feat: k8s manifests

2024-09-10 17:35:52 +07:00 · 2024-09-10 17:35:52 +07:00 · 173c60c3b4
commit 173c60c3b4
parent 40cfd1fdf7
8 changed files with 142 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1 @@
+PROD_URL=gmoker.com
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@ -0,0 +1,31 @@
+on: push
+
+jobs:
+  deploy:
+    runs-on: debian
+    steps:
+      - uses: actions/checkout@v1
+      - name: setup env
+        run: |
+          . ./.env || true
+          if [ "${{ gitea.ref_name }}" == prod ] && [ -n "$PROD_URL" ]; then
+            BASE_URL="$PROD_URL"
+          else
+            BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com"
+          fi
+          REGISTRY="$(sed 's .*://  ' <<< ${{ gitea.server_url }})"
+          cat <<EOF >> .env
+          BASE_URL="$BASE_URL"
+          REGISTRY="$REGISTRY"
+          IMAGEAPP="$REGISTRY/${{ gitea.repository }}:${{ gitea.ref_name }}"
+          EOF
+          cat .env
+
+      - uses: actions/kaniko@v1
+        with:
+          password: "${{ secrets.PKGRW }}"
+
+      - uses: actions/k8sdeploy@v1
+        with:
+          kubeconfig: "${{ secrets.K8S }}"
+          registry_password: "${{ secrets.PKGRW }}"
--- a/manifests/bin/deploy.sh
+++ b/manifests/bin/deploy.sh
@ -0,0 +1,36 @@
+#!/bin/bash -e
+set -o pipefail
+
+function kapply() {
+    for f in "$@"; do
+        kubectl apply -f \
+            <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
+    done
+}
+
+function kcreatesec() {
+    kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
+}
+
+function kcreatecm() {
+    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
+}
+
+function kgseckey() {
+    local sec="$1"; shift
+    local key="$1"; shift
+
+    kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
+}
+
+function kgcmkey() {
+    local cm="$1"; shift
+    local key="$1"; shift
+
+    kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
+}
+
+
+kapply common/app.yaml
+
+kubectl rollout restart deployment app
--- a/manifests/bin/devel.sh
+++ b/manifests/bin/devel.sh
@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+export NB_REPLICAS=1
+
+. ./manifests/bin/deploy.sh
--- a/manifests/bin/prod.sh
+++ b/manifests/bin/prod.sh
@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+export NB_REPLICAS=3
+
+. ./manifests/bin/deploy.sh
--- a/manifests/common/app.yaml
+++ b/manifests/common/app.yaml
@ -0,0 +1,64 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: app
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: nginx
+  tls:
+    - secretName: tls-app
+      hosts:
+        - "$BASE_URL"
+  rules:
+    - host: "$BASE_URL"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: app
+                port:
+                  name: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: app
+  labels:
+    app: app
+spec:
+  selector:
+    app: app
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+  labels:
+    app: app
+spec:
+  replicas: $NB_REPLICAS
+  selector:
+    matchLabels:
+      app: app
+  template:
+    metadata:
+      labels:
+        app: app
+    spec:
+      imagePullSecrets:
+        - name: regcred
+      containers:
+        - name: app
+          image: "$IMAGEAPP"
+          imagePullPolicy: Always
+          ports:
+            - name: http
+              containerPort: 5173
--- a/manifests/devel/.gitkeep
+++ b/manifests/devel/.gitkeep
--- a/manifests/prod/.gitkeep
+++ b/manifests/prod/.gitkeep