benjick/deploy-helm-pulumi.ts

## deploy-helm-pulumi.ts
import * as pulumi from '@pulumi/pulumi';
import * as awsx from '@pulumi/awsx';
import * as k8s from '@pulumi/kubernetes';
import * as docker from '@pulumi/docker';

// Get kubeconfig from main repository
const env = pulumi.getStack();
const cluster = new pulumi.StackReference(`user/infrastructure/${env}`);
const kubeconfig = cluster.getOutput('kubeconfig');
const baseDomain = cluster.getOutput('baseDomain');

// Create kubernetes provider from kubeconfig
const k8sProvider = new k8s.Provider('cluster', {
  kubeconfig: kubeconfig.apply(JSON.stringify),
});

// Create docker container registry
const repository = new awsx.ecr.Repository('magento2', {
  lifeCyclePolicyArgs: {
    rules: [
      {
        description: 'Expire images older than 14 days',
        maximumAgeLimit: 14,
        maximumNumberOfImages: 10,
        selection: 'any'
      },
    ],
  }
});

// Build and push the docker image
export const image = repository.buildAndPushImage({
  dockerfile: '../docker/Dockerfile.production',
  context: '../..',
})

// Deploy the helm chart
const helmChart = new k8s.helm.v2.Chart(
  'magneto2',
  {
    path: '../helm',
    values: {
      image,
      baseDomain,
    },
  },
  {
    provider: k8sProvider,
  },
);

## magento2-cron.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: {{ .Values.name }}-cron
spec:
  schedule: '* * * * *'
  jobTemplate:
    metadata:
      creationTimestamp: null
    spec:
      template:
        metadata:
          labels:
            app: {{ .Values.name }}-cron
        spec:
          containers:
          - name: {{ .Values.name }}-cron
            image: {{ .Values.image }}
            command: ["/bin/sh"]
            args:
            - -c
            - |
              php bin/magento cron:run
            env:
            {{- range $secret := .Values.secrets }}
            - name: {{ $secret.name }}
              valueFrom:
                secretKeyRef:
                  name: pulumi
                  key: {{ $secret.key }}
            {{- end }}
            envFrom:
            - configMapRef:
                name: {{ .Values.name }}-env
            resources:
              limits:
                cpu: 500m
                memory: 4Gi
              requests:
                cpu: 50m
                memory: 1Gi
          restartPolicy: Never
  concurrencyPolicy: Forbid
  startingDeadlineSeconds: 600
  failedJobsHistoryLimit: 20
  successfulJobsHistoryLimit: 1

## magento2-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.name }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ .Values.name }}
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    metadata:
      labels:
        app: {{ .Values.name }}
    spec:
      containers:
      - name: {{ .Values.name }}
        image: {{ .Values.image }}
        imagePullPolicy: {{ .Values.imagePullPolicy }}
        env:
        {{- range $secret := .Values.secrets }}
        - name: {{ $secret.name }}
          valueFrom:
            secretKeyRef:
              name: pulumi
              key: {{ $secret.key }}
        {{- end }}
        envFrom:
          - configMapRef:
              name: {{ .Values.name }}-env
        readinessProbe:
          httpGet:
            path: {{ .Values.check }}
            port: {{ .Values.service.targetPort }}
          initialDelaySeconds: 3
          periodSeconds: 3
        startupProbe:
          httpGet:
            path: {{ .Values.check }}
            port: {{ .Values.service.targetPort }}
          failureThreshold: 30
          periodSeconds: 10

## magneto2-env.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Values.name }}-env
data:
  USE_SECURE: "1"
  CONFIG__DEFAULT__SYSTEM__CRON__INDEX__USE_SEPARATE_PROCESS: "0"
  CONFIG__DEFAULT__SYSTEM__CRON__DEFAULT__USE_SEPARATE_PROCESS: "0"
  CONFIG__DEFAULT__SYSTEM__CRON__CONSUMERS__USE_SEPARATE_PROCESS: "0"
  CONFIG__DEFAULT__SYSTEM__CRON__DDG_AUTOMATION__USE_SEPARATE_PROCESS: "0"

## magneto2-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: {{ .Values.name }}
spec:
  type: {{ .Values.service.type }}
  ports:
  - port: {{ .Values.service.port }}
    protocol: TCP
    targetPort: {{ .Values.service.targetPort }}
  selector:
    app: {{ .Values.name }}

## values.yaml
name: magento2
image: xxx.dkr.ecr.eu-west-3.amazonaws.com/magento2:latest
imagePullPolicy: Always

service:
  port: 9090
  targetPort: 9090
  type: LoadBalancer

check: '/pub/health_check.php'

secrets:
  - name: BASE_URL
    key: magento-baseurl

  - name: MYSQL_DB_HOST
    key: mysql-endpoint

  - name: MYSQL_DB_USER
    key: mysql-username

  - name: MYSQL_DB_PASS
    key: mysql-password

  - name: REDIS_HOST
    key: redis-endpoint
	import * as pulumi from '@pulumi/pulumi';
	import * as awsx from '@pulumi/awsx';
	import * as k8s from '@pulumi/kubernetes';
	import * as docker from '@pulumi/docker';

	// Get kubeconfig from main repository
	const env = pulumi.getStack();
	const cluster = new pulumi.StackReference(`user/infrastructure/${env}`);
	const kubeconfig = cluster.getOutput('kubeconfig');
	const baseDomain = cluster.getOutput('baseDomain');

	// Create kubernetes provider from kubeconfig
	const k8sProvider = new k8s.Provider('cluster', {
	kubeconfig: kubeconfig.apply(JSON.stringify),
	});

	// Create docker container registry
	const repository = new awsx.ecr.Repository('magento2', {
	lifeCyclePolicyArgs: {
	rules: [
	{
	description: 'Expire images older than 14 days',
	maximumAgeLimit: 14,
	maximumNumberOfImages: 10,
	selection: 'any'
	},
	],
	}
	});

	// Build and push the docker image
	export const image = repository.buildAndPushImage({
	dockerfile: '../docker/Dockerfile.production',
	context: '../..',
	})

	// Deploy the helm chart
	const helmChart = new k8s.helm.v2.Chart(
	'magneto2',
	{
	path: '../helm',
	values: {
	image,
	baseDomain,
	},
	},
	{
	provider: k8sProvider,
	},
	);
	apiVersion: batch/v1beta1
	kind: CronJob
	metadata:
	name: {{ .Values.name }}-cron
	spec:
	schedule: '* * * * *'
	jobTemplate:
	metadata:
	creationTimestamp: null
	spec:
	template:
	metadata:
	labels:
	app: {{ .Values.name }}-cron
	spec:
	containers:
	- name: {{ .Values.name }}-cron
	image: {{ .Values.image }}
	command: ["/bin/sh"]
	args:
	- -c
	- \|
	php bin/magento cron:run
	env:
	{{- range $secret := .Values.secrets }}
	- name: {{ $secret.name }}
	valueFrom:
	secretKeyRef:
	name: pulumi
	key: {{ $secret.key }}
	{{- end }}
	envFrom:
	- configMapRef:
	name: {{ .Values.name }}-env
	resources:
	limits:
	cpu: 500m
	memory: 4Gi
	requests:
	cpu: 50m
	memory: 1Gi
	restartPolicy: Never
	concurrencyPolicy: Forbid
	startingDeadlineSeconds: 600
	failedJobsHistoryLimit: 20
	successfulJobsHistoryLimit: 1
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: {{ .Values.name }}
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: {{ .Values.name }}
	strategy:
	type: RollingUpdate
	rollingUpdate:
	maxSurge: 1
	maxUnavailable: 0
	template:
	metadata:
	labels:
	app: {{ .Values.name }}
	spec:
	containers:
	- name: {{ .Values.name }}
	image: {{ .Values.image }}
	imagePullPolicy: {{ .Values.imagePullPolicy }}
	env:
	{{- range $secret := .Values.secrets }}
	- name: {{ $secret.name }}
	valueFrom:
	secretKeyRef:
	name: pulumi
	key: {{ $secret.key }}
	{{- end }}
	envFrom:
	- configMapRef:
	name: {{ .Values.name }}-env
	readinessProbe:
	httpGet:
	path: {{ .Values.check }}
	port: {{ .Values.service.targetPort }}
	initialDelaySeconds: 3
	periodSeconds: 3
	startupProbe:
	httpGet:
	path: {{ .Values.check }}
	port: {{ .Values.service.targetPort }}
	failureThreshold: 30
	periodSeconds: 10
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: {{ .Values.name }}-env
	data:
	USE_SECURE: "1"
	CONFIG__DEFAULT__SYSTEM__CRON__INDEX__USE_SEPARATE_PROCESS: "0"
	CONFIG__DEFAULT__SYSTEM__CRON__DEFAULT__USE_SEPARATE_PROCESS: "0"
	CONFIG__DEFAULT__SYSTEM__CRON__CONSUMERS__USE_SEPARATE_PROCESS: "0"
	CONFIG__DEFAULT__SYSTEM__CRON__DDG_AUTOMATION__USE_SEPARATE_PROCESS: "0"
	apiVersion: v1
	kind: Service
	metadata:
	name: {{ .Values.name }}
	spec:
	type: {{ .Values.service.type }}
	ports:
	- port: {{ .Values.service.port }}
	protocol: TCP
	targetPort: {{ .Values.service.targetPort }}
	selector:
	app: {{ .Values.name }}
	name: magento2
	image: xxx.dkr.ecr.eu-west-3.amazonaws.com/magento2:latest
	imagePullPolicy: Always

	service:
	port: 9090
	targetPort: 9090
	type: LoadBalancer

	check: '/pub/health_check.php'

	secrets:
	- name: BASE_URL
	key: magento-baseurl

	- name: MYSQL_DB_HOST
	key: mysql-endpoint

	- name: MYSQL_DB_USER
	key: mysql-username

	- name: MYSQL_DB_PASS
	key: mysql-password

	- name: REDIS_HOST
	key: redis-endpoint