Commit fca76915 authored by Philippe Pepiot's avatar Philippe Pepiot
Browse files

[docker] add kubernetes deployment files

This is actually the way we run our instance.

Add a "make deploy" target which applies the deployment with newer image and
trigger a rolling-release.
parent 79785a906da1
......@@ -7,4 +7,5 @@ include *.ini
include Makefile
include Dockerfile .dockerignore
recursive-include docker *.ini *.j2 *.sh *.txt
recursive-include deploy *.yaml
prune debian
......@@ -3,6 +3,7 @@ VERSION?=$(shell hg log -r . -T "{sub(':.*', '', '{latesttag}')}{sub('^-0-.*', '
IMAGE?=$(REGISTRY):$(VERSION)
PORT?=8080
DOCKER_ARGS?=$(shell test -e .env && echo --env-file .env) -p $(PORT):8080 -v /var/run/postgresql:/var/run/postgresql -e CW_DB_USER=$(shell id -nu)
NAMESPACE=intranet
all: build
......@@ -20,4 +21,7 @@ run: build
dev: build
docker run --rm -it $(DOCKER_ARGS) -v `pwd`:/src $(IMAGE) bash
.PHONY: all build push run dev
deploy: push
sed "s@hub.extranet.logilab.fr/logilab/intranet@$(IMAGE)@" deploy/deployment.yaml | kubectl -n $(NAMESPACE) apply -f -
.PHONY: all build push run dev deploy
......@@ -16,3 +16,32 @@ Some useful commands::
* ``cubicweb-ctl pyramid -D -l info intranet`` will start the instance on
http://localhost:8080
Deploying on kubernetes
=======================
To create the initial database from an existing empty database::
kubectl run -it intranet-dbcreate \
--env CW_DB_HOST=db \
--env CW_DB_USER=user \
--env CW_DB_PASSWORD=pass \
--env CW_DB_NAME=intranet \
--image=r.in.philpep.org/intranet --command -- \
cubicweb-ctl db-create --automatic --create-db=n intranet
kubectl delete deployment intranet-dbcreate
Then generate a secret named "intranet" from where environment variables are set::
kubectl create secret generic intranet-env \
--from-literal CW_DB_HOST=db
--from-literal CW_DB_USER=user \
--from-literal CW_DB_PASSWORD=pass \
--from-literal CW_DB_NAME=intranet \
--from-literal CW_BASE_URL=https://intranet.example.com
Then deploy intranet with::
kubectl apply -f deployment.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: intranet
data:
default.conf: |
server {
listen 8000 default_server;
root /etc/cubicweb.d/intranet/data;
rewrite ^/intra/(.*) /$1 last;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_buffering off;
# This make cubicweb-signedrequest works even if HTTP Host header is
# not supposed to contains URL path...
proxy_set_header Host $host/intra;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-user $http_x_remote_user;
}
location /data {
alias /etc/cubicweb.d/intranet/data;
expires 30d;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: intranet
spec:
selector:
matchLabels:
app: intranet
replicas: 1
template:
metadata:
labels:
app: intranet
spec:
imagePullSecrets:
- name: regcred
volumes:
- name: static
emptyDir: {}
- name: config
configMap:
name: intranet
containers:
- name: intranet
image: hub.extranet.logilab.fr/logilab/intranet
imagePullPolicy: Always
envFrom:
- secretRef:
name: intranet-env
volumeMounts:
- name: static
mountPath: /etc/cubicweb.d/intranet/data
resources:
requests:
cpu: 500m
memory: 500Mi
limits:
memory: 500Mi
- name: nginx
image: hub.extranet.logilab.fr/library/nginx
imagePullPolicy: Always
volumeMounts:
- name: config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: static
mountPath: /etc/cubicweb.d/intranet/data
resources:
requests:
cpu: 100m
memory: 50Mi
limits:
memory: 50Mi
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 20
httpGet:
path: /siteinfo
port: 8000
httpHeaders:
- name: X-Remote-User
value: nico
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: intranet-scheduler
spec:
selector:
matchLabels:
app: intranet-scheduler
replicas: 1
template:
metadata:
labels:
app: intranet-scheduler
spec:
imagePullSecrets:
- name: regcred
containers:
- name: intranet
image: hub.extranet.logilab.fr/logilab/intranet
imagePullPolicy: Always
envFrom:
- secretRef:
name: intranet-env
command: ["cubicweb-ctl", "scheduler", "intranet"]
resources:
requests:
cpu: 100m
memory: 250Mi
limits:
memory: 250Mi
---
apiVersion: v1
kind: Service
metadata:
name: intranet
spec:
selector:
app: intranet
ports:
- protocol: TCP
port: 8000
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment