cmd/relui: add deployment configuration

toothrot · toothrot · commit a9ac0387b1f8 · 2021-11-12T20:16:38.000Z
Add deployment configuration for relui using IAM database authentication. For golang/go#47401 Change-Id: Ifde113bd3e09d19eb69bffb5a0ce3689e6c6410a Reviewed-on: https://go-review.googlesource.com/c/build/+/363535 Trust: Alexander Rakoczy <alex@golang.org> Run-TryBot: Alexander Rakoczy <alex@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>
diff --git a/cmd/relui/Makefile b/cmd/relui/Makefile
@@ -39,10 +39,29 @@ migrate-down-up: docker
 test: postgres-dev docker-test
 	docker run --rm --name=relui-test -v $(POSTGRES_RUN_DEV) -e PGUSER=$(POSTGRES_USER) -e PGDATABASE=relui-test golang/relui-test:$(VERSION)
 
+DOCKER_IMAGE := golang/relui
+IMAGE_PROD := gcr.io/symbolic-datum-552/relui
+MUTABLE_VERSION := latest
+
 .PHONY: docker
 docker:
-	docker build -f Dockerfile -t golang/relui:$(VERSION) ../..
+	docker build -f Dockerfile -t $(DOCKER_IMAGE):$(VERSION) ../..
 
 .PHONY: docker-test
 docker-test:
 	docker build -f Dockerfile.test -t golang/relui-test:$(VERSION) ../..
+
+.PHONY: docker-prod
+docker-prod: docker
+	docker tag $(DOCKER_IMAGE):$(VERSION) $(IMAGE_PROD):$(VERSION)
+	docker tag $(DOCKER_IMAGE):$(VERSION) $(IMAGE_PROD):$(MUTABLE_VERSION)
+
+.PHONY: push-prod
+push-prod: docker-prod
+	docker push $(IMAGE_PROD):$(VERSION)
+	docker push $(IMAGE_PROD):$(MUTABLE_VERSION)
+
+.PHONY: deploy-prod
+deploy-prod: push-prod
+	go install golang.org/x/build/cmd/xb
+	xb --prod kubectl --namespace prod set image deployment/relui-deployment relui=$(IMAGE_PROD):$(VERSION)
diff --git a/cmd/relui/deployment-prod.yaml b/cmd/relui/deployment-prod.yaml
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: prod
+  name: relui-deployment
+spec:
+  selector:
+    matchLabels:
+      app: relui
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: relui
+    spec:
+      serviceAccountName: relui
+      containers:
+        - name: relui
+          image: gcr.io/symbolic-datum-552/relui:latest
+          imagePullPolicy: Always
+          command: ["/sbin/tini", "--", "./relui", "--listen-https-selfsigned=:444"]
+          ports:
+            - containerPort: 444
+          env:
+            - name: PGUSER
+              value: relui
+            - name: PGDATABASE
+              value: relui-prod
+          resources:
+            requests:
+              cpu: "2"
+              memory: "4Gi"
+        - name: cloud-sql-proxy
+          # It is recommended to use the latest version of the Cloud SQL proxy
+          image: gcr.io/cloudsql-docker/gce-proxy:latest
+          command:
+            - "/cloud_sql_proxy"
+
+            # If connecting from a VPC-native GKE cluster, you can use the
+            # following flag to have the proxy connect over private IP
+            - "-ip_address_types=PRIVATE"
+
+            # Replace DB_PORT with the port the proxy should listen on
+            # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433
+            - "-instances=symbolic-datum-552:us-central1:relui-prod-01=tcp:5432"
+          securityContext:
+            # The default Cloud SQL proxy image runs as the
+            # "nonroot" user and group (uid: 65532) by default.
+            runAsNonRoot: true
+          # Resource configuration depends on an application's requirements. You
+          # should adjust the following values based on what your application
+          # needs. For details, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+          resources:
+            requests:
+              # The proxy's memory use scales linearly with the number of active
+              # connections. Fewer open connections will use less memory. Adjust
+              # this value based on your application's requirements.
+              memory: "2Gi"
+              # The proxy's CPU use scales linearly with the amount of IO between
+              # the database and the application. Adjust this value based on your
+              # application's requirements.
+              cpu: "1"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: prod
+  name: relui
+  annotations:
+    iam.gke.io/gcp-service-account: relui@symbolic-datum-552.iam.gserviceaccount.com
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: prod
+  name: relui-internal
+  annotations:
+    cloud.google.com/neg: '{"ingress": false}'
+    cloud.google.com/app-protocols: '{"https":"HTTP2"}'
+spec:
+  ports:
+    - port: 444
+      targetPort: 444
+      name: https
+  selector:
+    app: relui
+  type: NodePort
diff --git a/cmd/relui/main.go b/cmd/relui/main.go
@@ -9,9 +9,9 @@ import (
 	"context"
 	"flag"
 	"log"
-	"os"
 
 	"github.com/jackc/pgx/v4/pgxpool"
+	"golang.org/x/build/internal/https"
 	"golang.org/x/build/internal/relui"
 )
 
@@ -22,6 +22,7 @@ var (
 )
 
 func main() {
+	https.RegisterFlags(flag.CommandLine)
 	flag.Parse()
 	ctx := context.Background()
 	if err := relui.InitDB(ctx, *pgConnect); err != nil {
@@ -50,10 +51,5 @@ func main() {
 	if err != nil {
 		log.Fatalf("relui.NewServer() = %v", err)
 	}
-	port := os.Getenv("PORT")
-	if port == "" {
-		port = "8080"
-	}
-	log.Printf("Listening on :" + port)
-	log.Fatal(s.Serve(port))
+	log.Fatalln(https.ListenAndServe(ctx, s))
 }
