpoints: + - port: metrics +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-dex-server + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + endpoints: + - port: metrics +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-redis-haproxy-metrics + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + endpoints: + - port: http-exporter-port +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: argocd-notifications-controller + labels: + release: my-kube-prometheus-stack +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller-metrics + endpoints: + - port: metrics + + + + +# kubectl apply -f argocd-service-monitor.yaml -n argocd +# kubectl get servicemonitors -n argocd + +# kubectl -n monitoring get prometheuses.monitoring.coreos.com -o yaml | grep -i serviceMonitorSelector -A5 + + +# kubectl create ns monitoring +# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -n monitoring +# helm install my-kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 62.7.0 -n monitoring \ No newline at end of file diff --git a/argocd-monitor/email-secret.yaml b/argocd-monitor/email-secret.yaml new file mode 100644 index 0000000..dfc86d3 --- /dev/null +++ b/argocd-monitor/email-secret.yaml @@ -0,0 +1,46 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: gmail-auth + namespace: argocd +spec: + encryptedData: + password: AgAdN5Iy73lTcQbQePOntWY/ITKUd5aVsqxsjbPg0SPvIaI5zYWz8lxQ0frUYfFN4hF02DeAiC19kxiBXI468wYz3GDPu9kOqXxhlxQnPQitQg5kuNvqZ27ElAnSMbOamzin5ItMhEPmt48uFsykogHXXM0AjHDFUWvkjJGmaLZL/aHOQ6YU6bF6LldGGH9r/iC2VS5TVrqU9Rgmr8qvKOMkNUBK8BKft+0eKOCtTuDYwbtEFF6MEPlqvVtv+LMWWN+0GUgTxguab7mwpTIJjnl13yMTFlVa7Ef/FdL8yTCtYAkBj0O+blOtFOj4omRrmZSwvsEttWjh+uCj5pTYk8nKwseSKAIt+pQNH4xS+MzC9bKf+oUE56N0qaThMtRGj4JZ2wpEHNGFsomDzYKgRoUjOMRtpCBcR+VmfjjclImulefErBrzkH+oNoTB3C4gpWWEL8Z74VXd54l/1qSYUkYphUOeBULUNKUrzagSFuk8AK50kDD6PV1f3oneXKQAJC7uM8tH5hiqjla0UOQkW8GrOZaeE/M7s4+mgKjPHff9xM4UT9QtcfM0KzhlskFSRY1trP30hYaLOrbWPcCSiNq1uB/dVTcxlyawHATqESN+ydbalS+hUHke/ZGKDO3RDMQ9/TyQID5uSqw5DLqbMafV0xs/oeZVTixGVRm8yyQ497EBiV4h299u3TmJxrVVOR/9zg9xnekPFpzKimHJfX0nCtr4 + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: gmail-auth + namespace: argocd + type: Opaque + + +# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets +# helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets + +# kubectl get all -n kube-system | grep -i sealed +# kubectl get secret -n kube-system | grep -i sealed + +# Install kubeseal +# curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.23.0/kubeseal-0.23.0-linux-amd64.tar.gz" +# tar -xvzf kubeseal-0.23.0-linux-amd64.tar.gz kubeseal +# sudo install -m 755 kubeseal /usr/local/bin/kubeseal + +# Create secret file +# sudo vim email-secret.yaml + +# kubectl -n kube-system get secrets +# kubectl -n kube-system get secrets -o yaml +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r | base64 -d +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r | base64 -d > sealedSecret.crt +# cat sealedSecret.crt +# kubeseal --cert sealedSecret.crt --scope cluster-wide < email-secret.yaml +# kubeseal -o yaml --cert sealedSecret.crt --scope cluster-wide < email-secret.yaml > secret.yaml +# cat secret.yaml +# kubectl get secrets \ No newline at end of file diff --git a/bankapp/db-config.yaml b/bankapp/db-config.yaml new file mode 100644 index 0000000..727a7b4 --- /dev/null +++ b/bankapp/db-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-config + namespace: bankapp +data: + db_server: jdbc:mysql://mysql-release-primary.bankapp.svc.cluster.local:3306/bankappdb?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC diff --git a/bankapp/db-secret.yaml b/bankapp/db-secret.yaml new file mode 100644 index 0000000..b23cdd8 --- /dev/null +++ b/bankapp/db-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: db-secret + namespace: bankapp + annotations: + avp.kubernetes.io/path: "credentials/data/app" +type: Opaque +stringData: + db_root_pwd: # Test@123 + db_name: # bankappdb + db_user: # root + \ No newline at end of file diff --git a/bankapp/hpa.yaml b/bankapp/hpa.yaml new file mode 100644 index 0000000..39fdd36 --- /dev/null +++ b/bankapp/hpa.yaml @@ -0,0 +1,25 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: java-app-hpa + namespace: bankapp +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: java-app-deployment + minReplicas: 2 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 50 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 70 diff --git a/bankapp/java-app-ingress.yaml b/bankapp/java-app-ingress.yaml new file mode 100644 index 0000000..97832d1 --- /dev/null +++ b/bankapp/java-app-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: java-app-ingress + namespace: bankapp +spec: + ingressClassName: external-nginx + rules: + - host: k8s-ingress-external-cd564c2ff7-28c937f418df22b9.elb.us-east-2.amazonaws.com + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: java-app-service + port: + number: 80 diff --git a/bankapp/java-app.yaml b/bankapp/java-app.yaml new file mode 100644 index 0000000..50d901d --- /dev/null +++ b/bankapp/java-app.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: java-app-deployment + namespace: bankapp + labels: + app: java-app +spec: + replicas: 3 + selector: + matchLabels: + app: java-app + template: + metadata: + labels: + app: java-app + spec: + imagePullSecrets: + - name: my-ecr-registry-key + containers: + - name: java-app + image: 156041433917.dkr.ecr.us-east-2.amazonaws.com/bank-app:1.0-2 + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: SPRING_DATASOURCE_URL + valueFrom: + configMapKeyRef: + name: db-config + key: db_server + - name: SPRING_DATASOURCE_USERNAME + valueFrom: + secretKeyRef: + key: db_user + name: db-secret + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + key: db_root_pwd + name: db-secret + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "1Gi" + cpu: "500m" +--- +apiVersion: v1 +kind: Service +metadata: + name: java-app-service + namespace: bankapp +spec: + selector: + app: java-app + ports: + - port: 80 + targetPort: 8080 + diff --git a/bankapp/mysql-chart-values-eks.yaml b/bankapp/mysql-chart-values-eks.yaml new file mode 100644 index 0000000..926ee78 --- /dev/null +++ b/bankapp/mysql-chart-values-eks.yaml @@ -0,0 +1,33 @@ +# architecture: replication +# auth: +# rootPassword: Test@123 +# database: bankappdb + +# # Enable init container that changes the owner and group of the persistent volume mountpoint to runAsUser:fsGroup +# volumePermissions: +# enabled: true + +# primary: +# persistence: +# enabled: false + +# secondary: +# # 1 primary and 2 secondary replicas +# replicaCount: 2 +# persistence: +# enabled: true # Must be true to persist data across pods +# size: 8Gi # Specify the volume size +# storageClass: gp2 # Storage class for EKS volumes +# accessModes: +# - ReadWriteOnce # Correct access mode for gp2 volumes + +# metrics: +# enabled: true +# serviceMonitor: +# enabled: true +# additionalLabels: +# release: my-kube-prometheus-stack + + + +# # helm install mysql-release bitnami/mysql -f mysql-chart-values-eks.yaml -n bankapp \ No newline at end of file diff --git a/blue-green/blue-deployment.yaml b/blue-green/blue-deployment.yaml new file mode 100644 index 0000000..f4081b9 --- /dev/null +++ b/blue-green/blue-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: solar-system-blue + labels: + app: solar-system +spec: + replicas: 2 + strategy: + type: RollingUpdate + selector: + matchLabels: + app: solar-system + version: v1 + color: blue + template: + metadata: + labels: + app: solar-system + version: v1 + color: blue + spec: + containers: + - name: solar-system + image: chinmayapradhan/solar-system:v6 + imagePullPolicy: Always + ports: + - containerPort: 80 diff --git a/blue-green/green-deployment.yaml b/blue-green/green-deployment.yaml new file mode 100644 index 0000000..c8b6189 --- /dev/null +++ b/blue-green/green-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: solar-system-green + labels: + app: solar-system +spec: + replicas: 2 + strategy: + type: RollingUpdate + selector: + matchLabels: + app: solar-system + version: v2 + color: green + template: + metadata: + labels: + app: solar-system + version: v2 + color: green + spec: + containers: + - name: solar-system + image: chinmayapradhan/solar-system:v9 + imagePullPolicy: Always + ports: + - containerPort: 80 \ No newline at end of file diff --git a/blue-green/live-service.yaml b/blue-green/live-service.yaml new file mode 100644 index 0000000..bd671d2 --- /dev/null +++ b/blue-green/live-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: solar-system-service-blue +spec: + selector: + app: solar-system + version: v1 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 30001 + type: NodePort + +# modify the selector in live-service from v1 to v2 and apply using kubectl. \ No newline at end of file diff --git a/blue-green/pre-prod-service.yaml b/blue-green/pre-prod-service.yaml new file mode 100644 index 0000000..4a54372 --- /dev/null +++ b/blue-green/pre-prod-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: solar-system-service-green +spec: + selector: + app: solar-system + version: v2 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 30002 + type: NodePort \ No newline at end of file diff --git a/declarative/app-of-apps/geocentric-app.yml b/declarative/app-of-apps/geocentric-app.yml index 3e92400..8121f30 100644 --- a/declarative/app-of-apps/geocentric-app.yml +++ b/declarative/app-of-apps/geocentric-app.yml @@ -9,7 +9,7 @@ spec: project: default source: - repoURL: http://165.22.209.118:3000/siddharth/gitops-argocd.git + repoURL: https://github.com/chinmaya10000/gitops-argocd.git targetRevision: HEAD path: ./declarative/manifests/geocentric-model diff --git a/declarative/app-of-apps/heliocentric-app.yml b/declarative/app-of-apps/heliocentric-app.yml index defe5e4..00b0990 100644 --- a/declarative/app-of-apps/heliocentric-app.yml +++ b/declarative/app-of-apps/heliocentric-app.yml @@ -9,7 +9,7 @@ spec: project: default source: - repoURL: http://165.22.209.118:3000/siddharth/gitops-argocd.git + repoURL: https://github.com/chinmaya10000/gitops-argocd.git targetRevision: HEAD path: ./declarative/manifests/heliocentric-model diff --git a/declarative/app-of-apps/heliocentric-no-pluto-app.yml b/declarative/app-of-apps/heliocentric-no-pluto-app.yml index 8fe5d93..46a30ad 100644 --- a/declarative/app-of-apps/heliocentric-no-pluto-app.yml +++ b/declarative/app-of-apps/heliocentric-no-pluto-app.yml @@ -9,7 +9,7 @@ spec: project: default source: - repoURL: http://165.22.209.118:3000/siddharth/gitops-argocd.git + repoURL: https://github.com/chinmaya10000/gitops-argocd.git targetRevision: HEAD path: ./declarative/manifests/heliocentric-model-no-pluto diff --git a/declarative/manifests/geocentric-model/deployment.yml b/declarative/manifests/geocentric-model/deployment.yml index 2e7770b..a1d187a 100644 --- a/declarative/manifests/geocentric-model/deployment.yml +++ b/declarative/manifests/geocentric-model/deployment.yml @@ -14,4 +14,4 @@ spec: spec: containers: - name: geocentric-model - image: siddharth67/geocentric-solar-system:v1 + image: chinmayapradhan/geocentric-solar-system:v1 diff --git a/declarative/manifests/heliocentric-model-no-pluto/deployment.yml b/declarative/manifests/heliocentric-model-no-pluto/deployment.yml index babd770..3797c53 100644 --- a/declarative/manifests/heliocentric-model-no-pluto/deployment.yml +++ b/declarative/manifests/heliocentric-model-no-pluto/deployment.yml @@ -14,4 +14,4 @@ spec: spec: containers: - name: heliocentric-model-no-pluto - image: siddharth67/heliocentric-solar-system:no-pluto + image: chinmayapradhan/heliocentric-solar-system:no-pluto diff --git a/declarative/manifests/heliocentric-model/deployment.yml b/declarative/manifests/heliocentric-model/deployment.yml index b2b935d..a835579 100644 --- a/declarative/manifests/heliocentric-model/deployment.yml +++ b/declarative/manifests/heliocentric-model/deployment.yml @@ -14,4 +14,4 @@ spec: spec: containers: - name: heliocentric-model - image: siddharth67/heliocentric-solar-system:v1 + image: chinmayapradhan/heliocentric-solar-system:v1 diff --git a/declarative/mono-app/geocentric-app.yml b/declarative/mono-app/geocentric-app.yml index 21db449..d5dcb1a 100644 --- a/declarative/mono-app/geocentric-app.yml +++ b/declarative/mono-app/geocentric-app.yml @@ -9,7 +9,7 @@ spec: project: default source: - repoURL: http://165.22.209.118:3000/siddharth/gitops-argocd.git + repoURL: https://github.com/chinmaya10000/gitops-argocd.git targetRevision: HEAD path: ./declarative/manifests/geocentric-model diff --git a/declarative/multi-app/app-of-apps.yml b/declarative/multi-app/app-of-apps.yml index aa1b446..7b0835e 100644 --- a/declarative/multi-app/app-of-apps.yml +++ b/declarative/multi-app/app-of-apps.yml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: http://165.22.209.118:3000/siddharth/gitops-argocd.git + repoURL: https://github.com/chinmaya10000/gitops-argocd.git targetRevision: HEAD path: ./declarative/app-of-apps destination: diff --git a/jenkins-demo/deployment.yaml b/jenkins-demo/deployment.yaml index ddc0291..fa5531f 100644 --- a/jenkins-demo/deployment.yaml +++ b/jenkins-demo/deployment.yaml @@ -16,7 +16,7 @@ spec: app: solar-system spec: containers: - - image: siddharth67/planets:14-f8f18dd8981516a2fb6d184dd3aa80155641d7af + - image: chinmayapradhan/solar-system:v9 name: solar-system ports: - containerPort: 80 diff --git a/jenkins-demo/service.yaml b/jenkins-demo/service.yaml index 929346b..4254909 100644 --- a/jenkins-demo/service.yaml +++ b/jenkins-demo/service.yaml @@ -11,4 +11,4 @@ spec: targetPort: 80 selector: app: solar-system - type: NodePort + type: LoadBalancer diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml new file mode 100644 index 0000000..4a9a5d0 --- /dev/null +++ b/kubernetes/deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: solar-system + name: solar-system + namespace: solar-system +spec: + selector: + matchLabels: + app: solar-system + template: + metadata: + labels: + app: solar-system + spec: + containers: + - name: solar-system + image: chinmayapradhan/orbit-engine:3e906e3be059342b1916f020c034344fb267ddca + imagePullPolicy: Always + ports: + - containerPort: 3000 + name: http + protocol: TCP + envFrom: + - secretRef: + name: mongo-db-creds + diff --git a/kubernetes/secret.yaml b/kubernetes/secret.yaml new file mode 100644 index 0000000..7cbb1c2 --- /dev/null +++ b/kubernetes/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mongo-db-creds + namespace: solar-system +type: Opaque +data: + MONGO_PASSWORD: SuperPassword + MONGO_USERNAME: superuser + MONGO_URI: mongodb+srv://supercluster.d83jj.mongodb.net/superData diff --git a/kubernetes/service.yaml b/kubernetes/service.yaml new file mode 100644 index 0000000..d495fa3 --- /dev/null +++ b/kubernetes/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: solar-system + namespace: solar-system +spec: + selector: + app: solar-system + ports: + - port: 3000 + targetPort: 30000 + \ No newline at end of file diff --git a/sealed-secret/deployment.yaml b/sealed-secret/deployment.yaml deleted file mode 100644 index ae321fb..0000000 --- a/sealed-secret/deployment.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - app: secret-app - name: secret-app -spec: - replicas: 1 - selector: - matchLabels: - app: secret-app - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - app: secret-app - spec: - containers: - - image: siddharth67/secrets:bitnami - name: secret-app - imagePullPolicy: Always - # uncomment block to mount secret - volumeMounts: - - name: app-secret-vol - mountPath: "/app/crds" - readOnly: true - volumes: - - name: app-secret-vol - secret: - secretName: app-crds diff --git a/sealed-secret/mongo-configmap.yaml b/sealed-secret/mongo-configmap.yaml new file mode 100644 index 0000000..e972b15 --- /dev/null +++ b/sealed-secret/mongo-configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-configmap +data: + database_url: mongodb-service \ No newline at end of file diff --git a/sealed-secret/mongo-express.yaml b/sealed-secret/mongo-express.yaml new file mode 100644 index 0000000..62c80a7 --- /dev/null +++ b/sealed-secret/mongo-express.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongo-express + labels: + app: mongo-express +spec: + replicas: 1 + selector: + matchLabels: + app: mongo-express + template: + metadata: + labels: + app: mongo-express + spec: + containers: + - name: mongo-express + image: mongo-express + ports: + - containerPort: 8081 + env: + - name: ME_CONFIG_MONGODB_ADMINUSERNAME + valueFrom: + secretKeyRef: + key: mongo-root-username + name: mongodb-secret + - name: ME_CONFIG_MONGODB_ADMINPASSWORD + valueFrom: + secretKeyRef: + key: mongo-root-password + name: mongodb-secret + - name: ME_CONFIG_MONGODB_SERVER + valueFrom: + configMapKeyRef: + key: database_url + name: mongodb-configmap +--- +apiVersion: v1 +kind: Service +metadata: + name: mongo-express-service +spec: + selector: + app: mongo-express + type: LoadBalancer + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 + nodePort: 30004 \ No newline at end of file diff --git a/sealed-secret/mongo-secret.yaml b/sealed-secret/mongo-secret.yaml new file mode 100644 index 0000000..e0061f7 --- /dev/null +++ b/sealed-secret/mongo-secret.yaml @@ -0,0 +1,49 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: mongodb-secret +spec: + encryptedData: + mongo-root-password: AgAyvORhsnM/77CPAAPpZrOwaKb+HIlQ9E0C09uIfpPeVQH3fqn+h8nlDFcOvkBbWFi9kbRuwGye4KvM3EDVYsASgiVv6z3+0l9NnihDkmBrsZkLGlGv4AX7+pYC2gDYPW5+jmdmwU86iUlhbNP1TojqHLPi+rw5iseIdZQAqeGh2dL9FzmEiXZLCwnH6O2iEtPLrZflrDrCk9oA/AzjmbqA1XxiHIZ9L3M4UCojXkDzkgyz2pjHS2LfbQJuytMaeN4rAJ+S2bdc0fDA9zygWz26zFdn8FFy1Sk9n3Bq+jAzjKPTMUG04UQkrPqdv1VUP4g4cRPiZwNRixG+JzhrYe5aMqH1GYL2btIlcM2KJFLVYOinwhy8Wwyvra9Ho9Ipn8+YCf8hSZK09WVJxXGL+Fejq1+uQVYoMc2P5K/3DYAwsT0tf8thusmqP340zvZyAMtJgDgoBN2urVc1uGX7lczS+ZwrsIXFSllptyR4tFGPIJ3AfSaIYowsc7xGgVz+lVb9apwilD1cpxfBIbvBhlMrro9P6VBJc+cFX6UAUNm/m8IQap51cd4lwvdN0oewPPKOMDmmi0uaG/28uafr26MOSQejDsPCPQzLHg7XltiywqP6ZEPab06yjK33dE7J1hF2nDvQ2uZvM7RkCOzbEwfiMgk5dOu62JcA1zO7eV856wc/9JUQgBaPuX1+oZ4Z77FidunOLRbJng== + mongo-root-username: AgAi9RcOvVJOQ2r3BcdNmttbxixxxmWbb301eWs3z+uVkvO+DD5j2bitxtln8x1TdcmC+isLYOYkQDWVjkp/mL5TRmx3ssaKMTWVEyxn+U3lhNUS9o4UATxXFEUZZqhoA8NG7rNizZyxVBgaaCvp851s3Jt7TXk+2lXI1nQgwSKgfiGeGnB5OsrOSIxoZGcErKTIx7zfOgodaDEuCwOkaPITlSUTqwHxsYHT5Rd1A5h3JguZQ0TJeQy2j4eV9+02BhFn0zRWdgH8NHFddpRafe/LrQxNQxOCJy8LkOp9kgXKFV155xjuOf+g16GA/pe2b7EVSFOI8xRrLLR8MGs2rahZoIta3ovszunveYf8zg1K79vhlr88GyD0E8OQ+opj+B7toSLm/j6Cs5LRUz/iiOXVU8/SLD7sqak+EAVrtE6wz4J62RxpO+YSefa/OOdN5YFM9KZ8tPru3HlszveGVdEp4hslsrLBC3TS8o5KyT8UFFjVkm1eGJ7+PKJ9A5MPzi1id1uKLGj2r+qjO1s0WCLxRCY+T04kadfGfVLeue7oUXpb7fD4B459md9zVEbJZIY/nOC50E6JMeEoujwQBUhlwEHEqWvrTP/nWoN5XrWOg+9HvbkoYppwddJIqZzpg4Jba5jPU3/2HicJTkAFONw9tDlz2v67GjoqxurkBbevyjmIzmTR8TZDYnMpBfqIIaBVjPealugT7w== + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: mongodb-secret + type: Opaque + + + + + + +# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets +# helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets + +# kubectl get all -n kube-system | grep -i sealed +# kubectl get secret -n kube-system | grep -i sealed + +# Install kubeseal +# curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.23.0/kubeseal-0.23.0-linux-amd64.tar.gz" +# tar -xvzf kubeseal-0.23.0-linux-amd64.tar.gz kubeseal +# sudo install -m 755 kubeseal /usr/local/bin/kubeseal + +# Create secret file +# sudo vim mongo-secret.yaml + +# kubectl -n kube-system get secrets +# kubectl -n kube-system get secrets -o yaml +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r | base64 -d +# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r | base64 -d > sealedSecret.crt +# cat sealedSecret.crt +# kubeseal --cert sealedSecret.crt --scope cluster-wide < mongo-secret.yaml +# kubeseal -o yaml --cert sealedSecret.crt --scope cluster-wide < mongo-secret.yaml > secret.yaml +# cat secret.yaml +# kubectl get secrets \ No newline at end of file diff --git a/sealed-secret/mongo.yaml b/sealed-secret/mongo.yaml new file mode 100644 index 0000000..12e3190 --- /dev/null +++ b/sealed-secret/mongo.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb-deployment + labels: + app: mongodb +spec: + replicas: 1 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + key: mongo-root-username + name: mongodb-secret + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: mongo-root-password + name: mongodb-secret +--- +apiVersion: v1 +kind: Service +metadata: + name: mongodb-service +spec: + selector: + app: mongodb + ports: + - protocol: TCP + port: 27017 + targetPort: 27017 \ No newline at end of file diff --git a/sealed-secret/secret.yaml b/sealed-secret/secret.yaml deleted file mode 100644 index 7db853f..0000000 --- a/sealed-secret/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: app-crds -spec: - encryptedData: - apikey: AgBL5Se5O2lEMZO0e6RhB1n39um2vuSF94tExzFwM7gMOTozkGIqaf9+HPmHtCXSgxAzjLF7eXqOLPGmGaoydCUP3QqsfRIs7stu4GzpzJGvLAxGPM0GJr8mgGkmgLxR4JPwlQVZxSck3VSGkKzZgjtHHbzkD1Dg3R/8taCzakApCC2Kokn05/F5DE4AjETNhb884mO0tBgrJhe4PlMooHnWFhc2J+BaugNhbnbAFqEUYPMsXEIT+P/Yi2LQ9jimQxsmR+TLtfR5zLDO7mvEE403Gt7ysFobzK9fdR0czGICRZDNaQuv2FM14wg7ajnuvZDCWe2zo2YItcDmkR630xZ+dxTKoV8IVJoxGu9p5HrC5mMp/BIcipBJAxChIeT3VWob4yl3y75XJS5tH6eLzXRm8W7qQ0zminQl2hkgy4C4oeM4otOmz8I1jB3GsqnfWIJs4EOWCIEHe7H9H1hOmQdw5FqTiclAvY/SgruBJrlNHZ6m6OmtrwHpl7xYbn7uyw9QsI1lywhQXYNC9sadJJDlTfCw/Yt01e3BGLcdUmbLd1+TRo5As9kw+CQo6hu/UyDvVcl8iJi3YpCLVlBSDRkiFoQ0MbOSOuSGwOrIzr2TAuJ+f0MC7tmNX/enFComUffrEWhOGa/HgQO07r+mB5dPkVn57kKbgCdVhszEJEICTImKUahi2IUwFA0pB5/Ozvm96kPjF8n5ZQ6qgLPMsY4kk25GlqCl8qYi4nc5D+p7QH03PpMT6Skpxw== - password: AgApC/le6EJaKV3aMb548JzfQuIj0rQJb8Tcxt2A2tUXh81EMiWjAS+kuc5EzJqVWenRy3d53Uw2x6DPnB42ogjh/rReDa5nQf4EeAaYqdUhq7uflQLG5Fm6sWd4gcNiwYgjpAnH0x/O5hxDXwM+0Kzn1O+3wQpp3/eIjPssZYU60PM3Hz/9riE12DqTbLI0WSPlgZVD7kHaXtIIPOwhp8NDFQUmwYKoI7uVSsPnmJtulx1WVvSNwiguVE+6WbBPN06oXeMzmfA9evpqwWOM2hBpAvN8EU50GfE5mfXq7B5ABoj9FfDsA/bKEmnCgCdhl0VyTZXRxWJdb/aJcT/8ClhVyoKNseAw3Wgj4Fl5Fn6vxNpvOTTGqxVGIVN8BQs0VVKe90x32Ynvx32ltm3u6+87TxqzVyRPQP8kMchfb2CwEwM3JxCsaeCC9pQt+4ydMpUfootAAH9CSYVNZiBcr7o8tmL1HrYiL8o3wnyFgK5erVZmsUouD3HSEJVPdmu5HOgYLqLup1+dFTIHj5n0LAjJo802ivT05Z7QU/t0rM/GsykpC9BWo4DZ2m2lWms+EONMlRwUGVCqijB+zES5+OxbWcMSUjTPZ9BWlxXjeGTrfQcwc4A//cBUPlBlZ4AhFbLg36CxhhMNY9XMQzlN2oBF8h3ZxhBhdopX35I7XcT0mn0av33nhgd6hQGsc+TVU6xi7ZcoLedT4fvnxxEdrUUQlw== - username: AgAVDVCx4YGcxH9+ZiomKDsep/AI+vo7Xx7Dgv2n5VPZa17DrhW76fIW4Bhuyxsw6lJQ3Ycml3NTm2CWAjuQ/fFIpwCc/8xLOIbt5kfOFPEQ77LTBIS2MIUybR0eRDXyplVr4qkifw3FwNZ2MHx/fc9lsLqRmfmsiqQoOKYPPhomyPVF9Al/zpHQQuf5vTInUJBf5B4Ru0CI2w26un3EZ/Lw6Y3bLngX+sYRj94oYegtnD4FzGG06OkFr8bdJl2Hk/WLG4R/3mSpnYHx+3y6wCaCi5QFKWGbcqnKzOBETxFOEOe/irJNeUIMyhMMXh/Dp7RMJKgfXDfKBi8suWftZCcGdk1JdbWq9cOMXgCDnugbdsLVEItIQbZq7ZjQdtWTFrY8iyyQvBOMy9KONcjacazG0TfPg+Vj0psd1LvWzh9UD/oa/AFLLDhcQLdC4hQha0Exp5VDOnlC/v8a7lzYrMljmQTQMU/IU5l5i4FZMI/bfOHG3O0ggm9qQPvqmWd6D4y2nYG4vl6chNBuJ2aao4nydJW492btEOPITzFY0GLom40e7VQ8gfb8lhYPptrCNriTmCBDfW4taQjaBDXrh94gT+9fsXYpHg48he4+uW1AKfFGW6fcR1if0P0bFs1Si3O5OIPUYlpJ46oayBWlK9hpDLSe5SDJXuamshkvNf1jyo1INCZ3/H+06l2XXjBawWQ63hYu13MF9n5snU8Mzis= - template: - data: null - metadata: - annotations: - sealedsecrets.bitnami.com/cluster-wide: "true" - creationTimestamp: null - name: app-crds \ No newline at end of file diff --git a/sealed-secret/service.yaml b/sealed-secret/service.yaml deleted file mode 100644 index ffcb794..0000000 --- a/sealed-secret/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - app: secret-app - name: secret-app -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: secret-app - type: NodePort diff --git a/solar-system/deployment.yml b/solar-system/deployment.yml index d2e140b..20a03f6 100644 --- a/solar-system/deployment.yml +++ b/solar-system/deployment.yml @@ -5,7 +5,7 @@ metadata: app: solar-system name: solar-system spec: - replicas: 3 + replicas: 2 selector: matchLabels: app: solar-system @@ -16,7 +16,7 @@ spec: app: solar-system spec: containers: - - image: siddharth67/solar-system:v9 + - image: chinmayapradhan/solar-system:v3 name: solar-system imagePullPolicy: Always ports: diff --git a/solar-system/service.yml b/solar-system/service.yml index 6372238..29a0985 100644 --- a/solar-system/service.yml +++ b/solar-system/service.yml @@ -11,4 +11,4 @@ spec: targetPort: 80 #change to 80 selector: app: solar-system - type: NodePort + type: LoadBalancer diff --git a/three-tier/backend/deployment.yaml b/three-tier/backend/deployment.yaml new file mode 100644 index 0000000..a486bbf --- /dev/null +++ b/three-tier/backend/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api + namespace: three-tier + labels: + role: api + env: demo +spec: + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 25% + selector: + matchLabels: + role: api + template: + metadata: + labels: + role: api + spec: + imagePullSecrets: + - name: my-ecr-registry-key + containers: + - name: api + image: 156041433917.dkr.ecr.us-east-2.amazonaws.com/backend:v1 + imagePullPolicy: Always + ports: + - containerPort: 3500 + env: + - name: MONGO_CONN_STR + valueFrom: + configMapKeyRef: + key: db_server + name: db-config + - name: MONGO_USERNAME + valueFrom: + secretKeyRef: + key: mongo-root-username + name: db-secret + - name: MONGO_PASSWORD + valueFrom: + secretKeyRef: + key: mongo-root-password + name: db-secret + livenessProbe: + httpGet: + path: /healthz + port: 3500 + initialDelaySeconds: 2 + periodSeconds: 5 + readinessProbe: + httpGet: + path: /ready + port: 3500 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + startupProbe: + httpGet: + path: /started + port: 3500 + initialDelaySeconds: 0 + periodSeconds: 10 + failureThreshold: 30 + resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "250m" + memory: "256Mi" diff --git a/three-tier/backend/service.yaml b/three-tier/backend/service.yaml new file mode 100644 index 0000000..df9e47c --- /dev/null +++ b/three-tier/backend/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-svc + namespace: three-tier +spec: + selector: + role: api + ports: + - protocol: TCP + port: 3500 + targetPort: 3500 + type: ClusterIP + diff --git a/three-tier/database/db-configmap.yaml b/three-tier/database/db-configmap.yaml new file mode 100644 index 0000000..e68b875 --- /dev/null +++ b/three-tier/database/db-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-config + namespace: three-tier +data: + db_server: mongodb://mongodb-svc:27017/todo?directConnection=true diff --git a/three-tier/database/db-secret.yaml b/three-tier/database/db-secret.yaml new file mode 100644 index 0000000..b60320c --- /dev/null +++ b/three-tier/database/db-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: db-secret + namespace: three-tier +type: Opaque +data: + mongo-root-password: Three-Tier-Project + mongo-root-username: admin diff --git a/three-tier/database/statefullsets.yaml b/three-tier/database/statefullsets.yaml new file mode 100644 index 0000000..f9449a0 --- /dev/null +++ b/three-tier/database/statefullsets.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongodb + namespace: three-tier +spec: + selector: + matchLabels: + app: mongodb + serviceName: mongodb-svc + replicas: 2 + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo:4.4.6 + command: + - "numactl" + - "--interleave=all" + - "mongod" + - "--wiredTigerCacheSizeGB" + - "0.1" + - "--bind_ip" + - "0.0.0.0" + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + key: mongo-root-username + name: db-secret + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: mongo-root-password + name: db-secret + volumeMounts: + - name: mongo-volume + mountPath: /data/db + volumeClaimTemplates: + - metadata: + name: mongo-volume + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi + storageClassName: gp2 +--- +apiVersion: v1 +kind: Service +metadata: + name: mongodb-svc + namespace: three-tier +spec: + selector: + app: mongodb + ports: + - protocol: TCP + port: 27017 + targetPort: 27017 + name: mongodb-svc + + diff --git a/three-tier/frontend/deployment.yaml b/three-tier/frontend/deployment.yaml new file mode 100644 index 0000000..7436381 --- /dev/null +++ b/three-tier/frontend/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: three-tier + labels: + role: frontend + env: demo +spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 25% + selector: + matchLabels: + role: frontend + template: + metadata: + labels: + role: frontend + spec: + imagePullSecrets: + - name: my-ecr-registry-key + containers: + - name: frontend + image: 156041433917.dkr.ecr.us-east-2.amazonaws.com/frontend:v3 + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: REACT_APP_BACKEND_URL + value: "http://api-svc:3500/api/tasks" + resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "250m" + memory: "256Mi" diff --git a/three-tier/frontend/service.yaml b/three-tier/frontend/service.yaml new file mode 100644 index 0000000..ab9922c --- /dev/null +++ b/three-tier/frontend/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: frontend-svc + namespace: three-tier + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-type: external + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing +spec: + selector: + role: frontend + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + # type: LoadBalancer diff --git a/vault-secrets/mongo-configmap.yaml b/vault-secrets/mongo-configmap.yaml new file mode 100644 index 0000000..0eefea7 --- /dev/null +++ b/vault-secrets/mongo-configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-configmap +data: + database_url: mongodb-service diff --git a/vault-secrets/mongo-express.yaml b/vault-secrets/mongo-express.yaml new file mode 100644 index 0000000..aa5a12c --- /dev/null +++ b/vault-secrets/mongo-express.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongo-express + labels: + app: mongo-express +spec: + replicas: 1 + selector: + matchLabels: + app: mongo-express + template: + metadata: + labels: + app: mongo-express + spec: + containers: + - name: mongo-express + image: mongo-express + ports: + - containerPort: 8081 + env: + - name: ME_CONFIG_MONGODB_ADMINUSERNAME + valueFrom: + secretKeyRef: + key: mongo-root-username + name: mongodb-secret + - name: ME_CONFIG_MONGODB_ADMINPASSWORD + valueFrom: + secretKeyRef: + key: mongo-root-password + name: mongodb-secret + - name: ME_CONFIG_MONGODB_SERVER + valueFrom: + configMapKeyRef: + key: database_url + name: mongodb-configmap +--- +apiVersion: v1 +kind: Service +metadata: + name: mongo-express-service +spec: + selector: + app: mongo-express + type: LoadBalancer + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 + nodePort: 30004 diff --git a/vault-secrets/mongo-secret.yaml b/vault-secrets/mongo-secret.yaml new file mode 100644 index 0000000..6006edd --- /dev/null +++ b/vault-secrets/mongo-secret.yaml @@ -0,0 +1,59 @@ +kind: Secret +apiVersion: v1 +metadata: + name: mongodb-secret + annotations: + avp.kubernetes.io/path: "credentials/data/app" +type: Opaque +stringData: + mongo-root-username: + mongo-root-password: + + + + + +# apiVersion: v1 +# kind: Secret +# metadata: + # name: mongodb-secret +# type: Opaque +# data: + # mongo-root-username: dXNlcm5hbWU= + # mongo-root-password: cGFzc3dvcmQ= + + + +# Install Vault +# helm repo add hashicorp https://helm.releases.hashicorp.com +# helm install vault hashicorp/vault -n vault-demo +# kubectl get all -n vault-demo + +# Initial root token = +# Key 1 = xEAuUg7umxZlyhla95zV8XJmd/s6nf+1i+FLwT0yRBE8 +# key 2 = GH75/LjdqhTDxvm6iKLtP2iohKycjFyQnGvdSXMD8SYx +# key 3 = RuvDmR+RjX8Rp1kaajfFf8HoghNOQeAU7DKQe7Ykhbzo + +# Install argocd-vault-plugin locally +# wget https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.18.0/argocd-vault-plugin_1.18.0_linux_amd64 +# sudo mv argocd-vault-plugin_1.18.0_linux_amd64 argocd-vault-plugin +# chmod +x argocd-vault-plugin +# sudo mv argocd-vault-plugin /usr/local/bin + +# sudo vim vault.env +# VAULT_ADDR=http://3.142.212.235:30331/ +# VAULT_TOKEN= +# AVP_TYPE=vault +# AVP_AUTH_TYPE=token + +# argocd-vault-plugin generate -c vault.env - < secret.yaml +# cat secret.yaml + + + +# Install vault plugin within argocd +# kubectl get deploy -n argocd +# kubectl -n argocd edit deploy argocd-repo-server +# kubectl -n argocd get cm +# kubectl -n argocd edit cm argocd-cm +# kubectl -n vault-secret get secret mongodb-secret -o json | jq -r '.data["mongo-root-username"]' | base64 --decode diff --git a/vault-secrets/mongo.yaml b/vault-secrets/mongo.yaml new file mode 100644 index 0000000..1dbf349 --- /dev/null +++ b/vault-secrets/mongo.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb-deployment + labels: + app: mongodb +spec: + replicas: 1 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + key: mongo-root-username + name: mongodb-secret + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: mongo-root-password + name: mongodb-secret +--- +apiVersion: v1 +kind: Service +metadata: + name: mongodb-service +spec: + selector: + app: mongodb + ports: + - protocol: TCP + port: 27017 + targetPort: 27017 diff --git a/vault-secrets/secret.yaml b/vault-secrets/secret.yaml deleted file mode 100644 index e748a06..0000000 --- a/vault-secrets/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: app-crds - annotations: - avp.kubernetes.io/path: "credentials/data/app" -type: Opaque -stringData: - apikey: - username: - password: