feat(sandbox): k8s-yaml-to-hcl (#280)

sandbox/README.md

@@ -159,7 +159,7 @@ chmod +x ./build.sh
 Now create the `sourceloop-sandbox` namespace.
 
 ```sh
-$ microk8s kubectl apply -f namespaces/
+$ microk8s kubectl apply -f k8s/manifests/namespaces/
 namespace/sourceloop-sandbox created
 ```
 
@@ -178,7 +178,7 @@ Switched to context "sourceloop-sandbox".
 Now create the rest of the resources
 
 ```sh
-microk8s kubectl apply -f . --recursive
+microk8s kubectl apply -f k8s/manifests/ --recursive
 ```
 
 To avoid adding a host header to every request, add the following entries to your host file
@@ -191,7 +191,31 @@ To avoid adding a host header to every request, add the following entries to you
 127.0.0.1	scheduler.sourceloop.local
 127.0.0.1	video.sourceloop.local
 127.0.0.1	workflow.sourceloop.local
+127.0.0.1	camunda.sourceloop.local
 ```
 
 You're local setup is now up and running. 
 
+To view the dashboard, run
+
+```sh
+$ microk8s dashboard-proxy
+```
+
+### Terraform Setup
+
+If you prefer to use the Terraform module, follow the steps below. Terraform 0.14 + is required.
+
+Perform the same steps above to:
+
+* Enable `microk8s` services
+* Adding host header entries
+* Running the container build script
+
+```sh
+cd k8s/tf-sourceloop-sandbox
+terraform init
+terraform apply
+```
+
+See the [readme](./k8s/tf-sourceloop-sandbox/README.md) for more information on the Terraform module.

sandbox/build.sh

@@ -2,11 +2,14 @@
 REGISTRY=$1
 
 if [ -z "$REGISTRY" ];
-  then REGISTRY="localhost:32000";
-  else echo "${REGISTRY}"
+  then
+    REGISTRY="localhost:32000";
+    echo "${REGISTRY}"
+  else
+    echo "${REGISTRY}"
 fi
 
-docker-compose build
+export REGISTRY=$REGISTRY; docker-compose build
 docker push ${REGISTRY}/auth-multitenant-example
 docker push ${REGISTRY}/notification-socket-example
 docker push ${REGISTRY}/workflow-ms-example

sandbox/docker-compose.yml

@@ -142,7 +142,7 @@ services:
     restart: on-failure
 
   auth-multitenant-migration:
-    image: ${REGISTRY:-localhost:32000}/auth-multitenant-example:latest
+    image: ${REGISTRY:-localhost:32000}/auth-multitenant-example
     build:
       context: ./auth-multitenant-example
       dockerfile: Dockerfile
@@ -198,7 +198,7 @@ services:
     restart: on-failure
 
   workflow-migration:
-    image: ${REGISTRY:-localhost:32000}/workflow-ms-example:latest
+    image: ${REGISTRY:-localhost:32000}/workflow-ms-example
     build:
       context: ./workflow-ms-example
       dockerfile: Dockerfile
@@ -228,7 +228,7 @@ services:
     restart: on-failure
 
   audit-ms-migration:
-    image: ${REGISTRY:-localhost:32000}/audit-ms-example:latest
+    image: ${REGISTRY:-localhost:32000}/audit-ms-example
     command: sh -c "sleep 60 && npm run db:migrate"
     build:
       context: ./audit-ms-example

sandbox/k8s/manifests/audit-ms-example/audit-ms-migration-pod.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+#    network/sourceloop-sanbox: "true"
+    io.sourceloop.service: audit-ms-migration
+  name: audit-ms-migration
+  namespace: sourceloop-sandbox
+spec:
+  containers:
+    - args:
+        - sh
+        - -c
+        - sleep 60 && npm run db:migrate
+      env:
+        - name: DB_DATABASE
+          value: audit_db
+        - name: DB_HOST
+          value: postgres.sourceloop-sandbox.svc.cluster.local
+        - name: DB_PASSWORD
+          value: changeme
+        - name: DB_PORT
+          value: "5432"
+        - name: DB_USER
+          value: postgres
+        - name: JWT_ISSUER
+          value: https://loopback4-microservice-catalog
+        - name: JWT_SECRET
+          value: i_am_a_strong_secret
+        - name: LOG_LEVEL
+          value: debug
+        - name: NODE_ENV
+          value: dev
+        - name: REDIS_DB
+          value: "0"
+        - name: REDIS_HOST
+          value: redis
+        - name: REDIS_PASSWORD
+          value: test
+        - name: REDIS_PORT
+          value: "6379"
+      image: localhost:32000/audit-ms-example:latest
+      name: audit-ms-migration
+      resources: {}
+  restartPolicy: OnFailure
+status: {}

sandbox/k8s/manifests/auth-multitenant-example/auth-multitenant-migration-pod.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+#    network/sourceloop-sanbox: "true"
+    io.sourceloop.service: auth-multitenant-migration
+  name: auth-multitenant-migration
+  namespace: sourceloop-sandbox
+spec:
+  containers:
+    - args:
+        - sh
+        - -c
+        - sleep 60 && npm run db:migrate
+      env:
+        - name: DB_DATABASE
+          value: authentication_db
+        - name: DB_HOST
+          value: postgres.sourceloop-sandbox.svc.cluster.local
+        - name: DB_PASSWORD
+          value: changeme
+        - name: DB_PORT
+          value: "5432"
+        - name: DB_SCHEMA
+          value: main
+        - name: DB_USER
+          value: postgres
+        - name: JWT_ISSUER
+          value: https://loopback4-microservice-catalog
+        - name: JWT_SECRET
+          value: i_am_a_strong_secret
+        - name: KEYCLOAK_CALLBACK_URL
+          value: test
+        - name: KEYCLOAK_CLIENT_ID
+          value: test
+        - name: KEYCLOAK_CLIENT_SECRET
+          value: test
+        - name: KEYCLOAK_HOST
+          value: test
+        - name: KEYCLOAK_REALM
+          value: test
+        - name: LOCALE
+          value: en
+        - name: LOG_LEVEL
+          value: debug
+        - name: NODE_ENV
+          value: dev
+        - name: RATE_LIMITER_MAX_REQS
+          value: "100"
+        - name: RATE_LIMITER_WINDOW_MS
+          value: "100"
+        - name: REDIS_DB
+          value: "0"
+        - name: REDIS_HOST
+          value: redis
+        - name: REDIS_PORT
+          value: "6379"
+        - name: USER_TEMP_PASSWORD
+          value: tempP@ssw0rd
+        - name: X_FRAME_OPTIONS
+          value: SAMEORIGIN
+      image: localhost:32000/auth-multitenant-example:latest
+      name: auth-multitenant-migration
+      resources: {}
+  restartPolicy: OnFailure
+status: {}

sandbox/k8s/manifests/ingress/sourceloop-sandbox-ingress.yaml

@@ -0,0 +1,105 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sourceloop-sandbox-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+  namespace: sourceloop-sandbox
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: health-check-svc
+                port:
+                  number: 80
+          - path: /test-fan-out
+            pathType: Prefix
+            backend:
+              service:
+                name: health-check-svc
+                port:
+                  number: 80
+    - host: pgadmin.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: pgadmin
+                port:
+                  number: 80
+    - host: workflow.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: workflow-ms-example
+                port:
+                  number: 3000
+    - host: video.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: video-conferencing-ms-example
+                port:
+                  number: 3000
+    - host: scheduler.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: scheduler-example
+                port:
+                  number: 3000
+    - host: notification.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: notification-socket-example
+                port:
+                  number: 3000
+    - host: in-mail.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: in-mail-example
+                port:
+                  number: 3000
+    - host: auth.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: auth-multitenant-example
+                port:
+                  number: 3000
+    - host: audit.sourceloop.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: audit-ms-example
+                port:
+                  number: 3000

sandbox/k8s/tf-sourceloop-sandbox/namespaces/sourceloop-sandbox-namespace.yaml → sandbox/k8s/manifests/namespaces/sourceloop-sandbox-namespace.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: Namespace
 metadata:

sandbox/k8s/manifests/network/sandbox-networkpolicy.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: sourceloop-sandbox
+  namespace: sourceloop-sandbox
+spec:
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              network/sourceloop-sanbox: "true"
+  podSelector:
+    matchLabels:
+      network/sourceloop-sanbox: "true"

sandbox/k8s/manifests/pgadmin/pgadmin-deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.sourceloop.service: pgadmin
+  name: pgadmin
+  namespace: sourceloop-sandbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.sourceloop.service: pgadmin
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+#        network/sourceloop-sanbox: "true"
+        io.sourceloop.service: pgadmin
+    spec:
+      containers:
+        - env:
+            - name: PGADMIN_DEFAULT_EMAIL
+              value: [email protected]
+            - name: PGADMIN_DEFAULT_PASSWORD
+              value: admin
+          image: dpage/pgadmin4
+          name: pgadmin-container
+          ports:
+            - containerPort: 80
+          resources: {}
+          volumeMounts:
+            - mountPath: /root/.pgadmin
+              name: pgadmin
+      restartPolicy: Always
+      volumes:
+        - name: pgadmin
+          persistentVolumeClaim:
+            claimName: pgadmin
+status: {}

sandbox/k8s/manifests/pgadmin/pgadmin-persistentvolumeclaim.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.sourceloop.service: pgadmin
+  name: pgadmin
+  namespace: sourceloop-sandbox
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}