Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
No results found
Show changes
Commits on Source (63)
Hide whitespace changes
Inline Side-by-side
Showing
with 866 additions and 157 deletions
.env 0 → 100644
View file @ f80d4c04
ca_cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkcmRXSmwKTFdOaE1CNFhEVEU0TVRFd05UQTVNVFV4TVZvWERUSTRNVEV3TWpBNU1UVXhNVm93RWpFUU1BNEdBMVVFQXhNSAphM1ZpWlMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUowL2JmOUFZbDZ1CnhIbmNQZEk4ejlSRGQ4N2srYnIvU0lwSEdKYnQyS0FLbjBnWUZxdnRPRk83Vk1SamlwblhFMXBHSmJicXVPMi8KcFVLekdsY3R2REV2QnVWa3VLSlZZUXF5Z0NZdXFWN01xVHpqOXZFZ2JNdHh5OStlL3NtcjB3bEdxa3hpWTdiVQp5aEpiSEpSeVFoMFFTdkhyam01K3ZHQVRqRU1yNmZZVjQwYlg4VjUrWG5sNko5R0xBVjdtOTRXalpjVUxVY0hoCjFhYjFhSFpMN3lCa3ppcFU0a20vamw0dDVzZDNiYlk0SENtbVo1WGdCcFBoNUlDL0hPTVlYd0U0VGNWb0VsWHYKdTZJR3RIa1ZJZ2xvcjUwTEZ6ZW5XeTE0eEJVRjFlemk0SmE5QVQzNFRGaWQrNXBSa25TSHJvYVFUbFcvZDFtUgpTN2JwSjBUSlFtRUNBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ1pUdzVlbzZvQVcxMlhmL1cyeEcrZFZ5dWpnZUZGUjNxSG4KSVMzUElzT29DbWk3Sk1vYmRCekdxUTNjdVYrN0JETEJHMzVlR0JSMFFyMGcycjc3cWhGRmF1SlZ5MnZyZG5WSQplQ3gzaDFIRy9vK0JKckJxV3d5YmVCcGNHb1VUWDNhOWFOd0JKZDlQK3h2aUFySml1TGlHcHgybW85VFRPUHZNCmxzR3o3SG5QSG1aTkNoTExwWXd3ZndUbyt0TlhhZ25FeWw3aWowcVVLSXZXSFdlbDhGLytWeEFVdHRsZGhIZngKS1ErMVhnMU1ic2hZWC9zeERXTTZ4L1V0VUIrc3ZETXhOaDN0UHNtazFha0NMbi9hTkxOVjJvRHhOV0FtZ2kvdwp5TUtCK2pJcTdIb3lYOHhwRVRuVDRIWG1CRjRxQVY3L00rVm52U0ZrSHExNXkwSUhveDA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
token=ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSjBaWE4wSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaV055WlhRdWJtRnRaU0k2SW5SbGMzUXRkRzlyWlc0dE5ISnNjbUlpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pZEdWemRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqbGpaR0l3WVdZM0xUVXdPV1V0TVRGbE9TMWlNRFl4TFRBd1l6QmtaREZoWldKa01DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHAwWlhOME9uUmxjM1FpZlEuZmlJNzJTM2tuRXBNQVkxQzJFTXQ3T1pIV2FlbU5yN2xNYzZuVmZvWjAyQ0NnWWZoNEN5OHMwek43bFY1dXYzWVlvY1l2ZmJieW9jcDZPdnFtZEVrb2hhel9ORWt2dS1JV2IwRlY4RjlEcm1sYmZkejVyZkJxVWF0dkZBdG9MM2pjY0NNZ2I2eERoVVJ5WVBTcDJwdEpfZ1J6Ykg3ZWtFNWtvSG1ZRC1uUWxiaUhybHUzZENuZHhscW9iZ0ZxY21GWEFzWjNRTVNvVE4zYXpfUGpkZ2F2R3ZmaW5QaXN3eC1adk9ob1JzU01NT21ha3dhOEtPY3NLcnY3MmlscDJQVVhUX29YN3JyUFdPUkd1V096ekFsRF90cTVuNzFiLUxqMi12R2lKYm9FLS1wS1gzV0FQb29WWnNmX2pNWWN2LU5odTY3TERyWDBiLThicDlVckI0U1Fn
docker_config=foobar
\ No newline at end of file
.gitignore
View file @ f80d4c04
/.idea
/.tmp
\ No newline at end of file
.gitlab-ci.yml
View file @ f80d4c04
......@@ -6,7 +6,9 @@ stages:
- mirror
variables:
image_name: ubleipzig/deployer
production_repo: ubleipzig/deployer
staging_repo: services.ub.uni-leipzig.de:11443/bdd_dev/deployer
alpha_repo: services.ub.uni-leipzig.de:11443/bdd_dev/deployer
docker_build:
stage: build
......@@ -37,35 +39,35 @@ docker_publish_alpha:
services:
- docker:dind
script: |
test "${DOCKER_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
test "${DOCKER_ALPHA_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_ALPHA_AUTH_CONFIG" >~/.docker/config.json
docker load --input=image.tar.gz
docker tag image ${image_name}:alpha-${CI_COMMIT_REF_NAME}
docker push ${image_name}:alpha-${CI_COMMIT_REF_NAME}
docker tag image ${alpha_repo}:alpha-${CI_COMMIT_REF_SLUG}
docker push ${alpha_repo}:alpha-${CI_COMMIT_REF_SLUG}
dependencies:
- docker_build
tags:
- docker
- docker
only:
- /^[0-9]+-/
- branches
except:
- master
docker_publish_staging:
stage: publish
image: docker:latest
services:
- docker:dind
variables:
CI_DEBUG_TRACE: "true"
script: |
test "${DOCKER_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
test "${DOCKER_STAGING_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_STAGING_AUTH_CONFIG" >~/.docker/config.json
docker load --input=image.tar.gz
docker tag image ${image_name}:staging
docker push ${image_name}:staging
docker tag image ${staging_repo}:staging
docker push ${staging_repo}:staging
dependencies:
- docker_build
tags:
- docker
- docker
only:
- master
......@@ -74,19 +76,18 @@ docker_publish_production:
image: docker:latest
services:
- docker:dind
variables:
CI_DEBUG_TRACE: "true"
script: |
test "${DOCKER_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
version=`expr ${CI_COMMIT_TAG} ':' 'release/\(.\+\)'`
major_version=`expr ${version} ':' '\([^.]\+\)'`
minor_version=`expr ${version} ':' '[^.]\+\.\([^.]\+\)'`
patch_version=`expr ${version} ':' '[^.]\+\.[^.]\+\.\(.\+\)'`
test "${DOCKER_PRODUCTION_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_PRODUCTION_AUTH_CONFIG" >~/.docker/config.json
docker load --input=image.tar.gz
for tag in "latest" "${major_version}" "${major_version}.${minor_version}" "${version}"; do
docker tag image ${image_name}:${tag}
docker push ${image_name}:${tag}
export version=`expr ${CI_COMMIT_TAG} ':' 'release/\(.\+\)'`
export major_version=`expr ${version} ':' '\([^.]\+\)'`
export minor_version=`expr ${version} ':' '[^.]\+\.\([^.]\+\)'`
export patch_version=`expr ${version} ':' '[^.]\+\.[^.]\+\.\(.\+\)'`
echo "major version ${major_version}, minor version ${minor_version}, patch version ${patch_version}"
for tag in "latest" "${major_version}" "${major_version}.${minor_version}" "${version}";do
docker tag image ${production_repo}:${tag}
docker push ${production_repo}:${tag}
done
dependencies:
- docker_build
......
Changelog.md
View file @ f80d4c04
# Changelog
## [1.5.1] - 2023-04-26
* minor addition to output text of docker tag and push commands
## [1.5.0] - 2020-01-20
* release of first new stable deployer using **helm v3.4**
## [1.5.0-rc4] - 2020-01-08
### Fixes
* removes ```service_account``` as parameter
* no longer used since helm v3 and abolition of tiller
## [1.5.0-rc3] - 2020-01-07
### Changes
* upgrades **helm** to version v3.4.2
## [1.5.0-rc2] - 2020-12-18
### Fixes
* fixing _--timeout_ setting to **helm** install routine and setting new default of 120s
* cmp. _--timeout_ variable has to been pattern of [Golang duration](https://golang.org/pkg/time/#ParseDuration)
## [1.5.0-rc1] - 2020-12-18
### Changes
* upgrades **helm** to new major version v3.4.1
* removes **tiller** configuration and parameter as _--service-account_
## [1.4.7] - 2019-04-02
### Added
* `jq`-binary to docker-image
## [1.4.6] - 2019-03-27
### Added
* explicitly deleting chart when `PENDING`, `FAILED` or `DELETED` since this blocks
redeploying previous deployments
## [1.4.5] - 2019-03-27
### Added
* `git`-binary to docker-image
### Replaced
* `upgrade --foce` instead of explicitly deleting chart. Hopefully this will solve issues
with redeploying previously failed deployments
## [1.4.4] - 2019-03-18
### Added
* debug-option which outputs executed commands and their arguments
* `--pull` to always try to pull newer images before building
### Fixed
* Dockerfile is now context-sensitive when not specified explicitly (default docker-behaviour)
## [1.4.3] - 2019-03-14
### Added
* option to specify the path to the Dockerfile
## [1.4.2] - 2019-03-14
### Added
* option to specify the image name. Useful for inherent builds
## [1.4.1] - 2019-03-13
### Fixed
* not testing for unused parameters because of reusing existing configs
## [1.4.0] - 2019-03-13
### Added
* new command `init` to only initialize docker, helm and kubectl
* `--reset` flag to remove eventually existing config-folders
### Changes
* updates **helm** from 2.12.3 to 2.13.0
* script now runs as non-root user
* removes namespace from kubectl-context and added it explicitly to helm
## [1.3.2] - 2019-02-21
### Changed
* updates helm from 2.9.1 to 2.12.3
## [1.3.1] - 2019-02-21
### Added
* new option `--timeout`
## [1.3.0] - 2019-01-12
### Added
* new option `--build-context`
### Changed
* omitting `--output` is skipping image-saving to a file rather than failing execution
## [1.2.4] - 2018-12-17
### Added
* reintroduced image-import prior to build
## [1.2.3] - 2018-11-05
### Changed
* option `--certificate-authority` is now optional, so you do not need to provide it in case your api server is using a valid public certificate
* removed image-import prior to build - introduced in v1.2.1 - since it is useless
## [1.2.2] - 2018-09-12
### Fixed
* upgrade performs with `--recreate-pods` to always recreate pods
## [1.2.1] - 2018-09-05
### Changed
* enable import image prior to build process with `--input`
## [1.2.0] - 2018-09-05
### Added
* `add-repo` command to add remote repositories
### Changed
* increase timeout from 60 to 120
## [1.1.1] - 2018-08-14
### Added
* `--values` option to specify value overrides from YAML file
## [1.1.0] - 2018-08-08
### Added
* `undeploy` command
## 1.0.0 - 2018-08-06
* initial release
[1.1.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.0.0...release%2F1.1.0
[1.1.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.1.0...release%2F1.1.1
[1.2.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.1.1...release%2F1.2.0
[1.2.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.0...release%2F1.2.1
[1.2.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.1...release%2F1.2.2
[1.2.3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.2...release%2F1.2.3
[1.2.4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.3...release%2F1.2.4
[1.3.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.4...release%2F1.3.0
[1.3.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.0...release%2F1.3.1
[1.3.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.1...release%2F1.3.2
[1.4.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.2...release%2F1.4.0
[1.4.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.0...release%2F1.4.1
[1.4.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.1...release%2F1.4.2
[1.4.3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.2...release%2F1.4.3
[1.4.4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.3...release%2F1.4.4
[1.4.5]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.4...release%2F1.4.5
[1.4.6]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.5...release%2F1.4.6
[1.4.7]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.6...release%2F1.4.7
[1.5.0-rc1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.7...release%2F1.5.0-rc1
[1.5.0-rc2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc1...release%2F1.5.0-rc2
[1.5.0-rc3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc2...release%2F1.5.0-rc3
[1.5.0-rc4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc3...release%2F1.5.0-rc4
[1.5.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc4...release%2F1.5.0
Dockerfile
View file @ f80d4c04
FROM docker:latest
ENTRYPOINT [ "/usr/local/bin/deployer" ]
CMD [ "help" ]
COPY assets/deployer /usr/local/bin/
WORKDIR /app
RUN apk add --no-cache bash curl \
ENV APP_USER=deployer
RUN apk add --no-cache bash curl git jq \
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl >/usr/local/bin/kubectl \
&& curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm
\ No newline at end of file
&& curl -L https://get.helm.sh/helm-v3.4.2-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm \
&& addgroup -S ${APP_USER} \
&& adduser -S -h /home/${APP_USER} -G ${APP_USER} -s /bin/sh ${APP_USER}
USER deployer
\ No newline at end of file
Readme.md
View file @ f80d4c04
......@@ -8,7 +8,7 @@ The tool tailors the commands according to the [Workflow of University Library o
The tool is bundled with docker, kubectl and helm into a docker image itself. You can use it like this:
```
docker run --rm --volume $PWD:/app ubleipzig/deployer:latest build --build-arg http_proxy=http://proxy.example.com:3128 --output image.tar.gz
docker run --rm --volume $PWD:/app ubleipzig/deployer:latest deployer build --build-arg http_proxy=http://proxy.example.com:3128 --output image.tar.gz
```
_the working directory inside the container is `/app`, so make sure to bind local files there._
......@@ -44,8 +44,7 @@ $ deployer deploy \
--certificate-authority "$base64_encoded_cacert" \
--token "$base64_encoded_bearer_token" \
--name example-staging \
--charts ./helmcharts \
--service-account tiller-service-account
--charts ./helmcharts
```
*deploys helm-charts found at `./helmcharts` to namespace *example_namespace**
......@@ -53,19 +52,70 @@ Depending on existing deployment with the same name either an installation or an
Upgrades always recreate the pods. If the image is pulled depends on `imagePullPolicy` of the container specs.
## deployer undeploy
This command undeploys a deployment from a kubernetes cluster. The credentials are provided by the cluster-admin as well as the namespace and the service-account.
```
$ deployer undeploy \
--namespace example_namespace \
--cluster-url https://k8s-cluster.example.com:6443 \
--certificate-authority "$base64_encoded_cacert" \
--token "$base64_encoded_bearer_token" \
--name example-staging
```
*undeploys deployment named *example-staging* from namespace *example_namespace**
## deployer add-repo
This command adds a public repository of helm-charts to choose from. The credentials are provided by the cluster-admin as well as the namespace and the service-account.
```
$ deployer deploy \
--namespace example_namespace \
--cluster-url https://k8s-cluster.example.com:6443 \
--certificate-authority "$base64_encoded_cacert" \
--token "$base64_encoded_bearer_token" \
--name incubator \
--repo-url https://kubernetes-charts-incubator.storage.googleapis.com/
```
*adds the* incubator *repository with the url https://kubernetes-charts-incubator.storage.googleapis.com/*
From now on charts located in this repository can be deployed by using the `--charts` option and providing the chart prefixed by `incubator/`.
# Advanced Configuration
## docker init
* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
## docker build
* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
* `--build-arg`: used to provide build-arguments do `docker build`-command. This is mainly used for `HTTP_PROXY`/`http_proxy`: When you specify `--build-arg HTTP_PROXY=...` the tool adds the build argument `--build-arg http_proxy=...` as well, so lower-case proxy-variables are provided automatically. Nevertheless can you use this option to provide your own build-arguments within the `Dockerfile`
* `--output`: sets the filepath to the file where the built image is saved
* `--output`: sets the filepath to the file where the built image is saved. If omitted the image is not saved to a file. Also the script trys to import an eventually existing file prior to building in order to make usage of its layers as build-cache.
* `--build-context`: sets the build-context for `docker build` to a custom path. If omitted the path where the command is invoked is used.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--image-name`: sets the image name in the local docker-registry. Can be useful for following builds to build upon existing builds
* `--docker-file`: sets the path to the Dockerfile
* `--pull`: tells docker to always pull newer images before building
* `--debug`: outputs executed commands
## docker publish
* `--import`: sets the filepath to the file from where the image is loaded
* `--input`: sets the filepath to the file from where the image is loaded
* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
* `--name`: sets the name of the image. If you do not wish to publish to [Docker-Hub], you have to specify a server, e.g. `registry.example.com/my-image`. **Be aware that you need to provide credentials in your docker-config if the registry requires authentication.
* `--tags`: sets the tags of the image. Provide multiple `--tag`-options if you wish to tag an image with multiple tags.
* `--tag`: sets the tags of the image. Provide multiple `--tag`-options if you wish to tag an image with multiple tags.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--image-name`: specifys the image name in the local docker-registry to publish
* `--debug`: outputs executed commands
## docker deploy
......@@ -73,7 +123,52 @@ Upgrades always recreate the pods. If the image is pulled depends on `imagePullP
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
* `--charts`: sets the path where the helm-charts reside.
* `--name`: sets the name of the deployment.
* `--charts`: sets the path where the helm-charts reside or the public chart e.g. `stable/maridb`.
* `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times.
* `--set`: overrides the values from `Values.yaml` in the helm-charts. Provide multiple `--set`-options if you want to provide multiple overrides.
* `--set-string`: overrides the values from `Values.yaml` in the helm-charts as string. Provide multiple `--set-string`-options if you want to provide multiple overrides.
* `--timeout`: sets the timeout for helm. defaults to `120s` seconds. String has to be a pattern of [GoLang duration](https://golang.org/pkg/time/#ParseDuration).
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
## docker undeploy
* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--name`: sets the name of the deployment.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
## docker add-repo
* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--name`: sets the name of the repo to add.
* `--repo-url`: sets the repository-url of the repo to add.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
# Assumptions
This tool makes a few assumptions in order to simplify usage respecting the workflow and cluster-configuration principals if University Library Leipzig
## One service account per namespace
Namespaces are used to separate a project deployment from another. Each namespace is unique per project per deployment i.e. *website-alpha*, *website-staging* and *website-production*.
The rights of a service account are bound to a namespace, therefore each namespace has its own service account which is allowed to apply deployments in it.
By this we are able to publish the credentials of uncritical deployments such as *alpha* and *staging* to developers, so they can independently deploy their features. The credentials of critical deployments such as *production* are restricted to maintainers which are held responsible for their deployments.
## Helmchart location
Each project consists of one or more applications which are deployed together in the projects deployment-environment. Each application is responsible for its own components and defines it via helm charts located in the application repository. For consistency this folders should be named `helmchart`.
[Workflow of University Library of Leipzig]: https://git.sc.uni-leipzig.de/ubl/git-test/wikis/home
[Advanced Configuration]: #Advanced-Configuration
[Docker-Hub]: https://hub.docker.com/u/ubleipzig/dashboard/
\ No newline at end of file
assets/deployer
View file @ f80d4c04
......@@ -3,34 +3,37 @@
set -o pipefail -o noclobber -o nounset
## declare used variables
cmd=""
image_name="image"
cluster_name="cluster"
context="context"
account="account"
ca_file="${HOME}/k8s-ca.crt"
image_file=""
docker_file=""
dockerconfig=""
tags=""
helmargs=""
buildargs=""
charts=""
sets=""
setstrings=""
name=""
certificate_authority=""
token=""
namespace=""
cluster_url=""
service_account=""
repo_url=""
build_context="."
timeout="120s"
reset=""
dockerargs=""
debug=""
! getopt --test > /dev/null
if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
echo "I’m sorry, `getopt --test` failed in this environment."
exit 1
fi
OPTIONS=d:,t:,b:,c:,n:,s:
LONGOPTS=docker-config:,tag:,build-arg:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:
OPTIONS=
LONGOPTS=docker-config:,tag:,build-arg:,values:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:,repo-url:,build-context:,timeout:,reset,image-name:,docker-file:,pull,debug
# -use ! and PIPESTATUS to get exit code with errexit set
# -temporarily store output to be able to check for errors
......@@ -60,12 +63,8 @@ while true; do
buildargs="${buildargs} $2"
shift 2
;;
-s|--set)
sets="${sets} $2"
shift 2
;;
--set-string)
setstrings="${setstrings} $2"
-f|--values|-s|--set|--set-string)
helmargs="${helmargs} $1 $2"
shift 2
;;
-c|--charts)
......@@ -92,18 +91,42 @@ while true; do
cluster_url="$2"
shift 2
;;
--service-account)
service_account="$2"
--output|--input)
image_file="$2"
shift 2
;;
--output)
image_file="$2"
--repo-url)
repo_url="$2"
shift 2
;;
--input)
image_file="$2"
--build-context)
build_context="$2"
shift 2
;;
--timeout)
timeout="$2"
shift 2
;;
--reset)
reset="true"
shift
;;
--image-name)
image_name="$2"
shift 2
;;
--docker-file)
docker_file="-f $2"
shift 2
;;
--pull)
dockerargs="${dockerargs} --pull"
shift
;;
--debug)
debug="true"
shift
;;
--)
shift
break
......@@ -116,20 +139,38 @@ while true; do
esac
done
debug() {
if [ "$debug" != "true" ];then return; fi
echo -e "\n[$(date +'%Y-%m-%d')] ${FUNCNAME[1]}: $@"
}
prepare_kubectl() {
local out
echo -ne "setting kubectl "
local args=""
if [ "${reset}" == "true" ];then
echo -ne "Removing \".kube\" folder (because \"--reset\" was provided) ..."
debug "rm -rf ${HOME}/.kube/*"
out=`rm -rf ${HOME}/.kube/*`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
elif [ -d "${HOME}/.kube" ];then
echo "Folder \".kube\" already exists. If you want to ignore it provide the \"--reset\" parameter. Skipping"
return 0
fi
echo -ne "Setting kubectl "
if [ "${cluster_url}" == "" ];then
echo "failed! No cluster url set."
echo "Please be sure to provide a cluster url via --cluster-url"
return 1
fi
if [ "${certificate_authority}" == "" ];then
echo "failed! No certificate authority set."
echo "Please be sure to provide a certificate authority via --certificate-authority"
fi
if [ "${token}" == "" ];then
echo "failed! No token set."
echo "Please be sure to provide a token via --token"
......@@ -140,23 +181,16 @@ prepare_kubectl() {
echo "Please be sure to provide a namespace via --namespace"
fi
if [ "${service_account}" == "" ];then
echo "failed! No service-account set."
echo "Please be sure to provide a service-account via --service-account"
fi
out=`rm -rf ~/.kube`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi;
echo ""
if [ "${certificate_authority}" != "" ];then
echo "${certificate_authority}" | base64 -d >"${ca_file}"
args=" --certificate-authority=${ca_file} --embed-certs=true"
fi
echo -ne "\tSetting cluster..."
echo "${certificate_authority}" | base64 -d >"${ca_file}"
out=`kubectl config set-cluster "${cluster_name}" --certificate-authority=${ca_file} --server="${cluster_url}" --embed-certs=true`
debug "kubectl config set-cluster \"${cluster_name}\" --server=${cluster_url}${args}"
out=`kubectl config set-cluster "${cluster_name}" --server=${cluster_url}${args}`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
......@@ -165,6 +199,7 @@ prepare_kubectl() {
echo "done"
echo -ne "\tSetting credentials..."
debug "kubectl config set-credentials \"${account}\" --token=\"$(echo ${token} | base64 -d)"
out=`kubectl config set-credentials "${account}" --token="$(echo ${token} | base64 -d)"`
if [ "$?" != "0" ];then
echo "failed"
......@@ -174,7 +209,8 @@ prepare_kubectl() {
echo "done"
echo -ne "\tSetting context..."
out=`kubectl config set-context "${context}" --user="${account}" --cluster="${cluster_name}" --namespace="${namespace}"`
debug "kubectl config set-context \"${context}\" --user=\"${account}\" --cluster=\"${cluster_name}\""
out=`kubectl config set-context "${context}" --user="${account}" --cluster="${cluster_name}"`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
......@@ -183,6 +219,7 @@ prepare_kubectl() {
echo "done"
echo -ne "\tActivating context..."
debug "kubectl config use-context \"${context}\""
out=`kubectl config use-context "${context}"`
if [ "$?" != "0" ];then
echo "failed"
......@@ -193,119 +230,154 @@ prepare_kubectl() {
echo -ne "\tTesting context..."
for resource in deployment service configmap;do
out=`kubectl auth can-i create $resource`
debug "kubectl --namespace=\"${namespace}\" auth can-i create $resource"
out=`kubectl --namespace="${namespace}" auth can-i create $resource`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
cat "${HOME}/.kube/config"
cat "${ca_file}"
return 1
fi
done
echo "done"
echo "done"
return 0
}
prepare_helm() {
echo -ne "Preparing helm..."
out=`helm init --tiller-namespace="${namespace}" --service-account ${service_account} --force-upgrade`
if [ "$?" != "0" ];then
echo "failed!"
echo "$out"
return 1
if [ "${reset}" == "true" ];then
echo -ne "Removing \".helm\" folder (because \"--reset\" was provided) ..."
debug "rm -rf ${HOME}/.helm/*"
out=`rm -rf ${HOME}/.helm/*`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
elif [ -d "${HOME}/.helm" ];then
echo "Folder \".helm\" already exists. If you want to ignore it provide the \"--reset\" parameter. Skipping"
return 0
fi
echo "done"
return 0
}
prepare_helm_command() {
echo -ne "Preparing helm command..."
cmd="helm --tiller-namespace=${namespace} --namespace=${namespace}"
helm_add_repo() {
echo -ne "Adding repository \"${name}\" ..."
if [ "${name}" == "" ];then
echo "failed"
echo "no deploy name specified"
echo "no repository name specified"
return 1
fi
if [ "${charts}" == "" ];then
if [ "${repo_url}" == "" ];then
echo "failed"
echo "no chart folder specified"
echo "no repository-url specified"
return 1
fi
out=`helm list -a --tiller-namespace ${namespace} --namespace ${namespace}`
local cmd="helm repo add ${name} ${repo_url}"
debug "$cmd"
local out=`$cmd 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
if [ "$(echo $out | grep ${name} | grep DEPLOYED)" == "" ];then
cmd="$cmd install -n ${name}"
else
cmd="$cmd upgrade ${name} --recreate-pods"
fi
for set in ${sets};do
cmd="$cmd --set ${set}"
done
for setstring in ${setstrings}; do
cmd="$cmd --set-string ${set}"
done
cmd="$cmd ${charts}"
echo "done"
return 0
}
helm_deploy() {
echo -ne "Deploying ${name}..."
local out=""
test "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} --deleted --failed --short | grep ${name})" != "" && helm delete --purge ${name}
if [ "${name}" == "" ];then
echo "failed"
echo "no deploy name specified"
return 1
fi
if [ "${charts}" == "" ];then
echo "failed"
echo "no chart folder specified"
return 1
fi
local out
local cmd
if [ "$(helm ls --namespace=${namespace} --pending --failed --short | grep ${name})" != "" ];then
debug "helm uninstall --namespace=${namespace} ${name}"
out=`helm uninstall --namespace=${namespace} ${name} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
fi
helmargs=$(echo -e "$helmargs" | sed -E 's/(^[[:space:]]*)|([[:space:]]*$)//g')
cmd="helm upgrade --install --wait --timeout=${timeout} --namespace=${namespace}"
cmd="$cmd --namespace=${namespace} --force ${name} ${charts} ${helmargs}"
debug "$cmd"
out=`$cmd 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi;
fi
echo "done"
}
test_helm_deploy() {
echo -ne "Waiting for successful deploy..."
helm_undeploy() {
echo -ne "Undeploying ${name}..."
counter=0
while [ "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} | grep ${name} | awk -F"\t" '{ print $4; }')" != "DEPLOYED" ]; do
sleep 1
if [ $counter -eq 60 ];then
break
fi
counter=$[$counter+1]
done
if [ $counter -eq 60 ];then
if [ "${name}" == "" ];then
echo "failed"
echo "no deploy name specified"
return 1
fi
local out
debug "helm uninstall --namespace=\"${namespace}\" ${name}"
out=`helm uninstall --namespace="${namespace}" ${name} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
return 0
}
prepare_image_publisher() {
echo -ne "setting docker auth config ..."
if [ "${dockerconfig}" == "" ];then
echo "failed! No auth config found"
echo "Please be sure to have provide the config via option docker-config for your build environment"
return 1
echo "No auth config found (you can provide the docker config via option --docker-config). Skipping"
return 0
fi
rm -rf ~/.docker && mkdir -p ~/.docker && echo "${dockerconfig}" >~/.docker/config.json
if [ "${reset}" == "true" ];then
echo -ne "Removing \".docker\" folder (because \"--reset\" was provided) ..."
debug "rm -rf ${HOME}/.docker/*"
out=`rm -rf ${HOME}/.docker/*`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
elif [ -d "${HOME}/.docker" ];then
echo "Folder \".docker\" already exists. If you want to ignore it provide the \"--reset\" parameter. Skipping"
return 0
fi
echo -ne "Setting docker auth config ..."
debug "mkdir -p ${HOME}/.docker && echo \"${dockerconfig}\" >${HOME}/.docker/config.json"
mkdir -p ${HOME}/.docker && echo "${dockerconfig}" >${HOME}/.docker/config.json
if [ "$?" != "0" ];then
echo "failed"
return 1
......@@ -314,27 +386,16 @@ prepare_image_publisher() {
return 0
}
prepare_image_builder() {
cmd="docker build --pull"
for arg in $buildargs;do
echo "adding $arg to build command"
cmd="$cmd --build-arg $arg --build-arg ${arg,,}"
done
cmd="$cmd -t ${image_name} ."
return 0
}
save_image() {
local out
echo -ne "saving image ..."
if [ "${image_file}" == "" ];then
echo "failed"
echo "no image name specified"
return 1
echo "skipped. No filename specified"
return 0
fi
debug "docker save --output=${image_file} ${image_name}"
out=`docker save --output=${image_file} ${image_name} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -346,8 +407,18 @@ save_image() {
}
build_image() {
local out
echo -ne "building image..."
local out
local cmd="docker build ${dockerargs} --cache-from=${image_name}"
for arg in $buildargs;do
echo -e "\nadding $arg to build command"
cmd="$cmd --build-arg $arg --build-arg ${arg,,}"
done
cmd="$cmd -t ${image_name} ${docker_file} ${build_context}"
debug "$cmd"
out=`$cmd 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -362,12 +433,17 @@ import_image() {
local out
echo -ne "importing image..."
if [ ! -e ${image_file} ];then
echo "failed"
echo "${image_file} not found"
return 1
if [ "${image_file}" == "" ];then
echo "skipped! No image file specified"
return 0
fi
if [ ! -f $image_file ];then
echo "skipped. \"${image_file}\" not found"
return 0
fi
debug "docker load --input=${image_file}"
out=`docker load --input=${image_file} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -398,15 +474,17 @@ publish_image() {
echo ""
for tag in $tags; do
echo -ne "\t${name}:${tag}..."
debug "docker tag ${image_name} ${name}:${tag}"
out=`docker tag ${image_name} ${name}:${tag} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "docker tag failed"
echo "$out"
return 1
fi
debug "docker push ${name}:${tag}"
out=`docker push ${name}:${tag} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "docker push failed"
echo "$out"
return 1
fi
......@@ -422,16 +500,25 @@ if [[ $# -ne 1 ]]; then
fi
case $1 in
init)
prepare_kubectl && prepare_helm && prepare_image_publisher
;;
build)
prepare_image_builder && build_image && save_image
prepare_image_publisher && import_image && build_image && save_image
;;
publish)
prepare_image_publisher && import_image && publish_image
;;
add-repo)
prepare_kubectl && prepare_helm && helm_add_repo
;;
deploy)
prepare_kubectl && prepare_helm && prepare_helm_command && helm_deploy && test_helm_deploy
prepare_kubectl && prepare_helm && helm_deploy
;;
undeploy)
prepare_kubectl && prepare_helm && helm_undeploy
;;
help)
echo "help"
;;
esac
\ No newline at end of file
esac
custom-context/Dockerfile 0 → 100644
View file @ f80d4c04
FROM busybox
CMD ["/bin/sh", "-c", "echo hello world"]
docker-compose.yml
View file @ f80d4c04
version: '2'
services:
deployer:
init:
build: .
volumes:
- ./:/app
......@@ -9,6 +9,145 @@ services:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}"
init-with-existing:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
- ./.tmp/.kube:/home/deployer/.kube
- ./.tmp/.docker:/home/deployer/.docker
- ./.tmp/.helm:/home/deployer/.helm
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer init
init-with-existing-and-reset:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
- ./.tmp/.kube:/home/deployer/.kube
- ./.tmp/.docker:/home/deployer/.docker
- ./.tmp/.helm:/home/deployer/.helm
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}" --reset
build:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --output .tmp/image.tar.gz
build-no-save:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build
build-with-pull:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --pull
build-custom-context:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --build-context ./custom-context --output .tmp/image.tar.gz
build-custom-dockerfile:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --docker-file ./custom-context/Dockerfile --output .tmp/image.tar.gz
publish:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer publish --input .tmp/image.tar.gz --docker-config "${docker_config}" --name exampleimage --tag latest --tag "1.0"
deploy:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name testdeploy --charts ./examplechart --set image.tag=stable --timeout 120s
deploy-without-ca:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --token ${token} --service-account test --name testdeploy --charts ./examplechart --set image.tag=stable
undeploy:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer undeploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name testdeploy
add-repo:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer add-repo --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name test --repo-url https://kubernetes-charts.storage.googleapis.com
docker:
image: docker:dind
......
examplechart/.helmignore 0 → 100644
View file @ f80d4c04
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
examplechart/Chart.yaml 0 → 100644
View file @ f80d4c04
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: examplechart
version: 0.1.0
examplechart/templates/NOTES.txt 0 → 100644
View file @ f80d4c04
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "examplechart.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "examplechart.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "examplechart.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "examplechart.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
examplechart/templates/_helpers.tpl 0 → 100644
View file @ f80d4c04
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "examplechart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "examplechart.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "examplechart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
examplechart/templates/deployment.yaml 0 → 100644
View file @ f80d4c04
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "examplechart.fullname" . }}
labels:
app: {{ template "examplechart.name" . }}
chart: {{ template "examplechart.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "examplechart.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "examplechart.name" . }}
release: {{ .Release.Name }}
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
examplechart/templates/ingress.yaml 0 → 100644
View file @ f80d4c04
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "examplechart.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app: {{ template "examplechart.name" . }}
chart: {{ template "examplechart.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}
examplechart/templates/service.yaml 0 → 100644
View file @ f80d4c04
apiVersion: v1
kind: Service
metadata:
name: {{ template "examplechart.fullname" . }}
labels:
app: {{ template "examplechart.name" . }}
chart: {{ template "examplechart.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "examplechart.name" . }}
release: {{ .Release.Name }}
examplechart/values.yaml 0 → 100644
View file @ f80d4c04
# Default values for examplechart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}