Use kustomize and envsubst to generalize k8s config.

Adds a [kustomize](https://github.com/kubernetes-sigs/kustomize) overlay for a new staging environment. Additionally, adds environment variables in the place of certain pieces of information that need to be templated. The K8s README ("deploy/README.md") has been updated to reflect the new method for applying config. This commit also removes the configuration for the AWS cluster and references to AWS in the README.
2019-11-06 11:19:30 -05:00
parent 3d92ac4840
commit 630469744a
24 changed files with 128 additions and 2246 deletions
--- a/deploy/azure/atst-nginx-configmap.yml
+++ b/deploy/azure/atst-nginx-configmap.yml
@@ -7,20 +7,20 @@ metadata:
 data:
  nginx-config: |-
    server {
-        listen 8342;
-        server_name azure.atat.code.mil;
+        listen ${PORT_PREFIX}342;
+        server_name ${MAIN_DOMAIN};
        return 301 https://$host$request_uri;
    }
    server {
-        listen 8343;
-        server_name auth-azure.atat.code.mil;
+        listen ${PORT_PREFIX}343;
+        server_name ${AUTH_DOMAIN};
        return 301 https://$host$request_uri;
    }
    server {
-        server_name azure.atat.code.mil;
+        server_name ${MAIN_DOMAIN};
        # access_log /var/log/nginx/access.log json;
-        listen 8442 ssl;
-        listen [::]:8442 ssl ipv6only=on;
+        listen ${PORT_PREFIX}442 ssl;
+        listen [::]:${PORT_PREFIX}442 ssl ipv6only=on;
        ssl_certificate /etc/ssl/private/atat.crt;
        ssl_certificate_key /etc/ssl/private/atat.key;
        location /login-redirect {
@@ -47,9 +47,9 @@ data:
    }
    server {
        # access_log /var/log/nginx/access.log json;
-        server_name auth-azure.atat.code.mil;
-        listen 8443 ssl;
-        listen [::]:8443 ssl ipv6only=on;
+        server_name ${AUTH_DOMAIN};
+        listen ${PORT_PREFIX}443 ssl;
+        listen [::]:${PORT_PREFIX}443 ssl ipv6only=on;
        ssl_certificate /etc/ssl/private/atat.crt;
        ssl_certificate_key /etc/ssl/private/atat.key;
        # Request and validate client certificate
--- a/deploy/azure/azure.yml
+++ b/deploy/azure/azure.yml
@@ -15,7 +15,7 @@ spec:
  selector:
    matchLabels:
      role: web
-  replicas: 1
+  replicas: 4
  strategy:
    type: RollingUpdate
  template:
@@ -28,7 +28,7 @@ spec:
        fsGroup: 101
      containers:
        - name: atst
-          image: pwatat.azurecr.io/atat:latest
+          image: $CONTAINER_IMAGE
          envFrom:
          - configMapRef:
              name: atst-envvars
@@ -133,7 +133,7 @@ spec:
  selector:
    matchLabels:
      role: worker
-  replicas: 1
+  replicas: 2
  strategy:
    type: RollingUpdate
  template:
@@ -146,7 +146,7 @@ spec:
        fsGroup: 101
      containers:
        - name: atst-worker
-          image: pwatat.azurecr.io/atat:latest
+          image: $CONTAINER_IMAGE
          args: [
            "/opt/atat/atst/.venv/bin/python",
            "/opt/atat/atst/.venv/bin/celery",
@@ -207,7 +207,7 @@ spec:
        fsGroup: 101
      containers:
        - name: atst-beat
-          image: pwatat.azurecr.io/atat:latest
+          image: $CONTAINER_IMAGE
          args: [
            "/opt/atat/atst/.venv/bin/python",
            "/opt/atat/atst/.venv/bin/celery",
--- a/deploy/azure/crls-sync.yaml
+++ b/deploy/azure/crls-sync.yaml
@@ -12,7 +12,7 @@ spec:
          restartPolicy: OnFailure
          containers:
          - name: crls
-            image: pwatat.azurecr.io/atat:latest
+            image: $CONTAINER_IMAGE
            command: [
              "/bin/sh", "-c"
            ]
--- a/deploy/azure/kustomization.yaml
+++ b/deploy/azure/kustomization.yaml
@@ -0,0 +1,11 @@
+namespace: atat
+resources:
+  - azure.yml
+  - atst-configmap.yml
+  - atst-envvars-configmap.yml
+  - atst-nginx-configmap.yml
+  - atst-worker-envvars-configmap.yml
+  - crls-sync.yaml
+  - pgsslrootcert.yml
+  - volume-claim.yml
+  - nginx-client-ca-bundle.yml
--- a/deploy/azure/storage-class.yml
+++ b/deploy/azure/storage-class.yml
@@ -32,15 +32,3 @@ subjects:
 - kind: ServiceAccount
  name: persistent-volume-binder
  namespace: kube-system
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: crls-vol-claim
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: azurefile
-  resources:
-    requests:
-      storage: 1Gi
--- a/deploy/azure/volume-claim.yml
+++ b/deploy/azure/volume-claim.yml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: crls-vol-claim
+  namespace: atat
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: azurefile
+  resources:
+    requests:
+      storage: 1Gi