diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index d33f180..8fce874 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -15,39 +15,39 @@ jobs: # ----------------------------------------------------------------- # CI PART # ----------------------------------------------------------------- - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker Login (Gitea Registry) - uses: docker/login-action@v3 - with: - registry: ${{ vars.GITEA_REGISTRY_URL }} - username: ${{ secrets.GITEA_REGISTRY_USERNAME }} - password: ${{ secrets.GITEA_REGISTRY_PASSWORD }} + # ----------------------------------------------------------------- + # CI PART (Kaniko) + # ----------------------------------------------------------------- + - name: Create Docker Config + run: | + mkdir -p ${{ github.workspace }}/.docker + echo "{\"auths\":{\"${{ vars.GITEA_REGISTRY_URL }}\":{\"username\":\"${{ secrets.GITEA_REGISTRY_USERNAME }}\",\"password\":\"${{ secrets.GITEA_REGISTRY_PASSWORD }}\"}}}" > ${{ github.workspace }}/.docker/config.json # BACKEND BUILD & PUSH - name: Build and Push Backend - id: docker_build_backend - uses: docker/build-push-action@v5 + uses: docker://gcr.io/kaniko-project/executor:v1.14.0-debug + env: + DOCKER_CONFIG: /github/workspace/.docker with: - context: ./backend - push: true - tags: ${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/backend:latest - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max + args: > + --context=dir:///github/workspace/backend + --dockerfile=Dockerfile + --destination=${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/backend:latest + --cache=true + --custom-platform=linux/arm64 # FRONTEND BUILD & PUSH - name: Build and Push Frontend - id: docker_build_frontend - uses: docker/build-push-action@v5 + uses: docker://gcr.io/kaniko-project/executor:v1.14.0-debug + env: + DOCKER_CONFIG: /github/workspace/.docker with: - context: ./frontend - push: true - tags: ${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/frontend:latest - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max + args: > + --context=dir:///github/workspace/frontend + --dockerfile=Dockerfile + --destination=${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/frontend:latest + --cache=true + --custom-platform=linux/arm64 # ----------------------------------------------------------------- # CD PART (HELM) diff --git a/coder/main.tf b/coder/main.tf new file mode 100644 index 0000000..6184f6f --- /dev/null +++ b/coder/main.tf @@ -0,0 +1,155 @@ +terraform { + required_providers { + coder = { + source = "coder/coder" + version = "~> 0.12.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.23" + } + } +} + +provider "coder" {} + +variable "use_kubeconfig" { + type = bool + description = "Use kubeconfig instead of in-cluster config" + default = false +} + +provider "kubernetes" { + # If running inside the cluster, this will use the service account token. + # If running locally for dev, set use_kubeconfig = true + config_path = var.use_kubeconfig ? "~/.kube/config" : null +} + +data "coder_workspace" "me" {} + +resource "coder_agent" "main" { + arch = "arm64" + os = "linux" + startup_script = <> ~/.bashrc + + # Install Node.js (via NVM or direct) - Installing Node 20 LTS for ARM64 + curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - + sudo apt-get install -y nodejs + + # Configure Git to use the token + git config --global credential.helper store + # We can't easily inject the password here without a secret, but we can setup the user + git config --global user.name "${data.coder_workspace.me.owner}" + git config --global user.email "${data.coder_workspace.me.owner_email}" + + # Clone repo if not exists + if [ ! -d "~/evrak" ]; then + git clone https://git.konstantiniyye.studio/muhammed/evrak.git ~/evrak + fi + EOT + + # These environment variables are available in the workspace + env = { + GIT_AUTHOR_NAME = "${data.coder_workspace.me.owner}" + GIT_COMMITTER_NAME = "${data.coder_workspace.me.owner}" + GIT_AUTHOR_EMAIL = "${data.coder_workspace.me.owner_email}" + GIT_COMMITTER_EMAIL = "${data.coder_workspace.me.owner_email}" + } +} + +resource "kubernetes_persistent_volume_claim" "home" { + metadata { + name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}-home" + namespace = "default" # Adjust if Coder runs in a different namespace or if you want workspaces elsewhere + labels = { + "app.kubernetes.io/name" = "coder-pvc" + "app.kubernetes.io/instance" = "coder-pvc-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}" + "app.kubernetes.io/part-of" = "coder" + "app.kubernetes.io/managed-by" = "coder" + } + } + wait_until_bound = false + spec { + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "10Gi" + } + } + } +} + +resource "kubernetes_pod" "main" { + count = data.coder_workspace.me.start_count + metadata { + name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}" + namespace = "default" + } + spec { + security_context { + run_as_user = 1000 + fs_group = 1000 + } + + container { + name = "dev" + image = "ubuntu:22.04" + command = ["sh", "-c", coder_agent.main.init_script] + security_context { + run_as_user = 1000 + } + env { + name = "CODER_AGENT_TOKEN" + value = coder_agent.main.token + } + resources { + requests = { + "cpu" = "250m" + "memory" = "512Mi" + } + limits = { + "cpu" = "2" + "memory" = "4Gi" + } + } + volume_mount { + mount_path = "/home/coder" + name = "home" + read_only = false + } + } + + volume { + name = "home" + persistent_volume_claim { + claim_name = kubernetes_persistent_volume_claim.home.metadata.0.name + } + } + + affinity { + node_affinity { + required_during_scheduling_ignored_during_execution { + node_selector_term { + match_expressions { + key = "kubernetes.io/arch" + operator = "In" + values = ["arm64"] + } + } + } + } + } + } +} diff --git a/deploy/charts/evrak/templates/backend.yaml b/deploy/charts/evrak/templates/backend.yaml index c1ead4a..edad8d2 100644 --- a/deploy/charts/evrak/templates/backend.yaml +++ b/deploy/charts/evrak/templates/backend.yaml @@ -17,6 +17,10 @@ spec: {{- include "evrak.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: backend spec: + {{- with .Values.backend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: backend image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" diff --git a/deploy/charts/evrak/templates/frontend.yaml b/deploy/charts/evrak/templates/frontend.yaml index 32db19c..8bd96fd 100644 --- a/deploy/charts/evrak/templates/frontend.yaml +++ b/deploy/charts/evrak/templates/frontend.yaml @@ -17,6 +17,10 @@ spec: {{- include "evrak.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: frontend spec: + {{- with .Values.frontend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: frontend image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" diff --git a/deploy/charts/evrak/values.yaml b/deploy/charts/evrak/values.yaml index 7a96417..7b8133e 100644 --- a/deploy/charts/evrak/values.yaml +++ b/deploy/charts/evrak/values.yaml @@ -13,6 +13,8 @@ backend: dbPort: 5432 dbDatabase: evrak # dbHost, dbUsername, dbPassword will be injected via secrets/templates + nodeSelector: + kubernetes.io/hostname: instance-20251124-1624-mzi frontend: image: @@ -22,6 +24,8 @@ frontend: replicas: 1 service: port: 80 + nodeSelector: + kubernetes.io/hostname: instance-20251124-1624-mzi postgres: image: