Merge pull request #159 from datalab-mi/feat/kubernetes-nginx

Feat/kubernetes nginx

Makefile

@@ -175,18 +175,17 @@ create-namespace:
 	@echo $@
 	(cat ${KUBE_DIR}/namespace.yaml | envsubst | kubectl apply -f -) && touch $@
 
-deploy-k8s-traefik:
-	helm upgrade --install --values ${KUBE_DIR}/traefik/values.yaml traefik traefik/traefik --namespace traefik	
-	@cat ${KUBE_DIR}/traefik/ingress.yaml | envsubst | kubectl apply -f -
+deploy-k8s-nginx:
+	helm upgrade --install --values ${KUBE_DIR}/nginx/values.yaml nginx ingress-nginx/ingress-nginx --namespace nginx	
+	@cat ${KUBE_DIR}/nginx/ingress.yaml | envsubst | kubectl apply -f -
 
 deploy-k8s-configmap: create-namespace
 	kubectl create configmap env-${INDEX_NAME} --from-env-file=${ENV_FILE} --namespace ridoc -o yaml --dry-run=client | kubectl apply -f -
 	kubectl create configmap static-${INDEX_NAME} --from-file=${FRONTEND_STATIC_USER} --namespace ridoc -o yaml --dry-run=client | kubectl apply -f -
-	kubectl create configmap logstash-pipeline --from-file=logstash/pipeline/logstash.conf --namespace ridoc -o yaml --dry-run=client | kubectl apply -f -
 
 deploy-k8s-volume: create-namespace
 	@cat ${KUBE_DIR}/volume.yaml | envsubst | kubectl apply -f -
-		{KUBE_DIR}/ingress.yaml | envsubst | kubectl apply -f -
+	{KUBE_DIR}/volume.yaml | envsubst | kubectl apply -f -
 
 deploy-k8s-ekl: create-namespace
 	@echo $@

backend/requirements.txt

@@ -1,4 +1,4 @@
-Flask>=1.1.1
+Flask>=2.2.2
 #flask-httpauth>=4.2.0
 flask-jwt-extended>=3.25.0
 #flask-cors==3.0.8

deployments/nginx/README.md

@@ -0,0 +1,27 @@
+# Install helm charts
+
+## Nginx
+```bash
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+```
+
+## Cert manager
+```bash
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+```
+From [docs](https://cert-manager.io/docs/tutorials/acme/nginx-ingress/)
+
+# Deploy
+```bash
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace nginx \
+  --set installCRDs=true
+
+helm upgrade --install nginx ingress-nginx/ingress-nginx  --namespace nginx --create-namespace --values values.yaml
+
+kubectl apply -f issuer.yaml
+kubectl apply -f ingress.yaml 
+```

deployments/nginx/ingress.yaml

@@ -0,0 +1,70 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: backend
+  namespace: ridoc # Namespace must be the same as that of target services below.
+  annotations: 
+    # nginx.ingress.kubernetes.io/ssl-redirect: "false" # Set to true once SSL is set up.
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+    nginx.ingress.kubernetes.io/enable-access-log: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - kubernetes.ridoc.fr
+    secretName: letsencrypt-prod
+  rules:
+  - host: kubernetes.ridoc.fr
+    http:
+      paths:
+        - path: /backend/(.*)
+          pathType: ImplementationSpecific
+          backend:
+            service:
+              name: backend
+              port:
+                number: 5000
+        # - path: /
+        #   pathType: Prefix
+        #   backend:
+        #     service:
+        #       name: frontend
+        #       port:
+        #         number: 3000
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: frontend
+  namespace: ridoc # Namespace must be the same as that of target services below.
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/enable-access-log: "false"
+    # nginx.ingress.kubernetes.io/ssl-redirect: "false" # Set to true once SSL is set up.
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - kubernetes.ridoc.fr
+    secretName: letsencrypt-prod
+  rules:
+  - host: kubernetes.ridoc.fr
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: frontend
+              port:
+                number: 3000
+        - path: /kibana
+          pathType: Prefix
+          backend:
+            service:
+              name: kibana-kibana
+              port:
+                number: 5601

deployments/nginx/issuer.yaml

@@ -0,0 +1,40 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+  # namespace: nginx
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: datalab@interieur.gouv.fr
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
+
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  # namespace: nginx
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: datalab@interieur.gouv.fr
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx

deployments/nginx/values.yaml

@@ -0,0 +1,30 @@
+# controller:
+#   service:
+#     type: NodePort
+#   publishService:
+#     enabled: true
+
+controller:
+  kind: DaemonSet
+  hostNetwork: true
+  dnsPolicy: ClusterFirstWithHostNet
+  daemonset:
+    useHostPort: true
+  service:
+    type: ClusterIP
+  config:
+    access-log-path: "/tmp/nginx/access.log"
+    log-format-escape-json: true
+    log-format-upstream: '{"http_x_forwarded_for":"$http_x_forwarded_for","http_referer":"$http_referer","http_user_agent":"$http_user_agent","remote_addr":"$remote_addr","remote_user":"$remote_user","time_local":"$time_local","request":"$request","request_time":$request_time,"request_method":"$request_method","request_uri":"$request_uri","uri":"$uri","status":$status,"body_bytes_sent":$body_bytes_sent,"request_body": "$request_body"}'
+
+  extraVolumes:
+    - name: nginx-logs
+      hostPath:
+        path: /tmp
+
+  extraVolumeMounts:
+    - name: nginx-logs
+      mountPath: /tmp/nginx
+rbac:
+  create: true
+

docker-compose-elasticsearch-huge.yml

@@ -30,8 +30,7 @@ services:
      #- ${DATA_PATH}:/data
     ports:
        - "9200:9200"
-    logging:
-        driver: none
+
 
 networks:
   default:

docker-compose-elasticsearch.yml

@@ -30,8 +30,7 @@ services:
      #- ${DATA_PATH}:/data
     ports:
        - "9200:9200"
-    logging:
-        driver: none
+
 
 networks:
   default:

docker-compose-frontend-dev.yml

@@ -11,7 +11,7 @@ services:
         no_proxy: ${no_proxy}
         VIEWERJS_VERSION: ${VIEWERJS_VERSION}
     stdin_open: true
-    image: ${FRONTEND_DEV_HOST}
+    image: ${FRONTEND_DEV_HOST}:${APP_VERSION}
     container_name: ${FRONTEND_DEV_HOST}
     volumes:
       - ${FRONTEND}/src:/app/src

frontend/package.json

@@ -19,7 +19,8 @@
     "polka": "next",
     "simple-svelte-autocomplete": "1.2.4",
     "sirv": "^0.4.0",
-    "svelte-tags-input": "^2.6.5"
+    "svelte-tags-input": "^2.6.5",
+    "pdfjs-dist": "^4.0.3"
   },
   "devDependencies": {
     "npm-run-all": "^4.1.5",