pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #276 from dod-ccpo/circleci-cd

Browse Source 
CircleCI CD
This commit is contained in:
patricksmithdds
2018-10-16 11:37:09 -04:00
committed by GitHub
parent dee0479403 714569eda4
commit 38610d0e0a
8 changed files with 349 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
deploy/kubernetes/atst-check-deploy.sh Executable file
View File

@@ -0,0 +1,38 @@
#!/usr/bin/env bash
#
set -o pipefail
set -o errexit
set -o nounset
# Decode and save the K8S CA cert
echo "${K8S_CA_CRT}" | base64 -d - > "${HOME}/k8s_ca.crt"
# Setup the local kubectl client
kubectl config set-context travis \
--cluster=atat-cluster \
--user=atat-deployer \
--namespace=atat
kubectl config set-cluster atat-cluster \
--embed-certs=true \
--server="${K8S_ENDPOINT}" \
--certificate-authority="${HOME}/k8s_ca.crt"
kubectl config set-credentials atat-deployer --token="$(echo ${K8S_USER_TOKEN} | base64 -d -)"
kubectl config use-context travis
kubectl config current-context
echo
echo "Current ATST Deployment Details:"
kubectl -n atat get deployment.apps/atst -o yaml
# Remove the K8S CA file when the script exits
function cleanup {
printf "Cleaning up...\n"
rm -vf "${HOME}/k8s_ca.crt"
printf "Cleaning done."
}
trap cleanup EXIT

91
deploy/kubernetes/atst-debugger.yml
View File

@@ -1,14 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: atst-debugger
labels:
app: atst-debugger
name: atst-debugger-v1
namespace: atat
spec:
securityContext:
fsGroup: 101
containers:
- name: atst-debugger
image: registry.atat.codes:443/atst-prod:a1916b1
- name: atst
image: registry.atat.codes:443/atst-prod:6329f8e
args: ["/bin/bash", "-c", "while true; do date; sleep 45; done"]
envFrom:
- configMapRef:
@@ -17,19 +19,85 @@ spec:
- name: atst-config
mountPath: "/opt/atat/atst/atst-overrides.ini"
subPath: atst-overrides.ini
- name: nginx-client-ca-bundle
mountPath: "/opt/atat/atst/ssl/server-certs/ca-chain.pem"
subPath: client-ca-bundle.pem
- name: uwsgi-config
mountPath: "/opt/atat/atst/uwsgi-config.ini"
subPath: uwsgi-config.ini
- name: uwsgi-socket-dir
mountPath: "/var/run/uwsgi"
- name: atst-nginx
image: nginx:alpine
ports:
- containerPort: 8442
name: http
- containerPort: 8443
name: https
volumeMounts:
- name: nginx-auth-tls
mountPath: "/etc/ssl/private"
- name: nginx-client-ca-bundle
mountPath: "/etc/ssl/client-ca-bundle.pem"
subPath: client-ca-bundle.pem
- name: nginx-config
mountPath: "/etc/nginx/conf.d/atst.conf"
subPath: atst.conf
- name: nginx-dhparam
mountPath: "/etc/ssl/dhparam.pem"
subPath: dhparam.pem
- name: nginx-htpasswd
mountPath: "/etc/nginx/.htpasswd"
subPath: .htpasswd
- name: uwsgi-socket-dir
mountPath: "/var/run/uwsgi"
imagePullSecrets:
- name: regcred
volumes:
- name: atst-config
secret:
secretName: atst-config-ini
items:
- key: atst-overrides.ini
- key: override.ini
path: atst-overrides.ini
mode: 0644
- name: nginx-auth-tls
secret:
secretName: auth-atst-ingress-tls
items:
- key: tls.crt
path: auth.atat.crt
mode: 0644
- key: tls.key
path: auth.atat.key
mode: 0640
- name: nginx-client-ca-bundle
secret:
secretName: nginx-client-ca-bundle
items:
- key: client-ca-bundle.pem
path: client-ca-bundle.pem
mode: 0666
- name: nginx-config
configMap:
name: atst-nginx
items:
- key: nginx-config
path: atst.conf
- name: nginx-dhparam
secret:
secretName: dhparam-4096
items:
- key: dhparam.pem
path: dhparam.pem
mode: 0640
- name: nginx-htpasswd
secret:
secretName: atst-nginx-htpasswd
items:
- key: htpasswd
path: .htpasswd
mode: 0640
- name: uwsgi-config
configMap:
name: atst-config
@@ -41,3 +109,18 @@ spec:
emptyDir:
medium: Memory
restartPolicy: Never
---
apiVersion: v1
kind: Service
metadata:
labels:
app: atst-debugger
name: atst-debugger
namespace: atat
spec:
ports:
- name: http
port: 80
targetPort: 8442
selector:
app: atst-debugger

39
deploy/kubernetes/atst-update-deploy.sh
View File

@@ -8,8 +8,24 @@ set -o errexit
set -o nounset
# set -o xtrace
# Config
MAX_DEPLOY_WAIT='300'
if [ "${IMAGE_NAME}x" = "x" ]
then
IMAGE_NAME="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
fi
# Remove the K8S CA file when the script exits
function cleanup {
printf "Cleaning up...\n"
rm -vf "${HOME}/k8s_ca.crt"
printf "Cleaning done."
}
trap cleanup EXIT
# Decode and save the K8S CA cert
echo "${K8S_CA_CRT}" | base64 --decode -i > "${HOME}/k8s_ca.crt"
echo "${K8S_CA_CRT}" | base64 -d - > "${HOME}/k8s_ca.crt"
# Setup the local kubectl client
kubectl config set-context travis \
@@ -22,22 +38,19 @@ kubectl config set-cluster atat-cluster \
--server="${K8S_ENDPOINT}" \
--certificate-authority="${HOME}/k8s_ca.crt"
kubectl config set-credentials atat-deployer --token=`echo ${K8S_USER_TOKEN} | base64 --decode`
kubectl config set-credentials atat-deployer --token="$(echo ${K8S_USER_TOKEN} | base64 -d -)"
kubectl config use-context travis
kubectl config current-context
# Update the ATST deployment
kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
kubectl -n atat set image deployment.apps/atst atst="${IMAGE_NAME}"
# Wait for deployment to finish
kubectl -n atat rollout status deployment/atst
# Remove the K8S CA file when the script exits
function cleanup {
printf "Cleaning up...\n"
rm -vf "${HOME}/k8s_ca.crt"
printf "Cleaning done."
}
trap cleanup EXIT
if ! timeout -t "${MAX_DEPLOY_WAIT}" -s INT kubectl -n atat rollout status deployment/atst
then
# Deploy did not finish before max wait time; abort and rollback the deploy
kubectl -n atat rollout undo deployment/atst
# Exit with a non-zero return code
exit 2
fi