add kustomize deployment for sd3 apps

.gitignore

@@ -0,0 +1,58 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual Environment
+venv/
+ENV/
+env/
+.env/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+.DS_Store
+
+# Kubernetes
+kubeconfig
+*.kubeconfig
+
+# Logs and databases
+*.log
+*.sqlite3
+*.db
+
+# Local development
+.env
+.env.local
+.env.*.local
+
+# Coverage reports
+htmlcov/
+.coverage
+.coverage.*
+coverage.xml
+*.cover
+
+# macos
+.DS_Store

kustomize/sd3/api/base/deployment.yaml

@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sd3-api
+  labels:
+    app: sd3-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sd3-api
+  template:
+    metadata:
+      labels:
+        app: sd3-api
+    spec:
+      serviceAccount: sd3
+      containers:
+      - name: sd3-api
+        image: sd3-api
+        command:
+          ["/bin/sh", "-c"]
+        args:
+          ['source /secrets/sd3-api-env && "/usr/src/app/app"']
+        ports:
+        - containerPort: 8000
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+        # livenessProbe:
+        #   httpGet:
+        #     path: /v1/component_status
+        #     port: 8000
+        #   initialDelaySeconds: 30
+        #   periodSeconds: 10
+        # readinessProbe:
+        #   httpGet:
+        #     path: /v1/component_status
+        #     port: 8000
+        #   initialDelaySeconds: 5
+        #   periodSeconds: 5
+        volumeMounts:
+        - mountPath: "/secrets"
+          name: "secrets"
+      initContainers:
+      - name: "vault-agent"
+        command:
+        - "sh"
+        - "-c"
+        - "vault agent -config=/etc/vault/vault-agent.hcl -exit-after-auth=true"
+        env:
+        - name: "VAULT_ADDR"
+          value: "https://vault-lb.eco.tsi-dev.otc-service.com:8200"
+        image: "hashicorp/vault"
+        resources:
+          limits:
+            cpu: "300m"
+            memory: "300Mi"
+          requests:
+            cpu: "50m"
+            memory: "50Mi"
+        volumeMounts:
+        - mountPath: "/etc/vault"
+          name: "vault-agent-config"
+        - mountPath: "/secrets"
+          name: "secrets"
+        - mountPath: "/var/run/secrets/tokens"
+          name: "k8-tokens"
+          readOnly: true
+      volumes:
+      - name: vault-agent-config
+        configMap:
+          defaultMode: 420
+          name: sd3-vault-config
+      - name: secrets
+        emptyDir: {}
+      - name: "k8-tokens"
+        projected:
+          defaultMode: 420
+          sources:
+          - serviceAccountToken:
+              expirationSeconds: 7200
+              path: "vault-token"

kustomize/sd3/api/base/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sd3-api-ingress
+  labels:
+    app: sd3-api
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: api.status.otc-service.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: sd3-api
+            port:
+              number: 8000

kustomize/sd3/api/base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - service.yaml
+  - deployment.yaml
+  - ingress.yaml
+  - sa.yaml

kustomize/sd3/api/base/sa.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sd3
+  labels:
+    app: sd3-api
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sd3-api-role-tokenreview-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: sd3
+  namespace: sd3-test

kustomize/sd3/api/base/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: sd3-api
+  labels:
+    app: sd3-api
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+      protocol: TCP
+      name: http
+  selector:
+    app: sd3-api

kustomize/sd3/api/overlays/test/kustomization.yaml

@@ -0,0 +1,40 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: sd3-test
+
+resources:
+  - ../../base
+
+images:
+  - name: sd3-api
+    newName: quay.io/stackmon/status-dashboard-v3
+    newTag: sha-13ce6ea
+
+configMapGenerator:
+  - name: sd3-vault-config
+    files:
+      - vault-agent.hcl
+
+patchesStrategicMerge:
+  - |-
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: sd3-api-ingress
+    spec:
+      rules:
+        - host: api.test.status.otc-service.com
+          http:
+            paths:
+            - path: /
+              pathType: Prefix
+              backend:
+                service:
+                  name: sd3-api
+                  port:
+                    number: 8000
+      tls:
+      - hosts:
+        - api.test.status.otc-service.com
+        secretName: sd3-cert-test

kustomize/sd3/api/overlays/test/vault-agent.hcl

@@ -0,0 +1,29 @@
+pid_file = "/home/vault/pidfile"
+
+auto_auth {
+    method "kubernetes" {
+        mount_path = "auth/kubernetes_otcinfra2"
+        config = {
+            role = "sd3"
+            token_path = "/var/run/secrets/tokens/vault-token"
+        }
+    }
+    sink "file" {
+        config = {
+            path = "/home/vault/.vault-token"
+        }
+    }
+}
+
+template {
+  destination = "/secrets/sd3-api-env"
+  contents = <<EOT
+{{ with secret "secret/data/statusdashboard/sd3-test" -}}
+export SD_DB={{ .Data.data.dburl }}
+export SD_CACHE=internal
+export SD_LOG_LEVEL=devel
+{{- end }}
+
+EOT
+  perms = "0664"
+}

kustomize/sd3/frontend/base/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sd3-frontend
+  labels:
+    app: sd3-frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sd3-frontend
+  template:
+    metadata:
+      labels:
+        app: sd3-frontend
+    spec:
+      containers:
+      - name: sd3-frontend
+        image: sd3-frontend
+        command:
+          ["/bin/sh", "-c"]
+        args:
+          ['nginx -g "daemon off;"']
+        ports:
+        - containerPort: 80
+          name: http
+        resources:
+          requests:
+            cpu: 200m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi

kustomize/sd3/frontend/base/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sd3-frontend-ingress
+  labels:
+    app: sd3-frontend
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: status.otc-service.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: sd3-frontend
+            port:
+              number: 80

kustomize/sd3/frontend/base/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - service.yaml
+  - deployment.yaml
+  - ingress.yaml

kustomize/sd3/frontend/base/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: sd3-frontend
+  labels:
+    app: sd3-frontend
+spec:
+  selector:
+    app: sd3-frontend
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80

kustomize/sd3/frontend/overlays/test/kustomization.yaml

@@ -0,0 +1,35 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: sd3-test
+
+images:
+  - name: sd3-frontend
+    newName: quay.io/stackmon/status-dashboard-v3-front
+    newTag: sha-3817ace
+
+resources:
+  - ../../base
+
+patchesStrategicMerge:
+  - |-
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: sd3-frontend-ingress
+    spec:
+      rules:
+        - host: test.status.otc-service.com
+          http:
+            paths:
+            - path: /
+              pathType: Prefix
+              backend:
+                service:
+                  name: sd3-frontend
+                  port:
+                    number: 80
+      tls:
+      - hosts:
+        - test.status.otc-service.com
+        secretName: sd3-front-cert-test