update api installation

install/api/DEVELOPMENT.md

@@ -0,0 +1,40 @@
+## Dev Locally
+
+### Build
+
+```bash
+docker build \
+  -t gcr.io/kuda-project/api \
+  -f install/api/Dockerfile \
+  .
+```
+
+### Run
+
+```bash
+docker run --rm \
+  -e KUDA_GCP_PROJECT=`gcloud config get-value project` \
+  -e GOOGLE_APPLICATION_CREDENTIALS=/credentials/`basename $GOOGLE_APPLICATION_CREDENTIALS` \
+  -v `dirname $GOOGLE_APPLICATION_CREDENTIALS`:/credentials \
+  -e PORT=80 \
+  -p 8080:80 \
+  gcr.io/kuda-project/api
+```
+
+### Deploy
+
+```bash
+docker push gcr.io/kuda-project/api
+```
+
+## Dev in the cluster using skaffold.
+
+```bash
+skaffold dev -f install/api/skaffold.yaml
+```
+
+## Deploy to the cluster with skaffold.
+
+```bash
+skaffold run -f install/api/skaffold.yaml
+```

install/api/Dockerfile

@@ -1,3 +1,5 @@
+# FROM golang:1.13 as builder
+
 FROM docker:17.12.0-ce as static-docker-source
 
 FROM golang:1.13.5 as builder
@@ -8,33 +10,37 @@ RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s
 RUN curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \
     mv ./skaffold /tmp/skaffold
 
-COPY go.mod go.sum /go/src/github.com/cyrildiagne/kuda/
-WORKDIR /go/src/github.com/cyrildiagne/kuda
+# Create and change to the app directory.
+WORKDIR /app
+
+# Retrieve application dependencies using go modules.
+# Allows container builds to reuse downloaded dependencies.
+COPY go.* ./
 RUN go mod download
 
 COPY pkg ./pkg
-WORKDIR /go/src/github.com/cyrildiagne/kuda/pkg/deploy
-RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build -installsuffix cgo -o deployer .
+COPY cmd/api ./cmd/api
+RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build -mod=readonly -installsuffix cgo -o api ./cmd/api
 
 #
 
 FROM alpine:3.11
 
-ARG CLOUD_SDK_VERSION=274.0.1
+ARG CLOUD_SDK_VERSION=280.0.0
 ENV CLOUD_SDK_VERSION=$CLOUD_SDK_VERSION
 
 ENV PATH /google-cloud-sdk/bin:$PATH
 COPY --from=static-docker-source /usr/local/bin/docker /usr/local/bin/docker
 RUN apk --no-cache add \
-        ca-certificates \
-        curl \
-        python \
-        py-crcmod \
-        bash \
-        libc6-compat \
-        openssh-client \
-        git \
-        gnupg \
+    ca-certificates \
+    curl \
+    python \
+    py-crcmod \
+    bash \
+    libc6-compat \
+    openssh-client \
+    git \
+    gnupg \
     && curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
     tar xzf google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
     rm google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
@@ -50,10 +56,9 @@ RUN chmod +x /usr/local/bin/kubectl
 COPY --from=builder /tmp/skaffold /usr/local/bin/skaffold
 RUN chmod +x /usr/local/bin/skaffold
 
-COPY --from=builder /go/src/github.com/cyrildiagne/kuda/pkg/deploy/deployer /root/
-RUN chmod +x /root/deployer
+COPY --from=builder /app/api ./api
 
 # Launch the app on port 80.
 ENV PORT 80
 
-ENTRYPOINT ["/root/deployer"]
+CMD ["/api"]

install/api/README.md

@@ -1,51 +1,33 @@
-## Build
-
-```bash
-docker build \
-  -t gcr.io/kuda-project/deployer \
-  -f images/deployer/Dockerfile \
-  .
-```
-
-## Run
-
-```bash
-docker run --rm \
-  -e KUDA_GCP_PROJECT=`gcloud config get-value project` \
-  -e GOOGLE_APPLICATION_CREDENTIALS=/credentials/`basename $GOOGLE_APPLICATION_CREDENTIALS` \
-  -v `dirname $GOOGLE_APPLICATION_CREDENTIALS`:/credentials \
-  -e PORT=80 \
-  -p 8080:80 \
-  gcr.io/kuda-project/deployer
-```
-
-## Deploy
+## Deploy on GCP
 
 ### 1) Create service account and bind roles.
 
 ```bash
+# Your GCP Project.
 export KUDA_GCP_PROJECT="your-project-id"
-export KUDA_DEPLOYER_SA=kuda-deployer
-export KUDA_DEPLOYER_SA_EMAIL=$KUDA_DEPLOYER_SA@$KUDA_GCP_PROJECT.iam.gserviceaccount.com
+# Name for the API service account that will be created.
+export KUDA_API_SERVICE_ACCOUNT=kuda-api
+# The full email for the service account.
+export KUDA_API_SERVICE_ACCOUNT_EMAIL=$KUDA_API_SERVICE_ACCOUNT@$KUDA_GCP_PROJECT.iam.gserviceaccount.com
 
 # Create the service account.
 gcloud --project $KUDA_GCP_PROJECT iam service-accounts \
-      create $KUDA_DEPLOYER_SA \
+      create $KUDA_API_SERVICE_ACCOUNT \
       --display-name "Service Account for the deployer."
 
 # Bind the role dns.admin to this service account, so it can be used to support
 # the ACME DNS01 challenge.
 gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \
-  --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \
+  --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \
   --role roles/container.developer
 gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \
-  --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \
+  --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \
   --role roles/storage.objectCreator
 gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \
-  --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \
+  --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \
   --role roles/cloudbuild.builds.builder
 gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \
-  --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \
+  --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \
   --role roles/firebase.admin
 ```
 
@@ -56,34 +38,54 @@ gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \
 KEY_DIRECTORY=$(mktemp -d)
 
 # Download the secret key file for your service account.
-gcloud iam service-accounts keys create $KEY_DIRECTORY/deployer-credentials.json \
-  --iam-account=$KUDA_DEPLOYER_SA_EMAIL
+gcloud iam service-accounts keys create $KEY_DIRECTORY/api-credentials.json \
+  --iam-account=$KUDA_API_SERVICE_ACCOUNT_EMAIL
 
 # Upload that as a secret in your Kubernetes cluster.
-kubectl create secret -n kuda generic deployer-credentials \
-  --from-file=key.json=$KEY_DIRECTORY/deployer-credentials.json
+kubectl create secret -n kuda generic api-credentials \
+  --from-file=key.json=$KEY_DIRECTORY/api-credentials.json
 
 # Delete the local secret
 rm -rf $KEY_DIRECTORY
 ```
 
-### 3) Update the service.yaml with your GCP project id.
+### 3) Update the service.yaml with your GCP project id and project domain.
 
 ```bash
+export KUDA_GCP_PROJECT="your-gcp-project"
+export KUDA_DOMAIN="your-domain"
+```
+
+```bash
+cd install/api
+cp service-workaround.tpl.yaml service-workaround.yaml
+sed -i'.bak' "s/\$KUDA_GCP_PROJECT/$KUDA_GCP_PROJECT/g" service-workaround.yaml
+sed -i'.bak' "s/\$KUDA_DOMAIN/$KUDA_DOMAIN/g" service-workaround.yaml
+rm service-workaround.yaml.bak
+cd -
+```
+
+<!-- ```bash
+cd install/api
 cp service.tpl.yaml service.yaml
-sed -i'.bak' "s/value: <your-project-id>/value: $KUDA_GCP_PROJECT/g" service.yaml
+sed -i'.bak' "s/\$KUDA_GCP_PROJECT/$KUDA_GCP_PROJECT/g" service.yaml
+sed -i'.bak' "s/\$KUDA_DOMAIN/$KUDA_DOMAIN/g" service.yaml
 rm service.yaml.bak
-```
+cd - -->
 
-### 4) Deploy with skaffold.
+### 4) Deploy.
 
 ```bash
-skaffold run -f images/deployer/skaffold.yaml 
+kubectl apply -f install/api/service-workaround.yaml
 ```
 
-### 5) (Optional) If you want to start dev mode.
+<!-- ```bash
+kubectl apply -f install/api/service.yaml
+``` -->
 
-```bash
-skaffold dev \
-  -f images/deployer/skaffold.yaml 
-```
+Then check if your deployment is ready, `curl http://api.<your-domain>` and if
+see "hello!", you are all set.
+
+## Development
+
+See [DEVELOPMENT.md](./DEVELOPMENT.MD)

install/api/service-workaround.tpl.yaml

@@ -55,7 +55,7 @@ metadata:
   namespace: kuda
 spec:
   hosts:
-    - api.$KUDA_DOMAIN
+    - api.kuda.$KUDA_DOMAIN
     - api.kuda
     - api.kuda.svc
     - api.kuda.svc.cluster.local
@@ -82,7 +82,7 @@ spec:
         name: http
         protocol: HTTP
       hosts:
-        - api.$KUDA_DOMAIN
+        - api.kuda.$KUDA_DOMAIN
         - api.kuda
         - api.kuda.svc
         - api.kuda.svc.cluster.local
@@ -95,7 +95,7 @@ spec:
         privateKey: /etc/istio/ingressgateway-certs/tls.key
         serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
       hosts:
-        - api.$KUDA_DOMAIN
+        - api.kuda.$KUDA_DOMAIN
         - api.kuda
         - api.kuda.svc
         - api.kuda.svc.cluster.local

install/api/service.tpl.yaml

@@ -1,7 +1,7 @@
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:
-  name: deployer
+  name: api
   namespace: kuda
 spec:
   template:
@@ -11,17 +11,17 @@ spec:
         sidecar.istio.io/rewriteAppHTTPProbers: "true"
     spec:
       containers:
-        - image: gcr.io/kuda-project/deployer
+        - image: gcr.io/kuda-project/api
           volumeMounts:
             - name: secret
               readOnly: true
               mountPath: "/secret"
           env:
             - name: KUDA_GCP_PROJECT
-              value: <your-project-id>
+              value: $KUDA_GCP_PROJECT
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: /secret/key.json
       volumes:
         - name: secret
           secret:
-            secretName: deployer-credentials
+            secretName: api-credentials

install/api/skaffold.yaml

@@ -2,10 +2,10 @@ apiVersion: skaffold/v1
 kind: Config
 build:
   artifacts:
-  - image: gcr.io/kuda-project/deployer
-    docker:
-      dockerfile: images/deployer/Dockerfile
+    - image: gcr.io/kuda-project/api
+      docker:
+        dockerfile: install/api/Dockerfile
 deploy:
   kubectl:
     manifests:
-      - images/deployer/service-workaround.yaml
+      - install/api/service-workaround.yaml