diff --git a/install/api/DEVELOPMENT.md b/install/api/DEVELOPMENT.md new file mode 100644 index 0000000..5a7da55 --- /dev/null +++ b/install/api/DEVELOPMENT.md @@ -0,0 +1,40 @@ +## Dev Locally + +### Build + +```bash +docker build \ + -t gcr.io/kuda-project/api \ + -f install/api/Dockerfile \ + . +``` + +### Run + +```bash +docker run --rm \ + -e KUDA_GCP_PROJECT=`gcloud config get-value project` \ + -e GOOGLE_APPLICATION_CREDENTIALS=/credentials/`basename $GOOGLE_APPLICATION_CREDENTIALS` \ + -v `dirname $GOOGLE_APPLICATION_CREDENTIALS`:/credentials \ + -e PORT=80 \ + -p 8080:80 \ + gcr.io/kuda-project/api +``` + +### Deploy + +```bash +docker push gcr.io/kuda-project/api +``` + +## Dev in the cluster using skaffold. + +```bash +skaffold dev -f install/api/skaffold.yaml +``` + +## Deploy to the cluster with skaffold. + +```bash +skaffold run -f install/api/skaffold.yaml +``` diff --git a/install/api/Dockerfile b/install/api/Dockerfile index dd92bb4..2376ee0 100644 --- a/install/api/Dockerfile +++ b/install/api/Dockerfile @@ -1,3 +1,5 @@ +# FROM golang:1.13 as builder + FROM docker:17.12.0-ce as static-docker-source FROM golang:1.13.5 as builder @@ -8,33 +10,37 @@ RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s RUN curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \ mv ./skaffold /tmp/skaffold -COPY go.mod go.sum /go/src/github.com/cyrildiagne/kuda/ -WORKDIR /go/src/github.com/cyrildiagne/kuda +# Create and change to the app directory. +WORKDIR /app + +# Retrieve application dependencies using go modules. +# Allows container builds to reuse downloaded dependencies. +COPY go.* ./ RUN go mod download COPY pkg ./pkg -WORKDIR /go/src/github.com/cyrildiagne/kuda/pkg/deploy -RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build -installsuffix cgo -o deployer . +COPY cmd/api ./cmd/api +RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build -mod=readonly -installsuffix cgo -o api ./cmd/api # FROM alpine:3.11 -ARG CLOUD_SDK_VERSION=274.0.1 +ARG CLOUD_SDK_VERSION=280.0.0 ENV CLOUD_SDK_VERSION=$CLOUD_SDK_VERSION ENV PATH /google-cloud-sdk/bin:$PATH COPY --from=static-docker-source /usr/local/bin/docker /usr/local/bin/docker RUN apk --no-cache add \ - ca-certificates \ - curl \ - python \ - py-crcmod \ - bash \ - libc6-compat \ - openssh-client \ - git \ - gnupg \ + ca-certificates \ + curl \ + python \ + py-crcmod \ + bash \ + libc6-compat \ + openssh-client \ + git \ + gnupg \ && curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \ tar xzf google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \ rm google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \ @@ -50,10 +56,9 @@ RUN chmod +x /usr/local/bin/kubectl COPY --from=builder /tmp/skaffold /usr/local/bin/skaffold RUN chmod +x /usr/local/bin/skaffold -COPY --from=builder /go/src/github.com/cyrildiagne/kuda/pkg/deploy/deployer /root/ -RUN chmod +x /root/deployer +COPY --from=builder /app/api ./api # Launch the app on port 80. ENV PORT 80 -ENTRYPOINT ["/root/deployer"] \ No newline at end of file +CMD ["/api"] \ No newline at end of file diff --git a/install/api/README.md b/install/api/README.md index 8fbc36b..4f47fd8 100644 --- a/install/api/README.md +++ b/install/api/README.md @@ -1,51 +1,33 @@ -## Build - -```bash -docker build \ - -t gcr.io/kuda-project/deployer \ - -f images/deployer/Dockerfile \ - . -``` - -## Run - -```bash -docker run --rm \ - -e KUDA_GCP_PROJECT=`gcloud config get-value project` \ - -e GOOGLE_APPLICATION_CREDENTIALS=/credentials/`basename $GOOGLE_APPLICATION_CREDENTIALS` \ - -v `dirname $GOOGLE_APPLICATION_CREDENTIALS`:/credentials \ - -e PORT=80 \ - -p 8080:80 \ - gcr.io/kuda-project/deployer -``` - -## Deploy +## Deploy on GCP ### 1) Create service account and bind roles. ```bash +# Your GCP Project. export KUDA_GCP_PROJECT="your-project-id" -export KUDA_DEPLOYER_SA=kuda-deployer -export KUDA_DEPLOYER_SA_EMAIL=$KUDA_DEPLOYER_SA@$KUDA_GCP_PROJECT.iam.gserviceaccount.com +# Name for the API service account that will be created. +export KUDA_API_SERVICE_ACCOUNT=kuda-api +# The full email for the service account. +export KUDA_API_SERVICE_ACCOUNT_EMAIL=$KUDA_API_SERVICE_ACCOUNT@$KUDA_GCP_PROJECT.iam.gserviceaccount.com # Create the service account. gcloud --project $KUDA_GCP_PROJECT iam service-accounts \ - create $KUDA_DEPLOYER_SA \ + create $KUDA_API_SERVICE_ACCOUNT \ --display-name "Service Account for the deployer." # Bind the role dns.admin to this service account, so it can be used to support # the ACME DNS01 challenge. gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \ - --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \ + --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \ --role roles/container.developer gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \ - --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \ + --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \ --role roles/storage.objectCreator gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \ - --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \ + --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \ --role roles/cloudbuild.builds.builder gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \ - --member serviceAccount:$KUDA_DEPLOYER_SA_EMAIL \ + --member serviceAccount:$KUDA_API_SERVICE_ACCOUNT_EMAIL \ --role roles/firebase.admin ``` @@ -56,34 +38,54 @@ gcloud projects add-iam-policy-binding $KUDA_GCP_PROJECT \ KEY_DIRECTORY=$(mktemp -d) # Download the secret key file for your service account. -gcloud iam service-accounts keys create $KEY_DIRECTORY/deployer-credentials.json \ - --iam-account=$KUDA_DEPLOYER_SA_EMAIL +gcloud iam service-accounts keys create $KEY_DIRECTORY/api-credentials.json \ + --iam-account=$KUDA_API_SERVICE_ACCOUNT_EMAIL # Upload that as a secret in your Kubernetes cluster. -kubectl create secret -n kuda generic deployer-credentials \ - --from-file=key.json=$KEY_DIRECTORY/deployer-credentials.json +kubectl create secret -n kuda generic api-credentials \ + --from-file=key.json=$KEY_DIRECTORY/api-credentials.json # Delete the local secret rm -rf $KEY_DIRECTORY ``` -### 3) Update the service.yaml with your GCP project id. +### 3) Update the service.yaml with your GCP project id and project domain. ```bash +export KUDA_GCP_PROJECT="your-gcp-project" +export KUDA_DOMAIN="your-domain" +``` + +```bash +cd install/api +cp service-workaround.tpl.yaml service-workaround.yaml +sed -i'.bak' "s/\$KUDA_GCP_PROJECT/$KUDA_GCP_PROJECT/g" service-workaround.yaml +sed -i'.bak' "s/\$KUDA_DOMAIN/$KUDA_DOMAIN/g" service-workaround.yaml +rm service-workaround.yaml.bak +cd - +``` + + -### 4) Deploy with skaffold. +### 4) Deploy. ```bash -skaffold run -f images/deployer/skaffold.yaml +kubectl apply -f install/api/service-workaround.yaml ``` -### 5) (Optional) If you want to start dev mode. + -```bash -skaffold dev \ - -f images/deployer/skaffold.yaml -``` \ No newline at end of file +Then check if your deployment is ready, `curl http://api.` and if +see "hello!", you are all set. + +## Development + +See [DEVELOPMENT.md](./DEVELOPMENT.MD) diff --git a/install/api/service-workaround.tpl.yaml b/install/api/service-workaround.tpl.yaml index c022192..df7f90b 100644 --- a/install/api/service-workaround.tpl.yaml +++ b/install/api/service-workaround.tpl.yaml @@ -55,7 +55,7 @@ metadata: namespace: kuda spec: hosts: - - api.$KUDA_DOMAIN + - api.kuda.$KUDA_DOMAIN - api.kuda - api.kuda.svc - api.kuda.svc.cluster.local @@ -82,7 +82,7 @@ spec: name: http protocol: HTTP hosts: - - api.$KUDA_DOMAIN + - api.kuda.$KUDA_DOMAIN - api.kuda - api.kuda.svc - api.kuda.svc.cluster.local @@ -95,7 +95,7 @@ spec: privateKey: /etc/istio/ingressgateway-certs/tls.key serverCertificate: /etc/istio/ingressgateway-certs/tls.crt hosts: - - api.$KUDA_DOMAIN + - api.kuda.$KUDA_DOMAIN - api.kuda - api.kuda.svc - api.kuda.svc.cluster.local diff --git a/install/api/service.tpl.yaml b/install/api/service.tpl.yaml index 7d33a8b..27d9c10 100644 --- a/install/api/service.tpl.yaml +++ b/install/api/service.tpl.yaml @@ -1,7 +1,7 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: - name: deployer + name: api namespace: kuda spec: template: @@ -11,17 +11,17 @@ spec: sidecar.istio.io/rewriteAppHTTPProbers: "true" spec: containers: - - image: gcr.io/kuda-project/deployer + - image: gcr.io/kuda-project/api volumeMounts: - name: secret readOnly: true mountPath: "/secret" env: - name: KUDA_GCP_PROJECT - value: + value: $KUDA_GCP_PROJECT - name: GOOGLE_APPLICATION_CREDENTIALS value: /secret/key.json volumes: - name: secret secret: - secretName: deployer-credentials + secretName: api-credentials diff --git a/install/api/skaffold.yaml b/install/api/skaffold.yaml index b37759d..ec046c3 100644 --- a/install/api/skaffold.yaml +++ b/install/api/skaffold.yaml @@ -2,10 +2,10 @@ apiVersion: skaffold/v1 kind: Config build: artifacts: - - image: gcr.io/kuda-project/deployer - docker: - dockerfile: images/deployer/Dockerfile + - image: gcr.io/kuda-project/api + docker: + dockerfile: install/api/Dockerfile deploy: kubectl: manifests: - - images/deployer/service-workaround.yaml + - install/api/service-workaround.yaml