Merge branch 'just-a-test' into 'staging'

pipeline multiple updates See merge request !2

Merge branch 'just-a-test' into 'staging'
11249a76 · Dobromir Palushev · d229b591 · dc594d04 · 11249a76 · 11249a76
Commit 11249a76 authored 2 years ago by Dobromir Palushev
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 workflow:
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-      when: always
    - if: >-
-        $CI_PIPELINE_SOURCE == "push"
+        $CI_COMMIT_BRANCH == "staging" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-        && ($CI_COMMIT_BRANCH == "staging" || $CI_COMMIT_BRANCH == "master")
      when: always
    - when: never
 variables:
-  DOCKER_VERSION: '20.10.12'
+  DOCKER_VERSION: '20.10.17'
-  K8S_NAMESPACE: 'devops-s22-deployable'
+  K8S_VERSION: '1.24'
+  GOOGLE_CLOUD_SDK_IMAGE_VERSION: '400.0.0'
+  K8S_NAMESPACE: 'todoapp-devops'
  CONTAINER_TAG: '${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}'
 stages:
  - test
  - build
+  - release
  - deploy
-job_test-image:
+.gke-initialization:
+    before_script:
+    - echo $BASE64_GOOGLE_CREDENTIALS | base64 -d > ~/service_account.json
+    - gcloud auth activate-service-account --key-file ~/service_account.json
+    - gcloud config set project ${GCP_PROJECT_ID}
+    - gcloud config set compute/zone ${GCP_COMPUTE_REGION}
+    - gcloud container clusters get-credentials ${GCP_PROJECT_ID}-gke
+test-image:
  stage: test
  tags:
    - docker-priviliged
-  image: docker:$DOCKER_VERSION
+  image: docker:${DOCKER_VERSION}
  services:
-    - name: docker:$DOCKER_VERSION-dind
+    - name: docker:${DOCKER_VERSION}-dind
  script:
    - docker build
      --tag "${CONTAINER_TAG}-test"
      --target=test
      "./"
  after_script:
-    - docker image rm --force "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+    - docker image rm --force "${CONTAINER_TAG}-test"
-job_build-image:
+build-image:
  stage: build
  needs:
-    - 'job_test-image'
+    - 'test-image'
-  rules:
-    - if: $CI_COMMIT_BRANCH != "staging" && $CI_COMMIT_BRANCH != "master"
-      when: 'never'
  tags:
    - docker-priviliged
-  image: docker:$DOCKER_VERSION
+  image: docker:${DOCKER_VERSION}
  services:
-    - name: docker:$DOCKER_VERSION-dind
+    - name: docker:${DOCKER_VERSION}-dind
+  before_script:
+    - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
  script:
-    - SERVER_PUBLIC_URL=""
+    - docker image build
-    - DB_HOST=""
-    - docker build
      --tag "${CONTAINER_TAG}"
-      --build-arg JWT_SECRET=${JWT_SECRET}
+      "./app"
-      --build-arg SERVER_PUBLIC_URL=${SERVER_PUBLIC_URL}
+    # - docker image build
-      --build-arg DB_HOST=${DB_HOST}
+    #   --tag "${CONTAINER_TAG}-google-sdk"
-      "./"
+    #   "./gcloud-image"
+    - docker push "${CONTAINER_TAG}"
+    # - docker push "${CONTAINER_TAG}-google-sdk"
+  after_script:
+    - docker image rm --force "${CONTAINER_TAG}"
+    # - docker image rm --force "${CONTAINER_TAG}-google-sdk"
+create-release_image:
+  stage: release
+  rules:
+    - if: $CI_COMMIT_REF_NAME =~ /main/
+      when: 'always'
+  tags:
+    - docker-privileged
+  image: docker:${DOCKER_VERSION}
+  services:
+    - name: docker:${DOCKER_VERSION}-dind
+  before_script:
    - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
-    - docker push "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+    - docker pull "${CONTAINER_TAG}"
+  script:
+    - VERSION=$(cat ./app/client/package.json | docker run --interactive stedolan/jq --raw-output '.version')
+    - docker tag "${CONTAINER_TAG}" "${CI_REGISTRY_IMAGE}:${VERSION}"
+    - docker push "${CI_REGISTRY_IMAGE}:${VERSION}"
  after_script:
-    - docker image rm --force "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+    - docker image rm --force
+        $(docker images --format '{{.Repository}}{{.Tag}}' | grep '${CI_REGISTRY_IMAGE}')
+# create-release_tag:
+#   stage: release
+#   needs:
+#     - 'create-release_image'
+#   rules:
+#     - if: $CI_COMMIT_REF_NAME =~ /main/
+#       when: 'always'
+#   tags:
+#     - docker-privileged
+#   image: docker:${DOCKER_VERSION}-git
+#   services:
+#     - name: docker:${DOCKER_VERSION}-dind
+#   script:
+#     - VERSION=$(cat ./src/package.json | docker run --interactive stedolan/jq --raw-output '.version')
+#     - echo ${VERSION}
+#     #- git tag "v${VERSION}" && git push origin "v${VERSION}"
-job_deploy-image:
+deploy-image:
+  extends: .gke-initialization
  stage: deploy
  needs:
-    - 'job_build-image'
+    - 'build-image'
  rules:
    - if: $CI_COMMIT_REF_NAME =~ /staging/
      when: 'always'
      variables:
        ENVIRONMENT_NAME: 'staging'
-    - if: $CI_COMMIT_REF_NAME !~ /staging/
+    - if: $CI_COMMIT_REF_NAME !~ /main/
      when: 'always'
      variables:
-        ENVIRONMENT_NAME: 'prod'
+        ENVIRONMENT_NAME: 'production'
  tags:
    - docker
-  image:
+  image: google/cloud-sdk:${GOOGLE_CLOUD_SDK_IMAGE_VERSION}
-    name: k8s-image
-    entrypoint: ['']
  script:
-    # - IMAGE="${CI_REGISTRY_IMAGE}:${VERSION}"
+    - VERSION="${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
-    - kubectl apply
+    - IMAGE="${CI_REGISTRY_IMAGE}:${VERSION}"
-        --kubeconfig ${SECRET_KUBECONFIG_PATH}
+    - cd "app/k8s-manifests"
-        --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
+    - kubectl apply secrets.yaml --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
-        --kustomize -
+    - kubectl apply gitlab-registry-credentials.yaml --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
+    - kubectl apply configmap.yaml --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
+    - kubectl apply deployment.yaml --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
+    - kubectl apply service.yaml --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
+    - kubectl apply ingress.yaml --namespace "${ENVIRONMENT_NAME}-${K8S_NAMESPACE}"
--- a/app/.dockerignore
+++ b/app/.dockerignore
@@ -2,3 +2,5 @@ client/node_modules
 server/node_modules
 .dockerignore
 Dockerfile
+README.md
+npm-debug.log
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -6,7 +6,7 @@ ARG NODEJS_VERSION='16.17.0'
 FROM node:$NODEJS_VERSION-alpine AS base
 ENV \
-    PORT=3002 \
+    PORT=3000 \
    # For local dev - mongodb://host.docker.internal:27017/todo-app
    MONGODB_URL=<should-be-dynamically-set> \
    JWT_SECRET=<should-be-dynamically-set>

--- a/app/README.md
+++ b/app/README.md
 Todo-App
 ========
+d
 This application represents the *deployable workload* for the
 [lecture assignment](https://github.com/lucendio/lecture-devops-material/blob/master/assignments/exercise.md). 

--- a/app/k8s-manifests/configmap.yaml
+++ b/app/k8s-manifests/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: app-config
-data:
-  PORT: 3000
-  # MONGODB_URL: mongo-service.namespace (from infra repo. Does this work? Or do I have to dynamically set it?)
-  MONGODB_URL: mongodb://<mongo-service>:27017/todo-app
--- a/k8s-manifests/configmap.yaml
+++ b/k8s-manifests/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: todo-app-config
+data:
+  PORT: 3000
+  # MONGODB_URL: mongodb://<mongo-service>:27017/todo-app
+  # mongodb-service.<namespace>?
+  MONGODB_URL: mongodb-service
--- a/app/k8s-manifests/deployment.yaml
+++ b/app/k8s-manifests/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: app-deployment
+  name: todo-app-deployment
  labels:
    app: todo-app
 spec:
@@ -24,8 +24,9 @@ spec:
        ports:
        - containerPort: 3000
          # imagePullPolicy: IfNotPresent
+        # env for mongodb username and pass?
        envFrom:
        - configMapRef:
-          name: app-config
+          name: todo-app-config
        - secretRef:
-          name: app-secrets
+          name: todo-app-secrets
--- a/app/registry-credentials.yaml
+++ b/app/registry-credentials.yaml
--- a/k8s-manifests/ingress.yaml
+++ b/k8s-manifests/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: todo-app-ingress
+  annotations:
+    kubernetes.io/ingress.class: "gce" # an external load-balancer
+    kubernetes.io/ingress.allow-http: "false" # disabling HTTP
+    kubernetes.io/ingress.global-static-ip-name: todoapp-ip # staging-todoapp-ip for staging
+    networking.gke.io/managed-certificates: todoapp-managed-cert # defined in the infrastructure repository
+spec:
+  # rules:
+  # - http:
+  #     paths:
+  #     - path: /*
+  #       pathType: ImplementationSpecific
+  #       backend:
+  #         serviceName: todo-app-service
+  #         servicePort: 80
+  defaultBackend:
+    service:
+      name: todo-app-service
+      port:
+        number: 8080
--- a/app/k8s-manifests/secrets.yaml
+++ b/app/k8s-manifests/secrets.yaml
 apiVersion: v1
 kind: Secret
 metadata:
-  name: app-secrets
+  name: todo-app-secrets
 type: Opaque
 data:
  JWT_SECRET: <jwt-secret in base64>
--- a/app/k8s-manifests/service.yaml
+++ b/app/k8s-manifests/service.yaml
@@ -2,12 +2,16 @@ apiVersion: v1
 kind: Service
 metadata:
  name: todo-app-service
+  annotations:
+    cloud.google.com/app-protocols: '{"https-port":"HTTPS","http-port":"HTTP"}'
 spec:
+  type: NodePort
  selector:
      app: todo-app
  ports:
-    - port: 8080
+    - name: https-port
+      port: 443
+      targetPort: 3000
+    - name: http-port
+      port: 8080
      targetPort: 3000
-      # port for external IP address (that you need to put in your browser)
-      # nodePort: 30000
-  # type: LoadBalancer