Skip to content

Instantly share code, notes, and snippets.

@andrewstuart
Last active June 12, 2023 17:44
Show Gist options
  • Save andrewstuart/8006a6f39ce5cb3fff7211e85c3aec0e to your computer and use it in GitHub Desktop.
Save andrewstuart/8006a6f39ce5cb3fff7211e85c3aec0e to your computer and use it in GitHub Desktop.
One Deployment Per branch, plus CI CD, gitlab and helm setup
image: docker.mydomain.com/build/kube-go-make
variables:
DOCKER_TAG: docker.mydomain.com/myapp/home:$CI_COMMIT_REF_SLUG
DOCKER_HOST: tcp://localhost:2375
DOCKER_DRIVER: overlay
PROD_RSYNC_HOST: myprodserver.com
DOMAIN: mydomain.com
CHART_DIR: chart
stages:
- web
- dockerize
- ci
- deploy
build:web:
stage: web
image: docker.mydomain.com/gulp
script:
- bower install && npm install
- gulp build
cache:
paths: [ bower_components, node_modules ]
artifacts:
paths: [ build ]
build:docker:
stage: dockerize
services: [ docker.mydomain.com/build/dind ]
dependencies: [ 'build:web' ]
script:
- docker build . -t $DOCKER_TAG
- docker push $DOCKER_TAG
- docker inspect --format "{{ index .RepoDigests 0 }}" $DOCKER_TAG > dockersha.txt
artifacts:
paths: [dockersha.txt]
ci:
stage: ci
dependencies: [ 'build:web', 'build:docker' ]
script:
- 'helm upgrade -i myapp-$CI_ENVIRONMENT_SLUG --namespace myapp --set dockerTag=$(cat dockersha.txt) --set version=$CI_ENVIRONMENT_SLUG --set env=$CI_ENVIRONMENT_SLUG --set path=$CI_ENVIRONMENT_SLUG $CHART_DIR' # Deploy the chart templates from the `app` folder
except: [ master ]
environment:
name: staging/$CI_COMMIT_REF_NAME
url: https://preview.$DOMAIN/$CI_ENVIRONMENT_SLUG/
on_stop: review_stop
review_stop:
stage: ci
when: manual
except: [ master ]
variables:
GIT_STRATEGY: none
script:
- helm delete --purge myapp-$CI_ENVIRONMENT_SLUG
environment:
name: staging/$CI_COMMIT_REF_NAME
action: stop
deploy:pilot:
dependencies: [ 'build:docker' ]
stage: deploy
services: [ docker.mydomain.com/build/dind ]
script:
- docker pull $(cat dockersha.txt)
- docker tag $(cat dockersha.txt) docker.mydomain.com/myapp/home
- docker push docker.mydomain.com/myapp/home
- helm upgrade -i myappweb --set dockerTag=$(cat dockersha.txt) --set host=pilot --set version=pilot --namespace=myapp $CHART_DIR
environment:
name: production
url: https://www.$DOMAIN/
only: [master]
deploy:prod:
dependencies: [ 'build:web' ]
image: docker.mydomain.com/build/rsync
stage: deploy
only: [ master ]
script:
- eval $(ssh-agent -s)
# SSH_PRIVATE_KEY is a secret variable set up in this gitlab repo
- ssh-add <(echo "$SSH_PRIVATE_KEY" | sed 's/\r//g')
- mkdir -p $HOME/.ssh
- echo -e "Host $PROD_RSYNC_HOST\n\tStrictHostKeyChecking no\n\n" > $HOME/.ssh/config
- rsync -rv --omit-dir-times --delete build/* myusername@$PROD_RSYNC_HOST:/var/www/www.$DOMAIN/
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myapp-{{ .Values.version | default "latest" | trunc 40 }}
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
template:
metadata:
labels:
app: {{ .Values.version | default "latest" | trunc 40 }}
spec:
containers:
- name: web
image: {{ .Values.dockerTag | default "latest" }}
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 200Mi
ports:
- containerPort: 80
livenessProbe: &g
httpGet:
path: /
port: 80
readinessProbe: *g
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.version | default "latest" | trunc 40}}
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 80
targetPort: 80
selector:
app: {{ .Values.version | default "latest" | trunc 40 }}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-version-{{ .Values.version | default "latest" | trunc 40 }}
namespace: {{ .Release.Namespace }}
annotations:
kubernetes.io/tls-vault: "true"
ingress.kubernetes.io/rewrite-target: "/"
spec:
rules:
- host: {{ .Values.host | default "preview" }}.mydomain.com
http:
paths:
# This gives me the ability to mount PR-specific builds at a specific
# path rather than having proliferating DNS entries/certs.
- path: /{{ .Values.path | default "" }}
backend:
serviceName: {{ .Values.version | default "latest" | trunc 40}}
servicePort: 80
tls:
- secretName: {{ .Values.host | default "preview" }}.mydomain.com.tls
hosts:
- {{ .Values.host | default "preview" }}.mydomain.com
FROM nginx
ADD build/ /usr/share/nginx/html/
@andrusstrockiy
Copy link

not clear how you make

  1. helm init --client-only
  2. Kubectl i.e ./kube/config already preloaded to docker image ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment