Re-kubernetesify

e96cbec2 · Pomucz Tamás András · 3c877cff · e96cbec2 · e96cbec2 · e96cbec2
Commit e96cbec2 authored 6 months ago by Pomucz Tamás András
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 stages:
  - build
+  - container
  - deploy

 variables:
-  CI_REGISTRY_IMAGE: ${CI_REGISTRY}/${CI_PROJECT_NAME}
+  CI_REGISTRY: harbor.sch.bme.hu
+  CI_REGISTRY_IMAGE: ${CI_REGISTRY}/kszk/website
  KUBECONFIG_VAR_NAME: KUBECONFIG

-build:
+yarn_build:
  image: node:21-alpine3.17
  stage: build
  script:
@@ -18,26 +20,65 @@ build:
    paths:
      - public
  only:
-    - master
+    - tags

-prod-ftp:
-  stage: deploy
-  dependencies:
-    - build
-  image: harbor.sch.bme.hu/kszk/lftp:latest
+docker_build:
+  stage: container
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
  before_script:
-    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
-    - mkdir -p ~/.ssh
-    - chmod 700 ~/.ssh
-    - echo 'echo "$SSH_PASSPHRASE"' > ~/.ssh/.print_ssh_password
-    - chmod 700 ~/.ssh/.print_ssh_password
-    - chmod +x ~/.ssh/.print_ssh_password
-    - eval $(ssh-agent -s)
-    - chmod 400 "${SSH_PRIVATE_KEY}"
-    - cat "${SSH_PRIVATE_KEY}" | tr -d '\r' | DISPLAY=":0.0" SSH_ASKPASS="`~/.ssh/.print_ssh_password`" setsid ssh-add - > /dev/null
-   
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
  script:
-    - 'echo -e "Host *\n\tStrictHostKeyChecking no\nport 10022\n\n" > ~/.ssh/config'
-    - lftp -e "set dns:order 'inet inet6'; set net:timeout 5; set net:max-retries 2; set net:reconnect-interval-base 5; mirror --parallel=10 --delete --verbose -R public/ root/site/kszk/ ;   quit" -d -u "${FTP_USER}","${SSH_PASSPHRASE}" -p 10022 "${FTP_HOST}" 
+    - |
+      /kaniko/executor --context ${CI_PROJECT_DIR} \
+      --dockerfile ${CI_PROJECT_DIR}/Dockerfile \
+      --destination ${CI_REGISTRY_IMAGE}:latest \
+      --destination ${CI_REGISTRY_IMAGE}:$CI_COMMIT_REF_NAME
+  only:
+    - tags
+
+deploy-job:
+  stage: deploy
  only: 
-    - master
+  - tags
+  environment: production
+  image:
+    name: alpine
+    entrypoint: [ "" ]
+  before_script:
+    - DIR="$PWD"
+    - apk add bash curl gettext
+    - cd /tmp
+    - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+    - PATH="$PATH:/tmp"
+    - chmod +x kubectl
+    - cd "$DIR"
+  script:
+    - envsubst < k8s/deployment.yaml.template > k8s/deployment.yaml 
+    - kubectl apply -n kszk-website -f 'k8s/*.yaml'
+
+  tags: [k9r]
+
+# prod-ftp:
+#   stage: deploy
+#   dependencies:
+#     - build
+#   image: harbor.sch.bme.hu/kszk/lftp:latest
+#   before_script:
+#     - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
+#     - mkdir -p ~/.ssh
+#     - chmod 700 ~/.ssh
+#     - echo 'echo "$SSH_PASSPHRASE"' > ~/.ssh/.print_ssh_password
+#     - chmod 700 ~/.ssh/.print_ssh_password
+#     - chmod +x ~/.ssh/.print_ssh_password
+#     - eval $(ssh-agent -s)
+#     - chmod 400 "${SSH_PRIVATE_KEY}"
+#     - cat "${SSH_PRIVATE_KEY}" | tr -d '\r' | DISPLAY=":0.0" SSH_ASKPASS="`~/.ssh/.print_ssh_password`" setsid ssh-add - > /dev/null
+   
+#   script:
+#     - 'echo -e "Host *\n\tStrictHostKeyChecking no\nport 10022\n\n" > ~/.ssh/config'
+#     - lftp -e "set dns:order 'inet inet6'; set net:timeout 5; set net:max-retries 2; set net:reconnect-interval-base 5; mirror --parallel=10 --delete --verbose -R public/ root/site/kszk/ ;   quit" -d -u "${FTP_USER}","${SSH_PASSPHRASE}" -p 10022 "${FTP_HOST}" 
+#   only:
+#     - master
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -14,10 +14,14 @@ spec:
    spec:
      containers:
      - name: kszk-website
-        image: harbor.sch.bme.hu/kszk/website:latest
+        image: harbor.sch.bme.hu/kszk/website:$CI_COMMIT_REF_NAME
        resources:
-          limits:
+          requests:
            memory: "64Mi"
+            cpu: "250m"
+          limits:
+            memory: "256Mi"
+            cpu: "500m"
        ports:
        - containerPort: 80
      imagePullSecrets:

--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml
@@ -6,16 +6,16 @@ metadata:
  labels:
    name: kszk-website
  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
 spec:
  tls:
    - hosts:
-        - staging.kszk.sch.bme.hu
+        - kszk.bme.hu
      secretName: kszk-website-cert
  rules:
-    - host: staging.kszk.sch.bme.hu
+    - host: kszk.bme.hu
      http:
        paths:
          - pathType: Prefix