Infrastructure repository for Dumplings Store
Application code and CI can be found at: https://github.com/po-khmel/dumplings-store
Infrastructure as Code is described in Terraform modules. The infrastructure in Yandex Cloud includes:
- Test VM
- Managed Cluster for Kubernetes
- Object Store S3 buckets for storing
.tfstate
and images - DNS zones and resource records
Links to module READMEs:
Configuration of the test VM, specifically the installation of Docker and Docker Compose, is done through an Ansible playbook that utilises an Ansible role.
Links to READMEs:
backend and frontend serve as the basis for writing Helm charts for the backend and frontend.
cert-manager - TLS certificate manager
service_acc - Kubernetes service account for generating static configuration for CI
Ingress controller NGINX is installed via Helm chart:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx
Charts are available here.
Service is configured to listen on port 8081. HPA scales pods from 1 to 3 in case CPU utilization exceeds 80%. Deployment is updated via RollingUpdate. The backend's Ingress is configured to VUE_APP_API_URL=/api
.
Service is configured to listen on port 80. ConfigMap contains NGINX configuration. Deployment is updated via RollingUpdate. Ingress routes to FQDN.
The .gitlab-ci.yml
file is here.
The pipeline is triggered when a new Docker container is released according to the CI Dumplings repository with a commit message of "prod-deploy"
.
GitLab SAST scans Helm charts and K8s manifests.
A new Helm chart is packaged and stored in the Nexus repository.
Deployment via Helm in Kubernetes triggered manually.
!!! endpoints are unavailable !!!
Grafana [endpoint]
User: view
Password: dashboard
Loki Logs [endpoint]
Kubernetes cluster monitoring (via Prometheus) [endpoint]
App Metrics [endpoint]
Prometheus
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install prometheus prometheus-community/prometheus
kubectl get pods -l "app.kubernetes.io/instance=prometheus"
Trickster
helm repo add tricksterproxy https://helm.tricksterproxy.io
helm repo update
cd ../k8s-manifests/monitoring
helm upgrade --install trickster tricksterproxy/trickster --namespace default -f trickster.yaml
kubectl get pods -l "app=trickster"
Grafana
cd ../k8s-manifests/monitoring
kubectl apply -f grafana.yaml
kubectl get pods -l "app=grafana"
export GRAFANA_IP=$(kubectl get service/grafana -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export GRAFANA_PORT=$(kubectl get service/grafana -o jsonpath='{.spec.ports[0].port}')
echo http://$GRAFANA_IP:$GRAFANA_PORT
Loki
cd ../k8s-manifests/monitoring
helm show values grafana/loki-distributed > loki-distributed-overrides.yaml
helm upgrade --install --values loki-distributed-overrides.yaml loki grafana/loki-distributed
Promtail
helm show values grafana/promtail > promtail-overrides.yaml
### in `promtail-overrides.yaml` change
# clients:
# - url: http://loki-loki-distributed-gateway.default.svc.cluster.local/loki/api/v1/push
helm upgrade --install --values promtail-overrides.yaml promtail grafana/promtail
In the scripts directory, you'll find two scripts:
- A Python script for downloading images.
- A Bash script for uploading images to a bucket.