First commit. Taken from open source branch of internal sample-tracking application.

deploy/k8s/sample-tracking/app-cert-dev.yaml

@@ -0,0 +1,7 @@
+apiVersion: networking.gke.io/v1beta2
+kind: ManagedCertificate
+metadata:
+  name: ereq-cert-dev
+spec:
+  domains:
+    - dev-ereq.parkerici.org

deploy/k8s/sample-tracking/app-cert-prod.yaml

@@ -0,0 +1,7 @@
+apiVersion: networking.gke.io/v1beta2
+kind: ManagedCertificate
+metadata:
+  name: ereq-cert-prod
+spec:
+  domains:
+    - ereq.parkerici.org

deploy/k8s/sample-tracking/app-ingress-template.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: ereq-ingress
+  annotations:
+    kubernetes.io/ingress.allow-http: "false"
+    kubernetes.io/ingress.global-static-ip-name: ereq-${ENVIRONMENT}
+    networking.gke.io/managed-certificates: ereq-cert-${ENVIRONMENT}
+  labels:
+    app: sample-tracking
+spec:
+  backend:
+    serviceName: sample-tracking-service
+    servicePort: 80

deploy/k8s/sample-tracking/app-service.yaml

@@ -0,0 +1,26 @@
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: ereq-backend-config
+spec:
+  timeoutSec: 60
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sample-tracking-service
+  labels:
+    app: sample-tracking
+  annotations:
+    beta.cloud.google.com/backend-config: '{"default": "ereq-backend-config"}'
+spec:
+  type: NodePort
+  selector:
+    app: sample-tracking
+    tier: web
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 8989
+  sessionAffinity: ClientIP

deploy/k8s/sample-tracking/app-template.yaml

@@ -0,0 +1,97 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sample-tracking-app
+  labels:
+    app: sample-tracking
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sample-tracking
+  template:
+    metadata:
+      labels:
+        app: sample-tracking
+        tier: web
+    spec:
+      volumes:
+        - name: google-application-credentials
+          secret:
+            secretName: google-application-credentials
+        - name: firebase-application-credentials
+          secret:
+            secretName: firebase-application-credentials
+      containers:
+        - name: sample-tracking-app
+          image: gcr.io/pici-ereq/sample-tracking:${DEPLOY_VERSION}
+          imagePullPolicy: Always
+          command: [ "java" ]
+          args: [ "-Xss4096k", "-Xmx23G", "-jar", "sample-tracking-standalone.jar", "server", "-p", "8989" ]
+          resources:
+            requests:
+              memory: "24Gi"
+          ports:
+            - containerPort: 8989
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: 8989
+            initialDelaySeconds: 30
+            timeoutSeconds: 1
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 8989
+            initialDelaySeconds: 30
+            timeoutSeconds: 1
+          volumeMounts:
+            - name: google-application-credentials
+              mountPath: /credentials/service-account.json
+              subPath: service-account.json
+            - name: firebase-application-credentials
+              mountPath: /credentials/firebase-credentials.json
+              subPath: firebase-credentials.json
+          env:
+            - name: DEPLOY_ENVIRONMENT
+              value: default
+            - name: DATOMIC_ACCESS_KEY
+              value: myaccesskey
+            - name: DATOMIC_SECRET
+              value: mysecret
+            - name: DATOMIC_DB_NAME
+              value: sample-tracking
+            - name: DATOMIC_ENDPOINT
+              value: datomic-peer:8998
+            - name: MANIFEST_EMAIL_RECIPIENT
+              value: ${MANIFEST_EMAIL_RECIPIENT}
+            - name: MANIFEST_EMAIL_SENDER
+              value: ereq-admin@parkerici.org
+            - name: SEND_MANIFEST_EMAILS
+              value: "true"
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: "/credentials/service-account.json"
+            - name: FIREBASE_JS_APPLICATION_CREDENTIALS
+              value: "/credentials/firebase-credentials.json"
+            - name: SEND_VENDOR_EMAILS
+              value: "${SEND_VENDOR_EMAILS}"
+            - name: OAUTH_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: google-oauth
+                  key: id
+            - name: OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: google-oauth
+                  key: secret
+            - name: SENDGRID_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: sendgrid-api
+                  key: key
+            - name: API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: ereq-auth
+                  key: key

deploy/k8s/sample-tracking/deploy-job-template.yaml

@@ -0,0 +1,32 @@
+# Job to run deploy tasks before actual deploy.
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: deploy-tasks
+spec:
+  template:
+    metadata:
+      name: deploy-tasks
+      labels:
+        name: deploy-tasks
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: deploy-tasks-runner
+          image: gcr.io/pici-ereq/sample-tracking:${DEPLOY_VERSION}
+          imagePullPolicy: Always
+          command: [ "/bin/sh", "-c", "java -jar sample-tracking-standalone.jar predeploy" ]
+          ports:
+            - containerPort: 8989
+          env:
+            - name: DEPLOY_ENVIRONMENT
+              value: default
+            - name: DATOMIC_ACCESS_KEY
+              value: myaccesskey
+            - name: DATOMIC_SECRET
+              value: mysecret
+            - name: DATOMIC_DB_NAME
+              value: sample-tracking
+            - name: DATOMIC_ENDPOINT
+              value: datomic-peer:8998
+  backoffLimit: 1

deploy/k8s/sample-tracking/google-oauth.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: google-oauth
+type: Opaque
+data:
+  id: ${B64_OAUTH_CLIENT_ID}
+  secret: ${B64_OAUTH_CLIENT_SECRET}

deploy/k8s/sample-tracking/sendgrid-api.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sendgrid-api
+type: Opaque
+data:
+  key: ${B64_SENDGRID_API}