diff --git a/README.md b/README.md index 136a33d..564d8a3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,74 @@ -# operations -Repository for Evoc Devops Configs. +# EvOC Operations (Infrastructure & DevOps) + +Welcome to the **operations** repository for **EvOC (Evolutionary Algorithms on Click)**. This repository contains all the configuration files, automation scripts, and deployment manifests required to set up and manage the EvOC infrastructure across different environments. + +## Overview + +This repository is designed to automate the deployment of the EvOC microservices architecture. It supports a robust, production-ready environment using Kubernetes and Ansible, while maintaining a simple Docker Compose setup for local development. + +### Key Features +- **Automated Kubernetes Deployment**: Full lifecycle management (init/join) of a multi-node K8s cluster. +- **CRI-Dockerd Integration**: Seamlessly bridges Kubernetes with Docker Engine (v0.3.21) for reliable container orchestration. +- **Architecture Aware**: Automatic detection and support for both `amd64` and `arm64` (Apple Silicon) architectures. +- **Infrastructure-as-Code (IaC)**: Ansible playbooks for automated provisioning of CockroachDB, MinIO, RabbitMQ, and Kubernetes components. +- **Microservices Orchestration**: Pre-configured Kubernetes manifests for the Auth, Runner, Frontend, and Controller services. + +--- + +## Repository Structure + +| Directory | Description | +|-----------|-------------| +| [`/ansible`](./ansible) | Ansible playbooks and inventory for server-side automation and cluster setup. | +| [`/kubernetes`](./kubernetes) | K8s manifests (Deployments, Services, Secrets) for microservice orchestration. | +| [`/docker`](./docker) | Docker Compose configurations for quick local development. | + +--- + +## Prerequisites + +Before starting, ensure you have the following tools installed on your local machine: +- [Ansible CLI](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +- [Docker Engine](https://docs.docker.com/get-docker/) +- [SSH Access](https://www.ssh.com/academy/ssh/public-key-authentication) to target nodes. + +--- + +## Quick Start + +### 1. Local Development (Docker Compose) +For a quick local setup, navigate to the `docker` directory and follow the instructions in its README. +```bash +cd docker +docker-compose up -d +``` + +### 2. Multi-Node Production Cluster (Ansible + K8s) +For setting up a full production-ready cluster, refer to the [Ansible README](./ansible/README.md). +1. Configure your nodes in `ansible/inventory.ini`. +2. Define your secrets in `ansible/vars/`. +3. Run the playbook: +```bash +cd ansible +ansible-playbook -i inventory.ini playbook.yaml -kK +``` + +--- + +## Security & Secrets + +Sensitive information (API keys, database credentials) are managed via: +- **Ansible Vars**: Stored in `ansible/vars/` (excluded from Git). +- **K8s Secrets**: Defined in `kubernetes/evolve-secrets.yaml`. + +*Always ensure your local secrets files are excluded from version control.* + +--- + +## Contributing +Please follow the standard Git workflow: +1. Fork the repo. +2. Create your feature branch (`git checkout -b feature/amazing-feature`). +3. Commit your changes (`git commit -m 'Add some amazing feature'`). +4. Push to the branch (`git push origin feature/amazing-feature`). +5. Open a Pull Request. diff --git a/ansible/README.md b/ansible/README.md index e4de31e..7087886 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,22 +1,25 @@ -# Deploy EvOC on Infrastructure +# 🤖 Automated Deployment with Ansible -# Requirements +This directory contains the automation logic to provision target servers from scratch, configure a multi-node Kubernetes cluster, and deploy all EvOC infrastructure components. -- `Ansible CLI` installed -- `SSH sudo access` to the target server +## 🛠 Prerequisites -# Configure Hosts +- **Ansible 2.10+** installed locally. +- **Ubuntu 22.04 / 24.04** on target servers (Recommended). +- **SSH access** with sudo privileges on all nodes. -In the inventory file, specify the target server's IP address or hostname under the `[master]` and `[worker]` group. Also, specify the SSH user that has sudo access to the target server. +--- -```ini -# Define all unique hosts and their -# connection details ONCE using logical names. +## ⚙️ Configuration + +### 1. Inventory Setup +Edit `inventory.ini` to define your cluster topology. +```ini [nodes] -master-node ansible_host= -worker-node1 ansible_host= -worker-node2 ansible_host= +master-node ansible_host=1.2.3.4 +worker-node1 ansible_host=1.2.3.5 +worker-node2 ansible_host=1.2.3.6 [master] master-node @@ -25,51 +28,59 @@ master-node worker-node1 worker-node2 -[cockroachdb] -worker-node1 -worker-node2 - -# ------IMPORTANT--------- -# Exactly one node only -# should be used for MinIO. -[minio] -worker-node2 +[all:vars] +ansible_user=ubuntu +``` -# ------IMPORTANT--------- -# Exactly one node only -# should be used for RabbitMQ. -[rabbitmq] -worker-node3 +### 2. Variable Configuration +Create the following secret files in `ansible/vars/` (these are ignored by Git): -[all:children] -master -workers +#### `ansible/vars/crdb_secrets.yml` +```yaml +crdb_enterprise_license_key: "YOUR_LICENSE_KEY_HERE" +``` -[all:vars] -ansible_user= +#### `ansible/vars/minio_secrets.yml` +```yaml +minio_root_user: "admin" +minio_root_password: "a-very-secure-password" ``` -# CockroachDB License Key +--- + +## 🚀 Execution -Get a cockroachdb enterprise-free license key by declaring usage of cockroachdb for `academic research` as that's the goal of this project. You can get the license key from the [CockroachDB docs](https://www.cockroachlabs.com/docs/stable/licensing-faqs). After that, create a file in path `ansible/vars/crdb_secrets.yml` and paste the license key in the file. The file should look like this: +Run the deployment from the root or `ansible` directory: -```yml -crdb_enterprise_license_key: "<>" +```bash +ansible-playbook -i inventory.ini playbook.yaml -kK ``` -# Minio Config +### What This Playbook Does: +1. **System Preparation**: Disables swap, configures kernel modules (`overlay`, `br_netfilter`), and sets sysctl parameters. +2. **Container Runtime**: Installs Docker and the `cri-dockerd` (v0.3.21) bridge to enable Kubernetes-Docker compatibility. +3. **Kubernetes Stack**: Installs `kubeadm`, `kubelet`, and `kubectl` (v1.31). +4. **Cluster Lifecycle**: + - Initializes the Master node. + - Generates and shares join tokens dynamically with Workers. + - Installs **Flannel CNI** for cross-node networking. +5. **Infrastructure**: Provisions **CockroachDB** (Multi-node), **MinIO**, and **RabbitMQ**. +6. **Application**: Automatically copies and applies all manifests from the `/kubernetes` directory. -To use Minio as the object storage for EvOC, you need to create a file in path `ansible/vars/minio_secrets.yml` and paste the access key and secret key in the file. The file should look like this: +--- -```yml -minio_root_user: "" -minio_root_password: "" -``` +## 🧩 Advanced Features -# Execute the Playbook +### 🔌 CRI-Dockerd Integration +As Kubernetes has deprecated direct Docker support, this playbook integrates **`cri-dockerd`**. This shim allows you to continue using the Docker Engine as the container runtime while maintaining full compatibility with the Kubernetes CRI. -Run the following command to execute the playbook from the `ansible` directory on your local machine. It will prompt for the SSH password and the sudo password for the target server. Do provide the correct passwords when prompted. +### 💻 Multi-Architecture Support +The playbook automatically detects the processor architecture of your nodes. Whether you are running on **x86_64 (Intel/AMD)** or **aarch64 (ARM/Apple Silicon)**, the correct binaries (Docker, CRDB, MinIO) will be downloaded and installed. -```bash -ansible-playbook -i inventory.ini playbook.yml -kK -``` +--- + +## 🔍 Troubleshooting + +- **CRI Socket**: If `kubelet` fails to start, verify the socket exists: `ls /var/run/cri-dockerd.sock`. +- **Node Status**: Check cluster health: `kubectl get nodes`. +- **Logs**: View service logs on nodes: `journalctl -u cri-docker`. diff --git a/ansible/inventory.ini b/ansible/inventory.ini index 122ab85..59b4d7e 100644 --- a/ansible/inventory.ini +++ b/ansible/inventory.ini @@ -25,9 +25,9 @@ worker-node2 # ------IMPORTANT--------- # Exactly one node only -# should be used for RabbitMQ. -[rabbitmq] -worker-node3 +# should be used for Redis. +[redis] +worker-node1 [all:children] master diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index fc946b7..3d562ce 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -1,5 +1,5 @@ --- -- name: Initial setup. +- name: Initial setup and Prerequisites. hosts: all become: true tasks: @@ -11,6 +11,49 @@ update_cache: true upgrade: true + - name: Install mandatory system packages + ansible.builtin.apt: + pkg: + - conntrack + - socat + - ipset + state: present + + - name: Set architecture mapping + ansible.builtin.set_fact: + deb_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" + go_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" + + - name: Load bridge-netfilter and overlay modules + ansible.builtin.shell: | + modprobe overlay + modprobe br_netfilter + changed_when: false + + - name: Set sysctl parameters for Kubernetes + ansible.builtin.copy: + dest: /etc/sysctl.d/k8s.conf + content: | + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + mode: "0644" + + - name: Apply sysctl parameters + ansible.builtin.command: sysctl --system + changed_when: false + + - name: Disable swap + ansible.builtin.command: swapoff -a + when: ansible_swaptotal_mb > 0 + changed_when: true + + - name: Disable swap in fstab + ansible.builtin.replace: + path: /etc/fstab + regexp: '^([^#].*?\sswap\s+sw\s+.*)$' + replace: '# \1' + - name: Install Docker. gather_facts: false hosts: all @@ -58,78 +101,199 @@ register: docker_version changed_when: docker_version.rc != 0 -- name: Install Kubernetes +- name: Install cri-dockerd. + hosts: all + become: true + vars: + cri_dockerd_version: "0.3.21" + tasks: + - name: Download cri-dockerd binary + ansible.builtin.get_url: + url: "https://github.com/Mirantis/cri-dockerd/releases/download/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ go_arch }}.tgz" + dest: "/tmp/cri-dockerd-{{ cri_dockerd_version }}.{{ go_arch }}.tgz" + mode: "0644" + + - name: Extract cri-dockerd archive + ansible.builtin.unarchive: + src: "/tmp/cri-dockerd-{{ cri_dockerd_version }}.{{ go_arch }}.tgz" + dest: /tmp + remote_src: true + + - name: Copy cri-dockerd binary to /usr/local/bin + ansible.builtin.copy: + src: /tmp/cri-dockerd/cri-dockerd + dest: /usr/local/bin/cri-dockerd + mode: "0755" + remote_src: true + + - name: Download cri-dockerd systemd service file + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service + dest: /etc/systemd/system/cri-docker.service + mode: "0644" + + - name: Download cri-dockerd systemd socket file + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket + dest: /etc/systemd/system/cri-docker.socket + mode: "0644" + + - name: Update ExecStart path in cri-docker.service + ansible.builtin.replace: + path: /etc/systemd/system/cri-docker.service + regexp: "/usr/bin/cri-dockerd" + replace: "/usr/local/bin/cri-dockerd" + + - name: Enable and start cri-docker socket + ansible.builtin.systemd: + name: cri-docker.socket + enabled: true + state: started + daemon_reload: true + + - name: Enable and start cri-docker service + ansible.builtin.systemd: + name: cri-docker.service + enabled: true + state: started + + - name: Configure crictl to use cri-dockerd socket + ansible.builtin.copy: + dest: /etc/crictl.yaml + content: | + runtime-endpoint: unix:///var/run/cri-dockerd.sock + image-endpoint: unix:///var/run/cri-dockerd.sock + timeout: 10 + debug: false + mode: "0644" + +- name: Install Kubernetes Components hosts: all become: true tasks: - - name: Delete kubectl binary from home directory + - name: Install required system packages for Kubernetes + ansible.builtin.apt: + pkg: + - apt-transport-https + - ca-certificates + - curl + - gpg + - conntrack + state: present + update_cache: true + + - name: Create directory for Kubernetes apt key ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl - state: absent + path: /etc/apt/keyrings + state: directory + mode: "0755" - - name: Delete checksum file from home directory + - name: Check if Kubernetes apt key exists + ansible.builtin.stat: + path: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + register: k8s_keyring + + - name: Download Kubernetes apt key + ansible.builtin.shell: | + curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg + when: not k8s_keyring.stat.exists + + - name: Add Kubernetes apt repository + ansible.builtin.shell: | + echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /" > /etc/apt/sources.list.d/kubernetes.list + changed_when: false + + - name: Install kubelet, kubeadm and kubectl + ansible.builtin.apt: + pkg: + - kubelet + - kubeadm + - kubectl + state: present + update_cache: true + + - name: Hold Kubernetes packages + ansible.builtin.shell: | + apt-mark hold kubelet kubeadm kubectl + changed_when: false + + - name: Ensure kubelet is enabled and started + ansible.builtin.systemd: + name: kubelet + enabled: true + state: started + +- name: Initialize Kubernetes Cluster on Master + hosts: master + become: true + tasks: + - name: Restart cri-docker service to ensure it is healthy + ansible.builtin.systemd: + name: cri-docker.service + state: restarted + + - name: Wait for cri-dockerd socket + ansible.builtin.wait_for: + path: /var/run/cri-dockerd.sock + state: present + timeout: 30 + + - name: Initialize the cluster + ansible.builtin.command: + cmd: kubeadm init --cri-socket=unix:///var/run/cri-dockerd.sock --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all + register: kubeadm_init + changed_when: "'Your Kubernetes control-plane has initialized successfully!' in kubeadm_init.stdout" + failed_when: kubeadm_init.rc != 0 and 'already exists' not in kubeadm_init.stderr + + - name: Create .kube directory ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl.sha256 - state: absent + path: "/home/{{ ansible_user }}/.kube" + state: directory + mode: "0755" + owner: "{{ ansible_user }}" - - name: Get latest kubectl version - ansible.builtin.uri: - url: https://dl.k8s.io/release/stable.txt - return_content: true - status_code: 200, 304 - register: version - - - name: Download the latest kubectl release - ansible.builtin.uri: - url: https://dl.k8s.io/release/{{ version.content }}/bin/linux/amd64/kubectl - dest: /home/{{ lookup('env', 'USER') }} - status_code: 200, 304 - register: kubectl - - - name: Download the kubectl checksum file - ansible.builtin.uri: - url: https://dl.k8s.io/{{ version.content }}/bin/linux/amd64/kubectl.sha256 - dest: /home/{{ lookup('env', 'USER') }} - status_code: 200, 304 - - - name: Copy kubectl and change permissions + - name: Copy admin.conf to user's kube config ansible.builtin.copy: - src: "{{ kubectl.path }}" + src: /etc/kubernetes/admin.conf + dest: "/home/{{ ansible_user }}/.kube/config" remote_src: true - dest: /usr/local/bin/kubectl - owner: root - group: root - mode: "+x" + owner: "{{ ansible_user }}" + mode: "0600" - - name: Check if kubectl is installed + - name: Install Flannel CNI ansible.builtin.command: - cmd: kubectl version --client - register: client - failed_when: client.rc > 1 - changed_when: client.rc != 0 + cmd: kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml + become: false + changed_when: false - - name: Remove downloaded binaries from home - ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl - state: absent + - name: Get join command + ansible.builtin.command: kubeadm token create --print-join-command + register: join_command + changed_when: false - - name: Remove downloaded checksums from home - ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl.sha256 - state: absent +- name: Join Worker Nodes to Cluster + hosts: workers + become: true + tasks: + - name: Join cluster + ansible.builtin.command: + cmd: "{{ hostvars[groups['master'][0]]['join_command']['stdout'] }} --cri-socket=unix:///var/run/cri-dockerd.sock" + register: kubeadm_join + changed_when: "'This node has joined the cluster' in kubeadm_join.stdout" + failed_when: kubeadm_join.rc != 0 and 'already exists' not in kubeadm_join.stderr - name: Install and Configure CockroachDB Cluster hosts: cockroachdb become: true vars: crdb_version: "v25.1.0" - crdb_binary_url: "https://binaries.cockroachdb.com/cockroach-{{ crdb_version }}.linux-amd64.tgz" + crdb_binary_url: "https://binaries.cockroachdb.com/cockroach-{{ crdb_version }}.linux-{{ go_arch }}.tgz" crdb_install_dir: "/usr/local/bin" crdb_data_dir: "/var/lib/cockroach" crdb_run_dir: "/var/run/cockroach" - crdb_download_dest: "/tmp/cockroach-{{ crdb_version }}.linux-amd64.tgz" + crdb_download_dest: "/tmp/cockroach-{{ crdb_version }}.linux-{{ go_arch }}.tgz" crdb_extract_dest: "/tmp" - crdb_extracted_path: "/tmp/cockroach-{{ crdb_version }}.linux-amd64/cockroach" + crdb_extracted_path: "/tmp/cockroach-{{ crdb_version }}.linux-{{ go_arch }}/cockroach" crdb_user: cockroach crdb_group: cockroach @@ -244,7 +408,7 @@ state: absent loop: - "{{ crdb_download_dest }}" - - "/tmp/cockroach-{{ crdb_version }}.linux-amd64" + - "/tmp/cockroach-{{ crdb_version }}.linux-{{ go_arch }}" when: not ansible_check_mode - name: Template CockroachDB systemd service file @@ -322,6 +486,7 @@ --execute="SET CLUSTER SETTING enterprise.license = '{{ crdb_enterprise_license_key }}';" --host={{ ansible_host }}:26257 --insecure register: set_license_result + failed_when: false changed_when: "'cluster setting updated' in set_license_result.stdout" - name: Install and Configure MinIO (Single Node Single Drive) @@ -337,7 +502,7 @@ minio_install_dir: "/usr/local/bin" minio_config_dir: "/etc/minio" minio_env_file_path: "/etc/default/minio" - minio_binary_url: "https://dl.min.io/server/minio/release/linux-amd64/minio" + minio_binary_url: "https://dl.min.io/server/minio/release/linux-{{ go_arch }}/minio" minio_limit_nofile: 1048576 minio_console_port: 9001 # --- Define ONE data directory --- @@ -428,27 +593,60 @@ state: restarted enabled: true -- name: Install RabbitMQ using Shell Script and Restart via Handler - hosts: rabbitmq +- name: Install and Configure Redis + hosts: redis become: true - vars: - install_script_local_path: "scripts/install-rabbitmq.sh" - tasks: - - name: Run the RabbitMQ installation script - ansible.builtin.script: "{{ install_script_local_path }}" - args: - creates: /etc/apt/sources.list.d/rabbitmq.list - register: script_execution_result - changed_when: > - '0 upgraded, 0 newly installed' not in script_execution_result.stdout and - 'Setting up rabbitmq-server' in script_execution_result.stdout - notify: Restart rabbitmq-server + - name: Install redis-server + ansible.builtin.apt: + name: redis-server + state: present + update_cache: true + + - name: Allow Redis to listen on all interfaces + ansible.builtin.lineinfile: + path: /etc/redis/redis.conf + regexp: '^bind ' + line: 'bind 0.0.0.0' + notify: Restart redis-server + + - name: Disable protected mode + ansible.builtin.lineinfile: + path: /etc/redis/redis.conf + regexp: '^protected-mode ' + line: 'protected-mode no' + notify: Restart redis-server + + - name: Ensure Redis is enabled and started + ansible.builtin.systemd: + name: redis-server + enabled: true + state: started handlers: - - name: Restart rabbitmq-server + - name: Restart redis-server ansible.builtin.systemd: - name: rabbitmq-server + name: redis-server state: restarted - enabled: true - listen: "Restart rabbitmq-server" + +- name: Deploy EvOC Microservices + hosts: master + become: false + tasks: + - name: Create kubernetes manifests directory on master + ansible.builtin.file: + path: "~/kubernetes" + state: directory + mode: "0755" + + - name: Copy Kubernetes manifests to master + ansible.builtin.copy: + src: ../kubernetes/ + dest: "~/kubernetes/" + mode: "0644" + + - name: Apply Kubernetes manifests + ansible.builtin.command: + cmd: "kubectl apply -f ~/kubernetes/" + register: deploy_result + changed_when: "'created' in deploy_result.stdout or 'configured' in deploy_result.stdout" diff --git a/kubernetes/auth-deployment.yaml b/kubernetes/auth-deployment.yaml new file mode 100644 index 0000000..4df8e6d --- /dev/null +++ b/kubernetes/auth-deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: auth-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: auth + template: + metadata: + labels: + app: auth + spec: + containers: + - name: auth + image: ghcr.io/evolutionary-algorithms-on-click/auth_microservice:latest + ports: + - containerPort: 5000 + - containerPort: 5001 + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "256Mi" + cpu: "500m" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: cockroachdb-url + - name: MAILER_EMAIL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: mailer-email + - name: MAILER_PASSWORD + valueFrom: + secretKeyRef: + name: evolve-secrets + key: mailer-password + - name: FRONTEND_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: frontend-url + - name: HTTP_PORT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: auth-http-port + - name: GRPC_PORT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: auth-grpc-port + - name: ENV + valueFrom: + secretKeyRef: + name: evolve-secrets + key: env + - name: INIT_DB + valueFrom: + secretKeyRef: + name: evolve-secrets + key: init-db-flag +--- +apiVersion: v1 +kind: Service +metadata: + name: auth-service +spec: + selector: + app: auth + ports: + - protocol: TCP + port: 5000 + targetPort: 5000 + - protocol: TCP + port: 5001 + targetPort: 5001 + type: NodePort \ No newline at end of file diff --git a/kubernetes/evolve-secrets.yaml b/kubernetes/evolve-secrets.yaml new file mode 100644 index 0000000..8420563 --- /dev/null +++ b/kubernetes/evolve-secrets.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: evolve-secrets +type: Opaque +data: + cockroachdb-url: + mailer-email: + mailer-password: + frontend-url: + auth-http-port: + auth-grpc-port: + minio-endpoint: + minio-access-key: + minio-secret-key: + redis-url: + redis-queue-name: + runner-controller-http-port: + auth-grpc-address: + next-public-backend-base-url: + next-public-auth-base-url: + next-public-minio-base-url: + next-public-ai: + google-generative-ai-api-key: + env: + init-db-flag: \ No newline at end of file diff --git a/kubernetes/frontend-deployment.yaml b/kubernetes/frontend-deployment.yaml new file mode 100644 index 0000000..8d9294d --- /dev/null +++ b/kubernetes/frontend-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: evolve-frontend-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: evolve-frontend + template: + metadata: + labels: + app: evolve-frontend + spec: + containers: + - name: evolve-frontend + image: ghcr.io/evolutionary-algorithms-on-click/evolve_frontend:latest + ports: + - containerPort: 3000 + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "512Mi" + cpu: "500m" + env: + - name: NEXT_PUBLIC_BACKEND_BASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-backend-base-url + - name: NEXT_PUBLIC_AUTH_BASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-auth-base-url + - name: NEXT_PUBLIC_MINIO_BASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-minio-base-url + - name: NEXT_PUBLIC_AI + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-ai + - name: GOOGLE_GENERATIVE_AI_API_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: google-generative-ai-api-key + +--- +apiVersion: v1 +kind: Service +metadata: + name: evolve-frontend-service +spec: + selector: + app: evolve-frontend + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + type: NodePort \ No newline at end of file diff --git a/kubernetes/runner-controller-deployment.yaml b/kubernetes/runner-controller-deployment.yaml new file mode 100644 index 0000000..0e85f1b --- /dev/null +++ b/kubernetes/runner-controller-deployment.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: runner-controller-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: runner-controller + template: + metadata: + labels: + app: runner-controller + spec: + containers: + - name: runner-controller + image: ghcr.io/evolutionary-algorithms-on-click/runner_controller_microservice:latest + ports: + - containerPort: 5002 + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "256Mi" + cpu: "500m" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: cockroachdb-url + - name: MINIO_ENDPOINT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-endpoint + - name: MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-secret-key + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: redis-url + - name: REDIS_QUEUE_NAME + valueFrom: + secretKeyRef: + name: evolve-secrets + key: redis-queue-name + - name: FRONTEND_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: frontend-url + - name: HTTP_PORT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: runner-controller-http-port + - name: AUTH_GRPC_ADDRESS + valueFrom: + secretKeyRef: + name: evolve-secrets + key: auth-grpc-address +--- +apiVersion: v1 +kind: Service +metadata: + name: runner-controller-service +spec: + selector: + app: runner-controller + ports: + - protocol: TCP + port: 5002 + targetPort: 5002 + type: NodePort \ No newline at end of file diff --git a/kubernetes/runner-deployment.yaml b/kubernetes/runner-deployment.yaml new file mode 100644 index 0000000..9afc9d6 --- /dev/null +++ b/kubernetes/runner-deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: runner-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: runner + template: + metadata: + labels: + app: runner + spec: + containers: + - name: runner + image: ghcr.io/evolutionary-algorithms-on-click/runner:latest + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "512Mi" + cpu: "500m" + env: + - name: COCKROACHDB_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: cockroachdb-url + - name: MINIO_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-endpoint + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-secret-key + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: redis-url + - name: REDIS_QUEUE_NAME + valueFrom: + secretKeyRef: + name: evolve-secrets + key: redis-queue-name \ No newline at end of file