From d3ba8a85c3d52b7fc008600d1d88ad15288d5f64 Mon Sep 17 00:00:00 2001 From: rheiga19 Date: Wed, 26 Mar 2025 22:17:18 +0700 Subject: [PATCH] fixing:deployment --- Jenkinsfile | 6 +- kubernetes/dev.yaml | 263 ++++++++++++++++++++++++++++++++++---------- 2 files changed, 210 insertions(+), 59 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 617eb17..015ae06 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -49,7 +49,7 @@ spec: stage('Checkout Code') { steps { cleanWs() - git branch: 'master', url: 'https://git.winteraccess.id/winter-access/frontend-nam.git', credentialsId: "${CREDENTIALS_ID}" + git branch: 'dev', url: 'https://git.winteraccess.id/winter-access/frontend-nam.git', credentialsId: "${CREDENTIALS_ID}" } } @@ -81,12 +81,12 @@ spec: def imageTag = "dev-${env.SHORT_SHA}" sh """ docker build -t ${REGISTRY_URL}/${IMAGE_NAME}:${imageTag} \ - -t ${REGISTRY_URL}/${IMAGE_NAME}:master \ + -t ${REGISTRY_URL}/${IMAGE_NAME}:dev \ -t ${REGISTRY_URL}/${IMAGE_NAME}:latest \ -f deploy/docker/Dockerfile . docker push ${REGISTRY_URL}/${IMAGE_NAME}:${imageTag} - docker push ${REGISTRY_URL}/${IMAGE_NAME}:master + docker push ${REGISTRY_URL}/${IMAGE_NAME}:dev docker push ${REGISTRY_URL}/${IMAGE_NAME}:latest """ } diff --git a/kubernetes/dev.yaml b/kubernetes/dev.yaml index 08df3f4..695ef6e 100644 --- a/kubernetes/dev.yaml +++ b/kubernetes/dev.yaml @@ -1,32 +1,122 @@ +apiVersion: v1 +kind: Secret +metadata: + name: nam-frontend-dev-secret + namespace: nam-frontend-dev + labels: + app.kubernetes.io/name: nam-frontend-dev + app.kubernetes.io/instance: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin +type: Opaque +data: + VITE_API_URL: YW1lc2NhZmUuY29t +--- + apiVersion: v1 kind: ConfigMap metadata: - name: frontend-nam-dev-config + name: nam-frontend-dev-config namespace: nam-frontend-dev labels: - app.kubernetes.io/name: frontend-nam-dev - app.kubernetes.io/instance: frontend-nam-dev + app.kubernetes.io/name: nam-frontend-dev + app.kubernetes.io/instance: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin data: ".env": | - VITE_API_URL=https://api.example.com - VITE_APP_ENV=development + VITE_API_URL=https://api-nam.winteraccess.id +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + volume.alpha.kubernetes.io/storage-class: generic + volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner + volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner + labels: + app.kubernetes.io/name: nam-frontend-dev + app.kubernetes.io/instance: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin + name: nam-frontend-dev-storage + namespace: nam-frontend-dev +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs + volumeMode: Filesystem +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + volume.alpha.kubernetes.io/storage-class: generic + volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner + volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner + labels: + app.kubernetes.io/name: nam-frontend-dev + app.kubernetes.io/instance: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin + name: nam-frontend-dev-public + namespace: nam-frontend-dev +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs + volumeMode: Filesystem +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + volume.alpha.kubernetes.io/storage-class: generic + volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner + volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner + labels: + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin + name: nam-frontend-dev-public + namespace: nam-frontend-dev +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: nfs + volumeMode: Filesystem --- apiVersion: apps/v1 kind: Deployment metadata: - name: frontend-nam-dev + name: nam-frontend-dev namespace: nam-frontend-dev labels: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin spec: progressDeadlineSeconds: 600 - replicas: 2 + replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev strategy: rollingUpdate: maxSurge: 1 @@ -35,73 +125,128 @@ spec: template: metadata: labels: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev spec: affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev - topologyKey: "kubernetes.io/hostname" + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev + topologyKey: "kubernetes.io/hostname" containers: - name: web - image: git.winteraccess.id/winter-access/frontend-nam:dev + image: https://git.winteraccess.id/winter-access/frontend-nam:dev imagePullPolicy: Always + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: nam-frontend-dev-secret + key: DB_PASSWORD resources: limits: cpu: "250m" - memory: 512M + memory: 1024M requests: cpu: "100m" - memory: 256M + memory: 512M ports: - containerPort: 80 name: http protocol: TCP - livenessProbe: - httpGet: - path: / - port: 80 - initialDelaySeconds: 30 - periodSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 80 - initialDelaySeconds: 5 - periodSeconds: 5 securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] - readOnlyRootFilesystem: false + add: ["NET_ADMIN", "SYS_TIME"] + readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File - envFrom: - - configMapRef: - name: frontend-nam-dev-config + volumeMounts: + - mountPath: /app + name: app + initContainers: + - name: init + image: https://git.winteraccess.id/winter-access/frontend-nam:dev + imagePullPolicy: Always + command: ["/scripts/initialize"] + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: nam-frontend-dev-secret + key: DB_PASSWORD + resources: + limits: + cpu: "250m" + memory: 1024M + requests: + cpu: "100m" + memory: 512M + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + add: ["NET_ADMIN", "SYS_TIME"] + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /app + name: app imagePullSecrets: - name: winter-registry dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 runAsNonRoot: true terminationGracePeriodSeconds: 30 + volumes: + - name: cache + emptyDir: {} + - name: run + emptyDir: {} + - name: logs + emptyDir: {} + - name: tmp + emptyDir: {} + - name: psysh + emptyDir: {} + - name: config + configMap: + name: nam-frontend-dev-config + - name: public + persistentVolumeClaim: + claimName: nam-frontend-dev-public + - name: storage + persistentVolumeClaim: + claimName: nam-frontend-dev-storage --- + apiVersion: v1 kind: Service metadata: - name: frontend-nam-dev + name: nam-frontend-dev namespace: nam-frontend-dev + annotations: + traefik.ingress.kubernetes.io/service.sticky.cookie: "true" + traefik.ingress.kubernetes.io/service.sticky.cookie.name: "nam-frontend-dev" + traefik.ingress.kubernetes.io/service.sticky.cookie.secure: "true" + traefik.ingress.kubernetes.io/service.sticky.cookie.samesite: "none" labels: - app.kubernetes.io/name: frontend-nam-dev - app.kubernetes.io/instance: frontend-nam-dev + app.kubernetes.io/name: nam-frontend-dev + app.kubernetes.io/instance: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin spec: internalTrafficPolicy: Cluster ipFamilies: @@ -111,12 +256,13 @@ spec: - name: http port: 80 protocol: TCP - targetPort: 80 + targetPort: 5678 selector: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev sessionAffinity: None type: ClusterIP + --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -126,9 +272,11 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.middlewares: default-https-redirect@kubernetescrd labels: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev - name: frontend-nam-dev-http + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin + name: nam-frontend-dev-http namespace: nam-frontend-dev spec: ingressClassName: traefik @@ -138,7 +286,7 @@ spec: paths: - backend: service: - name: frontend-nam-dev + name: nam-frontend-dev port: number: 80 path: / @@ -152,9 +300,11 @@ metadata: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure labels: - app.kubernetes.io/instance: frontend-nam-dev - app.kubernetes.io/name: frontend-nam-dev - name: frontend-nam-dev-https + app.kubernetes.io/instance: nam-frontend-dev + app.kubernetes.io/name: nam-frontend-dev + io.portainer.kubernetes.application.name: nam-frontend-dev + io.portainer.kubernetes.application.owner: admin + name: nam-frontend-dev-https namespace: nam-frontend-dev spec: ingressClassName: traefik @@ -164,7 +314,7 @@ spec: paths: - backend: service: - name: frontend-nam-dev + name: nam-frontend-dev port: number: 80 path: / @@ -172,4 +322,5 @@ spec: tls: - hosts: - dev-nam-frontend.winteraccess.id - secretName: frontend-nam-dev-tls + secretName: nam-frontend-dev-tls +