andrewstuart · June 12, 2023 17:44 · andrusstrockiy · Mar 5, 2019
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
 image: docker.mydomain.com/build/kube-go-make

 variables:
  DOCKER_TAG: docker.mydomain.com/myapp/home:$CI_COMMIT_REF_SLUG
  DOCKER_HOST: tcp://localhost:2375
  DOCKER_DRIVER: overlay
  PROD_RSYNC_HOST: myprodserver.com
  DOMAIN: mydomain.com
  CHART_DIR: chart

 stages:
  - web
  - dockerize
  - ci
  - deploy

 build:web:
  stage: web
  image: docker.mydomain.com/gulp
  script:
  - bower install && npm install
  - gulp build
  cache:
    paths: [ bower_components, node_modules ]
  artifacts:
    paths: [ build ]

 build:docker:
  stage: dockerize
  services: [ docker.mydomain.com/build/dind ]
  dependencies: [ 'build:web' ]
  script:
  - docker build . -t $DOCKER_TAG
  - docker push $DOCKER_TAG
  - docker inspect --format "{{ index .RepoDigests 0 }}" $DOCKER_TAG > dockersha.txt
  artifacts:
    paths: [dockersha.txt]

 ci:
  stage: ci
  dependencies: [ 'build:web', 'build:docker' ]
  script:
  - 'helm upgrade -i myapp-$CI_ENVIRONMENT_SLUG --namespace myapp --set dockerTag=$(cat dockersha.txt) --set version=$CI_ENVIRONMENT_SLUG --set env=$CI_ENVIRONMENT_SLUG --set path=$CI_ENVIRONMENT_SLUG $CHART_DIR' # Deploy the chart templates from the `app` folder
  except: [ master ]
  environment:
    name: staging/$CI_COMMIT_REF_NAME
    url: https://preview.$DOMAIN/$CI_ENVIRONMENT_SLUG/
    on_stop: review_stop

 review_stop:
  stage: ci
  when: manual
  except: [ master ]
  variables:
    GIT_STRATEGY: none
  script:
  - helm delete --purge myapp-$CI_ENVIRONMENT_SLUG
  environment:
    name: staging/$CI_COMMIT_REF_NAME
    action: stop

 deploy:pilot:
  dependencies: [ 'build:docker' ]
  stage: deploy
  services: [ docker.mydomain.com/build/dind ]
  script:
  - docker pull $(cat dockersha.txt)
  - docker tag $(cat dockersha.txt) docker.mydomain.com/myapp/home
  - docker push docker.mydomain.com/myapp/home
  - helm upgrade -i myappweb --set dockerTag=$(cat dockersha.txt) --set host=pilot --set version=pilot --namespace=myapp $CHART_DIR
  environment:
    name: production
    url: https://www.$DOMAIN/
  only: [master]

 deploy:prod:
  dependencies: [ 'build:web' ]
  image: docker.mydomain.com/build/rsync
  stage: deploy
  only: [ master ]
  script:
  - eval $(ssh-agent -s)
  # SSH_PRIVATE_KEY is a secret variable set up in this gitlab repo
  - ssh-add <(echo "$SSH_PRIVATE_KEY" | sed 's/\r//g')
  - mkdir -p $HOME/.ssh
  - echo -e "Host $PROD_RSYNC_HOST\n\tStrictHostKeyChecking no\n\n" > $HOME/.ssh/config
  - rsync -rv --omit-dir-times --delete build/* myusername@$PROD_RSYNC_HOST:/var/www/www.$DOMAIN/
diff --git a/chart-templates-deployment.yaml b/chart-templates-deployment.yaml
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: myapp-{{ .Values.version | default "latest"  | trunc 40 }}
  namespace: {{ .Release.Namespace }}
 spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: {{ .Values.version | default "latest"  | trunc 40 }}
    spec:
      containers:
      - name: web
        image: {{ .Values.dockerTag | default "latest" }}
        imagePullPolicy: Always
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
        ports:
        - containerPort: 80
        livenessProbe: &g
          httpGet:
            path: /
            port: 80
        readinessProbe: *g
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Values.version | default "latest"  | trunc 40}}
  namespace: {{ .Release.Namespace }}
 spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: {{ .Values.version | default "latest"  | trunc 40 }}
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: myapp-version-{{ .Values.version | default "latest" | trunc 40 }}
  namespace: {{ .Release.Namespace }}
  annotations:
    kubernetes.io/tls-vault: "true"
    ingress.kubernetes.io/rewrite-target: "/"
 spec:
  rules:
  - host: {{ .Values.host | default "preview" }}.mydomain.com
    http:
      paths:
      # This gives me the ability to mount PR-specific builds at a specific
      # path rather than having proliferating DNS entries/certs.
      - path: /{{ .Values.path | default "" }}
        backend:
          serviceName: {{ .Values.version | default "latest" | trunc 40}}
          servicePort: 80
  tls:
  - secretName: {{ .Values.host | default "preview" }}.mydomain.com.tls
    hosts:
    - {{ .Values.host | default "preview" }}.mydomain.com
diff --git a/Dockerfile b/Dockerfile
 FROM nginx

 ADD build/ /usr/share/nginx/html/
	image: docker.mydomain.com/build/kube-go-make

	variables:
	DOCKER_TAG: docker.mydomain.com/myapp/home:$CI_COMMIT_REF_SLUG
	DOCKER_HOST: tcp://localhost:2375
	DOCKER_DRIVER: overlay
	PROD_RSYNC_HOST: myprodserver.com
	DOMAIN: mydomain.com
	CHART_DIR: chart

	stages:
	- web
	- dockerize
	- ci
	- deploy

	build:web:
	stage: web
	image: docker.mydomain.com/gulp
	script:
	- bower install && npm install
	- gulp build
	cache:
	paths: [ bower_components, node_modules ]
	artifacts:
	paths: [ build ]

	build:docker:
	stage: dockerize
	services: [ docker.mydomain.com/build/dind ]
	dependencies: [ 'build:web' ]
	script:
	- docker build . -t $DOCKER_TAG
	- docker push $DOCKER_TAG
	- docker inspect --format "{{ index .RepoDigests 0 }}" $DOCKER_TAG > dockersha.txt
	artifacts:
	paths: [dockersha.txt]

	ci:
	stage: ci
	dependencies: [ 'build:web', 'build:docker' ]
	script:
	- 'helm upgrade -i myapp-$CI_ENVIRONMENT_SLUG --namespace myapp --set dockerTag=$(cat dockersha.txt) --set version=$CI_ENVIRONMENT_SLUG --set env=$CI_ENVIRONMENT_SLUG --set path=$CI_ENVIRONMENT_SLUG $CHART_DIR' # Deploy the chart templates from the `app` folder
	except: [ master ]
	environment:
	name: staging/$CI_COMMIT_REF_NAME
	url: https://preview.$DOMAIN/$CI_ENVIRONMENT_SLUG/
	on_stop: review_stop

	review_stop:
	stage: ci
	when: manual
	except: [ master ]
	variables:
	GIT_STRATEGY: none
	script:
	- helm delete --purge myapp-$CI_ENVIRONMENT_SLUG
	environment:
	name: staging/$CI_COMMIT_REF_NAME
	action: stop

	deploy:pilot:
	dependencies: [ 'build:docker' ]
	stage: deploy
	services: [ docker.mydomain.com/build/dind ]
	script:
	- docker pull $(cat dockersha.txt)
	- docker tag $(cat dockersha.txt) docker.mydomain.com/myapp/home
	- docker push docker.mydomain.com/myapp/home
	- helm upgrade -i myappweb --set dockerTag=$(cat dockersha.txt) --set host=pilot --set version=pilot --namespace=myapp $CHART_DIR
	environment:
	name: production
	url: https://www.$DOMAIN/
	only: [master]

	deploy:prod:
	dependencies: [ 'build:web' ]
	image: docker.mydomain.com/build/rsync
	stage: deploy
	only: [ master ]
	script:
	- eval $(ssh-agent -s)
	# SSH_PRIVATE_KEY is a secret variable set up in this gitlab repo
	- ssh-add <(echo "$SSH_PRIVATE_KEY" \| sed 's/\r//g')
	- mkdir -p $HOME/.ssh
	- echo -e "Host $PROD_RSYNC_HOST\n\tStrictHostKeyChecking no\n\n" > $HOME/.ssh/config
	- rsync -rv --omit-dir-times --delete build/* myusername@$PROD_RSYNC_HOST:/var/www/www.$DOMAIN/
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: myapp-{{ .Values.version \| default "latest" \| trunc 40 }}
	namespace: {{ .Release.Namespace }}
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: {{ .Values.version \| default "latest" \| trunc 40 }}
	spec:
	containers:
	- name: web
	image: {{ .Values.dockerTag \| default "latest" }}
	imagePullPolicy: Always
	resources:
	requests:
	cpu: 100m
	memory: 200Mi
	ports:
	- containerPort: 80
	livenessProbe: &g
	httpGet:
	path: /
	port: 80
	readinessProbe: *g
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: {{ .Values.version \| default "latest" \| trunc 40}}
	namespace: {{ .Release.Namespace }}
	spec:
	ports:
	- port: 80
	targetPort: 80
	selector:
	app: {{ .Values.version \| default "latest" \| trunc 40 }}
	---
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: myapp-version-{{ .Values.version \| default "latest" \| trunc 40 }}
	namespace: {{ .Release.Namespace }}
	annotations:
	kubernetes.io/tls-vault: "true"
	ingress.kubernetes.io/rewrite-target: "/"
	spec:
	rules:
	- host: {{ .Values.host \| default "preview" }}.mydomain.com
	http:
	paths:
	# This gives me the ability to mount PR-specific builds at a specific
	# path rather than having proliferating DNS entries/certs.
	- path: /{{ .Values.path \| default "" }}
	backend:
	serviceName: {{ .Values.version \| default "latest" \| trunc 40}}
	servicePort: 80
	tls:
	- secretName: {{ .Values.host \| default "preview" }}.mydomain.com.tls
	hosts:
	- {{ .Values.host \| default "preview" }}.mydomain.com