Merge branch 'feature/aws' of https://github.com/werniq/Go-Gator into…

… feature/aws-cdk

.github/workflows/ecr-deployment.yml

@@ -25,32 +25,15 @@ jobs:
           aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ env.AWS_REGION }}
 
-      - name: Login to ECR
-        id: ecr_login
-        run: |
-          aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
-
-      - name: Build Docker image
-        run: |
-          docker build -t qniw984/go-gator .
-          docker tag qniw984/go-gator ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/qniw984/go-gator
-
-      - name: Push Docker image to ECR
-        run: |
-          docker push ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/qniw984/go-gator
-
-      - name: Update and build dependencies in chart
+      - name: Install Taskfile
         run: |
-          cd go-gator
-          helm repo add cert-manager https://charts.jetstack.io
-          helm repo add vertical-pod-autoscaler https://stevehipwell.github.io/helm-charts/
-          helm dependency update
-          helm dependency build
+          sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin
 
-      - name: Build Helm chart
+      - name: Login to AWS ECR
+        id: ecr_login
         run: |
-          helm package go-gator
+          task awsLogin
 
-      - name: Push Helm chart to ECR
+      - name: Build and Push all Charts and All Images to AWS ECR
         run: |
-          helm push go-gator-${{ env.CHART_VERSION }}.tgz oci://${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/qniw984/
+          task deployAll

Taskfile.yml

@@ -1,5 +1,13 @@
 version: '3'
 
+includes:
+  operator:
+    taskfile: ./operator/Taskfile.yml
+    dir: ./operator
+  cronJob:
+    taskfile: ./news_fetcher/Taskfile.yml
+    dir: ./news_fetcher
+
 env:
   DOCKER_IMAGE_NAME: '{{ .DOCKER_IMAGE_NAME | default "go-gator" }}'
   DOCKER_USERNAME:   '{{ .DOCKER_USERNAME | default "qniw984" }}'
@@ -89,7 +97,7 @@ tasks:
   installChart:
     desc: Install the Helm chart on the Kubernetes cluster
     cmds:
-      - helm install go-gator-{{ .GO_GATOR_CHART_VERSION }}.tgz go-gator
+      - helm install go-gator-{{ .GO_GATOR_CHART_VERSION }}.tgz go-gator --create-namespace -n go-gator
 
   uninstallChart:
     desc: Uninstall the Helm chart from the Kubernetes cluster
@@ -110,19 +118,35 @@ tasks:
   goGatorImageEcrPush:
     desc: Push image to ECR
     deps:
-      - img-ecr-build
+      - goGatorImageEcrBuild
     cmds:
       - docker push {{ .AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/qniw984/go-gator
 
+  addChartDependencies:
+    desc: Add required charts to dependencies list
+    cmds:
+      - cd go-gator
+      - helm repo add cert-manager https://charts.jetstack.io
+      - helm repo add vertical-pod-autoscaler https://stevehipwell.github.io/helm-charts/
+
+  updateAndBuildChartDependencies:
+    desc: Update and build chart dependencies
+    cmds:
+      - helm dependency update ./go-gator
+      - helm dependency build ./go-gator
+
   goGatorChartEcrBuild:
     desc: Build Helm chart for ECR
+    deps:
+      - addChartDependencies
+      - updateAndBuildChartDependencies
     cmds:
       - helm package go-gator
 
   goGatorChartEcrPush:
     desc: Push image to ECR
     deps:
-      - ecr-build
+      - goGatorChartEcrBuild
     cmds:
       - helm push go-gator-{{ .GO_GATOR_CHART_VERSION }}.tgz oci://{{ .AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/qniw984/
 
@@ -136,4 +160,12 @@ tasks:
     deps:
       - day0EcrBuild
     cmds:
-      - helm push day-0-{{ .DAY_0_VERSION }}.tgz oci://{{ .AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/qniw984/
+      - helm push day-0-{{ .DAY_0_CHART_VERSION }}.tgz oci://{{ .AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/qniw984/
+
+  deployAll:
+    desc: Deploy all images and charts to ECR
+    cmds:
+      - for: [ awsLogin, operator:docker-build, cronJob:publish, goGatorImageEcrPush, goGatorChartEcrPush, day0EcrPush ]
+        task: '{{.ITEM}}'
+      - helm uninstall go-gator -n go-gator
+      - kubectl delete namespace go-gator

go-gator/templates/go_gator_secret.yaml → go-gator/templates/go_gator_cert.yaml

@@ -1,19 +1,17 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: go-gator-server
+  name: {{ .Values.certificate.name }}
   namespace: {{ .Values.namespace }}
 spec:
   isCA: false
   commonName: go-gator-server
-  secretName: {{ .Values.certSecret.name }}
+  secretName: cert-secret
   privateKey:
-    algorithm: ECDSA
-    size: 256
+    algorithm: {{ .Values.certificate.privateKey.algorithm }}
+    size: {{ .Values.certificate.privateKey.size }}
   usages:
     - server auth
     - client auth
-  dnsNames:
-    - "go-gator-server"
   issuerRef:
     name: {{ .Values.issuer.name }}

go-gator/templates/role.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Values.goGatorService.name }}
+  namespace: {{ .Values.goGatorService.namespace }}
+rules:
+  - apiGroups: ["v1"]
+    resources: ["pods"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Values.cronJobRole.name }}
+  namespace: {{ .Values.cronJobRole.namespace }}

go-gator/templates/role_binding.yaml

@@ -0,0 +1,33 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.goGatorRoleBinding.name }}
+  namespace: {{ .Values.namespace }}
+subjects:
+  {{ range .Values.goGatorRoleBinding.subjects }}
+  - kind: {{ .kind }}
+    name: {{ .name }}
+    namespace: {{ .namespace }}
+    apiGroup: {{ .apiGroup }}
+  {{ end }}
+roleRef:
+  kind: Role
+  name: {{ .Values.goGatorService.name }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.cronJobRoleBinding.name }}
+  namespace: {{ .Values.namespace }}
+subjects:
+  {{ range .Values.cronJobRoleBinding.subjects }}
+  - kind: {{ .kind }}
+    name: {{ .name }}
+    apiGroup: {{ .apiGroup }}
+    namespace: {{ .namespace }}
+  {{ end }}
+roleRef:
+  kind: Role
+  name: {{ .Values.cronJobRole.name }}
+  apiGroup: rbac.authorization.k8s.io

go-gator/values.yaml

@@ -15,6 +15,30 @@ cronJob:
   schedule: "0 0 * * *"
   image: qniw984/news-fetching-job:1.1.0
 
+goGatorService:
+  name: go-gator-service
+  namespace: go-gator
+
+goGatorRoleBinding:
+  name: go-gator-service-binding
+  subjects:
+    - kind: ServiceAccount
+      name: go-gator-service
+      apiGroup: ""
+      namespace: go-gator
+
+cronJobRoleBinding:
+  name: cron-job-sa-binding
+  subjects:
+    - kind: ServiceAccount
+      name: cron-job-sa
+      apiGroup: ""
+      namespace: go-gator
+
+cronJobRole:
+  name: cron-job-role
+  namespace: go-gator
+
 serviceAccount:
   create: true
   automount: true
@@ -83,6 +107,12 @@ issuer:
 certSecret:
   name: cert-secret
 
+certificate:
+  name: go-gator-server-cert
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+
 autoscaling:
   enabled: false
 

go.mod

@@ -8,89 +8,41 @@ require (
 	github.com/PuerkitoBio/goquery v1.9.2
 	github.com/gin-gonic/gin v1.10.0
 	github.com/jarcoal/httpmock v1.3.1
-	github.com/spf13/cobra v1.8.1
+	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.9.0
 )
 
 require (
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bytedance/sonic v1.11.6 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-logr/zapr v1.3.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.20.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
-	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_golang v1.19.1 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.31.0 // indirect
-	k8s.io/apiextensions-apiserver v0.31.0 // indirect
-	k8s.io/apimachinery v0.31.0 // indirect
-	k8s.io/client-go v0.31.0 // indirect
-	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
-	sigs.k8s.io/controller-runtime v0.19.0 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
-	sigs.k8s.io/yaml v1.4.0 // indirect
-)
+)