-
-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add deployer for next and live env (#71)
* feat: Add basic kustomize base with overlays * feat: Use kustomize
- Loading branch information
Showing
11 changed files
with
235 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
name: 'Review App - Build 🔧' | ||
on: | ||
pull_request: | ||
branches: | ||
- main | ||
push: | ||
branches: | ||
- main | ||
release: | ||
types: | ||
- prereleased | ||
- published | ||
jobs: | ||
build_and_push: | ||
name: 'Build & push to ghcr.io 🔧' | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@v3 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
github-token: ${{ github.token }} | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@v2 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
file: build/Dockerfile | ||
|
||
deploy_next: | ||
name: Deploy to next 🎉 | ||
runs-on: ubuntu-latest | ||
needs: [ build_and_push ] | ||
if: github.event.release.action == "prereleased" | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: azure/setup-kubectl@v2.0 | ||
- uses: imranismail/setup-kustomize@v1 | ||
- uses: azure/k8s-set-context@v2 | ||
with: | ||
method: kubeconfig | ||
kubeconfig: ${{ secrets.KUBECONFIG_ADMIN }} | ||
cluster-type: generic | ||
- run: | | ||
cd deploy/app/jwkts-service/overlays/next | ||
kustomize edit set image app=ghcr.io/42atomys/stud42:${{ github.event.release.tag_name }} | ||
kustomize build . | kubectl apply -f - | ||
deploy_live: | ||
name: Deploy to live 🚀 | ||
runs-on: ubuntu-latest | ||
needs: [ build_and_push, deploy_next ] | ||
if: github.event.release.action == "prereleased" | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: azure/setup-kubectl@v2.0 | ||
- uses: azure/k8s-set-context@v2 | ||
with: | ||
method: kubeconfig | ||
kubeconfig: ${{ secrets.KUBECONFIG_ADMIN }} | ||
cluster-type: generic | ||
- run: | | ||
cd deploy/app/jwkts-service/overlays/live | ||
kustomize edit set image app=ghcr.io/42atomys/stud42:${{ github.event.release.tag_name }} | ||
kustomize build . | kubectl apply -f - |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: jwtks-service | ||
spec: | ||
dnsNames: | ||
- jwtks.review-apps.svc.cluster.local | ||
issuerRef: | ||
kind: ClusterIssuer | ||
name: selfsigned-issuer | ||
secretName: jwtks-service-tls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: stud42-config | ||
data: | ||
stud42.yaml: | | ||
# API relatives configurations | ||
api: {} | ||
# Interface relatives configurations | ||
interface: {} | ||
# jwtks service relatives configurations | ||
jwtks: | ||
# Endpoint of the public JWKSet can be used to validate | ||
# a JWT Token | ||
endpoint: https://s42.app/.well-known/jwks | ||
# Certs used to sign and validate the JWT | ||
# Also called : The JWK | ||
jwk: | ||
cert_private_key: /etc/certs/tls.key | ||
cert_public_key: /etc/certs/tls.crt | ||
# Certs used to secure the GRPC Endpoint with SSL/TLS | ||
grpc: | ||
cert_private_key: /etc/certs/tls.key | ||
cert_public_key: /etc/certs/tls.crt | ||
discord: | ||
guild_id: '248936708379246593' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: jwtks-service | ||
spec: | ||
selector: {} | ||
template: | ||
spec: | ||
imagePullSecrets: | ||
- name: ghcr-creds | ||
containers: | ||
- name: service | ||
image: app | ||
env: | ||
- name: GO_ENV | ||
value: review-apps | ||
- name: SENTRY_DSN | ||
valueFrom: | ||
secretKeyRef: | ||
key: 'JWTKS_SERVICE_DSN' | ||
name: 'sentry-dsns' | ||
volumeMounts: | ||
- name: certs | ||
mountPath: '/etc/certs' | ||
readOnly: true | ||
resources: | ||
limits: | ||
memory: "42Mi" | ||
cpu: "5m" | ||
ports: | ||
- containerPort: 5000 | ||
- containerPort: 5500 | ||
volumes: | ||
- name: certs | ||
secret: | ||
secretName: jwtks-service-tls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
resources: | ||
- certificate.yaml | ||
- configmap.yaml | ||
- deployment.yaml | ||
- service.yaml | ||
- virtual-service.yaml | ||
|
||
commonLabels: | ||
kubernetes.io/name: jwtks-service | ||
app.kubernetes.io/version: '0.1' | ||
app.kubernetes.io/component: micro-service | ||
app.kubernetes.io/part-of: s42-app | ||
app.kubernetes.io/managed-by: kustomize | ||
app.kubernetes.io/created-by: github-actions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: jwtks-service-grpc | ||
spec: | ||
ports: | ||
- port: 5000 | ||
targetPort: 5000 | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: jwtks-service-http | ||
spec: | ||
ports: | ||
- port: 5500 | ||
targetPort: 5500 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
apiVersion: networking.istio.io/v1beta1 | ||
kind: VirtualService | ||
metadata: | ||
name: jwtks-service-http | ||
spec: | ||
hosts: | ||
- next.s42.dev | ||
http: | ||
- name: "jwtks-service-http" | ||
match: | ||
- method: | ||
exact: GET | ||
uri: | ||
prefix: "/.well-known/jwks" | ||
rewrite: | ||
uri: "/jwks" | ||
route: | ||
- destination: | ||
host: jwtks-service-http | ||
port: | ||
number: 5500 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namePrefix: prod- | ||
resources: | ||
- ../../base | ||
namespace: staging | ||
images: | ||
- name: app | ||
newName: ghcr.io/42atomys/stud42 | ||
newTag: latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namePrefix: next- | ||
resources: | ||
- ../../base | ||
namespace: staging | ||
images: | ||
- name: app | ||
newName: ghcr.io/42atomys/stud42 | ||
newTag: latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters