chore: prod env setup

.drone.yml

@@ -63,4 +63,95 @@ trigger:
     - push
     - pull_request
   branch:
-    - master
+    - master
+
+---
+kind: pipeline
+type: docker
+name: linux-amd64
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      registry: gitea.dwysokinski.me
+      repo: gitea.dwysokinski.me/twhelp-packages/sessions
+      auto_tag: true
+      auto_tag_suffix: linux-amd64
+      dockerfile: ./build/docker/sessions/prod/Dockerfile
+      build_args_from_env: [DRONE_TAG]
+
+trigger:
+  event:
+    - tag
+
+---
+kind: pipeline
+type: docker
+name: manifest
+
+steps:
+  - name: manifest
+    image: plugins/manifest
+    settings:
+      auto_tag: "true"
+      ignore_missing: "true"
+      spec: ./build/docker/sessions/prod/manifest.tmpl
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+  - name: manifest-latest
+    image: plugins/manifest
+    settings:
+      tags: latest
+      ignore_missing: "true"
+      spec: ./build/docker/sessions/prod/manifest.tmpl
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+
+trigger:
+  event:
+    - tag
+
+depends_on:
+  - linux-amd64
+
+---
+kind: pipeline
+type: docker
+name: deploy
+
+steps:
+  - name: deploy-k8s
+    image: alpine/k8s:1.25.3
+    environment:
+      KUBECONFIG:
+        from_secret: kubeconfig
+    commands:
+      - "mkdir ~/.kube && echo \"$KUBECONFIG\" > ~/.kube/twhelp"
+      - "cd ./k8s/overlays/prod && kustomize edit set image twhelp=gitea.dwysokinski.me/twhelp-packages/sessions:${DRONE_TAG##v} && cd ../../.."
+      - "kubectl --kubeconfig ~/.kube/twhelp -n twhelp delete jobs.batch sessions-migrations-job || true"
+      - kustomize build ./k8s/overlays/prod | kubectl --kubeconfig ~/.kube/twhelp apply -n twhelp -f -
+
+trigger:
+  event:
+    - tag
+
+depends_on:
+  - manifest
+---
+kind: signature
+hmac: 5c27be7b702ae2fa548042660e8785d726362c144a48e5c2733d0322e59c9c4e
+
+...

build/docker/sessions/prod/Dockerfile

@@ -0,0 +1,24 @@
+FROM golang:1.19.3-alpine3.16 as builder
+
+WORKDIR /sessions
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+RUN apk --no-cache add make
+
+COPY . .
+RUN make generate
+ARG DRONE_TAG="development"
+RUN CGO_ENABLED=0 go build -ldflags "-X main.version=${DRONE_TAG##v}" -trimpath -o sessions ./cmd/sessions/main.go
+
+######## Start a new stage from scratch #######
+FROM alpine:3.16
+
+RUN apk --no-cache add ca-certificates tzdata
+
+COPY --from=builder /sessions/sessions /usr/bin/
+
+EXPOSE 9234/tcp
+
+ENTRYPOINT ["sessions"]

build/docker/sessions/prod/manifest.tmpl

@@ -0,0 +1,13 @@
+image: gitea.dwysokinski.me/twhelp-packages/sessions:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: gitea.dwysokinski.me/twhelp-packages/sessions:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux

k8s/overlays/prod/api.yml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sessions-api-deployment
+spec:
+  template:
+    spec:
+      containers:
+        - name: sessions-api
+          image: sessions
+          env:
+            - name: APP_MODE
+              value: production
+            - name: DB_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: sessions-secret
+                  key: db-dsn
+            - name: DB_MAX_OPEN_CONNECTIONS
+              value: "5"
+            - name: DB_MAX_IDLE_CONNECTIONS
+              value: "5"
+            - name: API_SWAGGER_ENABLED
+              value: "false"

k8s/overlays/prod/ingress.yml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sessions-api-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: "web"
+    traefik.ingress.kubernetes.io/router.tls: "false"
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-cors-sessions@kubernetescrd,kube-system-compress@kubernetescrd
+spec:
+  rules:
+    - host: sessions.tribalwarshelp.com
+      http:
+        paths:
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: sessions-api-service
+                port:
+                  number: 9234

k8s/overlays/prod/jobs.yml

@@ -0,0 +1,23 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: sessions-migrations-job
+spec:
+  template:
+    spec:
+      containers:
+        - name: sessions-migrations
+          image: sessions
+          env:
+            - name: APP_MODE
+              value: production
+            - name: DB_MAX_OPEN_CONNECTIONS
+              value: "1"
+            - name: DB_MAX_IDLE_CONNECTIONS
+              value: "1"
+            - name: DB_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: sessions-secret
+                  key: db-dsn

k8s/overlays/prod/kustomization.yml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: twhelp
+resources:
+  - ../../base
+  - ingress.yml
+patchesStrategicMerge:
+  - api.yml
+  - jobs.yml