haskell/stackage-server
1
0
Fork 0
mirror of https://github.com/commercialhaskell/stackage-server.git synced 2026-01-12 04:08:29 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Drop Helm

Browse Source
This commit is contained in:
Michael Snoyman 2020-03-23 13:04:33 +02:00
parent bd40aeddd9
commit 25dcc40e70
No known key found for this signature in database
GPG Key ID: 907EAE2F42B52046
14 changed files with 11 additions and 498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
.gitlab-ci.yml
View File

@ -20,27 +20,14 @@ variables:
DEPLOYMENT_APP: "stackage-server-prod"
CRON_DEPLOYMENT_APP: "stackage-server-cron-prod"
HOOGLE_DEPLOYMENT_APP: "stackage-server-hoogle-prod"
# This creates anchors for bits of script that are reused between builds
.anchors:
# The KUBE_* variables are set by Gitlab's Kubernetes deployment service
- &KUBELOGIN
echo "$KUBE_CA_PEM" >"$HOME/ca.pem" &&
kubectl config set-cluster cluster --server="$KUBE_URL" --certificate-authority="$HOME/ca.pem" &&
kubectl config set-credentials cluster --token="$KUBE_TOKEN" && kubectl config set-context cluster --cluster=cluster --user=cluster --namespace="$KUBE_NAMESPACE" &&
kubectl config use-context cluster
- &HELMUPGRADE
helm --tiller-namespace ${KUBE_NAMESPACE} upgrade --install "${DEPLOYMENT_NAME}" etc/helm --set name="${DEPLOYMENT_NAME}" --set app="${DEPLOYMENT_APP}" --set hoogleName="${HOOGLE_DEPLOYMENT_NAME}" --set hoogleApp="${HOOGLE_DEPLOYMENT_APP}" --set cronName="${CRON_DEPLOYMENT_NAME}" --set cronApp="${HOOGLE_DEPLOYMENT_APP}" --set image.image="${DEPLOYMENT_IMAGE}" --values etc/helm/values/$CI_ENVIRONMENT_NAME.yaml --namespace ${KUBE_NAMESPACE}
- &HELMCHECK
helm --tiller-namespace ${KUBE_NAMESPACE} ls &&
helm --tiller-namespace ${KUBE_NAMESPACE} status "${DEPLOYMENT_NAME}"
KUBECONFIG: /etc/deploy/kubeconfig.yaml
build:
stage: build
script:
# Clear *_TOKEN variables during code build so that compile-time code can't access them
- apt-get update && apt-get install -y --no-install-recommends libpq-dev git rsync
- CI_BUILD_TOKEN="" KUBE_TOKEN="" PROD_KUBE_TOKEN="" PROD_DOCKER_PASSWORD="" etc/scripts/stage_docker.sh --install-ghc --test
- CI_BUILD_TOKEN="" KUBECONFIG_YAML="" KUBE_TOKEN="" PROD_KUBE_TOKEN="" PROD_DOCKER_PASSWORD="" etc/scripts/stage_docker.sh --install-ghc --test
- docker build -t "${DEPLOYMENT_IMAGE}" etc/docker
- docker login -u gitlab-ci-token -p "${CI_BUILD_TOKEN}" "${CI_REGISTRY}"
- docker push "${DEPLOYMENT_IMAGE}"
@ -69,32 +56,12 @@ deploy_prod:
KUBE_NAMESPACE: "${PROD_KUBE_NAMESPACE}"
PROD_DEPLOYMENT_IMAGE: "fpco/stackage-server-prod:${CI_BUILD_REF_SLUG}_${CI_PIPELINE_ID}"
script:
- export
KUBE_CA_PEM="$PROD_V2_KUBE_CA_PEM"
KUBE_URL="$PROD_V2_KUBE_URL"
KUBE_TOKEN="$PROD_V2_KUBE_TOKEN"
KUBE_NAMESPACE="$PROD_V2_KUBE_NAMESPACE"
- *KUBELOGIN
- *HELMUPGRADE
- *HELMCHECK
deploy_ci:
stage: deploy
only:
- ci
environment:
name: staging
url: https://ci.stackage.org/
variables:
KUBE_NAMESPACE: "fpco-public"
DEPLOYMENT_NAME: "stackage-server-ci"
HOOGLE_DEPLOYMENT_NAME: "stackage-server-hoogle-ci"
CRON_DEPLOYMENT_NAME: "stackage-server-cron-ci"
DEPLOYMENT_APP: "stackage-server-ci"
CRON_DEPLOYMENT_APP: "stackage-server-cron-ci"
HOOGLE_DEPLOYMENT_APP: "stackage-server-hoogle-ci"
HOST: ci.stackage.org
script:
- *KUBELOGIN
- *HELMUPGRADE
- *HELMCHECK
- mkdir -p /etc/deploy
- echo "${KUBECONFIG_YAML}" > /etc/deploy/kubeconfig.enc
- base64 -d </etc/deploy/kubeconfig.enc > ${KUBECONFIG}
- kubectl set image "deployment/stackage-server-prod" stackage-server="$DEPLOYMENT_IMAGE"
- kubectl set image "deployment/stackage-server-cron-prod" stackage-server-cron="$DEPLOYMENT_IMAGE"
- kubectl set image "deployment/stackage-server-hoogle-prod" stackage-server-hoogle="$DEPLOYMENT_IMAGE"
- kubectl rollout status "deployment/stackage-server-prod"
- kubectl rollout status "deployment/stackage-server-hoogle-prod"
- kubectl rollout status "deployment/stackage-server-cron-prod"

21
etc/helm/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

4
etc/helm/Chart.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
description: A Helm chart for Kubernetes
name: stackage-server
version: 0.1.0

19
etc/helm/templates/NOTES.txt
View File

@ -1,19 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "stackage-server.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "stackage-server.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "stackage-server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "stackage-server.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
{{- end }}

16
etc/helm/templates/_helpers.tpl
View File

@ -1,16 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "stackage-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "stackage-server.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

66
etc/helm/templates/cron_deployment.yaml
View File

@ -1,66 +0,0 @@
{{- if .Values.cron.enabled -}}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ .Values.cronName }}
spec:
replicas: 1
minReadySeconds: 5
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ .Values.cronApp }}
release: {{ .Release.Name }}
spec:
imagePullSecrets:
- name: {{ .Values.registrySecretName }}
volumes:
- name: stackage-server-cron-volume
secret:
secretName: {{ .Values.cronName }}-secret
containers:
- name: stackage-server-cron
image: {{ .Values.image.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: PGSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.name }}-upgrade
key: PGCONN
command:
- bash
- "-c"
- |
set -eux
source /secret/aws.sh
mkdir -p /work
cd /work
while true
do
date
stack update
/usr/local/bin/stackage-server-cron
sleep 5m
done
volumeMounts:
- name: stackage-server-cron-volume
readOnly: true
mountPath: /secret
resources:
{{ toYaml .Values.cronResources.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}

71
etc/helm/templates/deployment.yaml
View File

@ -1,71 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ .Values.name }}
spec:
replicas: {{ .Values.image.replicas }}
minReadySeconds: 50
template:
metadata:
labels:
app: {{ .Values.app }}
release: {{ .Release.Name }}
spec:
imagePullSecrets:
- name: {{ .Values.registrySecretName }}
containers:
- name: stackage-server
image: {{ .Values.image.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 3000
command: ["stackage-server"]
workingDir: /app
env:
- name: APPROOT
value: {{ .Values.image.env.approot | quote }}
- name: PGSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.name }}-upgrade
key: PGCONN
readinessProbe:
httpGet:
path: /healthz
port: 3000
httpHeaders:
# Works around stackage-server's `forceSSL` redirect
- name: HTTPS
value: "on"
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
livenessProbe:
httpGet:
path: /healthz
port: 3000
httpHeaders:
# Works around stackage-server's `forceSSL` redirect
- name: HTTPS
value: "on"
initialDelaySeconds: 120
timeoutSeconds: 3
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{ toYaml .Values.stackageResources.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

71
etc/helm/templates/hoogle_deployment.yaml
View File

@ -1,71 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ .Values.hoogleName }}
spec:
replicas: {{ .Values.image.replicasHoggle }}
minReadySeconds: 5
template:
metadata:
labels:
app: {{ .Values.hoogleApp }}
release: {{ .Release.Name }}
spec:
imagePullSecrets:
- name: {{ .Values.registrySecretName }}
containers:
- name: stackage-server-hoogle
image: {{ .Values.image.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 3000
command: ["stackage-server"]
workingDir: /app
env:
- name: APPROOT
value: {{ .Values.image.env.approot | quote }}
- name: PGSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.name }}-upgrade
key: PGCONN
readinessProbe:
httpGet:
path: /healthz
port: 3000
httpHeaders:
# Works around stackage-server's `forceSSL` redirect
- name: HTTPS
value: "on"
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
livenessProbe:
httpGet:
path: /healthz
port: 3000
httpHeaders:
# Works around stackage-server's `forceSSL` redirect
- name: HTTPS
value: "on"
initialDelaySeconds: 120
timeoutSeconds: 3
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{ toYaml .Values.stackageResources.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

21
etc/helm/templates/hoogle_service.yaml
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.hoogleName }}
labels:
app: {{ .Values.hoogleApp }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.service.type }}
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
- name: https
port: 443
targetPort: http
protocol: TCP
selector:
app: {{ .Values.hoogleApp }}
release: {{ .Release.Name }}

39
etc/helm/templates/ingress.yaml
View File

@ -1,39 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $name := .Values.name -}}
{{- $hoogleName := .Values.hoogleName -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $name }}
labels:
app: {{ .Values.app }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- range .Values.ingress.hosts }}
rules:
- host: {{ . }}
http:
paths:
- path: /haddock.*
backend:
serviceName: {{ $name }}
servicePort: 80
- path: /.+/hoogle
backend:
serviceName: {{ $hoogleName }}
servicePort: 80
- backend:
serviceName: {{ $name }}
servicePort: 80
{{- end }}
tls:
- hosts:
{{- range .Values.ingress.hosts }}
- {{ . }}
{{- end }}
secretName: {{ $name }}-tls
{{- end }}

21
etc/helm/templates/service.yaml
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.name }}
labels:
app: {{ .Values.app }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.service.type }}
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
- name: https
port: 443
targetPort: http
protocol: TCP
selector:
app: {{ .Values.app }}
release: {{ .Release.Name }}

19
etc/helm/values.yaml
View File

@ -1,19 +0,0 @@
image:
pullPolicy: Always
minReadySeconds: 5
service:
type: ClusterIP
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
path: /
resources: {}
cron:
enabled: true

50
etc/helm/values/production.yaml
View File

@ -1,50 +0,0 @@
#name: stackage-server-prod
#app: stackage-server-prod
#hoogleName: stackage-server-hoogle-prod
#hoogleApp: stackage-server-hoogle-prod
#cronName: stackage-server-cron-prod
#cronApp: stackage-server-cron-prod
image:
replicas: 2
replicasHoggle: 2
env:
approot: "https://www.stackage.org"
# IMPORTANT_NOTE: We need make a repro to be sure but so far it appears that the order of domains matters here
# and www needs to be first!
ingress:
hosts:
- www.stackage.org
- stackage.org
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($host = 'stackage.org' ) {
rewrite ^ https://www.stackage.org$request_uri permanent;
}
stackageResources:
resources:
requests:
cpu: 100m
memory: 1.0Gi
limits:
cpu: 150m
memory: 1.5Gi
cronResources:
resources:
requests:
cpu: 150m
memory: 2048Mi
limits:
cpu: 300m
memory: 4096Mi
cron:
enabled: true
registrySecretName: gitlab-ci-registrykey

36
etc/helm/values/staging.yaml
View File

@ -1,36 +0,0 @@
#name: stackage-server-ci
#app: stackage-server-ci
#hoogleName: stackage-server-hoogle-ci
#hoogleApp: stackage-server-hoogle-ci
#cronName: stackage-server-cron-ci
#cronApp: stackage-server-cron-ci
image:
replicas: 1
replicasHoggle: 1
env:
approot: "https://ci.stackage.org"
ingress:
hosts:
- ci.stackage.org
stackageResources:
resources:
requests:
cpu: 100m
memory: 1.0Gi
limits:
cpu: 150m
memory: 1.5Gi
cronResources:
resources:
requests:
cpu: 150m
memory: 2Gi
limits:
cpu: 200m
memory: 4Gi
registrySecretName: registry-key