fulcimen-demo

.github/manifests/fulcimen-load-balancer-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: fulcimen
+  name: web
+spec:
+  selector:
+    app: fulcimen
+  ports:
+    - port: 80
+      targetPort: 3000
+  type: LoadBalancer

.github/manifests/fulcimen-rails-deployment.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: fulcimen
+  name: rails
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fulcimen
+  template:
+    metadata:
+      labels:
+        app: fulcimen
+    spec:
+      containers:
+      - image: docker.pkg.github.com/mlibrary/heliotropium/fulcimen:d56befee705bacbb6306f8bd8bea597f31608636
+        name: heliotropium
+        ports:
+          - containerPort: 3000

.github/workflows/delete-workflow-runs.yaml

@@ -0,0 +1,19 @@
+name: delete-workflow-runs
+on:
+  workflow_dispatch:
+    inputs:
+      days:
+        description: 'Number of days.'
+        required: true
+        default: 90
+
+jobs:
+  del_runs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete workflow runs
+        uses: Mattraks/delete-workflow-runs@main
+        with:
+#          token: ${{ secrets.AUTH_PAT }}
+#          repository: ${{ github.repository }}
+          retain_days: ${{ github.event.inputs.days }}

.github/workflows/deploy-branch-to-testing.yaml → .github/workflows/deploy-branch-image-to-testing.yaml

@@ -1,4 +1,4 @@
-name: deploy-branch-to-testing
+name: deploy-branch-image-to-testing
 
 on: workflow_dispatch
 
@@ -25,8 +25,8 @@ jobs:
           kubectl config set-credentials default --token=`echo ${{ secrets.TOKEN_BASE64 }} | base64 -d`
           kubectl config set-context default --cluster=cluster --user=default --namespace=`echo ${{ secrets.NAMESPACE_BASE64 }} | base64 -d`
           kubectl config use-context default
-      - name: Deploy
-        run: |
           kubectl config view
           kubectl config current-context
-#          kubectl set image deployment web web=docker.pkg.github.com/mlibrary/patron_account/patron_account:${{ steps.tag_check.outputs.tag }}
+      - name: Deploy
+        run: |
+          kubectl set image deployment rails heliotropium=docker.pkg.github.com/mlibrary/heliotropium/fulcimen:d56befee705bacbb6306f8bd8bea597f31608636

.github/workflows/deploy-web-nginx-to-testing.yaml

@@ -0,0 +1,37 @@
+name: deploy-web-nginx-to-testing
+
+on: workflow_dispatch
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: fulcrum-testing
+    steps:
+      - name: GITHUB_SHA
+        run: echo "$GITHUB_SHA"
+      - name: GITHUB_REF
+        run: echo "$GITHUB_REF"
+      - name: SECRETS
+        env:
+          SECRETS: ${{ toJson(secrets) }}
+        run: echo "$SECRETS"
+      - name: Setup Kubectl
+        uses: azure/setup-kubectl@v1
+      - name: Authenticate with kubernetes
+        run: |
+          mkdir -p ${HOME}/.kube/certs/cluster
+          echo ${{ secrets.CA_CRT_BASE64 }} | base64 -d > ${HOME}/.kube/certs/cluster/k8s-ca.crt
+          kubectl config set-cluster cluster --certificate-authority=${HOME}/.kube/certs/cluster/k8s-ca.crt --server=`echo ${{ secrets.SERVER_URL_BASE64 }} | base64 -d`
+          kubectl config set-credentials default --token=`echo ${{ secrets.TOKEN_BASE64 }} | base64 -d`
+          kubectl config set-context default --cluster=cluster --user=default --namespace=`echo ${{ secrets.NAMESPACE_BASE64 }} | base64 -d`
+          kubectl config use-context default
+          kubectl config view
+          kubectl config current-context
+      - name: Deploy
+        run: |
+          kubectl delete deployments --all
+          kubectl delete services --all
+          kubectl delete pods --all
+          kubectl create deployment web --image=nginx --port=80
+          kubectl expose deployment web
+          kubectl set image deployment web nginx=docker.pkg.github.com/mlibrary/heliotropium/nginx:latest

.github/workflows/echo-env-context-to-json.yaml

@@ -5,11 +5,16 @@ on: workflow_dispatch
 jobs:
   echo:
     runs-on: ubuntu-latest
+    environment: fulcrum-testing
     steps:
       - name: GITHUB_SHA
         run: echo "GITHUB_SHA $GITHUB_SHA"
       - name: GITHUB_REF
         run: echo "GITHUB_REF $GITHUB_REF"
+      - name: SECRETS
+        env:
+         SECRETS: ${{ toJson(secrets) }}
+        run: echo "$SECRETS"
       - name: Dump GitHub context
         env:
           GITHUB_CONTEXT: ${{ toJson(github) }}

.github/workflows/package-nginx-image.yaml

@@ -0,0 +1,23 @@
+name: package-nginx-image
+
+on: workflow_dispatch
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Present Working Directory
+        run: pwd
+      - name: Build and Publish
+        uses: craftech-io/package-action@v3.1.0
+        id: url-GPR
+        with:
+          access_token: ${{ secrets.GITHUB_TOKEN }}
+          context: ./nginx
+          dockerfile: ./nginx/Dockerfile.nginx
+          image_name: nginx
+          tags: latest
+      - name: imageURL
+        run: echo ${{ steps.url-GPR.outputs.imageURL }}

Dockerfile

@@ -0,0 +1,62 @@
+#Start with Ruby 2.7.2 Image
+FROM ruby:2.7.2
+
+#Set up variables for creating a user to run the app in the container
+ARG UNAME=app
+ARG UID=1000
+ARG GID=1000
+
+#This is so rails can install properly
+RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \
+  apt-transport-https
+
+#Download node at the preferred version; Download Yarn
+RUN curl -sL https://deb.nodesource.com/setup_12.x | bash -
+RUN curl https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
+
+# Install Node and Vim. Vim is optional, but can be nice to be able to look 
+# to be able to actually look at files in the container.
+RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \
+  nodejs \
+  yarn \
+  vim
+
+#So we can bundle install
+RUN gem install bundler:2.1.4
+
+#Create the group for the user
+RUN groupadd -g ${GID} -o ${UNAME}
+
+#Create the User and assign /app as its home directory
+RUN useradd -m -d /app -u ${UID} -g ${GID} -o -s /bin/bash ${UNAME}
+
+
+#Create a /gems directory; Putting it here makes it easer to create a gems volume.
+RUN mkdir -p /gems && chown ${UID}:${GID} /gems
+
+#Change to that User; Waited until this step because the app user doesn't
+#have the authority to great the /gems directory that was done above.
+USER $UNAME
+
+#Tell bundler to use the /gems directory
+ENV BUNDLE_PATH /gems
+
+#Copy the Gemfile and Gemfile.lock from the Host machine into the /app directory; 
+COPY --chown=${UID}:${GID} Gemfile* /app/
+
+#cd to app
+WORKDIR /app
+
+#Install the Gems. Notice that this is done when only Gemfile and 
+#Gemfile.lock are in the /app directory
+RUN bundle install
+
+#Copy all of the files in the current Host directory into /app
+COPY --chown=${UID}:${GID} . /app
+
+#Set up Placeholder Environment Variables; These will be overwritten
+#by Docker Compose and in production
+
+#Run the application
+CMD ["bin/rails", "s", "-b", "0.0.0.0"]

Dockerfile.noah

@@ -0,0 +1,58 @@
+FROM ruby:2.6
+ARG UNAME=app
+ARG UID=1000
+ARG GID=1000
+ARG APP_HOME=/app
+ARG GEM_HOME=/gems
+
+# Adapted from https://medium.com/hackernoon/preventing-race-conditions-in-docker-781854121ed3
+ENV DOCKERIZE_VERSION=v0.5.0
+RUN wget -O - \
+    https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+    | tar -C /usr/local/bin -xzvf -
+
+RUN wget -q -O- https://dl.yarnpkg.com/debian/pubkey.gpg | \
+  apt-key add - && \
+  echo "deb https://dl.yarnpkg.com/debian/ stable main" > \
+    /etc/apt/sources.list.d/yarn.list && \
+  apt-get update && \
+  apt-get install -yqq --no-install-recommends \
+    apt-transport-https \
+    nodejs \
+    yarn && \
+  rm -rf /var/lib/apt/lists/* /usr/share/doc /usr/share/locale /usr/share/man
+RUN gem install bundler
+
+RUN groupadd -g $GID -o $UNAME
+RUN useradd -m -d /home/app -u $UID -g $GID -o -s /bin/bash $UNAME
+RUN mkdir -p $APP_HOME && chown $UID:$GID $APP_HOME
+RUN mkdir -p $GEM_HOME && chown $UID:$GID $GEM_HOME
+
+ENV BUNDLE_GEMFILE=${APP_HOME}/Gemfile
+ENV BUNDLE_JOBS=2
+ENV BUNDLE_PATH=${GEM_HOME}
+ENV DB_VENDOR=mysql
+ENV DB_ADAPTER=mysql2
+ENV MYSQL_PORT=3306
+ENV MYSQL_HOST=db
+ENV MYSQL_USER=helio
+ENV MYSQL_PASSWORD=helio
+ENV MYSQL_DATABASE=helio
+ENV RAILS_ENV=development
+
+RUN mkdir -p ${APP_HOME} ${BUNDLE_PATH}
+WORKDIR ${APP_HOME}
+
+USER $UNAME
+COPY --chown=$UID:$GID Gemfile* ${APP_HOME}/
+RUN bundle install
+
+# Note that docker-compose.yml mounts /app/node_modules like the gem cache
+COPY --chown=$UID:$GID package.json yarn.lock ${APP_HOME}/
+RUN yarn install --check-files
+
+COPY --chown=$UID:$GID . ${APP_HOME}
+
+CMD dockerize -wait tcp://${MYSQL_HOST}:${MYSQL_PORT} -timeout 5m && \
+  bundle exec rake db:migrate && \
+  bundle exec rails server --binding 0.0.0.0 --port 3000

k8s/fulcimen-demo/apply.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+kubectl apply -f fulcimen-demo-namespace.yaml
+#kubectl apply -f fulcimen-demo-resource-quota.yaml
+kubectl apply -f mysql-external-name-service.yaml
+kubectl apply -f mysql-client-alpine-pod.yaml
+kubectl apply -f fulcimen-deployment.yaml
+kubectl apply -f fulcimen-node-port-service.yaml

k8s/fulcimen-demo/delete.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+kubectl delete -f fulcimen-node-port-service.yaml
+kubectl delete -f fulcimen-deployment.yaml
+kubectl delete -f mysql-client-alpine-pod.yaml
+kubectl delete -f mysql-external-name-service.yaml
+#kubectl delete -f fulcimen-demo-resource-quota.yaml
+kubectl delete -f fulcimen-demo-namespace.yaml

k8s/fulcimen-demo/fulcimen-demo-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: fulcimen-demo

k8s/fulcimen-demo/fulcimen-demo-resource-quota.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: fulcimen-demo
+  namespace: fulcimen-demo
+spec:
+  hard:
+    requests.cpu: "4"
+    requests.memory: 8Gi
+    limits.cpu: "8"
+    limits.memory: 16Gi

k8s/fulcimen-demo/fulcimen-deployment.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: fulcimen
+  name: fulcimen-deployment
+  namespace: fulcimen-demo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fulcimen
+  template:
+    metadata:
+      annotations:
+        imageregistry: "https://hub.docker.com/"
+      labels:
+        app: fulcimen
+    spec:
+      containers:
+        - name: heliotropium
+          image: gkostin1966/heliotropium:0.0.1
+          env:
+            - name: DATABASE_URL
+              value: "mysql2://mysql/heliotropium_development"
+          ports:
+            - containerPort: 3000
+#          resources:
+#            limits:
+#              memory: "2Gi"
+#              cpu: "1000m"
+#            requests:
+#              memory: "1Gi"
+#              cpu: "500m"

k8s/fulcimen-demo/fulcimen-node-port-service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: fulcimen
+  name: fulcimen-node-port
+  namespace: fulcimen-demo
+spec:
+  ports:
+    - nodePort: 30000 # externally exposed port e.g. localhost:30080
+      port: 3000      # static node port (virtual or physical machine) e.g. docker-desktop
+      protocol: TCP
+      targetPort: 3000  # container port e.g. deployment/fulcimen
+  selector:
+    app: fulcimen
+  type: NodePort