add console deployment resources

Author: fghanmi

deployment/console-backend-deploy.yaml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console-backend
+  labels:
+    app.kubernetes.io/component: console-backend
+    app.kubernetes.io/name: console-backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: console-backend
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: console-backend
+    spec:
+      serviceAccountName: console-backend
+      initContainers:
+      - name: wait-for-console-db
+        image: registry.redhat.io/rhel9/mariadb-105@sha256:050dd5a7a32395b73b8680570e967e55050b152727412fdd73a25d8816e62d53
+        command:
+        - /bin/sh
+        - -c
+        - |
+          until mysqladmin ping -hconsole-db -u$MYSQL_USER -p$MYSQL_PASSWORD --silent; do
+            echo 'Waiting for the console database to be ready...'
+            sleep 5
+          done
+      containers:
+      - name: console-backend
+        image: quay.io/securesign/rhtas-console@sha256:75966d60ed709af33efd48c53b96ea7b2fcd4608f90ccc56885bf224e34b55f5
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: TUF_REPO_URL
+          value: https://tuf-repo-cdn.sigstore.dev
+        - name: DB_DSN
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: dsn
+        - name: MYSQL_USER
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-user
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-password
+        - name: SSL_CERT_DIR
+          value: /var/run/configs/tas/ca-trust:/var/run/secrets/kubernetes.io/serviceaccount
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 20
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1

deployment/console-backend-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console-backend
+  labels:
+    app.kubernetes.io/component: console-backend
+    app.kubernetes.io/name: console-backend
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: console-backend
+  ports:
+  - name: http
+    port: 8080
+    targetPort: http

deployment/console-db-deploy.yaml

@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console-db
+  labels:
+    app.kubernetes.io/component: console-db
+    app.kubernetes.io/name: console-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: console-db
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: console-db
+    spec:
+      serviceAccountName: console-db
+      containers:
+      - name: console-db
+        image: registry.redhat.io/rhel9/mariadb-105@sha256:050dd5a7a32395b73b8680570e967e55050b152727412fdd73a25d8816e62d53
+        imagePullPolicy: IfNotPresent
+        command: ["run-mysqld"]
+        env:
+        - name: MYSQL_USER
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-user
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-password
+        - name: MYSQL_DATABASE
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-database
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-root-password
+        - name: MYSQL_PORT
+          valueFrom:
+            secretKeyRef:
+              name: console-db-connection
+              key: mysql-port
+        ports:
+        - containerPort: 3306
+          name: mysql
+        livenessProbe:
+          exec:
+            command:
+            - bash
+            - -c
+            - mariadb-admin -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ping
+          failureThreshold: 3
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        readinessProbe:
+          exec:
+            command:
+            - bash
+            - -c
+            - mariadb -u ${MYSQL_USER} -p${MYSQL_PASSWORD} -e "SELECT 1;"
+          failureThreshold: 3
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /var/lib/mysql
+          name: storage
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: console-mysql

deployment/console-db-pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: console-mysql
+  labels:
+    app.kubernetes.io/component: console-db
+    app.kubernetes.io/name: console-db
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

deployment/console-db-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: console-db-connection
+  labels:
+    app.kubernetes.io/component: console-db
+    app.kubernetes.io/name: console-db
+type: Opaque
+stringData:
+  mysql-user: mysql
+  mysql-password: mysqlpassword
+  mysql-database: tuf_trust
+  mysql-root-password: rootpw
+  mysql-port: "3306"
+  dsn: "mysql:mysqlpassword@tcp(console-db:3306)/tuf_trust"

deployment/console-db-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console-db
+  labels:
+    app.kubernetes.io/component: console-db
+    app.kubernetes.io/name: console-db
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: console-db
+  ports:
+  - name: mysql
+    port: 3306
+    targetPort: mysql

deployment/console-serviceaccounts.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-db
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-backend
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-ui

deployment/console-ui-deploy.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console-ui
+  labels:
+    app.kubernetes.io/component: console-ui
+    app.kubernetes.io/name: console-ui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: console-ui
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: console-ui
+    spec:
+      serviceAccountName: console-ui
+      initContainers:
+      - name: wait-for-backend
+        image: quay.io/securesign/rhtas-console-ui@sha256:c0b0b2d76548c05efadb2425baf93609cf6c40180f170cb531fbb7689a91db31
+        command:
+        - /bin/sh
+        - -c
+        - |
+          until curl -sf http://console-backend:8080/healthz; do
+            echo "Waiting for console-backend..."
+            sleep 5
+          done
+      containers:
+      - name: console-ui
+        image: quay.io/securesign/rhtas-console-ui@sha256:c0b0b2d76548c05efadb2425baf93609cf6c40180f170cb531fbb7689a91db31
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: CONSOLE_API_URL
+          value: http://console-backend:8080
+        - name: AUTH_REQUIRED
+          value: "false"
+        ports:
+        - containerPort: 8080
+          name: http
+        livenessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 15
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10

deployment/console-ui-route.yaml

@@ -0,0 +1,15 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: console-ui
+  labels:
+    app.kubernetes.io/component: console-ui
+    app.kubernetes.io/name: console-ui
+spec:
+  to:
+    kind: Service
+    name: console-ui
+  port:
+    targetPort: http
+  tls:
+    termination: edge

deployment/console-ui-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console-ui
+  labels:
+    app.kubernetes.io/component: console-ui
+    app.kubernetes.io/name: console-ui
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: console-ui
+  ports:
+  - name: http
+    port: 8080
+    targetPort: http