Solution:1.1

mate-academy · Apr 30, 2024 · e408d60 · e408d60
1 parent 00bbe6e
commit e408d60
Show file tree

Hide file tree

Showing 20 changed files with 85 additions and 106 deletions.
diff --git a/.infrastructure/helm-chart/todoapp/Chart.yaml b/.infrastructure/helm-chart/todoapp/Chart.yaml
@@ -2,23 +2,8 @@ apiVersion: v2
 name: todoapp
 description: A Helm chart for Kubernetes
 
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
 appVersion: "1.16.0"
diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/Chart.yaml b/.infrastructure/helm-chart/todoapp/charts/mysql/Chart.yaml
@@ -2,23 +2,8 @@ apiVersion: v2
 name: mysql
 description: A Helm chart for Kubernetes
 
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
 appVersion: "1.16.0"
diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/templates/configMap.yml b/.infrastructure/helm-chart/todoapp/charts/mysql/templates/configMap.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Chart.Name }}
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
   labels:
     app: {{ .Chart.Name }}
 data:

diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/templates/ns.yml b/.infrastructure/helm-chart/todoapp/charts/mysql/templates/ns.yml
@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Values.common.namespace }}
+  name: {{ .Values.global.namespace }}
diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/templates/secret.yml b/.infrastructure/helm-chart/todoapp/charts/mysql/templates/secret.yml
@@ -2,9 +2,9 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Chart.Name }}-secrets
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 type: Opaque
 data:
-  MYSQL_ROOT_PASSWORD: {{ .Values.mysql.secret.MYSQL_ROOT_PASSWORD | b64enc | quote }}
-  MYSQL_USER: {{ .Values.mysql.secret.MYSQL_USER | b64enc | quote }}
-  MYSQL_PASSWORD: {{ .Values.mysql.secret.MYSQL_PASSWORD | b64enc | quote }}
+{{-range $k, $v := .Values.mysql.secret }}
+  {{ $k | upper }}: {{ $v | quote }}
+{{- end }}
diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/templates/service.yml b/.infrastructure/helm-chart/todoapp/charts/mysql/templates/service.yml
@@ -3,15 +3,11 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Chart.Name }}
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   selector:
     app: {{ .Chart.Name }}
   ports:
   - name: {{ .Values.mysql.service.ports.name }}
     port: {{ .Values.mysql.service.ports.port }}
   clusterIP: {{ .Values.mysql.service.clusterIP }}
-
-# pod-name.service-name.namespace.svc.cluster.local
-# pod-name.service-name
-# mysql-0.mysql.mysql.svc.cluster.local
diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/templates/statefulSet.yml b/.infrastructure/helm-chart/todoapp/charts/mysql/templates/statefulSet.yml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: {{ .Chart.Name }}
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   selector:
     matchLabels:
@@ -37,30 +37,17 @@ spec:
           mountPath: /docker-entrypoint-initdb.d
         resources:
           requests:
-            cpu: {{ .Values.mysql.statefulSet.resources.requests.cpu }}
-            memory: {{ .Values.mysql.statefulSet.resources.requests.memory }}
+            {{ .Values.mysql.statefulSet.resources.requests }}
         livenessProbe:
-          exec:
-            command: {{ .Values.mysql.statefulSet.livenessProbe.exec.command }}
-          initialDelaySeconds: {{ .Values.mysql.statefulSet.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.mysql.statefulSet.livenessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.mysql.statefulSet.livenessProbe.timeoutSeconds }}
+          {{ .Values.mysql.statefulSet.livenessProbe }}
         readinessProbe:
-          exec:
-            command: {{ .Values.mysql.statefulSet.readinessProbe.exec.command }}
-          initialDelaySeconds: {{ .Values.mysql.statefulSet.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.mysql.statefulSet.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.mysql.statefulSet.readinessProbe.timeoutSeconds }}
+          {{ .Values.mysql.statefulSet.readinessProbe }}
       volumes:
       - name: config-map
         configMap:
           name: mysql
       tolerations:
-      - key: {{ .Values.mysql.statefulSet.tolerations.key }}
-        operator: {{ .Values.mysql.statefulSet.tolerations.operator }}
-        value: {{ .Values.mysql.statefulSet.tolerations.value }}
-        effect: {{ .Values.mysql.statefulSet.tolerations.effect }}
-      affinity: {{ .Values.mysql.statefulSet.affinity }}
+      {{ .Values.mysql.statefulSet.tolerations }}
   volumeClaimTemplates:
   - metadata:
       name: data

diff --git a/.infrastructure/helm-chart/todoapp/charts/mysql/values.yaml b/.infrastructure/helm-chart/todoapp/charts/mysql/values.yaml
@@ -1,6 +1,3 @@
-common:
- namespace: mysql
-
 mysql:
   config:
     init: |
@@ -18,32 +15,36 @@ mysql:
     clusterIP: None
 
   secret:
-    MYSQL_ROOT_PASSWORD: 1234
-    MYSQL_USER: app_user
-    MYSQL_PASSWORD: 1234
+    MYSQL_ROOT_PASSWORD: MTIzNA==
+    MYSQL_USER: YXBwX3VzZXI=
+    MYSQL_PASSWORD: MTIzNA==
 
   statefulSet:
     replicas: 2
     name: mysql
     repository: mysql
     version: 8.0
     storage: 2Gi
+
     resources:
       requests:
         cpu: 500m
         memory: 1Gi
+
     livenessProbe:
       exec:
         command: ["mysqladmin", "ping"]
       initialDelaySeconds: 30
       periodSeconds: 10
       timeoutSeconds: 5
+
     readinessProbe:
       exec:
         command: ["mysqladmin", "ping"]
       initialDelaySeconds: 5
       periodSeconds: 2
       timeoutSeconds: 1
+
     affinity:
       podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -62,9 +63,9 @@ mysql:
                   operator: In
                   values:
                   - "mysql"
-    tolerations:
-        key: "app"
-        operator: "Equal"
-        value: "mysql"
-        effect: "NoSchedule"
 
+    tolerations:
+    - key: "app"
+      operator: "Equal"
+      value: "mysql"
+      effect: "NoSchedule"
diff --git a/.infrastructure/helm-chart/todoapp/templates/clusterIp.yml b/.infrastructure/helm-chart/todoapp/templates/clusterIp.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Chart.Name }}-service
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   type: ClusterIP
   selector:

diff --git a/.infrastructure/helm-chart/todoapp/templates/configMap.yml b/.infrastructure/helm-chart/todoapp/templates/configMap.yml
@@ -2,6 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Chart.Name }}-config
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 data:
-  PYTHONUNBUFFERED: {{ .Values.todoapp.configs.PYTHONUNBUFFERED | quote }}
+  PYTHONUNBUFFERED: {{ .Values.todoapp.configs.PYTHONUNBUFFERED }}
diff --git a/.infrastructure/helm-chart/todoapp/templates/deployment.yml b/.infrastructure/helm-chart/todoapp/templates/deployment.yml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Release.Name }}-{{ .Chart.Name }}
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   strategy:
     type: RollingUpdate
@@ -17,7 +17,7 @@ spec:
       labels:
         app: {{ .Chart.Name }}
     spec:
-      serviceAccountName: secrets-reader
+      serviceAccountName: {{ .Chart.Name }}-secrets-reader
       containers:
       - name: {{ .Values.todoapp.image.name }}
         image: {{ .Values.todoapp.image.repository }}:{{ .Values.todoapp.image.version }}
@@ -44,11 +44,11 @@ spec:
               name: {{ .Chart.Name }}-config
               key: PYTHONUNBUFFERED
         {{- range $k := .Values.todoapp.secret }}
-        - name: {{ $k }}
+        - name: {{ $k | upper }}
           valueFrom:
             secretKeyRef:
               name: {{ .Chart.Name }}-secret
-              key: {{ $k }}
+              key: {{ $k | upper }}
         {{- end }}
         ports:
         - containerPort: 8080
@@ -75,12 +75,4 @@ spec:
         configMap:
           name: app-config
       affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: {{ .Values.todoapp.affinity.weight }}
-            preference:
-              matchExpressions:
-              - key: {{ .Values.todoapp.affinity.matchExpressions.key }}
-                operator: {{ .Values.todoapp.affinity.matchExpressions.operator }}
-                values:
-                - {{ .Values.todoapp.affinity.matchExpressions.values }}
+        {{ .Values.todoapp.affinity }}
diff --git a/.infrastructure/helm-chart/todoapp/templates/hpa.yml b/.infrastructure/helm-chart/todoapp/templates/hpa.yml
@@ -2,7 +2,7 @@ apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ .Chart.Name }}
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1

diff --git a/.infrastructure/helm-chart/todoapp/templates/ingress.yml b/.infrastructure/helm-chart/todoapp/templates/ingress.yml
@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ .Chart.Name }}-ingress
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /$2
 spec:
@@ -15,4 +15,4 @@ spec:
           service:
             name: {{ .Chart.Name }}-service
             port:
-              number: 80
+              number: 80
diff --git a/.infrastructure/helm-chart/todoapp/templates/nodeport.yml b/.infrastructure/helm-chart/todoapp/templates/nodeport.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Chart.Name }}-nodeport
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   type: NodePort
   selector:

diff --git a/.infrastructure/helm-chart/todoapp/templates/ns.yml b/.infrastructure/helm-chart/todoapp/templates/ns.yml
@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Values.common.namespace }}
+  name: {{ .Values.global.namespace }}
diff --git a/.infrastructure/helm-chart/todoapp/templates/pv.yml b/.infrastructure/helm-chart/todoapp/templates/pv.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: pv-data
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   storageClassName: standard
   persistentVolumeReclaimPolicy: Delete

diff --git a/.infrastructure/helm-chart/todoapp/templates/pvc.yml b/.infrastructure/helm-chart/todoapp/templates/pvc.yml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-data
-  namespace: {{ .Values.common.namespace }}
+  namespace: {{ .Values.global.namespace }}
 spec:
   volumeName: pv-data
   accessModes:

diff --git a/.infrastructure/helm-chart/todoapp/templates/rbac.yml b/.infrastructure/helm-chart/todoapp/templates/rbac.yml
@@ -0,0 +1,30 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ .Chart.Name }}-secrets-reader
+  namespace: {{ .Values.global.namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Values.global.namespace }}
+  name: secrets-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secrets-reader-binding
+  namespace: {{ .Values.global.namespace }}
+subjects:
+- kind: ServiceAccount
+  name: secrets-reader
+roleRef:
+  kind: Role
+  name: secrets-reader
+  apiGroup: rbac.authorization.k8s.io
diff --git a/.infrastructure/helm-chart/todoapp/templates/secret.yml b/.infrastructure/helm-chart/todoapp/templates/secret.yml
@@ -6,5 +6,5 @@ metadata:
 type: Opaque
 data:
 {{-range $k, $v := .Values.todoapp.secret }}
-  {{ $k }}: {{ $v | b64enc | quote }}
+  {{ $k | upper }}: {{ $v | quote }}
 {{- end }}