diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 07e26cb..39f4fc0 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -1,14 +1,6 @@ -# Template docker-push - -# This template allows you to build and push your docker image to a Docker Hub account. -# The workflow allows running tests, code linting and security scans on feature branches (as well as master). -# The docker image will be validated and pushed to the docker registry after the code is merged to master. - -# Prerequisites: $DOCKERHUB_USERNAME, $DOCKERHUB_PASSWORD setup as deployment variables - +--- image: atlassian/default-image:2 - definitions: services: docker: @@ -17,10 +9,10 @@ pipelines: default: - parallel: - step: - name: Build and Test + name: Build images script: - - docker build . --file k8s/Dockerfile-autoscaler --tag autoscaler-${BITBUCKET_REPO_SLUG} - - docker build . --file k8s/Dockerfile-coturn-dns --tag coturn-dns-${BITBUCKET_REPO_SLUG} + - docker build . --file docker/coturn/Dockerfile --tag coturn + - docker build . --file docker/coturn-dns/Dockerfile --tag coturn-dns services: - docker caches: @@ -29,17 +21,17 @@ pipelines: name: Lint the Dockerfile image: hadolint/hadolint:latest-debian script: - - hadolint Dockerfile-autoscaler - - hadolint Docuerfile-coturn-dns + - hadolint docker/coturn/Dockerfile + - hadolint docker/coturn-dns/Dockerfile branches: main: - step: - name: Build and Test + name: Build images script: - - docker build . --file k8s/Dockerfile-autoscaler --tag autoscaler-${BITBUCKET_REPO_SLUG} - - docker build . --file k8s/Dockerfile-coturn-dns --tag coturn-dns-${BITBUCKET_REPO_SLUG} - - docker save autoscaler-${BITBUCKET_REPO_SLUG} --output "autoscaler-${BITBUCKET_REPO_SLUG}.tar" - - docker save coturn-dns-${BITBUCKET_REPO_SLUG} --output "coturn-dns-${BITBUCKET_REPO_SLUG}.tar" + - docker build . --file docker/coturn/Dockerfile --tag coturn + - docker build . --file docker/coturn-dns/Dockerfile --tag coturn-dns + - docker save coturn --output "coturn.tar" + - docker save coturn-dns --output "coturn-dns.tar" services: - docker caches: @@ -47,96 +39,41 @@ pipelines: artifacts: - "*.tar" - step: - name: Push docker images to GCR + name: Push images image: google/cloud-sdk:alpine script: # Authenticating with the service account key file - echo $GCLOUD_API_KEYFILE | base64 -d > ./gcloud-api-key.json - gcloud auth activate-service-account --key-file gcloud-api-key.json - gcloud config set project $GCLOUD_PROJECT - - docker load --input "autoscaler-${BITBUCKET_REPO_SLUG}.tar" - - docker load --input "coturn-dns-${BITBUCKET_REPO_SLUG}.tar" - - VERSION="prod-0.1.${BITBUCKET_BUILD_NUMBER}" - - docker tag "autoscaler-${BITBUCKET_REPO_SLUG}" "gcr.io/${GCLOUD_PROJECT}/autoscaler:${VERSION}" - - docker tag "coturn-dns-${BITBUCKET_REPO_SLUG}" "gcr.io/${GCLOUD_PROJECT}/coturn-dns:${VERSION}" - # Login to google docker hub - cat ./gcloud-api-key.json | docker login -u _json_key --password-stdin https://gcr.io - - docker push "gcr.io/${GCLOUD_PROJECT}/autoscaler:${VERSION}" + # Push Docker images + - VERSION="latest" + - docker load --input "coturn.tar" + - docker load --input "coturn-dns.tar" + - docker tag "coturn" "gcr.io/${GCLOUD_PROJECT}/coturn:${VERSION}" + - docker tag "coturn-dns" "gcr.io/${GCLOUD_PROJECT}/coturn-dns:${VERSION}" + - docker push "gcr.io/${GCLOUD_PROJECT}/coturn:${VERSION}" - docker push "gcr.io/${GCLOUD_PROJECT}/coturn-dns:${VERSION}" services: - docker - - - # - step: Deploy haproxy ingress controller - # % helm install haproxy-ingress haproxy-ingress/haproxy-ingress\ - # --create-namespace --namespace ingress-controller\ - # --version 0.13.1\ - # -f k8s/haproxy/haproxy-ingress-values.yaml - # helm upgrade -n ingress-controller -f k8s/haproxy/haproxy-ingress-values.yaml haproxy-ingress haproxy-ingress/haproxy-ingress --version 0.13.1 - # kubectl --namespace ingress-controller patch deployment haproxy-ingress -p '{"spec":{"template":{"spec":{"containers":[{"name":"haproxy-ingress","ports":[{"name":"exporter","containerPort":9105},{"name":"ingress-stats","containerPort":10254}]}]}}}}' - - # - step: Deploy cert-manager - # helm install \ - # cert-manager jetstack/cert-manager \ - # --namespace cert-manager \ - # --create-namespace \ - # --version v1.5.0 \ - # --set installCRDs=true - # $ kubectl apply -f k8s/cert-manager/cluster-issuer-production.yaml - - - - # - step: Deploy GCR credentials -# kubectl create secret docker-registry gcr-json-key \ -# --docker-server=gcr.io \ -# --docker-username=_json_key \ -# --docker-password="$(cat k8s/gcp.json)" \ -# --docker-email=any@valid.email - # kubectl patch serviceaccount default \ - # -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}' - -# Deploy nginx ingress controller -# helm install nginx-ingress stable/nginx-ingress - -# Deploy monitoring clusterissuer -# kubectl apply -f k8s/monitoring/clusterissuer.yaml - -# Deploy monitoring certificate -# kubectl apply -f k8s/monitoring/certificate.yaml - -# Deploy monitoring helm -# helm install \ -# monitoring stable/prometheus-operator \ -# -f k8s/monitoring/helm-values.yaml \ -# --namespace monitoring \ -# --set grafana.adminPassword=jamkazamMonitoring - - - step: - name: Deploy to K8s - deployment: production + name: Deploy to staging + deployment: staging script: - - AUTOSCALER_IMAGE="gcr.io/$GCLOUD_PROJECT/autoscaler:prod-0.1.$BITBUCKET_BUILD_NUMBER" - - COTURN_DNS_IMAGE="gcr.io/$GCLOUD_PROJECT/coturn-dns:prod-0.1.$BITBUCKET_BUILD_NUMBER" - - sed -i "s|{{linode_autoscaler_image}}|$AUTOSCALER_IMAGE|g" k8s/linode-autoscaler/production-webrtc-be-autoscaler.yaml - - sed -i "s|{{linode_autoscaler_image}}|$AUTOSCALER_IMAGE|g" k8s/linode-autoscaler/production-coturn-autoscaler.yaml - - sed -i "s|{{coturn_dns_image}}|$COTURN_DNS_IMAGE|g" k8s/coturn-dns/production-coturn-dns.yaml - # - pipe: atlassian/kubectl-run:1.1.2 - # variables: - # KUBE_CONFIG: $KUBE_CONFIG_PRD - # KUBECTL_COMMAND: 'apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml' - pipe: atlassian/kubectl-run:1.1.2 variables: - KUBE_CONFIG: $KUBE_CONFIG_PRD - KUBECTL_COMMAND: 'apply' - RESOURCE_PATH: 'k8s/linode-autoscaler/linode-autoscaler-namespace-secrets.yaml' + KUBE_CONFIG: $KUBE_CONFIG_STG + KUBECTL_COMMAND: '-n coturn rollout restart deployment/coturn' - pipe: atlassian/kubectl-run:1.1.2 variables: - KUBE_CONFIG: $KUBE_CONFIG_PRD - KUBECTL_COMMAND: 'apply' - RESOURCE_PATH: 'k8s/linode-autoscaler/production-coturn-autoscaler.yaml' + KUBE_CONFIG: $KUBE_CONFIG_STG + KUBECTL_COMMAND: '-n coturn rollout status -w deployment/coturn' - pipe: atlassian/kubectl-run:1.1.2 variables: - KUBE_CONFIG: $KUBE_CONFIG_PRD - KUBECTL_COMMAND: 'apply' - RESOURCE_PATH: 'k8s/coturn-dns/production-coturn-dns.yaml' \ No newline at end of file + KUBE_CONFIG: $KUBE_CONFIG_STG + KUBECTL_COMMAND: '-n coturn-dns rollout restart deployment/coturn-dns' + - pipe: atlassian/kubectl-run:1.1.2 + variables: + KUBE_CONFIG: $KUBE_CONFIG_STG + KUBECTL_COMMAND: '-n coturn-dns rollout status -w deployment/coturn-dns' \ No newline at end of file diff --git a/docker/coturn-dns/Dockerfile b/docker/coturn-dns/Dockerfile index e97067e..c728b50 100644 --- a/docker/coturn-dns/Dockerfile +++ b/docker/coturn-dns/Dockerfile @@ -2,9 +2,7 @@ FROM python:3 WORKDIR /app -COPY requirements.txt requirements.txt +COPY docker/coturn-dns/requirements.txt requirements.txt RUN pip3 install -r requirements.txt - -COPY pod-node-register.py . - +COPY docker/coturn-dns/. . CMD [ "python3", "pod-node-register.py"] \ No newline at end of file diff --git a/docker/coturn-dns/pod-node-register.py b/docker/coturn-dns/pod-node-register.py index 003b76f..18afecc 100644 --- a/docker/coturn-dns/pod-node-register.py +++ b/docker/coturn-dns/pod-node-register.py @@ -7,7 +7,7 @@ HOSTED_ZONE=os.environ['HOSTED_ZONE'] COTURN_DOMAIN_NAME=os.environ['COTURN_DOMAIN_NAME'] COTURN_DOMAIN_NAME="coturn.staging.video.jamkazam.com" -config.load_kube_config() +config.load_incluster_config() v1 = client.CoreV1Api() while(True): @@ -18,7 +18,7 @@ while(True): node_status = v1.read_node(name=i.spec.node_name) for adr in node_status.status.addresses: if adr.type=="ExternalIP": - ips.append(adr.address) + ips.append({'Value': adr.address}) print("Node IPs: "+str(ips)) diff --git a/docker/coturn/rootfs/etc/coturn/turnserver.conf b/docker/coturn/rootfs/etc/coturn/turnserver.conf index ae9c7c5..d2e5852 100644 --- a/docker/coturn/rootfs/etc/coturn/turnserver.conf +++ b/docker/coturn/rootfs/etc/coturn/turnserver.conf @@ -1,6 +1,7 @@ min-port=49152 max-port=65535 -lt-cred-mech -user=username:password realm=jamkazam.com -syslog \ No newline at end of file +static-auth-secret=j@mk@Z@3 +syslog +verbose +fingerprint \ No newline at end of file diff --git a/k8s/alertmanager-slack/kustomization.yaml b/k8s/alertmanager-slack/kustomization.yaml deleted file mode 100644 index 7f29327..0000000 --- a/k8s/alertmanager-slack/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: monitoring - -resources: - - alertmanager-slack-config.yaml \ No newline at end of file diff --git a/k8s/applications/templates/alertmanager-slack.yaml b/k8s/applications/templates/alertmanager-slack.yaml deleted file mode 100644 index 6d41e40..0000000 --- a/k8s/applications/templates/alertmanager-slack.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: alertmanager-slack -spec: - destination: - name: '' - namespace: alertmanager-slack - server: 'https://kubernetes.default.svc' - source: - path: k8s/alertmanager-slack - repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - allowEmpty: false - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m \ No newline at end of file diff --git a/k8s/applications/templates/argocd.yaml b/k8s/applications/templates/argocd.yaml index d760fd7..c856723 100644 --- a/k8s/applications/templates/argocd.yaml +++ b/k8s/applications/templates/argocd.yaml @@ -4,7 +4,6 @@ metadata: name: argocd spec: destination: - name: '' namespace: argocd server: 'https://kubernetes.default.svc' source: @@ -12,13 +11,13 @@ spec: repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' targetRevision: HEAD project: default - syncPolicy: - automated: - prune: true - allowEmpty: false - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m \ No newline at end of file + # syncPolicy: + # automated: + # prune: true + # allowEmpty: false + # retry: + # limit: 5 + # backoff: + # duration: 5s + # factor: 2 + # maxDuration: 3m \ No newline at end of file diff --git a/k8s/applications/templates/coturn-dns.yaml b/k8s/applications/templates/coturn-dns.yaml index debac7c..0a63ed1 100644 --- a/k8s/applications/templates/coturn-dns.yaml +++ b/k8s/applications/templates/coturn-dns.yaml @@ -18,12 +18,12 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true - # automated: - # prune: true - # allowEmpty: false - # retry: - # limit: 5 - # backoff: - # duration: 5s - # factor: 2 - # maxDuration: 3m \ No newline at end of file + automated: + prune: true + allowEmpty: false + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m \ No newline at end of file diff --git a/k8s/applications/templates/coturn.yaml b/k8s/applications/templates/coturn.yaml index a8236c6..f9179cd 100644 --- a/k8s/applications/templates/coturn.yaml +++ b/k8s/applications/templates/coturn.yaml @@ -15,12 +15,12 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true - # automated: - # prune: true - # allowEmpty: false - # retry: - # limit: 5 - # backoff: - # duration: 5s - # factor: 2 - # maxDuration: 3m \ No newline at end of file + automated: + prune: true + allowEmpty: false + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m \ No newline at end of file diff --git a/k8s/applications/templates/haproxy-ingress.yaml b/k8s/applications/templates/haproxy-ingress.yaml deleted file mode 100644 index 39d6823..0000000 --- a/k8s/applications/templates/haproxy-ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: haproxy-ingress -spec: - destination: - name: '' - namespace: haproxy-ingress - server: 'https://kubernetes.default.svc' - source: - path: '' - repoURL: 'https://haproxy-ingress.github.io/charts' - targetRevision: 0.13.4 - chart: haproxy-ingress - # helm: - # parameters: - # - name: controller.hostNetwork - # value: 'true' - # valueFiles: [] - # values: |- - # controller: - # hostNetwork: true - # prometheus-port: "9105" - project: default - syncPolicy: - syncOptions: - - CreateNamespace=true - automated: - prune: true - allowEmpty: false - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m \ No newline at end of file diff --git a/k8s/applications/templates/webrtc-be.yaml b/k8s/applications/templates/webrtc-be.yaml index 5bb6974..93c6b66 100644 --- a/k8s/applications/templates/webrtc-be.yaml +++ b/k8s/applications/templates/webrtc-be.yaml @@ -8,6 +8,9 @@ spec: namespace: webrtc-be server: 'https://kubernetes.default.svc' source: + helm: + valueFiles: + - values-{{ .Values.environment }}.yaml path: k8s/webrtc-be repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' targetRevision: HEAD diff --git a/k8s/applications/values-staging.yaml b/k8s/applications/values-staging.yaml index 1ae2531..9cfb2b9 100644 --- a/k8s/applications/values-staging.yaml +++ b/k8s/applications/values-staging.yaml @@ -1 +1 @@ -environment: staging \ No newline at end of file +environment: "staging" \ No newline at end of file diff --git a/k8s/applications/templates/applications.yaml b/k8s/argocd/base/applications.yaml similarity index 82% rename from k8s/applications/templates/applications.yaml rename to k8s/argocd/base/applications.yaml index 77a03ea..7f8455f 100644 --- a/k8s/applications/templates/applications.yaml +++ b/k8s/argocd/base/applications.yaml @@ -8,14 +8,13 @@ spec: namespace: argocd server: 'https://kubernetes.default.svc' source: - helm: - valueFiles: - - values-{{ .Values.environment }}.yaml path: k8s/applications repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' targetRevision: HEAD project: default syncPolicy: + syncOptions: + - CreateNamespace=true automated: prune: true allowEmpty: false diff --git a/k8s/argocd/base/ingress.yaml b/k8s/argocd/base/ingress.yaml index 155b471..311b61b 100644 --- a/k8s/argocd/base/ingress.yaml +++ b/k8s/argocd/base/ingress.yaml @@ -8,13 +8,10 @@ metadata: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # If you encounter a redirect loop or are getting a 307 response code - # then you need to force the nginx ingress to connect to the backend using HTTPS. - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: rules: - - host: example.com + - host: hostname http: paths: - path: / @@ -26,5 +23,5 @@ spec: name: https tls: - hosts: - - example.com + - hostname secretName: argocd-secret # do not change, this is provided by Argo CD \ No newline at end of file diff --git a/k8s/argocd/base/kustomization.yaml b/k8s/argocd/base/kustomization.yaml index 6895565..7b46c91 100644 --- a/k8s/argocd/base/kustomization.yaml +++ b/k8s/argocd/base/kustomization.yaml @@ -5,3 +5,4 @@ namespace: argocd resources: - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml - ingress.yaml + - applications.yaml diff --git a/k8s/argocd/overlays/staging/applications.yaml b/k8s/argocd/overlays/staging/applications.yaml new file mode 100644 index 0000000..749654d --- /dev/null +++ b/k8s/argocd/overlays/staging/applications.yaml @@ -0,0 +1,9 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: applications +spec: + source: + helm: + valueFiles: + - values-staging.yaml \ No newline at end of file diff --git a/k8s/argocd/overlays/staging/kustomization.yaml b/k8s/argocd/overlays/staging/kustomization.yaml index e70b65e..7472b9f 100644 --- a/k8s/argocd/overlays/staging/kustomization.yaml +++ b/k8s/argocd/overlays/staging/kustomization.yaml @@ -1,7 +1,15 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: - - ../../base +- ../../base + +commonLabels: + app.kubernetes.io/instance: argocd + +patchesStrategicMerge: +- applications.yaml patchesJson6902: - path: hostname.yaml diff --git a/k8s/cert-manager/cluster-issuer-haproxy.yaml b/k8s/cert-manager/cluster-issuer-haproxy.yaml deleted file mode 100644 index efa4922..0000000 --- a/k8s/cert-manager/cluster-issuer-haproxy.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-haproxy-production -spec: - acme: - # You must replace this email address with your own. - # Let's Encrypt will use this to contact you about expiring - # certificates, and issues related to your account. - email: victor.barba.martin@toptal.com - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - # Secret resource that will be used to store the account's private key. - name: haproxy-issuer-account-key - # Add a single challenge solver, HTTP01 using nginx - solvers: - - http01: - ingress: - class: haproxy - diff --git a/k8s/cert-manager/kustomization.yaml b/k8s/cert-manager/kustomization.yaml index d27a005..25ea5d4 100644 --- a/k8s/cert-manager/kustomization.yaml +++ b/k8s/cert-manager/kustomization.yaml @@ -4,5 +4,4 @@ kind: Kustomization resources: - https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml - - cluster-issuer-nginx.yaml - #- cluster-issuer-haproxy.yaml \ No newline at end of file + - cluster-issuer-nginx.yaml \ No newline at end of file diff --git a/k8s/coturn-dns/templates/coturn-dns.yaml b/k8s/coturn-dns/templates/deployment.yaml similarity index 78% rename from k8s/coturn-dns/templates/coturn-dns.yaml rename to k8s/coturn-dns/templates/deployment.yaml index 7fdf795..7639db8 100644 --- a/k8s/coturn-dns/templates/coturn-dns.yaml +++ b/k8s/coturn-dns/templates/deployment.yaml @@ -18,6 +18,8 @@ spec: labels: app: coturn-dns spec: + imagePullSecrets: + - name: gcr-json-key containers: - name: coturn-dns image: gcr.io/tough-craft-276813/coturn-dns:latest @@ -25,21 +27,21 @@ spec: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: aws-user-external-dns + name: aws-user-coturn-dns key: username - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: aws-user-external-dns + name: aws-user-coturn-dns key: password - name: PYTHONUNBUFFERED value: "1" - name: HOSTED_ZONE value: "Z00156242SK162FEXDPVF" - name: COTURN_DOMAIN_NAME - value: {{ .Values.coturnDomainName }} + value: coturn.{{ .Values.domain }} resources: requests: - memory: 32Mi + memory: 128Mi limits: - memory: 32Mi + memory: 128Mi diff --git a/k8s/webrtc-be/gcr-secret.yml b/k8s/coturn-dns/templates/gcr-secret.yml similarity index 100% rename from k8s/webrtc-be/gcr-secret.yml rename to k8s/coturn-dns/templates/gcr-secret.yml diff --git a/k8s/coturn-dns/templates/rbac.yaml b/k8s/coturn-dns/templates/rbac.yaml new file mode 100644 index 0000000..9418f48 --- /dev/null +++ b/k8s/coturn-dns/templates/rbac.yaml @@ -0,0 +1,25 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pods-list +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pods-list +subjects: +- kind: ServiceAccount + name: default + namespace: coturn-dns +roleRef: + kind: ClusterRole + name: pods-list + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/k8s/coturn-dns/values-staging.yaml b/k8s/coturn-dns/values-staging.yaml index 1687086..d2b5376 100644 --- a/k8s/coturn-dns/values-staging.yaml +++ b/k8s/coturn-dns/values-staging.yaml @@ -1 +1 @@ -coturn-domain-name: "coturn.staging.video.jamkazam.com" \ No newline at end of file +domain: "staging.video.jamkazam.com" \ No newline at end of file diff --git a/k8s/coturn/templates/deployment.yml b/k8s/coturn/templates/deployment.yml index 1c0937d..6918f64 100644 --- a/k8s/coturn/templates/deployment.yml +++ b/k8s/coturn/templates/deployment.yml @@ -20,6 +20,11 @@ spec: containers: - name: coturn image: gcr.io/tough-craft-276813/coturn:latest + resources: + requests: + memory: "3800Mi" + limits: + memory: "3800Mi" ports: - containerPort: 3478 name: coturn diff --git a/k8s/gcp.json b/k8s/gcp.json deleted file mode 100644 index f502785..0000000 --- a/k8s/gcp.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "type": "service_account", - "project_id": "tough-craft-276813", - "private_key_id": "a8092b39b4eb391e8b1e8ace86d5c463e049e711", - "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCy18xh+H6vH4qJ\ns0x7syo8rK+dEgy/24dUTqPb54KfBmtXPdKuGCT/ZsoWAPqRhpmbYYe1Po9wNe6E\nXstVCvFq5ev2olJFzauy24UI6bWaXkQX/OHXLho/rn/EJPdcwBBQZ6mtrv+rgLWQ\nhiAHFMeaQSfwGrXeNnKWuT/PlJmDvliORjzm94r9fywzhArJq/lFNh0JWLTHfzVT\n6nhHIrOCQ+6IAszVerU6G7VfTAKoEaFS1OeLFwlUyhwc3SPm7ceLxBqz25APo3qA\nZFYyfLe43XbmKw1gta/QnpnPUtp3Wrm7sk9xy/maLx6xagVaUsGLNjWnZCjaPTkw\npe7FHU5XAgMBAAECggEADBP635ryo00UBByxy6Db92EKMydm6QYga5csBcvqzGaY\nlTm9orhKt1zvxPCn+3AFq7K4gYsKEN/zjckBHmswxrFkcDGiMMilEd01bNarxxMa\nsiwH7IpWh3p3cn20nvTxpRx7Hxm0dpaorGwCebfziv1ffx2urqUqs/cq0hANFhKF\n7bNYiTY6/9ZwWvcorpeu59UgJat2f12+aRUjj3Iu459UlRs6IhfXW2cWhMVHVylF\ng500i7sLrBLAlqGq8HnHkHUcB6sWnrWMBQ3wyqcEnORjVI0Oumaz1tphPEmxBy1n\n12arKrQ3N7Iij6mG/EX9Ha7J3tbFgb5Z9Xn3EObEAQKBgQDXBqm+HMEh35C7Jx7l\nhKdwRx87LhmBgDfGSxrNV0D/O8AFTPIuSDNeYi473AvUjsmnd6tQvtNFD6v8U16k\nRSwrwAr1eM4b8CIZ+nnMKt0ah96E8TyOBdp5Xfs18M4ZL9yddOpVrIVlDiQBIuHR\nZKvYvklxyxi5Ut6UtcNkKSl9VwKBgQDU7BBG//WeGC4N8e61pxfh+oBiNx6RoBt8\n++GPmksRwZYPnHqCtli5GX4UTQIrTAeAzbOzqe5t6G7yPqnJqKfPQnzZEXVu7d51\nFFIU7WAIUPs7AyNKDsWRDQ73q3M2EN3VqjyMX6DuUeTPfASjI8CCju0FtDtzqdm+\nSWDVLDcXAQKBgFRE1DkhY782sq3mAwHIHyateNvkkTJjYXhg7rwSufJNJE/ve+oP\nebI/oAbtkeVXoEf1ajpWzs19+tUEh06xnUH4HVNeaMgiL/smYp1VHxnKrbZEJIs0\nWA7AejcFjH/qdfdvXnb9Cbo09H9NgFpjrcVfrcDe622VwI1fPpf+Wbg5AoGBAIqo\nvKTwFU0CZCOStSi5CzWPw8GyMYcWZDBNfAPfsBl9HzNFbQbopvjL4C5qRApcNdqs\nmuVaubn7jxzUsA9ydO3lV5ao5vf5klBejmGwgESKMEGq9nVJD2I5xdCGZ74C1+RI\nO6wSrqPk0wRHuGFhbAHaAAMh70GQkAt6j8PjSnEBAoGBAK04V8fXPbCBxLoRfMbT\nBjeutWad36oTDuvLoIsMRM1vCF1oxpL+j4+7+hbupQ/UMcLvPN9RmwgJTjxOPN5b\nThwUn6UHfNWlb0pQrw764gMV+3EZgbEzx7pAi8QNEY5gLL0Qd/34eIm1exHuPJtM\n+MLbJDdyJ3PEZL9YOB1uKyC6\n-----END PRIVATE KEY-----\n", - "client_email": "ansible-sa@tough-craft-276813.iam.gserviceaccount.com", - "client_id": "104334872115406805719", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ansible-sa%40tough-craft-276813.iam.gserviceaccount.com" -} diff --git a/k8s/haproxy-monitoring/kustomization.yaml b/k8s/haproxy-monitoring/kustomization.yaml deleted file mode 100644 index 79f53e0..0000000 --- a/k8s/haproxy-monitoring/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argocd - -resources: \ No newline at end of file diff --git a/k8s/haproxy-monitoring/prometheus-service.yaml b/k8s/haproxy-monitoring/prometheus-service.yaml deleted file mode 100644 index d3c90fd..0000000 --- a/k8s/haproxy-monitoring/prometheus-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: haproxy-exporter - namespace: ingress-controller -spec: - ports: - - name: exporter - port: 9105 - targetPort: exporter - selector: - app.kubernetes.io/instance: haproxy-ingress - app.kubernetes.io/name: haproxy-ingress \ No newline at end of file diff --git a/k8s/haproxy-monitoring/service-monitor.yaml b/k8s/haproxy-monitoring/service-monitor.yaml deleted file mode 100644 index c0828cd..0000000 --- a/k8s/haproxy-monitoring/service-monitor.yaml +++ /dev/null @@ -1,18 +0,0 @@ - -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: haproxy - labels: - app: haproxy - release: monitoring -spec: - selector: - matchLabels: - app.kubernetes.io/instance: haproxy-ingress - app.kubernetes.io/name: haproxy-ingress - namespaceSelector: - matchNames: - - ingress-controller - podMetricsEndpoints: - - port: exporter \ No newline at end of file diff --git a/k8s/alertmanager-slack/alertmanager-slack-config.yaml b/k8s/monitoring/templates/alertmanager-slack-config.yaml similarity index 95% rename from k8s/alertmanager-slack/alertmanager-slack-config.yaml rename to k8s/monitoring/templates/alertmanager-slack-config.yaml index 3c4fbc0..9f416ee 100644 --- a/k8s/alertmanager-slack/alertmanager-slack-config.yaml +++ b/k8s/monitoring/templates/alertmanager-slack-config.yaml @@ -3,7 +3,6 @@ kind: Secret type: Opaque metadata: name: slack-url - namespace: monitoring data: apiUrl: aHR0cHM6Ly9ob29rcy5zbGFjay5jb20vc2VydmljZXMvVDBMNVJBM0UwL0IwMVNNOFJDMzQ2L1hERE9yY1BFN2VBWEpQTUN2YzVGeEl2YQ== --- @@ -11,7 +10,6 @@ apiVersion: monitoring.coreos.com/v1alpha1 kind: AlertmanagerConfig metadata: name: slack - namespace: monitoring labels: alertmanagerConfig: slack spec: diff --git a/k8s/webrtc-be/Chart.yaml b/k8s/webrtc-be/Chart.yaml new file mode 100644 index 0000000..f852c00 --- /dev/null +++ b/k8s/webrtc-be/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: webrtc +version: '1.0' diff --git a/k8s/webrtc-be/deployment.yml b/k8s/webrtc-be/templates/deployment.yml similarity index 85% rename from k8s/webrtc-be/deployment.yml rename to k8s/webrtc-be/templates/deployment.yml index 58cdee6..0d85fd0 100644 --- a/k8s/webrtc-be/deployment.yml +++ b/k8s/webrtc-be/templates/deployment.yml @@ -20,6 +20,11 @@ spec: containers: - name: webrtc-be image: gcr.io/tough-craft-276813/webrtc_be:prod-0.1.83 + resources: + requests: + memory: "3800Mi" + limits: + memory: "3800Mi" env: - name: RTC_MIN_PORT value: "30000" diff --git a/k8s/webrtc-be/templates/gcr-secret.yml b/k8s/webrtc-be/templates/gcr-secret.yml new file mode 100644 index 0000000..07b68f3 --- /dev/null +++ b/k8s/webrtc-be/templates/gcr-secret.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJnY3IuaW8iOnsidXNlcm5hbWUiOiJfanNvbl9rZXkiLCJwYXNzd29yZCI6IntcbiAgXCJ0eXBlXCI6IFwic2VydmljZV9hY2NvdW50XCIsXG4gIFwicHJvamVjdF9pZFwiOiBcInRvdWdoLWNyYWZ0LTI3NjgxM1wiLFxuICBcInByaXZhdGVfa2V5X2lkXCI6IFwiYTgwOTJiMzliNGViMzkxZThiMWU4YWNlODZkNWM0NjNlMDQ5ZTcxMVwiLFxuICBcInByaXZhdGVfa2V5XCI6IFwiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXFxuTUlJRXZnSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2d3Z2dTa0FnRUFBb0lCQVFDeTE4eGgrSDZ2SDRxSlxcbnMweDdzeW84cksrZEVneS8yNGRVVHFQYjU0S2ZCbXRYUGRLdUdDVC9ac29XQVBxUmhwbWJZWWUxUG85d05lNkVcXG5Yc3RWQ3ZGcTVldjJvbEpGemF1eTI0VUk2YldhWGtRWC9PSFhMaG8vcm4vRUpQZGN3QkJRWjZtdHJ2K3JnTFdRXFxuaGlBSEZNZWFRU2Z3R3JYZU5uS1d1VC9QbEptRHZsaU9SanptOTRyOWZ5d3poQXJKcS9sRk5oMEpXTFRIZnpWVFxcbjZuaEhJck9DUSs2SUFzelZlclU2RzdWZlRBS29FYUZTMU9lTEZ3bFV5aHdjM1NQbTdjZUx4QnF6MjVBUG8zcUFcXG5aRll5ZkxlNDNYYm1LdzFndGEvUW5wblBVdHAzV3JtN3NrOXh5L21hTHg2eGFnVmFVc0dMTmpXblpDamFQVGt3XFxucGU3RkhVNVhBZ01CQUFFQ2dnRUFEQlA2MzVyeW8wMFVCQnl4eTZEYjkyRUtNeWRtNlFZZ2E1Y3NCY3ZxekdhWVxcbmxUbTlvcmhLdDF6dnhQQ24rM0FGcTdLNGdZc0tFTi96amNrQkhtc3d4ckZrY0RHaU1NaWxFZDAxYk5hcnh4TWFcXG5zaXdIN0lwV2gzcDNjbjIwbnZUeHBSeDdIeG0wZHBhb3JHd0NlYmZ6aXYxZmZ4MnVycVVxcy9jcTBoQU5GaEtGXFxuN2JOWWlUWTYvOVp3V3Zjb3JwZXU1OVVnSmF0MmYxMithUlVqajNJdTQ1OVVsUnM2SWhmWFcyY1doTVZIVnlsRlxcbmc1MDBpN3NMckJMQWxxR3E4SG5Ia0hVY0I2c1ducldNQlEzd3lxY0VuT1JqVkkwT3VtYXoxdHBoUEVteEJ5MW5cXG4xMmFyS3JRM043SWlqNm1HL0VYOUhhN0ozdGJGZ2I1WjlYbjNFT2JFQVFLQmdRRFhCcW0rSE1FaDM1QzdKeDdsXFxuaEtkd1J4ODdMaG1CZ0RmR1N4ck5WMEQvTzhBRlRQSXVTRE5lWWk0NzNBdlVqc21uZDZ0UXZ0TkZENnY4VTE2a1xcblJTd3J3QXIxZU00YjhDSVorbm5NS3QwYWg5NkU4VHlPQmRwNVhmczE4TTRaTDl5ZGRPcFZySVZsRGlRQkl1SFJcXG5aS3ZZdmtseHl4aTVVdDZVdGNOa0tTbDlWd0tCZ1FEVTdCQkcvL1dlR0M0TjhlNjFweGZoK29CaU54NlJvQnQ4XFxuKytHUG1rc1J3WllQbkhxQ3RsaTVHWDRVVFFJclRBZUF6Yk96cWU1dDZHN3lQcW5KcUtmUFFuelpFWFZ1N2Q1MVxcbkZGSVU3V0FJVVBzN0F5TktEc1dSRFE3M3EzTTJFTjNWcWp5TVg2RHVVZVRQZkFTakk4Q0NqdTBGdER0enFkbStcXG5TV0RWTERjWEFRS0JnRlJFMURraFk3ODJzcTNtQXdISUh5YXRlTnZra1RKallYaGc3cndTdWZKTkpFL3ZlK29QXFxuZWJJL29BYnRrZVZYb0VmMWFqcFd6czE5K3RVRWgwNnhuVUg0SFZOZWFNZ2lML3NtWXAxVkh4bktyYlpFSklzMFxcbldBN0FlamNGakgvcWRmZHZYbmI5Q2JvMDlIOU5nRnBqcmNWZnJjRGU2MjJWd0kxZlBwZitXYmc1QW9HQkFJcW9cXG52S1R3RlUwQ1pDT1N0U2k1Q3pXUHc4R3lNWWNXWkRCTmZBUGZzQmw5SHpORmJRYm9wdmpMNEM1cVJBcGNOZHFzXFxubXVWYXVibjdqeHpVc0E5eWRPM2xWNWFvNXZmNWtsQmVqbUd3Z0VTS01FR3E5blZKRDJJNXhkQ0daNzRDMStSSVxcbk82d1NycVBrMHdSSHVHRmhiQUhhQUFNaDcwR1FrQXQ2ajhQalNuRUJBb0dCQUswNFY4ZlhQYkNCeExvUmZNYlRcXG5CamV1dFdhZDM2b1REdXZMb0lzTVJNMXZDRjFveHBMK2o0KzcraGJ1cFEvVU1jTHZQTjlSbXdnSlRqeE9QTjViXFxuVGh3VW42VUhmTldsYjBwUXJ3NzY0Z01WKzNFWmdiRXp4N3BBaThRTkVZNWdMTDBRZC8zNGVJbTFleEh1UEp0TVxcbitNTGJKRGR5SjNQRVpMOVlPQjF1S3lDNlxcbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cXG5cIixcbiAgXCJjbGllbnRfZW1haWxcIjogXCJhbnNpYmxlLXNhQHRvdWdoLWNyYWZ0LTI3NjgxMy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbVwiLFxuICBcImNsaWVudF9pZFwiOiBcIjEwNDMzNDg3MjExNTQwNjgwNTcxOVwiLFxuICBcImF1dGhfdXJpXCI6IFwiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL28vb2F1dGgyL2F1dGhcIixcbiAgXCJ0b2tlbl91cmlcIjogXCJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlblwiLFxuICBcImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybFwiOiBcImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0c1wiLFxuICBcImNsaWVudF94NTA5X2NlcnRfdXJsXCI6IFwiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vcm9ib3QvdjEvbWV0YWRhdGEveDUwOS9hbnNpYmxlLXNhJTQwdG91Z2gtY3JhZnQtMjc2ODEzLmlhbS5nc2VydmljZWFjY291bnQuY29tXCJcbn0iLCJlbWFpbCI6ImFueUB2YWxpZC5lbWFpbCIsImF1dGgiOiJYMnB6YjI1ZmEyVjVPbnNLSUNBaWRIbHdaU0k2SUNKelpYSjJhV05sWDJGalkyOTFiblFpTEFvZ0lDSndjbTlxWldOMFgybGtJam9nSW5SdmRXZG9MV055WVdaMExUSTNOamd4TXlJc0NpQWdJbkJ5YVhaaGRHVmZhMlY1WDJsa0lqb2dJbUU0TURreVlqTTVZalJsWWpNNU1XVTRZakZsT0dGalpUZzJaRFZqTkRZelpUQTBPV1UzTVRFaUxBb2dJQ0p3Y21sMllYUmxYMnRsZVNJNklDSXRMUzB0TFVKRlIwbE9JRkJTU1ZaQlZFVWdTMFZaTFMwdExTMWNiazFKU1VWMlowbENRVVJCVGtKbmEzRm9hMmxIT1hjd1FrRlJSVVpCUVZORFFrdG5kMmRuVTJ0QlowVkJRVzlKUWtGUlEza3hPSGhvSzBnMmRrZzBjVXBjYm5Nd2VEZHplVzg0Y2tzclpFVm5lUzh5TkdSVlZIRlFZalUwUzJaQ2JYUllVR1JMZFVkRFZDOWFjMjlYUVZCeFVtaHdiV0paV1dVeFVHODVkMDVsTmtWY2JsaHpkRlpEZGtaeE5XVjJNbTlzU2taNllYVjVNalJWU1RaaVYyRllhMUZZTDA5SVdFeG9ieTl5Ymk5RlNsQmtZM2RDUWxGYU5tMTBjbllyY21kTVYxRmNibWhwUVVoR1RXVmhVVk5tZDBkeVdHVk9ia3RYZFZRdlVHeEtiVVIyYkdsUFVtcDZiVGswY2psbWVYZDZhRUZ5U25FdmJFWk9hREJLVjB4VVNHWjZWbFJjYmpadWFFaEpjazlEVVNzMlNVRnplbFpsY2xVMlJ6ZFdabFJCUzI5RllVWlRNVTlsVEVaM2JGVjVhSGRqTTFOUWJUZGpaVXg0UW5GNk1qVkJVRzh6Y1VGY2JscEdXWGxtVEdVME0xaGliVXQzTVdkMFlTOVJibkJ1VUZWMGNETlhjbTAzYzJzNWVIa3ZiV0ZNZURaNFlXZFdZVlZ6UjB4T2FsZHVXa05xWVZCVWEzZGNibkJsTjBaSVZUVllRV2ROUWtGQlJVTm5aMFZCUkVKUU5qTTFjbmx2TURCVlFrSjVlSGsyUkdJNU1rVkxUWGxrYlRaUldXZGhOV056UW1OMmNYcEhZVmxjYm14VWJUbHZjbWhMZERGNmRuaFFRMjRyTTBGR2NUZExOR2RaYzB0RlRpOTZhbU5yUWtodGMzZDRja1pyWTBSSGFVMU5hV3hGWkRBeFlrNWhjbmg0VFdGY2JuTnBkMGczU1hCWGFETndNMk51TWpCdWRsUjRjRko0TjBoNGJUQmtjR0Z2Y2tkM1EyVmlabnBwZGpGbVpuZ3lkWEp4VlhGekwyTnhNR2hCVGtab1MwWmNiamRpVGxscFZGazJMemxhZDFkMlkyOXljR1YxTlRsVlowcGhkREptTVRJcllWSlZhbW96U1hVME5UbFZiRkp6Tmtsb1psaFhNbU5YYUUxV1NGWjViRVpjYm1jMU1EQnBOM05NY2tKTVFXeHhSM0U0U0c1SWEwaFZZMEkyYzFkdWNsZE5RbEV6ZDNseFkwVnVUMUpxVmtrd1QzVnRZWG94ZEhCb1VFVnRlRUo1TVc1Y2JqRXlZWEpMY2xFelRqZEphV28yYlVjdlJWZzVTR0UzU2pOMFlrWm5ZalZhT1ZodU0wVlBZa1ZCVVV0Q1oxRkVXRUp4YlN0SVRVVm9NelZETjBwNE4yeGNibWhMWkhkU2VEZzNUR2h0UW1kRVprZFRlSEpPVmpCRUwwODRRVVpVVUVsMVUwUk9aVmxwTkRjelFYWlZhbk50Ym1RMmRGRjJkRTVHUkRaMk9GVXhObXRjYmxKVGQzSjNRWEl4WlUwMFlqaERTVm9yYm01TlMzUXdZV2c1TmtVNFZIbFBRbVJ3TlZobWN6RTRUVFJhVERsNVpHUlBjRlp5U1Zac1JHbFJRa2wxU0ZKY2JscExkbGwyYTJ4NGVYaHBOVlYwTmxWMFkwNXJTMU5zT1ZaM1MwSm5VVVJWTjBKQ1J5OHZWMlZIUXpST09HVTJNWEI0Wm1ncmIwSnBUbmcyVW05Q2REaGNiaXNyUjFCdGEzTlNkMXBaVUc1SWNVTjBiR2sxUjFnMFZWUlJTWEpVUVdWQmVtSlBlbkZsTlhRMlJ6ZDVVSEZ1U25GTFpsQlJibnBhUlZoV2RUZGtOVEZjYmtaR1NWVTNWMEZKVlZCek4wRjVUa3RFYzFkU1JGRTNNM0V6VFRKRlRqTldjV3A1VFZnMlJIVlZaVlJRWmtGVGFrazRRME5xZFRCR2RFUjBlbkZrYlN0Y2JsTlhSRlpNUkdOWVFWRkxRbWRHVWtVeFJHdG9XVGM0TW5OeE0yMUJkMGhKU0hsaGRHVk9kbXRyVkVwcVdWaG9aemR5ZDFOMVprcE9Ta1V2ZG1VcmIxQmNibVZpU1M5dlFXSjBhMlZXV0c5RlpqRmhhbkJYZW5NeE9TdDBWVVZvTURaNGJsVklORWhXVG1WaFRXZHBUQzl6YlZsd01WWkllRzVMY21KYVJVcEpjekJjYmxkQk4wRmxhbU5HYWtndmNXUm1aSFpZYm1JNVEySnZNRGxJT1U1blJuQnFjbU5XWm5KalJHVTJNakpXZDBreFpsQndaaXRYWW1jMVFXOUhRa0ZKY1c5Y2JuWkxWSGRHVlRCRFdrTlBVM1JUYVRWRGVsZFFkemhIZVUxWlkxZGFSRUpPWmtGUVpuTkNiRGxJZWs1R1lsRmliM0IyYWt3MFF6VnhVa0Z3WTA1a2NYTmNibTExVm1GMVltNDNhbmg2VlhOQk9YbGtUek5zVmpWaGJ6VjJaalZyYkVKbGFtMUhkMmRGVTB0TlJVZHhPVzVXU2tReVNUVjRaRU5IV2pjMFF6RXJVa2xjYms4MmQxTnljVkJyTUhkU1NIVkhSbWhpUVVoaFFVRk5hRGN3UjFGclFYUTJhamhRYWxOdVJVSkJiMGRDUVVzd05GWTRabGhRWWtOQ2VFeHZVbVpOWWxSY2JrSnFaWFYwVjJGa016WnZWRVIxZGt4dlNYTk5VazB4ZGtOR01XOTRjRXdyYWpRck55dG9ZblZ3VVM5VlRXTk1kbEJPT1ZKdGQyZEtWR3A0VDFCT05XSmNibFJvZDFWdU5sVklaazVYYkdJd2NGRnlkemMyTkdkTlZpc3pSVnBuWWtWNmVEZHdRV2s0VVU1RldUVm5URXd3VVdRdk16UmxTVzB4WlhoSWRWQktkRTFjYml0TlRHSktSR1I1U2pOUVJWcE1PVmxQUWpGMVMzbERObHh1TFMwdExTMUZUa1FnVUZKSlZrRlVSU0JMUlZrdExTMHRMVnh1SWl3S0lDQWlZMnhwWlc1MFgyVnRZV2xzSWpvZ0ltRnVjMmxpYkdVdGMyRkFkRzkxWjJndFkzSmhablF0TWpjMk9ERXpMbWxoYlM1bmMyVnlkbWxqWldGalkyOTFiblF1WTI5dElpd0tJQ0FpWTJ4cFpXNTBYMmxrSWpvZ0lqRXdORE16TkRnM01qRXhOVFF3Tmpnd05UY3hPU0lzQ2lBZ0ltRjFkR2hmZFhKcElqb2dJbWgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiUzl2TDI5aGRYUm9NaTloZFhSb0lpd0tJQ0FpZEc5clpXNWZkWEpwSWpvZ0ltaDBkSEJ6T2k4dmIyRjFkR2d5TG1kdmIyZHNaV0Z3YVhNdVkyOXRMM1J2YTJWdUlpd0tJQ0FpWVhWMGFGOXdjbTkyYVdSbGNsOTROVEE1WDJObGNuUmZkWEpzSWpvZ0ltaDBkSEJ6T2k4dmQzZDNMbWR2YjJkc1pXRndhWE11WTI5dEwyOWhkWFJvTWk5Mk1TOWpaWEowY3lJc0NpQWdJbU5zYVdWdWRGOTROVEE1WDJObGNuUmZkWEpzSWpvZ0ltaDBkSEJ6T2k4dmQzZDNMbWR2YjJkc1pXRndhWE11WTI5dEwzSnZZbTkwTDNZeEwyMWxkR0ZrWVhSaEwzZzFNRGt2WVc1emFXSnNaUzF6WVNVME1IUnZkV2RvTFdOeVlXWjBMVEkzTmpneE15NXBZVzB1WjNObGNuWnBZMlZoWTJOdmRXNTBMbU52YlNJS2ZRPT0ifX19 +kind: Secret +metadata: + name: gcr-json-key +type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/k8s/webrtc-be/ingress.yaml b/k8s/webrtc-be/templates/ingress.yaml similarity index 88% rename from k8s/webrtc-be/ingress.yaml rename to k8s/webrtc-be/templates/ingress.yaml index 6127e3a..fbfc35b 100644 --- a/k8s/webrtc-be/ingress.yaml +++ b/k8s/webrtc-be/templates/ingress.yaml @@ -9,7 +9,7 @@ metadata: name: webrtc-be spec: rules: - - host: &host webrtc-be.staging.video.jamkazam.com + - host: &host {{ .Values.domain }} http: paths: - backend: diff --git a/k8s/webrtc-be/service.yml b/k8s/webrtc-be/templates/service.yml similarity index 100% rename from k8s/webrtc-be/service.yml rename to k8s/webrtc-be/templates/service.yml diff --git a/k8s/webrtc-be/values-staging.yaml b/k8s/webrtc-be/values-staging.yaml new file mode 100644 index 0000000..e5d12fe --- /dev/null +++ b/k8s/webrtc-be/values-staging.yaml @@ -0,0 +1 @@ +domain: "webrtc-be.staging.video.jamkazam.com" \ No newline at end of file diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 1bb0caf..8fd401e 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -19,20 +19,38 @@ provider "registry.terraform.io/gavinbunney/kubectl" { } provider "registry.terraform.io/hashicorp/aws" { - version = "3.63.0" + version = "3.65.0" hashes = [ - "h1:Z+2GvXLgqQ/uPMH8dv+dXJ/t+jd6sriYjhCJS6kSO6g=", - "zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287", - "zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325", - "zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748", - "zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2", - "zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e", - "zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3", - "zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f", - "zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d", - "zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6", - "zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af", - "zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3", + "h1:GCDkcISN83t+JK2U+ie3vaECnyxK0Sr6GjO7IrBOVeo=", + "zh:108aeaf5e18087d9ac852737a5be1347a28e40825817cc1a29ec523d40268294", + "zh:1a719c0c9754f906b2220d3bbf90d483ec0a74cf87768a464d2d657b7901ec6b", + "zh:21acdc35ae70a626cbc81eff06181a78843f1ddc2d9200f80fabf2e0466ecbda", + "zh:28846628e1a4227a1f2db256d6b22ed36922f37632999af7404aa74703cd9bfb", + "zh:32455550dbf86ae07d9782650e86d23c4fa13d7872e48680044692894e8da6ea", + "zh:4241246274627c752f9aef2806e810053306001e80fc5b51d27cbe997f75f95e", + "zh:5ca0fab3ceb3f41a97c1ebd29561a034cb83fda04da35fd5f8c3c5cb97bb3ea8", + "zh:5fed3b79d4ed6424055e8bbfb7a4393e8db5102cdba04b4590f8e0f4194637fb", + "zh:99a0bc325b0a59ded1152546c004953a2bb0e110978bf0cc55e1804384941bdb", + "zh:e74f9190a417c891992210f9af937ef55749d86a04762d982260fbbc989342a7", + "zh:fb6984405ca63d0373bd992ce157e933b8ae9dd94d74b1c5691632f062fe60b2", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.4.1" + hashes = [ + "h1:CLb4n9f/hLyqqq0zbc+h5SuNOB7KnO65qOOb+ohwsKA=", + "zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14", + "zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5", + "zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526", + "zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772", + "zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd", + "zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e", + "zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0", + "zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3", + "zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f", + "zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67", + "zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e", ] } @@ -113,21 +131,23 @@ provider "registry.terraform.io/kbst/kustomization" { } provider "registry.terraform.io/linode/linode" { - version = "1.18.0" + version = "1.24.0" + constraints = "1.24.0" hashes = [ - "h1:vzGqhhDzEN8pJ6KIr8cXdzvyNb133PLkL9pQGpNgdo4=", - "zh:0ead391cba4eccff9d46c91e9260ce5e2ccfd69e2aebef253768ce29e2de3a7d", - "zh:27708a55d1ba1594086c2015441243a38a608f68ea2f82f1d759c6baf2a0df14", - "zh:3d355a270e7eaeafd5044a326c527c23742b312376368e1019e3caa779cdbc91", - "zh:41dde82124e6c2e2640ef2963fe4f6faf16f8e8b82e7dbaebfdec7b781f5455a", - "zh:51e9139cdc1386053c6834585139dc74d6fb7653a00b495377bc445b5e532218", - "zh:6ba6560bf23736a2a6e4c0899afd2c25cac6697d90cf2573449fe9b655f87920", - "zh:79c1fa8e3a8705eee73f171229ff47688deaff8468cdf28fddaafe5aef7e2d8d", - "zh:80b008ded1c71313c4f76e5569142e3a56b866f7693e57270d15f13fc7af1e14", - "zh:b0ebb1e83e8d999dc1d8feecf9c1e293cd61fe72271610284fdcce46d4a8a7ed", - "zh:bdaa786f0381ccd61404ea1835733e852e9747f1daf9a63bd4149073dbce85b6", - "zh:c67cd9e8d4880dfa6cbbd25aa7fcd9c07a76f4801180ac3988ff3f84ede6181f", - "zh:c8ee62dfd07d83dd362b8ba5f13a957e1ec8107b22ac168da4fa8470c4537a33", - "zh:cf7bdc5eac5df6cfc6ab5c7cafaba72b6bf5a155017e25edc6d9dc192bb6d2ed", + "h1:k1aiT3JCgzUvNxpT5EznQSRigqEdAwaSkQ4PoJVhXDM=", + "zh:06d87467ec78e7dc9c57bcdd1874a648c8e463ea067b158c00583e71aa26dfa1", + "zh:1ed95f626255e53dfa9df3b2a2c67a1445ae5224bbc9244c1bc4961e635aabfa", + "zh:3e6b338004f9cf82e7a6aaeffae7d0e064489b12ed1898400cf9c13703f0e5d0", + "zh:40e18d4fdeac61a06cf1e5208ad46bcf5d989083ad535c9450c46c425098dd4a", + "zh:4c35b67a148d0cac7a42c919c3cfd2198bc113ae3c12167b3ad8dc6aa785ec84", + "zh:5240744778bc865a8c2f14a71649b7a0097cdb681e48359ba3718f8b516fc577", + "zh:54af2b3cb45d17fc5563e7d1b86aafc38d3f4ac11b0aaf42ca9c74d53fdff7dc", + "zh:79c675e7251090761a4010aafaf144c4cea6940b49c4341f72d6a04126214543", + "zh:8538680134057d39fed6a010327faed12d26c8d33a369662766e2818777a7a8b", + "zh:8c8423769e0aae0f291fa381ab78e13c51d6c8f49336cbb7fd8a1a990a9f941f", + "zh:bcda0537da1ddccd2f05e9e123086a6b84aaeb11a22082d6734c777a95162ff0", + "zh:bfa7fc09a14c764b90280ab7414d376238515d80e940cdd0bc84fa1943e3b55c", + "zh:d44c1ba3514d19356c5654821ae43ede198bff1c1e5b5d496292f66fb750ca9f", + "zh:fae47b8424f7a38a844f78508f8b05cc69c2110b04fa9df666173d50761e855b", ] } diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf index b377568..05fda80 100644 --- a/terraform/kubernetes.tf +++ b/terraform/kubernetes.tf @@ -57,38 +57,28 @@ resource "kubernetes_secret" "bitbucket_ssh_argocd_key" { } -resource "kubernetes_namespace" "coturn" { + +resource "kubernetes_namespace" "coturn-dns" { depends_on = [local_file.kubeconfig] metadata { - name = "coturn" + name = "coturn-dns" } } -resource "kubernetes_config_map" "coturn_pool" { + +resource "kubernetes_secret" "aws_user_coturn_dns" { + depends_on = [kubernetes_namespace.coturn-dns] + metadata { - name = "linode-pool" - namespace = "coturn" + name = "aws-user-coturn-dns" + namespace = "coturn-dns" } data = { - pool = linode_lke_cluster.stg-video-cluster.pool[2].id - } -} - -resource "kubernetes_namespace" "webrtc" { - depends_on = [local_file.kubeconfig] - - metadata { - name = "webrtc" - } -} -resource "kubernetes_config_map" "webrtc_pool" { - metadata { - name = "linode-pool" - namespace = "webrtc" + username = aws_iam_access_key.lke-external-dns.id + password = aws_iam_access_key.lke-external-dns.secret } - data = { - pool = linode_lke_cluster.stg-video-cluster.pool[1].id - } + type = "kubernetes.io/basic-auth" + } diff --git a/terraform/lke.tf b/terraform/lke.tf index b21a458..1a5a010 100644 --- a/terraform/lke.tf +++ b/terraform/lke.tf @@ -6,21 +6,13 @@ resource "linode_lke_cluster" "stg-video-cluster" { region = "us-central" tags = ["staging"] - # Services pool { type = "g6-standard-2" - count = 1 - } - - # WebRTC-BE pool - pool { - type = "g6-standard-2" - count = 1 - } - # Coturn pool - pool { - type = "g6-standard-2" - count = 1 + count = 6 + autoscaler { + min = 3 + max = 10 + } } } @@ -34,9 +26,7 @@ provider "kubernetes" { config_path = local_file.kubeconfig.filename } -provider "kustomization" { - kubeconfig_path = local_file.kubeconfig.filename -} + resource "linode_lke_cluster" "prd-video-cluster" { label = "prd-video-cluster" diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 9e74ec9..6869bf9 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -9,11 +9,8 @@ terraform { } required_providers { linode = { - source = "linode/linode" - } - kustomization = { - source = "kbst/kustomization" - version = "0.6.0" + source = "linode/linode" + version = "1.24.0" } } }