Update .gitlab-ci.yml, config/kubernetes/hotfix/ingress.yaml,... (6dab9577) · Commits · devops / k8s-demo / k8s-demo-app

.gitignore

+2 −1

Original line number	Diff line number	Diff line

		.DS_*
		.project
		.buildpath

		@@ -14,3 +14,4 @@ x/
		src/assets/fonts
		src/assets/img
		src/assets/vendor
		generated
		No newline at end of file

.gitlab-ci.yml

+49 −185

Original line number	Diff line number	Diff line
		@@ -57,99 +57,39 @@ stages:
		tags:
		- docker-runner

		.project-variables: &project-variables
		before_script:
		# build label
		- if [[ -f ${BUILD_LABEL_TMPFILE} ]] ; then export BUILD_LABEL=`cat ${BUILD_LABEL_TMPFILE}`; fi
		- if [[ ! -z "${BUILD_LABEL}" ]] ; then export BUILD_LABEL=$(echo "${BUILD_LABEL}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]'); fi
		# get k8s config
		- if [[ -f ${BUILD_LABEL_TMPFILE} ]] ; then export BUILD_LABEL=`cat ${BUILD_LABEL_TMPFILE}`; fi
		- if [[ ! -z "${BUILD_LABEL}" ]] ; then export BUILD_LABEL=$(echo "${BUILD_LABEL}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]'); fi
		# normalize var values
		- if [[ -z "${PROJECTNAME}" ]] ; then export PROJECTNAME="${CI_PROJECT_NAME}"; fi
		- export PROJECTNAME=$(echo "${PROJECTNAME}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]')
		#
		- if [[ -z "${PROJECTNAMESPACE}" ]] ; then export PROJECTNAMESPACE="${CI_PROJECT_NAMESPACE}"; fi
		- export PROJECTNAMESPACE=$(echo "${PROJECTNAMESPACE}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]')
		#
		- if [[ "${CI_COMMIT_REF_NAME}" == "master" ]] ; then export RELEASE="${CI_COMMIT_REF_NAME}"; fi
		- if [[ "${CI_COMMIT_REF_NAME}" == "release" ]] ; then export RELEASE="stable"; fi
		- if [[ -z "${CI_COMMIT_TAG}" ]] ; then export RELEASE="${CI_COMMIT_TAG}"; fi
		- if [[ -z "${RELEASE}" ]] ; then export RELEASE="${CI_COMMIT_REF_NAME}"; fi
		- export RELEASE=$(echo "${RELEASE}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]')
		#
		- if [[ "${CI_COMMIT_REF_NAME}" == "master" ]] ; then export ENVLABEL="staging"; fi
		- if [[ "${CI_COMMIT_REF_NAME}" == "release" ]] ; then export ENVLABEL="staging"; fi
		- if [[ -z "${CI_COMMIT_TAG}" ]] ; then export ENVLABEL="production"; fi
		- if [[ -z "${ENVLABEL}" ]] ; then export ENVLABEL="development"; fi
		- export ENVLABEL=$(echo "${ENVLABEL}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]')
		#
		- if [[ "${CI_COMMIT_REF_NAME}" != "master" ]] && [[ "${CI_COMMIT_REF_NAME}" != "release" ]] && [[ -z "${CI_COMMIT_TAG}" ]] ; then export TEAMLABEL="${GITLAB_USER_LOGIN} - ${GITLAB_USER_EMAIL}"; else export TEAMLABEL="${PROJECTNAME}-team"; fi
		- export TEAMLABEL=$(echo "${TEAMLABEL}" \| sed 's/[^[:alnum:]]/-/g;s/^[-]//;s/[-]$//' \| tr '[:upper:]' '[:lower:]')
		# k8s set/check context
		- if [[ -t kubectl ]] ; then kubectl config current-context; else echo -e "\e[33mNo kubectl available..."; fi
		- if [[ -t kubectl ]] ; then kubectl version; fi

		#########################
		# DEPLOYMENT TEMPLATES #
		#########################

		.dev-deploy-template: &deploy-dev
		stage: deploy
		dependencies:
		- init
		environment:
		name: dev
		url: http://k8s-demo-dev.dev.k8s.bjoernbartels.earth
		script:
		# get k8s (minikube) master-host's https/tls certificates, uses: $KUBEKONFIG, $CI_PROJECT_DIR
		- bin/k8s-certs.sh
		# write version into deployment file
		- sed -i s/DOCKER_TAG/$BUILD_LABEL/g ${CI_PROJECT_DIR}/config/kubernetes/dev/deployment.yaml
		# run kubernetes deployment
		# delete existing harbor login secret (if exists)
		- kubectl delete secret gitlab-harbor-login --ignore-not-found -n k8s-demo-dev
		# add new login secret
		- kubectl create secret docker-registry gitlab-harbor-login --docker-username=$CI_HARBOR_USERNAME --docker-password=$CI_HARBOR_PASSWORD --docker-server=harbor.bjoernbartels.earth --docker-email=gitlab-pipeline@bjoernbartels.earth -n k8s-demo-dev
		# apply configuration
		- kubectl apply -n k8s-demo-dev -f config/kubernetes/dev/deployment.yaml -f config/kubernetes/dev/service.yaml -f config/kubernetes/dev/ingress.yaml
		# rollout image
		- kubectl rollout status -n k8s-demo-dev -w deployment/k8s-demo-app

		.staging-deploy-template: &deploy-staging
		stage: deploy
		dependencies:
		- init
		environment:
		name: integ
		url: http://k8s-demo-test.test.k8s.bjoernbartels.earth
		script:
		# get k8s (minikube) master-host's https/tls certificates, uses: $KUBEKONFIG, $CI_PROJECT_DIR
		- bin/k8s-certs.sh
		# write version into deployment file
		- sed -i s/DOCKER_TAG/$BUILD_LABEL/g ${CI_PROJECT_DIR}/config/kubernetes/staging/deployment.yaml
		# run kubernetes deployment
		# delete existing harbor login secret (if exists)
		- kubectl delete secret k8s-demo-harbor-login --ignore-not-found -n k8s-demo-staging
		# add new login secret
		- kubectl create secret docker-registry k8s-demo-harbor-login --docker-username=$CI_HARBOR_USERNAME --docker-password=$CI_HARBOR_PASSWORD --docker-server=harbor.bjoernbartels.earth --docker-email=gitlab-pipeline@bjoernbartels.earth -n k8s-demo-staging
		# apply configuration
		- kubectl apply -n k8s-demo-staging -f config/kubernetes/staging/deployment.yaml -f config/kubernetes/staging/service.yaml -f config/kubernetes/staging/ingress.yaml
		# rollout image
		- kubectl rollout status -n k8s-demo-staging -w deployment/k8s-demo-app

		.hotfix-deploy-template: &deploy-hotfix
		stage: deploy
		dependencies:
		- init
		environment:
		name: hotfix
		url: http://k8s-demo-hotfix.test.k8s.bjoernbartels.earth
		script:
		# get k8s (minikube) master-host's https/tls certificates, uses: $KUBEKONFIG, $CI_PROJECT_DIR
		- bin/k8s-certs.sh
		# write version into deployment file
		- sed -i s/DOCKER_TAG/$BUILD_LABEL/g ${CI_PROJECT_DIR}/config/kubernetes/hotfix/deployment.yaml
		# run kubernetes deployment
		# delete existing harbor login secret (if exists)
		- kubectl delete secret k8s-demo-harbor-login --ignore-not-found -n k8s-demo-hotfix
		# add new login secret
		- kubectl create secret docker-registry k8s-demo-harbor-login --docker-username=$CI_HARBOR_USERNAME --docker-password=$CI_HARBOR_PASSWORD --docker-server=harbor.bjoernbartels.earth --docker-email=gitlab-pipeline@bjoernbartels.earth -n k8s-demo-hotfix
		# apply configuration
		- kubectl apply -n k8s-demo-hotfix -f config/kubernetes/hotfix/deployment.yaml -f config/kubernetes/hotfix/service.yaml -f config/kubernetes/hotfix/ingress.yaml
		# rollout image
		- kubectl rollout status -n k8s-demo-hotfix -w deployment/k8s-demo-app


		.prod-deploy-template: &deploy-prod
		stage: deploy
		dependencies:
		- init
		environment:
		name: production
		url: http://k8s-demo.k8s.bjoernbartels.earth
		script:
		# get k8s (minikube) master-host's https/tls certificates, uses: $KUBEKONFIG, $CI_PROJECT_DIR
		- bin/k8s-certs.sh
		# write version into deployment file
		- sed -i s/DOCKER_TAG/$BUILD_LABEL/g ${CI_PROJECT_DIR}/config/kubernetes/prod/deployment.yaml
		# run kubernetes deployment
		# delete existing harbor login secret (if exists)
		- kubectl delete secret k8s-demo-harbor-login --ignore-not-found -n k8s-demo-prod
		# add new login secret
		- kubectl create secret docker-registry k8s-demo-harbor-login --docker-username=$CI_HARBOR_USERNAME --docker-password=$CI_HARBOR_PASSWORD --docker-server=harbor.bjoernbartels.earth --docker-email=gitlab-pipeline@bjoernbartels.earth -n k8s-demo-prod
		# apply configuration
		- kubectl apply -n k8s-demo-prod -f config/kubernetes/prod/deployment.yaml -f config/kubernetes/prod/service.yaml -f config/kubernetes/prod/ingress.yaml
		# rollout image
		- kubectl rollout status -n k8s-demo-prod -w deployment/k8s-demo-app


		#################
		@@ -160,13 +100,11 @@ variables:
		BUILD_TARGET: public
		BUILD_LABEL_TMPFILE: TMP_BUILD_LABEL

		before_script:
		- if [ -f ${BUILD_LABEL_TMPFILE} ]; then export BUILD_LABEL=`cat ${BUILD_LABEL_TMPFILE}`; fi


		init:
		<<: [build-env-job, pushcache]
		stage: setup
		#when: manual
		before_script:
		- bin/build-env.sh
		- export BUILD_LABEL=$(TZ=Europe/Berlin date +%Y%m%d.%H%M-$CI_COMMIT_REF_NAME)
		@@ -182,8 +120,9 @@ init:
		- ${BUILD_LABEL_TMPFILE}

		node-js:
		<<: [build-env-job, pullcache]
		<<: [build-env-job, pullcache, *project-variables]
		stage: build
		#when: manual
		dependencies:
		- init
		cache: {}
		@@ -203,6 +142,10 @@ node-js:
		- echo -e "TAG=`git describe --always --tags`" >> ${BUILD_INFO_FILE}
		- echo -e "COMMIT=${CI_COMMIT_SHA}" >> ${BUILD_INFO_FILE}
		- echo -e "PIPELINE=${CI_PIPELINE_ID}" >> ${BUILD_INFO_FILE}
		- echo -e "PROJECT=${PROJECTNAME}" >> ${BUILD_INFO_FILE}
		- echo -e "NAMESPACE=${PROJECTNAMESPACE}" >> ${BUILD_INFO_FILE}
		- echo -e "RELEASE=${RELEASE}" >> ${BUILD_INFO_FILE}
		- echo -e "TEAMLABEL=${TEAMLABEL}" >> ${BUILD_INFO_FILE}
		# print debug-info
		- cat ${BUILD_INFO_FILE}
		- ls -la public/assets
		@@ -211,8 +154,9 @@ node-js:
		- ${BUILD_TARGET}

		docker:
		<<: [dind-job, pullcache]
		<<: [dind-job, pullcache, *project-variables]
		stage: package
		when: manual
		only:
		- master
		- tags
		@@ -221,42 +165,16 @@ docker:
		- init
		- node-js
		script:
		- pwd
		- ls -la
		- docker login harbor.bjoernbartels.earth:8013 -u "$CI_HARBOR_USERNAME" -p "$CI_HARBOR_PASSWORD"
		# build docker image and tag with version
		- docker build --no-cache --build-arg ARTIFACT_DIR=${BUILD_TARGET} -t harbor.bjoernbartels.earth:8013/k8s-demo/${CI_PROJECT_NAME}:$BUILD_LABEL .
		- docker push harbor.bjoernbartels.earth:8013/k8s-demo/${CI_PROJECT_NAME}:$BUILD_LABEL
		- docker login harbor.bjoernbartels.earth:8013 -u "${CI_HARBOR_USERNAME}" -p "${CI_HARBOR_PASSWORD}"
		- docker build --no-cache --build-arg ARTIFACT_DIR=${BUILD_TARGET} -t harbor.bjoernbartels.earth:8013/${PROJECTNAMESPACE}/${PROJECTNAME}:${BUILD_LABEL} .
		- docker push harbor.bjoernbartels.earth:8013/${PROJECTNAMESPACE}/${PROJECTNAME}:${BUILD_LABEL}


		dev-docker-image:
		<<: [dind-job, pullcache]
		<<: [dind-job, pullcache, *project-variables]
		stage: package
		#when: manual
		#only:
		# kubernetes: active
		except:
		- master
		- release
		- tags
		dependencies:
		- init
		- node-js
		script:
		- pwd
		# get k8s (minikube) master-host's https/tls certificates, uses: $KUBEKONFIG, $CI_PROJECT_DIR
		- bin/k8s-certs.sh
		# combine docker & deploy step: build docker feature image and deploy on kubernetes
		- docker login harbor.bjoernbartels.earth:8013 -u "$CI_HARBOR_USERNAME" -p "$CI_HARBOR_PASSWORD"
		- docker build --no-cache --build-arg ARTIFACT_DIR=${BUILD_TARGET} -t harbor.bjoernbartels.earth:8013/k8s-demo/${CI_PROJECT_NAME}:$CI_COMMIT_REF_NAME .
		- docker push harbor.bjoernbartels.earth:8013/k8s-demo/${CI_PROJECT_NAME}:$CI_COMMIT_REF_NAME

		k8s-deployment:
		<<: [dind-job, pullcache]
		stage: deploy
		#when: manual
		#only:
		# kubernetes: active
		except:
		- master
		- release
		@@ -264,62 +182,8 @@ k8s-deployment:
		dependencies:
		- init
		- node-js
		- dev-docker-image
		environment:
		name: dev
		url: http://k8s-demo-dev.dev.k8s.bjoernbartels.earth
		script:
		# get k8s (minikube) master-host's https/tls certificates, uses: $KUBEKONFIG, $CI_PROJECT_DIR
		- bin/k8s-certs.sh
		# tag/version replacements
		- sed -i s/DOCKER_TAG/$CI_COMMIT_REF_NAME/g config/kubernetes/dev/deployment.yaml
		- sed -i s/HOSTNAME_SUFFIX/$CI_COMMIT_REF_NAME/g config/kubernetes/dev/ingress-feature.yaml
		# k8s deployments
		- kubectl version
		- kubectl apply -n k8s-demo-dev -f config/kubernetes/dev/deployment.yaml -f config/kubernetes/dev/service.yaml -f config/kubernetes/dev/ingress-feature.yaml
		# k8s rollout
		- kubectl rollout status -n k8s-demo-dev -w deployment/k8s-demo-app

		DEV-manual:
		<<: [ dind-job, deploy-dev, *pullcache ]
		when: manual
		only:
		#kubernetes: active
		refs:
		- master
		- tags
		- release

		STAGING-auto:
		<<: [ dind-job, deploy-staging, *pullcache ]
		only:
		#kubernetes: active
		refs:
		- master

		STAGING-manual:
		<<: [ dind-job, deploy-staging, *pullcache ]
		only:
		#kubernetes: active
		refs:
		- tags
		- release
		when: manual

		HOTFIX-manual:
		<<: [ dind-job, deploy-hotfix, *pullcache ]
		only:
		#kubernetes: active
		refs:
		- tags
		- release
		when: manual

		PRODUCTION-manual:
		<<: [ dind-job, deploy-prod, *pullcache ]
		only:
		#kubernetes: active
		refs:
		- tags
		- release
		when: manual
		# build docker feature image
		- docker login harbor.bjoernbartels.earth:8013 -u "${CI_HARBOR_USERNAME}" -p "${CI_HARBOR_PASSWORD}"
		- docker build --no-cache --build-arg ARTIFACT_DIR=${BUILD_TARGET} -t harbor.bjoernbartels.earth:8013/${PROJECTNAMESPACE}/${PROJECTNAME}:${RELEASE} .
		- docker push harbor.bjoernbartels.earth:8013/${PROJECTNAMESPACE}/${PROJECTNAME}:${RELEASE}

README.md

+3 −1

Original line number	Diff line number	Diff line
		# k8s-Demo
		# k8s-Demo - demo application

		- (javascript) demo application
		No newline at end of file

config/kubernetes/dev/deployment.yaml

+9 −2

Original line number	Diff line number	Diff line
		@@ -2,7 +2,7 @@ apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
		kind: Deployment
		metadata:
		name: k8s-demo-app
		namespace: k8s-demo-dev
		namespace: k8s-demo
		labels:
		team: k8s-demo-dev
		stage: dev
		@@ -24,6 +24,13 @@ spec:
		image: harbor.bjoernbartels.earth:8013/k8s-demo/k8s-demo-app:DOCKER_TAG
		ports:
		- containerPort: 8080
		resources:
		requests:
		memory: "100Mi"
		cpu: "100m"
		limits:
		memory: "100Mi"
		cpu: "100m"
		readinessProbe:
		httpGet:
		path: /

config/kubernetes/dev/ingress-feature.yaml

+30 −5

Original line number	Diff line number	Diff line
		@@ -2,19 +2,44 @@ apiVersion: extensions/v1beta1
		kind: Ingress
		metadata:
		name: k8s-demo-app
		#annotations:
		# kubernetes.io/ingress.class: "nginx"
		# nginx.ingress.kubernetes.io/upstream-vhost: "$host"
		namespace: k8s-demo-dev
		annotations:
		url: "https://k8s-demo-HOSTNAME_SUFFIX.bjoernbartels.dev"
		kubernetes.io/ingress.class: "nginx"
		cert-manager.io/cluster-issuer: letsencrypt-cf-production
		namespace: k8s-demo
		labels:
		team: k8s-demo-dev
		stage: dev
		spec:
		tls:
		- hosts:
		- k8s-demo-HOSTNAME_SUFFIX.bjoernbartels.dev
		secretName: k8s-demo-HOSTNAME_SUFFIX-letsencrypt-certificate
		rules:
		- host: k8s-demo-HOSTNAME_SUFFIX.dev.k8s.bjoernbartels.earth
		- host: k8s-demo-HOSTNAME_SUFFIX.bjoernbartels.dev
		http:
		paths:
		- path: /
		backend:
		serviceName: k8s-demo-app
		servicePort: 8080

		---

		apiVersion: cert-manager.io/v1alpha2
		kind: Certificate
		metadata:
		name: k8s-demo-HOSTNAME_SUFFIX-letsencrypt-certificate
		namespace: k8s-demo
		spec:
		secretName: k8s-demo-HOSTNAME_SUFFIX-letsencrypt-certificate
		duration: 2160h # 90d
		renewBefore: 360h # 15d
		commonName: k8s-demo-HOSTNAME_SUFFIX.bjoernbartels.dev
		dnsNames:
		- k8s-demo-HOSTNAME_SUFFIX.bjoernbartels.dev
		#uriSANs:
		#- spiffe://cluster.local/ns/sandbox/sa/example
		issuerRef:
		name: letsencrypt-cf-production
		kind: ClusterIssuer