Add helm chart
This commit is contained in:
parent
6afc5a9e62
commit
cbd80f50cb
|
|
@ -50,14 +50,8 @@ kubernetes:
|
|||
variables:
|
||||
KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: gitlab-deploy
|
||||
script:
|
||||
- curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
|
||||
- chmod +x kubectl
|
||||
- mv kubectl /usr/bin/kubectl
|
||||
- kubectl config set-cluster k8s --server="https://kubernetes.default.svc" --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
- kubectl config set-credentials sa --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
|
||||
- kubectl config set-context local --cluster=k8s --user=sa --namespace=turniere-backend
|
||||
- gem install krane
|
||||
- krane render -f kubernetes --current-sha "$CI_COMMIT_SHA" | krane deploy turniere-backend local -f kubernetes/secrets.ejson -
|
||||
- setup-kubectl
|
||||
- krane render -f kubernetes --current-sha "$CI_COMMIT_SHA" | krane deploy turniere-backend-dev local -f kubernetes/secrets.ejson -
|
||||
|
||||
deploy_watchtower:
|
||||
stage: deploy
|
||||
|
|
@ -74,3 +68,4 @@ deploy_watchtower:
|
|||
- docker pull $CI_REGISTRY_IMAGE/production/commits:$CI_COMMIT_SHA
|
||||
- docker tag $CI_REGISTRY_IMAGE/production/commits:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE/production:deploy
|
||||
- docker push $CI_REGISTRY_IMAGE/production:deploy
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: v2
|
||||
name: turniere-backend
|
||||
description: turnie.re backend
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: "latest"
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "chart.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "chart.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "chart.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "chart.labels" -}}
|
||||
helm.sh/chart: {{ include "chart.chart" . }}
|
||||
{{ include "chart.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "chart.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "chart.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "chart.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "chart.fullname" . }}
|
||||
labels:
|
||||
{{- include "chart.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "chart.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "chart.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: RAILS_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: rails-master-key
|
||||
key: master.key
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{{- $fullName := include "chart.fullname" . -}}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`{{ .Values.ingress.host }}`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: {{ $fullName }}
|
||||
port: {{ .Values.service.port }}
|
||||
tls:
|
||||
certResolver: leresolver
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
annotations:
|
||||
sealedsecrets.bitnami.com/cluster-wide: "true"
|
||||
creationTimestamp: null
|
||||
name: rails-master-key
|
||||
spec:
|
||||
encryptedData:
|
||||
master.key: AgBzhjABvgqp0gRdbY6JS2I5s0ir/p9xp8/KSGRZY6Gcl+saGjF6ZIFP9Tm84WwkDOujn6qW8h2Me5vxA943b8lOHXwrPXCjuM7FRt5pGlXjS08zLB08fD1mZ6btrs50AUih0YeB92pDJ7yup3eE7jJA+n1vTnNTNh62iCzLOdqHpr3IgJKvJueWcgQLjB5Lwden649QKCdpwd82el+xYLRuuS/teUANKCbLxypzp4A+Wmgcw1KmO9F29/XjiYCOJ0b1oFyI9oMhF+dyh0c3XUqNOA4TtD6a2nFtfDlVN57DmrcwAnzuXAWVDZ/RDEm5c2LVGCxAe463XDA4a+ruNYoAlbpUz2Zaqi+nISN98y2nTpWQOYICN+etps0k/o8qx8xTfPQMUG6T1D207LvzNl0Df/S2mOIWDvlEmAUZTr0PY+5e4n3cLvsemDo0/ea1+edK4eW+qbHDUTb9QswsYxysQuvHHhVv0G45887YGR/zEZLQ0yRHPyk6LwOXQ7MQc7YU/ZF3bms+93E7bgDVJVS/WneM3EEa0iTAIWre14VvOS3F4nMS5+2fcz5Nh+l1XER4F4+NllJRpINGF0wdBQDEDoyw25/6sPS/R7zheGNH32kpJx/7eEMh5LJzjA/ZseYo4t2TpD1U/OpGnfyzrQ+D/dM6p5C+WG7GD4P2M8Oqarl2YxbBf3rM0YDn0aMGc/PWN+M/TvsR5WAabQV9VRspEfoHcKEvHLqtbeeIflVd7w==
|
||||
template:
|
||||
data: null
|
||||
metadata:
|
||||
annotations:
|
||||
sealedsecrets.bitnami.com/cluster-wide: "true"
|
||||
creationTimestamp: null
|
||||
name: rails-master-key
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "chart.fullname" . }}
|
||||
labels:
|
||||
{{- include "chart.labels" . | nindent 4 }}
|
||||
spec:
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "chart.selectorLabels" . | nindent 4 }}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: registry.gitlab.com/turniere/turniere-backend/production/commits
|
||||
pullPolicy: IfNotPresent
|
||||
tag: ""
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
securityContext: {}
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
port: 8080
|
||||
|
||||
ingress:
|
||||
host: ""
|
||||
|
||||
resources: {}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: backend-deployment
|
||||
namespace: turniere-backend
|
||||
labels:
|
||||
app: turniere-backend
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: turniere-backend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: turniere-backend
|
||||
spec:
|
||||
containers:
|
||||
- name: backend-container
|
||||
image: registry.gitlab.com/turniere/turniere-backend/production/commits:<%= current_sha %>
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
env:
|
||||
- name: RAILS_MASTER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: turniere-secret
|
||||
key: master.key
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: gitlab-deploy-rb
|
||||
namespace: turniere-backend
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: gitlab-deploy
|
||||
namespace: gitlab
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: gitlab-deploy-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
"_public_key": "c837fba31b5cd2adb6809c23818e9ee1bc7a85f585f8bf9bca767f6e6e71db39",
|
||||
"kubernetes_secrets": {
|
||||
"turniere-secret": {
|
||||
"_type": "Opaque",
|
||||
"data": {
|
||||
"master.key": "EJ[1:QEauT9a+p+4WLCIpVRIVafEN6KemhM544B3bx67Gyg4=:/2xjJ3RseqBy6JORX9vkaFv3pnhWYELB:KQvFX2W4aLBquluKJikYeO/sp2TOUROxGU8qj941EMk0vxapeGEh9CdQ9Rit1B+e]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: backend-service
|
||||
namespace: turniere-backend
|
||||
spec:
|
||||
selector:
|
||||
app: turniere-backend
|
||||
ports:
|
||||
- name: http
|
||||
port: 3000
|
||||
targetPort: 3000
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: backend-ingress-http
|
||||
namespace: turniere-backend
|
||||
spec:
|
||||
entryPoints:
|
||||
- http
|
||||
routes:
|
||||
- match: Host(`api01.turnie.re`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: backend-service
|
||||
port: 3000
|
||||
middlewares:
|
||||
- name: redirect
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: backend-ingress-https
|
||||
namespace: turniere-backend
|
||||
spec:
|
||||
entryPoints:
|
||||
- https
|
||||
routes:
|
||||
- match: Host(`api01.turnie.re`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: backend-service
|
||||
port: 3000
|
||||
tls:
|
||||
certResolver: default
|
||||
Loading…
Reference in New Issue