Changed repo structure

apps/user-microservice/deploy.yaml

@@ -0,0 +1,117 @@
+---
+# MySQL Deployment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql
+  namespace: user-microservice
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mysql
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+        - name: mysql
+          image: mysql:latest
+          env:
+            - name: MYSQL_USER
+              value: admin
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-password
+                  key: MYSQL_PASSWORD
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-root-password
+                  key: MYSQL_ROOT_PASSWORD
+            - name: MYSQL_DATABASE
+              value: user-microservice
+          ports:
+            - containerPort: 3306
+          volumeMounts:
+            - name: mysql-pv
+              mountPath: /var/lib/mysql
+            - name: secrets-store
+              mountPath: "/mnt/secrets"
+              readOnly: true
+      volumes:
+        - name: mysql-pv
+          emptyDir: {}
+        - name: secrets-store
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "azure-kvname"
+---
+# MySQL Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: db
+  namespace: user-microservice
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: mysql
+---
+# API Deployment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api
+  namespace: user-microservice
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api
+  template:
+    metadata:
+      labels:
+        app: api
+    spec:
+      containers:
+        - name: api
+          image: marcin00.azurecr.io/user-microservice:a79ae2d50f2fc3dfcf976eb2a8ebe32511ae4a33
+          ports:
+            - containerPort: 80
+          env:
+            - name: SQLALCHEMY_DATABASE_URI
+              valueFrom:
+                secretKeyRef:
+                  name: sqlalchemy-database-uri
+                  key: SQLALCHEMY_DATABASE_URI
+          volumeMounts:
+            - name: secrets-store
+              mountPath: "/mnt/secrets"
+              readOnly: true
+      volumes:
+        - name: secrets-store
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "azure-kvname"
+---
+# API Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: api
+  namespace: user-microservice
+spec:
+  selector:
+    app: api
+  ports:
+    - port: 80
+      targetPort: 80
+

apps/user-microservice/ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: user-microservice-ingress
+  namespace: user-microservice
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: user-microservice.marcin00.pl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: api
+            port:
+              number: 80

apps/user-microservice/namespace.yaml

@@ -0,0 +1,5 @@
+# Namespace (opcjonalnie)
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: user-microservice

apps/user-microservice/rbac-role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: deployer-binding
+subjects:
+- kind: User
+  name: f91aef65-7d2a-4df8-a884-e33b05d54a31
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io

apps/user-microservice/secret-store.yaml

@@ -0,0 +1,41 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: azure-kvname
+  namespace: user-microservice
+spec:
+  provider: azure
+  secretObjects:
+    - secretName: sqlalchemy-database-uri
+      type: Opaque
+      data:
+        - objectName: sqlalchemy-database-uri
+          key: SQLALCHEMY_DATABASE_URI
+    - secretName: mysql-password
+      type: Opaque
+      data:
+        - objectName: mysql-password
+          key: MYSQL_PASSWORD
+    - secretName: mysql-root-password
+      type: Opaque
+      data:
+        - objectName: mysql-root-password
+          key: MYSQL_ROOT_PASSWORD
+  parameters:
+    usePodIdentity: "false"
+    useVMManagedIdentity: "true"
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
+    keyvaultName: "dev-aks"
+    objects:  |
+      array:
+        - |
+          objectName: sqlalchemy-database-uri
+          objectType: secret
+        - |
+          objectName: mysql-password
+          objectType: secret
+        - |
+          objectName: mysql-root-password
+          objectType: secret
+    tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"