seth
/
video-iac
mirror of https://bitbucket.org/jamkazam/video-iac.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://bitbucket.org/jamkazam/video-iac

This commit is contained in:
Victor Barba Martin 2021-11-17 13:29:56 +01:00
parent d6cceb0f12 ac350f689b
commit d4c0615b38
39 changed files with 219 additions and 361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
bitbucket-pipelines.yml
View File

@ -1,14 +1,6 @@
# Template docker-push
# This template allows you to build and push your docker image to a Docker Hub account.
# The workflow allows running tests, code linting and security scans on feature branches (as well as master).
# The docker image will be validated and pushed to the docker registry after the code is merged to master.
# Prerequisites: $DOCKERHUB_USERNAME, $DOCKERHUB_PASSWORD setup as deployment variables
---
image: atlassian/default-image:2
definitions:
services:
docker:
@ -17,10 +9,10 @@ pipelines:
default:
- parallel:
- step:
name: Build and Test
name: Build images
script:
- docker build . --file k8s/Dockerfile-autoscaler --tag autoscaler-${BITBUCKET_REPO_SLUG}
- docker build . --file k8s/Dockerfile-coturn-dns --tag coturn-dns-${BITBUCKET_REPO_SLUG}
- docker build . --file docker/coturn/Dockerfile --tag coturn
- docker build . --file docker/coturn-dns/Dockerfile --tag coturn-dns
services:
- docker
caches:
@ -29,17 +21,17 @@ pipelines:
name: Lint the Dockerfile
image: hadolint/hadolint:latest-debian
script:
- hadolint Dockerfile-autoscaler
- hadolint Docuerfile-coturn-dns
- hadolint docker/coturn/Dockerfile
- hadolint docker/coturn-dns/Dockerfile
branches:
main:
- step:
name: Build and Test
name: Build images
script:
- docker build . --file k8s/Dockerfile-autoscaler --tag autoscaler-${BITBUCKET_REPO_SLUG}
- docker build . --file k8s/Dockerfile-coturn-dns --tag coturn-dns-${BITBUCKET_REPO_SLUG}
- docker save autoscaler-${BITBUCKET_REPO_SLUG} --output "autoscaler-${BITBUCKET_REPO_SLUG}.tar"
- docker save coturn-dns-${BITBUCKET_REPO_SLUG} --output "coturn-dns-${BITBUCKET_REPO_SLUG}.tar"
- docker build . --file docker/coturn/Dockerfile --tag coturn
- docker build . --file docker/coturn-dns/Dockerfile --tag coturn-dns
- docker save coturn --output "coturn.tar"
- docker save coturn-dns --output "coturn-dns.tar"
services:
- docker
caches:
@ -47,96 +39,41 @@ pipelines:
artifacts:
- "*.tar"
- step:
name: Push docker images to GCR
name: Push images
image: google/cloud-sdk:alpine
script:
# Authenticating with the service account key file
- echo $GCLOUD_API_KEYFILE | base64 -d > ./gcloud-api-key.json
- gcloud auth activate-service-account --key-file gcloud-api-key.json
- gcloud config set project $GCLOUD_PROJECT
- docker load --input "autoscaler-${BITBUCKET_REPO_SLUG}.tar"
- docker load --input "coturn-dns-${BITBUCKET_REPO_SLUG}.tar"
- VERSION="prod-0.1.${BITBUCKET_BUILD_NUMBER}"
- docker tag "autoscaler-${BITBUCKET_REPO_SLUG}" "gcr.io/${GCLOUD_PROJECT}/autoscaler:${VERSION}"
- docker tag "coturn-dns-${BITBUCKET_REPO_SLUG}" "gcr.io/${GCLOUD_PROJECT}/coturn-dns:${VERSION}"
# Login to google docker hub
- cat ./gcloud-api-key.json | docker login -u _json_key --password-stdin https://gcr.io
- docker push "gcr.io/${GCLOUD_PROJECT}/autoscaler:${VERSION}"
# Push Docker images
- VERSION="latest"
- docker load --input "coturn.tar"
- docker load --input "coturn-dns.tar"
- docker tag "coturn" "gcr.io/${GCLOUD_PROJECT}/coturn:${VERSION}"
- docker tag "coturn-dns" "gcr.io/${GCLOUD_PROJECT}/coturn-dns:${VERSION}"
- docker push "gcr.io/${GCLOUD_PROJECT}/coturn:${VERSION}"
- docker push "gcr.io/${GCLOUD_PROJECT}/coturn-dns:${VERSION}"
services:
- docker
# - step: Deploy haproxy ingress controller
# % helm install haproxy-ingress haproxy-ingress/haproxy-ingress\
# --create-namespace --namespace ingress-controller\
# --version 0.13.1\
# -f k8s/haproxy/haproxy-ingress-values.yaml
# helm upgrade -n ingress-controller -f k8s/haproxy/haproxy-ingress-values.yaml haproxy-ingress haproxy-ingress/haproxy-ingress --version 0.13.1
# kubectl --namespace ingress-controller patch deployment haproxy-ingress -p '{"spec":{"template":{"spec":{"containers":[{"name":"haproxy-ingress","ports":[{"name":"exporter","containerPort":9105},{"name":"ingress-stats","containerPort":10254}]}]}}}}'
# - step: Deploy cert-manager
# helm install \
# cert-manager jetstack/cert-manager \
# --namespace cert-manager \
# --create-namespace \
# --version v1.5.0 \
# --set installCRDs=true
# $ kubectl apply -f k8s/cert-manager/cluster-issuer-production.yaml
# - step: Deploy GCR credentials
# kubectl create secret docker-registry gcr-json-key \
# --docker-server=gcr.io \
# --docker-username=_json_key \
# --docker-password="$(cat k8s/gcp.json)" \
# --docker-email=any@valid.email
# kubectl patch serviceaccount default \
# -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'
# Deploy nginx ingress controller
# helm install nginx-ingress stable/nginx-ingress
# Deploy monitoring clusterissuer
# kubectl apply -f k8s/monitoring/clusterissuer.yaml
# Deploy monitoring certificate
# kubectl apply -f k8s/monitoring/certificate.yaml
# Deploy monitoring helm
# helm install \
# monitoring stable/prometheus-operator \
# -f k8s/monitoring/helm-values.yaml \
# --namespace monitoring \
# --set grafana.adminPassword=jamkazamMonitoring
- step:
name: Deploy to K8s
deployment: production
name: Deploy to staging
deployment: staging
script:
- AUTOSCALER_IMAGE="gcr.io/$GCLOUD_PROJECT/autoscaler:prod-0.1.$BITBUCKET_BUILD_NUMBER"
- COTURN_DNS_IMAGE="gcr.io/$GCLOUD_PROJECT/coturn-dns:prod-0.1.$BITBUCKET_BUILD_NUMBER"
- sed -i "s|{{linode_autoscaler_image}}|$AUTOSCALER_IMAGE|g" k8s/linode-autoscaler/production-webrtc-be-autoscaler.yaml
- sed -i "s|{{linode_autoscaler_image}}|$AUTOSCALER_IMAGE|g" k8s/linode-autoscaler/production-coturn-autoscaler.yaml
- sed -i "s|{{coturn_dns_image}}|$COTURN_DNS_IMAGE|g" k8s/coturn-dns/production-coturn-dns.yaml
# - pipe: atlassian/kubectl-run:1.1.2
# variables:
# KUBE_CONFIG: $KUBE_CONFIG_PRD
# KUBECTL_COMMAND: 'apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml'
- pipe: atlassian/kubectl-run:1.1.2
variables:
KUBE_CONFIG: $KUBE_CONFIG_PRD
KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: 'k8s/linode-autoscaler/linode-autoscaler-namespace-secrets.yaml'
KUBE_CONFIG: $KUBE_CONFIG_STG
KUBECTL_COMMAND: '-n coturn rollout restart deployment/coturn'
- pipe: atlassian/kubectl-run:1.1.2
variables:
KUBE_CONFIG: $KUBE_CONFIG_PRD
KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: 'k8s/linode-autoscaler/production-coturn-autoscaler.yaml'
KUBE_CONFIG: $KUBE_CONFIG_STG
KUBECTL_COMMAND: '-n coturn rollout status -w deployment/coturn'
- pipe: atlassian/kubectl-run:1.1.2
variables:
KUBE_CONFIG: $KUBE_CONFIG_PRD
KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: 'k8s/coturn-dns/production-coturn-dns.yaml'
KUBE_CONFIG: $KUBE_CONFIG_STG
KUBECTL_COMMAND: '-n coturn-dns rollout restart deployment/coturn-dns'
- pipe: atlassian/kubectl-run:1.1.2
variables:
KUBE_CONFIG: $KUBE_CONFIG_STG
KUBECTL_COMMAND: '-n coturn-dns rollout status -w deployment/coturn-dns'

6
docker/coturn-dns/Dockerfile
View File

@ -2,9 +2,7 @@ FROM python:3
WORKDIR /app
COPY requirements.txt requirements.txt
COPY docker/coturn-dns/requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
COPY pod-node-register.py .
COPY docker/coturn-dns/. .
CMD [ "python3", "pod-node-register.py"]

4
docker/coturn-dns/pod-node-register.py
View File

@ -7,7 +7,7 @@ HOSTED_ZONE=os.environ['HOSTED_ZONE']
COTURN_DOMAIN_NAME=os.environ['COTURN_DOMAIN_NAME']
COTURN_DOMAIN_NAME="coturn.staging.video.jamkazam.com"
config.load_kube_config()
config.load_incluster_config()
v1 = client.CoreV1Api()
while(True):
@ -18,7 +18,7 @@ while(True):
node_status = v1.read_node(name=i.spec.node_name)
for adr in node_status.status.addresses:
if adr.type=="ExternalIP":
ips.append(adr.address)
ips.append({'Value': adr.address})
print("Node IPs: "+str(ips))

7
docker/coturn/rootfs/etc/coturn/turnserver.conf
View File

@ -1,6 +1,7 @@
min-port=49152
max-port=65535
lt-cred-mech
user=username:password
realm=jamkazam.com
syslog
static-auth-secret=j@mk@Z@3
syslog
verbose
fingerprint

7
k8s/alertmanager-slack/kustomization.yaml
View File

@ -1,7 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- alertmanager-slack-config.yaml

24
k8s/applications/templates/alertmanager-slack.yaml
View File

@ -1,24 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: alertmanager-slack
spec:
destination:
name: ''
namespace: alertmanager-slack
server: 'https://kubernetes.default.svc'
source:
path: k8s/alertmanager-slack
repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

21
k8s/applications/templates/argocd.yaml
View File

@ -4,7 +4,6 @@ metadata:
name: argocd
spec:
destination:
name: ''
namespace: argocd
server: 'https://kubernetes.default.svc'
source:
@ -12,13 +11,13 @@ spec:
repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
# syncPolicy:
# automated:
# prune: true
# allowEmpty: false
# retry:
# limit: 5
# backoff:
# duration: 5s
# factor: 2
# maxDuration: 3m

18
k8s/applications/templates/coturn-dns.yaml
View File

@ -18,12 +18,12 @@ spec:
syncPolicy:
syncOptions:
- CreateNamespace=true
# automated:
# prune: true
# allowEmpty: false
# retry:
# limit: 5
# backoff:
# duration: 5s
# factor: 2
# maxDuration: 3m
automated:
prune: true
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

18
k8s/applications/templates/coturn.yaml
View File

@ -15,12 +15,12 @@ spec:
syncPolicy:
syncOptions:
- CreateNamespace=true
# automated:
# prune: true
# allowEmpty: false
# retry:
# limit: 5
# backoff:
# duration: 5s
# factor: 2
# maxDuration: 3m
automated:
prune: true
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

36
k8s/applications/templates/haproxy-ingress.yaml
View File

@ -1,36 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: haproxy-ingress
spec:
destination:
name: ''
namespace: haproxy-ingress
server: 'https://kubernetes.default.svc'
source:
path: ''
repoURL: 'https://haproxy-ingress.github.io/charts'
targetRevision: 0.13.4
chart: haproxy-ingress
# helm:
# parameters:
# - name: controller.hostNetwork
# value: 'true'
# valueFiles: []
# values: |-
# controller:
# hostNetwork: true
# prometheus-port: "9105"
project: default
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

3
k8s/applications/templates/webrtc-be.yaml
View File

@ -8,6 +8,9 @@ spec:
namespace: webrtc-be
server: 'https://kubernetes.default.svc'
source:
helm:
valueFiles:
- values-{{ .Values.environment }}.yaml
path: k8s/webrtc-be
repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
targetRevision: HEAD

2
k8s/applications/values-staging.yaml
View File

@ -1 +1 @@
environment: staging
environment: "staging"

5
k8s/applications/templates/applications.yaml → k8s/argocd/base/applications.yaml
View File

@ -8,14 +8,13 @@ spec:
namespace: argocd
server: 'https://kubernetes.default.svc'
source:
helm:
valueFiles:
- values-{{ .Values.environment }}.yaml
path: k8s/applications
repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
targetRevision: HEAD
project: default
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
allowEmpty: false

7
k8s/argocd/base/ingress.yaml
View File

@ -8,13 +8,10 @@ metadata:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# If you encounter a redirect loop or are getting a 307 response code
# then you need to force the nginx ingress to connect to the backend using HTTPS.
#
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: example.com
- host: hostname
http:
paths:
- path: /
@ -26,5 +23,5 @@ spec:
name: https
tls:
- hosts:
- example.com
- hostname
secretName: argocd-secret # do not change, this is provided by Argo CD

1
k8s/argocd/base/kustomization.yaml
View File

@ -5,3 +5,4 @@ namespace: argocd
resources:
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- ingress.yaml
- applications.yaml

9
k8s/argocd/overlays/staging/applications.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: applications
spec:
source:
helm:
valueFiles:
- values-staging.yaml

10
k8s/argocd/overlays/staging/kustomization.yaml
View File

@ -1,7 +1,15 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
- ../../base
commonLabels:
app.kubernetes.io/instance: argocd
patchesStrategicMerge:
- applications.yaml
patchesJson6902:
- path: hostname.yaml

20
k8s/cert-manager/cluster-issuer-haproxy.yaml
View File

@ -1,20 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-haproxy-production
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: victor.barba.martin@toptal.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: haproxy-issuer-account-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: haproxy

3
k8s/cert-manager/kustomization.yaml
View File

@ -4,5 +4,4 @@ kind: Kustomization
resources:
- https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml
- cluster-issuer-nginx.yaml
#- cluster-issuer-haproxy.yaml
- cluster-issuer-nginx.yaml

12
k8s/coturn-dns/templates/coturn-dns.yaml → k8s/coturn-dns/templates/deployment.yaml
View File

@ -18,6 +18,8 @@ spec:
labels:
app: coturn-dns
spec:
imagePullSecrets:
- name: gcr-json-key
containers:
- name: coturn-dns
image: gcr.io/tough-craft-276813/coturn-dns:latest
@ -25,21 +27,21 @@ spec:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-user-external-dns
name: aws-user-coturn-dns
key: username
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-user-external-dns
name: aws-user-coturn-dns
key: password
- name: PYTHONUNBUFFERED
value: "1"
- name: HOSTED_ZONE
value: "Z00156242SK162FEXDPVF"
- name: COTURN_DOMAIN_NAME
value: {{ .Values.coturnDomainName }}
value: coturn.{{ .Values.domain }}
resources:
requests:
memory: 32Mi
memory: 128Mi
limits:
memory: 32Mi
memory: 128Mi

0
k8s/webrtc-be/gcr-secret.yml → k8s/coturn-dns/templates/gcr-secret.yml
View File

25
k8s/coturn-dns/templates/rbac.yaml Normal file
View File

@ -0,0 +1,25 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pods-list
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pods-list
subjects:
- kind: ServiceAccount
name: default
namespace: coturn-dns
roleRef:
kind: ClusterRole
name: pods-list
apiGroup: rbac.authorization.k8s.io

2
k8s/coturn-dns/values-staging.yaml
View File

@ -1 +1 @@
coturn-domain-name: "coturn.staging.video.jamkazam.com"
domain: "staging.video.jamkazam.com"

5
k8s/coturn/templates/deployment.yml
View File

@ -20,6 +20,11 @@ spec:
containers:
- name: coturn
image: gcr.io/tough-craft-276813/coturn:latest
resources:
requests:
memory: "3800Mi"
limits:
memory: "3800Mi"
ports:
- containerPort: 3478
name: coturn

12
k8s/gcp.json
View File

@ -1,12 +0,0 @@
{
"type": "service_account",
"project_id": "tough-craft-276813",
"private_key_id": "a8092b39b4eb391e8b1e8ace86d5c463e049e711",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCy18xh+H6vH4qJ\ns0x7syo8rK+dEgy/24dUTqPb54KfBmtXPdKuGCT/ZsoWAPqRhpmbYYe1Po9wNe6E\nXstVCvFq5ev2olJFzauy24UI6bWaXkQX/OHXLho/rn/EJPdcwBBQZ6mtrv+rgLWQ\nhiAHFMeaQSfwGrXeNnKWuT/PlJmDvliORjzm94r9fywzhArJq/lFNh0JWLTHfzVT\n6nhHIrOCQ+6IAszVerU6G7VfTAKoEaFS1OeLFwlUyhwc3SPm7ceLxBqz25APo3qA\nZFYyfLe43XbmKw1gta/QnpnPUtp3Wrm7sk9xy/maLx6xagVaUsGLNjWnZCjaPTkw\npe7FHU5XAgMBAAECggEADBP635ryo00UBByxy6Db92EKMydm6QYga5csBcvqzGaY\nlTm9orhKt1zvxPCn+3AFq7K4gYsKEN/zjckBHmswxrFkcDGiMMilEd01bNarxxMa\nsiwH7IpWh3p3cn20nvTxpRx7Hxm0dpaorGwCebfziv1ffx2urqUqs/cq0hANFhKF\n7bNYiTY6/9ZwWvcorpeu59UgJat2f12+aRUjj3Iu459UlRs6IhfXW2cWhMVHVylF\ng500i7sLrBLAlqGq8HnHkHUcB6sWnrWMBQ3wyqcEnORjVI0Oumaz1tphPEmxBy1n\n12arKrQ3N7Iij6mG/EX9Ha7J3tbFgb5Z9Xn3EObEAQKBgQDXBqm+HMEh35C7Jx7l\nhKdwRx87LhmBgDfGSxrNV0D/O8AFTPIuSDNeYi473AvUjsmnd6tQvtNFD6v8U16k\nRSwrwAr1eM4b8CIZ+nnMKt0ah96E8TyOBdp5Xfs18M4ZL9yddOpVrIVlDiQBIuHR\nZKvYvklxyxi5Ut6UtcNkKSl9VwKBgQDU7BBG//WeGC4N8e61pxfh+oBiNx6RoBt8\n++GPmksRwZYPnHqCtli5GX4UTQIrTAeAzbOzqe5t6G7yPqnJqKfPQnzZEXVu7d51\nFFIU7WAIUPs7AyNKDsWRDQ73q3M2EN3VqjyMX6DuUeTPfASjI8CCju0FtDtzqdm+\nSWDVLDcXAQKBgFRE1DkhY782sq3mAwHIHyateNvkkTJjYXhg7rwSufJNJE/ve+oP\nebI/oAbtkeVXoEf1ajpWzs19+tUEh06xnUH4HVNeaMgiL/smYp1VHxnKrbZEJIs0\nWA7AejcFjH/qdfdvXnb9Cbo09H9NgFpjrcVfrcDe622VwI1fPpf+Wbg5AoGBAIqo\nvKTwFU0CZCOStSi5CzWPw8GyMYcWZDBNfAPfsBl9HzNFbQbopvjL4C5qRApcNdqs\nmuVaubn7jxzUsA9ydO3lV5ao5vf5klBejmGwgESKMEGq9nVJD2I5xdCGZ74C1+RI\nO6wSrqPk0wRHuGFhbAHaAAMh70GQkAt6j8PjSnEBAoGBAK04V8fXPbCBxLoRfMbT\nBjeutWad36oTDuvLoIsMRM1vCF1oxpL+j4+7+hbupQ/UMcLvPN9RmwgJTjxOPN5b\nThwUn6UHfNWlb0pQrw764gMV+3EZgbEzx7pAi8QNEY5gLL0Qd/34eIm1exHuPJtM\n+MLbJDdyJ3PEZL9YOB1uKyC6\n-----END PRIVATE KEY-----\n",
"client_email": "ansible-sa@tough-craft-276813.iam.gserviceaccount.com",
"client_id": "104334872115406805719",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ansible-sa%40tough-craft-276813.iam.gserviceaccount.com"
}

6
k8s/haproxy-monitoring/kustomization.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:

13
k8s/haproxy-monitoring/prometheus-service.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: haproxy-exporter
namespace: ingress-controller
spec:
ports:
- name: exporter
port: 9105
targetPort: exporter
selector:
app.kubernetes.io/instance: haproxy-ingress
app.kubernetes.io/name: haproxy-ingress

18
k8s/haproxy-monitoring/service-monitor.yaml
View File

@ -1,18 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: haproxy
labels:
app: haproxy
release: monitoring
spec:
selector:
matchLabels:
app.kubernetes.io/instance: haproxy-ingress
app.kubernetes.io/name: haproxy-ingress
namespaceSelector:
matchNames:
- ingress-controller
podMetricsEndpoints:
- port: exporter

2
k8s/alertmanager-slack/alertmanager-slack-config.yaml → k8s/monitoring/templates/alertmanager-slack-config.yaml
View File

@ -3,7 +3,6 @@ kind: Secret
type: Opaque
metadata:
name: slack-url
namespace: monitoring
data:
apiUrl: aHR0cHM6Ly9ob29rcy5zbGFjay5jb20vc2VydmljZXMvVDBMNVJBM0UwL0IwMVNNOFJDMzQ2L1hERE9yY1BFN2VBWEpQTUN2YzVGeEl2YQ==
---
@ -11,7 +10,6 @@ apiVersion: monitoring.coreos.com/v1alpha1
kind: AlertmanagerConfig
metadata:
name: slack
namespace: monitoring
labels:
alertmanagerConfig: slack
spec:

3
k8s/webrtc-be/Chart.yaml Normal file
View File

@ -0,0 +1,3 @@
apiVersion: v2
name: webrtc
version: '1.0'

5
k8s/webrtc-be/deployment.yml → k8s/webrtc-be/templates/deployment.yml
View File

@ -20,6 +20,11 @@ spec:
containers:
- name: webrtc-be
image: gcr.io/tough-craft-276813/webrtc_be:prod-0.1.83
resources:
requests:
memory: "3800Mi"
limits:
memory: "3800Mi"
env:
- name: RTC_MIN_PORT
value: "30000"

7
k8s/webrtc-be/templates/gcr-secret.yml Normal file
View File

File diff suppressed because one or more lines are too long

2
k8s/webrtc-be/ingress.yaml → k8s/webrtc-be/templates/ingress.yaml
View File

@ -9,7 +9,7 @@ metadata:
name: webrtc-be
spec:
rules:
- host: &host webrtc-be.staging.video.jamkazam.com
- host: &host {{ .Values.domain }}
http:
paths:
- backend:

0
k8s/webrtc-be/service.yml → k8s/webrtc-be/templates/service.yml
View File

1
k8s/webrtc-be/values-staging.yaml Normal file
View File

@ -0,0 +1 @@
domain: "webrtc-be.staging.video.jamkazam.com"

76
terraform/.terraform.lock.hcl
View File

@ -19,20 +19,38 @@ provider "registry.terraform.io/gavinbunney/kubectl" {
}
provider "registry.terraform.io/hashicorp/aws" {
version = "3.63.0"
version = "3.65.0"
hashes = [
"h1:Z+2GvXLgqQ/uPMH8dv+dXJ/t+jd6sriYjhCJS6kSO6g=",
"zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287",
"zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325",
"zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748",
"zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2",
"zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e",
"zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3",
"zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f",
"zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d",
"zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6",
"zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af",
"zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3",
"h1:GCDkcISN83t+JK2U+ie3vaECnyxK0Sr6GjO7IrBOVeo=",
"zh:108aeaf5e18087d9ac852737a5be1347a28e40825817cc1a29ec523d40268294",
"zh:1a719c0c9754f906b2220d3bbf90d483ec0a74cf87768a464d2d657b7901ec6b",
"zh:21acdc35ae70a626cbc81eff06181a78843f1ddc2d9200f80fabf2e0466ecbda",
"zh:28846628e1a4227a1f2db256d6b22ed36922f37632999af7404aa74703cd9bfb",
"zh:32455550dbf86ae07d9782650e86d23c4fa13d7872e48680044692894e8da6ea",
"zh:4241246274627c752f9aef2806e810053306001e80fc5b51d27cbe997f75f95e",
"zh:5ca0fab3ceb3f41a97c1ebd29561a034cb83fda04da35fd5f8c3c5cb97bb3ea8",
"zh:5fed3b79d4ed6424055e8bbfb7a4393e8db5102cdba04b4590f8e0f4194637fb",
"zh:99a0bc325b0a59ded1152546c004953a2bb0e110978bf0cc55e1804384941bdb",
"zh:e74f9190a417c891992210f9af937ef55749d86a04762d982260fbbc989342a7",
"zh:fb6984405ca63d0373bd992ce157e933b8ae9dd94d74b1c5691632f062fe60b2",
]
}
provider "registry.terraform.io/hashicorp/helm" {
version = "2.4.1"
hashes = [
"h1:CLb4n9f/hLyqqq0zbc+h5SuNOB7KnO65qOOb+ohwsKA=",
"zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14",
"zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5",
"zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526",
"zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772",
"zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd",
"zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e",
"zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0",
"zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3",
"zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f",
"zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67",
"zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e",
]
}
@ -113,21 +131,23 @@ provider "registry.terraform.io/kbst/kustomization" {
}
provider "registry.terraform.io/linode/linode" {
version = "1.18.0"
version = "1.24.0"
constraints = "1.24.0"
hashes = [
"h1:vzGqhhDzEN8pJ6KIr8cXdzvyNb133PLkL9pQGpNgdo4=",
"zh:0ead391cba4eccff9d46c91e9260ce5e2ccfd69e2aebef253768ce29e2de3a7d",
"zh:27708a55d1ba1594086c2015441243a38a608f68ea2f82f1d759c6baf2a0df14",
"zh:3d355a270e7eaeafd5044a326c527c23742b312376368e1019e3caa779cdbc91",
"zh:41dde82124e6c2e2640ef2963fe4f6faf16f8e8b82e7dbaebfdec7b781f5455a",
"zh:51e9139cdc1386053c6834585139dc74d6fb7653a00b495377bc445b5e532218",
"zh:6ba6560bf23736a2a6e4c0899afd2c25cac6697d90cf2573449fe9b655f87920",
"zh:79c1fa8e3a8705eee73f171229ff47688deaff8468cdf28fddaafe5aef7e2d8d",
"zh:80b008ded1c71313c4f76e5569142e3a56b866f7693e57270d15f13fc7af1e14",
"zh:b0ebb1e83e8d999dc1d8feecf9c1e293cd61fe72271610284fdcce46d4a8a7ed",
"zh:bdaa786f0381ccd61404ea1835733e852e9747f1daf9a63bd4149073dbce85b6",
"zh:c67cd9e8d4880dfa6cbbd25aa7fcd9c07a76f4801180ac3988ff3f84ede6181f",
"zh:c8ee62dfd07d83dd362b8ba5f13a957e1ec8107b22ac168da4fa8470c4537a33",
"zh:cf7bdc5eac5df6cfc6ab5c7cafaba72b6bf5a155017e25edc6d9dc192bb6d2ed",
"h1:k1aiT3JCgzUvNxpT5EznQSRigqEdAwaSkQ4PoJVhXDM=",
"zh:06d87467ec78e7dc9c57bcdd1874a648c8e463ea067b158c00583e71aa26dfa1",
"zh:1ed95f626255e53dfa9df3b2a2c67a1445ae5224bbc9244c1bc4961e635aabfa",
"zh:3e6b338004f9cf82e7a6aaeffae7d0e064489b12ed1898400cf9c13703f0e5d0",
"zh:40e18d4fdeac61a06cf1e5208ad46bcf5d989083ad535c9450c46c425098dd4a",
"zh:4c35b67a148d0cac7a42c919c3cfd2198bc113ae3c12167b3ad8dc6aa785ec84",
"zh:5240744778bc865a8c2f14a71649b7a0097cdb681e48359ba3718f8b516fc577",
"zh:54af2b3cb45d17fc5563e7d1b86aafc38d3f4ac11b0aaf42ca9c74d53fdff7dc",
"zh:79c675e7251090761a4010aafaf144c4cea6940b49c4341f72d6a04126214543",
"zh:8538680134057d39fed6a010327faed12d26c8d33a369662766e2818777a7a8b",
"zh:8c8423769e0aae0f291fa381ab78e13c51d6c8f49336cbb7fd8a1a990a9f941f",
"zh:bcda0537da1ddccd2f05e9e123086a6b84aaeb11a22082d6734c777a95162ff0",
"zh:bfa7fc09a14c764b90280ab7414d376238515d80e940cdd0bc84fa1943e3b55c",
"zh:d44c1ba3514d19356c5654821ae43ede198bff1c1e5b5d496292f66fb750ca9f",
"zh:fae47b8424f7a38a844f78508f8b05cc69c2110b04fa9df666173d50761e855b",
]
}

36
terraform/kubernetes.tf
View File

@ -57,38 +57,28 @@ resource "kubernetes_secret" "bitbucket_ssh_argocd_key" {
}
resource "kubernetes_namespace" "coturn" {
resource "kubernetes_namespace" "coturn-dns" {
depends_on = [local_file.kubeconfig]
metadata {
name = "coturn"
name = "coturn-dns"
}
}
resource "kubernetes_config_map" "coturn_pool" {
resource "kubernetes_secret" "aws_user_coturn_dns" {
depends_on = [kubernetes_namespace.coturn-dns]
metadata {
name = "linode-pool"
namespace = "coturn"
name = "aws-user-coturn-dns"
namespace = "coturn-dns"
}
data = {
pool = linode_lke_cluster.stg-video-cluster.pool[2].id
}
}
resource "kubernetes_namespace" "webrtc" {
depends_on = [local_file.kubeconfig]
metadata {
name = "webrtc"
}
}
resource "kubernetes_config_map" "webrtc_pool" {
metadata {
name = "linode-pool"
namespace = "webrtc"
username = aws_iam_access_key.lke-external-dns.id
password = aws_iam_access_key.lke-external-dns.secret
}
data = {
pool = linode_lke_cluster.stg-video-cluster.pool[1].id
}
type = "kubernetes.io/basic-auth"
}

22
terraform/lke.tf
View File

@ -6,21 +6,13 @@ resource "linode_lke_cluster" "stg-video-cluster" {
region = "us-central"
tags = ["staging"]
# Services
pool {
type = "g6-standard-2"
count = 1
}
# WebRTC-BE pool
pool {
type = "g6-standard-2"
count = 1
}
# Coturn pool
pool {
type = "g6-standard-2"
count = 1
count = 6
autoscaler {
min = 3
max = 10
}
}
}
@ -34,9 +26,7 @@ provider "kubernetes" {
config_path = local_file.kubeconfig.filename
}
provider "kustomization" {
kubeconfig_path = local_file.kubeconfig.filename
}
resource "linode_lke_cluster" "prd-video-cluster" {
label = "prd-video-cluster"

7
terraform/terraform.tf
View File

@ -9,11 +9,8 @@ terraform {
}
required_providers {
linode = {
source = "linode/linode"
}
kustomization = {
source = "kbst/kustomization"
version = "0.6.0"
source = "linode/linode"
version = "1.24.0"
}
}
}