Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
No results found
Show changes
Commits on Source (45)
Hide whitespace changes
Inline Side-by-side
Showing
with 554 additions and 252 deletions
.env
View file @ f80d4c04
ca_cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkcmRXSmwKTFdOaE1CNFhEVEU0TURjd05ERXhNRGcxTjFvWERUSTRNRGN3TVRFeE1EZzFOMW93RWpFUU1BNEdBMVVFQXhNSAphM1ZpWlMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtCeHVxRmhGcmgrCmwxZ21sbU5DaVh5c21LYkFReDFMSFU2KzJnV01EQ3hnQmlNV3JFM3ZGYWdENkdxUFQ0SHlnanF5MUZBM0FzYkMKQkRCQnA3dkd1YmdKOUdpcERSdjNsNUxyQjg2YU14VFhGUGNIZlVtMTZGdXJrRXJyNDBsZzB1eVdrNUFPbjJHYgpUaTFPSE9vc1RJZ2dSbno0R0d5cWJXRXRiczJOd3ZQREV4d0dhQzk4UENIdTZjcVNjVnlhRnQvTmhMY1dTd0pMClcwVU52VnpEREdXaDAwT2NPVGhlRVF2aVlqdEU2TCt6Sk9IMGkwRk44RDR4RHpLZXRGdVBZU040Ym9ERFAzZnIKMHBabXVPbHo5VWZTZEtNaFl3aUxNYkYwMjduTDVJSWZFeS92cGhubDJleEtYN2ZtR1BMY1dVRFZoZ3VKcXNudQo2Tmt0ZytSa2xtc0NBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ0lEeDZEZWlRQUwvUmZLdldtTTdIOTEzc1ZTU0NzL3hDem4KKy9iQVphbGJFd0NjUGR4cWJGaHduOVN0THFZdlpyaktldnZRSkkwMkdtdld5WkRKY0tKYU9GQktPRlFkZjVPRwpzNHhCcTQwblJjY0RJaDhweFZWM2JQZlBLL3g2ODRYM2VQaGM5b0YyemNXaVp4ZUttR2lMZ01pbStIUnBZZmc2CitVSVJZZ1p3YS9nTkc1aHdlNjA0Rm5pUVdoZXpRNVRsdFozTkVzcUFHcVpFK3BnVW5tM0NPeEpiNGk2Rk1BRjUKcEE0bU5zdm00alV1L0lObHg4MENicXAyckprV1Q3ZVpqTFFwNUlXaXpVaG85M2V0ZjFUR0krelhHUGxmTzZzVApXa1kvN0prOWdHUVVaNHQ2RFBsT1A1K0J3UWt3NVFUWEJHVGJwRXF6NlM3TXFBVTRiSWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
token=ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSjBaWE4wSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaV055WlhRdWJtRnRaU0k2SW5SbGMzUXRkRzlyWlc0dE5UaG1Obm9pTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pZEdWemRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNkltVTNNalpsTldRMkxUbGhabVV0TVRGbE9DMDVOalV3TFRBd1l6QmtaREZoWldKa01DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHAwWlhOME9uUmxjM1FpZlEuc0ktamlpeEZiT2NsY0FMUDZkaEhVX2dqTG94SFRxaGJFclRnSGRRUVpFMnplRmlIdVREdFVTcnFNMUM2VDY3N2JrTjJqU3BiTTc0WkNabjVYMXhrZFhtZzR4OExVTWVIWHJvdGZxZ1lldXRWODhTZ19fMmZ1V0RnWEhfTENpMW9pR0FjR2tGSWtvU0FwYy1mRDF1MXZkenI4YkpnWFhIUGQxakpVMnZ2TFdrZmZHUEs4aDMzcWVWMlN1b1ZldWZqWVh6ZHpza3hlcTVxMlVzeTFGaWlxV0F6SHJyNXV2SHAtWTl4T3VPREs3SXhmSlRLOFQ5aDgzWXMzQXNLX3hFbUFFSHItZkVkTlFPbEl6Zng0NHZfc2xCZ2Z3RWZNTU92UUFVUmoxeTVJTjA3RHZiZWJEcWJjZkg4dS1TdGFLQVNaRG5zY3kzVlhua3AwcW5kWE9FTGFn
ca_cert=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkcmRXSmwKTFdOaE1CNFhEVEU0TVRFd05UQTVNVFV4TVZvWERUSTRNVEV3TWpBNU1UVXhNVm93RWpFUU1BNEdBMVVFQXhNSAphM1ZpWlMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUowL2JmOUFZbDZ1CnhIbmNQZEk4ejlSRGQ4N2srYnIvU0lwSEdKYnQyS0FLbjBnWUZxdnRPRk83Vk1SamlwblhFMXBHSmJicXVPMi8KcFVLekdsY3R2REV2QnVWa3VLSlZZUXF5Z0NZdXFWN01xVHpqOXZFZ2JNdHh5OStlL3NtcjB3bEdxa3hpWTdiVQp5aEpiSEpSeVFoMFFTdkhyam01K3ZHQVRqRU1yNmZZVjQwYlg4VjUrWG5sNko5R0xBVjdtOTRXalpjVUxVY0hoCjFhYjFhSFpMN3lCa3ppcFU0a20vamw0dDVzZDNiYlk0SENtbVo1WGdCcFBoNUlDL0hPTVlYd0U0VGNWb0VsWHYKdTZJR3RIa1ZJZ2xvcjUwTEZ6ZW5XeTE0eEJVRjFlemk0SmE5QVQzNFRGaWQrNXBSa25TSHJvYVFUbFcvZDFtUgpTN2JwSjBUSlFtRUNBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ1pUdzVlbzZvQVcxMlhmL1cyeEcrZFZ5dWpnZUZGUjNxSG4KSVMzUElzT29DbWk3Sk1vYmRCekdxUTNjdVYrN0JETEJHMzVlR0JSMFFyMGcycjc3cWhGRmF1SlZ5MnZyZG5WSQplQ3gzaDFIRy9vK0JKckJxV3d5YmVCcGNHb1VUWDNhOWFOd0JKZDlQK3h2aUFySml1TGlHcHgybW85VFRPUHZNCmxzR3o3SG5QSG1aTkNoTExwWXd3ZndUbyt0TlhhZ25FeWw3aWowcVVLSXZXSFdlbDhGLytWeEFVdHRsZGhIZngKS1ErMVhnMU1ic2hZWC9zeERXTTZ4L1V0VUIrc3ZETXhOaDN0UHNtazFha0NMbi9hTkxOVjJvRHhOV0FtZ2kvdwp5TUtCK2pJcTdIb3lYOHhwRVRuVDRIWG1CRjRxQVY3L00rVm52U0ZrSHExNXkwSUhveDA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
token=ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSjBaWE4wSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaV055WlhRdWJtRnRaU0k2SW5SbGMzUXRkRzlyWlc0dE5ISnNjbUlpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pZEdWemRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqbGpaR0l3WVdZM0xUVXdPV1V0TVRGbE9TMWlNRFl4TFRBd1l6QmtaREZoWldKa01DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHAwWlhOME9uUmxjM1FpZlEuZmlJNzJTM2tuRXBNQVkxQzJFTXQ3T1pIV2FlbU5yN2xNYzZuVmZvWjAyQ0NnWWZoNEN5OHMwek43bFY1dXYzWVlvY1l2ZmJieW9jcDZPdnFtZEVrb2hhel9ORWt2dS1JV2IwRlY4RjlEcm1sYmZkejVyZkJxVWF0dkZBdG9MM2pjY0NNZ2I2eERoVVJ5WVBTcDJwdEpfZ1J6Ykg3ZWtFNWtvSG1ZRC1uUWxiaUhybHUzZENuZHhscW9iZ0ZxY21GWEFzWjNRTVNvVE4zYXpfUGpkZ2F2R3ZmaW5QaXN3eC1adk9ob1JzU01NT21ha3dhOEtPY3NLcnY3MmlscDJQVVhUX29YN3JyUFdPUkd1V096ekFsRF90cTVuNzFiLUxqMi12R2lKYm9FLS1wS1gzV0FQb29WWnNmX2pNWWN2LU5odTY3TERyWDBiLThicDlVckI0U1Fn
docker_config=foobar
\ No newline at end of file
.gitignore
View file @ f80d4c04
/.idea
/.tmp
\ No newline at end of file
.gitlab-ci.yml
View file @ f80d4c04
......@@ -6,7 +6,9 @@ stages:
- mirror
variables:
image_name: ubleipzig/deployer
production_repo: ubleipzig/deployer
staging_repo: services.ub.uni-leipzig.de:11443/bdd_dev/deployer
alpha_repo: services.ub.uni-leipzig.de:11443/bdd_dev/deployer
docker_build:
stage: build
......@@ -37,11 +39,11 @@ docker_publish_alpha:
services:
- docker:dind
script: |
test "${DOCKER_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
test "${DOCKER_ALPHA_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_ALPHA_AUTH_CONFIG" >~/.docker/config.json
docker load --input=image.tar.gz
docker tag image ${image_name}:alpha-${CI_COMMIT_REF_NAME}
docker push ${image_name}:alpha-${CI_COMMIT_REF_NAME}
docker tag image ${alpha_repo}:alpha-${CI_COMMIT_REF_SLUG}
docker push ${alpha_repo}:alpha-${CI_COMMIT_REF_SLUG}
dependencies:
- docker_build
tags:
......@@ -57,11 +59,11 @@ docker_publish_staging:
services:
- docker:dind
script: |
test "${DOCKER_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
test "${DOCKER_STAGING_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_STAGING_AUTH_CONFIG" >~/.docker/config.json
docker load --input=image.tar.gz
docker tag image ${image_name}:staging
docker push ${image_name}:staging
docker tag image ${staging_repo}:staging
docker push ${staging_repo}:staging
dependencies:
- docker_build
tags:
......@@ -75,8 +77,8 @@ docker_publish_production:
services:
- docker:dind
script: |
test "${DOCKER_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
test "${DOCKER_PRODUCTION_AUTH_CONFIG}" == "" && echo "docker-config does not exists, aborting!" && false
mkdir -p ~/.docker && echo "$DOCKER_PRODUCTION_AUTH_CONFIG" >~/.docker/config.json
docker load --input=image.tar.gz
export version=`expr ${CI_COMMIT_TAG} ':' 'release/\(.\+\)'`
export major_version=`expr ${version} ':' '\([^.]\+\)'`
......@@ -84,8 +86,8 @@ docker_publish_production:
export patch_version=`expr ${version} ':' '[^.]\+\.[^.]\+\.\(.\+\)'`
echo "major version ${major_version}, minor version ${minor_version}, patch version ${patch_version}"
for tag in "latest" "${major_version}" "${major_version}.${minor_version}" "${version}";do
docker tag image ${image_name}:${tag}
docker push ${image_name}:${tag}
docker tag image ${production_repo}:${tag}
docker push ${production_repo}:${tag}
done
dependencies:
- docker_build
......
Changelog.md
View file @ f80d4c04
# Changelog
## [1.5.1] - 2023-04-26
* minor addition to output text of docker tag and push commands
## [1.5.0] - 2020-01-20
* release of first new stable deployer using **helm v3.4**
## [1.5.0-rc4] - 2020-01-08
### Fixes
* removes ```service_account``` as parameter
* no longer used since helm v3 and abolition of tiller
## [1.5.0-rc3] - 2020-01-07
### Changes
* upgrades **helm** to version v3.4.2
## [1.5.0-rc2] - 2020-12-18
### Fixes
* fixing _--timeout_ setting to **helm** install routine and setting new default of 120s
* cmp. _--timeout_ variable has to been pattern of [Golang duration](https://golang.org/pkg/time/#ParseDuration)
## [1.5.0-rc1] - 2020-12-18
### Changes
* upgrades **helm** to new major version v3.4.1
* removes **tiller** configuration and parameter as _--service-account_
## [1.4.7] - 2019-04-02
### Added
* `jq`-binary to docker-image
## [1.4.6] - 2019-03-27
### Added
* explicitly deleting chart when `PENDING`, `FAILED` or `DELETED` since this blocks
redeploying previous deployments
## [1.4.5] - 2019-03-27
### Added
* `git`-binary to docker-image
### Replaced
* `upgrade --foce` instead of explicitly deleting chart. Hopefully this will solve issues
with redeploying previously failed deployments
## [1.4.4] - 2019-03-18
### Added
* debug-option which outputs executed commands and their arguments
* `--pull` to always try to pull newer images before building
### Fixed
* Dockerfile is now context-sensitive when not specified explicitly (default docker-behaviour)
## [1.4.3] - 2019-03-14
### Added
* option to specify the path to the Dockerfile
## [1.4.2] - 2019-03-14
### Added
* option to specify the image name. Useful for inherent builds
## [1.4.1] - 2019-03-13
### Fixed
* not testing for unused parameters because of reusing existing configs
## [1.4.0] - 2019-03-13
### Added
* new command `init` to only initialize docker, helm and kubectl
* `--reset` flag to remove eventually existing config-folders
### Changes
* updates **helm** from 2.12.3 to 2.13.0
* script now runs as non-root user
* removes namespace from kubectl-context and added it explicitly to helm
## [1.3.2] - 2019-02-21
### Changed
* updates helm from 2.9.1 to 2.12.3
## [1.3.1] - 2019-02-21
### Added
* new option `--timeout`
## [1.3.0] - 2019-01-12
### Added
* new option `--build-context`
### Changed
* omitting `--output` is skipping image-saving to a file rather than failing execution
## [1.2.4] - 2018-12-17
### Added
* reintroduced image-import prior to build
## [1.2.3] - 2018-11-05
### Changed
* option `--certificate-authority` is now optional, so you do not need to provide it in case your api server is using a valid public certificate
* removed image-import prior to build - introduced in v1.2.1 - since it is useless
## [1.2.2] - 2018-09-12
### Fixed
* upgrade performs with `--recreate-pods` to always recreate pods
## [1.2.1] - 2018-09-05
### Changed
* enable import image prior to build process with `--input`
## [1.2.0] - 2018-09-05
### Added
* `add-repo` command to add remote repositories
### Changed
* increase timeout from 60 to 120
## [1.1.1] - 2018-08-14
### Added
* `--values` option to specify value overrides from YAML file
## [1.1.0] - 2018-08-08
### Added
* `undeploy` command
## 1.0.0 - 2018-08-06
* initial release
[1.1.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.0.0...release%2F1.1.0
[1.1.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.1.0...release%2F1.1.1
[1.2.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.1.1...release%2F1.2.0
[1.2.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.0...release%2F1.2.1
[1.2.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.1...release%2F1.2.2
[1.2.3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.2...release%2F1.2.3
[1.2.4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.3...release%2F1.2.4
[1.3.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.2.4...release%2F1.3.0
[1.3.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.0...release%2F1.3.1
[1.3.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.1...release%2F1.3.2
[1.4.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.3.2...release%2F1.4.0
[1.4.1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.0...release%2F1.4.1
[1.4.2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.1...release%2F1.4.2
[1.4.3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.2...release%2F1.4.3
[1.4.4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.3...release%2F1.4.4
[1.4.5]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.4...release%2F1.4.5
[1.4.6]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.5...release%2F1.4.6
[1.4.7]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.6...release%2F1.4.7
[1.5.0-rc1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.7...release%2F1.5.0-rc1
[1.5.0-rc2]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc1...release%2F1.5.0-rc2
[1.5.0-rc3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc2...release%2F1.5.0-rc3
[1.5.0-rc4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc3...release%2F1.5.0-rc4
[1.5.0]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.5.0-rc4...release%2F1.5.0
Dockerfile
View file @ f80d4c04
FROM docker:latest
COPY assets/deployer /usr/local/bin/
WORKDIR /app
RUN apk add --no-cache bash curl \
ENV APP_USER=deployer
RUN apk add --no-cache bash curl git jq \
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl >/usr/local/bin/kubectl \
&& curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm
\ No newline at end of file
&& curl -L https://get.helm.sh/helm-v3.4.2-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm \
&& addgroup -S ${APP_USER} \
&& adduser -S -h /home/${APP_USER} -G ${APP_USER} -s /bin/sh ${APP_USER}
USER deployer
\ No newline at end of file
Readme.md
View file @ f80d4c04
......@@ -44,8 +44,7 @@ $ deployer deploy \
--certificate-authority "$base64_encoded_cacert" \
--token "$base64_encoded_bearer_token" \
--name example-staging \
--charts ./helmcharts \
--service-account tiller-service-account
--charts ./helmcharts
```
*deploys helm-charts found at `./helmcharts` to namespace *example_namespace**
......@@ -53,19 +52,70 @@ Depending on existing deployment with the same name either an installation or an
Upgrades always recreate the pods. If the image is pulled depends on `imagePullPolicy` of the container specs.
## deployer undeploy
This command undeploys a deployment from a kubernetes cluster. The credentials are provided by the cluster-admin as well as the namespace and the service-account.
```
$ deployer undeploy \
--namespace example_namespace \
--cluster-url https://k8s-cluster.example.com:6443 \
--certificate-authority "$base64_encoded_cacert" \
--token "$base64_encoded_bearer_token" \
--name example-staging
```
*undeploys deployment named *example-staging* from namespace *example_namespace**
## deployer add-repo
This command adds a public repository of helm-charts to choose from. The credentials are provided by the cluster-admin as well as the namespace and the service-account.
```
$ deployer deploy \
--namespace example_namespace \
--cluster-url https://k8s-cluster.example.com:6443 \
--certificate-authority "$base64_encoded_cacert" \
--token "$base64_encoded_bearer_token" \
--name incubator \
--repo-url https://kubernetes-charts-incubator.storage.googleapis.com/
```
*adds the* incubator *repository with the url https://kubernetes-charts-incubator.storage.googleapis.com/*
From now on charts located in this repository can be deployed by using the `--charts` option and providing the chart prefixed by `incubator/`.
# Advanced Configuration
## docker init
* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
## docker build
* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
* `--build-arg`: used to provide build-arguments do `docker build`-command. This is mainly used for `HTTP_PROXY`/`http_proxy`: When you specify `--build-arg HTTP_PROXY=...` the tool adds the build argument `--build-arg http_proxy=...` as well, so lower-case proxy-variables are provided automatically. Nevertheless can you use this option to provide your own build-arguments within the `Dockerfile`
* `--output`: sets the filepath to the file where the built image is saved
* `--output`: sets the filepath to the file where the built image is saved. If omitted the image is not saved to a file. Also the script trys to import an eventually existing file prior to building in order to make usage of its layers as build-cache.
* `--build-context`: sets the build-context for `docker build` to a custom path. If omitted the path where the command is invoked is used.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--image-name`: sets the image name in the local docker-registry. Can be useful for following builds to build upon existing builds
* `--docker-file`: sets the path to the Dockerfile
* `--pull`: tells docker to always pull newer images before building
* `--debug`: outputs executed commands
## docker publish
* `--import`: sets the filepath to the file from where the image is loaded
* `--input`: sets the filepath to the file from where the image is loaded
* `--docker-config`: sets the content of the file `~/.docker/config.json` which is used by docker to authenticate to the registry. This can contain multiple registry-servers and there credentials. Which registry is used depends on the image name.
* `--name`: sets the name of the image. If you do not wish to publish to [Docker-Hub], you have to specify a server, e.g. `registry.example.com/my-image`. **Be aware that you need to provide credentials in your docker-config if the registry requires authentication.
* `--tags`: sets the tags of the image. Provide multiple `--tag`-options if you wish to tag an image with multiple tags.
* `--tag`: sets the tags of the image. Provide multiple `--tag`-options if you wish to tag an image with multiple tags.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--image-name`: specifys the image name in the local docker-registry to publish
* `--debug`: outputs executed commands
## docker deploy
......@@ -73,7 +123,52 @@ Upgrades always recreate the pods. If the image is pulled depends on `imagePullP
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
* `--charts`: sets the path where the helm-charts reside.
* `--name`: sets the name of the deployment.
* `--charts`: sets the path where the helm-charts reside or the public chart e.g. `stable/maridb`.
* `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times.
* `--set`: overrides the values from `Values.yaml` in the helm-charts. Provide multiple `--set`-options if you want to provide multiple overrides.
* `--set-string`: overrides the values from `Values.yaml` in the helm-charts as string. Provide multiple `--set-string`-options if you want to provide multiple overrides.
* `--timeout`: sets the timeout for helm. defaults to `120s` seconds. String has to be a pattern of [GoLang duration](https://golang.org/pkg/time/#ParseDuration).
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
## docker undeploy
* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--name`: sets the name of the deployment.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
## docker add-repo
* `--cluster-url`: sets the url to the kube-apiserver. This URL is provided by the k8s-admin.
* `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
* `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
* `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
* `--name`: sets the name of the repo to add.
* `--repo-url`: sets the repository-url of the repo to add.
* `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
* `--debug`: outputs executed commands
# Assumptions
This tool makes a few assumptions in order to simplify usage respecting the workflow and cluster-configuration principals if University Library Leipzig
## One service account per namespace
Namespaces are used to separate a project deployment from another. Each namespace is unique per project per deployment i.e. *website-alpha*, *website-staging* and *website-production*.
The rights of a service account are bound to a namespace, therefore each namespace has its own service account which is allowed to apply deployments in it.
By this we are able to publish the credentials of uncritical deployments such as *alpha* and *staging* to developers, so they can independently deploy their features. The credentials of critical deployments such as *production* are restricted to maintainers which are held responsible for their deployments.
## Helmchart location
Each project consists of one or more applications which are deployed together in the projects deployment-environment. Each application is responsible for its own components and defines it via helm charts located in the application repository. For consistency this folders should be named `helmchart`.
[Workflow of University Library of Leipzig]: https://git.sc.uni-leipzig.de/ubl/git-test/wikis/home
[Advanced Configuration]: #Advanced-Configuration
[Docker-Hub]: https://hub.docker.com/u/ubleipzig/dashboard/
\ No newline at end of file
assets/deployer
View file @ f80d4c04
......@@ -9,19 +9,23 @@ context="context"
account="account"
ca_file="${HOME}/k8s-ca.crt"
image_file=""
docker_file=""
dockerconfig=""
tags=""
helmargs=""
buildargs=""
charts=""
sets=""
setstrings=""
name=""
certificate_authority=""
token=""
namespace=""
cluster_url=""
service_account=""
repo_url=""
build_context="."
timeout="120s"
reset=""
dockerargs=""
debug=""
! getopt --test > /dev/null
if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
echo "I’m sorry, `getopt --test` failed in this environment."
......@@ -29,7 +33,7 @@ if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
fi
OPTIONS=
LONGOPTS=docker-config:,tag:,build-arg:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:
LONGOPTS=docker-config:,tag:,build-arg:,values:,set:,set-string:,charts:,name:,token:,certificate-authority:,namespace:,cluster-url:,service-account:,output:,input:,repo-url:,build-context:,timeout:,reset,image-name:,docker-file:,pull,debug
# -use ! and PIPESTATUS to get exit code with errexit set
# -temporarily store output to be able to check for errors
......@@ -59,12 +63,8 @@ while true; do
buildargs="${buildargs} $2"
shift 2
;;
-s|--set)
sets="${sets} $2"
shift 2
;;
--set-string)
setstrings="${setstrings} $2"
-f|--values|-s|--set|--set-string)
helmargs="${helmargs} $1 $2"
shift 2
;;
-c|--charts)
......@@ -91,18 +91,42 @@ while true; do
cluster_url="$2"
shift 2
;;
--service-account)
service_account="$2"
--output|--input)
image_file="$2"
shift 2
;;
--output)
image_file="$2"
--repo-url)
repo_url="$2"
shift 2
;;
--input)
image_file="$2"
--build-context)
build_context="$2"
shift 2
;;
--timeout)
timeout="$2"
shift 2
;;
--reset)
reset="true"
shift
;;
--image-name)
image_name="$2"
shift 2
;;
--docker-file)
docker_file="-f $2"
shift 2
;;
--pull)
dockerargs="${dockerargs} --pull"
shift
;;
--debug)
debug="true"
shift
;;
--)
shift
break
......@@ -115,20 +139,38 @@ while true; do
esac
done
debug() {
if [ "$debug" != "true" ];then return; fi
echo -e "\n[$(date +'%Y-%m-%d')] ${FUNCNAME[1]}: $@"
}
prepare_kubectl() {
local out
echo -ne "setting kubectl "
local args=""
if [ "${reset}" == "true" ];then
echo -ne "Removing \".kube\" folder (because \"--reset\" was provided) ..."
debug "rm -rf ${HOME}/.kube/*"
out=`rm -rf ${HOME}/.kube/*`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
elif [ -d "${HOME}/.kube" ];then
echo "Folder \".kube\" already exists. If you want to ignore it provide the \"--reset\" parameter. Skipping"
return 0
fi
echo -ne "Setting kubectl "
if [ "${cluster_url}" == "" ];then
echo "failed! No cluster url set."
echo "Please be sure to provide a cluster url via --cluster-url"
return 1
fi
if [ "${certificate_authority}" == "" ];then
echo "failed! No certificate authority set."
echo "Please be sure to provide a certificate authority via --certificate-authority"
fi
if [ "${token}" == "" ];then
echo "failed! No token set."
echo "Please be sure to provide a token via --token"
......@@ -139,23 +181,16 @@ prepare_kubectl() {
echo "Please be sure to provide a namespace via --namespace"
fi
if [ "${service_account}" == "" ];then
echo "failed! No service-account set."
echo "Please be sure to provide a service-account via --service-account"
fi
out=`rm -rf ~/.kube`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi;
echo ""
if [ "${certificate_authority}" != "" ];then
echo "${certificate_authority}" | base64 -d >"${ca_file}"
args=" --certificate-authority=${ca_file} --embed-certs=true"
fi
echo -ne "\tSetting cluster..."
echo "${certificate_authority}" | base64 -d >"${ca_file}"
out=`kubectl config set-cluster "${cluster_name}" --certificate-authority=${ca_file} --server="${cluster_url}" --embed-certs=true`
debug "kubectl config set-cluster \"${cluster_name}\" --server=${cluster_url}${args}"
out=`kubectl config set-cluster "${cluster_name}" --server=${cluster_url}${args}`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
......@@ -164,6 +199,7 @@ prepare_kubectl() {
echo "done"
echo -ne "\tSetting credentials..."
debug "kubectl config set-credentials \"${account}\" --token=\"$(echo ${token} | base64 -d)"
out=`kubectl config set-credentials "${account}" --token="$(echo ${token} | base64 -d)"`
if [ "$?" != "0" ];then
echo "failed"
......@@ -173,7 +209,8 @@ prepare_kubectl() {
echo "done"
echo -ne "\tSetting context..."
out=`kubectl config set-context "${context}" --user="${account}" --cluster="${cluster_name}" --namespace="${namespace}"`
debug "kubectl config set-context \"${context}\" --user=\"${account}\" --cluster=\"${cluster_name}\""
out=`kubectl config set-context "${context}" --user="${account}" --cluster="${cluster_name}"`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
......@@ -182,6 +219,7 @@ prepare_kubectl() {
echo "done"
echo -ne "\tActivating context..."
debug "kubectl config use-context \"${context}\""
out=`kubectl config use-context "${context}"`
if [ "$?" != "0" ];then
echo "failed"
......@@ -192,7 +230,8 @@ prepare_kubectl() {
echo -ne "\tTesting context..."
for resource in deployment service configmap;do
out=`kubectl auth can-i create $resource`
debug "kubectl --namespace=\"${namespace}\" auth can-i create $resource"
out=`kubectl --namespace="${namespace}" auth can-i create $resource`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
......@@ -205,16 +244,49 @@ prepare_kubectl() {
}
prepare_helm() {
echo -ne "Preparing helm..."
out=`helm init --wait --tiller-namespace="${namespace}" --service-account ${service_account} --force-upgrade`
if [ "${reset}" == "true" ];then
echo -ne "Removing \".helm\" folder (because \"--reset\" was provided) ..."
debug "rm -rf ${HOME}/.helm/*"
out=`rm -rf ${HOME}/.helm/*`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
elif [ -d "${HOME}/.helm" ];then
echo "Folder \".helm\" already exists. If you want to ignore it provide the \"--reset\" parameter. Skipping"
return 0
fi
return 0
}
helm_add_repo() {
echo -ne "Adding repository \"${name}\" ..."
if [ "${name}" == "" ];then
echo "failed"
echo "no repository name specified"
return 1
fi
if [ "${repo_url}" == "" ];then
echo "failed"
echo "no repository-url specified"
return 1
fi
local cmd="helm repo add ${name} ${repo_url}"
debug "$cmd"
local out=`$cmd 2>&1`
if [ "$?" != "0" ];then
echo "failed!"
echo "failed"
echo "$out"
return 1
fi
echo "done"
return 0
}
helm_deploy() {
......@@ -235,8 +307,9 @@ helm_deploy() {
local out
local cmd
if [ "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} --pending --deleted --failed --short | grep ${name})" != "" ];then
out=`helm delete --tiller-namespace=${namespace} --purge ${name} 2>&1`
if [ "$(helm ls --namespace=${namespace} --pending --failed --short | grep ${name})" != "" ];then
debug "helm uninstall --namespace=${namespace} ${name}"
out=`helm uninstall --namespace=${namespace} ${name} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
......@@ -244,18 +317,10 @@ helm_deploy() {
fi
fi
cmd="helm upgrade --install --wait --timeout=60 --tiller-namespace=${namespace} --namespace=${namespace}"
for set in ${sets};do
cmd="$cmd --set ${set}"
done
for setstring in ${setstrings}; do
cmd="$cmd --set-string ${setstring}"
done
cmd="$cmd ${name} ${charts}"
helmargs=$(echo -e "$helmargs" | sed -E 's/(^[[:space:]]*)|([[:space:]]*$)//g')
cmd="helm upgrade --install --wait --timeout=${timeout} --namespace=${namespace}"
cmd="$cmd --namespace=${namespace} --force ${name} ${charts} ${helmargs}"
debug "$cmd"
out=`$cmd 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -277,7 +342,8 @@ helm_undeploy() {
local out
out=`helm delete --tiller-namespace=${namespace} ${name} 2>&1`
debug "helm uninstall --namespace=\"${namespace}\" ${name}"
out=`helm uninstall --namespace="${namespace}" ${name} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -289,14 +355,29 @@ helm_undeploy() {
}
prepare_image_publisher() {
echo -ne "setting docker auth config ..."
if [ "${dockerconfig}" == "" ];then
echo "failed! No auth config found"
echo "Please be sure to provide the docker config via option --docker-config"
return 1
echo "No auth config found (you can provide the docker config via option --docker-config). Skipping"
return 0
fi
if [ "${reset}" == "true" ];then
echo -ne "Removing \".docker\" folder (because \"--reset\" was provided) ..."
debug "rm -rf ${HOME}/.docker/*"
out=`rm -rf ${HOME}/.docker/*`
if [ "$?" != "0" ];then
echo "failed"
echo "$out"
return 1
fi
echo "done"
elif [ -d "${HOME}/.docker" ];then
echo "Folder \".docker\" already exists. If you want to ignore it provide the \"--reset\" parameter. Skipping"
return 0
fi
rm -rf ~/.docker && mkdir -p ~/.docker && echo "${dockerconfig}" >~/.docker/config.json
echo -ne "Setting docker auth config ..."
debug "mkdir -p ${HOME}/.docker && echo \"${dockerconfig}\" >${HOME}/.docker/config.json"
mkdir -p ${HOME}/.docker && echo "${dockerconfig}" >${HOME}/.docker/config.json
if [ "$?" != "0" ];then
echo "failed"
return 1
......@@ -310,11 +391,11 @@ save_image() {
echo -ne "saving image ..."
if [ "${image_file}" == "" ];then
echo "failed"
echo "no image name specified"
return 1
echo "skipped. No filename specified"
return 0
fi
debug "docker save --output=${image_file} ${image_name}"
out=`docker save --output=${image_file} ${image_name} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -329,14 +410,15 @@ build_image() {
echo -ne "building image..."
local out
local cmd="docker build --pull"
local cmd="docker build ${dockerargs} --cache-from=${image_name}"
for arg in $buildargs;do
echo "adding $arg to build command"
echo -e "\nadding $arg to build command"
cmd="$cmd --build-arg $arg --build-arg ${arg,,}"
done
cmd="$cmd -t ${image_name} ."
cmd="$cmd -t ${image_name} ${docker_file} ${build_context}"
debug "$cmd"
out=`$cmd 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -352,17 +434,16 @@ import_image() {
echo -ne "importing image..."
if [ "${image_file}" == "" ];then
echo "failed! No image file specified"
echo "Make sure to specify an image file via --input"
return 1
echo "skipped! No image file specified"
return 0
fi
if [ ! -f $image_file ];then
echo "failed"
echo "${image_file} not found"
return 1
echo "skipped. \"${image_file}\" not found"
return 0
fi
debug "docker load --input=${image_file}"
out=`docker load --input=${image_file} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
......@@ -393,15 +474,17 @@ publish_image() {
echo ""
for tag in $tags; do
echo -ne "\t${name}:${tag}..."
debug "docker tag ${image_name} ${name}:${tag}"
out=`docker tag ${image_name} ${name}:${tag} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "docker tag failed"
echo "$out"
return 1
fi
debug "docker push ${name}:${tag}"
out=`docker push ${name}:${tag} 2>&1`
if [ "$?" != "0" ];then
echo "failed"
echo "docker push failed"
echo "$out"
return 1
fi
......@@ -417,12 +500,18 @@ if [[ $# -ne 1 ]]; then
fi
case $1 in
init)
prepare_kubectl && prepare_helm && prepare_image_publisher
;;
build)
build_image && save_image
prepare_image_publisher && import_image && build_image && save_image
;;
publish)
prepare_image_publisher && import_image && publish_image
;;
add-repo)
prepare_kubectl && prepare_helm && helm_add_repo
;;
deploy)
prepare_kubectl && prepare_helm && helm_deploy
;;
......@@ -432,4 +521,4 @@ case $1 in
help)
echo "help"
;;
esac
\ No newline at end of file
esac
custom-context/Dockerfile 0 → 100644
View file @ f80d4c04
FROM busybox
CMD ["/bin/sh", "-c", "echo hello world"]
docker-compose.yml
View file @ f80d4c04
version: '2'
services:
build:
init:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}"
init-with-existing:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
- ./.tmp/.kube:/home/deployer/.kube
- ./.tmp/.docker:/home/deployer/.docker
- ./.tmp/.helm:/home/deployer/.helm
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer init
init-with-existing-and-reset:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
- ./.tmp/.kube:/home/deployer/.kube
- ./.tmp/.docker:/home/deployer/.docker
- ./.tmp/.helm:/home/deployer/.helm
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer init --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --docker-config "${docker_config}" --reset
build:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --output .tmp/image.tar.gz
build-no-save:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build
build-with-pull:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --pull
build-custom-context:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --build-context ./custom-context --output .tmp/image.tar.gz
build-custom-dockerfile:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer build --docker-file ./custom-context/Dockerfile --output .tmp/image.tar.gz
publish:
build: .
volumes:
......@@ -31,7 +114,18 @@ services:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --name testdeploy --charts ./examplechart --service-account test --set image.tag=stable
command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name testdeploy --charts ./examplechart --set image.tag=stable --timeout 120s
deploy-without-ca:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --token ${token} --service-account test --name testdeploy --charts ./examplechart --set image.tag=stable
undeploy:
build: .
......@@ -42,7 +136,18 @@ services:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer undeploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --name testdeploy --service-account test
command: deployer undeploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name testdeploy
add-repo:
build: .
volumes:
- ./:/app
- ./assets/deployer:/usr/local/bin/deployer
depends_on:
- docker
environment:
DOCKER_HOST: tcp://docker:2375
command: deployer add-repo --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name test --repo-url https://kubernetes-charts.storage.googleapis.com
docker:
image: docker:dind
......
docs/deployenv.md deleted 100644 → 0
View file @ a3cd374f
# create deploy environment
consists of
* _namespace_: where will all services be deployed
* _service account_: which account will deploy the services
## install via helm
assuming the service-account name is "testuser" and the namespace is "testns"
```
$ helm install k8s-admin/deployenv/ \
--wait \
--name test-deployenv \
--set saName=testuser \
--set namespace=testns \
```
_will create a service account *testuser* in namespace *testns*. the helm install-name is *test-deployenv*_
# remove serviceaccount
```
$ helm delete --purge test-deployenv
```
_will remove namespace service account, role and rolebinding for helm-install *test-deployenv*_
# retrieve bearer token for service account
```
$ export ns=testns
$ export user=testuser
$ kubectl --namespace $ns get secret $(kubectl --namespace ${ns} get serviceaccount $user -o jsonpath={.secrets[0].name}) -o jsonpath={.data.token}
\ No newline at end of file
docs/workflow.wsd deleted 100644 → 0
View file @ a3cd374f
@startuml "Deploy Alpha"
"Developer" as dev -> "Gitlab" as gitlab: commit:1-issue
gitlab -> "CI-Runner" as runner: build image
runner->runner: docker build
runner-->gitlab: ok (docker-image)
gitlab->runner: publish image
runner->hub as "Docker-Hub": docker push alpha-1-issue
hub-->runner: ok
runner-->gitlab: ok
gitlab->runner: deploy
runner->cluster as "K8S-Cluster": helm install alpha-1-issue
cluster->hub: docker pull alpha-1-issue
hub-->cluster: docker-image
cluster->cluster: deploy alpha
cluster-->runner: ok
runner-->gitlab: ok
gitlab-->dev: https://alpha.uni-leipzig.de/alpha-1-issue/
@enduml
\ No newline at end of file
k8s-admin/deployenv/.helmignore deleted 100644 → 0
View file @ a3cd374f
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
k8s-admin/deployenv/Chart.yaml deleted 100644 → 0
View file @ a3cd374f
apiVersion: v1
appVersion: "1.0"
description: Create helm deploy environment
name: deployenv
version: 0.1.0
k8s-admin/deployenv/templates/NOTES.txt deleted 100644 → 0
View file @ a3cd374f
k8s-admin/deployenv/templates/_helpers.tpl deleted 100644 → 0
View file @ a3cd374f
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "dacap.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dacap.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dacap.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
k8s-admin/deployenv/templates/namespace.yaml deleted 100644 → 0
View file @ a3cd374f
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespace }}
k8s-admin/deployenv/templates/role.yaml deleted 100644 → 0
View file @ a3cd374f
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: {{ .Values.roleName }}
namespace: {{ .Values.namespace }}
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
\ No newline at end of file
k8s-admin/deployenv/templates/rolebinding.yaml deleted 100644 → 0
View file @ a3cd374f
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: {{ .Values.roleBindingName }}
namespace: {{ .Values.namespace }}
subjects:
- kind: ServiceAccount
name: {{ .Values.saName }}
namespace: {{ .Values.namespace }}
roleRef:
kind: Role
name: {{ .Values.roleName }}
apiGroup: rbac.authorization.k8s.io
k8s-admin/deployenv/templates/serviceaccount.yaml deleted 100644 → 0
View file @ a3cd374f
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.saName }}
namespace: {{ .Values.namespace }}
\ No newline at end of file
k8s-admin/deployenv/values.yaml deleted 100644 → 0
View file @ a3cd374f
namespace: default
saName: tiller
roleName: tiller-manager
roleBindingName: tiller-binding
\ No newline at end of file