Merge pull request #3 from reysonbarros/development

Atualização da versão com pipeline de CI/CD

.github/workflows/pipeline.yaml

@@ -0,0 +1,142 @@
+---
+name: CI/CD - Integração e Entrega Contínuas
+
+on:
+  push:
+    branches:
+      - "main"
+      - "development"
+      - "feature/cicd"
+
+jobs:
+  linters:    
+    runs-on: ubuntu-latest
+    steps:
+      - 
+        name: Checkout do repositório
+        uses: actions/checkout@v4
+      - 
+        name: Análise de código com yamllint
+        uses: karancode/yamllint-github-action@master
+        with:
+          yamllint_file_or_dir: ${{ github.workspace }}
+          yamllint_config_filepath: ${{ github.workspace }}/.yamllint
+          yamllint_strict: false
+          yamllint_comment: true
+        env:
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - 
+        name: Análise de código com kube-linter
+        uses: stackrox/[email protected]
+        with:
+          directory: ${{ github.workspace }}/k8s          
+          format: sarif
+          output-file: kube-linter.log          
+
+  build:
+    needs: linters
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout do repositório
+        uses: actions/checkout@v4
+      -
+        name: Login no Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Configurando o Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build e push do giropops-senhas
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.app
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/giropops-senhas:1.0
+      -
+        name: Build e push do giropops-redis
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.redis
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/giropops-redis:7.2.3
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout do repositório
+        uses: actions/checkout@v4      
+      - 
+        name: Criação do cluster giropops com 1 node control-plane e 3 nodes workers
+        uses: helm/[email protected]
+        with:
+          version: "v0.20.0"
+          config: "${{ github.workspace }}/k8s/cluster.yaml"
+          node_image: "kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72"
+          cluster_name: "giropops"
+          kubectl_version: "v1.28.2"                    
+      - 
+        name: Sleep de 30 segundos aguardando status READY para worker nodes
+        run: |
+          sleep 30
+      - 
+        name: Verificando informações do cluster
+        run: |
+          kubectl cluster-info
+          kubectl get nodes -o wide
+          kubectl describe nodes
+      - 
+        name: Criação do Namespace dev
+        run: |
+          kubectl apply -f ${{ github.workspace }}/k8s/dev-namespace.yaml
+      - 
+        name: Criação do ConfigMap para o redis
+        run: |
+          kubectl apply -f ${{ github.workspace }}/k8s/redis-configmap.yaml -n dev
+      - 
+        name: Criação do StatefulSet para o redis
+        run: |
+          kubectl apply -f ${{ github.workspace }}/k8s/redis-statefulset.yaml -n dev
+      - 
+        name: Criação do Service para o redis
+        run: |
+          kubectl apply -f ${{ github.workspace }}/k8s/redis-headless-svc.yaml -n dev
+      - 
+        name: Criação do Deployment para a aplicação giropops-senhas
+        run: |
+          kubectl apply -f ${{ github.workspace }}/k8s/giropops-senhas-deployment.yaml -n dev
+      - 
+        name: Criação do Service para a aplicação giropops-senhas
+        run: |
+          kubectl apply -f ${{ github.workspace }}/k8s/giropops-senhas-svc.yaml -n dev
+      - 
+        name: Sleep de 60 segundos aguardando status READY para os pods
+        run: |
+          sleep 60      
+      - 
+        name: Listagem dos Pods
+        run: |
+          kubectl get pods -n dev
+      - 
+        name: Listagem dos Services
+        run: |
+          kubectl get services -n dev
+      - 
+        name: Listagem do Persistent Volume Claim
+        run: |
+          kubectl get pvc -n dev
+      - 
+        name: Listagem do Persistent Volume
+        run: |
+          kubectl get pv -n dev
+      - 
+        name: Teste via curl na aplicação
+        run: |
+          curl 172.18.0.5:32000

.yamllint

@@ -0,0 +1,33 @@
+---
+
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:  
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  hyphens: enable
+  indentation: disable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: disable
+  truthy: disable
+

README.md

@@ -102,14 +102,14 @@ Os comandos abaixo irão gerar imagens distroless com multistage build deixando-
 
 Build e push da image do giropops-senhas ao Dockerhub
 ```
-docker image build --no-cache -f Dockerfile-app.yaml -t reysonbarros/giropops-senhas:1.0 .
+docker image build --no-cache -f Dockerfile.app -t reysonbarros/giropops-senhas:1.0 .
 docker login
 docker image push reysonbarros/giropops-senhas:1.0
 ```
 
 Build e push da image do giropops-redis ao Dockerhub
 ```
-docker image build --no-cache -f Dockerfile-redis.yaml -t reysonbarros/giropops-redis:7.2.3 .
+docker image build --no-cache -f Dockerfile.redis -t reysonbarros/giropops-redis:7.2.3 .
 docker login
 docker image push reysonbarros/giropops-redis:7.2.3
 ```
@@ -267,7 +267,7 @@ Nesse projeto, as probes e limites de recursos foram implementados no deployment
 
 Exemplo de análise com yamllint
 ```
-yamllint .
+yamllint -d .yamllint .
 ```
 ![image](https://github.com/reysonbarros/LINUXtips-giropops-senhas/assets/4474192/b42997b7-403b-42a6-b020-779f6918a5b3)
 
@@ -380,3 +380,17 @@ https://www.josehisse.dev/blog/aumentando-disponibilidade-com-inter-pod-anti-aff
 https://github.com/kubernetes-sigs/kind/releases
 
 https://medium.com/@pushkarjoshi0410/assigning-pods-to-nodes-using-affinity-and-anti-affinity-df18377244b9
+
+https://github.com/aquasecurity/trivy-action
+
+https://docs.github.com/en/actions/quickstart
+
+https://docs.docker.com/build/ci/github-actions
+
+https://docs.github.com/en/actions/using-workflows/about-workflows#creating-dependent-jobs
+
+https://github.com/helm/kind-action
+
+https://github.com/marketplace/actions/yamllint-github-action
+
+https://github.com/stackrox/kube-linter-action

k8s/cluster-role.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

k8s/giropops-senhas-podmonitor.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:

k8s/giropops-senhas-servicemonitor.yaml

@@ -1,17 +1,18 @@
-apiVersion: monitoring.coreos.com/v1 # versão da API
-kind: ServiceMonitor # tipo de recurso, no caso, um ServiceMonitor do Prometheus Operator
-metadata: # metadados do recurso
-  name: giropops-senhas-servicemonitor # nome do recurso
-  labels: # labels do recurso
+---
+apiVersion: monitoring.coreos.com/v1  # versão da API
+kind: ServiceMonitor  # tipo de recurso, no caso, um ServiceMonitor do Prometheus Operator
+metadata:  # metadados do recurso
+  name: giropops-senhas-servicemonitor  # nome do recurso
+  labels:  # labels do recurso
     app: giropops-senhas
-spec: # especificação do recurso
+spec:  # especificação do recurso
   namespaceSelector:
     matchNames:
     - dev
-  selector: # seletor para identificar os pods que serão monitorados
-    matchLabels: # labels que identificam os pods que serão monitorados
+  selector:  # seletor para identificar os pods que serão monitorados
+    matchLabels:  # labels que identificam os pods que serão monitorados
       app: giropops-senhas
-  endpoints: # endpoints que serão monitorados
-    - interval: 10s # intervalo de tempo entre as requisições
-      path: /metrics # caminho para a requisição
+  endpoints:  # endpoints que serão monitorados
+    - interval: 10s  # intervalo de tempo entre as requisições
+      path: /metrics  # caminho para a requisição
       targetPort: 5000