Merge branch '1-add-undeploy-command' into 'master'

Resolve "add `undeploy` command"

Closes #1

See merge request !1

.env

+ca_cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkcmRXSmwKTFdOaE1CNFhEVEU0TURjd05ERXhNRGcxTjFvWERUSTRNRGN3TVRFeE1EZzFOMW93RWpFUU1BNEdBMVVFQXhNSAphM1ZpWlMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtCeHVxRmhGcmgrCmwxZ21sbU5DaVh5c21LYkFReDFMSFU2KzJnV01EQ3hnQmlNV3JFM3ZGYWdENkdxUFQ0SHlnanF5MUZBM0FzYkMKQkRCQnA3dkd1YmdKOUdpcERSdjNsNUxyQjg2YU14VFhGUGNIZlVtMTZGdXJrRXJyNDBsZzB1eVdrNUFPbjJHYgpUaTFPSE9vc1RJZ2dSbno0R0d5cWJXRXRiczJOd3ZQREV4d0dhQzk4UENIdTZjcVNjVnlhRnQvTmhMY1dTd0pMClcwVU52VnpEREdXaDAwT2NPVGhlRVF2aVlqdEU2TCt6Sk9IMGkwRk44RDR4RHpLZXRGdVBZU040Ym9ERFAzZnIKMHBabXVPbHo5VWZTZEtNaFl3aUxNYkYwMjduTDVJSWZFeS92cGhubDJleEtYN2ZtR1BMY1dVRFZoZ3VKcXNudQo2Tmt0ZytSa2xtc0NBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ0lEeDZEZWlRQUwvUmZLdldtTTdIOTEzc1ZTU0NzL3hDem4KKy9iQVphbGJFd0NjUGR4cWJGaHduOVN0THFZdlpyaktldnZRSkkwMkdtdld5WkRKY0tKYU9GQktPRlFkZjVPRwpzNHhCcTQwblJjY0RJaDhweFZWM2JQZlBLL3g2ODRYM2VQaGM5b0YyemNXaVp4ZUttR2lMZ01pbStIUnBZZmc2CitVSVJZZ1p3YS9nTkc1aHdlNjA0Rm5pUVdoZXpRNVRsdFozTkVzcUFHcVpFK3BnVW5tM0NPeEpiNGk2Rk1BRjUKcEE0bU5zdm00alV1L0lObHg4MENicXAyckprV1Q3ZVpqTFFwNUlXaXpVaG85M2V0ZjFUR0krelhHUGxmTzZzVApXa1kvN0prOWdHUVVaNHQ2RFBsT1A1K0J3UWt3NVFUWEJHVGJwRXF6NlM3TXFBVTRiSWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+token=ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSjBaWE4wSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaV055WlhRdWJtRnRaU0k2SW5SbGMzUXRkRzlyWlc0dE5UaG1Obm9pTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pZEdWemRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNkltVTNNalpsTldRMkxUbGhabVV0TVRGbE9DMDVOalV3TFRBd1l6QmtaREZoWldKa01DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHAwWlhOME9uUmxjM1FpZlEuc0ktamlpeEZiT2NsY0FMUDZkaEhVX2dqTG94SFRxaGJFclRnSGRRUVpFMnplRmlIdVREdFVTcnFNMUM2VDY3N2JrTjJqU3BiTTc0WkNabjVYMXhrZFhtZzR4OExVTWVIWHJvdGZxZ1lldXRWODhTZ19fMmZ1V0RnWEhfTENpMW9pR0FjR2tGSWtvU0FwYy1mRDF1MXZkenI4YkpnWFhIUGQxakpVMnZ2TFdrZmZHUEs4aDMzcWVWMlN1b1ZldWZqWVh6ZHpza3hlcTVxMlVzeTFGaWlxV0F6SHJyNXV2SHAtWTl4T3VPREs3SXhmSlRLOFQ5aDgzWXMzQXNLX3hFbUFFSHItZkVkTlFPbEl6Zng0NHZfc2xCZ2Z3RWZNTU92UUFVUmoxeTVJTjA3RHZiZWJEcWJjZkg4dS1TdGFLQVNaRG5zY3kzVlhua3AwcW5kWE9FTGFn
+docker_config=foobar
\ No newline at end of file

Changelog.md

 # Changelog
 
+## [1.1.0] - 2018-08-08
+### Added
+* `undeploy` command
+
 ## 1.0.0 - 2018-08-06
 * initial release
+
+[1.1.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.0.0...release%2F1.1.0

Readme.md

@@ -53,6 +53,21 @@ Depending on existing deployment with the same name either an installation or an
 
 Upgrades always recreate the pods. If the image is pulled depends on `imagePullPolicy` of the container specs.
 
+## deployer undeploy
+
+This command undeploys a deployment from a kubernetes cluster. The credentials are provided by the cluster-admin as well as the namespace and the service-account.
+
+```
+$ deployer undeploy \
+	--namespace example_namespace \
+	--cluster-url https://k8s-cluster.example.com:6443 \
+	--certificate-authority "$base64_encoded_cacert" \
+	--token "$base64_encoded_bearer_token" \
+	--name example-staging \
+	--service-account tiller-service-account
+```
+*undeploys deployment named *example-staging* from  namespace *example_namespace**
+
 # Advanced Configuration
 
 ## docker build
@@ -74,6 +89,16 @@ Upgrades always recreate the pods. If the image is pulled depends on `imagePullP
 * `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
 * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
+* `--name`: sets the name of the deployment.
 * `--charts`: sets the path where the helm-charts reside.
 * `--set`: overrides the values from `Values.yaml` in the helm-charts. Provide multiple `--set`-options if you want to provide multiple overrides.
 * `--set-string`: overrides the values from `Values.yaml` in the helm-charts as string. Provide multiple `--set-string`-options if you want to provide multiple overrides.
+
+## docker undeploy
+
+* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
+* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
+* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
+* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
+* `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
+* `--name`: sets the name of the deployment.

assets/deployer

@@ -3,7 +3,6 @@
 set -o pipefail -o noclobber -o nounset
 
 ## declare used variables
-cmd=""
 image_name="image"
 cluster_name="cluster"
 context="context"
@@ -29,7 +28,7 @@ if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
     exit 1
 fi
 
-OPTIONS=d:,t:,b:,c:,n:,s:
+OPTIONS=
 LONGOPTS=docker-config:,tag:,build-arg:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:
 
 # -use ! and PIPESTATUS to get exit code with errexit set
@@ -218,8 +217,8 @@ prepare_helm() {
 	return 0
 }
 
-prepare_helm_command() {
-	echo -ne "Preparing helm command..."
+helm_deploy() {
+	echo -ne "Deploying ${name}..."
 
 	if [ "${name}" == "" ];then
 		echo "failed"
@@ -233,7 +232,19 @@ prepare_helm_command() {
 		return 1
 	fi
 
-	cmd="helm upgrade --install --wait --tiller-namespace=${namespace} --namespace=${namespace}"
+	local out
+	local cmd
+
+	if [ "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} --pending --deleted --failed --short | grep ${name})" != "" ];then
+		out=`helm delete --tiller-namespace=${namespace} --purge ${name} 2>&1`
+		if [ "$?" != "0" ];then
+			echo "failed"
+			echo "$out"
+			return 1
+		fi
+	fi
+
+	cmd="helm upgrade --install --wait --timeout=60 --tiller-namespace=${namespace} --namespace=${namespace}"
 
 	for set in ${sets};do
 		cmd="$cmd --set ${set}"
@@ -245,24 +256,6 @@ prepare_helm_command() {
 
 	cmd="$cmd ${name} ${charts}"
 
-	echo "done"
-	return 0
-}
-
-helm_deploy() {
-	echo -ne "Deploying ${name}..."
-	local out=""
-
-	# todo: do we need this when we do a "helm upgrade --install" ?
-	# if [ "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} --deleted --failed --short | grep ${name})" != "" ];then
-	# 	out=`helm delete --tiller-namespace=${namespace} --purge ${name} 2>&1`
-	# 	if [ "$?" != "0" ];then
-	# 		echo "failed"
-	# 		echo "$out"
-	# 		return 1
-	# 	fi
-	# fi
-
 	out=`$cmd 2>&1`
 	if [ "$?" != "0" ];then
 		echo "failed"
@@ -273,23 +266,26 @@ helm_deploy() {
 	echo "done"
 }
 
-test_helm_deploy() {
-	echo -ne "Waiting for successful deploy..."
+helm_undeploy() {
+	echo -ne "Undeploying ${name}..."
 
-	counter=0
-	while [ "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} | grep ${name} | awk -F"\t" '{ print $4; }')" != "DEPLOYED" ]; do
-		sleep 1
-		if [ $counter -eq 60 ];then
-			break
-		fi
-		counter=$[$counter+1]
-	done
-	if [ $counter -eq 60 ];then
+	if [ "${name}" == "" ];then
+		echo "failed"
+		echo "no deploy name specified"
+		return 1
+	fi
+
+	local out
+
+	out=`helm delete --tiller-namespace=${namespace} ${name} 2>&1`
+
+	if [ "$?" != "0" ];then
 		echo "failed"
+		echo "$out"
 		return 1
 	fi
+
 	echo "done"
-	return 0
 }
 
 prepare_image_publisher() {
@@ -309,17 +305,6 @@ prepare_image_publisher() {
 	return 0
 }
 
-prepare_image_builder() {
-	cmd="docker build --pull"
-	for arg in $buildargs;do
-		echo "adding $arg to build command"
-		cmd="$cmd --build-arg $arg --build-arg ${arg,,}"
-	done
-
-	cmd="$cmd -t ${image_name} ."
-	return 0
-}
-
 save_image() {
 	local out
 	echo -ne "saving image ..."
@@ -341,8 +326,17 @@ save_image() {
 }
 
 build_image() {
-	local out
 	echo -ne "building image..."
+
+	local out
+	local cmd="docker build --pull"
+
+	for arg in $buildargs;do
+		echo "adding $arg to build command"
+		cmd="$cmd --build-arg $arg --build-arg ${arg,,}"
+	done
+
+	cmd="$cmd -t ${image_name} ."
 	out=`$cmd 2>&1`
 	if [ "$?" != "0" ];then
 		echo "failed"
@@ -424,13 +418,16 @@ fi
 
 case $1 in
 	build)
-		prepare_image_builder && build_image && save_image
+		build_image && save_image
 		;;
 	publish)
 		prepare_image_publisher && import_image && publish_image
 		;;
 	deploy)
-		prepare_kubectl && prepare_helm && prepare_helm_command && helm_deploy && test_helm_deploy
+		prepare_kubectl && prepare_helm && helm_deploy
+		;;
+	undeploy)
+		prepare_kubectl && prepare_helm && helm_undeploy
 		;;
 	help)
 		echo "help"

docker-compose.yml

 version: '2'
 services:
-  deployer:
+  build:
     build: .
     volumes:
       - ./:/app
@@ -9,6 +9,40 @@ services:
       - docker
     environment:
       DOCKER_HOST: tcp://docker:2375
+    command: deployer build --output .tmp/image.tar.gz
+
+  publish:
+    build: .
+    volumes:
+      - ./:/app
+      - ./assets/deployer:/usr/local/bin/deployer
+    depends_on:
+      - docker
+    environment:
+      DOCKER_HOST: tcp://docker:2375
+    command: deployer publish --input .tmp/image.tar.gz --docker-config "${docker_config}" --name exampleimage --tag latest --tag "1.0"
+
+  deploy:
+    build: .
+    volumes:
+      - ./:/app
+      - ./assets/deployer:/usr/local/bin/deployer
+    depends_on:
+      - docker
+    environment:
+      DOCKER_HOST: tcp://docker:2375
+    command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --name testdeploy --charts ./examplechart --service-account test --set image.tag=stable
+
+  undeploy:
+    build: .
+    volumes:
+      - ./:/app
+      - ./assets/deployer:/usr/local/bin/deployer
+    depends_on:
+      - docker
+    environment:
+      DOCKER_HOST: tcp://docker:2375
+    command: deployer undeploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --name testdeploy --service-account test
 
   docker:
     image: docker:dind

docs/workflow.wsd

-@startuml
-'include
+@startuml "Deploy Alpha"
 "Developer" as dev -> "Gitlab" as gitlab: commit:1-issue
 gitlab -> "CI-Runner" as runner: build image
 runner->runner: docker build

examplechart/.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

examplechart/Chart.yaml

+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: examplechart
+version: 0.1.0

examplechart/templates/NOTES.txt

+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "examplechart.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "examplechart.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "examplechart.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "examplechart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

examplechart/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "examplechart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "examplechart.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "examplechart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

examplechart/templates/deployment.yaml

+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "examplechart.fullname" . }}
+  labels:
+    app: {{ template "examplechart.name" . }}
+    chart: {{ template "examplechart.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "examplechart.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "examplechart.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

examplechart/templates/ingress.yaml

+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "examplechart.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "examplechart.name" . }}
+    chart: {{ template "examplechart.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}

examplechart/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "examplechart.fullname" . }}
+  labels:
+    app: {{ template "examplechart.name" . }}
+    chart: {{ template "examplechart.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "examplechart.name" . }}
+    release: {{ .Release.Name }}

examplechart/values.yaml

+# Default values for examplechart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  tag: stable
+  pullPolicy: IfNotPresent
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}