Merge pull request #258 from fpco/feature/add-ingress

Adds ingress and fixes CI deployment

.gitlab-ci.yml

@@ -14,8 +14,12 @@ stages:
 variables:
     STACK_ROOT: "${CI_PROJECT_DIR}/.stack-root"
     DEPLOYMENT_IMAGE: "${CI_REGISTRY_IMAGE}:${CI_BUILD_REF_SLUG}_${CI_PIPELINE_ID}"
-    DEPLOYMENT_NAME: "stackage-server-${CI_BUILD_REF_SLUG}"
-    DEPLOYMENT_APP: "${CI_ENVIRONMENT_SLUG}"
+    DEPLOYMENT_NAME: "stackage-server-prod"
+    HOOGLE_DEPLOYMENT_NAME: "stackage-server-hoogle-prod"
+    CRON_DEPLOYMENT_NAME: "stackage-server-cron-prod"
+    DEPLOYMENT_APP: "stackage-server-prod"
+    CRON_DEPLOYMENT_APP: "stackage-server-cron-prod"
+    HOOGLE_DEPLOYMENT_APP: "stackage-server-hoogle-prod"
 
 # This creates anchors for bits of script that are reused between builds
 .anchors:
@@ -27,8 +31,10 @@ variables:
     kubectl config use-context cluster
   - &KUBEAPPLY
     kubectl apply -f <(envsubst <etc/kube/service_template.yaml) &&
+    kubectl apply -f <(envsubst <etc/kube/hoogle_service_template.yaml) &&
     kubectl apply -f <(envsubst <etc/kube/deployment_template.yaml) &&
-    kubectl rollout status -f <(envsubst <etc/kube/deployment_template.yaml)
+    kubectl apply -f <(envsubst <etc/kube/cron_deployment_template.yaml) &&
+    kubectl apply -f <(envsubst <etc/kube/hoogle_deployment_template.yaml)
 
 build:
   stage: build
@@ -60,6 +66,7 @@ deploy_prod:
     HOOGLE_DEPLOYMENT_NAME: "stackage-server-hoogle-prod"
     CRON_DEPLOYMENT_NAME: "stackage-server-cron-prod"
     PROD_DEPLOYMENT_IMAGE: "fpco/stackage-server-prod:${CI_BUILD_REF_SLUG}_${CI_PIPELINE_ID}"
+    HOST: stackage.org
   script:
     - export
       KUBE_CA_PEM="$PROD_KUBE_CA_PEM"
@@ -90,11 +97,14 @@ deploy_ci:
     DEPLOYMENT_NAME: "stackage-server-ci"
     HOOGLE_DEPLOYMENT_NAME: "stackage-server-hoogle-ci"
     CRON_DEPLOYMENT_NAME: "stackage-server-cron-ci"
+    DEPLOYMENT_APP: "stackage-server-ci"
+    CRON_DEPLOYMENT_APP: "stackage-server-cron-ci"
+    HOOGLE_DEPLOYMENT_APP: "stackage-server-hoogle-ci"
+    HOST: ci.stackage.org
   script:
     - *KUBELOGIN
-    - kubectl set image "deployment/$DEPLOYMENT_NAME" stackage-server="$DEPLOYMENT_IMAGE"
-    - kubectl set image "deployment/$HOOGLE_DEPLOYMENT_NAME" stackage-server-hoogle="$DEPLOYMENT_IMAGE"
-    - kubectl set image "deployment/$CRON_DEPLOYMENT_NAME" stackage-server-cron="$DEPLOYMENT_IMAGE"
+    - *KUBEAPPLY
+    - kubectl apply -f <(envsubst <etc/kube/ingress_template.yaml)
     - kubectl rollout status "deployment/$DEPLOYMENT_NAME"
     - kubectl rollout status "deployment/$HOOGLE_DEPLOYMENT_NAME"
     - kubectl rollout status "deployment/$CRON_DEPLOYMENT_NAME"

etc/kube/cron_deployment_template.yaml

@@ -0,0 +1,61 @@
+# Kubernetes
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: "${CRON_DEPLOYMENT_NAME}"
+spec:
+  replicas: 1
+  minReadySeconds: 5
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: "${CRON_DEPLOYMENT_APP}"
+    spec:
+      volumes:
+      - name: stackage-server-cron-volume
+        secret:
+          secretName: ${CRON_DEPLOYMENT_NAME}-secret
+      containers:
+      - name: stackage-server-cron
+        image: "${DEPLOYMENT_IMAGE}"
+        imagePullPolicy: Always
+        env:
+        - name: PGSTRING
+          valueFrom:
+            secretKeyRef:
+              name: "${DEPLOYMENT_NAME}"
+              key: PGCONN
+        command:
+        - bash
+        - "-c"
+        - |
+          set -eux
+          source /secret/aws.sh
+          mkdir -p /work
+          cd /work
+          while true
+          do
+            date
+            stack update
+            /usr/local/bin/stackage-server-cron
+            sleep 5m
+          done
+        resources:
+          # NOTE: This differs between prod and ci.
+          # Once we migrate to helm we'll be able to set it
+          # per environment.
+          requests:
+            cpu: 150m
+            memory: 2048Mi
+          limits:
+            cpu: 300m
+            memory: 4096Mi
+        volumeMounts:
+        - name: stackage-server-cron-volume
+          readOnly: true
+          mountPath: /secret
+      imagePullSecrets:
+        - name: registry-key

etc/kube/deployment_template.yaml

@@ -24,6 +24,11 @@ spec:
           env:
             - name: APPROOT
               value: "${APPROOT}"
+            - name: PGSTRING
+              valueFrom:
+                secretKeyRef:
+                  name: "${DEPLOYMENT_NAME}"
+                  key: PGCONN
           readinessProbe:
             httpGet:
               path: /
@@ -44,10 +49,17 @@ spec:
                 # Works around stackage-server's `forceSSL` redirect
                 - name: HTTPS
                   value: "on"
-            initialDelaySeconds: 60
+            initialDelaySeconds: 120
             timeoutSeconds: 1
             periodSeconds: 10
             successThreshold: 1
             failureThreshold: 3
+          resources:
+            requests:
+              cpu: 100m
+              memory: 1.0Gi
+            limits:
+              cpu: 150m
+              memory: 1.5Gi
       imagePullSecrets:
         - name: registry-key

etc/kube/hoogle_deployment_template.yaml

@@ -0,0 +1,65 @@
+# Kubernetes
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: "${HOOGLE_DEPLOYMENT_NAME}"
+spec:
+  replicas: 2
+  minReadySeconds: 5
+  template:
+    metadata:
+      labels:
+        app: "${HOOGLE_DEPLOYMENT_APP}"
+    spec:
+      containers:
+      - name: stackage-server-hoogle
+        image: "${DEPLOYMENT_IMAGE}"
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 3000
+        command: ["stackage-server"]
+        workingDir: /app
+        env:
+        - name: APPROOT
+          value: "${APPROOT}"
+        - name: PGSTRING
+          valueFrom:
+            secretKeyRef:
+              name: "${DEPLOYMENT_NAME}"
+              key: PGCONN
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 3000
+            httpHeaders:
+              # Works around stackage-server's `forceSSL` redirect
+              - name: HTTPS
+                value: "on"
+          initialDelaySeconds: 5
+          timeoutSeconds: 1
+          periodSeconds: 5
+          successThreshold: 1
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 3000
+            httpHeaders:
+              # Works around stackage-server's `forceSSL` redirect
+              - name: HTTPS
+                value: "on"
+          initialDelaySeconds: 120
+          timeoutSeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 3
+        resources:
+          requests:
+            cpu: 100m
+            memory: 1.0Gi
+          limits:
+            cpu: 150m
+            memory: 1.5Gi
+      imagePullSecrets:
+        - name: registry-key

etc/kube/hoogle_service_template.yaml

@@ -0,0 +1,19 @@
+# Kubernetes
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "${HOOGLE_DEPLOYMENT_NAME}"
+  labels:
+    app: "${HOOGLE_DEPLOYMENT_APP}"
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+  - name: https
+    port: 443
+    targetPort: http
+  type: ClusterIP
+  selector:
+    app: "${HOOGLE_DEPLOYMENT_APP}"

etc/kube/ingress_template.yaml

@@ -0,0 +1,31 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: "${DEPLOYMENT_NAME}"
+  labels:
+    app: "${DEPLOYMENT_APP}"
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  rules:
+    - host: "${HOST}"
+      http:
+        paths:
+        - path: /haddock.*
+          backend:
+            serviceName: "${DEPLOYMENT_NAME}"
+            servicePort: 80
+        - path: /.+/hoogle
+          backend:
+            serviceName: "${HOOGLE_DEPLOYMENT_NAME}"
+            servicePort: 80
+        - backend:
+            serviceName: "${DEPLOYMENT_NAME}"
+            servicePort: 80
+  tls:
+    - hosts:
+      - "${HOST}"
+      secretName: "${DEPLOYMENT_NAME}-tls"
+