Skip to content
Snippets Groups Projects
Commit 96333c78 authored by ludo8147's avatar ludo8147
Browse files

build and publisch image from CI/CD

parent ee4f3a89
No related branches found
No related tags found
No related merge requests found
Pipeline #69198 passed
Stage: build
Stage: test
Stage: publish
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 34
176
View file @ 96333c78
#Code: https://github.com/lucendio/lecture-devops-code/blob/master/tutorials/define-and-run-pipeline/.gitlab-ci.yml
# und Vorlesung
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "main"
......@@ -5,205 +8,60 @@ workflow:
variables:
version: 0.0.$CI_PIPELINE_IID
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
CERT_MANAGER_VERSION: v1.13.0
stages:
- 'build'
- 'test'
- 'publish'
- 'deploy'
job_test:
stage: 'test'
image: 'mirror.gcr.io/library/golang:1.21'
tags:
- gitlab-runner03
script:
- go test -race -v ./...
job_build:
stage: build
image: mirror.gcr.io/library/golang:1.21
tags:
- gitlab-runner03
stage: 'build'
image: 'mirror.gcr.io/library/golang:1.21'
parallel:
matrix:
- GOOS:
- 'linux'
- 'windows'
- 'darwin'
GOARCH:
- 'amd64'
- 'arm64'
before_script:
- mkdir -p ./artifacts
script:
- go get -t ./...
- GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./artifact.bin ./*.go
script:
- |
go build \
-o ./artifacts/webservice_${GOOS}_${GOARCH}.bin \
./*.go
artifacts:
paths:
- ./artifact.bin
expire_in: 10 sec
- ./artifacts
job_upload:
stage: publish
image: registry.hub.docker.com/library/docker:24.0.7
job_publish:
stage: 'publish'
rules:
image: 'public.ecr.aws/lts/ubuntu:22.04'
tags:
- docker-privileged
- gitlab-runner03
dependencies:
- job_build
services:
- name: registry.hub.docker.com/library/docker:24.0.7-dind
alias: docker
script:
- docker build --file ./Containerfile --build-arg binaryPath=./artifact.bin --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}" ./
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
after_script:
- docker image rm --force "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
.deploy_template: &deploy_template
image:
name: amazon/aws-cli
entrypoint: [""]
before_script: &deploy_template_before_script
- yum update -y
- yum install -y curl tar gzip jq gettext procps
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- mv ./kubectl /usr/local/bin/kubectl
- aws --version
- TOKEN=$(aws eks get-token --cluster-name my-eks-cluster | jq -r '.status.token')
- aws eks describe-cluster --name my-eks-cluster --output json > cluster.json
- SERVER=$(jq -r '.cluster.endpoint' cluster.json)
- CA_CERT=$(jq -r '.cluster.certificateAuthority.data' cluster.json)
- |
cat <<EOF > kubeconfig
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: ${CA_CERT}
server: ${SERVER}
name: my-cluster
contexts:
- context:
cluster: my-cluster
user: aws
name: aws
current-context: aws
users:
- name: aws
user:
token: ${TOKEN}
EOF
- export KUBECONFIG=./kubeconfig
create_secrets:
<<: *deploy_template
stage: deploy
tags:
- gitlab-runner03
script:
- |
create_namespace_and_secret() {
local namespace=$1
echo "Ensuring namespace $namespace exists..."
kubectl create namespace $namespace --dry-run=client -o yaml | kubectl apply -f -
envsubst < secret-$namespace.yaml | kubectl apply -f -
}
create_namespace_and_secret "staging"
create_namespace_and_secret "production"
deploy_to_staging:
<<: *deploy_template
stage: deploy
environment:
name: staging
tags:
- gitlab-runner03
variables:
KUBE_NAMESPACE: staging
CPU_REQUEST: "200m"
CPU_LIMIT: "500m"
MEMORY_REQUEST: "256Mi"
MEMORY_LIMIT: "512Mi"
INGRESS_HOST: "staging-webdevops.ddns.net"
script:
- |
echo "Creating namespace if it doesn't exist..."
kubectl create namespace $KUBE_NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "Downloading Prometheus Operator bundle..."
curl -LO https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.55.1/bundle.yaml
kubectl apply -f bundle.yaml --server-side
kubectl wait --for=condition=Established --all crd --timeout=300s
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
kubectl wait --for=condition=Available --timeout=300s deployment/cert-manager-webhook -n cert-manager
echo "Validating and applying Kubernetes manifests..."
for file in redis-configmap.yaml deployment.yaml service.yaml ingress.yaml redis.yaml prometheus.yaml network-policy.yaml redis-pv-pvc.yaml cluster-issuer.yaml; do
echo "Applying $file"
envsubst < $file | kubectl apply -f -
done
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
echo "All manifests applied successfully."
needs:
- create_secrets
deploy_to_production:
<<: *deploy_template
stage: deploy
tags:
- gitlab-runner03
environment:
name: production
variables:
KUBE_NAMESPACE: production
CPU_REQUEST: "400m"
CPU_LIMIT: "800m"
MEMORY_REQUEST: "512Mi"
MEMORY_LIMIT: "1Gi"
INGRESS_HOST: "prod-webdevops.ddns.net"
before_script:
- apt update
- apt install -y ca-certificates curl
- update-ca-certificates
script:
- |
echo "Creating namespace if it doesn't exist..."
kubectl create namespace $KUBE_NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "Downloading Prometheus Operator bundle..."
curl -LO https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.55.1/bundle.yaml
kubectl apply -f bundle.yaml --server-side
kubectl wait --for=condition=Established --all crd --timeout=300s
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
kubectl wait --for=condition=Available --timeout=300s deployment/cert-manager-webhook -n cert-manager
echo "Validating and applying Kubernetes manifests..."
for file in redis-configmap.yaml deployment.yaml service.yaml ingress.yaml redis.yaml prometheus.yaml network-policy.yaml redis-pv-pvc.yaml cluster-issuer.yaml; do
echo "Applying $file"
envsubst < $file | kubectl apply -f -
for artifact in ./artifacts/*; do
chmod +x ${artifact}
curl \
--header "Job-TOKEN: ${CI_JOB_TOKEN}" \
--upload-file ${artifact} \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/artifacts/${version}/"
done
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
echo "All manifests applied successfully."
needs:
- create_secrets
- deploy_to_staging
rollback:
<<: *deploy_template
stage: deploy
when: manual
script:
- |
echo "Performing rollback in ${CI_ENVIRONMENT_NAME} environment..."
if kubectl get deployment webservice -n ${KUBE_NAMESPACE} > /dev/null 2>&1; then
echo "Rolling back webservice deployment"
kubectl rollout undo deployment/webservice -n ${KUBE_NAMESPACE}
else
echo "Deployment 'webservice' not found in namespace ${KUBE_NAMESPACE}"
echo "Available deployments:"
kubectl get deployments -n ${KUBE_NAMESPACE}
fi
rules:
- if: '$CI_ENVIRONMENT_NAME == "staging" || $CI_ENVIRONMENT_NAME == "production"'
\ No newline at end of file
.gitlab-ci_project.yml 0 → 100644
+ 209
0
View file @ 96333c78
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "main" && $CI_COMMIT_MESSAGE == "project"
when: always
variables:
version: 0.0.$CI_PIPELINE_IID
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
CERT_MANAGER_VERSION: v1.13.0
stages:
- 'build'
- 'test'
- 'publish'
- 'deploy'
job_test:
stage: 'test'
image: 'mirror.gcr.io/library/golang:1.21'
tags:
- gitlab-runner03
script:
- go test -race -v ./...
job_build:
stage: build
image: mirror.gcr.io/library/golang:1.21
tags:
- gitlab-runner03
before_script:
- mkdir -p ./artifacts
script:
- go get -t ./...
- GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./artifact.bin ./*.go
artifacts:
paths:
- ./artifact.bin
expire_in: 10 sec
job_upload:
stage: publish
image: registry.hub.docker.com/library/docker:24.0.7
tags:
- docker-privileged
- gitlab-runner03
dependencies:
- job_build
services:
- name: registry.hub.docker.com/library/docker:24.0.7-dind
alias: docker
script:
- docker build --file ./Containerfile --build-arg binaryPath=./artifact.bin --tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}" ./
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
after_script:
- docker image rm --force "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
.deploy_template: &deploy_template
image:
name: amazon/aws-cli
entrypoint: [""]
before_script: &deploy_template_before_script
- yum update -y
- yum install -y curl tar gzip jq gettext procps
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- mv ./kubectl /usr/local/bin/kubectl
- aws --version
- TOKEN=$(aws eks get-token --cluster-name my-eks-cluster | jq -r '.status.token')
- aws eks describe-cluster --name my-eks-cluster --output json > cluster.json
- SERVER=$(jq -r '.cluster.endpoint' cluster.json)
- CA_CERT=$(jq -r '.cluster.certificateAuthority.data' cluster.json)
- |
cat <<EOF > kubeconfig
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: ${CA_CERT}
server: ${SERVER}
name: my-cluster
contexts:
- context:
cluster: my-cluster
user: aws
name: aws
current-context: aws
users:
- name: aws
user:
token: ${TOKEN}
EOF
- export KUBECONFIG=./kubeconfig
create_secrets:
<<: *deploy_template
stage: deploy
tags:
- gitlab-runner03
script:
- |
create_namespace_and_secret() {
local namespace=$1
echo "Ensuring namespace $namespace exists..."
kubectl create namespace $namespace --dry-run=client -o yaml | kubectl apply -f -
envsubst < secret-$namespace.yaml | kubectl apply -f -
}
create_namespace_and_secret "staging"
create_namespace_and_secret "production"
deploy_to_staging:
<<: *deploy_template
stage: deploy
environment:
name: staging
tags:
- gitlab-runner03
variables:
KUBE_NAMESPACE: staging
CPU_REQUEST: "200m"
CPU_LIMIT: "500m"
MEMORY_REQUEST: "256Mi"
MEMORY_LIMIT: "512Mi"
INGRESS_HOST: "staging-webdevops.ddns.net"
script:
- |
echo "Creating namespace if it doesn't exist..."
kubectl create namespace $KUBE_NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "Downloading Prometheus Operator bundle..."
curl -LO https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.55.1/bundle.yaml
kubectl apply -f bundle.yaml --server-side
kubectl wait --for=condition=Established --all crd --timeout=300s
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
kubectl wait --for=condition=Available --timeout=300s deployment/cert-manager-webhook -n cert-manager
echo "Validating and applying Kubernetes manifests..."
for file in redis-configmap.yaml deployment.yaml service.yaml ingress.yaml redis.yaml prometheus.yaml network-policy.yaml redis-pv-pvc.yaml cluster-issuer.yaml; do
echo "Applying $file"
envsubst < $file | kubectl apply -f -
done
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
echo "All manifests applied successfully."
needs:
- create_secrets
deploy_to_production:
<<: *deploy_template
stage: deploy
tags:
- gitlab-runner03
environment:
name: production
variables:
KUBE_NAMESPACE: production
CPU_REQUEST: "400m"
CPU_LIMIT: "800m"
MEMORY_REQUEST: "512Mi"
MEMORY_LIMIT: "1Gi"
INGRESS_HOST: "prod-webdevops.ddns.net"
script:
- |
echo "Creating namespace if it doesn't exist..."
kubectl create namespace $KUBE_NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "Downloading Prometheus Operator bundle..."
curl -LO https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.55.1/bundle.yaml
kubectl apply -f bundle.yaml --server-side
kubectl wait --for=condition=Established --all crd --timeout=300s
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
kubectl wait --for=condition=Available --timeout=300s deployment/cert-manager-webhook -n cert-manager
echo "Validating and applying Kubernetes manifests..."
for file in redis-configmap.yaml deployment.yaml service.yaml ingress.yaml redis.yaml prometheus.yaml network-policy.yaml redis-pv-pvc.yaml cluster-issuer.yaml; do
echo "Applying $file"
envsubst < $file | kubectl apply -f -
done
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
echo "All manifests applied successfully."
needs:
- create_secrets
- deploy_to_staging
rollback:
<<: *deploy_template
stage: deploy
when: manual
script:
- |
echo "Performing rollback in ${CI_ENVIRONMENT_NAME} environment..."
if kubectl get deployment webservice -n ${KUBE_NAMESPACE} > /dev/null 2>&1; then
echo "Rolling back webservice deployment"
kubectl rollout undo deployment/webservice -n ${KUBE_NAMESPACE}
else
echo "Deployment 'webservice' not found in namespace ${KUBE_NAMESPACE}"
echo "Available deployments:"
kubectl get deployments -n ${KUBE_NAMESPACE}
fi
rules:
- if: '$CI_ENVIRONMENT_NAME == "staging" || $CI_ENVIRONMENT_NAME == "production"'
\ No newline at end of file
Containerfile
+ 4
7
View file @ 96333c78
#Code aus GitHub Solution
FROM scratch
#https://manpages.ubuntu.com/manpages/jammy/man5/containers-dockerfile.5.html
FROM ubuntu
ARG binaryPath
COPY ${binaryPath} /bin/webservice
COPY ./artifact.bin /bin/webservice
ENV HOST 0.0.0.0
ENTRYPOINT [ "/bin/webservice" ]
CMD [ "" ]
\ No newline at end of file
ENTRYPOINT [ "/bin/webservice" ]
\ No newline at end of file
Define and run a pipeline/.gitlab-ci.yml
+ 0
2
View file @ 96333c78
......@@ -46,8 +46,6 @@ job_build:
job_publish:
stage: 'publish'
rules:
- if: $CI_COMMIT_REF_NAME =~ /stable/
when: always
image: 'public.ecr.aws/lts/ubuntu:22.04'
tags:
- docker-privileged
......
build_publish_a_container_image_from_CICD_pipeline/.gitlab-ci.yml
+ 13
32
View file @ 96333c78
#Code: https://github.com/lucendio/lecture-devops-code/blob/master/tutorials/define-and-run-pipeline/.gitlab-ci.yml
# und Vorlesung
# Code aus Vorlesung
# https://docs.gitlab.com/ee/user/packages/container_registry/build_and_push_images.html
default:
image: docker:docker:24.0.7
services:
- docker:docker:24.0.7-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
workflow:
rules:
......@@ -7,7 +14,7 @@ workflow:
when: always
variables:
version: 0.0.$CI_PIPELINE_IID
CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
stages:
- 'build'
......@@ -36,30 +43,6 @@ job_build:
- ./artifact.bin
expire_in: 10 sec
job_publish:
stage: 'publish'
rules:
- if: $CI_COMMIT_REF_NAME =~ /stable/
when: always
image: 'public.ecr.aws/lts/ubuntu:22.04'
tags:
- docker-privileged
dependencies:
- job_build
before_script:
- apt update
- apt install -y ca-certificates curl
- update-ca-certificates
script:
- |
for artifact in ./artifacts/*; do
chmod +x ${artifact}
curl \
--header "Job-TOKEN: ${CI_JOB_TOKEN}" \
--upload-file ${artifact} \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/artifacts/${version}/"
done
job_upload:
stage: publish
image: registry.hub.docker.com/library/docker:24.0.7
......@@ -73,10 +56,8 @@ job_upload:
script:
- docker build
--file ./Containerfile
--build-arg binaryPath=./artifact.bin
--tag "${CI_REGISTRY_IMAGE}:${version}"
--tag "${CONTAINER_RELEASE_IMAGE}"
./
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker push "${CI_REGISTRY_IMAGE}:${version}"
- docker push $CONTAINER_RELEASE_IMAGE
after_script:
- docker image rm --force "${CI_REGISTRY_IMAGE}:${version}"
- docker image rm --force "${CONTAINER_RELEASE_IMAGE}"
build_publish_a_container_image_from_CICD_pipeline/Containerfile
+ 4
7
View file @ 96333c78
#Code aus GitHub Solution
FROM scratch
#https://manpages.ubuntu.com/manpages/jammy/man5/containers-dockerfile.5.html
FROM ubuntu
ARG binaryPath
COPY ${binaryPath} /bin/webservice
COPY ./artifact.bin /bin/webservice
ENV HOST 0.0.0.0
ENTRYPOINT [ "/bin/webservice" ]
CMD [ "" ]
\ No newline at end of file
ENTRYPOINT [ "/bin/webservice" ]
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment