Tips-Of-Mine/soc-fortress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first sync
Some checks failed
Deployment Verification / deploy-and-test (push) Failing after 29s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-03-04 07:59:21 +01:00
parent 9cdcf486b6
commit 506716e703
1450 changed files with 577316 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
iris-web/deploy/eks_manifest/Makefile Normal file
View File

@ -0,0 +1,41 @@
.DEFAULT_GOAL := help
file := $2
IN_DIR = $(PWD)
.PHONY: help
help: ## Print the help message
@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z_-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
sort | \
column -s ':' -t
.PHONY: create
create: ## Create the iris app
kubectl apply -k $(IN_DIR)/admin; \
kubectl apply -k $(IN_DIR)/rabbitmq; \
kubectl apply -k $(IN_DIR)/psql; \
kubectl apply -k $(IN_DIR)/app; \
kubectl apply -k $(IN_DIR)/worker
.PHONY: delete
delete: ## Delete the iris app
kubectl delete -k $(IN_DIR)/worker ;\
kubectl delete -k $(IN_DIR)/app ;\
kubectl delete -k $(IN_DIR)/rabbitmq ;\
kubectl delete -k $(IN_DIR)/psql ;\
kubectl delete -k $(IN_DIR)/admin
.PHONY: deploy-specific-kustomization
deploy-specific-kustomization: ## Delpoy specific kustomization (ex- make deploy-specific-kustomization ARGS="path of kustomization.yml dir")
kubectl apply -k $(ARGS)
.PHONY: delete-specific-kustomization
delete-specific-kustomization: ## Delete specific kustomization (ex- make delete-specific-kustomization ARGS="path of kustomization.yml dir")
kubectl delete -k $(ARGS)
.PHONY: deploy-specific-manifest
deploy-specific-manifest: ## deploy specific manifest (ex- make deploy-specific-manifest ARGS="path of manifest dir")
kubectl apply -f $(ARGS)
.PHONY: delete-specific-manifest
delete-specific-manifest: ## delete specific manifest (ex- make delete-specific-manifest ARGS="path of manifest dir")
kubectl apply -f $(ARGS)

80
iris-web/deploy/eks_manifest/README.md Normal file
View File

@ -0,0 +1,80 @@
# The Iris EKS manifest to deploy Iris-web on AWS EKS.
Description:
- This manifest file will help to deploy the application on the AWS EKS.
## Prerequisites;
- Install AWS [CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions)
- Setup AWS EKS cluster. (terraform example [here](https://github.com/s3lva-kumar/terraform-aws-eks))
- Install AWS ebs CSI driver add-on on EKS cluster. (terraform example [here](https://github.com/s3lva-kumar/terraform-eks-plugin/tree/master/terraform-amazon-ebs-csi-driver))
- Install AWS alb ingress controler add-on on EKS cluster. (terraform example [here](https://github.com/s3lva-kumar/terraform-eks-plugin/tree/master/terraform-amazon-alb-ingress))
## Build & push Docker Images
- To build the docker images follow the commands 👇
``` bash
# Clone the iris-web repository
$ git clone https://github.com/dfir-iris/iris-web.git
$ cd iris-web
# Build the dockers (Build webApp and db docker images, skip the nginx because we using AWS ALB instead of nginx)
# app & woker:
$ docker build -t webapp:latest -f docker/webApp/Dockerfile .
# DB:
$ docker build -t db:latest -f docker/db/Dockerfile .
```
- Once the docker images built, push those images into AWS ECR
## Deploy:
- Before we deploy the manifeat, we need to update the Docker image on our manifest.
*Note: Same docker image to the app and worker*
- ### update app image:
- Naviaget to the deploy/eks_manifest/app directory.
- open the *deployment.yml* file and update the image here, which we pushed on the ECR.
![App Screenshot](./images/app-image-update.png)
- ### update worker image:
- Naviaget to the deploy/eks_manifest/worker directory.
- open the *deployment.yml* file and update the image here, which we pushed on the ECR.
![App Screenshot](./images/worker-image-update.png)
- ### update db image:
- Naviaget to the deploy/eks_manifest/psql directory.
- open the *deployment.yml* file and update the image here, which we pushed on the ECR.
![App Screenshot](./images/db-image-update.png)
- ### update the SSL and domain name on app ingress YAML file
- Naviaget to the deploy/eks_manifest/app directory.
- open the *ingress.yml* file and update the SSL and host
![App Screenshot](./images/ingress.png)
- *Note:*
- SSL :
Give a ACM certificate ARN.
- HOST :
Give the host name whatever you want. In additionally, once the ingress created it will be provisioned the ALB on AWS with this name "iris-alb". Then, configure the DNS 'CNAME' record with hostname *(which you given on ingress file)* point to the AWS alb 'DNS'
![APP Screenshot](./images/alb-dns.png)
- ### once updated the all the things which is mentioned above, then run the **Makefile**
- Navigate to the *deploy/eks_manifest*, here you can see the 'Makefile'
- To deploy app, run
``` bash
$ make
$ make create
```
- To delete app, run
*caution: it will be delete all things exclude DB*
``` bash
$ make
$ make delete
```
- ### Get Admin username and password
- Once everything created we can get administrator username and password from the app _pod_
``` bash
$ kubectl get pod -n iris-web
# Copy the pod name and give it on the below command (pod name looks like "pod/iris-app-deployment-🎲")
$ kubectl logs <pod_name> -n iris-web
# You can see the credential at the end of the logs
```

14
iris-web/deploy/eks_manifest/admin/claim.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: iris-web
name: iris-psql-claim
labels:
site: iris
spec:
accessModes:
- ReadWriteOnce
storageClassName: iris-sc
resources:
requests:
storage: 30Gi

10
iris-web/deploy/eks_manifest/admin/kustomization.yml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: admin-kustomize
labels:
site: iris
resources:
- namespace.yml
- storageclass.yml
- claim.yml

6
iris-web/deploy/eks_manifest/admin/namespace.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: iris-web
labels:
site: iris

13
iris-web/deploy/eks_manifest/admin/storageclass.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: iris-sc
labels:
site: iris
parameters:
fsType: ext4
type: gp2
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
reclaimPolicy: Retain

7
iris-web/deploy/eks_manifest/app/configmap.yml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: iris-web
name: app-data
data:
POSTGRES_SERVER: iris-psql-service

86
iris-web/deploy/eks_manifest/app/deployment.yml Normal file
View File

@ -0,0 +1,86 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-app-deployment
labels:
site: iris
app: iris-app
spec:
replicas: 1
selector:
matchLabels:
app: iris-app
template:
metadata:
labels:
app: iris-app
spec:
containers:
- name: iris-app
image: iriswebapp_app:v2.2.2
ports:
- containerPort: 8000
command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PASSWORD
- name: POSTGRES_ADMIN_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_USER
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_PASSWORD
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PORT
- name: DOCKERIZED
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: DOCKERIZED
- name: IRIS_SECRET_KEY
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECRET_KEY
- name: IRIS_SECURITY_PASSWORD_SALT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECURITY_PASSWORD_SALT
- name: POSTGRES_SERVER
valueFrom:
configMapKeyRef:
name: app-data
key: POSTGRES_SERVER
volumeMounts:
- name: iris-pcv
mountPath: /home/iris/downloads
subPath: downloads
- name: iris-pcv
mountPath: /home/iris/user_templates
subPath: user_templates
- name: iris-pcv
mountPath: /home/iris/server_data
subPath: server_data
volumes:
- name: iris-pcv
persistentVolumeClaim:
claimName: iris-psql-claim

29
iris-web/deploy/eks_manifest/app/ingress.yml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1 #extensions/v1beta1
kind: Ingress
metadata:
name: "iris-ingress"
namespace: "iris-web"
annotations:
alb.ingress.kubernetes.io/scheme: 'internet-facing'
alb.ingress.kubernetes.io/target-type: 'ip'
alb.ingress.kubernetes.io/group.name: 'iris-alb-group'
alb.ingress.kubernetes.io/load-balancer-name: 'iris-alb'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: 'arn:aws:acm:us-east-1:650601597349:certificate/4915ba65-ec07-44c7-8f42-897cfe1574bb'
alb.ingress.kubernetes.io/ssl-policy: 'ELBSecurityPolicy-TLS13-1-2-2021-06'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: 'iris'
spec:
ingressClassName: 'alb'
rules:
- host: 'test.cmcloudlab1727.info'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: "iris-app-service"
port:
number: 80

11
iris-web/deploy/eks_manifest/app/kustomization.yml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- secrets.yml
- configmap.yml
- deployment.yml
- service.yml
- ingress.yml

17
iris-web/deploy/eks_manifest/app/secrets.yml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-app-secrets
namespace: iris-web
labels:
site: iris
type: Opaque
data:
POSTGRES_USER: cmFwdG9y
POSTGRES_PASSWORD: YWRtaW4=
POSTGRES_ADMIN_USER: cmFwdG9y
POSTGRES_ADMIN_PASSWORD: YWRtaW4=
POSTGRES_PORT: NTQzMg==
DOCKERIZED: MQ==
IRIS_SECRET_KEY: QVZlcnlTdXBlclNlY3JldEtleS1Tb05vdFRoaXNPbmU=
IRIS_SECURITY_PASSWORD_SALT: QVJhbmRvbVNhbHQtTm90VGhpc09uZUVpdGhlcg==

17
iris-web/deploy/eks_manifest/app/service.yml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-app-service
labels:
site: iris
annotations:
alb.ingress.kubernetes.io/healthcheck-path: '/login'
spec:
selector:
app: iris-app
ports:
- protocol: TCP
port: 80
targetPort: 8000
type: ClusterIP

BIN
iris-web/deploy/eks_manifest/images/alb-dns.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
iris-web/deploy/eks_manifest/images/app-image-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
iris-web/deploy/eks_manifest/images/db-image-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
iris-web/deploy/eks_manifest/images/ingress.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
iris-web/deploy/eks_manifest/images/worker-image-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

58
iris-web/deploy/eks_manifest/psql/deployment.yml Normal file
View File

@ -0,0 +1,58 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-psql-db-deployment
labels:
app: iris-psql
site: iris
spec:
replicas: 1
selector:
matchLabels:
app: iris-psql
template:
metadata:
labels:
app: iris-psql
spec:
containers:
- name: iris-psql-db
image: iriswebapp_db:v2.2.2
ports:
- containerPort: 5432
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_PASSWORD
- name: POSTGRES_ADMIN_USER
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_ADMIN_USER
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_ADMIN_PASSWORD
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_DB
volumeMounts:
- name: persistent-storage
mountPath: /var/lib/postgresql/data
subPath: psqldata
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: iris-psql-claim

9
iris-web/deploy/eks_manifest/psql/kustomization.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- secrets.yml
- deployment.yml
- service.yml

14
iris-web/deploy/eks_manifest/psql/secrets.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-psql-secrets
namespace: iris-web
labels:
site: iris
type: Opaque
data:
POSTGRES_USER: cG9zdGdyZXM=
POSTGRES_PASSWORD: YWRtaW4=
POSTGRES_ADMIN_USER: cmFwdG9y
POSTGRES_ADMIN_PASSWORD: YWRtaW4=
POSTGRES_DB: aXJpc19kYg==

15
iris-web/deploy/eks_manifest/psql/service.yml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-psql-service
labels:
site: iris
spec:
selector:
app: iris-psql
ports:
- protocol: TCP
port: 5432
targetPort: 5432
type: ClusterIP

25
iris-web/deploy/eks_manifest/rabbitmq/deployment.yml Normal file
View File

@ -0,0 +1,25 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-rabbitmq-deployment
labels:
app: iris-rabbitmq
site: iris
spec:
replicas: 1
selector:
matchLabels:
app: iris-rabbitmq
template:
metadata:
labels:
app: iris-rabbitmq
spec:
containers:
- name: iris-rabbitmq
image: rabbitmq:3-management-alpine
ports:
- containerPort: 5672

9
iris-web/deploy/eks_manifest/rabbitmq/kustomization.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- deployment.yml
- service.yml

15
iris-web/deploy/eks_manifest/rabbitmq/service.yml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-rabbitmq-service
labels:
site: iris
spec:
selector:
app: iris-rabbitmq
ports:
- protocol: TCP
port: 5672
targetPort: 5672
type: ClusterIP

9
iris-web/deploy/eks_manifest/worker/configmap.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: iris-web
name: worker-data
data:
POSTGRES_SERVER: iris-psql-service
CELERY_BROKER: amqp://iris-rabbitmq-service
IRIS_WORKER: iris-worker-service

94
iris-web/deploy/eks_manifest/worker/deployment.yml Normal file
View File

@ -0,0 +1,94 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-worker-deployment
labels:
app: iris-worker
site: iris
spec:
replicas: 1
selector:
matchLabels:
app: iris-worker
template:
metadata:
labels:
app: iris-worker
spec:
containers:
- name: iris-worker
image: iriswebapp_app:v2.2.2
command: ['./wait-for-iriswebapp.sh', 'iris-app-service:8000', './iris-entrypoint.sh', 'iris-worker']
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PASSWORD
- name: POSTGRES_ADMIN_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_USER
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_PASSWORD
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PORT
- name: DOCKERIZED
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: DOCKERIZED
- name: IRIS_SECRET_KEY
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECRET_KEY
- name: IRIS_SECURITY_PASSWORD_SALT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECURITY_PASSWORD_SALT
- name: POSTGRES_SERVER
valueFrom:
configMapKeyRef:
name: worker-data
key: POSTGRES_SERVER
- name: CELERY_BROKER
valueFrom:
configMapKeyRef:
name: worker-data
key: CELERY_BROKER
- name: IRIS_WORKER
valueFrom:
configMapKeyRef:
name: worker-data
key: IRIS_WORKER
volumeMounts:
- name: iris-pcv
mountPath: /home/iris/downloads
subPath: downloads
- name: iris-pcv
mountPath: /home/iris/user_templates
subPath: user_templates
- name: iris-pcv
mountPath: /home/iris/server_data
subPath: server_data
volumes:
- name: iris-pcv
persistentVolumeClaim:
claimName: iris-psql-claim

11
iris-web/deploy/eks_manifest/worker/kustomization.yml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- secrets.yml
- configmap.yml
- deployment.yml
- service.yml

17
iris-web/deploy/eks_manifest/worker/secrets.yml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-worker-secrets
namespace: iris-web
labels:
site: iris
type: Opaque
data:
POSTGRES_USER: cmFwdG9y
POSTGRES_PASSWORD: YWRtaW4=
POSTGRES_ADMIN_USER: cmFwdG9y
POSTGRES_ADMIN_PASSWORD: YWRtaW4=
POSTGRES_PORT: NTQzMg==
DOCKERIZED: MQ==
IRIS_SECRET_KEY: QVZlcnlTdXBlclNlY3JldEtleS1Tb05vdFRoaXNPbmU=
IRIS_SECURITY_PASSWORD_SALT: QVJhbmRvbVNhbHQtTm90VGhpc09uZUVpdGhlcg==

14
iris-web/deploy/eks_manifest/worker/service.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-worker-service
labels:
site: iris
spec:
selector:
app: iris-worker
ports:
- protocol: TCP
port: 80
type: ClusterIP

26
iris-web/deploy/kubernetes/Makefile Normal file
View File

@ -0,0 +1,26 @@
SHELL := /bin/bash
check-helm:
@helm version || $(MAKE) install-helm
check-kubectl:
@kubectl version || $(MAKE) install-kubectl
install-helm:
@curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
@chmod 700 get_helm.sh
@./get_helm.sh
@rm get_helm.sh
install-kubectl:
@curl -LO 'https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl'
@sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
@rm kubectl
install-iris:
@helm upgrade --install iris charts/ --values charts/values.yaml -n <name_space>
delete-iris:
@helm delete iris -n <name_space>
check-dependencies: check-helm check-kubectl

125
iris-web/deploy/kubernetes/README.md Normal file
View File

@ -0,0 +1,125 @@
# Prerequisites
- Kubernetes cluster must be on the running stage (Kubernetes 1.26+)
- Helm 3.1.0
# Installing the Charts
## Installing Nginx Ingress Controller
The Ingress is a Kubernetes resource that lets you configure an HTTP load balancer for applications running on Kubernetes, represented by one or more Services. Such a load balancer is necessary to deliver those applications to clients outside of the Kubernetes cluster
The Ingress resource supports the following features:
⦿ Content-based routing:
- `Host-based routing:` For example, routing requests with the host header foo.example.com to one group of services and the host header bar.example.com to another group.
- `Path-based routing:` For example, routing requests with the URI that starts with /serviceA to service A and requests with the URI that starts with /serviceB to service B.
⦿ **TLS/SSL** termination for each hostname, such as foo.example.com.
Before installing Iris-web install the Nginx ingress controller
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-release ingress-nginx/ingress-nginx -n <Name_Space>
```
> **Info**: `my-release` is the name that you choose
## Installing Iris Web
Clone this Repository
```bash
$ git clone https://github.com/dfir-iris/iris-web.git
```
To install the chart with the release name `my-release`:
```bash
$ helm install my-release charts/ --values charts/values.yaml -n <Name_Space>
```
The command deploys **iris-web** on the Kubernetes cluster in the default configuration.
## Checking Dependencies
To check if Helm and kubectl are installed, run the following command:
```
make check-dependencies
```
If any of the dependencies are missing, the corresponding installation command will be executed automatically.
## Installing Iris
To install Iris, run the following command:
```
make install-iris
```
This will upgrade or install the Iris application using Helm. The installation uses the provided charts/values.yaml file and installs it in the specified namespace.
Replace `<name_space>` with the desired namespace for the Iris application.
## Deleting Iris
To delete the Iris application, run the following command:
```
make delete-iris
```
This will delete the Iris application using Helm. The application will be removed from the specified namespace.
Replace `<name_space>` with the namespace where the Iris application is installed.
> **Tip**: List all releases using `helm list`
# Uninstalling the Charts
To uninstall/delete the `my-release` deployment:
The command removes all the Kubernetes components associated with the chart and deletes the release.
```bash
$ helm delete my-release -n <Name_Space>
```
# Parameters
The [Parameters](#parameters) section lists the parameters that can be configured during installation.
### Common parameters
| Name | Description | Value |
| --| -- | -- |
| `replicaCount` | Number of Iris replicas to deploy | `1` |
### Lable parameters
| Name | Description | Value |
| --| -- | -- |
| `app` | Define metadata app name | `string` |
| `name` | Define lables name | `string` |
### Image parameters
Using Dockerfile or Docker compose create images for Iris and apply image to their respective yaml file.
> **Note**: For kubernetes use modified Dockerfile.k8s file to create an images
| Name | Description | Value |
| --| -- | -- |
| `image.repository` | Iris image repository | `string` |
| `image.tag` | Iris image tag | `latest` |
| `image.pullPolicy` | Iris image pull policy | `string` |
### Service parameters
| Name | Description | Value |
| --| -- | -- |
| `service.type` | Iris service type | `LoadBalancer`|
| `service.port` | Iris service port | `80` |
## Ingress parameters
| Name | Description | Value |
| --| -- | -- |
| `host_name` | Hostname for Iris app | `string`|
## How to expose the application?
List the Ingress resource on the Kubernetes cluster
```
kubectl get ingress -n <Name_Space>
```
Expose the application with your Hostname

11
iris-web/deploy/kubernetes/TODO.md Normal file
View File

@ -0,0 +1,11 @@
### Todo
- [ ] ArtifactHub configuration
### In Progress
- [ ] ArtifactHub configuration
### Done ✓
- [ ] ArtifactHub configuration

24
iris-web/deploy/kubernetes/charts/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: iris-web
description: A Helm chart for Iris Web
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

28
iris-web/deploy/kubernetes/charts/templates/NOTES.txt Normal file
View File

@ -0,0 +1,28 @@
Release Name: {{ .Release.Name }}
Chart Name: {{ .Chart.Name }}
Chart Version: {{ .Chart.Version }}
Chart Description: {{ .Chart.Description }}
The following Kubernetes resources have been deployed:
{{- if .Values.ingress.enabled }}
Ingress:
- Name: {{ .Release.Name }}-ingress
Host: {{ index .Values.ingress.hosts 0 "host" }}
Path: {{ index .Values.ingress.hosts 0 "paths" 0 "path" }}
Service Name: {{ index .Values.ingress.hosts 0 "paths" 0 "serviceName" }}
Service Port: {{ index .Values.ingress.hosts 0 "paths" 0 "servicePort" }}
{{- end }}
{{- if eq .Values.ingress.enabled true }}
To access your application, ensure that the necessary configurations are set up in your cluster.
- If you have DNS set up:
- Access your application using the configured domain: http://{{ index .Values.ingress.hosts 0 "host" }}
{{- else }}
No Ingress resources deployed.
{{- end }}
Ensure that your application service ({{ index .Values.ingress.hosts 0 "paths" 0 "serviceName" }}) is up and running on port {{ index .Values.ingress.hosts 0 "paths" 0 "servicePort" }}.
Happy exploring!

62
iris-web/deploy/kubernetes/charts/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "iris-web.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "iris-web.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "iris-web.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "iris-web.labels" -}}
helm.sh/chart: {{ include "iris-web.chart" . }}
{{ include "iris-web.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "iris-web.selectorLabels" -}}
app.kubernetes.io/name: {{ include "iris-web.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "iris-web.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "iris-web.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

85
iris-web/deploy/kubernetes/charts/templates/iris_app.yaml Normal file
View File

@ -0,0 +1,85 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.irisapp.name }}
spec:
replicas: {{ .Values.irisapp.replicaCount }}
selector:
matchLabels:
app: {{ .Values.irisapp.app }}
template:
metadata:
labels:
app: {{ .Values.irisapp.app }}
spec:
containers:
- name: {{ .Values.irisapp.name }}
image: "{{ .Values.irisapp.image}}:{{ .Values.irisapp.tag }}"
imagePullPolicy: "{{ .Values.irisapp.imagePullPolicy }}"
command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
env:
- name: DOCKERIZED # Setting Database name
value: {{ .Values.irisapp.DOCKERIZED | quote }}
- name: POSTGRES_USER # Setting Database username
value: {{ .Values.irisapp.POSTGRES_USER| quote }}
- name: POSTGRES_PASSWORDD # Setting Database password
value: {{ .Values.irisapp.POSTGRES_PASSWORD | quote }}
- name: POSTGRES_ADMIN_USER # Setting Database admin user
value: {{ .Values.irisapp.POSTGRES_ADMIN_USER | quote }}
- name: POSTGRES_ADMIN_PASSWORD # Setting Database admin password
value: {{ .Values.irisapp.POSTGRES_ADMIN_PASSWORD | quote }}
- name: POSTGRES_PORT # Setting Database port
value: {{ .Values.irisapp.POSTGRES_PORT | quote }}
- name: POSTGRES_SERVER # Setting Database server
value: {{ .Values.irisapp.POSTGRES_SERVER | quote }}
- name: IRIS_SECRET_KEY
value: {{ .Values.irisapp.IRIS_SECRET_KEY | quote }}
- name: IRIS_SECURITY_PASSWORD_SALT
value: {{ .Values.irisapp.IRIS_SECURITY_PASSWORD_SALT | quote }}
ports:
- containerPort: 8000
volumeMounts:
- mountPath: /home/iris/downloads
name: iris-downloads
- mountPath: /home/iris/user_templates
name: user-templates
- mountPath: /home/iris/server_data
name: server-data
volumes:
- name: iris-downloads
emptyDir: {}
- name: user-templates
emptyDir: {}
- name: server-data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.irisapp.name }}
labels:
app: {{ .Values.irisapp.app }}
spec:
type: {{ .Values.irisapp.type }}
ports:
- port: {{ .Values.irisapp.service.port }}
targetPort: {{ .Values.irisapp.service.targetPort }}
selector:
app: {{ .Values.irisapp.app }}
---

69
iris-web/deploy/kubernetes/charts/templates/iris_worker.yaml Normal file
View File

@ -0,0 +1,69 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.irisworker.name }}
spec:
replicas: {{ .Values.irisworker.replicaCount }}
selector:
matchLabels:
app: {{ .Values.irisworker.app }}
template:
metadata:
labels:
app: {{ .Values.irisworker.app }}
spec:
containers:
- name: {{ .Values.irisworker.name }}
image: "{{ .Values.irisworker.image}}:{{ .Values.irisworker.tag }}"
imagePullPolicy: "{{ .Values.irisworker.imagePullPolicy }}"
command: ['./wait-for-iriswebapp.sh', 'iriswebapp-app.test.svc.cluster.local:8000', './iris-entrypoint.sh', 'iris-worker']
env:
- name: DOCKERIZED
value: {{ .Values.irisworker.DOCKERIZED | quote }}
- name: POSTGRES_USER
value: {{ .Values.irisworker.POSTGRES_USER | quote }}
- name: POSTGRES_PASSWORDD
value: {{ .Values.irisworker.POSTGRES_PASSWORD | quote }}
- name: POSTGRES_ADMIN_USER
value: {{ .Values.irisworker.POSTGRES_ADMIN_USER | quote }}
- name: POSTGRES_ADMIN_PASSWORD
value: {{ .Values.irisworker.POSTGRES_ADMIN_PASSWORD | quote }}
- name: POSTGRES_PORT
value: {{ .Values.irisworker.POSTGRES_PORT | quote }}
- name: POSTGRES_SERVER
value: {{ .Values.irisworker.POSTGRES_SERVER | quote }}
- name: IRIS_SECRET_KEY
value: {{ .Values.irisworker.IRIS_SECRET_KEY | quote }}
- name: IRIS_SECURITY_PASSWORD_SALT
value: {{ .Values.irisworker.IRIS_SECURITY_PASSWORD_SALT | quote }}
ports:
- containerPort: 80
volumeMounts:
- mountPath: /home/iris/downloads
name: iris-downloads
- mountPath: /home/iris/user_templates
name: user-templates
- mountPath: /home/iris/server_data
name: server-data
volumes:
- name: iris-downloads
emptyDir: {}
- name: user-templates
emptyDir: {}
- name: server-data
emptyDir: {}
---

32
iris-web/deploy/kubernetes/charts/templates/nginx_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.ingress.name }}
annotations:
{{- toYaml .Values.ingress.annotations | nindent 4 }}
spec:
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host.host }}
http:
paths:
{{- range $path := $host.paths }}
- path: {{ $path.path }}
pathType: Prefix
backend:
service:
name: {{ $path.serviceName }}
port:
number: {{ $path.servicePort }}
{{- end }}
{{- end }}
{{- with .Values.ingress.tls }}
tls:
{{- range . }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}

104
iris-web/deploy/kubernetes/charts/templates/postgres.yaml Normal file
View File

@ -0,0 +1,104 @@
---
# Here I have used a hostpath
# Local volumes can only be used as a statically created PersistentVolume. Dynamic provisioning is not supported.
# If you need to go with Dynamic volumes you may choose AWS EBS or EFS
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pv-volume
labels:
app: {{ .Values.postgres.app }}
spec:
storageClassName: pv
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
hostPath:
path: /var/lib/data
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: postgres-pv-claim
labels:
app: {{ .Values.postgres.app }}
spec:
storageClassName: pv
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.postgres.name }}
spec:
replicas: {{ .Values.postgres.replicaCount }}
selector:
matchLabels:
app: {{ .Values.postgres.app }}
template:
metadata:
labels:
app: {{ .Values.postgres.app }}
spec:
containers:
- name: {{ .Values.postgres.name }}
image: "{{ .Values.postgres.image}}:{{ .Values.postgres.tag }}"
imagePullPolicy: "{{ .Values.postgres.imagePullPolicy }}"
env:
- name: POSTGRES_DB # Setting Database name
value: {{ .Values.postgres.POSTGRES_DB | quote }}
- name: POSTGRES_USER # Setting Database username
value: {{ .Values.postgres.POSTGRES_ADMIN_USER | quote }}
- name: POSTGRES_PASSWORDD # Setting Database password
value: {{ .Values.postgres.POSTGRES_PASSWORD | quote }}
- name: POSTGRES_ADMIN_USER # Setting Database admin user
value: {{ .Values.postgres.POSTGRES_ADMIN_USER | quote }}
- name: POSTGRES_ADMIN_PASSWORD # Setting Database admin password
value: {{ .Values.postgres.POSTGRES_ADMIN_PASSWORD | quote }}
- name: POSTGRES_PORT # Setting Database port
value: {{ .Values.postgres.POSTGRES_PORT | quote }}
- name: POSTGRES_HOST_AUTH_METHOD
value: trust
ports:
- containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: postgres-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.postgres.name }}
labels:
app: {{ .Values.postgres.app }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.postgres.service.port }}
selector:
app: {{ .Values.postgres.app }}
---

36
iris-web/deploy/kubernetes/charts/templates/rabbitmq.yaml Normal file
View File

@ -0,0 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.rabbitmq.name }}
spec:
selector:
matchLabels:
app: {{ .Values.rabbitmq.app }}
replicas: {{ .Values.rabbitmq.replicaCount }}
template:
metadata:
labels:
app: {{ .Values.rabbitmq.app }}
spec:
containers:
- image: "{{ .Values.rabbitmq.image}}:{{ .Values.rabbitmq.tag}}"
imagePullPolicy: {{ .Values.rabbitmq.imagePullPolicy}}
name: {{ .Values.rabbitmq.name }}
ports:
- containerPort: 5672
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.rabbitmq.name }}
spec:
ports:
- port: 5672
targetPort: 5672
protocol: TCP
type: ClusterIP
selector:
app: {{ .Values.rabbitmq.app }}
---

159
iris-web/deploy/kubernetes/charts/values.yaml Normal file
View File

@ -0,0 +1,159 @@
## @section rabbitmq Configuration
##
rabbitmq:
## @param rabbitmq.app App name for rabbitmq
##
app: rabbitmq
## @param rabbitmq.name Name for rabbitmq
##
name: rabbitmq
## @param rabbitmq.image Image rabbitmq deployment
##
image: rabbitmq
## @param rabbitmq.tag Tag for rabbitmq
##
tag: 3-management-alpine
## @param rabbitmq.imagePullPolicy Policy for rabbitmq
##
imagePullPolicy: "IfNotPresent"
## @param rabbitmq.replicaCount ReplicaCount for rabbitmq
##
replicaCount: 1
## @section PostgreSQL Configuration
##
postgres:
## @param postgres.app PostgreSQL App
##
app: postgres
## @param postgres.name PostgreSQL Name
##
name: postgres
## @param postgres.image PostgreSQL Image
##
image: <postgres_image>
## @param postgres.tag PostgreSQL Tag
tag: <tag>
## @param postgres.imagePullPolicy PostgreSQL PullPolicy
##
imagePullPolicy: "IfNotPresent"
## @param postgres.replicaCount PostgreSQL ReplicaCount
##
replicaCount: 1
## @param postgres.service PostgreSQL Service
##
service:
port: 5432
## @param PostgreSQL Environments
##
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_ADMIN_USER: raptor
POSTGRES_ADMIN_PASSWORD: postgres
POSTGRES_DB: iris_db
POSTGRES_PORT: 5432
## @section Iris Frontend Configuration
##
irisapp:
## @param irisapp.app Iris Frontend App
##
app: iriswebapp-app
## @param irisapp.name Iris Frontend Name
##
name: iriswebapp-app
## @param irisapp.image Iris Frontend Image
##
image: <irisapp_image>
## @param irisapp.tag Iris Frontend Tag
##
tag: <tag>
## @param irisapp.imagePullPolicy Iris Frontend imagePullPolicy
##
imagePullPolicy: "IfNotPresent"
## @param irisapp.replicaCount Iris Frontend replicaCount
##
replicaCount: 1
## @param irisapp.service Iris Frontend Service
##
service:
port: 80
targetPort: 8000
## @param irisapp.type Iris Frontend Service type
##
type: ClusterIP
## @param Iris Frontend Environments
##
POSTGRES_USER: raptor
POSTGRES_PASSWORD: postgres
POSTGRES_ADMIN_USER: raptor
POSTGRES_ADMIN_PASSWORD: postgres
POSTGRES_PORT: 5432
POSTGRES_SERVER: postgres.<name_space>.svc.cluster.local
DOCKERIZED: 1
IRIS_SECRET_KEY: AVerySuperSecretKey-SoNotThisOne
IRIS_SECURITY_PASSWORD_SALT: ARandomSalt-NotThisOneEither
## @section Iris Backend Configuration
##
irisworker:
## @param irisworker.app Iris Backend App
##
app: iriswebapp-worker
## @param irisworker.name Iris Backend Name
##
name: iriswebapp-worker
## @param irisworker.image Iris Backend Image
##
image: <irisworker_image>
## @param irisworker.tag Iris Backend Tag
##
tag: <tag>
## @param irisworker.imagePullPolicy Iris Backend imagePullPolicy
##
imagePullPolicy: "IfNotPresent"
## @param irisworker.replicaCount Iris Backend replicaCount
##
replicaCount: 1
## @param Iris Backend Environments
##
POSTGRES_USER: raptor
POSTGRES_PASSWORD: postgres
POSTGRES_ADMIN_USER: raptor
POSTGRES_ADMIN_PASSWORD: postgres
POSTGRES_PORT: 5432
POSTGRES_SERVER: postgres.<name_space>.svc.cluster.local
DOCKERIZED: 1
IRIS_SECRET_KEY: AVerySuperSecretKey-SoNotThisOne
IRIS_SECURITY_PASSWORD_SALT: ARandomSalt-NotThisOneEither
## @section Nginx Ingress Configuration
##
ingress:
enabled: true
name: iris-ingress
className: nginx
annotations:
# Add any annotations specific to your Ingress controller
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
hosts:
- host: <host_name>
paths:
- path: /
pathType: Prefix
serviceName: iriswebapp-app
servicePort: 80
tls:
- secretName: iris-ingress-tls-secret
hosts:
- <host_name>