PEER-242: Add working gcloud public internet deployment

SeeuSim · SeeuSim · commit 990af1df2d8c · 2024-11-01T12:21:16.000+08:00
Signed-off-by: SeeuSim &lt;seeusimong@gmail.com&gt;
diff --git a/.github/workflows/build-deploy-docker.yaml b/.github/workflows/build-deploy-docker.yaml
@@ -105,7 +105,7 @@ jobs:
         echo "Outputs Generated: $formatted_matrix"
         echo "matrix=$formatted_matrix" >> $GITHUB_OUTPUT
 
-  build-and-push-image:
+  build-push-deploy-image:
     needs: changes
     if: ${{ fromJson(needs.changes.outputs.matrix)[0] != null }}
     runs-on: ubuntu-latest
@@ -186,6 +186,30 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Setup GCloud
+        uses: google-github-actions/setup-gcloud@v
+        if: ${{ contains(github.ref, 'main') && github.event.pull_request.title != 'Feedback' && false }}
+        with: 
+          service_account_key: ${{ secrets.GKE_SA_KEY }}
+          project_id: ${{ secrets.GKE_PROJECT }}
+      
+      - name: Get GKE creds
+        uses: google-github-actions/get-gke-credentials@v
+        if: ${{ contains(github.ref, 'main') && github.event.pull_request.title != 'Feedback' && false }}
+        with:
+          cluster_name: ${{ env.GKE_CLUSTER }}
+          location: ${{ env.GKE_ZONE }}
+          credentials: ${{ secrets.GKE_SA_KEY }}
+      
+      - name: Deploy to GKE
+        if: ${{ contains(github.ref, 'main') && github.event.pull_request.title != 'Feedback' && false }}
+        run: |-
+          deployments=("collab-service" "matching-service" "question-service" "user-service" "frontend")
+          for dplymnt in "${deployments[@]}"; do
+            kubectl -n peerprep rollout restart deployment "$dplymnt"
+          done
+
+
   results:
     if: ${{ always() && !github.event.pull_request.draft }}
     runs-on: ubuntu-latest
diff --git a/k8s/README.md b/k8s/README.md
@@ -90,7 +90,7 @@
 2. Run the command to set up the ingress controller:
 
     ```sh
-    kubectl apply -f ./k8s/ingress/nginx-ingress.yaml
+    kubectl apply -f ./k8s/local
     ```
 
     It should take a couple of minutes. Once done, you should run this command:
@@ -148,6 +148,116 @@
 
 ## GKE Instructions
 
-To be added.
+1. Authenticate or ensure you are added as a user to the Google Cloud Project:
 
+    - Project ID: `cs3219-g16`
+    - Project Zone: `asia-southeast1-c`
+
+2. Install the `gcloud` C by following the instructions at this link:
+
+    - [Installation Instructions](https://cloud.google.com/sdk/docs/install)
+
+3. Setup the CLI with the following commands:
+
+    ```sh
+    gcloud auth login
+
+    gcloud config set project cs3219-g16
+
+    gcloud config set compute/zone asia-southeast1-c
+
+    gcloud components install gke-gcloud-auth-plugin
+
+    export USE_GKE_GCLOUD_AUTH_PLUGIN=True
+    ```
+
+4. Create the cluster with the following commands:
+
+    ```sh
+    gcloud container clusters create \
+      cs3219-g16 \
+      --preemptible \
+      --machine-type e2-small \
+      --enable-autoscaling \
+      --num-nodes 1 \
+      --min-nodes 1 \
+      --max-nodes 25 \
+      --region=asia-southeast1-c
+    ```
+
+5. Once the cluster has been created, run the commands below to configure `kubectl` and connect to the cluster:
+
+    ```sh
+    gcloud container clusters get-credentials cs3219-g16
+
+    # You should see some output here
+    kubectl get nodes -o wide
+    ```
+
+6. Run the script (ensure you are in a Bash shell like on Mac or Linux):
+
+    ```sh
+    make k8s-up
+    ```
+
+    - Wait until the deployments all reach status running:
+
+        ```sh
+        kubectl -n peerprep rollout status deployment frontend
+        ```
+
+7. If you haven't already, visit the GCloud console -> 'Cloud Domains' and verify that a domain name has been created.
+
+    - We currently have one as `peerprep-g16.net`.
+    - We also associate a GCloud Global Web IP `web-ip` to this DNS record as an 'A' record.
+
+8. Install the `cert-manager` plugin:
+
+    ```sh
+    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml
+    ```
+
+9. Create the ingress and secrets in the prod environment:
+
+    ```sh
+    kubectl apply -f ./k8s/gcloud
+    ```
+
+    - After 15 minutes, you should be able to access the UI over HTTPS at this link:
+        - `https://peerprep-g16.net`
+
+10. Setup the following in Github Actions by:
+
+    - heading to the 'Settings' -> 'Secrets and variables' -> 'Actions' -> 'New repository secret'
+    - Adding the following keys:
+
+        ```txt
+        GKE_SA_KEY: <redacted (get from the cloud console page)>
+        GKE_PROJECT: cs3219-g16
+        GKE_CLUSTER: cs3219-g16 
+        GKE_ZONE: asia-southeast1-c
+
+        ```
+
+11. Merge a PR to `main` and verify that the cluster is redeployed with the latest images:
+
+    ```sh
+    kubectl -n peerprep get deployment
+    ```
+
+12. Cleanup:
+
+    - Delete the cluster:
+
+        ```sh
+        gcloud container clusters delete cs3219-g16
+        ```
+
+    - When done with the project, delete the web records:
+
+        ```sh
+        gcloud dns record-sets delete peerprep-g16 --type A
+
+        gcloud compute addresses delete web-ip --global
+        ```
 <!-- https://cert-manager.io/docs/tutorials/getting-started-with-cert-manager-on-google-kubernetes-engine-using-lets-encrypt-for-ingress-ssl/ -->
diff --git a/k8s/gcloud-staging/01-issuer-le-staging.yaml b/k8s/gcloud-staging/01-issuer-le-staging.yaml
@@ -2,10 +2,14 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: letsencrypt-staging
+  namespace: peerprep
+  labels:
+    project: peerprep
+    peerprep.service: app-cert-issuer-staging
 spec:
   acme:
     server: https://acme-staging-v02.api.letsencrypt.org/directory
-    email: <email-address> # ❗ Replace this with your email address
+    email: ay2425s1.cs3219.g16@gmail.com # ❗ Replace this with your email address
     privateKeySecretRef:
       name: letsencrypt-staging
     solvers:
diff --git a/k8s/gcloud-staging/02-web-ssl-secret.yaml b/k8s/gcloud-staging/02-web-ssl-secret.yaml
diff --git a/k8s/gcloud-staging/03-ingress.yaml b/k8s/gcloud-staging/03-ingress.yaml
@@ -0,0 +1,27 @@
+# ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: peerprep-ingress
+  namespace: peerprep
+  labels:
+    project: peerprep
+    peerprep.service: app-ingress
+  annotations:
+    # This tells Google Cloud to create an External Load Balancer to realize this Ingress
+    kubernetes.io/ingress.class: gce
+    # This enables HTTP connections from Internet clients
+    kubernetes.io/ingress.allow-http: "true"
+    # This tells Google Cloud to associate the External Load Balancer with the static IP which we created earlier
+    kubernetes.io/ingress.global-static-ip-name: web-ip
+    cert-manager.io/issuer: letsencrypt-staging
+spec:
+  tls:
+    - secretName: web-ssl
+      hosts:
+        - peerprep-g16.net
+  defaultBackend:
+    service:
+      name: frontend
+      port:
+        number: 3000
diff --git a/k8s/gcloud/01-issuer-le-prod.yaml b/k8s/gcloud/01-issuer-le-prod.yaml
@@ -3,10 +3,14 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: letsencrypt-production
+  namespace: peerprep
+  labels:
+    project: peerprep
+    peerprep.service: app-cert-issuer-prod
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
-    email: <email-address> # ❗ Replace this with your email address
+    email: ay2425s1.cs3219.g16@gmail.com # ❗ Replace this with your email address
     privateKeySecretRef:
       name: letsencrypt-production
     solvers:
diff --git a/k8s/gcloud/02-web-ssl-secret.yaml b/k8s/gcloud/02-web-ssl-secret.yaml
@@ -0,0 +1,13 @@
+# Placeholder Secret to store TLS keys
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: web-ssl
+  namespace: peerprep
+  labels:
+    project: peerprep
+type: kubernetes.io/tls
+stringData:
+  tls.key: ""
+  tls.crt: ""
diff --git a/k8s/gcloud/03-ingress.yaml b/k8s/gcloud/03-ingress.yaml
@@ -19,15 +19,10 @@ spec:
   tls:
     - secretName: web-ssl
       hosts:
-        - $DOMAIN_NAME
-  rules:
-    - host: peerprep-g16.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: frontend
-                port:
-                  number: 3000
+        - peerprep-g16.net
+  defaultBackend:
+    service:
+      name: frontend
+      port:
+        number: 3000
+        
diff --git a/k8s/local/nginx-ingress.yaml b/k8s/local/nginx-ingress.yaml
