Merge pull request #182 from dod-ccpo/continuous-deployment

Set up continuous deployment
2018-08-17 10:49:45 -04:00 · 2018-08-17 10:49:45 -04:00 · 8e2ce6ccc7
commit 8e2ce6ccc7
parent d3315e8739 4578c2f1c8
4 changed files with 89 additions and 6 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,5 +1,6 @@
 sudo: required
 language: minimal
+dist: trusty
 services:
  - docker
 git:
@ -9,6 +10,7 @@ env:
    - PROD_IMAGE_NAME=atst-prod
    - TESTER_IMAGE1_NAME=atst-tester-nocrls
    - TESTER_IMAGE2_NAME=atst-tester
+    - GIT_SHA="$(git rev-parse --short HEAD)"
 cache:
  directories:
    - crl
@ -18,9 +20,10 @@ before_install:
  - sed -i 's/git@github.com:/https:\/\/github.com\//' .gitmodules
  # Manually initialize submodules
  - git submodule update --init --recursive
+install:
+  - curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.10.4/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/

 before_script:
-  - rm -rf ./crl/*
  - docker run -d --name postgres96 postgres:9.6-alpine
  - docker run -d --name redis redis:4.0.10-alpine
  - docker run --link postgres96:postgres96 --link redis:redis waisbrot/wait
@ -43,14 +46,13 @@ script:

 before_deploy:
  - docker build --tag "${PROD_IMAGE_NAME}" . -f deploy/docker/prod/Dockerfile
-  - git_sha="$(git rev-parse --short HEAD)"
-  - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${git_sha}"
+  - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
  - docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}"
  - docker images
  - docker push "${remote_image_name}"

 deploy:
  provider: script
-  script: echo "** Image push only for now... stay tuned! **"
+  script: deploy/kubernetes/atst-update-deploy.sh
  on:
    branch: master
--- a/deploy/kubernetes/atst-travis-deployer.yml
+++ b/deploy/kubernetes/atst-travis-deployer.yml
@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: atat-deployer
+  namespace: atat
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  namespace: atat
+  name: travis-deploy-role
+rules:
+- apiGroups: ["extensions", "apps"]
+  resources: ["deployments"]
+  verbs: ["get", "watch", "create", "update", "patch"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "create", "update", "patch"]
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "create", "update", "patch"]
+- apiGroups: ["extensions", "apps"]
+  resources: ["ingresses"]
+  verbs: ["get", "create", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: travis-role-binding
+  namespace: atat
+subjects:
+- kind: ServiceAccount
+  name: atat-deployer
+  namespace: atat
+roleRef:
+  kind: Role
+  name: travis-deploy-role
+  apiGroup: rbac.authorization.k8s.io
--- a/deploy/kubernetes/atst-update-deploy.sh
+++ b/deploy/kubernetes/atst-update-deploy.sh
@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+#
+# deploy/kubernetes/atst-update-deploy.sh: Updates the existing ATST deployment
+#                                          with a new source image
+
+set -o pipefail
+set -o errexit
+set -o nounset
+# set -o xtrace
+
+# Decode and save the K8S CA cert
+echo "${K8S_CA_CRT}" | base64 --decode -i > "${HOME}/k8s_ca.crt"
+
+# Setup the local kubectl client
+kubectl config set-context travis \
+    --cluster=atat-cluster \
+    --user=atat-deployer \
+    --namespace=atat
+
+kubectl config set-cluster atat-cluster \
+    --embed-certs=true \
+    --server="${K8S_ENDPOINT}"  \
+    --certificate-authority="${HOME}/k8s_ca.crt"
+
+kubectl config set-credentials atat-deployer --token=`echo ${K8S_USER_TOKEN} | base64 --decode`
+
+kubectl config use-context travis
+kubectl config current-context
+
+# Update the ATST deployment
+kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
+
+# Wait for deployment to finish
+kubectl -n atat rollout status deployment/atst
+
+# Remove the K8S CA file when the script exits
+function cleanup {
+    printf "Cleaning up...\n"
+    rm -vf "${HOME}/k8s_ca.crt"
+    printf "Cleaning done."
+}
+
+trap cleanup EXIT
--- a/deploy/kubernetes/atst.yml
+++ b/deploy/kubernetes/atst.yml
@ -24,10 +24,10 @@ spec:
        fsGroup: 101
      containers:
        - name: atst
-          image: registry.atat.codes:443/atst-prod:a1916b1
+          image: registry.atat.codes:443/atst-prod:23e5c04
          resources:
            requests:
-               memory: "2500Mi"
+               memory: "6000Mi"
          envFrom:
          - configMapRef:
              name: atst-envvars