feat: docker orchestration

.dockerignore

@@ -1,6 +1,7 @@
 /node_modules
 /dist
 /docs
+/orchestration
 *.log
 .git
 .env

.gitignore

@@ -39,10 +39,15 @@ lerna-debug.log*
 .env.local
 .env.*
 .env.*.local
+orchestration/**/.env*
+!orchestration/**/.env.example
 
 # yarn
 .yarn/*
 !.yarn/releases
 !.yarn/plugins
 !.yarn/patches
 .pnp.*
+
+# hard links
+orchestration/shared/scripts

Dockerfile

@@ -33,7 +33,7 @@ WORKDIR /app
 COPY --from=build /app/dist dist
 COPY --from=build /app/node_modules node_modules
 
-# To avoid
+# To avoid string interpolation in CMD instruction
 RUN ln -vs dist/apps/${OFFICE_TYPE}/main.js main.js
 
 CMD ["node", "main.js"]

orchestration/branch-office/.env.example

@@ -0,0 +1,12 @@
+# OFFICES CONFIG
+HEAD_OFFICE=HO
+SEND_EXCHANGE=HEAD_EXCHANGE
+CONSUME_EXCHANGE=BRANCHES_EXCHANGE
+
+# MISC CONFIG
+PORT=3000
+NODE_ENV=development
+
+# DATABASE CONFIG
+DB_HOST=localhost
+DB_NAME=db

orchestration/branch-office/deployment.yaml

@@ -0,0 +1,114 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bo-deployment
+spec:
+  selector:
+    matchLabels:
+      app: branch-office
+      db: branch-office-db
+  replicas: 3 # tells deployment to run 3 pods matching the template
+  template:
+    metadata:
+      labels:
+        app: branch-office
+        db: branch-office-db
+    spec:
+      initContainers:
+        - name: init-secrets
+          image: finalgene/openssh
+          restartPolicy: never
+          command:
+            [
+              "/bin/bash",
+              "-c",
+              "TEMP_DIR=/secrets /scripts/generate_secrets.sh",
+            ]
+          volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+            - name: secrets
+              mountPath: secrets
+        - name: init-ssl-certs
+          image: finalgene/openssh
+          restartPolicy: never
+          command:
+            [
+              "/bin/bash",
+              "-c",
+              "TEMP_DIR=/ssl /scripts/generate_ssl_certificates.sh",
+            ]
+          volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+            - name: ssl-certs
+              mountPath: ssl
+      containers:
+        - name: app
+          image: omarbesbes/database-synchronization-app:branch-office
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 128Mi
+          command: [
+              "/bin/bash",
+              "-c",
+              "
+              DB_PASSWORD=$(cat /secrets/db_password.txt)
+              DB_USERNAME=$(cat /secrets/db_username.txt)
+              node main.js
+              ",
+            ]
+          env:
+            - name: DB_TYPE
+              value: postgres
+            - name: DB_PORT
+              value: "5432"
+            - name: ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: QUEUE
+              value: $(ID)
+          envFrom:
+            - configMapRef:
+                name: app-config
+          volumeMounts:
+            - name: secrets
+              mountPath: secrets
+        - name: db
+          image: postgres:16
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 128Mi
+          command: ["/usr/local/bin/database_entrypoint.sh"]
+          env:
+            - name: POSTGRES_DB
+              valueFrom:
+                configMapKeyRef:
+                  name: app-config
+                  key: DB_NAME
+          volumeMounts:
+            - name: secrets
+              mountPath: secrets
+            - name: ssl-certs
+              mountPath: ssl
+            - name: scripts
+              mountPath: usr/local/bin/database_entrypoint.sh
+              subPath: database_entrypoint.sh
+      volumes:
+        - name: scripts
+          configMap:
+            defaultMode: 055 # This is specified so that scripts are executable when mounted
+            name: scripts
+        - name: secrets
+          emptyDir: {}
+        - name: ssl-certs
+          emptyDir: {}

orchestration/branch-office/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - ../shared
+
+configMapGenerator:
+  - name: app-config
+    behavior: merge
+    envs:
+      - .env.example

orchestration/head-office/.env.example

@@ -0,0 +1,14 @@
+# OFFICES CONFIG
+ID=HO
+HEAD_OFFICE=HO
+SEND_EXCHANGE=BRANCHES_EXCHANGE
+CONSUME_EXCHANGE=HEAD_EXCHANGE
+QUEUE=HO
+
+# MISC CONFIG
+PORT=3000
+NODE_ENV=development
+
+# DATABASE CONFIG
+DB_HOST=localhost
+DB_NAME=db

orchestration/head-office/deployment.yaml

@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ho-deployment
+spec:
+  selector:
+    matchLabels:
+      app: head-office
+      db: head-office-db
+  replicas: 1 # tells deployment to run 1 pod matching the template
+  template:
+    metadata:
+      labels:
+        app: head-office
+        db: head-office-db
+    spec:
+      initContainers:
+        - name: init-secrets
+          image: finalgene/openssh
+          restartPolicy: never
+          command:
+            [
+              "/bin/bash",
+              "-c",
+              "TEMP_DIR=/secrets /scripts/generate_secrets.sh",
+            ]
+          volumeMounts:
+            - name: scripts
+              mountPath: scripts
+            - name: secrets
+              mountPath: secrets
+        - name: init-ssl-certs
+          image: finalgene/openssh
+          restartPolicy: never
+          command:
+            [
+              "/bin/bash",
+              "-c",
+              "TEMP_DIR=/ssl /scripts/generate_ssl_certificates.sh",
+            ]
+          volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+            - name: ssl-certs
+              mountPath: ssl
+      containers:
+        - name: app
+          image: omarbesbes/database-synchronization-app:head-office
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 128Mi
+          command: [
+              "/bin/bash",
+              "-c",
+              "
+              DB_PASSWORD=$(cat /secrets/db_password.txt)
+              DB_USERNAME=$(cat /secrets/db_username.txt)
+              node main.js
+              ",
+            ]
+          env:
+            - name: DB_TYPE
+              value: postgres
+            - name: DB_PORT
+              value: "5432"
+          envFrom:
+            - configMapRef:
+                name: app-config
+          volumeMounts:
+            - name: secrets
+              mountPath: secrets
+        - name: db
+          image: postgres:16
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 128Mi
+          command: ["/bin/bash", "-c", "/usr/local/bin/database_entrypoint.sh"]
+          env:
+            - name: POSTGRES_DB
+              valueFrom:
+                configMapKeyRef:
+                  name: app-config
+                  key: DB_NAME
+          volumeMounts:
+            - name: secrets
+              mountPath: secrets
+            - name: ssl-certs
+              mountPath: ssl
+            - name: scripts
+              mountPath: usr/local/bin/database_entrypoint.sh
+              subPath: database_entrypoint.sh
+      volumes:
+        - name: scripts
+          configMap:
+            defaultMode: 0555 # This is specified so that scripts are executable when mounted
+            name: scripts
+        - name: secrets
+          emptyDir: {}
+        - name: ssl-certs
+          emptyDir: {}

orchestration/head-office/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - ../shared
+
+configMapGenerator:
+  - name: app-config
+    behavior: merge
+    envs:
+      - .env.example

orchestration/rabbitmq/deployment.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rabbitmq-deployment
+spec:
+  selector:
+    matchLabels:
+      app: rabbitmq
+  replicas: 1 # tells deployment to run 1 pod matching the template
+  template:
+    metadata:
+      labels:
+        app: rabbitmq
+    spec:
+      containers:
+        - name: rabbitmq
+          image: rabbitmq:management
+          resources:
+            limits:
+              cpu: 500m
+              memory: 1.5Gi
+            requests:
+              cpu: 250m
+              memory: 512M
+          ports:
+            - containerPort: 5672
+            - containerPort: 15672

orchestration/rabbitmq/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - service.yaml

orchestration/rabbitmq/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rabbitmq
+spec:
+  selector:
+    app: rabbitmq
+  ports:
+    - name: rabbitmq-api-port
+      protocol: TCP
+      port: 5672
+      targetPort: 5672
+    - name: rabbitmq-management-ui-port
+      protocol: TCP
+      port: 15672
+      targetPort: 15672

orchestration/shared/.env.example

@@ -0,0 +1,2 @@
+HEAD_OFFICE=HO
+RABBITMQ_URL=amqp://guest:guest@rabbitmq:5672

orchestration/shared/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../rabbitmq
+
+configMapGenerator:
+  - name: scripts
+    files:
+    - scripts/generate_secrets.sh
+    - scripts/generate_ssl_certificates.sh
+    - scripts/database_entrypoint.sh
+  - name: app-config
+    envs:
+      - .env.example

scripts/database_entrypoint.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# Setting credentials from default location if not set
+[ -z "$POSTGRES_PASSWORD" ] && export POSTGRES_PASSWORD=$(cat /secrets/db_password.txt)
+[ -z "$POSTGRES_USER" ]     && export POSTGRES_USER=$(cat /secrets/db_username.txt)
+
 # Changing owner of `server.key` is required by postgres,
 # see https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-SETUP
 chown postgres:postgres /ssl/server.key \