Merge pull request #5 from pavelnikolov/k8s2

K8s2
pavelnikolov · Jul 29, 2024 · 8d5f406 · 8d5f406
2 parents 10eb916 + 3cad120
commit 8d5f406
Show file tree

Hide file tree

Showing 14 changed files with 589 additions and 60 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,68 @@
+name: "Network Terraform Apply"
+
+on:
+  ## Trigger the workflow manually
+  workflow_dispatch:
+
+env:
+  TF_WORKSPACE: "default"
+  CONFIG_DIRECTORY: "./terraform"
+  AWS_REGION: ${{ secrets.AWS_REGION }}
+
+jobs:
+  terraform:
+    name: "Network Terraform Plan & Apply"
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        working-directory: ${{ env.CONFIG_DIRECTORY }}
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Assume AWS Credentials
+        id: assume
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-session-name: ${{ github.actor }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+
+      - uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Set terraform output vars
+        id: vars
+        run: |
+          printf "cluster_name=%s\n" $(terraform output -raw cluster_name) >> "$GITHUB_OUTPUT"
+
+
+      - id: install-aws-cli
+        uses: unfor19/install-aws-cli-action@v1
+        with:
+          version: 2                         # default
+          verbose: false                     # default
+          arch: amd64                        # allowed values: amd64, arm64
+
+      - uses: tale/kubectl-action@v1
+        with:
+          base64-kube-config: ${{ secrets.KUBE_CONFIG }}
+          kubectl-version: v1.30.0
+
+      - name: configure kubeconfig
+        run: |
+          aws eks --region ${{ secrets.AWS_REGION }} update-kubeconfig --name ${{ steps.vars.outputs.cluster_name }}
+
+      - name: Kubernetes Apply
+        run: kubectl apply -k k8s/
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
@@ -1,11 +1,7 @@
 name: "Network Terraform Apply"
 
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'terraform/**'
+  ## Trigger the workflow manually
   workflow_dispatch:
 
 env:

diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
@@ -4,6 +4,7 @@ on:
   pull_request:
     paths:
       - 'terraform/**'
+  workflow_dispatch:
 
 env:
   TF_WORKSPACE: "default"

diff --git a/README.md b/README.md
@@ -44,7 +44,22 @@ Some functional tests have been added which test the process of registration, at
 
 ### Client and Server setup
 
-Assuming that Docker is present on your machine, the client and the server can be started by running `docker compose up`. Alternatively, if Docker is not available, one can always run the binaries using `cargo` like this:
+Assuming that Docker is present on your machine, the client and the server can be started by running using the `docker-compose.yaml` file:
+
+```bash
+$ docker compose up
+[+] Running 2/0
+ ✔ Container zkp-auth-server-1  Created                                                                              0.0s
+ ✔ Container zkp-auth-client-1  Created                                                                              0.0s
+Attaching to client-1, server-1
+server-1  | Listening for connections on 0.0.0.0:50051
+client-1  | Registration successful.
+client-1  | Received challenge from server.
+client-1  | Successfully logged in! Session ID: OooJ8n7FOOU1ZyhxOqfBhsvK5x4mwdP7
+client-1 exited with code 0
+```
+
+Alternatively, if Docker is not available, one can always run the binaries using `cargo` like this:
 
 * Run `cargo run --bin zkpauth-server` in one terminal; and then
 * Run `cargo run --bin zkpauth-client` in another terminal

diff --git a/k8s/client-ns.yaml b/k8s/client-ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zkpauth-client
diff --git a/k8s/client.yaml b/k8s/client.yaml
@@ -0,0 +1,41 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: app
+  namespace: zkpauth-client
+  labels:
+    app: app
+spec:
+    template:
+      metadata:
+        labels:
+          app: app
+      spec:
+        affinity:
+          podAntiAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchExpressions:
+                      - key: app
+                        operator: In
+                        values:
+                          - server
+                  namespaces:
+                    - zkpauth
+                  topologyKey: "kubernetes.io/hostname"
+        containers:
+          - name: app
+            image: ghcr.io/pavelnikolov/zkpauth-client:overridden-later
+            env:
+              - name: SERVER_ADDR
+                value: "http://server.zkpauth:50051"
+              - name: CLIENT_ID
+                value: "client"
+            resources:
+              requests:
+                cpu: 100m
+                memory: 100Mi
+              limits:
+                cpu: 100m
+                memory: 100Mi
+        restartPolicy: Never
diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - client-ns.yaml
+  - server-ns.yaml
+  - server.yaml
+  - client.yaml
+  - server-svc.yaml
+
+images:
+  - name: ghcr.io/pavelnikolov/zkpauth-server
+    newName: ghcr.io/pavelnikolov/zkpauth-server
+    newTag: latest
+  - name: ghcr.io/pavelnikolov/zkpauth-client
+    newName: ghcr.io/pavelnikolov/zkpauth-client
+    newTag: latest
diff --git a/k8s/server-ns.yaml b/k8s/server-ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zkpauth
diff --git a/k8s/server-svc.yaml b/k8s/server-svc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: server
+  namespace: zkpauth
+spec:
+  ports:
+    - port: 50051
+      targetPort: grpc
+  selector:
+    name: server
diff --git a/k8s/server.yaml b/k8s/server.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: server
+  namespace: zkpauth
+  labels:
+    app: server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: server
+  template:
+    metadata:
+      labels:
+        app: server
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: server
+        image: ghcr.io/pavelnikolov/zkpauth-server:overridden-later
+        ports:
+        - name: grpc
+          containerPort: 50051
+        env:
+        - name: LISTEN_ADDR
+          value:  "0.0.0.0:50051"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+          limits:
+            cpu: 200m
+            memory: 200Mi
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl