From bb059a80357e1f6d0c6ba5a8f53a63989135733d Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 19:55:31 -0300 Subject: [PATCH 01/44] gohorse-backend --- .drone.yml | 93 +++++++++++++++++++++++++++++++++++++ k8s/backend-deployment.yaml | 28 +++++++++++ k8s/backend-service.yaml | 13 ++++++ 3 files changed, 134 insertions(+) create mode 100644 .drone.yml create mode 100644 k8s/backend-deployment.yaml create mode 100644 k8s/backend-service.yaml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..89423c3 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,93 @@ +kind: pipeline +type: docker +name: deploy-backend + +steps: + - name: build-backend + image: plugins/docker + settings: + repo: in.gohorsejobs.com/gohorsejobs-backend + tags: latest + dockerfile: ./backend/Dockerfile + context: ./backend + username: + from_secret: HARBOR_USERNAME + password: + from_secret: HARBOR_PASSWORD + + - name: deploy-backend + image: bitnami/kubectl:latest + environment: + KUBERNETES_SERVER: + from_secret: K3S_SERVER + KUBERNETES_CA: + from_secret: K3S_CA_CERT + KUBERNETES_CLIENT_CERT: + from_secret: K3S_CLIENT_CERT + KUBERNETES_CLIENT_KEY: + from_secret: K3S_CLIENT_KEY + + DB_HOST: + from_secret: DB_HOST + DB_PORT: + from_secret: DB_PORT + DB_USER: + from_secret: DB_USER + DB_PASSWORD: + from_secret: DB_PASSWORD + DB_NAME: + from_secret: DB_NAME + DB_SSLMODE: + from_secret: DB_SSLMODE + + AWS_REGION: + from_secret: AWS_REGION + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + AWS_ENDPOINT: + from_secret: AWS_ENDPOINT + S3_BUCKET: + from_secret: S3_BUCKET + + JWT_SECRET: + from_secret: JWT_SECRET + ENV: + from_secret: ENV + CORS_ORIGINS: + from_secret: CORS_ORIGINS + MAX_UPLOAD_SIZE: + from_secret: MAX_UPLOAD_SIZE + UPLOAD_DIR: + from_secret: UPLOAD_DIR + + commands: + - echo "Configuring kubeconfig…" + - mkdir -p ~/.kube + - | + cat < ~/.kube/config + apiVersion: v1 + kind: Config + clusters: + - name: k3s + cluster: + server: ${KUBERNETES_SERVER} + certificate-authority-data: ${KUBERNETES_CA} + users: + - name: drone + user: + client-certificate-data: ${KUBERNETES_CLIENT_CERT} + client-key-data: ${KUBERNETES_CLIENT_KEY} + contexts: + - name: drone-context + context: + cluster: k3s + user: drone + namespace: gohorsejobs + current-context: drone-context + EOF + + - echo "Applying backend K8s manifests…" + - kubectl apply -f k8s/backend-deployment.yaml + - kubectl apply -f k8s/backend-service.yaml diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml new file mode 100644 index 0000000..283ed0c --- /dev/null +++ b/k8s/backend-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gohorse-backend + namespace: gohorsejobs +spec: + replicas: 1 + selector: + matchLabels: + app: gohorse-backend + template: + metadata: + labels: + app: gohorse-backend + spec: + containers: + - name: backend + image: harbor.rede5.com.br/gohorsejobs/backend:latest + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: NODE_ENV + value: "production" + # Caso o backend precise do .env via Infisical Sidecar, adiciono depois se quiser. + + imagePullSecrets: + - name: harbor-registry diff --git a/k8s/backend-service.yaml b/k8s/backend-service.yaml new file mode 100644 index 0000000..0b833c0 --- /dev/null +++ b/k8s/backend-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: gohorse-backend + namespace: gohorsejobs +spec: + selector: + app: gohorse-backend + ports: + - name: http + port: 3000 + targetPort: 3000 + type: ClusterIP From 87e3b03570b9adcb317be81112b5bdcf3d64e682 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 21:06:06 -0300 Subject: [PATCH 02/44] ajuste no drone --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 89423c3..5acd0e5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,5 +1,5 @@ kind: pipeline -type: docker +type: kubernetes name: deploy-backend steps: From 3621b4b872c79ab43a1094c8d812f573bced8f08 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 21:26:29 -0300 Subject: [PATCH 03/44] ajuste no drone.yml --- .drone.yml | 43 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index 5acd0e5..c6a35ba 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,17 +3,40 @@ type: kubernetes name: deploy-backend steps: - - name: build-backend - image: plugins/docker + - name: build-and-push-backend + image: gcr.io/kaniko-project/executor:latest + environment: + DOCKER_CONFIG: /kaniko/.docker/ + HARBOR_USERNAME: + from_secret: HARBOR_USERNAME + HARBOR_PASSWORD: + from_secret: HARBOR_PASSWORD + volumes: + - name: docker-config + path: /kaniko/.docker settings: repo: in.gohorsejobs.com/gohorsejobs-backend tags: latest - dockerfile: ./backend/Dockerfile - context: ./backend - username: - from_secret: HARBOR_USERNAME - password: - from_secret: HARBOR_PASSWORD + + commands: + - echo "Configuring Kaniko auth…" + - | + cat < /kaniko/.docker/config.json + { + "auths": { + "in.gohorsejobs.com": { + "username": "${HARBOR_USERNAME}", + "password": "${HARBOR_PASSWORD}" + } + } + } + EOF + - echo "Running Kaniko build..." + - /kaniko/executor \ + --context ./backend \ + --dockerfile ./backend/Dockerfile \ + --destination in.gohorsejobs.com/gohorsejobs-backend:latest \ + --skip-tls-verify - name: deploy-backend image: bitnami/kubectl:latest @@ -91,3 +114,7 @@ steps: - echo "Applying backend K8s manifests…" - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml + +volumes: + - name: docker-config + emptyDir: {} From 50d4daa9de57ecfe2d6629867d7ed933dd8b00a1 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 21:35:11 -0300 Subject: [PATCH 04/44] ajuste no drone.yml --- .drone.yml | 82 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 39 deletions(-) diff --git a/.drone.yml b/.drone.yml index c6a35ba..25db01c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,24 +2,29 @@ kind: pipeline type: kubernetes name: deploy-backend +# --------------------------------------------- +# ETAPA 1 - BUILD E PUSH PARA O HARBOR (KANIKO) +# --------------------------------------------- steps: - name: build-and-push-backend image: gcr.io/kaniko-project/executor:latest + environment: DOCKER_CONFIG: /kaniko/.docker/ + + # IMPORTANTE: os secrets abaixo DEVEM existir no Infisical Prod HARBOR_USERNAME: from_secret: HARBOR_USERNAME HARBOR_PASSWORD: from_secret: HARBOR_PASSWORD + volumes: - name: docker-config path: /kaniko/.docker - settings: - repo: in.gohorsejobs.com/gohorsejobs-backend - tags: latest commands: - echo "Configuring Kaniko auth…" + - | cat < /kaniko/.docker/config.json { @@ -31,16 +36,25 @@ steps: } } EOF - - echo "Running Kaniko build..." + + - echo "Running Kaniko build and push..." - /kaniko/executor \ --context ./backend \ --dockerfile ./backend/Dockerfile \ --destination in.gohorsejobs.com/gohorsejobs-backend:latest \ - --skip-tls-verify + --skip-tls-verify \ + --insecure \ + --insecure-pull +# --------------------------------------------- +# ETAPA 2 – DEPLOY NO K3S +# --------------------------------------------- - name: deploy-backend image: bitnami/kubectl:latest + environment: + + # --- Secrets do K3s --- KUBERNETES_SERVER: from_secret: K3S_SERVER KUBERNETES_CA: @@ -50,44 +64,31 @@ steps: KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY - DB_HOST: - from_secret: DB_HOST - DB_PORT: - from_secret: DB_PORT - DB_USER: - from_secret: DB_USER - DB_PASSWORD: - from_secret: DB_PASSWORD - DB_NAME: - from_secret: DB_NAME - DB_SSLMODE: - from_secret: DB_SSLMODE + # --- Secrets da aplicação --- + DB_HOST: { from_secret: DB_HOST } + DB_PORT: { from_secret: DB_PORT } + DB_USER: { from_secret: DB_USER } + DB_PASSWORD: { from_secret: DB_PASSWORD } + DB_NAME: { from_secret: DB_NAME } + DB_SSLMODE: { from_secret: DB_SSLMODE } - AWS_REGION: - from_secret: AWS_REGION - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY - AWS_ENDPOINT: - from_secret: AWS_ENDPOINT - S3_BUCKET: - from_secret: S3_BUCKET + AWS_REGION: { from_secret: AWS_REGION } + AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } + AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } + AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } + S3_BUCKET: { from_secret: S3_BUCKET } - JWT_SECRET: - from_secret: JWT_SECRET - ENV: - from_secret: ENV - CORS_ORIGINS: - from_secret: CORS_ORIGINS - MAX_UPLOAD_SIZE: - from_secret: MAX_UPLOAD_SIZE - UPLOAD_DIR: - from_secret: UPLOAD_DIR + JWT_SECRET: { from_secret: JWT_SECRET } + ENV: { from_secret: ENV } + CORS_ORIGINS: { from_secret: CORS_ORIGINS } + MAX_UPLOAD_SIZE: { from_secret: MAX_UPLOAD_SIZE } + UPLOAD_DIR: { from_secret: UPLOAD_DIR } commands: - - echo "Configuring kubeconfig…" + - echo "Creating kubeconfig…" + - mkdir -p ~/.kube + - | cat < ~/.kube/config apiVersion: v1 @@ -111,10 +112,13 @@ steps: current-context: drone-context EOF - - echo "Applying backend K8s manifests…" + - echo "Applying manifests..." - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml +# --------------------------------------------- +# VOLUMES +# --------------------------------------------- volumes: - name: docker-config emptyDir: {} From 4189686edf3e0ca3cb720da3da2fce2d648b2854 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 22:07:17 -0300 Subject: [PATCH 05/44] ajuste no drone.yml --- .drone.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index 25db01c..8c40015 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,12 +7,11 @@ name: deploy-backend # --------------------------------------------- steps: - name: build-and-push-backend - image: gcr.io/kaniko-project/executor:latest + image: docker.io/kanikoproject/executor:debug # <<< CORRIGIDO! environment: DOCKER_CONFIG: /kaniko/.docker/ - # IMPORTANTE: os secrets abaixo DEVEM existir no Infisical Prod HARBOR_USERNAME: from_secret: HARBOR_USERNAME HARBOR_PASSWORD: @@ -54,7 +53,6 @@ steps: environment: - # --- Secrets do K3s --- KUBERNETES_SERVER: from_secret: K3S_SERVER KUBERNETES_CA: @@ -64,7 +62,6 @@ steps: KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY - # --- Secrets da aplicação --- DB_HOST: { from_secret: DB_HOST } DB_PORT: { from_secret: DB_PORT } DB_USER: { from_secret: DB_USER } @@ -86,7 +83,6 @@ steps: commands: - echo "Creating kubeconfig…" - - mkdir -p ~/.kube - | From d3b856bf8112fa43c2fb9d9044897871e7fe0640 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 22:30:47 -0300 Subject: [PATCH 06/44] ajuste no drone.yml --- .drone.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8c40015..d2c1a6a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,11 +7,10 @@ name: deploy-backend # --------------------------------------------- steps: - name: build-and-push-backend - image: docker.io/kanikoproject/executor:debug # <<< CORRIGIDO! + image: gcr.io/kaniko-project/executor:latest environment: DOCKER_CONFIG: /kaniko/.docker/ - HARBOR_USERNAME: from_secret: HARBOR_USERNAME HARBOR_PASSWORD: @@ -36,7 +35,7 @@ steps: } EOF - - echo "Running Kaniko build and push..." + - echo "Running Kaniko build and push…" - /kaniko/executor \ --context ./backend \ --dockerfile ./backend/Dockerfile \ @@ -52,7 +51,6 @@ steps: image: bitnami/kubectl:latest environment: - KUBERNETES_SERVER: from_secret: K3S_SERVER KUBERNETES_CA: @@ -83,6 +81,7 @@ steps: commands: - echo "Creating kubeconfig…" + - mkdir -p ~/.kube - | From 98cf247e3bed3f595a73c4171a73012d0639a5dd Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 22:32:37 -0300 Subject: [PATCH 07/44] ajuste no drone.yml --- .drone.yml | 52 ++++++++++++---------------------------------------- 1 file changed, 12 insertions(+), 40 deletions(-) diff --git a/.drone.yml b/.drone.yml index d2c1a6a..474620f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,46 +3,26 @@ type: kubernetes name: deploy-backend # --------------------------------------------- -# ETAPA 1 - BUILD E PUSH PARA O HARBOR (KANIKO) +# ETAPA 1 - BUILD E PUSH PARA O HARBOR (PLUGIN DOCKER) # --------------------------------------------- steps: - name: build-and-push-backend - image: gcr.io/kaniko-project/executor:latest + image: plugins/docker environment: - DOCKER_CONFIG: /kaniko/.docker/ - HARBOR_USERNAME: + DOCKER_USERNAME: from_secret: HARBOR_USERNAME - HARBOR_PASSWORD: + DOCKER_PASSWORD: from_secret: HARBOR_PASSWORD - volumes: - - name: docker-config - path: /kaniko/.docker - - commands: - - echo "Configuring Kaniko auth…" - - - | - cat < /kaniko/.docker/config.json - { - "auths": { - "in.gohorsejobs.com": { - "username": "${HARBOR_USERNAME}", - "password": "${HARBOR_PASSWORD}" - } - } - } - EOF - - - echo "Running Kaniko build and push…" - - /kaniko/executor \ - --context ./backend \ - --dockerfile ./backend/Dockerfile \ - --destination in.gohorsejobs.com/gohorsejobs-backend:latest \ - --skip-tls-verify \ - --insecure \ - --insecure-pull + settings: + repo: in.gohorsejobs.com/gohorsejobs-backend + tags: latest + dockerfile: backend/Dockerfile + context: backend + insecure: true + insecure_skip_verify: true + registry: in.gohorsejobs.com # --------------------------------------------- # ETAPA 2 – DEPLOY NO K3S @@ -81,7 +61,6 @@ steps: commands: - echo "Creating kubeconfig…" - - mkdir -p ~/.kube - | @@ -110,10 +89,3 @@ steps: - echo "Applying manifests..." - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml - -# --------------------------------------------- -# VOLUMES -# --------------------------------------------- -volumes: - - name: docker-config - emptyDir: {} From 40df003e67e6b2b6704c0bc5a604723647d748f5 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 22:39:34 -0300 Subject: [PATCH 08/44] ajuste no drone.yml --- .drone.yml | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index 474620f..b34a4ef 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,12 +2,12 @@ kind: pipeline type: kubernetes name: deploy-backend -# --------------------------------------------- +# -------------------------------------------------------------------- # ETAPA 1 - BUILD E PUSH PARA O HARBOR (PLUGIN DOCKER) -# --------------------------------------------- +# -------------------------------------------------------------------- steps: - name: build-and-push-backend - image: plugins/docker + image: plugins/docker:latest environment: DOCKER_USERNAME: @@ -16,17 +16,22 @@ steps: from_secret: HARBOR_PASSWORD settings: - repo: in.gohorsejobs.com/gohorsejobs-backend - tags: latest + registry: in.gohorsejobs.com + repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend + tags: + - latest + dockerfile: backend/Dockerfile context: backend + insecure: true insecure_skip_verify: true - registry: in.gohorsejobs.com + debug: true + mtu: 0 # evita bug de stuck push em rede ruim -# --------------------------------------------- -# ETAPA 2 – DEPLOY NO K3S -# --------------------------------------------- +# -------------------------------------------------------------------- +# ETAPA 2 – DEPLOY BACKEND NO K3S +# -------------------------------------------------------------------- - name: deploy-backend image: bitnami/kubectl:latest From 47be908712301b27878cbe6a49b23aa2848f0d93 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 22:45:36 -0300 Subject: [PATCH 09/44] ajuste no drone.yml --- .drone.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index b34a4ef..aff01cc 100644 --- a/.drone.yml +++ b/.drone.yml @@ -17,17 +17,20 @@ steps: settings: registry: in.gohorsejobs.com - repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend + + # <<< ESTE É O CAMINHO CORRETO PARA O HARBOR >>> + repo: in.gohorsejobs.com/gohorsejobs-backend + tags: - latest - dockerfile: backend/Dockerfile context: backend + dockerfile: backend/Dockerfile insecure: true insecure_skip_verify: true debug: true - mtu: 0 # evita bug de stuck push em rede ruim + mtu: 0 # -------------------------------------------------------------------- # ETAPA 2 – DEPLOY BACKEND NO K3S From 1ddae9a4e30487eab8f60c563ef492e1f3f2741b Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 22:57:34 -0300 Subject: [PATCH 10/44] ajuste no drone.yml --- .drone.yml | 9 ++- k8s/backend-deployment.yaml | 111 +++++++++++++++++++++++++++++++++++- 2 files changed, 115 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index aff01cc..b9fa22d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -18,8 +18,9 @@ steps: settings: registry: in.gohorsejobs.com - # <<< ESTE É O CAMINHO CORRETO PARA O HARBOR >>> - repo: in.gohorsejobs.com/gohorsejobs-backend + # FORMATO EXATO DO SEU HARBOR: + # / + repo: gohorsejobs/gohorsejobs-backend tags: - latest @@ -30,7 +31,9 @@ steps: insecure: true insecure_skip_verify: true debug: true - mtu: 0 + + # <<< CORREÇÃO DO TRAVAMENTO NO PUSH >>> + mtu: 1400 # -------------------------------------------------------------------- # ETAPA 2 – DEPLOY BACKEND NO K3S diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index 283ed0c..f0ccd6b 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -15,14 +15,121 @@ spec: spec: containers: - name: backend - image: harbor.rede5.com.br/gohorsejobs/backend:latest + image: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest imagePullPolicy: Always + ports: - containerPort: 3000 + env: - name: NODE_ENV value: "production" - # Caso o backend precise do .env via Infisical Sidecar, adiciono depois se quiser. + + # ------------------------- + # VARIÁVEIS DO BACKEND + # ------------------------- + - name: DB_HOST + valueFrom: + secretKeyRef: + name: backend-env + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: backend-env + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: backend-env + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: backend-env + key: DB_PASSWORD + - name: DB_NAME + valueFrom: + secretKeyRef: + name: backend-env + key: DB_NAME + - name: DB_SSLMODE + valueFrom: + secretKeyRef: + name: backend-env + key: DB_SSLMODE + + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: backend-env + key: JWT_SECRET + + - name: AWS_REGION + valueFrom: + secretKeyRef: + name: backend-env + key: AWS_REGION + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: backend-env + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: backend-env + key: AWS_SECRET_ACCESS_KEY + - name: AWS_ENDPOINT + valueFrom: + secretKeyRef: + name: backend-env + key: AWS_ENDPOINT + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: backend-env + key: S3_BUCKET + + - name: CORS_ORIGINS + valueFrom: + secretKeyRef: + name: backend-env + key: CORS_ORIGINS + - name: MAX_UPLOAD_SIZE + valueFrom: + secretKeyRef: + name: backend-env + key: MAX_UPLOAD_SIZE + - name: UPLOAD_DIR + valueFrom: + secretKeyRef: + name: backend-env + key: UPLOAD_DIR + + # HEALTHCHECKS + readinessProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 10 + + livenessProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 20 + + # RESOURCES + resources: + requests: + cpu: "200m" + memory: "256Mi" + limits: + cpu: "1" + memory: "512Mi" imagePullSecrets: - name: harbor-registry From 2524863ad8a65bb9f3fefc1096f8894c006bb22f Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:06:19 -0300 Subject: [PATCH 11/44] ajuste no drone.yml --- .drone.yml | 36 +----------- k8s/backend-deployment.yaml | 108 +----------------------------------- 2 files changed, 4 insertions(+), 140 deletions(-) diff --git a/.drone.yml b/.drone.yml index b9fa22d..acd6693 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,9 +2,6 @@ kind: pipeline type: kubernetes name: deploy-backend -# -------------------------------------------------------------------- -# ETAPA 1 - BUILD E PUSH PARA O HARBOR (PLUGIN DOCKER) -# -------------------------------------------------------------------- steps: - name: build-and-push-backend image: plugins/docker:latest @@ -17,11 +14,7 @@ steps: settings: registry: in.gohorsejobs.com - - # FORMATO EXATO DO SEU HARBOR: - # / repo: gohorsejobs/gohorsejobs-backend - tags: - latest @@ -31,13 +24,8 @@ steps: insecure: true insecure_skip_verify: true debug: true + mtu: 0 - # <<< CORREÇÃO DO TRAVAMENTO NO PUSH >>> - mtu: 1400 - -# -------------------------------------------------------------------- -# ETAPA 2 – DEPLOY BACKEND NO K3S -# -------------------------------------------------------------------- - name: deploy-backend image: bitnami/kubectl:latest @@ -51,27 +39,7 @@ steps: KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY - DB_HOST: { from_secret: DB_HOST } - DB_PORT: { from_secret: DB_PORT } - DB_USER: { from_secret: DB_USER } - DB_PASSWORD: { from_secret: DB_PASSWORD } - DB_NAME: { from_secret: DB_NAME } - DB_SSLMODE: { from_secret: DB_SSLMODE } - - AWS_REGION: { from_secret: AWS_REGION } - AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } - AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } - AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } - S3_BUCKET: { from_secret: S3_BUCKET } - - JWT_SECRET: { from_secret: JWT_SECRET } - ENV: { from_secret: ENV } - CORS_ORIGINS: { from_secret: CORS_ORIGINS } - MAX_UPLOAD_SIZE: { from_secret: MAX_UPLOAD_SIZE } - UPLOAD_DIR: { from_secret: UPLOAD_DIR } - commands: - - echo "Creating kubeconfig…" - mkdir -p ~/.kube - | @@ -97,6 +65,6 @@ steps: current-context: drone-context EOF - - echo "Applying manifests..." + - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index f0ccd6b..b704a7c 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -8,10 +8,12 @@ spec: selector: matchLabels: app: gohorse-backend + template: metadata: labels: app: gohorse-backend + spec: containers: - name: backend @@ -25,111 +27,5 @@ spec: - name: NODE_ENV value: "production" - # ------------------------- - # VARIÁVEIS DO BACKEND - # ------------------------- - - name: DB_HOST - valueFrom: - secretKeyRef: - name: backend-env - key: DB_HOST - - name: DB_PORT - valueFrom: - secretKeyRef: - name: backend-env - key: DB_PORT - - name: DB_USER - valueFrom: - secretKeyRef: - name: backend-env - key: DB_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: backend-env - key: DB_PASSWORD - - name: DB_NAME - valueFrom: - secretKeyRef: - name: backend-env - key: DB_NAME - - name: DB_SSLMODE - valueFrom: - secretKeyRef: - name: backend-env - key: DB_SSLMODE - - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: backend-env - key: JWT_SECRET - - - name: AWS_REGION - valueFrom: - secretKeyRef: - name: backend-env - key: AWS_REGION - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: backend-env - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: backend-env - key: AWS_SECRET_ACCESS_KEY - - name: AWS_ENDPOINT - valueFrom: - secretKeyRef: - name: backend-env - key: AWS_ENDPOINT - - name: S3_BUCKET - valueFrom: - secretKeyRef: - name: backend-env - key: S3_BUCKET - - - name: CORS_ORIGINS - valueFrom: - secretKeyRef: - name: backend-env - key: CORS_ORIGINS - - name: MAX_UPLOAD_SIZE - valueFrom: - secretKeyRef: - name: backend-env - key: MAX_UPLOAD_SIZE - - name: UPLOAD_DIR - valueFrom: - secretKeyRef: - name: backend-env - key: UPLOAD_DIR - - # HEALTHCHECKS - readinessProbe: - httpGet: - path: /health - port: 3000 - initialDelaySeconds: 5 - periodSeconds: 10 - - livenessProbe: - httpGet: - path: /health - port: 3000 - initialDelaySeconds: 15 - periodSeconds: 20 - - # RESOURCES - resources: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "1" - memory: "512Mi" - imagePullSecrets: - name: harbor-registry From 794e4fb3431e3f18a35f6aa392675be4528dd967 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:24:59 -0300 Subject: [PATCH 12/44] ajuste no drone.yml --- .drone.yml | 6 ++++++ k8s/backend-deployment.yaml | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/.drone.yml b/.drone.yml index acd6693..f98e819 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,6 +3,9 @@ type: kubernetes name: deploy-backend steps: + # ----------------------------------------------------------- + # BUILD & PUSH PARA O HARBOR + # ----------------------------------------------------------- - name: build-and-push-backend image: plugins/docker:latest @@ -26,6 +29,9 @@ steps: debug: true mtu: 0 + # ----------------------------------------------------------- + # DEPLOY NO K3S + # ----------------------------------------------------------- - name: deploy-backend image: bitnami/kubectl:latest diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index b704a7c..9ef0919 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -14,6 +14,11 @@ spec: labels: app: gohorse-backend + # Se quiser ativar Infisical Sidecar, descomente abaixo + # annotations: + # infisical.com/managed: "true" + # infisical.com/secret-path: "prod/backend" + spec: containers: - name: backend From 5ede17efad6aabdeb5abb02391e69e4e0cebb2c9 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:34:37 -0300 Subject: [PATCH 13/44] ajuste no drone.yml --- .drone.yml | 22 +++++----------------- k8s/backend-deployment.yaml | 9 ++------- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/.drone.yml b/.drone.yml index f98e819..51a7a4f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,38 +3,29 @@ type: kubernetes name: deploy-backend steps: - # ----------------------------------------------------------- - # BUILD & PUSH PARA O HARBOR - # ----------------------------------------------------------- + # BUILD & PUSH para Harbor - name: build-and-push-backend image: plugins/docker:latest - environment: DOCKER_USERNAME: from_secret: HARBOR_USERNAME DOCKER_PASSWORD: from_secret: HARBOR_PASSWORD - settings: registry: in.gohorsejobs.com repo: gohorsejobs/gohorsejobs-backend tags: - latest - context: backend dockerfile: backend/Dockerfile - - insecure: true - insecure_skip_verify: true + insecure: true # Use apenas se necessário (HTTP ou certificado self-signed) + insecure_skip_verify: true # Use apenas se necessário debug: true mtu: 0 - # ----------------------------------------------------------- - # DEPLOY NO K3S - # ----------------------------------------------------------- + # DEPLOY no K3S - name: deploy-backend image: bitnami/kubectl:latest - environment: KUBERNETES_SERVER: from_secret: K3S_SERVER @@ -44,10 +35,8 @@ steps: from_secret: K3S_CLIENT_CERT KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY - commands: - mkdir -p ~/.kube - - | cat < ~/.kube/config apiVersion: v1 @@ -70,7 +59,6 @@ steps: namespace: gohorsejobs current-context: drone-context EOF - - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml + - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index 9ef0919..1c8d3ea 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -13,24 +13,19 @@ spec: metadata: labels: app: gohorse-backend - - # Se quiser ativar Infisical Sidecar, descomente abaixo + # Para usar Infisical Sidecar, descomente as linhas abaixo: # annotations: # infisical.com/managed: "true" # infisical.com/secret-path: "prod/backend" - spec: containers: - name: backend image: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest imagePullPolicy: Always - ports: - containerPort: 3000 - env: - name: NODE_ENV value: "production" - imagePullSecrets: - - name: harbor-registry + - name: harbor-registry \ No newline at end of file From ddefa807d69260b17e663a090ce41941d0550e39 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:42:19 -0300 Subject: [PATCH 14/44] ajuste no drone.yml --- .drone.yml | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/.drone.yml b/.drone.yml index 51a7a4f..32de590 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,25 +3,24 @@ type: kubernetes name: deploy-backend steps: - # BUILD & PUSH para Harbor + # BUILD & PUSH para Harbor (login manual) - name: build-and-push-backend - image: plugins/docker:latest + image: docker:24 environment: - DOCKER_USERNAME: + HARBOR_USERNAME: from_secret: HARBOR_USERNAME - DOCKER_PASSWORD: + HARBOR_PASSWORD: from_secret: HARBOR_PASSWORD - settings: - registry: in.gohorsejobs.com - repo: gohorsejobs/gohorsejobs-backend - tags: - - latest - context: backend - dockerfile: backend/Dockerfile - insecure: true # Use apenas se necessário (HTTP ou certificado self-signed) - insecure_skip_verify: true # Use apenas se necessário - debug: true - mtu: 0 + volumes: + - name: dockersock + path: /var/run/docker.sock + commands: + # Login manual no Harbor + - echo "$HARBOR_PASSWORD" | docker login in.gohorsejobs.com -u "$HARBOR_USERNAME" --password-stdin + # Build da imagem + - docker build -t in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest backend + # Push para o Harbor + - docker push in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest # DEPLOY no K3S - name: deploy-backend @@ -61,4 +60,9 @@ steps: EOF - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml + +volumes: + - name: dockersock + host: + path: /var/run/docker.sock \ No newline at end of file From d0f7884611bc154e1f43b6a009c0ba2066098b2e Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:46:34 -0300 Subject: [PATCH 15/44] ajuste no drone.yml --- .drone.yml | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/.drone.yml b/.drone.yml index 32de590..2e9d4de 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,24 +3,36 @@ type: kubernetes name: deploy-backend steps: - # BUILD & PUSH para Harbor (login manual) - - name: build-and-push-backend + # Step SEPARADO apenas para o docker login no Harbor + - name: docker-login-harbor image: docker:24 environment: HARBOR_USERNAME: from_secret: HARBOR_USERNAME HARBOR_PASSWORD: from_secret: HARBOR_PASSWORD - volumes: - - name: dockersock - path: /var/run/docker.sock commands: - # Login manual no Harbor - echo "$HARBOR_PASSWORD" | docker login in.gohorsejobs.com -u "$HARBOR_USERNAME" --password-stdin - # Build da imagem - - docker build -t in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest backend - # Push para o Harbor - - docker push in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest + + # BUILD & PUSH para Harbor usando plugins/docker (segue padrão) + - name: build-and-push-backend + image: plugins/docker:latest + environment: + DOCKER_USERNAME: + from_secret: HARBOR_USERNAME + DOCKER_PASSWORD: + from_secret: HARBOR_PASSWORD + settings: + registry: in.gohorsejobs.com + repo: gohorsejobs/gohorsejobs-backend + tags: + - latest + context: backend + dockerfile: backend/Dockerfile + insecure: true # Use apenas se necessário (HTTP or self-signed) + insecure_skip_verify: true + debug: true + mtu: 0 # DEPLOY no K3S - name: deploy-backend @@ -60,9 +72,4 @@ steps: EOF - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml - -volumes: - - name: dockersock - host: - path: /var/run/docker.sock \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file From c5b31e71234532b9d1fcd5a3dc10e45760b00be4 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:48:55 -0300 Subject: [PATCH 16/44] ajuste no drone.yml --- .drone.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 2e9d4de..dd73a66 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,7 +3,17 @@ type: kubernetes name: deploy-backend steps: - # Step SEPARADO apenas para o docker login no Harbor + - name: debug-infisical-vars + image: alpine:3 + environment: + HARBOR_USERNAME: + from_secret: HARBOR_USERNAME + HARBOR_PASSWORD: + from_secret: HARBOR_PASSWORD + commands: + - echo "USER: $HARBOR_USERNAME" + - echo "PWLEN: $(echo -n $HARBOR_PASSWORD | wc -c)" + - name: docker-login-harbor image: docker:24 environment: @@ -14,7 +24,6 @@ steps: commands: - echo "$HARBOR_PASSWORD" | docker login in.gohorsejobs.com -u "$HARBOR_USERNAME" --password-stdin - # BUILD & PUSH para Harbor usando plugins/docker (segue padrão) - name: build-and-push-backend image: plugins/docker:latest environment: @@ -29,12 +38,11 @@ steps: - latest context: backend dockerfile: backend/Dockerfile - insecure: true # Use apenas se necessário (HTTP or self-signed) + insecure: true insecure_skip_verify: true debug: true mtu: 0 - # DEPLOY no K3S - name: deploy-backend image: bitnami/kubectl:latest environment: From d70bacac7e069d9ea9d20d168324734422b1dbd3 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:50:13 -0300 Subject: [PATCH 17/44] ajuste no drone.yml --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index dd73a66..b32e309 100644 --- a/.drone.yml +++ b/.drone.yml @@ -80,4 +80,5 @@ steps: EOF - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml + \ No newline at end of file From ef5db9f91a8773a13389db36153fd58b545d3d72 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:50:52 -0300 Subject: [PATCH 18/44] ajuste no drone.yml --- .drone.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index b32e309..dd73a66 100644 --- a/.drone.yml +++ b/.drone.yml @@ -80,5 +80,4 @@ steps: EOF - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml - \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file From 94c58ba9e2db0caf51459f24a769d3e5b4546007 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:51:56 -0300 Subject: [PATCH 19/44] ajuste no drone.yml --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index dd73a66..b32e309 100644 --- a/.drone.yml +++ b/.drone.yml @@ -80,4 +80,5 @@ steps: EOF - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml + \ No newline at end of file From 7a607e4cbee8ed1368ed1f5c7e22bdfc6c365ca0 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:52:43 -0300 Subject: [PATCH 20/44] ajuste no drone.yml --- .drone.yml | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/.drone.yml b/.drone.yml index b32e309..51a7a4f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,27 +3,7 @@ type: kubernetes name: deploy-backend steps: - - name: debug-infisical-vars - image: alpine:3 - environment: - HARBOR_USERNAME: - from_secret: HARBOR_USERNAME - HARBOR_PASSWORD: - from_secret: HARBOR_PASSWORD - commands: - - echo "USER: $HARBOR_USERNAME" - - echo "PWLEN: $(echo -n $HARBOR_PASSWORD | wc -c)" - - - name: docker-login-harbor - image: docker:24 - environment: - HARBOR_USERNAME: - from_secret: HARBOR_USERNAME - HARBOR_PASSWORD: - from_secret: HARBOR_PASSWORD - commands: - - echo "$HARBOR_PASSWORD" | docker login in.gohorsejobs.com -u "$HARBOR_USERNAME" --password-stdin - + # BUILD & PUSH para Harbor - name: build-and-push-backend image: plugins/docker:latest environment: @@ -38,11 +18,12 @@ steps: - latest context: backend dockerfile: backend/Dockerfile - insecure: true - insecure_skip_verify: true + insecure: true # Use apenas se necessário (HTTP ou certificado self-signed) + insecure_skip_verify: true # Use apenas se necessário debug: true mtu: 0 + # DEPLOY no K3S - name: deploy-backend image: bitnami/kubectl:latest environment: @@ -80,5 +61,4 @@ steps: EOF - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml - \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file From 40fefb88ae59407e50b179565407517c5f873e1c Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Thu, 11 Dec 2025 23:58:50 -0300 Subject: [PATCH 21/44] ajuste no drone.yml --- .drone.yml | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/.drone.yml b/.drone.yml index 51a7a4f..36aa4ea 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,27 +3,33 @@ type: kubernetes name: deploy-backend steps: - # BUILD & PUSH para Harbor - - name: build-and-push-backend - image: plugins/docker:latest + - name: docker-login + image: docker:24 environment: DOCKER_USERNAME: - from_secret: HARBOR_USERNAME + from_secret: DOCKER_USERNAME DOCKER_PASSWORD: - from_secret: HARBOR_PASSWORD - settings: - registry: in.gohorsejobs.com - repo: gohorsejobs/gohorsejobs-backend - tags: - - latest - context: backend - dockerfile: backend/Dockerfile - insecure: true # Use apenas se necessário (HTTP ou certificado self-signed) - insecure_skip_verify: true # Use apenas se necessário - debug: true - mtu: 0 + from_secret: DOCKER_PASSWORD + volumes: + - name: dockersock + path: /var/run/docker.sock + commands: + - echo "$DOCKER_PASSWORD" | docker login https://in.gohorsejobs.com -u "$DOCKER_USERNAME" --password-stdin + + - name: build-and-push-backend + image: docker:24 + environment: + DOCKER_USERNAME: + from_secret: DOCKER_USERNAME + DOCKER_PASSWORD: + from_secret: DOCKER_PASSWORD + volumes: + - name: dockersock + path: /var/run/docker.sock + commands: + - docker build -t in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest backend + - docker push in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest - # DEPLOY no K3S - name: deploy-backend image: bitnami/kubectl:latest environment: From 164294fc2781a61f3de6288e5ae361930b3b2fb9 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 00:00:29 -0300 Subject: [PATCH 22/44] ajuste no drone.yml --- .drone.yml | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/.drone.yml b/.drone.yml index 36aa4ea..2adb318 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,32 +3,22 @@ type: kubernetes name: deploy-backend steps: - - name: docker-login - image: docker:24 - environment: - DOCKER_USERNAME: - from_secret: DOCKER_USERNAME - DOCKER_PASSWORD: - from_secret: DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run/docker.sock - commands: - - echo "$DOCKER_PASSWORD" | docker login https://in.gohorsejobs.com -u "$DOCKER_USERNAME" --password-stdin - - name: build-and-push-backend - image: docker:24 + image: plugins/docker:latest environment: DOCKER_USERNAME: from_secret: DOCKER_USERNAME DOCKER_PASSWORD: from_secret: DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run/docker.sock - commands: - - docker build -t in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest backend - - docker push in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest + settings: + registry: in.gohorsejobs.com + repo: gohorsejobs/gohorsejobs-backend + tags: + - latest + context: backend + dockerfile: backend/Dockerfile + insecure: true + insecure_skip_verify: true - name: deploy-backend image: bitnami/kubectl:latest From 44641a91154eb18be511e61e471241b28e9e5fbb Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 00:05:22 -0300 Subject: [PATCH 23/44] ajuste no drone.yml --- .drone.yml | 28 +++++++++++++++++++++------- k8s/backend-deployment.yaml | 10 +++++----- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/.drone.yml b/.drone.yml index 2adb318..3da58ee 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,25 +3,36 @@ type: kubernetes name: deploy-backend steps: + # --------------------------------------------------------------- + # ETAPA 1 - BUILD + PUSH USANDO PLUGIN DOCKER (SEM KANIKO) + # --------------------------------------------------------------- - name: build-and-push-backend image: plugins/docker:latest - environment: - DOCKER_USERNAME: - from_secret: DOCKER_USERNAME - DOCKER_PASSWORD: - from_secret: DOCKER_PASSWORD + settings: registry: in.gohorsejobs.com - repo: gohorsejobs/gohorsejobs-backend + repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend tags: - latest + context: backend dockerfile: backend/Dockerfile + insecure: true insecure_skip_verify: true + debug: true + username: + from_secret: HARBOR_USERNAME + password: + from_secret: HARBOR_PASSWORD + + # --------------------------------------------------------------- + # ETAPA 2 - DEPLOY BACKEND NO K3S + # --------------------------------------------------------------- - name: deploy-backend image: bitnami/kubectl:latest + environment: KUBERNETES_SERVER: from_secret: K3S_SERVER @@ -31,8 +42,10 @@ steps: from_secret: K3S_CLIENT_CERT KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY + commands: - mkdir -p ~/.kube + - | cat < ~/.kube/config apiVersion: v1 @@ -55,6 +68,7 @@ steps: namespace: gohorsejobs current-context: drone-context EOF + - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index 1c8d3ea..b704a7c 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -13,19 +13,19 @@ spec: metadata: labels: app: gohorse-backend - # Para usar Infisical Sidecar, descomente as linhas abaixo: - # annotations: - # infisical.com/managed: "true" - # infisical.com/secret-path: "prod/backend" + spec: containers: - name: backend image: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest imagePullPolicy: Always + ports: - containerPort: 3000 + env: - name: NODE_ENV value: "production" + imagePullSecrets: - - name: harbor-registry \ No newline at end of file + - name: harbor-registry From c32e5a0d96dbe40a187f66fed499efc6d836094e Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 00:14:08 -0300 Subject: [PATCH 24/44] ajuste no drone.yml --- .drone.yml | 10 +--------- k8s/backend-deployment.yaml | 5 +---- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3da58ee..edeaffd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,20 +8,16 @@ steps: # --------------------------------------------------------------- - name: build-and-push-backend image: plugins/docker:latest - settings: registry: in.gohorsejobs.com repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend tags: - latest - context: backend dockerfile: backend/Dockerfile - insecure: true insecure_skip_verify: true debug: true - username: from_secret: HARBOR_USERNAME password: @@ -32,7 +28,6 @@ steps: # --------------------------------------------------------------- - name: deploy-backend image: bitnami/kubectl:latest - environment: KUBERNETES_SERVER: from_secret: K3S_SERVER @@ -42,10 +37,8 @@ steps: from_secret: K3S_CLIENT_CERT KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY - commands: - mkdir -p ~/.kube - - | cat < ~/.kube/config apiVersion: v1 @@ -68,7 +61,6 @@ steps: namespace: gohorsejobs current-context: drone-context EOF - - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml + - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index b704a7c..50e4a58 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -19,13 +19,10 @@ spec: - name: backend image: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest imagePullPolicy: Always - ports: - containerPort: 3000 - env: - name: NODE_ENV value: "production" - imagePullSecrets: - - name: harbor-registry + - name: harbor-registry \ No newline at end of file From 832798b9e8a557b4e7ce0f59209e9f604b1363da Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 00:27:19 -0300 Subject: [PATCH 25/44] ajuste no drone.yml --- .drone.yml | 31 +++++++++++++++++++++++++------ k8s/backend-deployment.yaml | 5 +++-- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index edeaffd..434a8ed 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,9 +3,6 @@ type: kubernetes name: deploy-backend steps: - # --------------------------------------------------------------- - # ETAPA 1 - BUILD + PUSH USANDO PLUGIN DOCKER (SEM KANIKO) - # --------------------------------------------------------------- - name: build-and-push-backend image: plugins/docker:latest settings: @@ -23,9 +20,31 @@ steps: password: from_secret: HARBOR_PASSWORD - # --------------------------------------------------------------- - # ETAPA 2 - DEPLOY BACKEND NO K3S - # --------------------------------------------------------------- + - name: export-infisical-to-k8s + image: infisical/infisical:latest + environment: + INFISICAL_TOKEN: + from_secret: INFISICAL_TOKEN + KUBERNETES_SERVER: + from_secret: K3S_SERVER + KUBERNETES_CA: + from_secret: K3S_CA_CERT + KUBERNETES_CLIENT_CERT: + from_secret: K3S_CLIENT_CERT + KUBERNETES_CLIENT_KEY: + from_secret: K3S_CLIENT_KEY + commands: + - infisical export --env=production --format=dotenv > .env.k8s + - echo "$KUBERNETES_CA" | base64 -d > /tmp/ca.crt + - echo "$KUBERNETES_CLIENT_CERT" | base64 -d > /tmp/client.crt + - echo "$KUBERNETES_CLIENT_KEY" | base64 -d > /tmp/client.key + - kubectl config set-cluster k3s --server="${KUBERNETES_SERVER}" --certificate-authority=/tmp/ca.crt + - kubectl config set-credentials drone --client-certificate=/tmp/client.crt --client-key=/tmp/client.key + - kubectl config set-context drone-context --cluster=k3s --namespace=gohorsejobs --user=drone + - kubectl config use-context drone-context + - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found + - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s + - name: deploy-backend image: bitnami/kubectl:latest environment: diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index 50e4a58..d601eee 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -8,12 +8,10 @@ spec: selector: matchLabels: app: gohorse-backend - template: metadata: labels: app: gohorse-backend - spec: containers: - name: backend @@ -24,5 +22,8 @@ spec: env: - name: NODE_ENV value: "production" + envFrom: + - secretRef: + name: backend-secrets # O nome do Secret criado no seu pipeline com as variáveis do Infisical imagePullSecrets: - name: harbor-registry \ No newline at end of file From ff99d9ce4eb56041c22c16d926296b4054d80173 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 09:27:40 -0300 Subject: [PATCH 26/44] ajuste no drone.yml --- .drone.yml | 53 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 48 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index 434a8ed..6f103e5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,11 +20,9 @@ steps: password: from_secret: HARBOR_PASSWORD - - name: export-infisical-to-k8s - image: infisical/infisical:latest + - name: export-envs-to-k8s + image: bitnami/kubectl:latest environment: - INFISICAL_TOKEN: - from_secret: INFISICAL_TOKEN KUBERNETES_SERVER: from_secret: K3S_SERVER KUBERNETES_CA: @@ -33,8 +31,31 @@ steps: from_secret: K3S_CLIENT_CERT KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY + + # Todas as variáveis do seu sistema: + AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } + AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } + AWS_REGION: { from_secret: AWS_REGION } + AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } + CORS_ORIGINS: { from_secret: CORS_ORIGINS } + DB_HOST: { from_secret: DB_HOST } + DB_NAME: { from_secret: DB_NAME } + DB_PASSWORD: { from_secret: DB_PASSWORD } + DB_PORT: { from_secret: DB_PORT } + DB_SSLMODE: { from_secret: DB_SSLMODE } + DB_USER: { from_secret: DB_USER } + ENV: { from_secret: ENV } + JWT_SECRET: { from_secret: JWT_SECRET } + MAX_UPLOAD_CAD_SIZE: { from_secret: MAX_UPLOAD_CAD_SIZE } + PORT: { from_secret: PORT } + S3_BUCKET: { from_secret: S3_BUCKET } + UPLOAD_DIR: { from_secret: UPLOAD_DIR } + + # Harbor/Docker + HARBOR_USERNAME: { from_secret: HARBOR_USERNAME } + HARBOR_PASSWORD: { from_secret: HARBOR_PASSWORD } + commands: - - infisical export --env=production --format=dotenv > .env.k8s - echo "$KUBERNETES_CA" | base64 -d > /tmp/ca.crt - echo "$KUBERNETES_CLIENT_CERT" | base64 -d > /tmp/client.crt - echo "$KUBERNETES_CLIENT_KEY" | base64 -d > /tmp/client.key @@ -42,6 +63,28 @@ steps: - kubectl config set-credentials drone --client-certificate=/tmp/client.crt --client-key=/tmp/client.key - kubectl config set-context drone-context --cluster=k3s --namespace=gohorsejobs --user=drone - kubectl config use-context drone-context + - | + cat < .env.k8s + AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID + AWS_ENDPOINT=$AWS_ENDPOINT + AWS_REGION=$AWS_REGION + AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY + CORS_ORIGINS=$CORS_ORIGINS + DB_HOST=$DB_HOST + DB_NAME=$DB_NAME + DB_PASSWORD=$DB_PASSWORD + DB_PORT=$DB_PORT + DB_SSLMODE=$DB_SSLMODE + DB_USER=$DB_USER + ENV=$ENV + JWT_SECRET=$JWT_SECRET + MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE + PORT=$PORT + S3_BUCKET=$S3_BUCKET + UPLOAD_DIR=$UPLOAD_DIR + HARBOR_USERNAME=$HARBOR_USERNAME + HARBOR_PASSWORD=$HARBOR_PASSWORD + EOF - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s From 5589e82899d60a22b383ffc35c4b8ccc92ff12fd Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 09:47:36 -0300 Subject: [PATCH 27/44] ajuste no drone.yml --- .drone.yml | 61 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6f103e5..066a72e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -31,29 +31,44 @@ steps: from_secret: K3S_CLIENT_CERT KUBERNETES_CLIENT_KEY: from_secret: K3S_CLIENT_KEY - - # Todas as variáveis do seu sistema: - AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } - AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } - AWS_REGION: { from_secret: AWS_REGION } - AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } - CORS_ORIGINS: { from_secret: CORS_ORIGINS } - DB_HOST: { from_secret: DB_HOST } - DB_NAME: { from_secret: DB_NAME } - DB_PASSWORD: { from_secret: DB_PASSWORD } - DB_PORT: { from_secret: DB_PORT } - DB_SSLMODE: { from_secret: DB_SSLMODE } - DB_USER: { from_secret: DB_USER } - ENV: { from_secret: ENV } - JWT_SECRET: { from_secret: JWT_SECRET } - MAX_UPLOAD_CAD_SIZE: { from_secret: MAX_UPLOAD_CAD_SIZE } - PORT: { from_secret: PORT } - S3_BUCKET: { from_secret: S3_BUCKET } - UPLOAD_DIR: { from_secret: UPLOAD_DIR } - - # Harbor/Docker - HARBOR_USERNAME: { from_secret: HARBOR_USERNAME } - HARBOR_PASSWORD: { from_secret: HARBOR_PASSWORD } + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ENDPOINT: + from_secret: AWS_ENDPOINT + AWS_REGION: + from_secret: AWS_REGION + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + CORS_ORIGINS: + from_secret: CORS_ORIGINS + DB_HOST: + from_secret: DB_HOST + DB_NAME: + from_secret: DB_NAME + DB_PASSWORD: + from_secret: DB_PASSWORD + DB_PORT: + from_secret: DB_PORT + DB_SSLMODE: + from_secret: DB_SSLMODE + DB_USER: + from_secret: DB_USER + ENV: + from_secret: ENV + JWT_SECRET: + from_secret: JWT_SECRET + MAX_UPLOAD_CAD_SIZE: + from_secret: MAX_UPLOAD_CAD_SIZE + PORT: + from_secret: PORT + S3_BUCKET: + from_secret: S3_BUCKET + UPLOAD_DIR: + from_secret: UPLOAD_DIR + HARBOR_USERNAME: + from_secret: HARBOR_USERNAME + HARBOR_PASSWORD: + from_secret: HARBOR_PASSWORD commands: - echo "$KUBERNETES_CA" | base64 -d > /tmp/ca.crt From 593fca41f06c81e74c4a54afd12620a212689f59 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:03:11 -0300 Subject: [PATCH 28/44] ajuste no drone.yml --- .drone.yml | 62 ++++++++---------------------------------------------- 1 file changed, 9 insertions(+), 53 deletions(-) diff --git a/.drone.yml b/.drone.yml index 066a72e..0d1c775 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,14 +23,8 @@ steps: - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: - KUBERNETES_SERVER: - from_secret: K3S_SERVER - KUBERNETES_CA: - from_secret: K3S_CA_CERT - KUBERNETES_CLIENT_CERT: - from_secret: K3S_CLIENT_CERT - KUBERNETES_CLIENT_KEY: - from_secret: K3S_CLIENT_KEY + KUBECONFIG_DATA: + from_secret: K3S_KUBECONFIG AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ENDPOINT: @@ -65,19 +59,10 @@ steps: from_secret: S3_BUCKET UPLOAD_DIR: from_secret: UPLOAD_DIR - HARBOR_USERNAME: - from_secret: HARBOR_USERNAME - HARBOR_PASSWORD: - from_secret: HARBOR_PASSWORD commands: - - echo "$KUBERNETES_CA" | base64 -d > /tmp/ca.crt - - echo "$KUBERNETES_CLIENT_CERT" | base64 -d > /tmp/client.crt - - echo "$KUBERNETES_CLIENT_KEY" | base64 -d > /tmp/client.key - - kubectl config set-cluster k3s --server="${KUBERNETES_SERVER}" --certificate-authority=/tmp/ca.crt - - kubectl config set-credentials drone --client-certificate=/tmp/client.crt --client-key=/tmp/client.key - - kubectl config set-context drone-context --cluster=k3s --namespace=gohorsejobs --user=drone - - kubectl config use-context drone-context + - mkdir -p /root/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > /root/.kube/config - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -97,8 +82,6 @@ steps: PORT=$PORT S3_BUCKET=$S3_BUCKET UPLOAD_DIR=$UPLOAD_DIR - HARBOR_USERNAME=$HARBOR_USERNAME - HARBOR_PASSWORD=$HARBOR_PASSWORD EOF - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s @@ -106,38 +89,11 @@ steps: - name: deploy-backend image: bitnami/kubectl:latest environment: - KUBERNETES_SERVER: - from_secret: K3S_SERVER - KUBERNETES_CA: - from_secret: K3S_CA_CERT - KUBERNETES_CLIENT_CERT: - from_secret: K3S_CLIENT_CERT - KUBERNETES_CLIENT_KEY: - from_secret: K3S_CLIENT_KEY + KUBECONFIG_DATA: + from_secret: K3S_KUBECONFIG commands: - - mkdir -p ~/.kube - - | - cat < ~/.kube/config - apiVersion: v1 - kind: Config - clusters: - - name: k3s - cluster: - server: ${KUBERNETES_SERVER} - certificate-authority-data: ${KUBERNETES_CA} - users: - - name: drone - user: - client-certificate-data: ${KUBERNETES_CLIENT_CERT} - client-key-data: ${KUBERNETES_CLIENT_KEY} - contexts: - - name: drone-context - context: - cluster: k3s - user: drone - namespace: gohorsejobs - current-context: drone-context - EOF + - mkdir -p /root/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > /root/.kube/config - echo "Deploying backend..." - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml \ No newline at end of file + - kubectl apply -f k8s/backend-service.yaml From 366fb81245bfb55b1a3dfeed80550cc6a53277c2 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:08:43 -0300 Subject: [PATCH 29/44] ajuste no drone.yml --- .drone.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0d1c775..e48c91d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -59,10 +59,9 @@ steps: from_secret: S3_BUCKET UPLOAD_DIR: from_secret: UPLOAD_DIR - commands: - - mkdir -p /root/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > /root/.kube/config + - mkdir -p ~/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -92,8 +91,7 @@ steps: KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG commands: - - mkdir -p /root/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > /root/.kube/config - - echo "Deploying backend..." + - mkdir -p ~/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml From bf75408e03939e12bfbd2ede2376af5d56655184 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:10:17 -0300 Subject: [PATCH 30/44] ajuste no drone.yml --- .drone.yml | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index e48c91d..9a6c785 100644 --- a/.drone.yml +++ b/.drone.yml @@ -60,8 +60,21 @@ steps: UPLOAD_DIR: from_secret: UPLOAD_DIR commands: - - mkdir -p ~/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config + # --- DEBUG HOME --- + - echo "--- DEBUG HOME ---" + - whoami + - echo "HOME=$HOME" + - pwd + - ls -la $HOME || echo "HOME inválido" + - echo "--- END DEBUG ---" + + # Criar kubeconfig no HOME real + - mkdir -p $HOME/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config + - export KUBECONFIG=$HOME/.kube/config + - kubectl get nodes || echo "Falha ao conectar no cluster" + + # Criar secrets de ambiente - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -91,7 +104,19 @@ steps: KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG commands: - - mkdir -p ~/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config + # --- DEBUG HOME --- + - echo "--- DEBUG HOME ---" + - whoami + - echo "HOME=$HOME" + - pwd + - ls -la $HOME || echo "HOME inválido" + - echo "--- END DEBUG ---" + + # Configurar kubeconfig + - mkdir -p $HOME/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config + - export KUBECONFIG=$HOME/.kube/config + + # Deploy - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml From 7a3c7f61b9202b99b33e1b2fe8981d6f9a1a6f82 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:16:32 -0300 Subject: [PATCH 31/44] ajuste no drone.yml --- .drone.yml | 45 +++++---------------------------------------- 1 file changed, 5 insertions(+), 40 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9a6c785..461314f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,28 +1,7 @@ -kind: pipeline -type: kubernetes -name: deploy-backend - -steps: - - name: build-and-push-backend - image: plugins/docker:latest - settings: - registry: in.gohorsejobs.com - repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend - tags: - - latest - context: backend - dockerfile: backend/Dockerfile - insecure: true - insecure_skip_verify: true - debug: true - username: - from_secret: HARBOR_USERNAME - password: - from_secret: HARBOR_PASSWORD - - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: + HOME: /tmp KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG AWS_ACCESS_KEY_ID: @@ -60,21 +39,16 @@ steps: UPLOAD_DIR: from_secret: UPLOAD_DIR commands: - # --- DEBUG HOME --- - echo "--- DEBUG HOME ---" - whoami - echo "HOME=$HOME" - pwd - - ls -la $HOME || echo "HOME inválido" + - ls -la $HOME - echo "--- END DEBUG ---" - - # Criar kubeconfig no HOME real - mkdir -p $HOME/.kube - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config - export KUBECONFIG=$HOME/.kube/config - - kubectl get nodes || echo "Falha ao conectar no cluster" - - # Criar secrets de ambiente + - kubectl get nodes - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -98,25 +72,16 @@ steps: - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s + - name: deploy-backend image: bitnami/kubectl:latest environment: + HOME: /tmp KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG commands: - # --- DEBUG HOME --- - - echo "--- DEBUG HOME ---" - - whoami - - echo "HOME=$HOME" - - pwd - - ls -la $HOME || echo "HOME inválido" - - echo "--- END DEBUG ---" - - # Configurar kubeconfig - mkdir -p $HOME/.kube - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config - export KUBECONFIG=$HOME/.kube/config - - # Deploy - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml From 09976c1d6c519df95529f81b8d502922e9ddfa40 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:17:37 -0300 Subject: [PATCH 32/44] ajuste no drone.yml --- .drone.yml | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 461314f..4276eaa 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,3 +1,25 @@ +kind: pipeline +type: kubernetes +name: deploy-backend + +steps: + - name: build-and-push-backend + image: plugins/docker:latest + settings: + registry: in.gohorsejobs.com + repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend + tags: + - latest + context: backend + dockerfile: backend/Dockerfile + insecure: true + insecure_skip_verify: true + debug: true + username: + from_secret: HARBOR_USERNAME + password: + from_secret: HARBOR_PASSWORD + - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: @@ -45,10 +67,12 @@ - pwd - ls -la $HOME - echo "--- END DEBUG ---" + - mkdir -p $HOME/.kube - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config - export KUBECONFIG=$HOME/.kube/config - kubectl get nodes + - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -69,10 +93,10 @@ S3_BUCKET=$S3_BUCKET UPLOAD_DIR=$UPLOAD_DIR EOF + - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s - - name: deploy-backend image: bitnami/kubectl:latest environment: @@ -83,5 +107,6 @@ - mkdir -p $HOME/.kube - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config - export KUBECONFIG=$HOME/.kube/config + - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml From 1b9bf046580338b6f8973caab47c12d1d273f010 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:21:31 -0300 Subject: [PATCH 33/44] ajuste no drone.yml --- .drone.yml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4276eaa..58c84e8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,7 +23,8 @@ steps: - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: - HOME: /tmp + HOME: /tmp/drone-home + KUBECONFIG: /tmp/drone-home/.kube/config KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG AWS_ACCESS_KEY_ID: @@ -61,18 +62,9 @@ steps: UPLOAD_DIR: from_secret: UPLOAD_DIR commands: - - echo "--- DEBUG HOME ---" - - whoami - - echo "HOME=$HOME" - - pwd - - ls -la $HOME - - echo "--- END DEBUG ---" - - - mkdir -p $HOME/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config - - export KUBECONFIG=$HOME/.kube/config + - mkdir -p /tmp/drone-home/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - kubectl get nodes - - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -93,20 +85,18 @@ steps: S3_BUCKET=$S3_BUCKET UPLOAD_DIR=$UPLOAD_DIR EOF - - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s - name: deploy-backend image: bitnami/kubectl:latest environment: - HOME: /tmp + HOME: /tmp/drone-home + KUBECONFIG: /tmp/drone-home/.kube/config KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG commands: - - mkdir -p $HOME/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config - - export KUBECONFIG=$HOME/.kube/config - + - mkdir -p /tmp/drone-home/.kube + - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - kubectl apply -f k8s/backend-deployment.yaml - kubectl apply -f k8s/backend-service.yaml From 038bc5ce2637b1ddda0f6b954f45d2fa52f55d41 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:34:51 -0300 Subject: [PATCH 34/44] ajuste no drone.yml --- .drone.yml | 80 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 39 deletions(-) diff --git a/.drone.yml b/.drone.yml index 58c84e8..855a9ed 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,8 +8,7 @@ steps: settings: registry: in.gohorsejobs.com repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend - tags: - - latest + tags: [ latest ] context: backend dockerfile: backend/Dockerfile insecure: true @@ -27,44 +26,37 @@ steps: KUBECONFIG: /tmp/drone-home/.kube/config KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID - AWS_ENDPOINT: - from_secret: AWS_ENDPOINT - AWS_REGION: - from_secret: AWS_REGION - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY - CORS_ORIGINS: - from_secret: CORS_ORIGINS - DB_HOST: - from_secret: DB_HOST - DB_NAME: - from_secret: DB_NAME - DB_PASSWORD: - from_secret: DB_PASSWORD - DB_PORT: - from_secret: DB_PORT - DB_SSLMODE: - from_secret: DB_SSLMODE - DB_USER: - from_secret: DB_USER - ENV: - from_secret: ENV - JWT_SECRET: - from_secret: JWT_SECRET - MAX_UPLOAD_CAD_SIZE: - from_secret: MAX_UPLOAD_CAD_SIZE - PORT: - from_secret: PORT - S3_BUCKET: - from_secret: S3_BUCKET - UPLOAD_DIR: - from_secret: UPLOAD_DIR + + AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } + AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } + AWS_REGION: { from_secret: AWS_REGION } + AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } + CORS_ORIGINS: { from_secret: CORS_ORIGINS } + DB_HOST: { from_secret: DB_HOST } + DB_NAME: { from_secret: DB_NAME } + DB_PASSWORD: { from_secret: DB_PASSWORD } + DB_PORT: { from_secret: DB_PORT } + DB_SSLMODE: { from_secret: DB_SSLMODE } + DB_USER: { from_secret: DB_USER } + ENV: { from_secret: ENV } + JWT_SECRET: { from_secret: JWT_SECRET } + MAX_UPLOAD_CAD_SIZE: { from_secret: MAX_UPLOAD_CAD_SIZE } + PORT: { from_secret: PORT } + S3_BUCKET: { from_secret: S3_BUCKET } + UPLOAD_DIR: { from_secret: UPLOAD_DIR } + commands: + # Cria diretório HOME do executor - mkdir -p /tmp/drone-home/.kube + + # Decodifica kubeconfig - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - kubectl get nodes + + # TESTA ACESSO AO NAMESPACE (NÃO REQUER PERMISSÃO DE CLUSTER) + - echo "--- TESTANDO ACESSO AO NAMESPACE ---" + - kubectl -n gohorsejobs get pods || echo "Ainda não há pods, tudo certo" + + # Gera arquivo de envs - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -85,9 +77,12 @@ steps: S3_BUCKET=$S3_BUCKET UPLOAD_DIR=$UPLOAD_DIR EOF + + # Atualiza secret no namespace - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s + - name: deploy-backend image: bitnami/kubectl:latest environment: @@ -95,8 +90,15 @@ steps: KUBECONFIG: /tmp/drone-home/.kube/config KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG + commands: + # Cria diretório HOME do executor - mkdir -p /tmp/drone-home/.kube + + # Decodifica kubeconfig - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - kubectl apply -f k8s/backend-deployment.yaml - - kubectl apply -f k8s/backend-service.yaml + + # Aplica deployment e service + - echo "--- APPLY DEPLOY ---" + - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml + - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 1758a74ad28a500a3e48bbb3ec8e77e77fd0fb28 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:45:22 -0300 Subject: [PATCH 35/44] ajuste no drone.yml --- .drone.yml | 67 +++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/.drone.yml b/.drone.yml index 855a9ed..60a1f94 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,7 +8,8 @@ steps: settings: registry: in.gohorsejobs.com repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend - tags: [ latest ] + tags: + - latest context: backend dockerfile: backend/Dockerfile insecure: true @@ -46,42 +47,38 @@ steps: UPLOAD_DIR: { from_secret: UPLOAD_DIR } commands: - # Cria diretório HOME do executor + - echo "--- CONFIGURANDO KUBECONFIG ---" - mkdir -p /tmp/drone-home/.kube - - # Decodifica kubeconfig - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - # TESTA ACESSO AO NAMESPACE (NÃO REQUER PERMISSÃO DE CLUSTER) - - echo "--- TESTANDO ACESSO AO NAMESPACE ---" - - kubectl -n gohorsejobs get pods || echo "Ainda não há pods, tudo certo" + - echo "--- TESTANDO ACESSO AO NAMESPACE gohorsejobs ---" + - kubectl get pods -n gohorsejobs || echo "Nenhum pod ainda — OK" - # Gera arquivo de envs + - echo "--- GERANDO ARQUIVO .env.k8s ---" - | cat < .env.k8s - AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID - AWS_ENDPOINT=$AWS_ENDPOINT - AWS_REGION=$AWS_REGION - AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY - CORS_ORIGINS=$CORS_ORIGINS - DB_HOST=$DB_HOST - DB_NAME=$DB_NAME - DB_PASSWORD=$DB_PASSWORD - DB_PORT=$DB_PORT - DB_SSLMODE=$DB_SSLMODE - DB_USER=$DB_USER - ENV=$ENV - JWT_SECRET=$JWT_SECRET - MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE - PORT=$PORT - S3_BUCKET=$S3_BUCKET - UPLOAD_DIR=$UPLOAD_DIR - EOF - - # Atualiza secret no namespace - - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s +AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID +AWS_ENDPOINT=$AWS_ENDPOINT +AWS_REGION=$AWS_REGION +AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY +CORS_ORIGINS=$CORS_ORIGINS +DB_HOST=$DB_HOST +DB_NAME=$DB_NAME +DB_PASSWORD=$DB_PASSWORD +DB_PORT=$DB_PORT +DB_SSLMODE=$DB_SSLMODE +DB_USER=$DB_USER +ENV=$ENV +JWT_SECRET=$JWT_SECRET +MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE +PORT=$PORT +S3_BUCKET=$S3_BUCKET +UPLOAD_DIR=$UPLOAD_DIR +EOF + - echo "--- ATUALIZANDO SECRET backend-secrets ---" + - kubectl delete secret backend-secrets -n gohorsejobs --ignore-not-found + - kubectl create secret generic backend-secrets -n gohorsejobs --from-env-file=.env.k8s - name: deploy-backend image: bitnami/kubectl:latest @@ -90,15 +87,13 @@ steps: KUBECONFIG: /tmp/drone-home/.kube/config KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG - commands: - # Cria diretório HOME do executor + - echo "--- PREPARANDO DEPLOY ---" - mkdir -p /tmp/drone-home/.kube - - # Decodifica kubeconfig - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - # Aplica deployment e service - - echo "--- APPLY DEPLOY ---" + - echo "--- APPLY DEPLOYMENT ---" - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml + + - echo "--- APPLY SERVICE ---" - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 6b9b8ba617bb0acbdc0d367d93c78e5cda535b1a Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:46:12 -0300 Subject: [PATCH 36/44] ajuste no drone.yml --- .drone.yml | 70 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 41 insertions(+), 29 deletions(-) diff --git a/.drone.yml b/.drone.yml index 60a1f94..4a8c795 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,7 +14,6 @@ steps: dockerfile: backend/Dockerfile insecure: true insecure_skip_verify: true - debug: true username: from_secret: HARBOR_USERNAME password: @@ -28,33 +27,49 @@ steps: KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG - AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } - AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } - AWS_REGION: { from_secret: AWS_REGION } - AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } - CORS_ORIGINS: { from_secret: CORS_ORIGINS } - DB_HOST: { from_secret: DB_HOST } - DB_NAME: { from_secret: DB_NAME } - DB_PASSWORD: { from_secret: DB_PASSWORD } - DB_PORT: { from_secret: DB_PORT } - DB_SSLMODE: { from_secret: DB_SSLMODE } - DB_USER: { from_secret: DB_USER } - ENV: { from_secret: ENV } - JWT_SECRET: { from_secret: JWT_SECRET } - MAX_UPLOAD_CAD_SIZE: { from_secret: MAX_UPLOAD_CAD_SIZE } - PORT: { from_secret: PORT } - S3_BUCKET: { from_secret: S3_BUCKET } - UPLOAD_DIR: { from_secret: UPLOAD_DIR } + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ENDPOINT: + from_secret: AWS_ENDPOINT + AWS_REGION: + from_secret: AWS_REGION + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + CORS_ORIGINS: + from_secret: CORS_ORIGINS + DB_HOST: + from_secret: DB_HOST + DB_NAME: + from_secret: DB_NAME + DB_PASSWORD: + from_secret: DB_PASSWORD + DB_PORT: + from_secret: DB_PORT + DB_SSLMODE: + from_secret: DB_SSLMODE + DB_USER: + from_secret: DB_USER + ENV: + from_secret: ENV + JWT_SECRET: + from_secret: JWT_SECRET + MAX_UPLOAD_CAD_SIZE: + from_secret: MAX_UPLOAD_CAD_SIZE + PORT: + from_secret: PORT + S3_BUCKET: + from_secret: S3_BUCKET + UPLOAD_DIR: + from_secret: UPLOAD_DIR commands: - - echo "--- CONFIGURANDO KUBECONFIG ---" - mkdir -p /tmp/drone-home/.kube - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - echo "--- TESTANDO ACESSO AO NAMESPACE gohorsejobs ---" - - kubectl get pods -n gohorsejobs || echo "Nenhum pod ainda — OK" + - echo "--- TESTANDO ACESSO AO NAMESPACE ---" + - kubectl -n gohorsejobs get pods || echo "Nenhum pod ainda — OK" - - echo "--- GERANDO ARQUIVO .env.k8s ---" + - echo "--- GERANDO ARQUIVO ENV ---" - | cat < .env.k8s AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -76,9 +91,8 @@ S3_BUCKET=$S3_BUCKET UPLOAD_DIR=$UPLOAD_DIR EOF - - echo "--- ATUALIZANDO SECRET backend-secrets ---" - - kubectl delete secret backend-secrets -n gohorsejobs --ignore-not-found - - kubectl create secret generic backend-secrets -n gohorsejobs --from-env-file=.env.k8s + - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found + - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s - name: deploy-backend image: bitnami/kubectl:latest @@ -87,13 +101,11 @@ EOF KUBECONFIG: /tmp/drone-home/.kube/config KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG + commands: - - echo "--- PREPARANDO DEPLOY ---" - mkdir -p /tmp/drone-home/.kube - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - echo "--- APPLY DEPLOYMENT ---" + - echo "--- APLICANDO DEPLOY ---" - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - - - echo "--- APPLY SERVICE ---" - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From a6ea992234751876f59a3aa3e54043e874b6b3f5 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:46:58 -0300 Subject: [PATCH 37/44] ajuste no drone.yml --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 4a8c795..851e927 100644 --- a/.drone.yml +++ b/.drone.yml @@ -106,6 +106,6 @@ EOF - mkdir -p /tmp/drone-home/.kube - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - echo "--- APLICANDO DEPLOY ---" + - echo "--- APPLY DEPLOY ---" - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 9f872128b3b12c80bf91b53c750d8efacf3c9a9c Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:47:57 -0300 Subject: [PATCH 38/44] ajuste no drone.yml --- .drone.yml | 93 ++++++++++++++++++++---------------------------------- 1 file changed, 34 insertions(+), 59 deletions(-) diff --git a/.drone.yml b/.drone.yml index 851e927..4a2fbfd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -27,69 +27,45 @@ steps: KUBECONFIG_DATA: from_secret: K3S_KUBECONFIG - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID - AWS_ENDPOINT: - from_secret: AWS_ENDPOINT - AWS_REGION: - from_secret: AWS_REGION - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY - CORS_ORIGINS: - from_secret: CORS_ORIGINS - DB_HOST: - from_secret: DB_HOST - DB_NAME: - from_secret: DB_NAME - DB_PASSWORD: - from_secret: DB_PASSWORD - DB_PORT: - from_secret: DB_PORT - DB_SSLMODE: - from_secret: DB_SSLMODE - DB_USER: - from_secret: DB_USER - ENV: - from_secret: ENV - JWT_SECRET: - from_secret: JWT_SECRET - MAX_UPLOAD_CAD_SIZE: - from_secret: MAX_UPLOAD_CAD_SIZE - PORT: - from_secret: PORT - S3_BUCKET: - from_secret: S3_BUCKET - UPLOAD_DIR: - from_secret: UPLOAD_DIR + AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } + AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } + AWS_REGION: { from_secret: AWS_REGION } + AWS_SECRET_ACCESS_KEY: { from_secret: AWS_SECRET_ACCESS_KEY } + CORS_ORIGINS: { from_secret: CORS_ORIGINS } + DB_HOST: { from_secret: DB_HOST } + DB_NAME: { from_secret: DB_NAME } + DB_PASSWORD: { from_secret: DB_PASSWORD } + DB_PORT: { from_secret: DB_PORT } + DB_SSLMODE: { from_secret: DB_SSLMODE } + DB_USER: { from_secret: DB_USER } + ENV: { from_secret: ENV } + JWT_SECRET: { from_secret: JWT_SECRET } + MAX_UPLOAD_CAD_SIZE: { from_secret: MAX_UPLOAD_CAD_SIZE } + PORT: { from_secret: PORT } + S3_BUCKET: { from_secret: S3_BUCKET } + UPLOAD_DIR: { from_secret: UPLOAD_DIR } commands: - mkdir -p /tmp/drone-home/.kube - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - echo "--- TESTANDO ACESSO AO NAMESPACE ---" - - kubectl -n gohorsejobs get pods || echo "Nenhum pod ainda — OK" - - - echo "--- GERANDO ARQUIVO ENV ---" - - | - cat < .env.k8s -AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -AWS_ENDPOINT=$AWS_ENDPOINT -AWS_REGION=$AWS_REGION -AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -CORS_ORIGINS=$CORS_ORIGINS -DB_HOST=$DB_HOST -DB_NAME=$DB_NAME -DB_PASSWORD=$DB_PASSWORD -DB_PORT=$DB_PORT -DB_SSLMODE=$DB_SSLMODE -DB_USER=$DB_USER -ENV=$ENV -JWT_SECRET=$JWT_SECRET -MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE -PORT=$PORT -S3_BUCKET=$S3_BUCKET -UPLOAD_DIR=$UPLOAD_DIR -EOF + - echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.k8s + - echo "AWS_ENDPOINT=$AWS_ENDPOINT" >> .env.k8s + - echo "AWS_REGION=$AWS_REGION" >> .env.k8s + - echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env.k8s + - echo "CORS_ORIGINS=$CORS_ORIGINS" >> .env.k8s + - echo "DB_HOST=$DB_HOST" >> .env.k8s + - echo "DB_NAME=$DB_NAME" >> .env.k8s + - echo "DB_PASSWORD=$DB_PASSWORD" >> .env.k8s + - echo "DB_PORT=$DB_PORT" >> .env.k8s + - echo "DB_SSLMODE=$DB_SSLMODE" >> .env.k8s + - echo "DB_USER=$DB_USER" >> .env.k8s + - echo "ENV=$ENV" >> .env.k8s + - echo "JWT_SECRET=$JWT_SECRET" >> .env.k8s + - echo "MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE" >> .env.k8s + - echo "PORT=$PORT" >> .env.k8s + - echo "S3_BUCKET=$S3_BUCKET" >> .env.k8s + - echo "UPLOAD_DIR=$UPLOAD_DIR" >> .env.k8s - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s @@ -106,6 +82,5 @@ EOF - mkdir -p /tmp/drone-home/.kube - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config - - echo "--- APPLY DEPLOY ---" - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 94a4c99d6bc89f2fd19120bd5db727c268ac8f8d Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 10:54:06 -0300 Subject: [PATCH 39/44] ajuste no drone.yml --- k8s/backend-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index d601eee..29bf950 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -24,6 +24,6 @@ spec: value: "production" envFrom: - secretRef: - name: backend-secrets # O nome do Secret criado no seu pipeline com as variáveis do Infisical + name: backend-secrets imagePullSecrets: - name: harbor-registry \ No newline at end of file From fae2fb00bd343105e3645ae6f67de981192893aa Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 15:08:53 -0300 Subject: [PATCH 40/44] ajuste na porta --- k8s/backend-deployment.yaml | 6 ++++-- k8s/backend-service.yaml | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml index 29bf950..2a251dd 100644 --- a/k8s/backend-deployment.yaml +++ b/k8s/backend-deployment.yaml @@ -18,12 +18,14 @@ spec: image: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend:latest imagePullPolicy: Always ports: - - containerPort: 3000 + - containerPort: 8521 env: - name: NODE_ENV value: "production" + - name: PORT + value: "8521" envFrom: - secretRef: name: backend-secrets imagePullSecrets: - - name: harbor-registry \ No newline at end of file + - name: harbor-registry diff --git a/k8s/backend-service.yaml b/k8s/backend-service.yaml index 0b833c0..080faff 100644 --- a/k8s/backend-service.yaml +++ b/k8s/backend-service.yaml @@ -8,6 +8,6 @@ spec: app: gohorse-backend ports: - name: http - port: 3000 - targetPort: 3000 + port: 8521 + targetPort: 8521 type: ClusterIP From e0cc53fcf6eb8796affd97545c81933c38ea42f0 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 15:28:39 -0300 Subject: [PATCH 41/44] ajuste na porta --- .drone.yml | 53 +++++++++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4a2fbfd..2e3c9c8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,9 +23,8 @@ steps: image: bitnami/kubectl:latest environment: HOME: /tmp/drone-home - KUBECONFIG: /tmp/drone-home/.kube/config - KUBECONFIG_DATA: - from_secret: K3S_KUBECONFIG + KUBECONFIG: + from_secret: KUBECONFIG AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } @@ -47,25 +46,30 @@ steps: commands: - mkdir -p /tmp/drone-home/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config + - echo "$KUBECONFIG" > /tmp/drone-home/.kube/config + - chmod 600 /tmp/drone-home/.kube/config - - echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.k8s - - echo "AWS_ENDPOINT=$AWS_ENDPOINT" >> .env.k8s - - echo "AWS_REGION=$AWS_REGION" >> .env.k8s + # 🔎 valida conexão + - kubectl config get-contexts + - kubectl get ns + + - echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.k8s + - echo "AWS_ENDPOINT=$AWS_ENDPOINT" >> .env.k8s + - echo "AWS_REGION=$AWS_REGION" >> .env.k8s - echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env.k8s - - echo "CORS_ORIGINS=$CORS_ORIGINS" >> .env.k8s - - echo "DB_HOST=$DB_HOST" >> .env.k8s - - echo "DB_NAME=$DB_NAME" >> .env.k8s - - echo "DB_PASSWORD=$DB_PASSWORD" >> .env.k8s - - echo "DB_PORT=$DB_PORT" >> .env.k8s - - echo "DB_SSLMODE=$DB_SSLMODE" >> .env.k8s - - echo "DB_USER=$DB_USER" >> .env.k8s - - echo "ENV=$ENV" >> .env.k8s - - echo "JWT_SECRET=$JWT_SECRET" >> .env.k8s - - echo "MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE" >> .env.k8s - - echo "PORT=$PORT" >> .env.k8s - - echo "S3_BUCKET=$S3_BUCKET" >> .env.k8s - - echo "UPLOAD_DIR=$UPLOAD_DIR" >> .env.k8s + - echo "CORS_ORIGINS=$CORS_ORIGINS" >> .env.k8s + - echo "DB_HOST=$DB_HOST" >> .env.k8s + - echo "DB_NAME=$DB_NAME" >> .env.k8s + - echo "DB_PASSWORD=$DB_PASSWORD" >> .env.k8s + - echo "DB_PORT=$DB_PORT" >> .env.k8s + - echo "DB_SSLMODE=$DB_SSLMODE" >> .env.k8s + - echo "DB_USER=$DB_USER" >> .env.k8s + - echo "ENV=$ENV" >> .env.k8s + - echo "JWT_SECRET=$JWT_SECRET" >> .env.k8s + - echo "MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE" >> .env.k8s + - echo "PORT=$PORT" >> .env.k8s + - echo "S3_BUCKET=$S3_BUCKET" >> .env.k8s + - echo "UPLOAD_DIR=$UPLOAD_DIR" >> .env.k8s - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s @@ -74,13 +78,14 @@ steps: image: bitnami/kubectl:latest environment: HOME: /tmp/drone-home - KUBECONFIG: /tmp/drone-home/.kube/config - KUBECONFIG_DATA: - from_secret: K3S_KUBECONFIG + KUBECONFIG: + from_secret: KUBECONFIG commands: - mkdir -p /tmp/drone-home/.kube - - echo "$KUBECONFIG_DATA" | base64 -d > /tmp/drone-home/.kube/config + - echo "$KUBECONFIG" > /tmp/drone-home/.kube/config + - chmod 600 /tmp/drone-home/.kube/config + - kubectl get pods -n gohorsejobs - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 5082ac8e14e09602893f24a1724bfd805bb21116 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 15:41:54 -0300 Subject: [PATCH 42/44] ajuste na porta --- .drone.yml | 41 +---------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/.drone.yml b/.drone.yml index 2e3c9c8..bfa5088 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,8 +8,7 @@ steps: settings: registry: in.gohorsejobs.com repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend - tags: - - latest + tags: [latest] context: backend dockerfile: backend/Dockerfile insecure: true @@ -22,10 +21,6 @@ steps: - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: - HOME: /tmp/drone-home - KUBECONFIG: - from_secret: KUBECONFIG - AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } AWS_REGION: { from_secret: AWS_REGION } @@ -45,47 +40,13 @@ steps: UPLOAD_DIR: { from_secret: UPLOAD_DIR } commands: - - mkdir -p /tmp/drone-home/.kube - - echo "$KUBECONFIG" > /tmp/drone-home/.kube/config - - chmod 600 /tmp/drone-home/.kube/config - - # 🔎 valida conexão - - kubectl config get-contexts - kubectl get ns - - - echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.k8s - - echo "AWS_ENDPOINT=$AWS_ENDPOINT" >> .env.k8s - - echo "AWS_REGION=$AWS_REGION" >> .env.k8s - - echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env.k8s - - echo "CORS_ORIGINS=$CORS_ORIGINS" >> .env.k8s - - echo "DB_HOST=$DB_HOST" >> .env.k8s - - echo "DB_NAME=$DB_NAME" >> .env.k8s - - echo "DB_PASSWORD=$DB_PASSWORD" >> .env.k8s - - echo "DB_PORT=$DB_PORT" >> .env.k8s - - echo "DB_SSLMODE=$DB_SSLMODE" >> .env.k8s - - echo "DB_USER=$DB_USER" >> .env.k8s - - echo "ENV=$ENV" >> .env.k8s - - echo "JWT_SECRET=$JWT_SECRET" >> .env.k8s - - echo "MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE" >> .env.k8s - - echo "PORT=$PORT" >> .env.k8s - - echo "S3_BUCKET=$S3_BUCKET" >> .env.k8s - - echo "UPLOAD_DIR=$UPLOAD_DIR" >> .env.k8s - - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s - name: deploy-backend image: bitnami/kubectl:latest - environment: - HOME: /tmp/drone-home - KUBECONFIG: - from_secret: KUBECONFIG - commands: - - mkdir -p /tmp/drone-home/.kube - - echo "$KUBECONFIG" > /tmp/drone-home/.kube/config - - chmod 600 /tmp/drone-home/.kube/config - - kubectl get pods -n gohorsejobs - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 672ac05e226293d0effff36c0525ca13d6689504 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 15:47:26 -0300 Subject: [PATCH 43/44] ajuste na porta --- .drone.yml | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index bfa5088..ec21024 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,13 +2,19 @@ kind: pipeline type: kubernetes name: deploy-backend +# 🚨 ESSENCIAL +service_account_name: drone-runner + steps: - name: build-and-push-backend image: plugins/docker:latest + environment: + HOME: /tmp/drone-home settings: registry: in.gohorsejobs.com repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend - tags: [latest] + tags: + - latest context: backend dockerfile: backend/Dockerfile insecure: true @@ -17,10 +23,14 @@ steps: from_secret: HARBOR_USERNAME password: from_secret: HARBOR_PASSWORD + commands: + - mkdir -p /tmp/drone-home - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: + HOME: /tmp/drone-home + AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } AWS_REGION: { from_secret: AWS_REGION } @@ -40,13 +50,36 @@ steps: UPLOAD_DIR: { from_secret: UPLOAD_DIR } commands: - - kubectl get ns + - mkdir -p /tmp/drone-home + + - echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.k8s + - echo "AWS_ENDPOINT=$AWS_ENDPOINT" >> .env.k8s + - echo "AWS_REGION=$AWS_REGION" >> .env.k8s + - echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env.k8s + - echo "CORS_ORIGINS=$CORS_ORIGINS" >> .env.k8s + - echo "DB_HOST=$DB_HOST" >> .env.k8s + - echo "DB_NAME=$DB_NAME" >> .env.k8s + - echo "DB_PASSWORD=$DB_PASSWORD" >> .env.k8s + - echo "DB_PORT=$DB_PORT" >> .env.k8s + - echo "DB_SSLMODE=$DB_SSLMODE" >> .env.k8s + - echo "DB_USER=$DB_USER" >> .env.k8s + - echo "ENV=$ENV" >> .env.k8s + - echo "JWT_SECRET=$JWT_SECRET" >> .env.k8s + - echo "MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE" >> .env.k8s + - echo "PORT=$PORT" >> .env.k8s + - echo "S3_BUCKET=$S3_BUCKET" >> .env.k8s + - echo "UPLOAD_DIR=$UPLOAD_DIR" >> .env.k8s + - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s - name: deploy-backend image: bitnami/kubectl:latest + environment: + HOME: /tmp/drone-home commands: + - mkdir -p /tmp/drone-home + - kubectl get pods -n gohorsejobs - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml From 94597dfeed24b548267b6cd27f8de2813ebc6ab0 Mon Sep 17 00:00:00 2001 From: Marcus Bohessef Date: Fri, 12 Dec 2025 15:59:27 -0300 Subject: [PATCH 44/44] ajuste na porta --- .drone.yml | 53 ++++++++++++++++++++++------------------------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/.drone.yml b/.drone.yml index ec21024..7d68a7a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,14 +2,12 @@ kind: pipeline type: kubernetes name: deploy-backend -# 🚨 ESSENCIAL -service_account_name: drone-runner +# ✅ SERVICE ACCOUNT CORRETO (CLUSTER-WIDE) +service_account_name: drone-deployer steps: - name: build-and-push-backend image: plugins/docker:latest - environment: - HOME: /tmp/drone-home settings: registry: in.gohorsejobs.com repo: in.gohorsejobs.com/gohorsejobs/gohorsejobs-backend @@ -23,14 +21,10 @@ steps: from_secret: HARBOR_USERNAME password: from_secret: HARBOR_PASSWORD - commands: - - mkdir -p /tmp/drone-home - name: export-envs-to-k8s image: bitnami/kubectl:latest environment: - HOME: /tmp/drone-home - AWS_ACCESS_KEY_ID: { from_secret: AWS_ACCESS_KEY_ID } AWS_ENDPOINT: { from_secret: AWS_ENDPOINT } AWS_REGION: { from_secret: AWS_REGION } @@ -50,36 +44,33 @@ steps: UPLOAD_DIR: { from_secret: UPLOAD_DIR } commands: - - mkdir -p /tmp/drone-home - - - echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.k8s - - echo "AWS_ENDPOINT=$AWS_ENDPOINT" >> .env.k8s - - echo "AWS_REGION=$AWS_REGION" >> .env.k8s - - echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env.k8s - - echo "CORS_ORIGINS=$CORS_ORIGINS" >> .env.k8s - - echo "DB_HOST=$DB_HOST" >> .env.k8s - - echo "DB_NAME=$DB_NAME" >> .env.k8s - - echo "DB_PASSWORD=$DB_PASSWORD" >> .env.k8s - - echo "DB_PORT=$DB_PORT" >> .env.k8s - - echo "DB_SSLMODE=$DB_SSLMODE" >> .env.k8s - - echo "DB_USER=$DB_USER" >> .env.k8s - - echo "ENV=$ENV" >> .env.k8s - - echo "JWT_SECRET=$JWT_SECRET" >> .env.k8s - - echo "MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE" >> .env.k8s - - echo "PORT=$PORT" >> .env.k8s - - echo "S3_BUCKET=$S3_BUCKET" >> .env.k8s - - echo "UPLOAD_DIR=$UPLOAD_DIR" >> .env.k8s + - | + cat < .env.k8s + AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID + AWS_ENDPOINT=$AWS_ENDPOINT + AWS_REGION=$AWS_REGION + AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY + CORS_ORIGINS=$CORS_ORIGINS + DB_HOST=$DB_HOST + DB_NAME=$DB_NAME + DB_PASSWORD=$DB_PASSWORD + DB_PORT=$DB_PORT + DB_SSLMODE=$DB_SSLMODE + DB_USER=$DB_USER + ENV=$ENV + JWT_SECRET=$JWT_SECRET + MAX_UPLOAD_CAD_SIZE=$MAX_UPLOAD_CAD_SIZE + PORT=$PORT + S3_BUCKET=$S3_BUCKET + UPLOAD_DIR=$UPLOAD_DIR + EOF - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s - name: deploy-backend image: bitnami/kubectl:latest - environment: - HOME: /tmp/drone-home commands: - - mkdir -p /tmp/drone-home - - kubectl get pods -n gohorsejobs - kubectl apply -n gohorsejobs -f k8s/backend-deployment.yaml - kubectl apply -n gohorsejobs -f k8s/backend-service.yaml