From a3534b7cb8926b2cdba82e9d244e31fb5ea69c0d Mon Sep 17 00:00:00 2001 From: dhirsch1 Date: Thu, 22 Jun 2023 16:42:41 +0300 Subject: [PATCH 1/6] added k8s and docker to the craft ready made code. --- Dockerfile | 10 ++++++ Makefile | 42 ++++++++++++++++++++++ config/contrast_security.yaml | 5 +++ kube/petclinic.yaml.tmpl | 55 +++++++++++++++++++++++++++++ kube/postgresql.yaml | 66 +++++++++++++++++++++++++++++++++++ 5 files changed, 178 insertions(+) create mode 100644 Dockerfile create mode 100644 Makefile create mode 100644 config/contrast_security.yaml create mode 100644 kube/petclinic.yaml.tmpl create mode 100644 kube/postgresql.yaml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..7d3323e70 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM openjdk:17.0.1-slim +WORKDIR /opt +ENV PORT 8080 +ENV POSTGRES_USER petclinic +ENV POSTGRES_PASSWORD petclinic +ENV POSTGRES_URL jdbc:postgresql://postgres/petclinic +ENV JAVA_OPTS "-Dspring.profiles.active=postgres -Xmx2g" +EXPOSE 8080 +COPY target/*.jar /opt/app.jar +ENTRYPOINT exec java $JAVA_OPTS -jar app.jar diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..c6a471b07 --- /dev/null +++ b/Makefile @@ -0,0 +1,42 @@ +.SILENT: validate docker cluster +validate: + if ! command which envsubst &> /dev/null; then \ + echo "gettext is not installed. Please install it first."; \ + exit 1; \ + fi + if ! command which minikube &> /dev/null; then \ + echo "minikube is not installed. Please install it first."; \ + exit 1; \ + fi + if ! command which kubectl &> /dev/null; then \ + echo "kubectl is not installed. Please install it first."; \ + exit 1; \ + fi + if ! command which docker &> /dev/null; then \ + echo "docker is not installed. Please install it first."; \ + exit 1; \ + fi + if ! command which md5sum &> /dev/null; then \ + echo "md5sum is not installed. Please install it first."; \ + exit 1; \ + fi + +docker: validate + if ! command docker info &> /dev/null; then \ + echo "docker is not running. Please make sure docker is running."; \ + exit 1; \ + fi + +cluster: docker + if ! command minikube status &> /dev/null; then \ + minikube config set memory 4096; \ + minikube start --driver=docker; \ + fi \ + +build: cluster + minikube image build -t petclinic:latest . + +deploy: build + export RANDOM_PART=$$(hostname | md5sum | cut -c1-30) && \ + envsubst < kube/petclinic.yaml.tmpl > kube/petclinic.yaml + minikube kubectl apply -f kube \ No newline at end of file diff --git a/config/contrast_security.yaml b/config/contrast_security.yaml new file mode 100644 index 000000000..79aab797d --- /dev/null +++ b/config/contrast_security.yaml @@ -0,0 +1,5 @@ +api: + url: https://intuit.contrastsecurity.com/Contrast + api_key: + service_key: + user_name: diff --git a/kube/petclinic.yaml.tmpl b/kube/petclinic.yaml.tmpl new file mode 100644 index 000000000..25a79f037 --- /dev/null +++ b/kube/petclinic.yaml.tmpl @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Service +metadata: + name: petclinic +spec: + selector: + app: petclinic + ports: + - protocol: TCP + port: 80 + targetPort: 8080 + type: LoadBalancer + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: petclinic + labels: + app: petclinic +spec: + replicas: 1 + selector: + matchLabels: + app: petclinic + template: + metadata: + labels: + app: petclinic + spec: + containers: + - name: app + image: docker.io/library/petclinic:latest + resources: + limits: + memory: "512Mi" + cpu: "500m" + ports: + - containerPort: 8080 + env: + - name: CONTRAST__APPLICATION__NAME + value: "petclinic_$RANDOM_PART" + - name: CONTRAST__APPLICATION__LANGUAGE + value: "java" + # - name: CONTRAST__API__USER_API_KEY + # value: "" + - name: POSTGRES_URL + value: "jdbc:postgresql://postgresql/petclinic" + - name: POSTGRES_USER + value: "petclinic" + - name: POSTGRES_PASSWORD + value: "petclinic" + imagePullPolicy: IfNotPresent + diff --git a/kube/postgresql.yaml b/kube/postgresql.yaml new file mode 100644 index 000000000..6757353ae --- /dev/null +++ b/kube/postgresql.yaml @@ -0,0 +1,66 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-pvc +spec: + resources: + requests: + storage: 256Mi + accessModes: + - ReadWriteOnce + +--- + +apiVersion: v1 +kind: Service +metadata: + name: postgresql +spec: + selector: + app: postgresql + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 + type: ClusterIP + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgresql +spec: + replicas: 1 + selector: + matchLabels: + app: postgresql + template: + metadata: + labels: + app: postgresql + spec: + containers: + - name: postgres + image: postgres:15.2 + resources: + limits: + memory: "512Mi" + cpu: "500m" + env: + - name: POSTGRES_DB + value: "petclinic" + - name: POSTGRES_USER + value: "petclinic" + - name: POSTGRES_PASSWORD + value: "petclinic" + ports: + - containerPort: 5432 + volumeMounts: + - name: storage + mountPath: /data/db + imagePullPolicy: Always + volumes: + - name: storage + persistentVolumeClaim: + claimName: postgresql-pvc From af3810a7da708e81c4ef2f99b99e480e77170ab6 Mon Sep 17 00:00:00 2001 From: dhirsch1 Date: Fri, 23 Jun 2023 18:10:15 +0300 Subject: [PATCH 2/6] remove the template file --- kube/{petclinic.yaml.tmpl => petclinic.yaml} | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) rename kube/{petclinic.yaml.tmpl => petclinic.yaml} (74%) diff --git a/kube/petclinic.yaml.tmpl b/kube/petclinic.yaml similarity index 74% rename from kube/petclinic.yaml.tmpl rename to kube/petclinic.yaml index 25a79f037..9331c117a 100644 --- a/kube/petclinic.yaml.tmpl +++ b/kube/petclinic.yaml @@ -43,8 +43,14 @@ spec: value: "petclinic_$RANDOM_PART" - name: CONTRAST__APPLICATION__LANGUAGE value: "java" - # - name: CONTRAST__API__USER_API_KEY - # value: "" + - name: CONTRAST__API__URL + value: "https://intuit.contrastsecurity.com/Contrast" + - name: CONTRAST__API__API_KEY + value: "$CONTRAST__API__API_KEY" + - name: CONTRAST__API__SERVICE_KEY + value: "$CONTRAST__API__SERVICE_KEY" + - name: CONTRAST__API__USER_NAME + value: "$CONTRAST__API__USER_NAME" - name: POSTGRES_URL value: "jdbc:postgresql://postgresql/petclinic" - name: POSTGRES_USER @@ -52,4 +58,3 @@ spec: - name: POSTGRES_PASSWORD value: "petclinic" imagePullPolicy: IfNotPresent - From 8d1167776fad628e5bedb5aec1809b17c5e9490a Mon Sep 17 00:00:00 2001 From: dhirsch1 Date: Fri, 23 Jun 2023 18:11:12 +0300 Subject: [PATCH 3/6] better usage of env vars --- Makefile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c6a471b07..64f0d0609 100644 --- a/Makefile +++ b/Makefile @@ -38,5 +38,8 @@ build: cluster deploy: build export RANDOM_PART=$$(hostname | md5sum | cut -c1-30) && \ - envsubst < kube/petclinic.yaml.tmpl > kube/petclinic.yaml - minikube kubectl apply -f kube \ No newline at end of file + minikube kubectl -- apply -f kube/postgresql.yaml && \ + envsubst < kube/petclinic.yaml | minikube kubectl -- apply -f - + +undeploy: + minikube kubectl -- delete -f kube/ \ No newline at end of file From 6c1097c02299139275f94875911be73114dbbe55 Mon Sep 17 00:00:00 2001 From: dhirsch1 Date: Sun, 6 Aug 2023 11:16:21 +0300 Subject: [PATCH 4/6] updates to Makefile --- Makefile | 5 +++++ config/contrast_security.yaml | 11 ++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 64f0d0609..b17c98a94 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,10 @@ validate: echo "md5sum is not installed. Please install it first."; \ exit 1; \ fi + if ! command which mvn &> /dev/null; then \ + echo "maven is not installed. Please install it first."; \ + exit 1; \ + fi docker: validate if ! command docker info &> /dev/null; then \ @@ -34,6 +38,7 @@ cluster: docker fi \ build: cluster + mvn install minikube image build -t petclinic:latest . deploy: build diff --git a/config/contrast_security.yaml b/config/contrast_security.yaml index 79aab797d..4db9935a5 100644 --- a/config/contrast_security.yaml +++ b/config/contrast_security.yaml @@ -1,5 +1,6 @@ -api: - url: https://intuit.contrastsecurity.com/Contrast - api_key: - service_key: - user_name: +agent: + java: + scan_all_classes: false + scan_all_code_sources: false + logger: + stdout: true From abadeae350abcaab8b79cae66a979ba8c5920129 Mon Sep 17 00:00:00 2001 From: dhirsch1 Date: Sun, 6 Aug 2023 11:58:48 +0300 Subject: [PATCH 5/6] Adding line that will be used later --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 7d3323e70..836eb3558 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,4 +7,5 @@ ENV POSTGRES_URL jdbc:postgresql://postgres/petclinic ENV JAVA_OPTS "-Dspring.profiles.active=postgres -Xmx2g" EXPOSE 8080 COPY target/*.jar /opt/app.jar +ENV JAVA_TOOL_OPTIONS $CONTRAST_OPTS -Dcontrast.application.group=craft.petclinic ENTRYPOINT exec java $JAVA_OPTS -jar app.jar From 4840f0491ffc703d12947c096bdaf3f6101f82a5 Mon Sep 17 00:00:00 2001 From: dhirsch1 Date: Wed, 9 Aug 2023 12:19:32 +0300 Subject: [PATCH 6/6] add email identifier to the deployment so multiple users can create apps --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b17c98a94..0f265a4fa 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,6 @@ .SILENT: validate docker cluster validate: + test -n "$$EMAIL" || (echo "EMAIL is not set. Please set it first."; exit 1) if ! command which envsubst &> /dev/null; then \ echo "gettext is not installed. Please install it first."; \ exit 1; \ @@ -42,7 +43,7 @@ build: cluster minikube image build -t petclinic:latest . deploy: build - export RANDOM_PART=$$(hostname | md5sum | cut -c1-30) && \ + export RANDOM_PART=${EMAIL}_$$(hostname | md5sum | cut -c1-30) && \ minikube kubectl -- apply -f kube/postgresql.yaml && \ envsubst < kube/petclinic.yaml | minikube kubectl -- apply -f -