Merge pull request #1 from vcscsvcscs/feature/create-kubernetes-deployments

Feature Create kubernetes deployments

.github/workflows/auth-service-cd.yml

@@ -0,0 +1,51 @@
+name: Release Auth service to Docker Hub and Deploy to Kubernetes
+
+on:
+  push:
+    paths:
+      - "auth-service/**"
+      - "deployment/auth-service/**"
+      - ".github/workflows/auth-service-cd.yml"
+
+jobs:
+    docker:
+      name: Build and Push Auth-service image to Docker Hub
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/github-script@v6
+          id: create_image_tag
+          with:
+            script: |
+              if (context.issue.number) {
+                return "pr" + context.issue.number;
+              } else if(github.ref == 'refs/heads/main') {
+                return 'latest';
+              } else {
+                return "pr" + (
+                  await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                    commit_sha: context.sha,
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                  })
+                ).data[0].number;
+              }
+            result-encoding: string
+        - name: Image tag
+          run: echo '${{steps.create_image_tag.outputs.result}}'
+
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@v3
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+        - name: Login to Docker Hub
+          uses: docker/login-action@v3
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        - name: Build and push
+          uses: docker/build-push-action@v5
+          with:
+            push: true
+            context: "{{defaultContext}}:auth-service"
+            tags: vcscsvcscs/gheritage-auth-service:${{steps.create_image_tag.outputs.result}}
+            platforms: linux/arm64/v8

.github/workflows/auth-service-ci.yml

@@ -0,0 +1,24 @@
+name: Authentication service Continuous Integration
+on:
+  push:
+    paths:
+      - "auth-service/**"
+  pull_request:
+    paths:
+      - "auth-service/**"
+      
+jobs:
+  lint:
+    uses: ./.github/workflows/go_lint.yml
+    with:
+      working-directory: 'auth-service'
+  build:
+    needs: lint
+    uses: ./.github/workflows/go_build.yml
+    with:
+      working-directory: 'auth-service'
+  test:
+    needs: build
+    uses: ./.github/workflows/go_test.yml
+    with:
+      working-directory: 'auth-service'

.github/workflows/backend-cd.yml

@@ -0,0 +1,51 @@
+name: Release Backend service to Docker Hub and Deploy to Kubernetes
+
+on:
+  push:
+    paths:
+      - "backend/**"
+      - "deployment/backend/**"
+      - ".github/workflows/backend-cd.yml"
+  
+jobs:
+    docker:
+      name: Build and Push Backend image to Docker Hub
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/github-script@v6
+          id: create_image_tag
+          with:
+            script: |
+              if (context.issue.number) {
+                return "pr" + context.issue.number;
+              } else if(github.ref == 'refs/heads/main') {
+                return 'latest';
+              } else {
+                return "pr" + (
+                  await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                    commit_sha: context.sha,
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                  })
+                ).data[0].number;
+              }
+            result-encoding: string
+        - name: Image tag
+          run: echo '${{steps.create_image_tag.outputs.result}}'
+
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@v3
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+        - name: Login to Docker Hub
+          uses: docker/login-action@v3
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        - name: Build and push
+          uses: docker/build-push-action@v5
+          with:
+            push: true
+            context: "{{defaultContext}}:backend"
+            tags: vcscsvcscs/gheritage-backend-service:${{steps.create_image_tag.outputs.result}}
+            platforms: linux/arm64/v8

.github/workflows/backend-ci.yml

@@ -0,0 +1,23 @@
+name: Backend Continuous Integration
+on:
+  push:
+    paths:
+      - "backend/**"
+  pull_request:
+    paths:
+      - "backend/**"
+jobs:
+  lint:
+    uses: ./.github/workflows/go_lint.yml
+    with:
+      working-directory: 'backend'
+  build:
+    needs: lint
+    uses: ./.github/workflows/go_build.yml
+    with:
+      working-directory: 'backend'
+  test:
+    needs: build
+    uses: ./.github/workflows/go_test.yml
+    with:
+      working-directory: 'backend'

.github/workflows/frontend-ci.yml

@@ -0,0 +1,19 @@
+name: Frontend Continuous Integration
+on:
+  push:
+    paths:
+      - "frontend/**"
+  pull_request:
+    paths:
+      - "frontend/**"
+      
+jobs:
+  lint:
+    uses: ./.github/workflows/svelte_lint.yml
+    with:
+      working-directory: 'frontend'
+  build:
+    needs: lint
+    uses: ./.github/workflows/svelte_build.yml
+    with:
+      working-directory: 'frontend'

.github/workflows/go_build.yml

@@ -0,0 +1,29 @@
+on:
+  workflow_call:
+    inputs:
+      working-directory:
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Go 1.22.x'
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22.x'
+
+      - name: Display Go version
+        run: go version
+
+      - name: Install dependencies
+        run: |
+          cd ${{ inputs.working-directory }}
+          go get
+      
+      - name: Build
+        run: |
+          cd ${{ inputs.working-directory }}
+          go build .

.github/workflows/go_lint.yml

@@ -0,0 +1,22 @@
+on:
+  workflow_call:
+    inputs:
+      working-directory:
+        required: true
+        type: string
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+          cache: false
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: latest
+          working-directory: ${{ inputs.working-directory }}

.github/workflows/go_test.yml

@@ -0,0 +1,29 @@
+on:
+  workflow_call:
+    inputs:
+      working-directory:
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Go 1.22.x'
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22.x'
+
+      - name: Display Go version
+        run: go version
+
+      - name: Install dependencies
+        run: |
+          cd ${{ inputs.working-directory }}
+          go get
+          
+      - name: Run tests
+        run: |
+          cd ${{ inputs.working-directory }}
+          go test ./...

.github/workflows/svelte_build.yml

@@ -0,0 +1,24 @@
+on:
+  workflow_call:
+    inputs:
+      working-directory:
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '21.x'
+      - name: Install dependencies
+        run: |
+          cd ${{ inputs.working-directory }}
+          npm ci
+      - name: Build
+        run: |
+          cd ${{ inputs.working-directory }}
+          npm run build

.github/workflows/svelte_lint.yml

@@ -0,0 +1,24 @@
+on:
+  workflow_call:
+    inputs:
+      working-directory:
+        required: true
+        type: string
+
+jobs: 
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '21.x'
+      - name: Install dependencies
+        run: |
+          cd ${{ inputs.working-directory }}
+          npm ci
+      - name: Lint
+        run: |
+          cd ${{ inputs.working-directory }}
+          npm run lint

.golangci.yml

@@ -0,0 +1,132 @@
+linters-settings:
+  depguard:
+    rules:
+      logger:
+        deny:
+          # logging is allowed only by logutils.Log,
+          # logrus is allowed to use only in logutils package.
+          - pkg: "github.com/sirupsen/logrus"
+            desc: logging is allowed only by logutils.Log.
+          - pkg: "github.com/pkg/errors"
+            desc: Should be replaced by standard lib errors package.
+          - pkg: "github.com/instana/testify"
+            desc: It's a fork of github.com/stretchr/testify.
+  dupl:
+    threshold: 100
+  funlen:
+    lines: -1 # the number of lines (code + empty lines) is not a right metric and leads to code without empty line or one-liner.
+    statements: 50
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - ifElseChain
+      - octalLiteral
+      - whyNoLint
+  gocyclo:
+    min-complexity: 15
+  gofmt:
+    rewrite-rules:
+      - pattern: 'interface{}'
+        replacement: 'any'
+  gomnd:
+    # don't include the "operation" and "assign"
+    checks:
+      - argument
+      - case
+      - condition
+      - return
+    ignored-numbers:
+      - '0'
+      - '1'
+      - '2'
+      - '3'
+    ignored-functions:
+      - strings.SplitN
+  govet:
+    settings:
+      printf:
+        funcs:
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
+    enable:
+      - nilness
+      - shadow
+  errorlint:
+    asserts: false
+  lll:
+    line-length: 140
+  misspell:
+    locale: US
+  nolintlint:
+    allow-unused: false # report any unused nolint directives
+    require-explanation: false # don't require an explanation for nolint directives
+    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+  revive:
+    rules:
+      - name: unexported-return
+        disabled: true
+      - name: unused-parameter
+
+linters:
+  disable-all: true
+  enable:
+    - bodyclose
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - errorlint
+    - exportloopref
+    - funlen
+    - gocheckcompilerdirectives
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+    - gomnd
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - noctx
+    - nolintlint
+    - revive
+    - staticcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - whitespace
+
+  # don't enable:
+  # - asciicheck
+  # - gochecknoglobals
+  # - gocognit
+  # - godot
+  # - godox
+  # - goerr113
+  # - nestif
+  # - prealloc
+  # - testpackage
+  # - wsl
+
+run:
+  timeout: 5m

README.md

@@ -23,3 +23,10 @@ The purpose of the thesis is to develop a web application that enables the commu
 Users could register and the system would provide the ability to edit their own profiles, which are part of the family tree structure. The family tree would contain not only names and birth dates but also additional information such as schools, residences, workplaces, life wisdom, important knowledge, and photos. Furthermore, the application would employ protective measures, so that only those related by blood could access each other's data.
 
 The task is highly complex, as it involves not only designing the user interface and the family tree structure but also properly implementing security layers. The development of the database system, the cloud-based server, and the CI/CD system present further challenges. The application must ensure optimal display on various devices and screen sizes, which requires additional development and design skills. The thesis details the extent to which specific challenges and solutions related to the project contribute to the success and functionality of the software.
+
+## Deployment
+To deploy all micro services use:
+
+```bash:
+kubectl apply --server-side -k .
+```

auth-service/dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.22-alpine as build
+
+WORKDIR /app
+
+COPY . .
+
+RUN GOOS=linux GOARCH=arm64 go build -o auth-service
+
+FROM arm64v8/busybox
+
+COPY --from=build /app/auth-service /app/
+
+CMD [ "/app/auth-service" ]

backend/dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.22-alpine as build
+
+WORKDIR /app
+
+COPY . .
+
+RUN GOOS=linux GOARCH=arm64 go build -o backend
+
+FROM busybox
+
+COPY --from=build /app/backend /app/
+
+CMD [ "/app/backend" ]

deployment/auth-service-argo.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gh-auth-service
+spec:
+  project: generations-heritage-vv
+  source:
+    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
+    path: deployment/auth-service
+    targetRevision: main
+    kustomize:
+      namespace: generations-heritage
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: generations-heritage
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    

deployment/auth-service/certificate.yaml

@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gh-auth-service-certificate
+  annotations:
+    argocd.argoproj.io/hook: PreSync
+spec:
+  isCA: false
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+    - gh-auth-service.generations-heritage.svc.cluster.local
+    - gh-auth-service
+    - localhost
+  ipAddresses:
+    - 127.0.0.1
+  subject:
+    organizations:
+      - GenerationsHeritage
+  secretName: gh-auth-service-tls
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  issuerRef:
+    name: default-cluster-ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  

deployment/auth-service/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: gh-auth-service
+    app.kubernetes.io/name: gh-auth-service
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    argocd.argoproj.io/hook: Synce
+  name: gh-auth-service
+  namespace: generations-heritage
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: gh-auth-service
+      app.kubernetes.io/name: gh-auth-service
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: gh-auth-service
+        app.kubernetes.io/name: gh-auth-service
+    spec:
+      containers:
+        - image: vcscsvcscs/gheritage-auth-service:latest
+          imagePullPolicy: Always
+          name: gh-auth-service
+          ports:
+          - containerPort: 443
+            name: gin
+          securityContext:
+            runAsUser: 0
+          resources:
+            limits:
+              cpu: 250m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 50Mi
+          volumeMounts:
+            - name: gh-auth-service-certs
+              mountPath: /etc/gh-auth-service/ssl
+      volumes:
+      - name: gh-auth-service-certs
+        secret:
+          secretName: gh-auth-service-tls

deployment/auth-service/horizontalPodAutoScaler.yaml

@@ -0,0 +1,26 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: gh-auth-service
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: gh-auth-service
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 50

deployment/auth-service/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+resources:
+  - ./certificate.yaml
+  - ./deployment.yaml
+  - ./service.yaml
+  - ./horizontalPodAutoScaler.yaml

deployment/auth-service/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: gh-auth-service
+    app.kubernetes.io/name: gh-auth-service
+  name: gh-auth-service
+spec:
+  ports:
+  - name: gin
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app.kubernetes.io/instance: gh-auth-service
+    app.kubernetes.io/name: gh-auth-service
+  type: ClusterIP

deployment/backend-argo.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gh-backend
+spec:
+  project: generations-heritage-vv
+  source:
+    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
+    path: deployment/backend
+    targetRevision: main
+    kustomize:
+      namespace: generations-heritage
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: generations-heritage
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    

deployment/backend/certificate.yaml

@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gh-backend-certificate
+  annotations:
+    argocd.argoproj.io/hook: PreSync
+spec:
+  isCA: false
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+    - gh-backend.generations-heritage.svc.cluster.local
+    - gh-backend
+    - localhost
+  ipAddresses:
+    - 127.0.0.1
+  subject:
+    organizations:
+      - GenerationsHeritage
+  secretName: gh-backend-tls
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  issuerRef:
+    name: default-cluster-ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  

deployment/backend/deployment.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: gh-backend
+    app.kubernetes.io/name: gh-backend
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    argocd.argoproj.io/hook: Synce
+  name: gh-backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: gh-backend
+      app.kubernetes.io/name: gh-backend
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: gh-backend
+        app.kubernetes.io/name: gh-backend
+    spec:
+      containers:
+        - image: vcscsvcscs/gheritage-backend-service:latest
+          imagePullPolicy: Always
+          name: gh-backend
+          ports:
+          - containerPort: 443
+            name: gin
+          securityContext:
+            runAsUser: 0
+          resources:
+            limits:
+              cpu: 500m
+              memory: 500Mi
+            requests:
+              cpu: 100m
+              memory: 100Mi
+          volumeMounts:
+            - name: gh-backend-certs
+              mountPath: /etc/gh-backend/ssl
+      volumes:
+      - name: gh-backend-certs
+        secret:
+          secretName: gh-backend-tls

deployment/backend/horizontalPodAutoScaler.yaml

@@ -0,0 +1,26 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: gh-backend
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: gh-backend
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 50

deployment/backend/ingressRoute.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gh-backend
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`heritagebackend.varghacsongor.hu`)
+      services:
+        - name: gh-backend
+          port: 443
+          passHostHeader: true
+          scheme: https
+  tls: {}

deployment/backend/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+resources:
+  - ./certificate.yaml
+  - ./deployment.yaml
+  - ./service.yaml
+  - ./ingressRoute.yaml
+  - ./horizontalPodAutoScaler.yaml

deployment/backend/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: gh-backend
+    app.kubernetes.io/name: gh-backend
+  name: gh-backend
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+    argocd.argoproj.io/hook: Synce
+spec:
+  ports:
+  - name: gin
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app.kubernetes.io/instance: gh-backend
+    app.kubernetes.io/name: gh-backend
+  type: ClusterIP

deployment/cert-issuer.yaml

@@ -0,0 +1,45 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: trust-manager-selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cluster-root-certificate
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: cluster-root-certificate-ca
+  secretName: cluster-root-certificate-ca-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: trust-manager-selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: default-cluster-ca-issuer
+spec:
+  ca:
+    secretName: cluster-root-certificate-ca-secret
+---
+apiVersion: trust.cert-manager.io/v1alpha1
+kind: Bundle
+metadata:
+  name: in-cluster-trust-bundle
+spec:
+  sources:
+  - useDefaultCAs: true
+  - secret:
+      name: "cluster-root-certificate-ca-secret"
+      key: "tls.crt"
+  target:
+    configMap:
+      key: "trust-bundle.pem"

deployment/memgraph-argo.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memgraph
+spec:
+  project: generations-heritage-vv
+  source:
+    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
+    path: deployment/memgraph
+    targetRevision: main
+    kustomize:
+      namespace: generations-heritage
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: generations-heritage
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    

deployment/memgraph/certificates.yaml

@@ -0,0 +1,30 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: memraph-certificate
+  annotations:
+    argocd.argoproj.io/hook: PreSync
+spec:
+  isCA: false
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+    - memgraph.generations-heritage.svc.cluster.local
+    - memgraph
+    - localhost
+  ipAddresses:
+    - 127.0.0.1
+  subject:
+    organizations:
+      - Memgraph
+      - GenerationsHeritage
+  secretName: memgraph-tls
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  issuerRef:
+    name: default-cluster-ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  

deployment/memgraph/kustomization.yaml

@@ -0,0 +1,33 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+resources:
+  - ./certificates.yaml
+
+helmCharts:
+  - name: memgraph
+    repo: https://memgraph.github.io/helm-charts
+    releaseName: memgraph
+    namespace: generations-heritage
+    version: 0.1.1
+    valuesFile: ./values.yaml
+
+patches:
+  - target:
+      kind: StatefulSet
+      name: memgraph
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/volumeMounts/-
+        value:
+          name: memgraph-certs
+          mountPath: /etc/memgraph/ssl
+      - op: add
+        path: /spec/template/spec/volumes/-
+        value:
+          name: memgraph-certs
+          secret:
+            secretName: memgraph-tls
+
+            

deployment/memgraph/values.yaml

@@ -0,0 +1,52 @@
+image:
+  repository: memgraph/memgraph
+  # Overrides the image tag whose default is v{{ .Chart.AppVersion }}
+  tag: ""
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 7687
+  targetPort: 7687
+  protocol: TCP
+  annotations: {}
+
+persistentVolumeClaim:
+  storagePVC: true
+  storagePVCSize: 2Gi
+  logPVC: true
+  logPVCSize: 256Mi
+
+memgraphConfig:
+  - "--also-log-to-stderr=true"
+  - "--bolt-cert-file=/etc/memgraph/ssl/tls.crt"
+  - "--bolt-key-file=/etc/memgraph/ssl/tls.key"
+
+# Annotations to add to the statefulSet
+statefulSetAnnotations: {}
+# Annotations to add to the Pod
+podAnnotations: {}
+
+resources:
+  {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""

deployment/project-argo.yaml

@@ -0,0 +1,14 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: generations-heritage-vv
+spec:
+  description: Generations heritages is a project that aims to preserve the heritage of families based on bloodlines.
+  sourceRepos:
+  - '*' # Allow all repositories
+  destinations:
+  - namespace: 'generations-heritage'
+    server: '*'
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*' # Allow all kinds

deployment/zitadel-argo.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: zitadel
+spec:
+  project: generations-heritage-vv
+  source:
+    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
+    path: deployment/zitadel
+    targetRevision: main
+    kustomize:
+      namespace: generations-heritage
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: generations-heritage
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    

deployment/zitadel/cert-job.yaml

@@ -0,0 +1,113 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: zitadel-cert-creator
+  annotations: 
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-creator
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets" ]
+    verbs: [ "create" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: zitadel-cert-creator
+  annotations: 
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "2"
+subjects:
+  - kind: ServiceAccount
+    name:  zitadel-cert-creator
+roleRef:
+  kind: Role
+  name: secret-creator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: create-zitadel-cert
+  annotations: 
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      serviceAccountName: zitadel-cert-creator
+      containers:
+      - command:
+          - /bin/bash
+          - -ecx
+          - |
+            cockroach cert create-client \
+            --certs-dir /cockroach/cockroach-certs \
+            --ca-key /cockroach/cockroach-certs/ca.key \
+            --lifetime 8760h \
+            zitadel
+            export SECRET=$(cat <<EOF
+            {
+              "apiVersion": "v1",
+              "kind": "Secret",
+              "data": {
+                "ca.crt": "$(base64 /cockroach/cockroach-certs/ca.crt --wrap 0)",
+                "tls.crt": "$(base64 /cockroach/cockroach-certs/client.zitadel.crt --wrap 0)",
+                "tls.key": "$(base64 /cockroach/cockroach-certs/client.zitadel.key --wrap 0)"
+              },
+              "metadata": {
+                "name": "db-cockroachdb-zitadel-secret"
+              },
+              "type": "kubernetes.io/tls"
+            }
+            EOF
+            )
+            export APISERVER=https://kubernetes.default.svc SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+            export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) TOKEN=$(cat ${SERVICEACCOUNT}/token) CACERT=${SERVICEACCOUNT}/ca.crt
+            curl \
+            --cacert ${CACERT} \
+            --header "Authorization: Bearer ${TOKEN}" \
+            --header "Content-Type: application/json" \
+            -X POST ${APISERVER}/api/v1/namespaces/${NAMESPACE}/secrets \
+            --data "$(echo -n $SECRET | tr -d '\n')"
+        image: cockroachdb/cockroach:v23.1.8
+        imagePullPolicy: IfNotPresent
+        name: create-zitadel-cert
+        volumeMounts:
+        - mountPath: /cockroach/cockroach-certs/
+          name: certs
+      initContainers:
+      - command:
+        - /bin/sh
+        - -c
+        - cp -f /certs/* /cockroach-certs/; chmod 0400 /cockroach-certs/*.key
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        name: copy-certs
+        volumeMounts:
+        - mountPath: /cockroach-certs/
+          name: certs
+        - mountPath: /certs/
+          name: certs-secret
+      volumes:
+      - emptyDir: {}
+        name: certs
+      - name: certs-secret
+        projected:
+          defaultMode: 420
+          sources:
+          - secret:
+              items:
+              - key: ca.crt
+                mode: 256
+                path: ca.crt
+              - key: ca.key
+                mode: 256
+                path: ca.key
+              name: cockroachdb-ca-secret

deployment/zitadel/cockroach-values.yaml

@@ -0,0 +1,13 @@
+tls:
+  enabled: true
+    
+annotations:
+  argocd.argoproj.io/hook: Sync
+
+storage:
+  persistentVolume:
+    size: 5Gi
+
+init:
+  jobAnnotations:
+    argocd.argoproj.io/hook: Sync

deployment/zitadel/ingressRoute.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: zitadel-server
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`zitadel.varghacsongor.hu`)
+      priority: 10
+      services:
+        - name: zitadel
+          port: 8080
+          passHostHeader: true
+    - kind: Rule
+      match: Host(`zitadel.varghacsongor.hu`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: zitadel
+          port: 8080
+          scheme: h2c
+          passHostHeader: true
+  tls: {}

deployment/zitadel/kustomization.yaml

@@ -0,0 +1,58 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+resources:
+  - ./cert-job.yaml
+  - ./secrets.yaml
+  - ./ingressRoute.yaml
+
+helmCharts:
+  - name: cockroachdb
+    repo: https://charts.cockroachdb.com/
+    releaseName: cockroachdb
+    namespace: generations-heritage
+    version: 12.0.2
+    valuesFile: cockroach-values.yaml
+  - name: zitadel
+    repo: https://charts.zitadel.com
+    releaseName: zitadel
+    namespace: generations-heritage
+    version: 7.10.0
+    valuesFile: ./values.yaml
+
+patches:
+  - target:
+      kind: CronJob
+    patch: |
+      - op: replace
+        path: /apiVersion
+        value: batch/v1
+  - target:
+      name: zitadel-setup
+      kind: Job
+    patch: |
+      - op: add
+        path: /metadata/annotations/argocd.argoproj.io~1sync-wave
+        value: 4
+  - target:
+      name: zitadel-setup
+      kind: Job
+    patch: |
+      - op: add
+        path: /metadata/annotations/argocd.argoproj.io~1hook
+        value: Sync
+  - target:
+      name: zitadel-init
+      kind: Job
+    patch: |
+      - op: add
+        path: /metadata/annotations/argocd.argoproj.io~1sync-wave
+        value: 3
+  - target:
+      name: zitadel-init
+      kind: Job
+    patch: |
+      - op: add
+        path: /metadata/annotations/argocd.argoproj.io~1hook
+        value: Sync

deployment/zitadel/secrets.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: zitadel-masterkey
+  annotations:
+    argocd.argoproj.io/hook: PreSync
+  labels:
+    secret-generator.cs.sap.com/enabled: "true"
+stringData: 
+  masterkey: "%generate"
+  admin-password: "%generate"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cockroach-auth
+  annotations:
+    argocd.argoproj.io/hook: PreSync
+  labels:
+    secret-generator.cs.sap.com/enabled: "true"
+stringData:
+  cockroach-password: "%generate"
+  user-password: "%generate"

deployment/zitadel/values.yaml

@@ -0,0 +1,47 @@
+zitadel:
+  masterkeySecretName: zitadel-masterkey
+  configmapConfig:
+    ExternalSecure: true
+    ExternalDomain: zitadel.varghacsongor.hu
+    ExternalPort: 443
+    TLS:
+      Enabled: false
+    Database:
+      Cockroach:
+        Host: cockroachdb-public
+        User:
+          SSL:
+            Mode: verify-full
+        Admin:
+          SSL:
+            Mode: verify-full
+
+  dbSslCaCrtSecret: cockroachdb-ca-secret
+  dbSslAdminCrtSecret: cockroachdb-client-secret
+  dbSslUserCrtSecret: db-cockroachdb-zitadel-secret
+
+annotations:
+  argocd.argoproj.io/sync-wave: "5"
+  argocd.argoproj.io/hook: Sync
+
+env:
+  - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME
+    value: "admin"
+
+  - name: ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: zitadel-masterkey
+        key: admin-password
+
+  - name: ZITADEL_DATABASE_COCKROACH_USER_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: cockroach-auth
+        key: user-password
+
+  - name: ZITADEL_DATABASE_COCKROACH_ADMIN_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: cockroach-auth
+        key: cockroach-password

frontend/.eslintignore

@@ -0,0 +1,39 @@
+/.nyc_output
+/coverage
+/lib
+/node_modules
+/*.config.js
+!/.vscode
+!/.github
+!/.devcontainer
+/prettier-playground
+/tests/fixtures/rules/indent/invalid/ts
+/tests/fixtures/rules/indent/invalid/ts-v5
+/tests/fixtures/rules/indent/invalid/snippets01-input.svelte
+/tests/fixtures/rules/indent/valid/
+/tests/fixtures/rules/no-unused-class-name/valid/invalid-style01-input.svelte
+/tests/fixtures/rules/no-unused-class-name/valid/unknown-lang01-input.svelte
+/tests/fixtures/rules/valid-compile/invalid/ts
+/tests/fixtures/rules/valid-compile/valid/babel
+/tests/fixtures/rules/valid-compile/valid/ts
+/tests/fixtures/rules/prefer-style-directive
+/tests/fixtures/rules/@typescript-eslint
+/tests/fixtures/rules/valid-compile/valid/svelte3-options-custom-element-input.svelte
+/tests/fixtures/rules/mustache-spacing/valid/always/snippet-render01-input.svelte
+/tests/fixtures/rules/mustache-spacing/invalid/snippet-render01-input.svelte
+/.svelte-kit
+/svelte.config-dist.js
+/build
+/docs-svelte-kit/shim/eslint.mjs
+/docs-svelte-kit/shim/assert.mjs
+!/.*.js
+/docs-svelte-kit/src/routes/*.md
+/docs-svelte-kit/src/routes/**/*.md
+/docs-svelte-kit/src/app.html
+
+# JSONSchema bug?
+/.devcontainer/devcontainer.json
+
+# Parser bug?
+/tests/fixtures/rules/indent/invalid/const-tag01-input.svelte
+/tests/fixtures/rules/indent/invalid/const-tag01-output.svelte

frontend/.eslintrc.cjs

@@ -0,0 +1,19 @@
+module.exports = {
+	extends: ['plugin:svelte/base', 'plugin:svelte/recommended', 'plugin:svelte/prettier'],
+	overrides: [
+		{
+			files: ['*.svelte'],
+			parser: 'svelte-eslint-parser'
+		}
+	],
+	env: {
+		es6: true
+	},
+	parserOptions: {
+		ecmaFeatures: {
+			experimentalObjectRestSpread: true,
+			jsx: true
+		},
+		sourceType: 'module'
+	}
+};

frontend/.prettierignore

@@ -0,0 +1,8 @@
+.svelte-kit
+.type-coverage
+build
+/lib
+.npmrc
+.eslintignore
+/tests/fixtures/rules/indent/valid/
+.changeset

frontend/.prettierrc.cjs

@@ -0,0 +1,31 @@
+'use strict';
+
+module.exports = {
+	useTabs: true,
+	singleQuote: true,
+	trailingComma: 'none',
+	printWidth: 100,
+	plugins: ['prettier-plugin-svelte'],
+	overrides: [
+		{
+			files: ['.*rc'],
+			excludeFiles: ['.browserslistrc', '.npmrc', '.nvmrc'],
+			options: {
+				parser: 'json'
+			}
+		},
+		{
+			files: ['*.svelte'],
+			options: {
+				bracketSameLine: false
+			}
+		},
+		{
+			files: ['*.md', 'package.json', '**/package.json'],
+			options: {
+				useTabs: false,
+				tabWidth: 2
+			}
+		}
+	]
+};

frontend/package.json

@@ -1,19 +1,31 @@
 {
-	"name": "frontend",
-	"version": "0.0.1",
-	"private": true,
-	"scripts": {
-		"dev": "vite dev",
-		"build": "vite build",
-		"preview": "vite preview"
-	},
-	"devDependencies": {
-		"@sveltejs/adapter-auto": "^3.0.0",
-		"@sveltejs/adapter-static": "^3.0.1",
-		"@sveltejs/kit": "^2.0.0",
-		"@sveltejs/vite-plugin-svelte": "^3.0.0",
-		"svelte": "^4.2.7",
-		"vite": "^5.0.3"
-	},
-	"type": "module"
+  "name": "frontend",
+  "version": "0.0.1",
+  "private": true,
+  "scripts": {
+    "dev": "vite dev",
+    "build": "vite build",
+    "preview": "vite preview",
+    "format": "npx prettier --write --plugin prettier-plugin-svelte .",
+    "lint": "npx eslint --ext .svelte --ext .js ."
+  },
+  "devDependencies": {
+    "@babel/core": "^7.24.0",
+    "@babel/eslint-parser": "^7.23.10",
+    "@sveltejs/adapter-auto": "^3.0.0",
+    "@sveltejs/adapter-static": "^3.0.1",
+    "@sveltejs/kit": "^2.0.0",
+    "@sveltejs/vite-plugin-svelte": "^3.0.0",
+    "eslint": "^8.57.0",
+    "eslint-config-google": "^0.14.0",
+    "eslint-plugin-svelte": "^2.35.1",
+    "prettier": "^3.2.5",
+    "prettier-plugin-svelte": "^3.2.2",
+    "svelte": "^4.2.12",
+    "vite": "^5.0.3"
+  },
+  "type": "module",
+  "dependencies": {
+    "svelte-eslint-parser": "^0.33.1"
+  }
 }

frontend/src/routes/+page.svelte

@@ -1,2 +1,4 @@
 <h1>Welcome to SvelteKit</h1>
-<p>Visit <a href="https://kit.svelte.dev">kit.svelte.dev</a> to read the documentation</p>
+<p>
+	Visit <a href="https://kit.svelte.dev">kit.svelte.dev</a> to read the documentation
+</p>

kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+
+resources:
+  - ./deployment/cert-issuer.yaml
+  - ./deployment/project-argo.yaml
+  - ./deployment/auth-service-argo.yaml
+  - ./deployment/memgraph-argo.yaml
+  - ./deployment/backend-argo.yaml
+  - ./deployment/zitadel-argo.yaml