From efec92f77da404c456766c1dd753d3f50fe1731b Mon Sep 17 00:00:00 2001 From: kundan59 Date: Tue, 12 Sep 2023 18:12:09 +0530 Subject: [PATCH] added secret manger for secreats --- .github/workflows/car-demo-pipeline.yml | 2 +- apps-deployment-script.sh | 5 ++- order-service/deployment.yaml | 24 ----------- order-service/kuberesources/app-config.yaml | 8 ++++ order-service/kuberesources/deployment.yaml | 40 +++++++++++++++++++ order-service/kuberesources/secretstore.yaml | 31 ++++++++++++++ .../{ => kuberesources}/service.yaml | 0 order-service/kustomization.yaml | 3 +- .../src/main/resources/application.yml | 6 +-- 9 files changed, 89 insertions(+), 30 deletions(-) delete mode 100644 order-service/deployment.yaml create mode 100644 order-service/kuberesources/app-config.yaml create mode 100644 order-service/kuberesources/deployment.yaml create mode 100644 order-service/kuberesources/secretstore.yaml rename order-service/{ => kuberesources}/service.yaml (100%) diff --git a/.github/workflows/car-demo-pipeline.yml b/.github/workflows/car-demo-pipeline.yml index 5a8f0e81..634a6a11 100644 --- a/.github/workflows/car-demo-pipeline.yml +++ b/.github/workflows/car-demo-pipeline.yml @@ -38,4 +38,4 @@ jobs: env: GITHUB_TOKEN: ${{ github.token }} run: | - . apps-deployment-script.sh "us-east1" \ No newline at end of file + . apps-deployment-script.sh "us-east1" ${{ secrets.GKE_KEY }} \ No newline at end of file diff --git a/apps-deployment-script.sh b/apps-deployment-script.sh index 580ed434..5f720235 100644 --- a/apps-deployment-script.sh +++ b/apps-deployment-script.sh @@ -2,14 +2,17 @@ PROJECT_ID="$(gcloud config get-value project)" REGION="$1" +SA="$2" # install gke-gcloud-auth-plugin to install kubectl and authenticate gke. gcloud components install gke-gcloud-auth-plugin +kubectl create secret generic gcpsm-secret --from-file=secret-access-credentials="$SA" build_and_deploy_service(){ SERVICE_NAME=$1 CLUSTER_NAME=$2 DEPLOYMENT_NAME=$3 + echo "---------build and deploy $SERVICE_NAME-----------" cd "$SERVICE_NAME" || exit mvn clean install echo "---------packaging done, start docker build-----------" @@ -26,7 +29,7 @@ build_and_deploy_service(){ # set docker image for kustomize ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/"$PROJECT_ID"/"$SERVICE_NAME":"$GITHUB_SHA" # deploy through kubectl - ./kustomize build . | kubectl apply -f - + ./kustomize build . | kubectl apply -f kuberesources/ kubectl rollout status deployment/"$DEPLOYMENT_NAME" kubectl get services -o wide echo "-------------$SERVICE_NAME deployed on $CLUSTER_NAME----------" diff --git a/order-service/deployment.yaml b/order-service/deployment.yaml deleted file mode 100644 index 303d8b53..00000000 --- a/order-service/deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: orderservice - labels: - app: orderservice -spec: - replicas: 1 - selector: - matchLabels: - app: orderservice - template: - metadata: - labels: - app: orderservice - spec: - containers: - - name: orderservice - image: gcr.io/PROJECT_ID/IMAGE:TAG - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - protocol: TCP diff --git a/order-service/kuberesources/app-config.yaml b/order-service/kuberesources/app-config.yaml new file mode 100644 index 00000000..54df4c84 --- /dev/null +++ b/order-service/kuberesources/app-config.yaml @@ -0,0 +1,8 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: orderservice-configmap +data: + # Configuration values can be set as key-value properties + MYSQL_HOST: 35.231.13.75 + AXON_HOST: 34.139.161.101:8124 diff --git a/order-service/kuberesources/deployment.yaml b/order-service/kuberesources/deployment.yaml new file mode 100644 index 00000000..65bd72cf --- /dev/null +++ b/order-service/kuberesources/deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: orderservice + labels: + app: orderservice +spec: + replicas: 1 + selector: + matchLabels: + app: orderservice + template: + metadata: + labels: + app: orderservice + spec: + containers: + - name: orderservice + image: gcr.io/PROJECT_ID/IMAGE:TAG + imagePullPolicy: Always + ports: + - name: http + containerPort: 9090 + protocol: TCP + env: + - name: MYSQL_DB_USERNAME + valueFrom: + secretKeyRef: + name: cardemo-secret + key: cardemo-db-username + optional: false + - name: MYSQL_DB_PASSWORD + valueFrom: + secretKeyRef: + name: cardemo-secret + key: cardemo-db-userpassword + optional: false + envFrom: + - configMapRef: + name: orderservice-configmap diff --git a/order-service/kuberesources/secretstore.yaml b/order-service/kuberesources/secretstore.yaml new file mode 100644 index 00000000..06270e26 --- /dev/null +++ b/order-service/kuberesources/secretstore.yaml @@ -0,0 +1,31 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: SecretStore +metadata: + name: car-demo-secretstore +spec: + provider: + gcpsm: + auth: + secretRef: + secretAccessKeySecretRef: + name: gcpsm-secret + key: secret-access-credentials +--- +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + name: car-demo-externalsecret +spec: + refreshInterval: 1h + secretStoreRef: + kind: SecretStore + name: car-demo-secretstore + target: + name: cardemo-secret + data: + - secretKey: cardemo-db-username + remoteRef: + key: mysql-db-username + - secretKey: cardemo-db-userpassword + remoteRef: + key: mysql-db-userpassword \ No newline at end of file diff --git a/order-service/service.yaml b/order-service/kuberesources/service.yaml similarity index 100% rename from order-service/service.yaml rename to order-service/kuberesources/service.yaml diff --git a/order-service/kustomization.yaml b/order-service/kustomization.yaml index 42a42ff1..3c5582e6 100644 --- a/order-service/kustomization.yaml +++ b/order-service/kustomization.yaml @@ -4,4 +4,5 @@ kind: Kustomization resources: - service.yaml - deployment.yaml - +- secretstore.yaml +- app-config.yaml diff --git a/order-service/src/main/resources/application.yml b/order-service/src/main/resources/application.yml index 10b31447..50300ca9 100644 --- a/order-service/src/main/resources/application.yml +++ b/order-service/src/main/resources/application.yml @@ -4,10 +4,10 @@ spring: application: name: OrderService datasource: - url: jdbc:mysql://${MYSQL_HOST:localhost}:3306/order_db + url: jdbc:mysql://${MYSQL_HOST:localhost}:3306/orders_db driverClassName: com.mysql.cj.jdbc.Driver - username: ${DB_USER} - password: ${DB_PASSWORD} + username: ${MYSQL_DB_USER} + password: ${MY_DB_PASSWORD} jpa: database-platform: org.hibernate.dialect.MySQL8Dialect hibernate: