Skip to content

Commit

Permalink
feat: Add deployer for next and live env (#71)
Browse files Browse the repository at this point in the history
* feat: Add basic kustomize base with overlays

* feat: Use kustomize
  • Loading branch information
42atomys authored Apr 23, 2022
1 parent 5ccbeca commit e5e7bef
Show file tree
Hide file tree
Showing 11 changed files with 235 additions and 48 deletions.
85 changes: 85 additions & 0 deletions .github/workflows/deployer.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
name: 'Review App - Build 🔧'
on:
pull_request:
branches:
- main
push:
branches:
- main
release:
types:
- prereleased
- published
jobs:
build_and_push:
name: 'Build & push to ghcr.io 🔧'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Log in to the Container registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v3
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
github-token: ${{ github.token }}

- name: Build and push Docker image
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: build/Dockerfile

deploy_next:
name: Deploy to next 🎉
runs-on: ubuntu-latest
needs: [ build_and_push ]
if: github.event.release.action == "prereleased"
steps:
- uses: actions/checkout@v3
- uses: azure/setup-kubectl@v2.0
- uses: imranismail/setup-kustomize@v1
- uses: azure/k8s-set-context@v2
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG_ADMIN }}
cluster-type: generic
- run: |
cd deploy/app/jwkts-service/overlays/next
kustomize edit set image app=ghcr.io/42atomys/stud42:${{ github.event.release.tag_name }}
kustomize build . | kubectl apply -f -
deploy_live:
name: Deploy to live 🚀
runs-on: ubuntu-latest
needs: [ build_and_push, deploy_next ]
if: github.event.release.action == "prereleased"
steps:
- uses: actions/checkout@v3
- uses: azure/setup-kubectl@v2.0
- uses: azure/k8s-set-context@v2
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG_ADMIN }}
cluster-type: generic
- run: |
cd deploy/app/jwkts-service/overlays/live
kustomize edit set image app=ghcr.io/42atomys/stud42:${{ github.event.release.tag_name }}
kustomize build . | kubectl apply -f -
48 changes: 0 additions & 48 deletions .github/workflows/review-apps.yaml

This file was deleted.

11 changes: 11 additions & 0 deletions deploy/app/jwkts-service/base/certificate.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jwtks-service
spec:
dnsNames:
- jwtks.review-apps.svc.cluster.local
issuerRef:
kind: ClusterIssuer
name: selfsigned-issuer
secretName: jwtks-service-tls
29 changes: 29 additions & 0 deletions deploy/app/jwkts-service/base/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: stud42-config
data:
stud42.yaml: |
# API relatives configurations
api: {}
# Interface relatives configurations
interface: {}
# jwtks service relatives configurations
jwtks:
# Endpoint of the public JWKSet can be used to validate
# a JWT Token
endpoint: https://s42.app/.well-known/jwks
# Certs used to sign and validate the JWT
# Also called : The JWK
jwk:
cert_private_key: /etc/certs/tls.key
cert_public_key: /etc/certs/tls.crt
# Certs used to secure the GRPC Endpoint with SSL/TLS
grpc:
cert_private_key: /etc/certs/tls.key
cert_public_key: /etc/certs/tls.crt
discord:
guild_id: '248936708379246593'
36 changes: 36 additions & 0 deletions deploy/app/jwkts-service/base/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: jwtks-service
spec:
selector: {}
template:
spec:
imagePullSecrets:
- name: ghcr-creds
containers:
- name: service
image: app
env:
- name: GO_ENV
value: review-apps
- name: SENTRY_DSN
valueFrom:
secretKeyRef:
key: 'JWTKS_SERVICE_DSN'
name: 'sentry-dsns'
volumeMounts:
- name: certs
mountPath: '/etc/certs'
readOnly: true
resources:
limits:
memory: "42Mi"
cpu: "5m"
ports:
- containerPort: 5000
- containerPort: 5500
volumes:
- name: certs
secret:
secretName: jwtks-service-tls
14 changes: 14 additions & 0 deletions deploy/app/jwkts-service/base/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
resources:
- certificate.yaml
- configmap.yaml
- deployment.yaml
- service.yaml
- virtual-service.yaml

commonLabels:
kubernetes.io/name: jwtks-service
app.kubernetes.io/version: '0.1'
app.kubernetes.io/component: micro-service
app.kubernetes.io/part-of: s42-app
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: github-actions
17 changes: 17 additions & 0 deletions deploy/app/jwkts-service/base/service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: jwtks-service-grpc
spec:
ports:
- port: 5000
targetPort: 5000
---
apiVersion: v1
kind: Service
metadata:
name: jwtks-service-http
spec:
ports:
- port: 5500
targetPort: 5500
21 changes: 21 additions & 0 deletions deploy/app/jwkts-service/base/virtual-service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: jwtks-service-http
spec:
hosts:
- next.s42.dev
http:
- name: "jwtks-service-http"
match:
- method:
exact: GET
uri:
prefix: "/.well-known/jwks"
rewrite:
uri: "/jwks"
route:
- destination:
host: jwtks-service-http
port:
number: 5500
10 changes: 10 additions & 0 deletions deploy/app/jwkts-service/overlays/live/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: prod-
resources:
- ../../base
namespace: staging
images:
- name: app
newName: ghcr.io/42atomys/stud42
newTag: latest
10 changes: 10 additions & 0 deletions deploy/app/jwkts-service/overlays/next/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: next-
resources:
- ../../base
namespace: staging
images:
- name: app
newName: ghcr.io/42atomys/stud42
newTag: latest
2 changes: 2 additions & 0 deletions deploy/cluster/cert-manager/certificates/dev.s42.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ spec:
dnsNames:
- s42.dev
- '*.s42.dev'
- '*.next.s42.dev'
- '*.reviews.s42.dev'
issuerRef:
kind: ClusterIssuer
name: ovh-issuer
Expand Down

0 comments on commit e5e7bef

Please sign in to comment.