From e943b9d93c4f42777c83e5f47f6a26c60b071898 Mon Sep 17 00:00:00 2001 From: Jay Sharma Date: Sun, 6 Aug 2023 17:09:05 +0530 Subject: [PATCH] stage commit --- build/stage/1 | 17 ++ build/stage/configmap.yaml | 17 ++ build/stage/deployment.tpl | 85 ++++++++ build/stage/pod.tpl | 44 +++++ build/stage/pvc.yml | 12 ++ build/stage/secrets.yaml | 13 ++ build/stage/service.yml | 16 ++ build/stage/web-default-conf-cm.yaml | 285 +++++++++++++++++++++++++++ build/stage/web-hpa.yml | 13 ++ 9 files changed, 502 insertions(+) create mode 100644 build/stage/1 create mode 100644 build/stage/configmap.yaml create mode 100644 build/stage/deployment.tpl create mode 100644 build/stage/pod.tpl create mode 100644 build/stage/pvc.yml create mode 100644 build/stage/secrets.yaml create mode 100644 build/stage/service.yml create mode 100644 build/stage/web-default-conf-cm.yaml create mode 100644 build/stage/web-hpa.yml diff --git a/build/stage/1 b/build/stage/1 new file mode 100644 index 00000000..2d89a646 --- /dev/null +++ b/build/stage/1 @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-cm + namespace: medicalalert-web + labels: + app: medicalalert-web +data: + DB_HOST: stage-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: stage + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "www" + DB_USER: "pantheon" diff --git a/build/stage/configmap.yaml b/build/stage/configmap.yaml new file mode 100644 index 00000000..2d89a646 --- /dev/null +++ b/build/stage/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-cm + namespace: medicalalert-web + labels: + app: medicalalert-web +data: + DB_HOST: stage-medicalalert-ecommerce.c5om7w6xopq1.us-east-1.rds.amazonaws.com + ENV: stage + WP_DEBUG: "false" + DB_CHARSET: utf8 + DB_COLLATE: utf8_general_ci + CACHE_HOST: master.redis-cache-all-be-caresage.cqsmse.use1.cache.amazonaws.com + CACHE_PORT: "6379" + DB_NAME: "www" + DB_USER: "pantheon" diff --git a/build/stage/deployment.tpl b/build/stage/deployment.tpl new file mode 100644 index 00000000..a0c77be6 --- /dev/null +++ b/build/stage/deployment.tpl @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "11" + labels: + app: medicalalert-web + name: medicalalert-web + namespace: medicalalert-web +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: medicalalert-web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/restartedAt: "2023-06-08T17:04:19-04:00" + creationTimestamp: null + labels: + app: medicalalert-web + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - env: + - name: ENVIRONMENT + value: "$ENV" + image: 716593996126.dkr.ecr.us-east-1.amazonaws.com/medicalalert-web:$VERSION + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + imagePullPolicy: Always + name: medicalalert-web + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + limits: + cpu: 500m + memory: 700Mi + requests: + cpu: 300m + memory: 500Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage + - mountPath: /etc/nginx/conf.d/ + name: default-conf + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-medicalalert + - name: default-conf + configMap: + defaultMode: 420 + name: medicalalert-web-default-conf-cm diff --git a/build/stage/pod.tpl b/build/stage/pod.tpl new file mode 100644 index 00000000..47af2836 --- /dev/null +++ b/build/stage/pod.tpl @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: Pod +metadata: + name: common-job-pod + namespace: medicalalert-web + labels: + app: medicalalert-web + rds: enable +spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - name: common-job + image: wyveo/nginx-php-fpm:php74 + envFrom: + - secretRef: + name: medicalalert-web-secrets + - configMapRef: + name: medicalalert-web-cm + command: ["bash"] + args: + - -c + - sleep infinity + volumeMounts: + - mountPath: /usr/share/nginx/subdomain/www/wp-content/uploads + name: persistent-storage + imagePullSecrets: + - name: regcred + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: efs-claim-medicalalert + diff --git a/build/stage/pvc.yml b/build/stage/pvc.yml new file mode 100644 index 00000000..d9ceda34 --- /dev/null +++ b/build/stage/pvc.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: efs-claim-medicalalert + namespace: medicalalert-web +spec: + accessModes: + - ReadWriteMany + storageClassName: efs-sc-stage-ecommerce + resources: + requests: + storage: 5Gi diff --git a/build/stage/secrets.yaml b/build/stage/secrets.yaml new file mode 100644 index 00000000..039f8f41 --- /dev/null +++ b/build/stage/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + CACHE_PASSWORD: UU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXhoUU1FRVQ0ZG15VlE4OXZKWUFSUjdQQXho + DB_PASSWORD: NUtJTklPbFNSdmRYZEVVNWZDd29JTGxleUJoSHNLVnU= + TOKEN: QVRDVFQzeEZmR04wWC1yOWcyb090X3c2WGY0bUdkQl94QlZ5Ymd2RWozU09aR055bEJtLXZzTkxDcHhRZE5IZTV0WTh4ZHc5MW9reDlZSlI3WlhGMk56SmFZaXpzSlBBWmFEMG5Hakp3RG92YkJZWTVaTzJRRC0wNEN3c0cxV3FZeWM2UzRkMHA2RWpOY0plOTZmLWVfalgwM3FDZlA0NEtkQkFCeGtzQTZQTEdWdGFidGMwSjdFPUZBMjdBRjgx +kind: Secret +metadata: + annotations: + labels: + app: medicalalert-web + name: medicalalert-web-secrets + namespace: medicalalert-web +type: Opaque diff --git a/build/stage/service.yml b/build/stage/service.yml new file mode 100644 index 00000000..0bb56c91 --- /dev/null +++ b/build/stage/service.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: medicalalert-web + namespace: medicalalert-web + labels: + app: medicalalert-web +spec: + type: NodePort + selector: + app: medicalalert-web + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 30846 diff --git a/build/stage/web-default-conf-cm.yaml b/build/stage/web-default-conf-cm.yaml new file mode 100644 index 00000000..422decc8 --- /dev/null +++ b/build/stage/web-default-conf-cm.yaml @@ -0,0 +1,285 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: medicalalert-web-default-conf-cm + namespace: medicalalert-web + labels: + app: medicalalert-web +data: + default.conf: | + + # --------------------- + fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; + # ----------------------------------------- + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort on; + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 120; + #fastcgi_index index.php; + # -------------------------------- + + # Only cache positive responses + proxy_cache_valid 200 1h; + proxy_cache_valid 301 302 15m; + + server { + listen 80 default; ## listen for ipv4; this line is default and implied + listen [::]:80 default ipv6only=on; ## listen for ipv6 + + server_name stage-medicalalert.com ""; + + return 301 https://www.$host$request_uri; + + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + } + + + subdomain.conf: | + + server { + listen 80; + listen [::]:80; + + server_name ~^(?.+)\.stage-medicalalert\.com$; + + if ($http_x_forwarded_proto != 'https') { + return 301 https://$host$request_uri; + } + + root /usr/share/nginx/subdomain/$subdomain; + index index.php index.html index.htm; + sendfile off; + + # Security - Hide nginx version number in error pages and Server header + server_tokens off; + + # Add stdout logging + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/$subdomain; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } + + localhost.conf: | + + server { + listen 80; + listen [::]:80; + + server_name localhost; + root /usr/share/nginx/subdomain/www; + index index.php index.html index.htm; + + sendfile off; + server_tokens off; + error_log /dev/stdout error; + access_log /dev/stdout; + + # reduce the data that needs to be sent over network + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml application/json text/javascript application/x-javascript application/xml; + gzip_disable "MSIE [1-6]\."; + add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header X-Cache-Status $upstream_cache_status; + add_header Cache-Control "public"; + + #Cache everything by default + set $no_cache 0; + + #Don't cache POST requests + if ($request_method = POST) + { + set $no_cache 1; + } + + #Don't cache if the URL contains a query string + if ($query_string != "") + { + set $no_cache 1; + } + + #Don't cache the following URLs + if ($request_uri ~* "/(administrator/|wp-login.php)") + { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if ($http_cookie = "PHPSESSID") + { + set $no_cache 1; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + include fastcgi_params; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/subdomain/www; + } + + # pass the PHP scripts to FastCGI server listening on socket + # + #~ \.php$ + location ~ [^/]\.php(/|$) { + proxy_set_header X-Forwarded-Proto $scheme; + try_files $uri $uri/ /index.php?$args; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SUBDOMAIN www; # $_SERVER["SUBDOMAIN"] + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + proxy_set_header X-Forwarded-Proto $scheme; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 60m; + fastcgi_cache_valid 301 1h; + fastcgi_cache_valid any 1m; + proxy_cache_background_update on; + proxy_cache_lock on; + } + + # deny access to . files, for security + # + location ~ /\. { + log_not_found off; + deny all; + } + + } diff --git a/build/stage/web-hpa.yml b/build/stage/web-hpa.yml new file mode 100644 index 00000000..86625d72 --- /dev/null +++ b/build/stage/web-hpa.yml @@ -0,0 +1,13 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: medicalalert-web-hpa + namespace: medicalalert-web +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: medicalalert-web + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 70