From d1cc1ac672ec798382cfe24bb7bdf56ae9ac4b77 Mon Sep 17 00:00:00 2001
From: Frank Sauerburger <frank@sauerburger.com>
Date: Mon, 23 Oct 2023 21:02:31 +0200
Subject: [PATCH] Add deployment
---
.gitlab-ci.yml | 46 +++------------
kubernetes.yaml | 148 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 155 insertions(+), 39 deletions(-)
create mode 100644 kubernetes.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9b233a8..ac9e161 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,21 +3,8 @@ variables:
stages:
- build
- - test_deployment
- production_deployment
-.sftp: &sftp_template
- image: ${CI_REGISTRY_IMAGE}/ubuntu_sftp
- tags:
- - wasenweiler.sit-servers.net
- script:
- - mkdir -p ~/.ssh
- - echo "${SFTP_KEY}" > ~/.ssh/id_rsa
- - echo "${SFTP_HOSTCERT}" > ~/.ssh/known_hosts
- - chmod 600 ~/.ssh/*
- - mv ${LOCAL_DIR} ${REMOTE_DIR}
- - sftp ${SFTP_USERNAME}@${SFTP_HOST} <<< "put -r ${REMOTE_DIR}"
-
brunch_build:
stage: build
@@ -30,43 +17,24 @@ brunch_build:
- public/*
expire_in: 3 days
-test_deploy:
- stage: test_deployment
- dependencies:
- - brunch_build
- variables:
- SFTP_USERNAME: ${TEST_USERNAME}
- SFTP_KEY: ${TEST_KEY}
- SFTP_HOST: ${TEST_HOST}
- SFTP_HOSTCERT: ${TEST_HOSTCERT}
- REMOTE_DIR: ${TEST_DIR}
- GIT_STRATEGY: none
-
- environment:
- name: Preview
- url: http://tls-tracking.preview.sauerburger.com/
-
- <<: *sftp_template
production_deploy:
stage: production_deployment
dependencies:
- brunch_build
variables:
- SFTP_USERNAME: ${PRODUCTION_USERNAME}
- SFTP_KEY: ${PRODUCTION_KEY}
- SFTP_HOST: ${PRODUCTION_HOST}
- SFTP_HOSTCERT: ${PRODUCTION_HOSTCERT}
- REMOTE_DIR: ${PRODUCTION_DIR}
GIT_STRATEGY: none
+ NAMESPACE: tls-tracking
- only:
- - master
when: manual
+ image: alpine/k8s:1.28.2
+ script:
+ - kubectl config use-context frank/tls-tracking:cumulus-agent
+ - kubectl apply -n "$NAMESPACE" -f kubernetes.yaml
+ - kubectl wait --for=condition=ready pod -l app=tls-tracking
+ - kubectl cp public deploy/tls-tracking-webserver:/var/www/
environment:
name: Production
url: http://tls-tracking.sauerburger.com/
- <<: *sftp_template
-
diff --git a/kubernetes.yaml b/kubernetes.yaml
new file mode 100644
index 0000000..0074edb
--- /dev/null
+++ b/kubernetes.yaml
@@ -0,0 +1,148 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: nginx-http-https
+data:
+ main.conf: |
+ server {
+ listen 80;
+ server_name *.tls-tracking.sauerburger.com;
+ location / {
+ add_header Content-Type text/plain;
+ return 200 $http_x_forwarded_proto;
+ }
+ }
+ server {
+ listen 80;
+ server_name tls-tracking.sauerburger.com;
+ root /var/www/public;
+ }
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: web-static
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 100Mi
+ volumeMode: Filesystem
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: tls-tracking-webserver
+ name: tls-tracking-webserver
+spec:
+ selector:
+ matchLabels:
+ app: tls-tracking-webserver
+ template:
+ metadata:
+ labels:
+ app: tls-tracking-webserver
+ spec:
+ containers:
+ - image: nginx:1.25.2-alpine3.18
+ ports:
+ - containerPort: 80
+ name: http
+ protocol: TCP
+ name: webserver
+ volumeMounts:
+ - mountPath: /etc/nginx/conf.d
+ name: config
+ readOnly: true
+ - mountPath: /var/www
+ name: static
+ volumes:
+ - name: config
+ configMap:
+ name: nginx-http-https
+ - name: static
+ persistentVolumeClaim:
+ name: web-static
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: tls-tracking-webserver
+spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: tls-tracking-webserver
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ cert-manager.io/issuer: letsencrypt-tls-tracking
+ nginx.ingress.kubernetes.io/ssl-redirect: "false"
+ name: tls-tracking
+spec:
+ ingressClassName: nginx
+ rules:
+ - host: "tls-tracking.sauerburger.com"
+ http:
+ paths:
+ - path: "/"
+ pathType: Prefix
+ backend:
+ service:
+ name: tls-tracking-webserver
+ port:
+ number: 80
+ - host: "*.tls-tracking.sauerburger.com"
+ http:
+ paths:
+ - path: "/"
+ pathType: Prefix
+ backend:
+ service:
+ name: tls-tracking-webserver
+ port:
+ number: 80
+ tls:
+ - hosts:
+ - "*.tls-tracking.sauerburger.com"
+ - tls-tracking.sauerburger.com
+ secretName: tls-tracking-tls-secret
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: letsencrypt-tls-tracking
+spec:
+ acme:
+ email: frank@sauerburger.com
+ preferredChain: ""
+ privateKeySecretRef:
+ name: letsencrypt-tls-tracking-issuer-account-key
+ server: https://acme-v02.api.letsencrypt.org/directory
+ solvers:
+ - selector:
+ dnsZones:
+ - "tls-tracking.sauerburger.com"
+ http01:
+ ingress:
+ ingressClassName: nginx
+ - selector:
+ dnsZones:
+ - "tls-tracking.sauerburger.com"
+ dns01:
+ route53:
+ region: eu-central-1
+ hostedZoneID: Z0949651342MYO4L0PJ3R
+ accessKeyIDSecretRef:
+ name: tls-tracking-route53-credentials-secret
+ key: access-key-id
+ secretAccessKeySecretRef:
+ name: tls-tracking-route53-credentials-secret
+ key: secret-access-key
--
GitLab