done setup trusted platfrom

yeahbutstill · Oct 23, 2024 · b84fe78 · b84fe78
1 parent 9fb8437
commit b84fe78
Show file tree

Hide file tree

Showing 21 changed files with 139 additions and 581 deletions.
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
diff --git a/README.md b/README.md
@@ -121,6 +121,18 @@ kubectl get deployments
 mvn spring-boot:build-image
 ```
 
+## Menggunakan mode kubernetes auth
+```shell
+# start minikube
+minikube start
+
+# export ENV
+export VAULT_ADDR='http://[::]:8200'
+export VAULT_TOKEN='root'
+
+# create service account
+kubectl create serviceaccount sa-contact-management
+```
 ## install ke pakcage kubernet
 ```shell
 helm install vault hashicorp/vault \
@@ -136,14 +148,13 @@ kubectl port-forward service/vault-ui 8200:8200
 
 # http://localhost:8200
 ```
-lalu Jalankan terraform script yang ada di folder tf-provisioner seperti langkah di atas.
+
 
 ## Masuk ke pod vault
 ```shell
 kubectl exec -it vault-0 -- /bin/sh
 
 export VAULT_ADDR='http://[::]:8200'
-
 export VAULT_TOKEN='root'
 
 vault auth enable kubernetes
@@ -157,6 +168,11 @@ vault write auth/kubernetes/role/database \
     bound_service_account_namespaces=default \
     policies=applikasi-contact-management-readonly \
     ttl=20m
+
+
+exit
+```
+```shell
 ```
 
 ## Install the secrets store CSI driver
@@ -178,7 +194,18 @@ eval $(minikube docker-env)
 ## Lanjut build spring boot jadi docker image, kalau udah ada jangan lupa yang lama dihapus dulu
 mvn spring-boot:build-image -Dmaven.test.skip
 
-## Deploy back-end aplikasi
+# init terra dan jalankan teraform ke vult
+cd tf-provisioner
+terraform init
+terraform apply
+
+# create service account
+kubectl create serviceaccount sa-contact-management
+
+## Deploy
+kubectl apply -f k8s/00-configmap.yml
+kubectl apply -f k8s/00-secret-vault-store.yml
+kubectl apply -f k8s/01-database.yml
 kubectl apply -f k8s/02-aplikasi.yml
 ```
 

diff --git a/compose.yaml b/compose.yaml
@@ -29,4 +29,6 @@ services:
     environment:
       VAULT_DEV_ROOT_TOKEN_ID: 'root-token-for-dev-purpose-only'
     ports:
-      - '8288:8288'
+      - '8288:8288'
+    expose:
+      - '8288'
diff --git a/jmeter.log b/jmeter.log
@@ -0,0 +1,22 @@
+2024-10-22 22:03:00,912 INFO o.a.j.u.JMeterUtils: Setting Locale to en_EN
+2024-10-22 22:03:00,951 INFO o.a.j.JMeter: Loading user properties from: /home/dnl/.sdkman/candidates/jmeter/5.6/bin/user.properties
+2024-10-22 22:03:00,953 INFO o.a.j.JMeter: Loading system properties from: /home/dnl/.sdkman/candidates/jmeter/5.6/bin/system.properties
+2024-10-22 22:03:00,962 INFO o.a.j.JMeter: Copyright (c) 1998-2023 The Apache Software Foundation
+2024-10-22 22:03:00,963 INFO o.a.j.JMeter: Version 5.6
+2024-10-22 22:03:00,963 INFO o.a.j.JMeter: java.version=21.0.4
+2024-10-22 22:03:00,963 INFO o.a.j.JMeter: java.vm.name=Java HotSpot(TM) 64-Bit Server VM
+2024-10-22 22:03:00,963 INFO o.a.j.JMeter: os.name=Linux
+2024-10-22 22:03:00,963 INFO o.a.j.JMeter: os.arch=amd64
+2024-10-22 22:03:00,964 INFO o.a.j.JMeter: os.version=6.10.6-200.fc40.x86_64
+2024-10-22 22:03:00,964 INFO o.a.j.JMeter: file.encoding=UTF-8
+2024-10-22 22:03:00,964 INFO o.a.j.JMeter: java.awt.headless=null
+2024-10-22 22:03:00,964 INFO o.a.j.JMeter: Max memory     =1073741824
+2024-10-22 22:03:00,964 INFO o.a.j.JMeter: Available Processors =8
+2024-10-22 22:03:00,987 INFO o.a.j.JMeter: Default Locale=English (EN)
+2024-10-22 22:03:00,987 INFO o.a.j.JMeter: JMeter  Locale=English (EN)
+2024-10-22 22:03:00,988 INFO o.a.j.JMeter: JMeterHome=/home/dnl/.sdkman/candidates/jmeter/5.6
+2024-10-22 22:03:00,988 INFO o.a.j.JMeter: user.dir  =/home/dnl/IdeaProjects/contact-management
+2024-10-22 22:03:00,988 INFO o.a.j.JMeter: PWD       =/home/dnl/IdeaProjects/contact-management
+2024-10-22 22:03:00,989 INFO o.a.j.JMeter: IP: 192.168.1.17 Name: fedora FullName: fedora
+2024-10-22 22:03:01,029 INFO o.a.j.JMeter: Loaded icon properties from org/apache/jmeter/images/icon.properties
+2024-10-22 22:03:01,938 INFO o.a.j.JMeterGuiLauncher: Setting LAF to: com.github.weisj.darklaf.DarkLaf:com.github.weisj.darklaf.theme.DarculaTheme
diff --git a/k8s/01-database.yml b/k8s/01-database.yml
@@ -110,4 +110,4 @@ spec:
     app: contact-management
     tier: db
     stage: dev
-    ver: v2024070905
+    ver: v2024070905
diff --git a/k8s/02-aplikasi.yml b/k8s/02-aplikasi.yml
@@ -28,6 +28,13 @@ spec:
       - name: container-backend-contact-management
         image: 2819930922/contact-management-api:latest
         imagePullPolicy: Never
+        resources:
+          requests:
+            memory: 1331Mi     # Maximum memory usage is 1.3 GiB
+            cpu: 600m          # Maximum CPU usage is 60% of 1 CPU core (600 millicores)
+          limits:
+            memory: 2Gi        # Guaranteed 2 GiB of memory
+            cpu: 1000m         # Guaranteed 1 CPU core
         env:
         - name: SPRING_DATASOURCE_URL
           valueFrom:
@@ -55,38 +62,28 @@ spec:
             path: /actuator/health/liveness
             port: 8080
             scheme: HTTP
-          initialDelaySeconds: 2000
-          timeoutSeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          failureThreshold: 3
         livenessProbe:
           httpGet:
             path: /actuator/health/liveness
             port: 8080
             scheme: HTTP
-          initialDelaySeconds: 90
-          timeoutSeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          failureThreshold: 3
+          initialDelaySeconds: 15
+          periodSeconds: 20
         readinessProbe:
           httpGet:
             path: /actuator/health/readiness
             port: 8080
             scheme: HTTP
-          initialDelaySeconds: 60
-          timeoutSeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          failureThreshold: 3
+          initialDelaySeconds: 5
+          periodSeconds: 10
       volumes:
       - name: secret-dari-vault
         csi:
           driver: secrets-store.csi.k8s.io
           readOnly: true
           volumeAttributes:
             secretProviderClass: "vault-database"
+
 ---
 apiVersion: v1
 kind: Service
@@ -105,3 +102,18 @@ spec:
     tier: backend
     stage: dev
     ver: v2024070905
+
+---
+# The following is responsible for the autoscaling.
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: deployment-backend-contact-management
+spec:
+  scaleTargetRef:
+    kind: Deployment
+    name: deployment-backend-contact-management
+    apiVersion: apps/v1
+  minReplicas: 2
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 60
diff --git a/lb.txt b/lb.txt