Fichiers descriptifs YAML pour déploiement Kubernetes

TestOIDCBlazorWASM.sln

@@ -18,8 +18,8 @@ EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Éléments de solution", "Éléments de solution", "{6F8A051C-1D13-480B-BCFD-1ABABF1F5C8D}"
 	ProjectSection(SolutionItems) = preProject
 		Caddyfile = Caddyfile
-		docker-compose-iam.yml = docker-compose-iam.yml
 		docker-compose-full.yml = docker-compose-full.yml
+		docker-compose-iam.yml = docker-compose-iam.yml
 		docker-compose.yml = docker-compose.yml
 		iam.service = iam.service
 		MotDePasseCertificatClient.secret = MotDePasseCertificatClient.secret
@@ -43,6 +43,19 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{DBA339
 		images\welcomechemistry.png = images\welcomechemistry.png
 	EndProjectSection
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "k8s", "k8s", "{F00792F2-CCB6-44D1-837B-991823149B05}"
+	ProjectSection(SolutionItems) = preProject
+		k8s\api.yaml = k8s\api.yaml
+		k8s\configmap.yaml = k8s\configmap.yaml
+		k8s\db.yaml = k8s\db.yaml
+		k8s\ged.yaml = k8s\ged.yaml
+		k8s\ingress.yaml = k8s\ingress.yaml
+		k8s\mom.yaml = k8s\mom.yaml
+		k8s\namespace.yaml = k8s\namespace.yaml
+		k8s\recep.yaml = k8s\recep.yaml
+		k8s\server.yaml = k8s\server.yaml
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -79,6 +92,7 @@ Global
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{DBA33922-0DE1-47AB-BC17-9F2EF2545E5D} = {6F8A051C-1D13-480B-BCFD-1ABABF1F5C8D}
+		{F00792F2-CCB6-44D1-837B-991823149B05} = {6F8A051C-1D13-480B-BCFD-1ABABF1F5C8D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {2D65A552-56A9-4CCB-84F3-CCC7D07B0AD9}

k8s/api.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: tobw
+  name: api-deploy
+  labels:
+    app: api
+spec:
+  selector:
+    matchLabels:
+      app: api
+  template:
+    metadata:
+      labels:
+        app: api
+    spec:
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: certifclient
+      containers:
+      - name: api
+        image: registreakseni.azurecr.io/testoidcblazorwasmapi:1.4
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 250m
+            memory: 256Mi
+        ports:
+        - containerPort: 443
+        env:
+        - name: Securite__CheminFichierCertificatClient
+          value: /etc/secret-volume/fichier
+        - name: Securite__MotDePasseCertificatClient
+          valueFrom:
+            secretKeyRef:
+              name: certifclient
+              key: motdepasse
+              optional: false
+        args: ["--PersistanceNoSQL__PersonnesConnectionString=mongodb://db:27017", "--PersistanceNoSQL__PersonnesDatabaseName=personnes", "--PersistanceNoSQL__PersonnesCollectionName=personnes", "--Securite__EmpreinteCertificatClient=41E81F27F42F381B7406129DAAB055802F9A64B9"]
+        volumeMounts:
+        - name: secret-volume
+          readOnly: true
+          mountPath: "/etc/secret-volume"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: tobw
+  name: api-service
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: 443
+    targetPort: 443
+  selector:
+    app: api

k8s/configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: tobw
+  name: tobw-params
+data:
+  ASPNETCORE_ENVIRONMENT: "Development"
+  URLBaseServiceAPI: "https://api"

k8s/db.yaml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: tobw
+  name: db-deploy
+  labels:
+    app: db
+spec:
+  selector:
+    matchLabels:
+      app: db
+  template:
+    metadata:
+      labels:
+        app: db
+    spec:
+      containers:
+      - name: db
+        image: mongo:4.4
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 250m
+            memory: 512Mi
+        ports:
+        - containerPort: 27017
+        readinessProbe:
+          exec:
+            command: 
+            - mongo 
+            - --eval
+            - "'db.runCommand(\"ping\").ok'"
+            - localhost:27017/personnes
+            - --quiet
+          initialDelaySeconds: 1
+          periodSeconds: 3
+          timeoutSeconds: 1
+          failureThreshold: 10
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: tobw
+  name: db-service
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: 27017
+    targetPort: 27017
+  selector:
+    app: db

k8s/ged.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: tobw
+  name: ged-deploy
+  labels:
+    app: ged
+spec:
+  selector:
+    matchLabels:
+      app: ged
+  template:
+    metadata:
+      labels:
+        app: ged
+    spec:
+      containers:
+      - name: ged
+        image: nuxeo:10.10
+        resources:
+          requests:
+            cpu: 100m
+            memory: 512Mi
+          limits:
+            cpu: 250m
+            memory: 1024Mi
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: tobw
+  name: ged-service
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: 8080
+    targetPort: 8080
+  selector:
+    app: ged

k8s/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: tobw
+  name: ingress
+  annotations:
+    kubernetes.io/ingress.class: addon-http-application-routing
+spec:
+  defaultBackend:
+    service:
+      name: server-service
+      port: 
+        number: 5000
+  rules:
+  - host: tobw.d0b4c61afc1e40ceb652.francecentral.aksapp.io
+    http:
+      paths:
+      - path: /nuxeo
+        pathType: Prefix
+        backend:
+          service: 
+            name: ged-service
+            port: 
+              number: 8080

k8s/mom.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: tobw
+  name: mom-deploy
+  labels:
+    app: mom
+spec:
+  selector:
+    matchLabels:
+      app: mom
+  template:
+    metadata:
+      labels:
+        app: mom
+    spec:
+      containers:
+      - name: mom
+        image: rabbitmq:3-management
+        resources:
+          requests:
+            cpu: 100m
+            memory: 512Mi
+          limits:
+            cpu: 250m
+            memory: 1024Mi
+        env:
+        - name: RABBITMQ_DEFAULT_USER
+          valueFrom:
+            secretKeyRef:
+              name: mom-secrets
+              key: user
+        - name: RABBITMQ_DEFAULT_PASS
+          valueFrom:
+            secretKeyRef:
+              name: mom-secrets
+              key: pass
+        ports:
+        - containerPort: 5672
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: tobw
+  name: mom-service
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: 5672
+    targetPort: 5672
+  selector:
+    app: mom

k8s/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tobw

k8s/recep.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: tobw
+  name: recep-deploy
+  labels:
+    app: recep
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: recep
+  template:
+    metadata:
+      labels:
+        app: recep
+    spec:
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: certifclient
+      containers:
+      - name: recep
+        image: registreakseni.azurecr.io/recepteurmessages:1.4
+        imagePullPolicy: Always
+        stdin: true
+        tty: true
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 250m
+            memory: 256Mi
+        env:
+        - name: Securite__CheminFichierCertificatClient
+          value: /etc/secret-volume/fichier
+        - name: Securite__MotDePasseCertificatClient
+          valueFrom:
+            secretKeyRef:
+              name: certifclient
+              key: motdepasse
+              optional: false
+        envFrom:
+        - configMapRef:
+            name: tobw-params
+        args: ["--RabbitMQ__HoteServeur=mom-service.tobw.svc", "--RabbitMQ__Utilisateur=rapido", "--RabbitMQ__MotDePasse=k5rXH6wmBhE2bukfXFsz", "--RabbitMQ__NomQueueMessagesCreationPersonnes=personnes", "--GED__URLAtomPub=http://ged:8080/nuxeo/atom/cmis", "--GED__ServiceAccountName=Administrator", "--GED__ServiceAccountPassword=Administrator", "--GED__ModeleURLExpositionDirecteDocuments=https://dockereni.francecentral.cloudapp.azure.com/nuxeo/atom/cmis/default/content/{nomFichier}?id={idDoc}"]
+        volumeMounts:
+        - name: secret-volume
+          readOnly: true
+          mountPath: "/etc/secret-volume"

k8s/server.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: tobw
+  name: server-deploy
+  labels:
+    app: server
+spec:
+  selector:
+    matchLabels:
+      app: server
+  template:
+    metadata:
+      labels:
+        app: server
+    spec:
+      containers:
+      - name: server
+        image: registreakseni.azurecr.io/testoidcblazorwasmserver:1.4
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 250m
+            memory: 256Mi
+        ports:
+        - containerPort: 5000
+        envFrom:
+        - configMapRef:
+            name: tobw-params
+        args: ["--RabbitMQ__HoteServeur=mom", "--RabbitMQ__Utilisateur=rapido", "--RabbitMQ__MotDePasse=k5rXH6wmBhE2bukfXFsz", "--RabbitMQ__NomQueueMessagesCreationPersonnes=personnes", "--PersistanceNoSQL__PersonnesConnectionString=mongodb://db:27017", "--PersistanceNoSQL__PersonnesDatabaseName=personnes", "--PersistanceNoSQL__PersonnesCollectionName=personnes", "--OIDC__Authority=https://dockereni.francecentral.cloudapp.azure.com:8443/realms/LivreENI/", "--OIDC__ClientId=appli-eni"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: tobw
+  name: server-service
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: 5000
+    targetPort: 5000
+  selector:
+    app: server