diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 862c89dafbeb938fa1e72eba424cbe8de0346f0f..33ccf6013034cc5eebb887618c5819aa385d7192 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,10 +44,11 @@ build_review_deployment: - docker:dind stage: build script: - - docker run -v "${PWD}"/k8s:/src sparkprime/jsonnet /src/deployment_template.jsonnet --tla-str slug="${CI_COMMIT_REF_SLUG}" > "${CI_COMMIT_REF_SLUG}".json + - docker run -v "${PWD}"/k8s:/src sparkprime/jsonnet /src/deployment_template.jsonnet --tla-str slug="${CI_COMMIT_REF_SLUG}" -m /src artifacts: paths: - - "${CI_COMMIT_REF_SLUG}.json" + - k8s/deployment.json + - k8s/ingress-patch.json build_2019_dev_image: image: docker:git @@ -91,7 +92,8 @@ k8s-2019_dev_review-deploy: - kubectl config set-cluster cluster --server="${KUBE_SERVER}" --embed-certs=true --certificate-authority=cert.crt - kubectl config set-context cluster --cluster=cluster --namespace=rego-dev --user=gitlab-sa - kubectl config use-context cluster - - kubectl --token "${GL_KUBE_TOKEN}" apply -f ${CI_COMMIT_REF_SLUG}.json + - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json + - kubectl --token "${GL_KUBE_TOKEN}" describe ingress | grep "${CI_COMMIT_REF_SLUG}" || kubectl --token "${GL_KUBE_TOKEN}" patch ingress symposion-app-ingress -p "$(cat k8s/ingress-patch.json)" --type json only: - /^dev\/.*$/ environment: @@ -107,7 +109,7 @@ k8s-2019_dev_review-stop-deploy: - kubectl config set-cluster cluster --server="${KUBE_SERVER}" --embed-certs=true --certificate-authority=cert.crt - kubectl config set-context cluster --cluster=cluster --namespace=rego-dev --user=gitlab-sa - kubectl config use-context cluster - - kubectl --token "${GL_KUBE_TOKEN}" delete -f ${CI_COMMIT_REF_SLUG}.json + - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json only: - /^dev\/.*$/ when: manual diff --git a/k8s/deployment_template.jsonnet b/k8s/deployment_template.jsonnet index a7a6e63a635d42cac020a737b7409448759058f0..b6d9047e3648fcabcd55316bab878b3d211cf00b 100644 --- a/k8s/deployment_template.jsonnet +++ b/k8s/deployment_template.jsonnet @@ -1,225 +1,163 @@ function (slug) { - - local namespace = slug + "-rego-dev", + + local app = "symposion-app-" + slug, + local namespace = "rego-dev", local domain = slug + ".dev.lca2019.org", - local tls_certname = slug + "-dev-lca2019-org", - local tls_secret = tls_certname + "-tls", - "apiVersion": "v1", - "items": [ + "deployment.json": { "apiVersion": "v1", - "kind": "Namespace", - "metadata": { - "name": namespace, - "namespace": "", - }, - "spec": { - "finalizers": [ - "kubernetes" - ] - } - }, - { - "apiVersion": "certmanager.k8s.io/v1alpha1", - "kind": "Certificate", - "metadata": { - "name": tls_certname, - "namespace": namespace - }, - "spec": { - "acme": { - "config": [ - { - "domains": [ - domain - ], - "http01": { - "ingress": "", - "ingressClass": "nginx" + "items": [ + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "symposion-app" + }, + "name": app, + "namespace": namespace + }, + "spec": { + "ports": [ + { + "port": 8000, + "protocol": "TCP", + "targetPort": 8000 } - } - ] - }, - "commonName": domain, - "issuerRef": { - "kind": "ClusterIssuer", - "name": "letsencrypt-prod" - }, - "secretName": tls_secret - } - }, - { - "apiVersion": "extensions/v1beta1", - "kind": "Ingress", - "metadata": { - "name": "symposion-app-ingress", - "namespace": namespace - }, - "spec": { - "backend": { - "serviceName": "symposion-app", - "servicePort": 80 - }, - "rules": [ - { - "host": domain, - "http": { - "paths": [ - { - "backend": { - "serviceName": "symposion-app", - "servicePort": 8000 - }, - "path": "/" - } - ] - } - } - ], - "tls": [ - { - "hosts": [ - domain ], - "secretName": tls_secret - } - ] - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "labels": { - "app": "symposion-app" - }, - "name": "symposion-app", - "namespace": namespace - }, - "spec": { - "ports": [ - { - "port": 8000, - "protocol": "TCP", - "targetPort": 8000 - } - ], - "selector": { - "app": "symposion-app" - }, - "sessionAffinity": "None", - "type": "ClusterIP" - } - }, - { - "apiVersion": "extensions/v1beta1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "symposion-app" - }, - "name": "symposion-app", - "namespace": namespace - }, - "spec": { - "replicas": 1, - "revisionHistoryLimit": 1, - "selector": { - "matchLabels": { - "app": "symposion-app" + "selector": { + "app": "symposion-app" + }, + "sessionAffinity": "None", + "type": "ClusterIP" } }, - "strategy": { - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 1 - }, - "type": "RollingUpdate" - }, - "template": { + { + "apiVersion": "extensions/v1beta1", + "kind": "Deployment", "metadata": { "labels": { "app": "symposion-app" - } + }, + "name": app, + "namespace": namespace }, "spec": { - "containers": [ - { - "env": [ - { - "name": "SYMPOSION_APP_DEBUG", - "value": "1" - }, - { - "name": "DJANGO_SECRET_KEY", - "value": "paGhahQuain5ohYoh0moorai" - }, - { - "name": "DATABASE_URL", - "value": "sqlite:////tmp/symposion.sqlite" - }, - { - "name": "GCS_BUCKET", - "value": "CEA51A5-A613-4AEF-A9FB-D0A57D77C13B" - }, - { - "name": "GOOGLE_APPLICATION_CREDENTIALS", - "value": "/dev/null" - }, - { - "name": "STRIPE_PUBLIC_KEY", - "value": "5CEA51A5-A613-4AEF-A9FB-D0A57D77C13B" - }, - { - "name": "STRIPE_SECRET_KEY", - "value": "5CEA51A5-A613-4AEF-A9FB-D0A57D77C13B" - }, - ], - "image": "asia.gcr.io/linuxconfsydney/symposion_app_2019_dev:" + slug, - "imagePullPolicy": "Always", - "livenessProbe": { - "failureThreshold": 3, - "httpGet": { - "path": "/admin/login/", - "port": 8000, - "scheme": "HTTP" - }, - "initialDelaySeconds": 120, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 2 - }, - "name": "symposion-app", - "ports": [ + "replicas": 1, + "revisionHistoryLimit": 1, + "selector": { + "matchLabels": { + "app": "symposion-app" + } + }, + "strategy": { + "rollingUpdate": { + "maxSurge": 1, + "maxUnavailable": 1 + }, + "type": "RollingUpdate" + }, + "template": { + "metadata": { + "labels": { + "app": "symposion-app" + } + }, + "spec": { + "containers": [ { - "containerPort": 8000, - "protocol": "TCP" + "env": [ + { + "name": "SYMPOSION_APP_DEBUG", + "value": "1" + }, + { + "name": "DJANGO_SECRET_KEY", + "value": "paGhahQuain5ohYoh0moorai" + }, + { + "name": "DATABASE_URL", + "value": "sqlite:////tmp/symposion.sqlite" + }, + { + "name": "GCS_BUCKET", + "value": "CEA51A5-A613-4AEF-A9FB-D0A57D77C13B" + }, + { + "name": "GOOGLE_APPLICATION_CREDENTIALS", + "value": "/dev/null" + }, + { + "name": "STRIPE_PUBLIC_KEY", + "value": "5CEA51A5-A613-4AEF-A9FB-D0A57D77C13B" + }, + { + "name": "STRIPE_SECRET_KEY", + "value": "5CEA51A5-A613-4AEF-A9FB-D0A57D77C13B" + }, + ], + "image": "asia.gcr.io/linuxconfsydney/symposion_app_2019_dev:" + slug, + "imagePullPolicy": "Always", + "livenessProbe": { + "failureThreshold": 3, + "httpGet": { + "path": "/admin/login/", + "port": 8000, + "scheme": "HTTP" + }, + "initialDelaySeconds": 120, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 2 + }, + "name": "symposion-app", + "ports": [ + { + "containerPort": 8000, + "protocol": "TCP" + } + ], + "resources": {}, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File" } ], - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File" + "dnsPolicy": "ClusterFirst", + "restartPolicy": "Always", + "schedulerName": "default-scheduler", + "securityContext": {}, + "terminationGracePeriodSeconds": 30 } - ], - "dnsPolicy": "ClusterFirst", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "terminationGracePeriodSeconds": 30, - "volumes": [ + } + } + } + ], + "kind": "List" + }, + "ingress-patch.json": [ + { + "op": "add", + "path": "/spec/rules/-", + "value": { + "host": domain, + "http": { + "paths": [ { - "hostPath": { - "path": "/etc/ssl/certs", - "type": "" + "backend": { + "serviceName": app, + "servicePort": 8000 }, - "name": "ssl-certs" + "path": "/" } ] } } + }, + { + "op": "add", + "path": "/spec/tls/0/hosts/-", + "value": domain } - } ], - "kind": "List" }