diff --git a/.gitignore b/.gitignore index 89a96a08..06c1003f 100644 --- a/.gitignore +++ b/.gitignore @@ -261,3 +261,5 @@ config.cnf # End of https://www.gitignore.io/api/visualstudiocode docker-compose.yml + +___* diff --git a/deployment/.gitignore b/deployment/.gitignore new file mode 100644 index 00000000..d37e42ce --- /dev/null +++ b/deployment/.gitignore @@ -0,0 +1 @@ +**/secret.yaml \ No newline at end of file diff --git a/deployment/README.md b/deployment/README.md new file mode 100644 index 00000000..6a48e38c --- /dev/null +++ b/deployment/README.md @@ -0,0 +1,29 @@ +# Deployment Resource Definitions for Taxi Backend Service + +### directories +``` +├── README.md +├── base +│ ├── kustomization.yaml +│ └── server +│ ├── configmap.yaml +│ ├── deployment.yaml +│ ├── ingress.yaml +│ ├── sealed-secret.yaml +│ ├── secret-template.yaml +│ ├── secret.yaml +│ └── service.yaml +└── overlays + └── dev + └── kustomization.yaml +``` + +*under base folder* +- shared resource definitions for all environments + +*under overlay folder* +- environment specific settings +- you can add more environments + +### Using kubeseal +[Document Notion Link](https://www.notion.so/sparcs/K8S-Sealed-Secret-kubeseal-c3e315e429c442bebf8998b048404e17) [sparcs only] \ No newline at end of file diff --git a/deployment/base/celery/deployment.yaml b/deployment/base/celery/deployment.yaml new file mode 100644 index 00000000..07ec775b --- /dev/null +++ b/deployment/base/celery/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ara-celery + labels: + app: ara-celery +spec: + replicas: 1 + selector: + matchLabels: + app: ara-celery + template: + metadata: + labels: + app: ara-celery + spec: + containers: + - name: ara-celery + image: 666583083672.dkr.ecr.ap-northeast-2.amazonaws.com/newara:v3.4.1 + command: ["/newara/www/.docker/run-celery.sh"] diff --git a/deployment/base/kustomization.yaml b/deployment/base/kustomization.yaml new file mode 100644 index 00000000..7a9c7e63 --- /dev/null +++ b/deployment/base/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./server/deployment.yaml +- ./server/configmap.yaml +- ./server/service.yaml +- ./server/ingress.yaml +- ./server/sealed-secret.yaml +- ./redis/deployment.yaml +- ./redis/service.yaml +- ./celery/deployment.yaml \ No newline at end of file diff --git a/deployment/base/redis/deployment.yaml b/deployment/base/redis/deployment.yaml new file mode 100644 index 00000000..691aac24 --- /dev/null +++ b/deployment/base/redis/deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ara-redis + labels: + app: ara-redis +spec: + replicas: 1 + selector: + matchLabels: + app: ara-redis + template: + metadata: + labels: + app: ara-redis + spec: + containers: + - name: ara-redis + image: redis:6-alpine + ports: + - containerPort: 6379 + name: ara-redis-port \ No newline at end of file diff --git a/deployment/base/redis/service.yaml b/deployment/base/redis/service.yaml new file mode 100644 index 00000000..c77cd774 --- /dev/null +++ b/deployment/base/redis/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ara-redis-service +spec: + selector: + app: ara-redis + ports: + - name: ara-redis-service-port + protocol: TCP + port: 6379 + targetPort: ara-redis-port diff --git a/deployment/base/server/configmap.yaml b/deployment/base/server/configmap.yaml new file mode 100644 index 00000000..d645f8ad --- /dev/null +++ b/deployment/base/server/configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ara-env +data: + SSO_CLIENT_ID: "newara" + DJANGO_ENV: "development" + C_FORCE_ROOT: "true" + AWS_BUCKET_NAME: "sparcs-newara" + AWS_BUCKET_NAME_STATIC: "sparcs-newara-static" + AWS_ACCESS_KEY_ID: "AKIAZWM3SVKMLLZANWPC" diff --git a/deployment/base/server/deployment.yaml b/deployment/base/server/deployment.yaml new file mode 100644 index 00000000..012931b4 --- /dev/null +++ b/deployment/base/server/deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ara-server + labels: + app: ara-server +spec: + replicas: 2 + selector: + matchLabels: + app: ara-server + template: + metadata: + labels: + app: ara-server + spec: + containers: + - name: ara-server + image: 666583083672.dkr.ecr.ap-northeast-2.amazonaws.com/newara:v3.4.1 + command: ["/newara/www/.docker/run.sh"] + ports: + - containerPort: 9000 + envFrom: + - secretRef: + name: ara-secret + env: + - name: SSO_CLIENT_ID + valueFrom: + configMapKeyRef: + name: ara-env + key: SSO_CLIENT_ID + - name: DJANGO_ENV + valueFrom: + configMapKeyRef: + name: ara-env + key: DJANGO_ENV + - name: AWS_BUCKET_NAME + valueFrom: + configMapKeyRef: + name: ara-env + key: AWS_BUCKET_NAME + - name: AWS_BUCKET_NAME_STATIC + valueFrom: + configMapKeyRef: + name: ara-env + key: AWS_BUCKET_NAME_STATIC + - name: AWS_ACCESS_KEY_ID + valueFrom: + configMapKeyRef: + name: ara-env + key: AWS_ACCESS_KEY_ID + - name: NEWARA_REDIS_ADDRESS + value: "ara-redis-service" diff --git a/deployment/base/server/ingress.yaml b/deployment/base/server/ingress.yaml new file mode 100644 index 00000000..9beb8081 --- /dev/null +++ b/deployment/base/server/ingress.yaml @@ -0,0 +1,35 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/healthcheck-path: /api/status + alb.ingress.kubernetes.io/target-type: 'instance' + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:666583083672:certificate/2f5020e0-01dd-43dd-aa7e-0699015d6b89 + alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-2016-08 + alb.ingress.kubernetes.io/group.name: sparcs-prod-external + name: ara-ingress + namespace: ara + finalizers: + - ingress.k8s.aws/resources + labels: + app: ara-ingress +spec: + ingressClassName: alb + rules: + - host: ara-api.sparcs.org + http: + paths: + - path: / + backend: + service: + name: ara-svc + port: + number: 9000 + pathType: Prefix + tls: + - hosts: + - ara-api.sparcs.org diff --git a/deployment/base/server/sealed-secret.yaml b/deployment/base/server/sealed-secret.yaml new file mode 100644 index 00000000..6eaabd38 --- /dev/null +++ b/deployment/base/server/sealed-secret.yaml @@ -0,0 +1,36 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "ara-secret", + "namespace": "ara", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "ara-secret", + "namespace": "ara", + "creationTimestamp": null + }, + "type": "Opaque", + "data": null + }, + "encryptedData": { + "AWS_SECRET_ACCESS_KEY": "AgCWN1xPH4o5K6w2xelYuV4TH5etLtpvAq6JskUwhSpxfosoxscclX6DiHDU3BF8ZnY/0BxrqaZsRERlYfueSOIKqfOkWyZ6iDK1q6oIlckuzEwFU3tmyMp7GD38zG3iFaKY8U/Vggy68yxFWmM83o3I39XEoCe2/4Il5lKyq430pjjjSARa/gf+Q+rMc9aEFar7bzCiupHzp0zSujJNMahKcB0wcpalOzXYfJHmioe4ChA3OAtBfOjWSfOzGAd3jQwwRCKdpR5BTwMRMI68ZtKghiWQGNwXdZxzmxT9sZIAgVaVgq2GmZL2bT1NVIhN0jg3PECL8oKRP2PngkHO4V+fXbPiUeULdhflZw66VqppEiIeCD/YmnG4YEOs0HhuqqdU8vA3/w04bJrIUN9nAlRt2xLf7RdSQJNy2Jvg7yuzIXHtCSWJYrxa10FHKGnclSByVjCCzteMq1RJVTbn/HWKmxK5K938x/rK89dYKXYgXOTwCHR+7MmbxdYI4DWbrxzUQvOPwHX6UbogeVV2txMGDNdBJwA9fKk9nhbR8YlbX+R7+seQjoAIKlgI2IMN7HteyNdI5CYmT193I2raBw8/xpN2MjvDEB67QE4TbEeDj+YsSIT5dTwRRr66MwnvPzCsqhLaEkdB1SI8Wd0DU45ncfewjVJcBa2zlhqe+YUtP3ue6A9IQWa+MntQ6S35uWsYpVGFGfkP2a4drHh4WduM2lPcRaB9O4/q0nJa540skE15UjqLvE/4", + "HASH_SECRET_VALUE": "AgAJ8RAubzaELTHkQ45Vt7BFyGR1LEolMhKfBkZxTPTsHFGYT9taG/Ia2bVHAWk7GQd8TwjduQL9+Oi3m4efmZZx5UrSOhXy+GsbC0NwTWqvXiR/sn6kFjebfAXGVn9hN6pteixCFYCdhgTp/KIDle9QEd+SFvY7kfW7M1ZMLb6msy1ovxYq4+BnVirVMxiw0m9YbT0n0MZtW+TMDz1+raXrDXfC8yDKR/PO859yJPOPnDRgGNbOSHk+sAXfR5VkHlSWQBJaZs1X0V/JgdHyStJx6AkAutz0JQIYGsVmDDXD/X9KdZyss1wdAkA3l7Qk5pHZj18z8TSlbJzN3sCh0QpxDRNPHv7MxMV8u5BVAZVOehssSjM81OjWBIkTut5oL7+X6Gw5LlWZPakYvQc+2iVRXEJY0IqIpuMwNZqJ2Y6PqRoon+vwgGniK2iWMCijO8B4fKRgETRz1+VOaUEWdkWhF267l73oIqHIIa+ScGKjdejJYnOVLGVGBaBNG9SELA3pXoqEEvUR24y5di8WzNxI3BlLGnsKihjoPcNZtnKjlZlxjs5Bu5sG4UWPBW2tcMNQ7368AAFvymocIP5h8s0v+N9fOcefQ08UEkSv4T7H0SfxYBfw71pPmacXgbZTMT+JlwmKvVvHKMSKLH/gRbAdAuwtasTl4forqsZm66s3+0wXRtS1+Y0lb2RbvF6YaLVowwWVFQZWrLXd4HlQ6A==", + "NEWARA_DB_HOST": "AgALbh/Ovn0Px+gBbIBLJcCgsg2aGBM2tIHJD9kz6XaDf4O9N844IjUOlkao02ti+vnx28t1KBPX4EdnA8Wp51U8c8MgsOa3CIr5sjcXzz66LbNfgtXQ367A8BXeJZoZmhBDZFXT60Ty5h2yU67ub39DC5/SAMEIb+9z5MdA/dPwtwMfeeeTLSujPsBBjJWdQ/oc2vyQRAhFBNJJgScFt9H2SaZv43H/mVQ5mb+i5YukX1uZnV7wUL5ETRrikf2UZdSm4XwDehLrH9vXJG+siIVcFia5FysAMobcPg2IZ416idZuuTk6P6sRCVY/hOP23ziVgJHsPSFuNq2mU3ZSJaTg46MNXuJ1v8NEZnDOE0K9X742s/2WtEt5Az1sk8yqoqhSxC27HjstX8bgqwt/zS8ItoHFsi114YAulQcLrretdnmQeHZsSnTzweDm6oM/FLISzGxjcqTPwlMXW2ULX4csR394FXXZEMKvpitVEOobfpzwvwthdEivkCIuIdUgVfbyqbijMVjJBT7bCQsA6aWcL0VfRAADM+2Ifxs5yXwxJYNEL1y5e4kGDNYTFDHkWkO7NMMCMN+babYsOd5+nMVjsv8HghdXDtp0CRXqCyAKg6EJ7mmn7JQDzo1A6OLwPGsJWvcXhaJkXnK6wJsdhoJ08RR03hlxRDnsYFcWoFSI544VJUVqYBztuz2PM4cGEKgh1Tdm2RoXMm9ofImuUsrVOq0KjDhIuskzI3OF4Em4lMgSA6t6+5u3euo7mKkNruqWCx36gLMJDEY=", + "NEWARA_DB_NAME": "AgDHhqVMmrgW1GAqZbcOihK/0YuIJmNwCYBfTtl3cQnmlPgK7vas8vossE0RDMdbVO8QZsX992RmxQHUestyNKWaHAGZ6jyIkSGhbSom2QxlxW7CLSuUPdKBlX8a3m9/PMlABZw1B/UCUAPUNZ2zjQrdB8V9t/Yde6dnENtJPPUJbTw7VFZfG+AXD+i5wGNajAAzho4staZ1njL2vzDNQ1b7gCDrBFjeY9WDAIoq6k0uqTqn7mU1pnVQoKn/OErxhc/8elxr1w4RWpuhNeMHTrKYoJ3Uaykxm2lNLcoi9qx2kZLDZ/m49FU97TeZyuOV8oAbBKQV1DzME4G67U95gEn6e9MQ3jCMj5145V/b9W8m1UNeUD2TyKQdoewcShWkyl3ToIdd3ecNZFsChuJpQcn9xcD0QxyMuVjpFnqgejUjFKGaM9Hi3w6EISvw92aCqWqVOsfkg3RA8ZFuqSLSjkmXcu8dHfAkqec5chzFjQIxjbcxuKgTf7wQVwd+Gx77kOgI5mcCu6QJY6LSU0/j/kpfFUQvWiIAHN94YLi6MbiQNXOXL22V7l/XqB9786b32UV8f2zb2sensXr8btWnVkj68lfAwANnGAJhpqqS09C9HNae4f61QE3ZcPn9k9vxJ8qEMmqyDn17IdV5vSW0371JuRCwtvGQsgP3az+OUTuc2eO8MWHgJWKnNoKLxis4QD2ufwLbKvY8", + "NEWARA_DB_PASSWORD": "AgALKbbvv1ajZKvKTKwkwd/7QzLg7xx93jFsNterGJpZydPnI2AbCHn+V608WrTBbk1DeMaUUgAvW/9r1YvicGVlrK/C1CzL4GL/pJCbIui9dH7hWEYKoEXIh5vEraCqhdeP/Hzyz/K5SJgBuqQmT3B6gP44wQx5pkLGUMmFWb2rCUoXorKAmSplcScZ9N3yOVSAy0ab7n1HGukfh4ZpQ1mW9nmKNQoTQDaUaG1WDot66pNr+HXb+7Xf3q56fC2PIzR+6Bwg7tgrn2i5huifTu/q9Ymq02uDFvXA8g12ykpLMxWU9GBVf5oD4BoWCAvaAggXthPuHFi5arDHDST+wqyfaNuZ3HTG3T+DXIU8AnS23QtFmRDxnfAxsf2VgAljRjc5oYQivgSlQSalqE0j6poOPRPoQa7kklB+1ZnzFOssSKIahV8cASuLzp5rluI0XCz0H+kLSbevFsWq3v/dWvXOiXBzLpELyR+kAgFyoB7hVCUhUaLx2LyTgdCbX4U0JbVI/r3RRuMG2nWS+Ybx+gEMHqFtSVAR1n+kc2KSyLBD+8ywad5jsoiXQW/GndpuxUbvzwuxPW9T8rgDiMA96HnbkGVwOM//U8cO2hppdAVAcM3anxNHn25vXxolsaJ5tuP3Whj6jPSbo9rx3eWe4u8DBA6P8WRwjxFuujd/+4c60otgCscHnPEGUxaIZWh23tdJmkzTn6goIIss3UKmQ7na", + "NEWARA_DB_PORT": "AgDIEL4yqqxMmBGT/Cm/8lHh+vu13TSPVWQuQXmTkNIJeqsEtKo60Xvz/rCaPURD8A+BfDLTlunQ/Jz2LcnIdzv8ExgzsrUY3VfhTzIl01kK1/wet4LtdK1akfpbl3QCu1teSE+1K+VE+JwBN54cW376ENnmkPWPXq7qv456q2sIXVqrcVVFRbqZuDXYiazGNMGkunzBWblnnHkpcqs1GMB63dnpPPBhAKRsPHE2H0wqN305hBngP/hqTxsUhnJdTYUO9ayFys8Zqw+lB23mQHtZ4GqekLhzitU+P0400JD1THyJ7k+DXbXQTJv2Wkxltgyulm5vNkUeYZu37NDkK7KmjJKw97NkQ8XvcXQkMrg+XfRcV8qR73QyM4ax0kqjgEswv/DJwp+W7Y+QbrF4pBEU8au1+Vjwv3ofK5w6MAcVH1qdThjVnCHGg0zPTl1yoKWiKojhC97fjED5xUo1iUCM29g2tzqOO7a6VZwF1o5AMdfcGCe/A8AzSluKq5M1pY2+cxodLJMgki1JFPpxO+jEhFkHEuk+ZEMG7K2DnLTO7UI0kzkFh9CVS0Fr9/sLirmHhZElyXvEZOHwK01aULa6XJbBv6mlxWEHst7bTVHKC7RjvWZTQGRS9F+3ik4+MT3gv3uWnkjeK1Ph/w1OGNyxOZ3Fenygtr9Qu/hYt6MvNuSrELnYkFTVM6iW2yYwr3LJfwgL", + "NEWARA_DB_USER": "AgAv/ofholkivY1XE6Vg6l8EaFE7+P+UvtD+RDHgGXwJfwx4ErWSHf9UtD5b0cryj2t4jryKWxGNv1HcZNjjDj2+lK0khNZf5RWvniG3A4R3EJ5lljAnxPLJE8NC8xCTZK/6ww8q7b6x1dzrnOeWLgyMpLef9unS4b+Zcq9hyWEbduJ+0dQaQ45vIzdlvdduztIe8f4CekN7qK+xYV7Npn8BBXWyJX9tZLIXWVBz0DukOyKHQmsWcZjLbYY2XwhMvf1Tjai71dZDeTC70fTuVapmO+fRFg94pE94lDmClSGQAcDe2DJFDWhzDbPFMDZ9g+Sq+0EsAzfV/kp4x3mdnW1wKatEaJ+Wh3kSpUa4ppM4vaUGMSHuia0FU54Hpl7uP3DBjHQ9cIqY9XCYubHNeP0O2gAUXpUEUc8+B4GLQ13vlB/k8224gZZLSHtBLxsaufA/eHnOCmRxkKEEdIyJYnnCxhOVWAeP+E7GdgAWowhPgh6SVg6V19dH/+9DOADDpBV1ZhaJ0jR+XVCRMnftLZKuazW8F8mnBkod+KQ0Wp/KjT+R/GEr4LRPhFxADuQxSwMXph3byB4Y9dOne5+2kNpjJY5Vk9jOvwh3bUzVffXo9p4vgYG2eTA54jz80p0L5BIvwoP6sBUB5O5I0UmJ4gqDTCfBULh/nTcoo1OT/9aehRAnjmPcoHso7iN4azrQ2IHKis4K", + "NEWARA_ELASTICSEARCH_HOST": "AgCTSdS+BGrNe1vwJIbVGkye1x4baOtezr6ymqVan64wgNKYZTMxI4yCl1U9WBYPTW1MKJwF8fSC5ZRVMaLm/luf5mwsU0VBbMbRo5hWFGcvFlmCSOBjVizqkmFq60K/DmHiQEOn3devdnBu3uRcmDlzAyWP7wMrTgyp8dy0lLwjEDz7UeP/eOo3aoAxsUDkw198qV5o4MvMetom+G/xzCpwXJK6SppsMs6ZB/Bgt8BoAWw47pIAixHBSderPYB7VCB6hXGvVrwBCKPyxAi42L1rdXLChcMAm9NFsogvhmj5ezP3qLfwNlGs1bXNmhFyAZoGry0HrQs+X6KoIjMoZiFURhMX9tCTVgdNaHge+eT5ESWF+Rk0+uNmkkZL7T05c0NO66XRMJ8UAlxED5Ikiee2DQamRR+4T0sgXWTtkhHUYyLG3xYXIS58gY6D1KTPBzRn2/vYTwMn5ATaYArKzoR4c6/V3v9LA5/Q1FzgNu4DUowJfEJMw6sbSMsNHSoQgUpR++hP4gqGuQh33FO1lxL6eGFHx9Xd9s0oph6Nntr/WONVDnviBfN7vSYWK208hHsDZxQl99ee19+8CRIlLupMgMuJGxFbWTML8SV27IjgvOubbqMZMqOPyRRFp/0pM0TeT1o/6MnHcpvZcOoXp/mxJZPJxf0ar/DMJR40rL4w508gJEntDsORcgyK2/PVBm6VMIFjuvxR10ptqG+KmvWPbiv+NO1R", + "NEWARA_ELASTICSEARCH_PORT": "AgAMS27fze9Nd14jt1lYxZHuIVpn7/QSXwFTom6ZoixzZ+L7pOEysqhGlbFanIssdNw6hlV1piPYjZoV5lrdBUvKqHrHGAkoYfgAFOz3E+DabzKXrAkQjr2V8UiCLSc0hNT9GHZiriR+l4G6Aj7DOwtTsjIs4B3UTA/JWlFnXnL/B0eMFp8QDF774PfS69wLNTZiId1audKmipUjb6GVrm9g6rKICtLLZNCpt8HwXSTYu3tVAnBCZpx2o7vk8EkErpe2x2TexwmwPiWo5pQXEJwxiyCW9yPBrViJPDaWt+9OjvJ0RTRCsy/D1Ev4SNhU9QMFT0jQDQdKPiKF/gx4DxrAyebTA+nnuduESUa3YULSjQR19uy2dz3HuXwq/K86JOAOpnjRD8cpSRKX9bF+nzElaHy3JrJzohnrPZx4/ARFFDzXvLxFB+tPZMLt81HQKLsIaiH4iFZ67y7gNqygx/id61GqkUCJf4J+zLWcZ2qsmv4DE6aQsGpPNTIw7o6Gjep7GsiPdSWCedmkFBaazBCrk8Thne875zDTcNpyI7D5o5D0s6F7hTZ86iFFW6P9GCMFEmuBXZbtd46RL5xqgCnwYZ4yqcZ13UkGR4WP0WiIjoXQ8C3p5c/GQ7uDsECaTnGxnlMJCfJQoRDzY+uK/Lg0CGgVIrj8W96fNc6raJH2J/OPC4Aqfs1wnmtM7zgtgbOnHPUUWg==", + "NEWARA_ELASTICSEARCH_URL": "AgCVwXoNSfim9V5uuABPq3mQ2sgArhToQnbqNiWJ8LcxucwkvDlHHMKQV+2EaSoUuldveU8CSOUCNRJfUSPnXLTYhmNNp52pWp9ZI5SmUpCpvH3UkfI799+eInrTxYbp4WK5mPNgEOIWPqs+CF6v4KlEI+5gITO9Staon7TyD62605IdOsn8a6OL+NRcqVI6p3PVWxt6SRf+hmaTmGP42HyPDTHUKG37nDtwR5higFF7kN3IIuNeMBEIwLbb7qNT6fZ8FhS12WQrPBaoE97zTxRjJW+KN14sLel1R1lFkjzo9BIFqHluiLZSVeHOSWqyMl2k+Hz1ziOMLhQE+LnKlM+gpW0WEh2Aie89FlhxwLQZPWioLqgzV/WVc7+3cHJTS0frau6HzmCuYDmgb03xcQ3f3m8LBDcDij1s6KqwK7COtSzykOl3zcS5g8NPl9e1DPirzjmWXJednbGl6sqJefj+z6cgqXuMTYQq79FTrDzUmHzOOmf+jCLXFD3RZA0B9/wYCpR3JvlShKakSm851/8TZV50y66V5pv5fXm9CfdNPJ9dwRoyUMVZlGhY9c5AObv/3K7+kkncBNuN7kkSWc1LhQvQrkE61Eutsa5Yb1G1G6bO5O2vU1/Cr9DPxK2P2cezn3KmL3PmZ273y0+SBS9FXPYIDXcwCJUp+0OnrQfnG42JnjqdxyZHjqPOMxN+NQDMvqZEum+3QOiKEaUY4MQzRkb0DNIWQT2wSMp223905DsJBCzvr6RRHOQyjRM8jJ9navgntvCk1n+opg+k3N44pg==", + "PORTAL_JSESSIONID": "AgABJrbBlLlb2m7cJ3CMjgU+nQwjEIbT+zmUMdFkLSzPKU5CfW0PjleDQeXAdeLK7rvExB9JEegmjc3Ffcc3q8b3oDxWJOfPMWupUTRc5igXuhbPSlaZhs1c+mOENco4qsb9wue8oWYYkxXwRhX7VG6YEdimYSemAxf39LLsNLNWDJuKq6Srs0WD8gwfvS8QOnx7p0O056OOUalbOH6oDR07uo7dgjMsojET/pTPuos09KbiXE8bh+zIGr7VKrzxRn3uxn5xWQh0pD1qHfF5lWr1y3ZPfuKpwvgltRwPvBAa3BRrgrl7yObBTlx/TLrKkiIygA8/lhkEZhilVlVDbL4PB22LVCLSXveOHFWrkRskJYajtiJN3uqHo+SCntAYnqZApDYj7FKHQ4MRmpW1gVxZFudnp0Pea5tNc3aQJ8WrWUvJwU62+dZ8ge+QkdZEHK0A/T1umB9wGbjQV5J4+ea6glKMx3fxrwMpppzpYweympfGkbBVHKV3k44UPEMLCiwzeDAwVpLeBcqVWj5yfPL5rcYjebZ9x3LHAIdpyow8nTD2C+pyqHnYX9+Q3fIPQjhN9lH23waopCLPvZ99aQ6nikl7bFkx9/k1pV+SeQEVpiDPQVgb7soiyn65seYW+lojdNMO6whLeSGfujVdECiQ81ZFcttE0O2lGIagVwRbWwOjW9NwxTId/X+e8vaCm5SqdRHZR7yZqBlRU1mm1sgAj22HpKnDz9G6GscvigRuleLlGqjgVH88H3fSn+1ZTkFn9XNSvm6gyMoZE5WD5d6Ezyox8db8xOVIq1Lle6gu3EjkG2xr", + "SECRET_KEY": "AgBXZjPGHiDmj8qEXfFKtdZbQYyFPguchnLKxuLvEmSPUS4vWG3t76A14t4WtzB0tUx0BBWrNSmCrGeHYBj3hHZoOl8w5nTNn1bnleztswYAYY1uDDumvvp2IDRphua5rpcIGGPxBG6m/MQpxetxUkboyy3+CdBFQiQH/3AET8sXy33vaBedRg+bbZCdiq3meP7DYL95b3tbaEAh3d/NJ/Hua65n66aN6eFPqHC81QBRxg8KBt/HqNHIAGvvzPvYvpqy8XF8VT+ILspO2to6RUV0ePcy9JHTBSVVoZhRGeJ67ew2J44KnAdyxWgswNml8hqgeZqYf8DeGIvIANHoVvdyd0NkwwD7VD6gGEzowxlBTnpFJuMBQoiyzuhAmeDqVboQ0g5Yf/W7A3qXByVo+xmE5u46k5cslMKJkyR8rzc291nRzTDlSihqrV2JVC24VmUJ7PfNmGE3eC1tgaEujGLAGmBKYaVcQ1Tqs+LRzMy2m1K85U/YbhkCp0mchx1x8FCpN1YR5d3iam3G0OGVQaDR2JD6uX/pzAu3vbSSQkyma2V7iyik6hQ9nq4LMP1B5jry2SAiuSU7X3KiolPEVr0zF/j1cMK2Gax4rGlv475Co1ZEUPOD3uDLhuDdTT9LVzF1JZJa79BvLj9TDYGGVw7K70CNBvvEVouXvN+wvqqEGyvUY/Un1iPTn2HW6QcFgIhByLR8aKKUE9Cexcb52FtncjwE8G9K4WN/PsE4gvmeH56rY/y5rpT5ulcmkTFnDw==", + "SENTRY_DSN": "AgDBVoSPx6HAhoEXigJ0wvYsB540qqPV9BmIfZ/d8IKjJYXbBlRCn8M47fte6wnzTyCRQ3dCfS8OeDiL+9cGyA8dG91CnqUSuTAgffkn+zQ0i1a5zmKY/FeN6l3dcxS7oQkCWtfb4UO4VqCbYoOjd54K0Pi2pDygRlVDtBqaB96PCGxqbnvst/IKyUVivIoSPXEE8f7147jNnXJJ9NUNxM8qA3I6iVaEneO+T4UdMlKZQgVnX3I9K6B76VyRwKSKkqBaPKt70Bt+w0kg2v/z1JdNdxsDTUFVj9tys2f6UTPafIFkYUIJLNHpetjym2ZvN4xbxPxHqNXKgTk4wzDE6z6XkuvXog4+/BXZxxp/hqOWBTHVTlhbO28BykiO3w2GuEBipDxo5cQWExkPFzGuXaxOVsmIA2ygskFwaYsdQi7oFH6Rlghok44ufCIgBa7pNQQgH5JkGWxbL1VpEknnCbUPk4QthMpzv/yRS5w96jSPuk0XntirBjpx702h02lT5kALEouYPCNotNYS3iwGRL4PRxIlaN2HyvPHajodvbxpvSvYZJuEToiGhYKqzT14uSvJc2PEkNsV0XXUlKfiIm3N8rDL33qjbhYwq8LLkVs3Y+BG8JjvI9UBnK4yFsz1A7xjwGLLPW11DvNMhNAYYHzSeyiEHr0CO21ax99FOvjdG4NDiUdadOg7zCYglmCBXtxgy51Aql8q8msrCeGJglR/tCZok9fGqTx6WAD6MAsY3X3uq20LHkuxqy+2UpXJJ4GR71dQithBB9KJfotIYQAIldIIQO+TW+Om", + "SSO_SECRET_KEY": "AgCxHNCujVKVTEH+02kqcDQGptLh5HDpSjbbLyi2ww1KNUewUXTjTHTdgSUa/xbNFBj+ALnL+LiVs2dr6Gr9VakFMcTSf1Tgrev3LrvSHdJc8WY1LN7BM92tFsDWEJv5eBqpxgX3HGD4jt7lKlUNlGPiVfTY2pgKsXRNYxQB3noeVW4yCGF4JAYoZ5mHPNUU1Mw/yqlxrqA/ptoAkFJKEuCYURpEzj9WfDFB00uYNPlAAkWubH9yqvBlABJnfmIIOrH0XlJ93ZnSND9A+Y430OCVjGrXcucgo5IkGLUxJ63HqvJv9fIzel0/UMyH3uo6f5X7mSUaBXHxKYNDReXL4t2+XKwsDtAgBeL6uallcdKKeLNxNtxgR0cBuQgpHF6mhaoKA3p4ynFAYD/jZ16warh60E05Nw8iB14o1XzZcCpoIaGRsdTGsXtXN23yvpAu/1opcdV7PBfStq9G6Wiqo4kV/ECl9/nC+McAl6S3e+kwSR8VNyqgqKeUpz5zaGcDD7WTa7MDduNU69WGz22U3EU3ex3WFbevCQ9cEUnOOAnfKFFXUTP778XD7nwWdIjNhxJwRgPwq0Nlly8F5Ysj8c8o/BuzSqVyH6yqbuTvwa0KKq5pzsqojOTbI3HOaTSqq4lastxToFnXFBTLjSWSZY13KqIYYiFopSHyBMNwAFZU/U+W+atSjjIths0Mx3zvH6wV2drnLrmIqkuFmYyMAZBs/LTkWnRbxz1ozZZdpwstnqrqqMmNACVylSdxmdvjrLciabK5CnhSWnhR1V390W3z/Dm+u2W8GdThL6Z4En+Vug==" + } + } +} diff --git a/deployment/base/server/secret-template.yaml b/deployment/base/server/secret-template.yaml new file mode 100644 index 00000000..bdd3b324 --- /dev/null +++ b/deployment/base/server/secret-template.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ara-secret + namespace: ara +type: Opaque +data: + AWS_SECRET_ACCESS_KEY: base64encoded + SENTRY_DSN: base64encoded + SECRET_KEY: base64encoded + HASH_SECRET_VALUE: base64encoded + NEWARA_DB_USER: base64encoded + NEWARA_DB_PASSWORD: base64encoded + NEWARA_ELASTICSEARCH_URL: base64encoded + PORTAL_JSESSIONID: base64encoded + SSO_SECRET_KEY: base64encoded diff --git a/deployment/base/server/service.yaml b/deployment/base/server/service.yaml new file mode 100644 index 00000000..66ae1cf1 --- /dev/null +++ b/deployment/base/server/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ara-svc +spec: + type: NodePort + selector: + app: ara-server + ports: + - protocol: TCP + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/deployment/overlays/dev/kustomization.yaml b/deployment/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..6a2ddba1 --- /dev/null +++ b/deployment/overlays/dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: 666583083672.dkr.ecr.ap-northeast-2.amazonaws.com/newara + newTag: v3.0.1 +resources: +- ../../base