Create k8s deployment workflow

.github/workflows/master_merge.yaml

@@ -5,11 +5,29 @@ on:
     branches:
       - master
 
-# env:
-
 jobs:
+  detect-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      api: ${{ steps.filter.outputs.api }}
+      website: ${{ steps.filter.outputs.website }}
+      keycloak: ${{ steps.filter.outputs.keycloak }}
+    steps:
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+            api:
+              - apps/api/**
+            website:
+              - apps/website/**
+            keycloak:
+              - apps/keycloak/**
+
   test-api:
     runs-on: ubuntu-latest
+    needs: detect-changes
+    if: ${{ needs.detect-changes.outputs.api == 'true' }}
     defaults:
       run:
         working-directory: apps/api
@@ -34,3 +52,97 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  build-api-image:
+    runs-on: ubuntu-latest
+    needs: test-api
+    defaults:
+      run:
+        working-directory: apps/api
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: |
+            ghcr.io/nikitades/carres-api:latest
+            ghcr.io/nikitades/carres-api:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-website-image:
+    runs-on: ubuntu-latest
+    needs: detect-changes
+    if: ${{ needs.detect-changes.outputs.website == 'true' }}
+    defaults:
+      run:
+        working-directory: apps/website
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: |
+            ghcr.io/nikitades/carres-website:latest
+            ghcr.io/nikitades/carres-website:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-keycloak-image:
+    runs-on: ubuntu-latest
+    needs: detect-changes
+    if: ${{ needs.detect-changes.outputs.keycloak == 'true' }}
+    defaults:
+      run:
+        working-directory: apps/website
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: |
+            ghcr.io/nikitades/carrer-keycloak:latest
+            ghcr.io/nikitades/carres-keycloak:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs: [build-api-image, build-website-image, build-keycloak-image]
+    if: ${{ always() && needs.build-api-image.result != 'failure' && needs.build-website-image.result != 'failure' && needs.build-keycloak-image.result != 'failure' && (needs.build-api-image.result == 'success' || needs.build-website-image.result == 'success' || needs.build-keycloak-image.result == 'success') }}
+    steps:
+      - name: Set the Kubernetes context
+        uses: azure/k8s-set-context@v2
+        with:
+          method: service-account
+          k8s-url: ${{ secrets.KUBERNETES_SERVER_URL }}
+          k8s-secret: ${{ secrets.KUBERNETES_SECRET }}
+      - uses: actions/checkout@v3
+      - uses: azure/k8s-deploy@v1
+        with:
+          namespace: carres
+          manifests: |
+            .k8s/prod
+          images: |
+            ghcr.io/nikitades/carres-api:${{ github.sha }}
+            ghcr.io/nikitades/carres-website:${{ github.sha }}
+            ghcr.io/nikitades/carres-keycloak:${{ github.sha }}

.k8s/prod/carres-api-config.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: carres-api-config
+data:
+  database-url: jdbc:postgresql://postgres:5432/carres-prod
+  keycloak-base-url: http://carres-keycloak:8080
+  keycloak-issuer-url: https://cars-reservation-sso.nikitades.com/realms/carres
+  keycloak-realm: carres-prod

.k8s/prod/carres-api-deployment.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: carres-api-deployment
+  labels:
+    app: carres-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: carres-api
+  template:
+    metadata:
+      labels:
+        app: carres-api
+    spec:
+      containers:
+        - name: carres-api
+          image: ghcr.io/nikitades/carres-api:latest
+          ports:
+            - containerPort: 8080
+          env:
+            - name: SPRING_DATASOURCE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: carres-api-config
+                  key: database-url
+            - name: SPRING_DATASOURCE_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: carres-api-secret
+                  key: database-username
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: carres-api-secret
+                  key: database-password
+            - name: SPRING_JPA_DATABASE_PLATFORM
+              value: org.hibernate.dialect.PostgreSQLDialect
+            - name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI
+              valueFrom:
+                configMapKeyRef:
+                  name: carres-api-config
+                  key: keycloak-issuer-url
+            - name: KEYCLOAK_ADMIN_OAUTH_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: carres-api-config
+                  key: keycloak-base-url
+            - name: KEYCLOAK_ADMIN_OAUTH_REALM
+              valueFrom:
+                configMapKeyRef:
+                  name: carres-api-config
+                  key: keycloak-realm
+            - name: KEYCLOAK_ADMIN_OAUTH_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: carres-api-secret
+                  key: keycloak-client-id
+            - name: KEYCLOAK_ADMIN_OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: carres-api-secret
+                  key: keycloak-client-secret

.k8s/prod/carres-api-ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: carres-api-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
+spec:
+  rules:
+    - host: cars-reservation-api.nikitades.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: carres-api
+                port:
+                  number: 8080

.k8s/prod/carres-api-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: carres-api
+spec:
+  selector:
+    app: carres-api
+  type: NodePort
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      nodePort: 30000

.k8s/prod/carres-keycloak-config.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: carres-keycloak-config
+data:
+  database-url: jdbc:postgresql://postgres:5432/keycloak-prod

.k8s/prod/carres-keycloak-deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: carres-keycloak-deployment
+  labels:
+    app: carres-keycloak
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: carres-keycloak
+  template:
+    metadata:
+      labels:
+        app: carres-keycloak
+    spec:
+      containers:
+        - name: carres-keycloak
+          image: ghcr.io/nikitades/carres-keycloak:latest
+          args:
+            [
+              "start",
+              "--optimized",
+              "--http-enabled=true",
+              "--hostname-strict-https=false",
+              "--hostname-strict=false",
+              "--proxy=passthrough"
+            ]
+          ports:
+            - containerPort: 8080
+          env:
+            - name: KC_DB_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: carres-keycloak-config
+                  key: database-url
+            - name: KC_DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: carres-keycloak-secret
+                  key: kc-db-username
+            - name: KC_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: carres-keycloak-secret
+                  key: kc-db-password
+            - name: KEYCLOAK_ADMIN
+              valueFrom:
+                secretKeyRef:
+                  name: carres-keycloak-secret
+                  key: admin-username
+            - name: KEYCLOAK_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: carres-keycloak-secret
+                  key: admin-password

.k8s/prod/carres-keycloak-ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: carres-keycloak-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
+spec:
+  rules:
+    - host: cars-reservation-sso.nikitades.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: carres-keycloak
+                port:
+                  number: 8080

.k8s/prod/carres-keycloak-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: carres-keycloak
+spec:
+  selector:
+    app: carres-keycloak
+  type: NodePort
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      nodePort: 30001

.k8s/prod/carres-website-config.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: carres-website-config
+data:
+  nextauth-url: https://cars-reservation.nikitades.com
+  nextauth-url-internal: http://localhost:3000
+  keycloak-issuer-url: https://cars-reservation-sso.nikitades.com/realms/carres
+  api-url: https://cars-reservation-api.nikitades.com
+  app-url: https://cars-reservation.nikitades.com