From 8fda0efab82b222d11662c2df955638ce6817029 Mon Sep 17 00:00:00 2001 From: Victor Barba Martin Date: Fri, 25 Jun 2021 18:26:10 +0200 Subject: [PATCH] Initial commit --- .gitignore | 1 + .../cluster-issuer-production.yaml | 20 +++++++++++++ k8s/haproxy/haproxy-ingress-values.yaml | 5 ++++ k8s/video-cluster-kubeconfig.yaml | 25 +++++++++++++++++ k8s/webrtc_be/webrtc_be-deployment.yaml | 28 +++++++++++++++++++ k8s/webrtc_be/webrtc_be-ingress.yaml | 21 ++++++++++++++ k8s/webrtc_be/webrtc_be-service.yaml | 15 ++++++++++ k8s/webrtc_fe/webrtc_fe-deployment.yaml | 24 ++++++++++++++++ k8s/webrtc_fe/webrtc_fe-ingress.yaml | 21 ++++++++++++++ k8s/webrtc_fe/webrtc_fe-service.yaml | 12 ++++++++ terraform/.terraform.lock.hcl | 22 +++++++++++++++ terraform/lke.tf | 11 ++++++++ terraform/terraform.tf | 22 +++++++++++++++ 13 files changed, 227 insertions(+) create mode 100644 k8s/cert-manager/cluster-issuer-production.yaml create mode 100644 k8s/haproxy/haproxy-ingress-values.yaml create mode 100644 k8s/video-cluster-kubeconfig.yaml create mode 100644 k8s/webrtc_be/webrtc_be-deployment.yaml create mode 100644 k8s/webrtc_be/webrtc_be-ingress.yaml create mode 100644 k8s/webrtc_be/webrtc_be-service.yaml create mode 100644 k8s/webrtc_fe/webrtc_fe-deployment.yaml create mode 100644 k8s/webrtc_fe/webrtc_fe-ingress.yaml create mode 100644 k8s/webrtc_fe/webrtc_fe-service.yaml create mode 100644 terraform/.terraform.lock.hcl create mode 100644 terraform/lke.tf create mode 100644 terraform/terraform.tf diff --git a/.gitignore b/.gitignore index b24d71e..7e0eb89 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,4 @@ Thumbs.db *.mov *.wmv +.terraform diff --git a/k8s/cert-manager/cluster-issuer-production.yaml b/k8s/cert-manager/cluster-issuer-production.yaml new file mode 100644 index 0000000..7764f2f --- /dev/null +++ b/k8s/cert-manager/cluster-issuer-production.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: victor.barba.martin@toptal.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + # Secret resource that will be used to store the account's private key. + name: issuer-account-key + # Add a single challenge solver, HTTP01 using nginx + solvers: + - http01: + ingress: + class: haproxy + diff --git a/k8s/haproxy/haproxy-ingress-values.yaml b/k8s/haproxy/haproxy-ingress-values.yaml new file mode 100644 index 0000000..ee9f211 --- /dev/null +++ b/k8s/haproxy/haproxy-ingress-values.yaml @@ -0,0 +1,5 @@ +controller: + sslRedirect: false + hostNetwork: true + daemonset: + useHostPort: true \ No newline at end of file diff --git a/k8s/video-cluster-kubeconfig.yaml b/k8s/video-cluster-kubeconfig.yaml new file mode 100644 index 0000000..d51a180 --- /dev/null +++ b/k8s/video-cluster-kubeconfig.yaml @@ -0,0 +1,25 @@ + +apiVersion: v1 +kind: Config +preferences: {} + +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXhOakUyTXpreU1sb1hEVE14TURZeE5ERTJNemt5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2ZBClJFVzlLNUhUMlRSbWxkTE45OUxzLzhiN2ZPVDZJckhqL3F1ZERZWVhBbFN4dG41aVMvYTdVM3BxckZ2VXhIZ0UKL1ZZM2xyWVFYM1VTYkswTjdVZU04OVV3QWs1Y2p0N3pXbTBhOVJrZThJeXFKZGt1QUtSdGlQYUNDc2pDdHovLwozVGRuei9NRStCSSsvOEc2MmRjVVBoL0Z3U3ZHeVV3M1ZrWG9qK0RMV1VwOUhid1kxRkxlYXlwMC9mWUtZdzdQCnh6UUhPZ3dFS1VyaENlWE83Yzg4Tm4wdlVVOHFLbmZpbmNINjFXVGhxQU5zVkMySTRxWUVjOExWSy9TYmtqdkYKL0ZhWDRKVXBxY0w2THgyd1A2L3U0ejQxYmVsUWJtUW5XZ3d1RHc4dDU4eXB6OGZzZWxCRS92di9sVEZOeVVzWApvSVdicEY2K2hlWHJudE1GWWlVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDSXpORCtMbUxQT1k5U0Jxc0kvTVgxajkxYVFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBWW5jeFk4YTNiak8wZWp2Qy9BQVhvS09va1B4dnZKcEpiZTdnT1NmM2EwcDR0bmcxdgpQV1lOZmlKalZhL20ySHJPWlF6cW9qVTJKZmtqT09vcmlIYnFCM2Z2M2h6MFNidW1pR1Y5bHpwUXhwSFFrUUFJCldJYjJ3ek5EQmQ0YTVITmRmR1VCaWxaZC9zR3k2Q21qNTRxZHpHSm5xWThJUDkrUXhESUl0UStqSGQ1ZitYdGMKYXh0eEpvVjB3cjIzVkp0MjZJQjExMUJPZW02UmZOeHVDNkdtdUVSYWRBLzA1M0lQSEhyMVZ4UXFFVTNXWjJNMwpJZEEzSmt3RWU1dTdUbFhCT0RRdVJuWGdwUHZGMk9mY2dDajZETUVrdXNnT2tVUWxPdG4ycUt5VVNLdUlZRko1CjQrVFNma2FmSGw2aU5lSTFGcGpWbkdoSDZNZ0RaWXd2ZC9QTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://9a870b0b-5da8-4282-9100-06d7be6a8920.cpc1-us-central.linodelke.net:443 + name: lke29062 + +users: +- name: lke29062-admin + user: + as-user-extra: {} + token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImNjbnpYTTk1VWdmZ0YzV3B2RzR1eUYtdmtRWEF4Z2xFZTFPMlJGSThMak0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsa2UtYWRtaW4tdG9rZW4tbmQ4Y3QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibGtlLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTE5ODFmNDEtZjMyYi00M2JjLWJhNDctOTRmOGE4ZDQxMjllIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmxrZS1hZG1pbiJ9.Ma62VuZAFxaMW-rpgnNlg6-ur3y7yCue841m3sNgO_kn6ISr2VUDqDAgXIqyc6LP3qhuIf_h6dVAqAPVHhQGnSRtK_q5b_n96A90VBwY5iYkhx4RF_uqxXmkYwG1-01YMctsTN2mPvnllruNF9z0ZxMiGaF4lbSZczM-L4Rwwt-5SlzBelPvPosUqQWfzrNVMO83YBK5Wk6pO_GXpFC1TAkBDe7oridIA9H8MD_qpqoNo76ZmVXxp9XGc0w0BM9ZRYsnSUNxl_Yha_D7V4pTU5GSFrn0MaNNHZGd2UFPU0fkHcLudE7cqGqlvawXA3AWKBC3La9Dl9rGNBPlAHtf7A + +contexts: +- context: + cluster: lke29062 + namespace: default + user: lke29062-admin + name: lke29062-ctx + +current-context: lke29062-ctx diff --git a/k8s/webrtc_be/webrtc_be-deployment.yaml b/k8s/webrtc_be/webrtc_be-deployment.yaml new file mode 100644 index 0000000..a118809 --- /dev/null +++ b/k8s/webrtc_be/webrtc_be-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webrtc-be-deployment + labels: + app: webrtc-be +spec: + replicas: 1 + selector: + matchLabels: + app: webrtc-be + template: + metadata: + labels: + app: webrtc-be + spec: + hostNetwork: true + containers: + - name: webrtc-be + image: gcr.io/tough-craft-276813/webrtc-be:latest + env: + - name: RTC_MIN_PORT + value: "30000" + - name: RTC_MAX_PORT + value: "32768" + ports: + - name: websocket-port + containerPort: 5001 diff --git a/k8s/webrtc_be/webrtc_be-ingress.yaml b/k8s/webrtc_be/webrtc_be-ingress.yaml new file mode 100644 index 0000000..d306901 --- /dev/null +++ b/k8s/webrtc_be/webrtc_be-ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: haproxy + haproxy.org/ssl-redirect: "false" + cert-manager.io/cluster-issuer: letsencrypt-production + name: webrtc-be +spec: + rules: + - host: webrtc-be.staging.video.jamkazam.com + http: + paths: + - backend: + serviceName: webrtc-be-service + servicePort: 80 + path: / + tls: + - secretName: production-cert + hosts: + - webrtc-be.staging.video.jamkazam.com \ No newline at end of file diff --git a/k8s/webrtc_be/webrtc_be-service.yaml b/k8s/webrtc_be/webrtc_be-service.yaml new file mode 100644 index 0000000..d4508b4 --- /dev/null +++ b/k8s/webrtc_be/webrtc_be-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: webrtc-be-service + labels: + app: webrtc-be +spec: + #type: NodePort + ports: + - name: websocket-port + port: 80 + targetPort: websocket-port + protocol: TCP + selector: + app: webrtc-be diff --git a/k8s/webrtc_fe/webrtc_fe-deployment.yaml b/k8s/webrtc_fe/webrtc_fe-deployment.yaml new file mode 100644 index 0000000..c3a72f5 --- /dev/null +++ b/k8s/webrtc_fe/webrtc_fe-deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webrtc-fe-deployment + labels: + app: webrtc-fe +spec: + replicas: 1 + selector: + matchLabels: + app: webrtc-fe + template: + metadata: + labels: + app: webrtc-fe + spec: + containers: + - name: webrtc-fe + image: gcr.io/tough-craft-276813/webrtc_fe:prod-0.1.8 + ports: + - containerPort: 80 + env: + - name: REACT_APP_WS_BACKEND_URL + value: webrtc-be.staging.video.jamkazam.com \ No newline at end of file diff --git a/k8s/webrtc_fe/webrtc_fe-ingress.yaml b/k8s/webrtc_fe/webrtc_fe-ingress.yaml new file mode 100644 index 0000000..fd3848f --- /dev/null +++ b/k8s/webrtc_fe/webrtc_fe-ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: haproxy + haproxy.org/ssl-redirect: "false" + cert-manager.io/cluster-issuer: letsencrypt-production + name: webrtc-fe +spec: + rules: + - host: staging.video.jamkazam.com + http: + paths: + - backend: + serviceName: webrtc-fe-service + servicePort: 80 + path: / + tls: + - secretName: staging-cert + hosts: + - staging.video.jamkazam.com \ No newline at end of file diff --git a/k8s/webrtc_fe/webrtc_fe-service.yaml b/k8s/webrtc_fe/webrtc_fe-service.yaml new file mode 100644 index 0000000..caef13a --- /dev/null +++ b/k8s/webrtc_fe/webrtc_fe-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: webrtc-fe-service + labels: + app: webrtc-fe +spec: + ports: + - port: 80 + protocol: TCP + selector: + app: webrtc-fe diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl new file mode 100644 index 0000000..a3d5b14 --- /dev/null +++ b/terraform/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/linode/linode" { + version = "1.18.0" + hashes = [ + "h1:vzGqhhDzEN8pJ6KIr8cXdzvyNb133PLkL9pQGpNgdo4=", + "zh:0ead391cba4eccff9d46c91e9260ce5e2ccfd69e2aebef253768ce29e2de3a7d", + "zh:27708a55d1ba1594086c2015441243a38a608f68ea2f82f1d759c6baf2a0df14", + "zh:3d355a270e7eaeafd5044a326c527c23742b312376368e1019e3caa779cdbc91", + "zh:41dde82124e6c2e2640ef2963fe4f6faf16f8e8b82e7dbaebfdec7b781f5455a", + "zh:51e9139cdc1386053c6834585139dc74d6fb7653a00b495377bc445b5e532218", + "zh:6ba6560bf23736a2a6e4c0899afd2c25cac6697d90cf2573449fe9b655f87920", + "zh:79c1fa8e3a8705eee73f171229ff47688deaff8468cdf28fddaafe5aef7e2d8d", + "zh:80b008ded1c71313c4f76e5569142e3a56b866f7693e57270d15f13fc7af1e14", + "zh:b0ebb1e83e8d999dc1d8feecf9c1e293cd61fe72271610284fdcce46d4a8a7ed", + "zh:bdaa786f0381ccd61404ea1835733e852e9747f1daf9a63bd4149073dbce85b6", + "zh:c67cd9e8d4880dfa6cbbd25aa7fcd9c07a76f4801180ac3988ff3f84ede6181f", + "zh:c8ee62dfd07d83dd362b8ba5f13a957e1ec8107b22ac168da4fa8470c4537a33", + "zh:cf7bdc5eac5df6cfc6ab5c7cafaba72b6bf5a155017e25edc6d9dc192bb6d2ed", + ] +} diff --git a/terraform/lke.tf b/terraform/lke.tf new file mode 100644 index 0000000..59a6dad --- /dev/null +++ b/terraform/lke.tf @@ -0,0 +1,11 @@ +resource "linode_lke_cluster" "my-cluster" { + label = "video-cluster" + k8s_version = "1.21" + region = "us-central" + tags = ["staging"] + + pool { + type = "g6-standard-2" + count = 3 + } +} \ No newline at end of file diff --git a/terraform/terraform.tf b/terraform/terraform.tf new file mode 100644 index 0000000..e5326e3 --- /dev/null +++ b/terraform/terraform.tf @@ -0,0 +1,22 @@ + +terraform { + required_version = "=1.0" + backend "s3" { + encrypt = true + bucket = "jamkazam-terraform" + region = "us-east-1" + key = "video.tfstate" + } + required_providers { + linode = { + source = "linode/linode" + } + } +} + +provider "linode" { + +} + + +