init repo

author: Santo Cariotti <santo@dcariotti.me> 2024-09-15 16:11:14 +0200
committer: Santo Cariotti <santo@dcariotti.me> 2024-09-15 16:11:14 +0200
commit: 6921533ab3cb09b629b77ef5a531d59cbba5c4d9 (patch)
tree: 5bc74dfaa913c8db9d909af336e139f1630d4ce3
10 files changed, 216 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8a66c56
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+# CAS4 network
+
+<img src="https://avatars.githubusercontent.com/u/175958109?s=100&v=4" alt="Logo" align="right"/>
+
+This repository refers to the network of the CAS-4 project of this organisation.
+
+## Set up
+
+You can run Kubernetes via Minikube or K3s. After the installation (we suggest
+you Minikube in this case) you have to set up the environment:
+
+- `JWT_SECRET`: the base64 version of the secret used for JWT tokens.
+- `EXPO_ACCESS_TOKEN`: the base64 version of the [Expo](https://expo.dev) access token.
+- `UNREALSPEECH_TOKEN`: the base64 version of the [Unrealspeech](https://unrealspeech.com/) access token.
+- `RUST_LOG`: level of Rust logging
+
+After that just run
+
+```sh
+./run.sh apply
+```
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000..87fc19b
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+usage() {
+  echo "Usage: $0 (apply|delete)"
+}
+
+if [ $# -ne 1 ]; then
+  usage
+  exit 1
+fi
+
+command=$1
+
+if [ "$1" != "apply" ] && [ "$1" != "delete" ]; then
+  usage
+  exit 1
+fi
+
+K8S_FOLDER="./yaml"
+
+YAML_FILES=(
+  "cas-config.yaml"
+  "cas-deployment.yaml"
+  "cas-secret.yaml"
+  "cas-service.yaml"
+  "network-policy.yaml"
+  "pgdata-pvc.yaml"
+  "postgres-deployment.yaml"
+  "postgres-service.yaml"
+)
+
+for file in "${YAML_FILES[@]}"; do
+  file="$K8S_FOLDER/$file"
+  echo "${command^}ing $file ..."
+  envsubst < $file | kubectl "$command" -f -
+done
diff --git a/yaml/cas-config.yaml b/yaml/cas-config.yaml
new file mode 100644
index 0000000..a7aa9d8
--- /dev/null
+++ b/yaml/cas-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cas-config
+data:
+  RUST_LOG: ${RUST_LOG}
+  DATABASE_URL: "postgres://postgres:password@postgres-service:5432/gis"
+  ALLOWED_HOST: "0.0.0.0:8000"
diff --git a/yaml/cas-deployment.yaml b/yaml/cas-deployment.yaml
new file mode 100644
index 0000000..fc0289a
--- /dev/null
+++ b/yaml/cas-deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cas-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cas
+  template:
+    metadata:
+      labels:
+        app: cas
+    spec:
+      containers:
+        - name: cas
+          image: ghcr.io/cas-4/backend:latest
+          imagePullPolicy: Always
+          env:
+            - name: RUST_LOG
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: RUST_LOG
+            - name: DATABASE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: DATABASE_URL
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: JWT_SECRET
+            - name: EXPO_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: EXPO_ACCESS_TOKEN
+            - name: UNREALSPEECH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cas-secret
+                  key: UNREALSPEECH_TOKEN
+            - name: ALLOWED_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: cas-config
+                  key: ALLOWED_HOST
+          ports:
+            - containerPort: 8000
+      restartPolicy: Always
diff --git a/yaml/cas-secret.yaml b/yaml/cas-secret.yaml
new file mode 100644
index 0000000..a2fc3e3
--- /dev/null
+++ b/yaml/cas-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cas-secret
+type: Opaque
+data:
+  JWT_SECRET: ${JWT_SECRET}
+  EXPO_ACCESS_TOKEN: ${EXPO_ACCESS_TOKEN}
+  UNREALSPEECH_TOKEN: ${UNREALSPEECH_TOKEN}
diff --git a/yaml/cas-service.yaml b/yaml/cas-service.yaml
new file mode 100644
index 0000000..ff1d8c5
--- /dev/null
+++ b/yaml/cas-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cas-service
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+      name: http
+      protocol: TCP
+  selector:
+    app: cas
+  type: ClusterIP
diff --git a/yaml/network-policy.yaml b/yaml/network-policy.yaml
new file mode 100644
index 0000000..2af8a27
--- /dev/null
+++ b/yaml/network-policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-cas-postgres
+spec:
+  podSelector:
+    matchLabels:
+      app: cas
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+      - podSelector:
+          matchLabels:
+            app: postgres
+    ports:
+    - protocol: TCP
+      port: 5432
diff --git a/yaml/pgdata-pvc.yaml b/yaml/pgdata-pvc.yaml
new file mode 100644
index 0000000..7580530
--- /dev/null
+++ b/yaml/pgdata-pvc.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pgdata-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/yaml/postgres-deployment.yaml b/yaml/postgres-deployment.yaml
new file mode 100644
index 0000000..fd9945f
--- /dev/null
+++ b/yaml/postgres-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgis/postgis:16-3.4
+          env:
+            - name: POSTGRES_USER
+              value: "postgres"
+            - name: POSTGRES_PASSWORD
+              value: "password"
+            - name: POSTGRES_DB
+              value: "gis"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: pgdata
+            - mountPath: /docker-entrypoint-initdb.d
+              name: schema
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: pgdata-pvc
+        - name: schema
+          hostPath:
+            path: ${PGDATA}
diff --git a/yaml/postgres-service.yaml b/yaml/postgres-service.yaml
new file mode 100644
index 0000000..ad3b969
--- /dev/null
+++ b/yaml/postgres-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-service
+spec:
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: postgres
+  type: ClusterIP
author	Santo Cariotti <santo@dcariotti.me>	2024-09-15 16:11:14 +0200
committer	Santo Cariotti <santo@dcariotti.me>	2024-09-15 16:11:14 +0200
commit	6921533ab3cb09b629b77ef5a531d59cbba5c4d9 (patch)
tree	5bc74dfaa913c8db9d909af336e139f1630d4ce3