diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 84a733d..4d4b0d8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -20,27 +20,14 @@ variables: DEPLOYMENT_APP: "stackage-server-prod" CRON_DEPLOYMENT_APP: "stackage-server-cron-prod" HOOGLE_DEPLOYMENT_APP: "stackage-server-hoogle-prod" - -# This creates anchors for bits of script that are reused between builds -.anchors: - # The KUBE_* variables are set by Gitlab's Kubernetes deployment service - - &KUBELOGIN - echo "$KUBE_CA_PEM" >"$HOME/ca.pem" && - kubectl config set-cluster cluster --server="$KUBE_URL" --certificate-authority="$HOME/ca.pem" && - kubectl config set-credentials cluster --token="$KUBE_TOKEN" && kubectl config set-context cluster --cluster=cluster --user=cluster --namespace="$KUBE_NAMESPACE" && - kubectl config use-context cluster - - &HELMUPGRADE - helm --tiller-namespace ${KUBE_NAMESPACE} upgrade --install "${DEPLOYMENT_NAME}" etc/helm --set name="${DEPLOYMENT_NAME}" --set app="${DEPLOYMENT_APP}" --set hoogleName="${HOOGLE_DEPLOYMENT_NAME}" --set hoogleApp="${HOOGLE_DEPLOYMENT_APP}" --set cronName="${CRON_DEPLOYMENT_NAME}" --set cronApp="${HOOGLE_DEPLOYMENT_APP}" --set image.image="${DEPLOYMENT_IMAGE}" --values etc/helm/values/$CI_ENVIRONMENT_NAME.yaml --namespace ${KUBE_NAMESPACE} - - &HELMCHECK - helm --tiller-namespace ${KUBE_NAMESPACE} ls && - helm --tiller-namespace ${KUBE_NAMESPACE} status "${DEPLOYMENT_NAME}" + KUBECONFIG: /etc/deploy/kubeconfig.yaml build: stage: build script: # Clear *_TOKEN variables during code build so that compile-time code can't access them - apt-get update && apt-get install -y --no-install-recommends libpq-dev git rsync - - CI_BUILD_TOKEN="" KUBE_TOKEN="" PROD_KUBE_TOKEN="" PROD_DOCKER_PASSWORD="" etc/scripts/stage_docker.sh --install-ghc --test + - CI_BUILD_TOKEN="" KUBECONFIG_YAML="" KUBE_TOKEN="" PROD_KUBE_TOKEN="" PROD_DOCKER_PASSWORD="" etc/scripts/stage_docker.sh --install-ghc --test - docker build -t "${DEPLOYMENT_IMAGE}" etc/docker - docker login -u gitlab-ci-token -p "${CI_BUILD_TOKEN}" "${CI_REGISTRY}" - docker push "${DEPLOYMENT_IMAGE}" @@ -69,32 +56,12 @@ deploy_prod: KUBE_NAMESPACE: "${PROD_KUBE_NAMESPACE}" PROD_DEPLOYMENT_IMAGE: "fpco/stackage-server-prod:${CI_BUILD_REF_SLUG}_${CI_PIPELINE_ID}" script: - - export - KUBE_CA_PEM="$PROD_V2_KUBE_CA_PEM" - KUBE_URL="$PROD_V2_KUBE_URL" - KUBE_TOKEN="$PROD_V2_KUBE_TOKEN" - KUBE_NAMESPACE="$PROD_V2_KUBE_NAMESPACE" - - *KUBELOGIN - - *HELMUPGRADE - - *HELMCHECK - -deploy_ci: - stage: deploy - only: - - ci - environment: - name: staging - url: https://ci.stackage.org/ - variables: - KUBE_NAMESPACE: "fpco-public" - DEPLOYMENT_NAME: "stackage-server-ci" - HOOGLE_DEPLOYMENT_NAME: "stackage-server-hoogle-ci" - CRON_DEPLOYMENT_NAME: "stackage-server-cron-ci" - DEPLOYMENT_APP: "stackage-server-ci" - CRON_DEPLOYMENT_APP: "stackage-server-cron-ci" - HOOGLE_DEPLOYMENT_APP: "stackage-server-hoogle-ci" - HOST: ci.stackage.org - script: - - *KUBELOGIN - - *HELMUPGRADE - - *HELMCHECK + - mkdir -p /etc/deploy + - echo "${KUBECONFIG_YAML}" > /etc/deploy/kubeconfig.enc + - base64 -d ${KUBECONFIG} + - kubectl set image "deployment/stackage-server-prod" stackage-server="$DEPLOYMENT_IMAGE" + - kubectl set image "deployment/stackage-server-cron-prod" stackage-server-cron="$DEPLOYMENT_IMAGE" + - kubectl set image "deployment/stackage-server-hoogle-prod" stackage-server-hoogle="$DEPLOYMENT_IMAGE" + - kubectl rollout status "deployment/stackage-server-prod" + - kubectl rollout status "deployment/stackage-server-hoogle-prod" + - kubectl rollout status "deployment/stackage-server-cron-prod" diff --git a/etc/helm/.helmignore b/etc/helm/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/etc/helm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/etc/helm/Chart.yaml b/etc/helm/Chart.yaml deleted file mode 100644 index d7d1a02..0000000 --- a/etc/helm/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: stackage-server -version: 0.1.0 diff --git a/etc/helm/templates/NOTES.txt b/etc/helm/templates/NOTES.txt deleted file mode 100644 index 3810c63..0000000 --- a/etc/helm/templates/NOTES.txt +++ /dev/null @@ -1,19 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "stackage-server.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "stackage-server.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "stackage-server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "stackage-server.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/etc/helm/templates/_helpers.tpl b/etc/helm/templates/_helpers.tpl deleted file mode 100644 index e023139..0000000 --- a/etc/helm/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "stackage-server.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "stackage-server.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/etc/helm/templates/cron_deployment.yaml b/etc/helm/templates/cron_deployment.yaml deleted file mode 100644 index 64e05bc..0000000 --- a/etc/helm/templates/cron_deployment.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.cron.enabled -}} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.cronName }} -spec: - replicas: 1 - minReadySeconds: 5 - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ .Values.cronApp }} - release: {{ .Release.Name }} - spec: - imagePullSecrets: - - name: {{ .Values.registrySecretName }} - volumes: - - name: stackage-server-cron-volume - secret: - secretName: {{ .Values.cronName }}-secret - containers: - - name: stackage-server-cron - image: {{ .Values.image.image }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: PGSTRING - valueFrom: - secretKeyRef: - name: {{ .Values.name }}-upgrade - key: PGCONN - command: - - bash - - "-c" - - | - set -eux - source /secret/aws.sh - mkdir -p /work - cd /work - while true - do - date - stack update - /usr/local/bin/stackage-server-cron - sleep 5m - done - volumeMounts: - - name: stackage-server-cron-volume - readOnly: true - mountPath: /secret - resources: -{{ toYaml .Values.cronResources.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} -{{- end }} diff --git a/etc/helm/templates/deployment.yaml b/etc/helm/templates/deployment.yaml deleted file mode 100644 index 6bf9003..0000000 --- a/etc/helm/templates/deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.name }} -spec: - replicas: {{ .Values.image.replicas }} - minReadySeconds: 50 - template: - metadata: - labels: - app: {{ .Values.app }} - release: {{ .Release.Name }} - spec: - imagePullSecrets: - - name: {{ .Values.registrySecretName }} - containers: - - name: stackage-server - image: {{ .Values.image.image }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 3000 - command: ["stackage-server"] - workingDir: /app - env: - - name: APPROOT - value: {{ .Values.image.env.approot | quote }} - - name: PGSTRING - valueFrom: - secretKeyRef: - name: {{ .Values.name }}-upgrade - key: PGCONN - readinessProbe: - httpGet: - path: /healthz - port: 3000 - httpHeaders: - # Works around stackage-server's `forceSSL` redirect - - name: HTTPS - value: "on" - initialDelaySeconds: 5 - timeoutSeconds: 3 - periodSeconds: 5 - successThreshold: 1 - livenessProbe: - httpGet: - path: /healthz - port: 3000 - httpHeaders: - # Works around stackage-server's `forceSSL` redirect - - name: HTTPS - value: "on" - initialDelaySeconds: 120 - timeoutSeconds: 3 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - resources: -{{ toYaml .Values.stackageResources.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/etc/helm/templates/hoogle_deployment.yaml b/etc/helm/templates/hoogle_deployment.yaml deleted file mode 100644 index a68d79a..0000000 --- a/etc/helm/templates/hoogle_deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.hoogleName }} -spec: - replicas: {{ .Values.image.replicasHoggle }} - minReadySeconds: 5 - template: - metadata: - labels: - app: {{ .Values.hoogleApp }} - release: {{ .Release.Name }} - spec: - imagePullSecrets: - - name: {{ .Values.registrySecretName }} - containers: - - name: stackage-server-hoogle - image: {{ .Values.image.image }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 3000 - command: ["stackage-server"] - workingDir: /app - env: - - name: APPROOT - value: {{ .Values.image.env.approot | quote }} - - name: PGSTRING - valueFrom: - secretKeyRef: - name: {{ .Values.name }}-upgrade - key: PGCONN - readinessProbe: - httpGet: - path: /healthz - port: 3000 - httpHeaders: - # Works around stackage-server's `forceSSL` redirect - - name: HTTPS - value: "on" - initialDelaySeconds: 5 - timeoutSeconds: 3 - periodSeconds: 5 - successThreshold: 1 - livenessProbe: - httpGet: - path: /healthz - port: 3000 - httpHeaders: - # Works around stackage-server's `forceSSL` redirect - - name: HTTPS - value: "on" - initialDelaySeconds: 120 - timeoutSeconds: 3 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - resources: -{{ toYaml .Values.stackageResources.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/etc/helm/templates/hoogle_service.yaml b/etc/helm/templates/hoogle_service.yaml deleted file mode 100644 index e12b5db..0000000 --- a/etc/helm/templates/hoogle_service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.hoogleName }} - labels: - app: {{ .Values.hoogleApp }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: http - port: 80 - targetPort: http - protocol: TCP - - name: https - port: 443 - targetPort: http - protocol: TCP - selector: - app: {{ .Values.hoogleApp }} - release: {{ .Release.Name }} diff --git a/etc/helm/templates/ingress.yaml b/etc/helm/templates/ingress.yaml deleted file mode 100644 index d4ec36d..0000000 --- a/etc/helm/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $name := .Values.name -}} -{{- $hoogleName := .Values.hoogleName -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $name }} - labels: - app: {{ .Values.app }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- range .Values.ingress.hosts }} - rules: - - host: {{ . }} - http: - paths: - - path: /haddock.* - backend: - serviceName: {{ $name }} - servicePort: 80 - - path: /.+/hoogle - backend: - serviceName: {{ $hoogleName }} - servicePort: 80 - - backend: - serviceName: {{ $name }} - servicePort: 80 - {{- end }} - tls: - - hosts: - {{- range .Values.ingress.hosts }} - - {{ . }} - {{- end }} - secretName: {{ $name }}-tls -{{- end }} diff --git a/etc/helm/templates/service.yaml b/etc/helm/templates/service.yaml deleted file mode 100644 index 9f7f19b..0000000 --- a/etc/helm/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.name }} - labels: - app: {{ .Values.app }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: http - port: 80 - targetPort: http - protocol: TCP - - name: https - port: 443 - targetPort: http - protocol: TCP - selector: - app: {{ .Values.app }} - release: {{ .Release.Name }} diff --git a/etc/helm/values.yaml b/etc/helm/values.yaml deleted file mode 100644 index f027159..0000000 --- a/etc/helm/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -image: - pullPolicy: Always - minReadySeconds: 5 - -service: - type: ClusterIP - -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - nginx.ingress.kubernetes.io/use-regex: "true" - path: / - -resources: {} - -cron: - enabled: true diff --git a/etc/helm/values/production.yaml b/etc/helm/values/production.yaml deleted file mode 100644 index 693160b..0000000 --- a/etc/helm/values/production.yaml +++ /dev/null @@ -1,50 +0,0 @@ -#name: stackage-server-prod -#app: stackage-server-prod -#hoogleName: stackage-server-hoogle-prod -#hoogleApp: stackage-server-hoogle-prod -#cronName: stackage-server-cron-prod -#cronApp: stackage-server-cron-prod - -image: - replicas: 2 - replicasHoggle: 2 - env: - approot: "https://www.stackage.org" - -# IMPORTANT_NOTE: We need make a repro to be sure but so far it appears that the order of domains matters here -# and www needs to be first! -ingress: - hosts: - - www.stackage.org - - stackage.org - annotations: - kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - if ($host = 'stackage.org' ) { - rewrite ^ https://www.stackage.org$request_uri permanent; - } - -stackageResources: - resources: - requests: - cpu: 100m - memory: 1.0Gi - limits: - cpu: 150m - memory: 1.5Gi - -cronResources: - resources: - requests: - cpu: 150m - memory: 2048Mi - limits: - cpu: 300m - memory: 4096Mi - -cron: - enabled: true - -registrySecretName: gitlab-ci-registrykey diff --git a/etc/helm/values/staging.yaml b/etc/helm/values/staging.yaml deleted file mode 100644 index f5eb772..0000000 --- a/etc/helm/values/staging.yaml +++ /dev/null @@ -1,36 +0,0 @@ -#name: stackage-server-ci -#app: stackage-server-ci -#hoogleName: stackage-server-hoogle-ci -#hoogleApp: stackage-server-hoogle-ci -#cronName: stackage-server-cron-ci -#cronApp: stackage-server-cron-ci - -image: - replicas: 1 - replicasHoggle: 1 - env: - approot: "https://ci.stackage.org" - -ingress: - hosts: - - ci.stackage.org - -stackageResources: - resources: - requests: - cpu: 100m - memory: 1.0Gi - limits: - cpu: 150m - memory: 1.5Gi - -cronResources: - resources: - requests: - cpu: 150m - memory: 2Gi - limits: - cpu: 200m - memory: 4Gi - -registrySecretName: registry-key