From d9e0285bb34d28830c92c6fcd732de61af5f0617 Mon Sep 17 00:00:00 2001
From: Pavel Kirilin <win10@list.ru>
Date: Thu, 21 Sep 2023 23:37:17 +0400
Subject: [PATCH] Added CI.
Signed-off-by: Pavel Kirilin <win10@list.ru>
---
.gitlab-ci.yml | 102 ++++++++---------------------
deploy/Dockerfile => Dockerfile | 0
deploy/kube/deployment.yml | 31 ---------
helm/.helmignore | 23 +++++++
helm/Chart.yaml | 24 +++++++
helm/templates/_helpers.tpl | 62 ++++++++++++++++++
helm/templates/deployment.yaml | 54 +++++++++++++++
helm/templates/serviceaccount.yaml | 12 ++++
helm/values.yaml | 58 ++++++++++++++++
9 files changed, 261 insertions(+), 105 deletions(-)
rename deploy/Dockerfile => Dockerfile (100%)
delete mode 100644 deploy/kube/deployment.yml
create mode 100644 helm/.helmignore
create mode 100644 helm/Chart.yaml
create mode 100644 helm/templates/_helpers.tpl
create mode 100644 helm/templates/deployment.yaml
create mode 100644 helm/templates/serviceaccount.yaml
create mode 100644 helm/values.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2afb9c9..ca2af83 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,91 +1,45 @@
stages:
- - test
- build
- deploy
-variables:
- APP_VERSION: ${CI_COMMIT_REF_SLUG}
- DOCKER_AUTH_CONFIG: "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_USER\",\"password\":\"$DOCKER_PASSWORD\"}}}"
-
-.test-template:
- image: python:3.9-buster
- stage: test
- tags:
- - kube
- except:
- - tags
- before_script:
- - pip install poetry==1.1.6
- - poetry config virtualenvs.create false
- - poetry install
-
-flake8:
- stage: test
- extends:
- - .test-template
- script:
- - flake8 --count .
-
-pytest:
- extends:
- - .test-template
- script:
- - pytest -vv
-
-black:
- extends:
- - .test-template
- script:
- - black --check .
-
-mypy:
- stage: test
- extends:
- - .test-template
- script:
- - mypy .
-
image-builder:
stage: build
- image:
- name: gcr.io/kaniko-project/executor:v1.6.0-debug
- entrypoint: [ "" ]
tags:
- kube
only:
- - tags
+ refs:
+ - master
+ image:
+ name: alpine:3.18
+ entrypoint: [""]
+
script:
- - mkdir -p /kaniko/.docker
- # Create authentication rule to publish image.
- - echo "$DOCKER_AUTH_CONFIG" > /kaniko/.docker/config.json
- # Build actual image.
- - /kaniko/executor --context .
- --dockerfile deploy/Dockerfile
- --destination "$IMAGE_NAME:$APP_VERSION"
- --force
+ - apk add --no-cache img
+ - img login --password "${DOCKER_PASSWORD}" --username "${DOCKER_USER}" "${DOCKER_REGISTRY}"
+ - img build --no-console -t "docker.le-memese.com/bots/lenochka-bot:latest" .
+ - img push "docker.le-memese.com/bots/lenochka-bot:latest"
deploy:
stage: deploy
- image: docker.le-memese.com/kubectl:1.22.0
tags:
- kube
only:
- - tags
- environment:
- name: production
- kubernetes:
- namespace: $NAMESPACE
+ refs:
+ - master
+ image:
+ name: alpine/helm:3.7.1
+ entrypoint: ["/bin/sh", "-c"]
script:
- # Save all lenochka's variables in a file.
- - env | grep "^LENOCHKA_" > .deploy-env
- # Recreate envconfig for pod.
- - kubectl delete configmap "$ENVCONF" || true
- - kubectl create configmap "$ENVCONF" --from-env-file=.deploy-env
- # Create secret for pulling images.
- - echo "$DOCKER_AUTH_CONFIG" > .dockerauth.json
- - kubectl delete secret "$PULL_SECRET" || true
- - kubectl create secret generic "$PULL_SECRET"
- --from-file=.dockerconfigjson=.dockerauth.json
- --type=kubernetes.io/dockerconfigjson
- # Substitute env variables and apply them in kubectl.
- - find deploy/kube -name "*.yml" | xargs cat | envsubst | kubectl apply -f -
+ - helm
+ upgrade
+ lenochka
+ ./helm
+ --install
+ --wait
+ --create-namespace
+ --atomic
+ --timeout 2m
+ --namespace "$NAMESPACE"
+ -f "$HELM_CONFIG"
+ --set "podAnnotations.deployed_at=$(date +%Y.%m.%d-%H:%M)"
+
diff --git a/deploy/Dockerfile b/Dockerfile
similarity index 100%
rename from deploy/Dockerfile
rename to Dockerfile
diff --git a/deploy/kube/deployment.yml b/deploy/kube/deployment.yml
deleted file mode 100644
index 9a4005a..0000000
--- a/deploy/kube/deployment.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: lenochka
- annotations:
- app.gitlab.com/env: $CI_ENVIRONMENT_SLUG
- app.gitlab.com/app: $CI_PROJECT_PATH_SLUG
-spec:
- selector:
- matchLabels:
- app: lenochka-bot
- template:
- metadata:
- annotations:
- app.gitlab.com/env: $CI_ENVIRONMENT_SLUG
- app.gitlab.com/app: $CI_PROJECT_PATH_SLUG
- labels:
- app: lenochka-bot
- spec:
- imagePullSecrets:
- - name: "$PULL_SECRET"
- containers:
- - name: lenochka-bot
- image: docker.le-memese.com/bots/lenochka-bot:$APP_VERSION
- resources:
- limits:
- cpu: "$K8S_CPU_LIMITS"
- memory: "$K8S_MEM_LIMITS"
- envFrom:
- - configMapRef:
- name: "$ENVCONF"
diff --git a/helm/.helmignore b/helm/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/helm/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
new file mode 100644
index 0000000..cfec7e2
--- /dev/null
+++ b/helm/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: lenochka
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
new file mode 100644
index 0000000..e219a91
--- /dev/null
+++ b/helm/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "lenochka.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "lenochka.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "lenochka.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "lenochka.labels" -}}
+helm.sh/chart: {{ include "lenochka.chart" . }}
+{{ include "lenochka.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "lenochka.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "lenochka.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "lenochka.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "lenochka.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
new file mode 100644
index 0000000..4005690
--- /dev/null
+++ b/helm/templates/deployment.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "lenochka.fullname" . }}
+ labels:
+ {{- include "lenochka.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ {{- include "lenochka.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ annotations:
+ {{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "lenochka.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "lenochka.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.env }}
+ env:
+ {{- range $key, $val := . }}
+ - name: {{ $key | quote }}
+ value: {{ $val | quote }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
new file mode 100644
index 0000000..6f49807
--- /dev/null
+++ b/helm/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "lenochka.serviceAccountName" . }}
+ labels:
+ {{- include "lenochka.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
new file mode 100644
index 0000000..dd9495c
--- /dev/null
+++ b/helm/values.yaml
@@ -0,0 +1,58 @@
+# Default values for lenochka.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+ repository: docker.le-memese.com/bots/lenochka-bot
+ pullPolicy: Always
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+env: {}
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext:
+ {}
+ # fsGroup: 2000
+
+securityContext:
+ {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+resources:
+ {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--
GitLab