From d48902551d60d0aa3b528ac36ad1ec0e89eb6877 Mon Sep 17 00:00:00 2001 From: Thor77 Date: Wed, 24 Apr 2019 15:59:12 +0200 Subject: [PATCH 1/6] Add kubernetes-deploy templates --- kubernetes/deployment.yml.erb | 28 ++++++++++++++++++++++++++++ kubernetes/service.yml | 29 +++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 kubernetes/deployment.yml.erb create mode 100644 kubernetes/service.yml diff --git a/kubernetes/deployment.yml.erb b/kubernetes/deployment.yml.erb new file mode 100644 index 0000000..38e665b --- /dev/null +++ b/kubernetes/deployment.yml.erb @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend-deployment + namespace: turniere + labels: + app: turniere-backend +spec: + replicas: 1 + selector: + matchLabels: + app: turniere-backend + template: + metadata: + labels: + app: turniere-backend + spec: + containers: + - name: backend-container + image: registry.gitlab.com/turniere/turniere-backend:<%= current_sha %> + ports: + - containerPort: 3000 + env: + - name: RAILS_MASTER_KEY + valueFrom: + secretKeyRef: + name: turniere-secret + key: master.key diff --git a/kubernetes/service.yml b/kubernetes/service.yml new file mode 100644 index 0000000..a14665d --- /dev/null +++ b/kubernetes/service.yml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: turniere +spec: + selector: + app: turniere-backend + ports: + - name: http + port: 3000 + targetPort: 3000 +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: backend-ingress + namespace: turniere + annotations: + kubernetes.io/ingress.class: traefik +spec: + rules: + - host: api01.turnie.re + http: + paths: + - path: / + backend: + serviceName: backend-service + servicePort: http From e9a53cf867ff476154ff3cbd9c605a4d067c717b Mon Sep 17 00:00:00 2001 From: Thor77 Date: Wed, 24 Apr 2019 16:01:12 +0200 Subject: [PATCH 2/6] Add .gitlab-ci.yml --- .gitlab-ci.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..77ebdfe --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,36 @@ +stages: + - test + - build + - deploy + +rails spec: + stage: test + image: ruby:2.6.2 + script: + - bundle install --path /cache + - bundle exec rails db:migrate RAILS_ENV=test + - bundle exec rails spec + +kaniko: + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:latest --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA + +kubernetes: + stage: deploy + image: ruby + variables: + KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: gitlab-deploy + script: + - curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + - chmod +x kubectl + - mv kubectl /usr/bin/kubectl + - kubectl config set-cluster k8s --server="https://kubernetes.default.svc" --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - kubectl config set-credentials sa --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" + - kubectl config set-context local --cluster=k8s --user=sa --namespace=turniere + - gem install kubernetes-deploy + - REVISION=$CI_COMMIT_SHA kubernetes-deploy --template-dir kubernetes turniere local From 9353f6ce28d97d83c61bb747cf4ff71d713e8568 Mon Sep 17 00:00:00 2001 From: Thor77 Date: Wed, 24 Apr 2019 16:01:22 +0200 Subject: [PATCH 3/6] Reencrypt credentials because we lost our master.key and the new one is stored in our Kubernetes cluster... --- config/credentials.yml.enc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc index 8bf90fb..f7361fc 100644 --- a/config/credentials.yml.enc +++ b/config/credentials.yml.enc @@ -1 +1 @@ -Y4UIuVqLavjXmFEOE+O7Au4QNdTdrtAWHnwX/cPi8iPFOJ+UqbTh3MEtMv14eZuT6nZrcM/hHq5JgeiVWzqo2HPG3n2pKTOT6Vq9XNKdBnjsrnjvmiPUTKV+rLOJt3jyzU9UUL/TZr+fNFGvukvPX+7jfqcS05SFwZyfTUmjXC8Z4taZl2pxrE5x52grwgIF7Gi0LzPhJEMGJcp2vD2CzmJHMtrw6X5ZXFS6ps1w/j8xpiTtXz4QjCJKUo1q42jg+Vx+ksokFb/RDvd/JiK9llSrmmTAjRKZEvAlKjzSqF6VCXKwlAO4/i9Hw8cvKG10AtZoN/pLTs21R4OvpGJtOMkuPaRQeGIpdwCZAr+2Igwm2tY0SlzfYinMCiGPNvZ/fzRgQ6jnUdXBO/Hx+ovgsx1K1YlNeyKWbXCE--cJq+CSeYnVuFylpi--tT3Rzku2Nhrvw2rrKkwYig== \ No newline at end of file +a/Vh9cLLEd1hfBWkDT1nYmMfT4R/BgM3FMeZCBgaghdJ2O5r5+Fv68PtkdPgNlLObecjswDHrB9G4a6asUuHs9gDNSr1cppsCIFYEPMOxc+UFBxsJI7xD5G5Cz4MSXRg8awKLV5tRj/WG5f5TK3IlvCisqp/MqsHpWVrr0Phyi+GxEiqDqmAT+da5b0DISm+LTMLsSJPpSCTSwg0i8K0PNx6DLEHx0gSjFL8AYkjij2a0IyuOeCWGmhVJLtK/nRIS13ZG9kGlugiCambSbS/2jqh+FAk24pdW1ehEj2Aeho+UTq/Q6UGUGfyJXtsSmv94HGNd4hDOCv5Rl1syzHMgeybC8TxIWWkq2hFp8eaeZlUM/XJJY/SeWrnCQKnVRN/Q7U06sPhXr/mJ3QdAt5h5MVRgEX7HmZg97KN--61sCxyaYwUNHTLta--RPxslZdR5UsB1Jko8C/H2w== \ No newline at end of file From cb9734d5d58f701758ee2aad49c2000028667e80 Mon Sep 17 00:00:00 2001 From: Thor77 Date: Wed, 24 Apr 2019 18:05:10 +0200 Subject: [PATCH 4/6] Add encrypted master.key secret --- kubernetes/secrets.ejson | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 kubernetes/secrets.ejson diff --git a/kubernetes/secrets.ejson b/kubernetes/secrets.ejson new file mode 100644 index 0000000..d8aff96 --- /dev/null +++ b/kubernetes/secrets.ejson @@ -0,0 +1,11 @@ +{ + "_public_key": "c837fba31b5cd2adb6809c23818e9ee1bc7a85f585f8bf9bca767f6e6e71db39", + "kubernetes_secrets": { + "turniere-secret": { + "_type": "Opaque", + "data": { + "master.key": "EJ[1:QEauT9a+p+4WLCIpVRIVafEN6KemhM544B3bx67Gyg4=:/2xjJ3RseqBy6JORX9vkaFv3pnhWYELB:KQvFX2W4aLBquluKJikYeO/sp2TOUROxGU8qj941EMk0vxapeGEh9CdQ9Rit1B+e]" + } + } + } +} From 0b2e0f983cb2cf393eaffcde27e15d245d1f9c97 Mon Sep 17 00:00:00 2001 From: Thor77 Date: Wed, 24 Apr 2019 18:19:23 +0200 Subject: [PATCH 5/6] Deploy only changes on master branch --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 77ebdfe..f676773 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,6 +22,8 @@ kaniko: kubernetes: stage: deploy + only: + - master image: ruby variables: KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: gitlab-deploy From 2873512bd8050dfb2a525e051e629a5b759099d3 Mon Sep 17 00:00:00 2001 From: Thor77 Date: Wed, 24 Apr 2019 21:09:01 +0200 Subject: [PATCH 6/6] Replace build status and coveralls badge to show gitlab pipeline status and coverage for gitlab repo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 04a144b..2fa0341 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# turniere-backend [![Build Status](https://travis-ci.org/turniere/turniere-backend.svg?branch=master)](https://travis-ci.org/turniere/turniere-backend) [![Coverage Status](https://coveralls.io/repos/github/turniere/turniere-backend/badge.svg)](https://coveralls.io/github/turniere/turniere-backend) +# turniere-backend [![pipeline status](https://gitlab.com/turniere/turniere-backend/badges/master/pipeline.svg)](https://gitlab.com/turniere/turniere-backend/commits/master) [![Coverage Status](https://coveralls.io/repos/gitlab/turniere/turniere-backend/badge.svg?branch=ticket%2FTURNIERE-155)](https://coveralls.io/gitlab/turniere/turniere-backend?branch=ticket%2FTURNIERE-155) Ruby on Rails application serving as backend for turnie.re # Installation