feat: deploy tts

dev/create-harbor-pull-secret.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+harbor_credential_path="$1"
+
+function get_docker_credentials() {
+    local harbor_credential_path="$1"
+
+    local username="$(yq -r '.name' -oj "$harbor_credential_path")"
+    local secret="$(yq -r '.secret' -oj "$harbor_credential_path")"
+    echo "$username:$secret"
+}
+
+credentials="$(get_docker_credentials "$harbor_credential_path")"
+encoded_credentials="$(echo -n "$credentials" | base64)"
+
+auth_settings=$(cat <<EOF
+{
+    "auths": {
+        "registry.niaefeup.pt": {
+            "auth": "$encoded_credentials"
+        }
+    }
+}
+EOF
+)
+
+encoded_auth_settings="$(echo "$auth_settings" | base64 -w 0)"
+
+cat <<EOF
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  namespace: <FILL-IN>
+  name: harbor-pull-secret
+  annotations:
+    replicator.v1.mittwald.de/replicate-to: "<FILL-IN>"
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: $encoded_auth_settings
+EOF

services/databases/postgresql/cnpg-cluster.yaml

@@ -6,13 +6,6 @@ metadata:
 spec:
   instances: 3
 
-  bootstrap:
-    initdb:
-      database: tts-db
-      owner: tts
-      secret:
-        name: tts-secret
-
   managed:
     roles:
       - name: ni
@@ -33,6 +26,18 @@ spec:
         login: true
         passwordSecret:
           name: sinf-website-2023-secret
+      - name: tts
+        ensure: present
+        createdb: false
+        login: true
+        passwordSecret:
+          name: tts-secret
+      - name: tts-staging
+        ensure: present
+        createdb: false
+        login: true
+        passwordSecret:
+          name: tts-staging-secret
 
   storage:
     size: 10Gi

services/databases/postgresql/cnpg-secrets.yaml

@@ -9,6 +9,15 @@ metadata:
 type: kubernetes.io/basic-auth
 ---
 apiVersion: v1
+stringData:
+  password: <FILL-IN>
+  username: tts-staging
+kind: Secret
+metadata:
+  name: tts-staging-secret
+type: kubernetes.io/basic-auth
+---
+apiVersion: v1
 stringData:
   password: <FILL-IN>
   username: ni

services/pulumi/niployments/index.ts

@@ -1,5 +1,7 @@
 // ementas is an example pulumi service
 // import "./services/ementas/index.js";
+import "#resources/replicator/charts.js";
+import "./services/tts/index.js";
 
 import { CommitSignal } from "./utils/pending.js";
 CommitSignal.globalParent.resolve();

services/pulumi/niployments/services/tts/common/backend.ts

@@ -0,0 +1,104 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as k8s from "@pulumi/kubernetes";
+import { Prefixer } from "#utils/prefixer.js";
+
+export class TTSBackend extends pulumi.ComponentResource {
+  public readonly name: pulumi.Output<string>;
+  public readonly port = pulumi.output(80);
+
+  constructor(
+    name: string,
+    args: {
+      namespace: pulumi.Input<string>;
+      branch: pulumi.Input<"main" | "develop">;
+      envSecretRef: pulumi.Input<string>;
+    },
+    opts?: pulumi.ComponentResourceOptions,
+  ) {
+    super("niployments:tts:TTSBackend", name, opts);
+
+    const prefixer = new Prefixer(name);
+
+    const backendLabels = { app: "tts-backend" };
+    const backendPort = 8000;
+
+    const deployment = new k8s.apps.v1.Deployment(
+      prefixer.deployment(),
+      {
+        metadata: {
+          namespace: args.namespace,
+        },
+        spec: {
+          replicas: 1,
+          selector: {
+            matchLabels: backendLabels,
+          },
+          template: {
+            metadata: {
+              labels: backendLabels,
+            },
+            spec: {
+              containers: [
+                {
+                  name: "tts-be",
+                  image: pulumi.interpolate`registry.niaefeup.pt/niaefeup/tts-be:${args.branch}`,
+                  imagePullPolicy: "Always",
+                  resources: {
+                    limits: {
+                      memory: "128Mi",
+                      cpu: "500m",
+                    },
+                  },
+                  ports: [
+                    {
+                      containerPort: backendPort,
+                    },
+                  ],
+                  envFrom: [
+                    {
+                      secretRef: {
+                        name: args.envSecretRef,
+                      }
+                    },
+                  ]
+                },
+              ],
+              imagePullSecrets: [
+                {
+                  name: "harbor-pull-secret",
+                },
+              ],
+            },
+          },
+        },
+      },
+      { parent: this },
+    );
+
+    const service = new k8s.core.v1.Service(
+      prefixer.service(),
+      {
+        metadata: {
+          namespace: args.namespace,
+        },
+        spec: {
+          ports: [
+            {
+              port: this.port,
+              targetPort: backendPort,
+            },
+          ],
+          selector: backendLabels,
+        },
+      },
+      { parent: this, dependsOn: [deployment] },
+    );
+
+    this.name = service.metadata.name;
+
+    this.registerOutputs({
+      serviceName: this.name,
+      servicePort: this.port,
+    });
+  }
+}

services/pulumi/niployments/services/tts/common/frontend.ts

@@ -0,0 +1,96 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as k8s from "@pulumi/kubernetes";
+import { Prefixer } from "#utils/prefixer.js";
+
+export class TTSFrontend extends pulumi.ComponentResource {
+  public readonly name: pulumi.Output<string>;
+  public readonly port = pulumi.output(80);
+
+  constructor(
+    name: string,
+    args: {
+      namespace: pulumi.Input<string>;
+      branch: pulumi.Input<"main" | "develop">;
+    },
+    opts?: pulumi.ComponentResourceOptions,
+  ) {
+    super("niployments:tts:TTSFrontend", name, opts);
+
+    const prefixer = new Prefixer(name);
+
+    const frontendLabels = { app: "tts-frontend" };
+    const frontendPort = 80;
+
+    const deployment = new k8s.apps.v1.Deployment(
+      prefixer.deployment(),
+      {
+        metadata: {
+          namespace: args.namespace,
+        },
+        spec: {
+          replicas: 1,
+          selector: {
+            matchLabels: frontendLabels,
+          },
+          template: {
+            metadata: {
+              labels: frontendLabels,
+            },
+            spec: {
+              containers: [
+                {
+                  name: "tts-fe",
+                  image: pulumi.interpolate`registry.niaefeup.pt/niaefeup/tts-fe:${args.branch}`,
+                  imagePullPolicy: "Always",
+                  resources: {
+                    limits: {
+                      memory: "128Mi",
+                      cpu: "500m",
+                    },
+                  },
+                  ports: [
+                    {
+                      containerPort: frontendPort,
+                    },
+                  ],
+                },
+              ],
+              imagePullSecrets: [
+                {
+                  name: "harbor-pull-secret",
+                },
+              ],
+            },
+          },
+        },
+      },
+      { parent: this },
+    );
+
+    const service = new k8s.core.v1.Service(
+      prefixer.service(),
+      {
+        metadata: {
+          namespace: args.namespace,
+        },
+        spec: {
+          ports: [
+            {
+              port: this.port,
+              targetPort: frontendPort,
+            },
+          ],
+          selector: frontendLabels,
+        },
+      },
+      { parent: this, dependsOn: [deployment] },
+    );
+
+    this.name = service.metadata.name;
+
+    this.registerOutputs({
+      serviceName: this.name,
+      servicePort: this.port,
+    });
+  }
+}

services/pulumi/niployments/services/tts/index.ts

@@ -0,0 +1,2 @@
+// import "./production/index.js";
+import "./staging/index.js";