Мини правки

Updates the chart and app versions.

Modifies service configurations to use port 80 for both the testing module gateway and worker services.

Updates ingress to include a host for the tester, directing traffic to the testing module gateway service on port 80.

Updates backend deployment to include the correct URL for the testing module and the base service URL.

Disables database dropping on application startup.

README.md

@@ -0,0 +1,33 @@
+# Установка
+
+## Установка первой ноды
+```
+curl -sfL https://get.k3s.io | sh -s - --cluster-init --tls-san 10.90.90.99
+```
+
+## Добавление серверной ноды
+```
+curl -sfL https://get.k3s.io | K3S_TOKEN=<token> K3S_URL=https://10.90.90.99:6443 sh -s - server --server https://10.90.90.99:6443
+```
+
+## Добавление агента
+```
+curl -sfL https://get.k3s.io | K3S_TOKEN=<token> K3S_URL=https://10.90.90.99:6443 sh -s - agent --server https://10.90.90.99:6443
+```
+
+# Секреты
+
+## JWT secrets
+```
+kubectl create secret generic jwt-secrets \
+    --from-literal=JWT_ISSUER="liquid" \
+    --from-literal=JWT_AUDIENCE="audience"\
+    --from-literal=JWT_SINGING_KEY="supersecretkey_supersecretkey_supersecretkey_supersecretkey"
+```
+
+## S3 secrets
+```
+kubectl create secret generic s3-credentials \
+    --from-literal=ACCESS_KEY_ID="accesskey" \
+    --from-literal=ACCESS_SECRET_KEY="secretkey"
+```

cnpg-liquid/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 1.0.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.0.1"

cnpg-liquid/templates/cnpg-cluster.yaml

@@ -20,10 +20,10 @@ spec:
         s3Credentials:
           accessKeyId:
             name: {{ .Values.s3.secretName | quote}}
-            key: {{ .Values.s3.accessKeyKey | quote }}
+            key: {{ .Values.s3.accessKeyRef | quote }}
           secretAccessKey:
             name: {{ .Values.s3.secretName | quote}}
-            key: {{ .Values.s3.secretKeyKey | quote }}
+            key: {{ .Values.s3.secretKeyRef | quote }}
         wal:
           maxParallel: 8
 
@@ -31,6 +31,9 @@ spec:
   {{ end }}
 
   bootstrap:
+    initdb:
+      postInitSQL:
+        - ALTER ROLE app WITH CREATEDB;
     {{ if .Values.cnpg.recovery.enable }}
     recovery:
       source: {{ required "Old cluster name required" .Values.cnpg.recovery.oldClusterName }}
@@ -44,10 +47,10 @@ spec:
       s3Credentials:
         accessKeyId:
           name: {{ .Values.s3.secretName | quote}}
-          key: {{ .Values.s3.accessKeyKey | quote }}
+          key: {{ .Values.s3.accessKeyRef | quote }}
         secretAccessKey:
           name: {{ .Values.s3.secretName | quote}}
-          key: {{ .Values.s3.secretKeyKey | quote }}
+          key: {{ .Values.s3.secretKeyRef | quote }}
       wal:
         compression: bzip2
         maxParallel: 8

cnpg-liquid/values.yaml

@@ -1,15 +1,15 @@
 s3:
   endpointUrl: https://storage.yandexcloud.net
   secretName: s3-credentials
-  accessKeyKey: ACCESS_KEY_ID
-  secretKeyKey: ACCESS_SECRET_KEY
+  accessKeyRef: ACCESS_KEY_ID
+  secretKeyRef: ACCESS_SECRET_KEY
 cnpg:
   clusterName: liquid-db
   backup:
     enable: true
     schedule: "0 0 0 * * *"
-    destinationPath: "s3://liquid-code/backup-hexcore"
+    destinationPath: "s3://liquid-code/backup"
   recovery:
-    enable: true
+    enable: false
     oldClusterName: liquid-db
     sourcePath: "s3://liquid-code/backup"

help.txt

@@ -1,12 +0,0 @@
-# For pull private dockerhub
-```
-kubectl create secret docker-registry regcred --docker-server=<registry> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
-```
-
-# For jwt secrets
-```
-kubectl create secret generic jwt-secrets \
-    --from-literal=JWT_ISSUER="liquid" \
-    --from-literal=JWT_AUDIENCE="audience"\
-    --from-literal=JWT_SINGING_KEY="supersecretkey_supersecretkey_supersecretkey_supersecretkey"
-```

liquid-code-chart/templates/Deployments/queue-deployment.yaml

@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-queue-deployment
-  labels:
-    app: {{ .Release.Name }}-queue
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-queue
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-queue
-    spec:
-      containers:
-        - name: {{ .Release.Name }}-queue
-          image: ghcr.io/nullptroma/liquid-queue:latest
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 8080
-          securityContext:
-            privileged: true
-
-      imagePullSecrets:
-        - name: github-registry

liquid-code-chart/templates/Services/queue-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-queue-service
-spec:
-  selector:
-    app: {{ .Release.Name }}-queue
-  ports:
-  - protocol: TCP
-    port: 8080
-    targetPort: 8080

liquid-code-chart/templates/certificate-issuer.yaml

@@ -1,21 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: {{ .Release.Name }}-certificate-issuer
-spec:
-  acme:
-    {{ if .Values.staging }}
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    {{ else }}
-    server: https://acme-v02.api.letsencrypt.org/directory
-    {{ end }}
-    # Email address used for ACME registration
-    email: mr.pytkov@gmail.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: {{ .Release.Name }}-acme-private-key
-    # Enable the HTTP-01 challenge provider
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: traefik

liquid-code/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: liquid-code-chart
+name: liquid-code
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 1.0.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.6"
+appVersion: "1.0.3"

liquid-code/templates/Deployments/backend-deployment.yaml

@@ -13,10 +13,12 @@ spec:
     metadata:
       labels:
         app: {{ .Release.Name }}-backend
+      annotations:
+        redeploy-timestamp: "{{ now | unixEpoch }}"
     spec:
       containers:
         - name: {{ .Release.Name }}-backend
-          image: ghcr.io/nullptroma/liquid-backend:latest
+          image: git.nullptr.top/liquidcode/liquidcode:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
@@ -31,14 +33,21 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ required "secretname!" .Values.s3.secretName | quote }}
-                  key: {{ required "acces-key-key!" .Values.s3.accessKeyKey | quote }}
+                  key: {{ required "acces-key-ref!" .Values.s3.accessKeyRef | quote }}
             - name: S3_SECRET_KEY
               valueFrom:
                 secretKeyRef:
                   name: {{ .Values.s3.secretName | quote }}
-                  key: {{ required "secret-key-key!" .Values.s3.secretKeyKey | quote }}
+                  key: {{ required "secret-key-ref!" .Values.s3.secretKeyRef | quote }}
+            - name: SUBMIT_CALLBACK_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.tester.secretName | quote }}
+                  key: {{ required "secret-key-ref!" .Values.tester.secretKeyRef | quote }}
             - name: TESTING_MODULE_URL
-              value: http://{{ .Release.Name }}-queue-service:8080/
+              value: http://{{ .Release.Name }}-testing-module-gateway-service/api/tester/submit
+            - name: SERVICE_BASE_URL
+              value: http://{{ .Release.Name }}-backend-service
             - name: PG_URI
               valueFrom:
                 secretKeyRef:
@@ -47,6 +56,3 @@ spec:
           envFrom:
             - secretRef:
                 name: {{ required "" .Values.jwt.secretName }}
-
-      imagePullSecrets:
-        - name: github-registry

liquid-code/templates/Deployments/frontend-deployment.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.frontend.enable }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -13,13 +14,13 @@ spec:
     metadata:
       labels:
         app: {{ .Release.Name }}-frontend
+      annotations:
+        redeploy-timestamp: "{{ now | unixEpoch }}"
     spec:
       containers:
       - name: {{ .Release.Name }}-frontend
-        image: ghcr.io/nullptroma/liquid-frontend:latest
+        image: git.nullptr.top/liquidcode/liquidcode-frontend:latest
         imagePullPolicy: Always
         ports:
-          - containerPort: 8000
-
-      imagePullSecrets:
-        - name: github-registry
+          - containerPort: 3000
+{{ end }}

liquid-code/templates/Deployments/testing-module-gateway-deployment.yaml

@@ -0,0 +1,37 @@
+{{ if .Values.testingModule.enable }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-testing-module-gateway-deployment
+  labels:
+    app: {{ .Release.Name }}-testing-module-gateway
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-testing-module-gateway
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-testing-module-gateway
+      annotations:
+        redeploy-timestamp: "{{ now | unixEpoch }}"
+    spec:
+      containers:
+      - name: {{ .Release.Name }}-testing-module-gateway
+        image: git.nullptr.top/liquidcode/liquidcode-tester-gateway-roman:latest
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 8080
+        env:
+          - name: Workers__Cpp
+            value: http://{{ .Release.Name }}-testing-module-worker-service
+          - name: Workers__Java
+            value: http://{{ .Release.Name }}-testing-module-worker-service
+          - name: Workers__Kotlin
+            value: http://{{ .Release.Name }}-testing-module-worker-service
+          - name: Workers__CSharp
+            value: http://{{ .Release.Name }}-testing-module-worker-service
+          - name: Workers__Python
+            value: http://{{ .Release.Name }}-testing-module-worker-service
+{{ end }}

liquid-code/templates/Deployments/testing-module-worker-deployment.yaml

@@ -0,0 +1,28 @@
+{{ if .Values.testingModule.enable }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-testing-module-worker-deployment
+  labels:
+    app: {{ .Release.Name }}-testing-module-worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-testing-module-worker
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-testing-module-worker
+      annotations:
+        redeploy-timestamp: "{{ now | unixEpoch }}"
+    spec:
+      containers:
+      - name: {{ .Release.Name }}-testing-module-worker
+        image: git.nullptr.top/liquidcode/liquidcode-tester-worker-roman:latest
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 8080
+        securityContext:
+          privileged: true
+{{ end }}

liquid-code/templates/Services/frontend-service.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.frontend.enable }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -8,4 +9,6 @@ spec:
   ports:
   - protocol: TCP
     port: 80
-    targetPort: 8000
+    targetPort: 3000
+
+{{ end }}

liquid-code/templates/Services/testing-module-gateway-service.yaml

@@ -0,0 +1,14 @@
+{{ if .Values.testingModule.enable }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-testing-module-gateway-service
+spec:
+  selector:
+    app: {{ .Release.Name }}-testing-module-gateway
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+{{ end }}

liquid-code/templates/Services/testing-module-worker-service.yaml

@@ -0,0 +1,14 @@
+{{ if .Values.testingModule.enable }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-testing-module-worker-service
+spec:
+  selector:
+    app: {{ .Release.Name }}-testing-module-worker
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+{{ end }}

liquid-code/templates/default-ingress.yaml

@@ -5,11 +5,6 @@ metadata:
   annotations:
     cert-manager.io/issuer: "{{ .Release.Name }}-certificate-issuer"
 spec:
-  tls:
-    - hosts:
-        - liquidcode.ru
-        - api.liquidcode.ru
-      secretName: {{ .Release.Name }}-tls-secret
   rules:
     - host: api.liquidcode.ru
       http:
@@ -31,3 +26,13 @@ spec:
                 name: {{ .Release.Name }}-frontend-service
                 port:
                   number: 80
+    - host: tester.liquidcode.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-testing-module-gateway-service
+                port:
+                  number: 80

liquid-code/templates/hook-drob.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
   annotations:
-    "helm.sh/hook": pre-install
+    "helm.sh/hook": "pre-install,pre-upgrade"
     "helm.sh/hook-weight": "-1"
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
 spec:
@@ -24,7 +24,7 @@ spec:
       restartPolicy: Never
       containers:
         - name: {{ .Release.Name }}-backend
-          image: ghcr.io/nullptroma/liquid-backend:latest
+          image: git.nullptr.top/liquidcode/liquidcode:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
@@ -36,6 +36,4 @@ spec:
                   key: uri
             - name: DROP_DATABASE
               value: "1"
-      imagePullSecrets:
-        - name: github-registry
 {{ end }}

liquid-code/templates/hook-migration.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
   annotations:
-    "helm.sh/hook": pre-install
+    "helm.sh/hook": "pre-install,pre-upgrade"
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
 spec:
   template:
@@ -23,7 +23,7 @@ spec:
       restartPolicy: Never
       containers:
         - name: {{ .Release.Name }}-backend
-          image: ghcr.io/nullptroma/liquid-backend:latest
+          image: git.nullptr.top/liquidcode/liquidcode:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
@@ -35,6 +35,4 @@ spec:
                   key: uri
             - name: MIGRATE_ONLY
               value: "1"
-      imagePullSecrets:
-        - name: github-registry
 {{ end }}

liquid-code/values.yaml

@@ -1,15 +1,20 @@
 s3:
   endpointUrl: https://storage.yandexcloud.net
   secretName: s3-credentials
-  accessKeyKey: ACCESS_KEY_ID
-  secretKeyKey: ACCESS_SECRET_KEY
+  accessKeyRef: ACCESS_KEY_ID
+  secretKeyRef: ACCESS_SECRET_KEY
   privateBucket: liquid-code
   publicBucket: liquid-code-public
+tester:
+  secretName: tester-callback
+  secretKeyRef: SUBMIT_CALLBACK_SECRET
 jwt:
   secretName: jwt-secrets
 database:
   secretName: liquid-db-app
   migrateDb: true
   dropDb: false
-staging: false
-imagePullSecret: github-registry
+frontend:
+  enable: true
+testingModule:
+  enable: true

scripts/client/setup-certmanager.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml

scripts/client/setup_cnpg.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-kubectl apply --server-side -f \
-  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.22/releases/cnpg-1.22.1.yaml

scripts/server/install.sh

@@ -1,2 +0,0 @@
-#!/bin/bash
-curl -sfL https://get.k3s.io | sh -s -

traefik-config.yaml

@@ -1,10 +0,0 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChartConfig
-metadata:
-  name: traefik-close-secure-port-config
-  namespace: kube-system
-spec:
-  valuesContent: |-
-    ports:
-      websecure:
-        expose: false