/
Pulumi.yaml
229 lines (214 loc) · 8.46 KB
/
Pulumi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
# Azure
# -----
# az login --use-device-code
# az aks get-credentials --name tebi-prod-cluster --resource-group tebi-production
# export ECDH_PRIVATE_KEY=$(openssl pkcs8 -topk8 -nocrypt -in cloak-pulumi.enc.pem)
# cloak pulumi login
# pulumi stack select azure
# pulumi up
# Digital Ocean
# -------------
# export ECDH_PRIVATE_KEY=$(openssl pkcs8 -topk8 -nocrypt -in cloak-pulumi.enc.pem)
# cloak pulumi login
# cloak doctl auth init
# doctl kubernetes cluster kubeconfig save onchain-k8s-af1ef23
# pulumi stack select digital-ocean
# pulumi up
name: trace
description: Trace Infrastructure as Code
runtime: yaml
variables:
appLabels:
app: app
envoyLabels:
app: envoy
authLabels:
app: auth
version: 1.2.0
hash-skytrace: sha256:80d608129bda0c00ed67f2fbed724770c28496be9f285034812071e3b793f179
hash-skytrace-envoy: sha256:57c59478f76f9e2f4c92a50179dc37918d69846522537e09a334b1fcf466545e
hash-skytrace-migrations: sha256:44e64d9244487a56b059ad8eb19bfc7f2afabccfa6171b368b6008a9222605d7
hash-skytrace-space-track-feed: sha256:f48307aeac1f74b4aa502f5c45c0f4862f02411c7e40a7fd84b288a9beec85c2
trace-db-migrations: ghcr.io/purton-tech/skytrace-migrations:${version}@${hash-skytrace-migrations}
trace-envoy: ghcr.io/purton-tech/skytrace-envoy:${version}@${hash-skytrace-envoy}
trace-server: ghcr.io/purton-tech/skytrace:${version}@${hash-skytrace}
trace-space-track-feed: ghcr.io/purton-tech/skytrace-space-track-feed:${version}@${hash-skytrace-space-track-feed}
resources:
envoy-deployment:
type: kubernetes:apps/v1:Deployment
properties:
metadata:
name: envoy
namespace: trace
spec:
selector:
matchLabels: ${envoyLabels}
replicas: 1
template:
metadata:
labels: ${envoyLabels}
spec:
containers:
- name: envoy
image: ${trace-envoy}
ports:
- containerPort: 7400
auth-deployment:
type: kubernetes:apps/v1:Deployment
properties:
metadata:
name: auth
namespace: trace
spec:
selector:
matchLabels: ${authLabels}
replicas: 1
template:
metadata:
labels: ${authLabels}
spec:
containers:
- name: auth
image: purtontech/barricade:1.2.5
ports:
- containerPort: 9090
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-urls
key: auth-database-url
- name: AUTH_TYPE
value: encrypted
- name: SECURE_COOKIE
value: 'true'
# Cookie encryption key
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: cookie-encryption
key: cookie-encryption-key
- name: REDIRECT_URL
value: /app/post_registration
- name: LOGOUT_URL
value: https://skytrace.space
- name: ENABLE_EMAIL_OTP
value: 'false'
# Send grid for email
- name: SMTP_HOST
value: smtp
- name: SMTP_PORT
value: '1025'
- name: SMTP_USERNAME
value: thisisnotused
- name: SMTP_PASSWORD
value: thisisnotused
- name: SMTP_TLS_OFF
value: 'true'
# Config for password reset
- name: RESET_DOMAIN
value: https://skytrace.space
- name: RESET_FROM_EMAIL_ADDRESS
value: no-reply@skytrace.space
app-deployment:
type: kubernetes:apps/v1:Deployment
properties:
metadata:
name: app
namespace: trace
spec:
selector:
matchLabels: ${appLabels}
replicas: 1
template:
metadata:
labels: ${appLabels}
spec:
containers:
- name: app
image: ${trace-server}
ports:
- containerPort: 7403
env:
- name: APP_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-urls
key: app-database-url
initContainers:
- name: server-init
image: ${trace-db-migrations}
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-urls
key: migrations-database-url
# Scheduled Jobs
space-track-job:
properties:
metadata:
name: space-track-feed-job
namespace: trace
spec:
backoffLimit: 2
template:
spec:
containers:
- image: ${trace-space-track-feed}
name: space-track
env:
- name: SPACE_TRACK_IDENTITY
valueFrom:
secretKeyRef:
name: trace-space-track
key: space-track-email
- name: SPACE_TRACK_PASSWORD
valueFrom:
secretKeyRef:
name: trace-space-track
key: space-track-password
- name: BASE_URL
value: http://app:7403
restartPolicy: Never
type: kubernetes:batch/v1:Job
# Cloudflare tunnel attaches here.
envoy-service:
properties:
metadata:
name: envoy
namespace: trace
spec:
ports:
- port: 7100
protocol: TCP
targetPort: 7400
selector:
app: envoy
type: kubernetes:core/v1:Service
app-service:
properties:
metadata:
name: app
namespace: trace
spec:
ports:
- port: 7403
protocol: TCP
targetPort: 7403
selector:
app: app
type: kubernetes:core/v1:Service
auth-service:
properties:
metadata:
name: auth
namespace: trace
spec:
ports:
- port: 9090
protocol: TCP
targetPort: 9090
selector:
app: auth
type: kubernetes:core/v1:Service