Skip to content

Instantly share code, notes, and snippets.

@benjick
Last active July 3, 2020 14:39
Show Gist options
  • Save benjick/742a4ce883b6f688c6c97f29179ac1d2 to your computer and use it in GitHub Desktop.
Save benjick/742a4ce883b6f688c6c97f29179ac1d2 to your computer and use it in GitHub Desktop.
import * as pulumi from '@pulumi/pulumi';
import * as awsx from '@pulumi/awsx';
import * as k8s from '@pulumi/kubernetes';
import * as docker from '@pulumi/docker';
// Get kubeconfig from main repository
const env = pulumi.getStack();
const cluster = new pulumi.StackReference(`user/infrastructure/${env}`);
const kubeconfig = cluster.getOutput('kubeconfig');
const baseDomain = cluster.getOutput('baseDomain');
// Create kubernetes provider from kubeconfig
const k8sProvider = new k8s.Provider('cluster', {
kubeconfig: kubeconfig.apply(JSON.stringify),
});
// Create docker container registry
const repository = new awsx.ecr.Repository('magento2', {
lifeCyclePolicyArgs: {
rules: [
{
description: 'Expire images older than 14 days',
maximumAgeLimit: 14,
maximumNumberOfImages: 10,
selection: 'any'
},
],
}
});
// Build and push the docker image
export const image = repository.buildAndPushImage({
dockerfile: '../docker/Dockerfile.production',
context: '../..',
})
// Deploy the helm chart
const helmChart = new k8s.helm.v2.Chart(
'magneto2',
{
path: '../helm',
values: {
image,
baseDomain,
},
},
{
provider: k8sProvider,
},
);
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ .Values.name }}-cron
spec:
schedule: '* * * * *'
jobTemplate:
metadata:
creationTimestamp: null
spec:
template:
metadata:
labels:
app: {{ .Values.name }}-cron
spec:
containers:
- name: {{ .Values.name }}-cron
image: {{ .Values.image }}
command: ["/bin/sh"]
args:
- -c
- |
php bin/magento cron:run
env:
{{- range $secret := .Values.secrets }}
- name: {{ $secret.name }}
valueFrom:
secretKeyRef:
name: pulumi
key: {{ $secret.key }}
{{- end }}
envFrom:
- configMapRef:
name: {{ .Values.name }}-env
resources:
limits:
cpu: 500m
memory: 4Gi
requests:
cpu: 50m
memory: 1Gi
restartPolicy: Never
concurrencyPolicy: Forbid
startingDeadlineSeconds: 600
failedJobsHistoryLimit: 20
successfulJobsHistoryLimit: 1
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Values.name }}
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: {{ .Values.name }}
spec:
containers:
- name: {{ .Values.name }}
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
{{- range $secret := .Values.secrets }}
- name: {{ $secret.name }}
valueFrom:
secretKeyRef:
name: pulumi
key: {{ $secret.key }}
{{- end }}
envFrom:
- configMapRef:
name: {{ .Values.name }}-env
readinessProbe:
httpGet:
path: {{ .Values.check }}
port: {{ .Values.service.targetPort }}
initialDelaySeconds: 3
periodSeconds: 3
startupProbe:
httpGet:
path: {{ .Values.check }}
port: {{ .Values.service.targetPort }}
failureThreshold: 30
periodSeconds: 10
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.name }}-env
data:
USE_SECURE: "1"
CONFIG__DEFAULT__SYSTEM__CRON__INDEX__USE_SEPARATE_PROCESS: "0"
CONFIG__DEFAULT__SYSTEM__CRON__DEFAULT__USE_SEPARATE_PROCESS: "0"
CONFIG__DEFAULT__SYSTEM__CRON__CONSUMERS__USE_SEPARATE_PROCESS: "0"
CONFIG__DEFAULT__SYSTEM__CRON__DDG_AUTOMATION__USE_SEPARATE_PROCESS: "0"
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.name }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
protocol: TCP
targetPort: {{ .Values.service.targetPort }}
selector:
app: {{ .Values.name }}
name: magento2
image: xxx.dkr.ecr.eu-west-3.amazonaws.com/magento2:latest
imagePullPolicy: Always
service:
port: 9090
targetPort: 9090
type: LoadBalancer
check: '/pub/health_check.php'
secrets:
- name: BASE_URL
key: magento-baseurl
- name: MYSQL_DB_HOST
key: mysql-endpoint
- name: MYSQL_DB_USER
key: mysql-username
- name: MYSQL_DB_PASS
key: mysql-password
- name: REDIS_HOST
key: redis-endpoint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment