From e8f83b83195e135cb1814400273e8908b4d0ed00 Mon Sep 17 00:00:00 2001 From: ebusho Date: Tue, 10 Sep 2024 12:04:14 +0200 Subject: [PATCH 1/4] Switch overlays to JSON patch --- kubernetes/production/patch-deployment.yml | 9 +++----- kubernetes/production/patch-ingress.yml | 27 +++++----------------- kubernetes/production/patch-secrets.yml | 11 +++------ kubernetes/staging/patch-deployment.yml | 9 +++----- kubernetes/staging/patch-ingress.yml | 27 +++++----------------- kubernetes/staging/patch-secrets.yml | 11 +++------ 6 files changed, 24 insertions(+), 70 deletions(-) diff --git a/kubernetes/production/patch-deployment.yml b/kubernetes/production/patch-deployment.yml index e45ade69..7a0cb9ab 100644 --- a/kubernetes/production/patch-deployment.yml +++ b/kubernetes/production/patch-deployment.yml @@ -1,6 +1,3 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defi-providers -spec: - replicas: 2 +- op: replace + path: /spec/replicas + value: 2 diff --git a/kubernetes/production/patch-ingress.yml b/kubernetes/production/patch-ingress.yml index 6be1bb85..450c53c4 100644 --- a/kubernetes/production/patch-ingress.yml +++ b/kubernetes/production/patch-ingress.yml @@ -1,21 +1,6 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: defi-providers -spec: - rules: - - host: defi-providers.dappradar.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: defi-providers - port: - number: 443 - - tls: - - hosts: - - defi-providers.dappradar.com - secretName: defi-providers-tls +- op: replace + path: /spec/rules/0/host + value: defi-providers.dappradar.com +- op: replace + path: /spec/tls/0/hosts/0 + value: defi-providers.dappradar.com diff --git a/kubernetes/production/patch-secrets.yml b/kubernetes/production/patch-secrets.yml index 0790f135..ac91bec8 100644 --- a/kubernetes/production/patch-secrets.yml +++ b/kubernetes/production/patch-secrets.yml @@ -1,8 +1,3 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: defi-providers -spec: - dataFrom: - - extract: - key: "/defi-providers/prod" +- op: replace + path: /spec/dataFrom/0/extract/key + value: "/defi-providers/prod" diff --git a/kubernetes/staging/patch-deployment.yml b/kubernetes/staging/patch-deployment.yml index e45ade69..7a0cb9ab 100644 --- a/kubernetes/staging/patch-deployment.yml +++ b/kubernetes/staging/patch-deployment.yml @@ -1,6 +1,3 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defi-providers -spec: - replicas: 2 +- op: replace + path: /spec/replicas + value: 2 diff --git a/kubernetes/staging/patch-ingress.yml b/kubernetes/staging/patch-ingress.yml index f1bf9c05..ee45a6eb 100644 --- a/kubernetes/staging/patch-ingress.yml +++ b/kubernetes/staging/patch-ingress.yml @@ -1,21 +1,6 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: defi-providers -spec: - rules: - - host: defi-providers.dappradar.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: defi-providers - port: - number: 443 - - tls: - - hosts: - - defi-providers.dappradar.dev - secretName: defi-providers-tls \ No newline at end of file +- op: replace + path: /spec/rules/0/host + value: defi-providers.dappradar.dev +- op: replace + path: /spec/tls/0/hosts/0 + value: defi-providers.dappradar.dev diff --git a/kubernetes/staging/patch-secrets.yml b/kubernetes/staging/patch-secrets.yml index 88aabfbe..dd8d1763 100644 --- a/kubernetes/staging/patch-secrets.yml +++ b/kubernetes/staging/patch-secrets.yml @@ -1,8 +1,3 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: defi-providers -spec: - dataFrom: - - extract: - key: "/defi-providers/qa" +- op: replace + path: /spec/dataFrom/0/extract/key + value: "/defi-providers/qa" From ed195d510ccc0f7563e2a36dac9327465268d202 Mon Sep 17 00:00:00 2001 From: ebusho Date: Tue, 10 Sep 2024 15:59:44 +0200 Subject: [PATCH 2/4] Set workload requests and limits --- kubernetes/base/deployment.yml | 6 ++++++ kubernetes/base/redis.yml | 7 +++---- kubernetes/production/kustomization.yml | 5 +++++ kubernetes/production/patch-deployment.yml | 6 ++++++ kubernetes/production/patch-redis.yml | 6 ++++++ 5 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 kubernetes/production/patch-redis.yml diff --git a/kubernetes/base/deployment.yml b/kubernetes/base/deployment.yml index ef8e52b3..a5478ad7 100644 --- a/kubernetes/base/deployment.yml +++ b/kubernetes/base/deployment.yml @@ -21,3 +21,9 @@ spec: ports: - name: app-port containerPort: 3002 + resources: + requests: + cpu: 300m + memory: 4Gi + limits: + memory: 4Gi diff --git a/kubernetes/base/redis.yml b/kubernetes/base/redis.yml index 10a24a79..ccb9445f 100644 --- a/kubernetes/base/redis.yml +++ b/kubernetes/base/redis.yml @@ -31,11 +31,10 @@ spec: args: ["--requirepass", "$(REDIS_PASSWORD)"] resources: requests: - cpu: 100m - memory: 512M + cpu: 10m + memory: 100Mi limits: - cpu: 1000m - memory: 1G + memory: 100Mi ports: - name: redis-port containerPort: 6379 diff --git a/kubernetes/production/kustomization.yml b/kubernetes/production/kustomization.yml index 436b0c45..0f2b939c 100644 --- a/kubernetes/production/kustomization.yml +++ b/kubernetes/production/kustomization.yml @@ -13,6 +13,11 @@ patches: kind: Ingress name: defi-providers + - path: ./patch-redis.yml + target: + kind: Deployment + name: defi-providers-redis + - path: ./patch-secrets.yml target: kind: ExternalSecret diff --git a/kubernetes/production/patch-deployment.yml b/kubernetes/production/patch-deployment.yml index 7a0cb9ab..f2c16a7e 100644 --- a/kubernetes/production/patch-deployment.yml +++ b/kubernetes/production/patch-deployment.yml @@ -1,3 +1,9 @@ - op: replace path: /spec/replicas value: 2 +- op: replace + path: /spec/template/spec/containers/0/resources/requests/memory + value: "8Gi" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: "8Gi" diff --git a/kubernetes/production/patch-redis.yml b/kubernetes/production/patch-redis.yml new file mode 100644 index 00000000..a899b163 --- /dev/null +++ b/kubernetes/production/patch-redis.yml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/requests/memory + value: "256Mi" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: "256Mi" From b972f3fd53700d215ef0c19c49ee79fc8d1b4dc8 Mon Sep 17 00:00:00 2001 From: ebusho Date: Tue, 10 Sep 2024 16:01:47 +0200 Subject: [PATCH 3/4] Use port 8080 for service --- kubernetes/base/ingress.yml | 2 +- kubernetes/base/service.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/base/ingress.yml b/kubernetes/base/ingress.yml index bd7d2dba..8416219a 100644 --- a/kubernetes/base/ingress.yml +++ b/kubernetes/base/ingress.yml @@ -19,7 +19,7 @@ spec: service: name: defi-providers port: - number: 443 + number: 8080 tls: # specifying a host in the TLS section will tell cert-manager what diff --git a/kubernetes/base/service.yml b/kubernetes/base/service.yml index 6f6dd274..3c2e10f3 100644 --- a/kubernetes/base/service.yml +++ b/kubernetes/base/service.yml @@ -7,5 +7,5 @@ spec: component: defi-providers ports: - name: defi-providers - port: 443 + port: 8080 targetPort: app-port From 22a74559764bdeb78faaf9422c5cd39bedda62b5 Mon Sep 17 00:00:00 2001 From: ebusho Date: Tue, 10 Sep 2024 16:03:39 +0200 Subject: [PATCH 4/4] Switch to ClusterIssuer --- kubernetes/base/ingress.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kubernetes/base/ingress.yml b/kubernetes/base/ingress.yml index 8416219a..a14d5c05 100644 --- a/kubernetes/base/ingress.yml +++ b/kubernetes/base/ingress.yml @@ -3,10 +3,8 @@ kind: Ingress metadata: name: defi-providers annotations: - # SSL certificate - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com + cert-manager.io/issuer: dappradar-cluster-issuer + cert-manager.io/issuer-kind: ClusterIssuer spec: ingressClassName: nginx rules: