Merge branch 'TUR-25' into 'master'

TUR-25: Switch to autodeployment using ArgoCD

Closes TUR-25

See merge request turniere/turniere-frontend!28

.gitlab-ci.yml

@@ -1,54 +1,11 @@
 stages:
   - build
+  - test
   - deploy
 
-kaniko:
+variables:
-  tags:
+  DOCKER_IMAGE_ENVS: "production"
-    - docker
-  stage: build
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  script:
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:latest --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
 
-kubernetes:
+include:
-  tags:
+  - project: 'turniere/turniere-infra'
-    - turniere-deploy
+    file: '/ci/pipeline.yaml'
-  stage: deploy
-  only:
-    refs:
-      - master
-    variables:
-      - $FORCE_DEPLOY
-  image: ruby
-  variables:
-    KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: gitlab-deploy
-  script:
-    - curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
-    - chmod +x kubectl
-    - mv kubectl /usr/bin/kubectl 
-    - kubectl config set-cluster k8s --server="https://kubernetes.default.svc" --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    - kubectl config set-credentials sa --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
-    - kubectl config set-context local --cluster=k8s --user=sa --namespace=turniere-frontend
-    - gem install krane
-    - krane render -f kubernetes --current-sha "$CI_COMMIT_SHA" | krane deploy turniere-frontend local -f -
-
-deploy_watchtower:
-  tags:
-    - docker
-  stage: deploy
-  only:
-    refs:
-      - master
-    variables:
-      - $FORCE_DEPLOY
-  image: docker
-  services:
-    - docker:dind
-  script:
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE/production:deploy
-    - docker push $CI_REGISTRY_IMAGE/production:deploy

chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: turniere-frontend
+description: turnie.re frontend
+type: application
+version: 0.1.0
+appVersion: "latest"

chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "chart.labels" -}}
+helm.sh/chart: {{ include "chart.chart" . }}
+{{ include "chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

chart/templates/deployment.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chart.fullname" . }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "chart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "chart.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          env:
+            - name: TURNIERE_API_URL
+              value: "{{ .Values.turniere.backend }}"
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

chart/templates/ingress.yaml

@@ -0,0 +1,19 @@
+{{- $fullName := include "chart.fullname" . -}}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ $fullName }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+{{ range $host := .Values.ingress.hosts }}
+    - match: Host(`{{ $host }}`)
+      kind: Rule
+      services:
+        - name: {{ $fullName }}
+          port: {{ $.Values.service.port }}
+{{ end }}
+  tls:
+    certResolver: leresolver

chart/templates/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "chart.fullname" . }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+spec:
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "chart.selectorLabels" . | nindent 4 }}

chart/values.yaml

@@ -0,0 +1,23 @@
+replicaCount: 1
+
+image:
+  repository: registry.gitlab.com/turniere/turniere-frontend/production/commits
+  pullPolicy: IfNotPresent
+  tag: ""
+
+podAnnotations: {}
+
+securityContext: {}
+#  runAsNonRoot: true
+#  runAsUser: 1000
+
+service:
+  port: 8080
+
+ingress:
+  hosts: []
+
+resources: {}
+
+turniere:
+  backend: ""

kubernetes/deployment.yml.erb

@@ -1,25 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: frontend-deployment
-  namespace: turniere-frontend
-  labels:
-    app: turniere-frontend
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: turniere-frontend
-  template:
-    metadata:
-      labels:
-        app: turniere-frontend
-    spec:
-      containers:
-      - name: frontend-container
-        image: registry.gitlab.com/turniere/turniere-frontend:<%= current_sha %>
-        ports:
-        - containerPort: 80
-        env:
-        - name: TURNIERE_API_URL
-          value: 'https://api01.turnie.re'

kubernetes/rolebinding.yml

@@ -1,13 +0,0 @@
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: gitlab-deploy-rb
-  namespace: turniere-frontend
-subjects:
-  - kind: ServiceAccount
-    name: gitlab-deploy
-    namespace: gitlab
-roleRef:
-  kind: ClusterRole
-  name: gitlab-deploy-role
-  apiGroup: rbac.authorization.k8s.io

kubernetes/service.yml

@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: frontend-service
-  namespace: turniere-frontend
-spec:
-  selector:
-    app: turniere-frontend
-  ports:
-  - name: http
-    port: 80
-    targetPort: 80
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: frontend-ingress-http
-  namespace: turniere-frontend
-spec:
-  entryPoints:
-    - http
-  routes:
-    - match: Host(`frontend01.turnie.re`) || Host(`turnie.re`)
-      kind: Rule
-      services:
-        - name: frontend-service
-          port: 80
-      middlewares:
-        - name: redirect
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: frontend-ingress-https
-  namespace: turniere-frontend
-spec:
-  entryPoints:
-    - https
-  routes:
-    - match: Host(`frontend01.turnie.re`) || Host(`turnie.re`)
-      kind: Rule
-      services:
-        - name: frontend-service
-          port: 80
-  tls:
-    certResolver: default