pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #182 from dod-ccpo/continuous-deployment

Browse Source 
Set up continuous deployment
This commit is contained in:
patricksmithdds 2018-08-17 10:49:45 -04:00 committed by GitHub
commit 8e2ce6ccc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 89 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.travis.yml
View File

@ -1,5 +1,6 @@
sudo: required sudo: required
language: minimal language: minimal
dist: trusty
services: services:
- docker - docker
git: git:
@ -9,6 +10,7 @@ env:
- PROD_IMAGE_NAME=atst-prod - PROD_IMAGE_NAME=atst-prod
- TESTER_IMAGE1_NAME=atst-tester-nocrls - TESTER_IMAGE1_NAME=atst-tester-nocrls
- TESTER_IMAGE2_NAME=atst-tester - TESTER_IMAGE2_NAME=atst-tester
- GIT_SHA="$(git rev-parse --short HEAD)"
cache: cache:
directories: directories:
- crl - crl
@ -18,9 +20,10 @@ before_install:
- sed -i 's/git@github.com:/https:\/\/github.com\//' .gitmodules - sed -i 's/git@github.com:/https:\/\/github.com\//' .gitmodules
# Manually initialize submodules # Manually initialize submodules
- git submodule update --init --recursive - git submodule update --init --recursive
install:
- curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.10.4/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
before_script: before_script:
- rm -rf ./crl/*
- docker run -d --name postgres96 postgres:9.6-alpine - docker run -d --name postgres96 postgres:9.6-alpine
- docker run -d --name redis redis:4.0.10-alpine - docker run -d --name redis redis:4.0.10-alpine
- docker run --link postgres96:postgres96 --link redis:redis waisbrot/wait - docker run --link postgres96:postgres96 --link redis:redis waisbrot/wait
@ -43,14 +46,13 @@ script:
before_deploy: before_deploy:
- docker build --tag "${PROD_IMAGE_NAME}" . -f deploy/docker/prod/Dockerfile - docker build --tag "${PROD_IMAGE_NAME}" . -f deploy/docker/prod/Dockerfile
- git_sha="$(git rev-parse --short HEAD)" - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
- remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${git_sha}"
- docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}" - docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}"
- docker images - docker images
- docker push "${remote_image_name}" - docker push "${remote_image_name}"
deploy: deploy:
provider: script provider: script
script: echo "** Image push only for now... stay tuned! **" script: deploy/kubernetes/atst-update-deploy.sh
on: on:
branch: master branch: master

38
deploy/kubernetes/atst-travis-deployer.yml Normal file
View File

@ -0,0 +1,38 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: atat-deployer
namespace: atat
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: atat
name: travis-deploy-role
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["get", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "create", "update", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create", "update", "patch"]
- apiGroups: ["extensions", "apps"]
resources: ["ingresses"]
verbs: ["get", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: travis-role-binding
namespace: atat
subjects:
- kind: ServiceAccount
name: atat-deployer
namespace: atat
roleRef:
kind: Role
name: travis-deploy-role
apiGroup: rbac.authorization.k8s.io

43
deploy/kubernetes/atst-update-deploy.sh Executable file
View File

@ -0,0 +1,43 @@
#!/usr/bin/env bash
#
# deploy/kubernetes/atst-update-deploy.sh: Updates the existing ATST deployment
# with a new source image
set -o pipefail
set -o errexit
set -o nounset
# set -o xtrace
# Decode and save the K8S CA cert
echo "${K8S_CA_CRT}" | base64 --decode -i > "${HOME}/k8s_ca.crt"
# Setup the local kubectl client
kubectl config set-context travis \
--cluster=atat-cluster \
--user=atat-deployer \
--namespace=atat
kubectl config set-cluster atat-cluster \
--embed-certs=true \
--server="${K8S_ENDPOINT}" \
--certificate-authority="${HOME}/k8s_ca.crt"
kubectl config set-credentials atat-deployer --token=`echo ${K8S_USER_TOKEN} | base64 --decode`
kubectl config use-context travis
kubectl config current-context
# Update the ATST deployment
kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
# Wait for deployment to finish
kubectl -n atat rollout status deployment/atst
# Remove the K8S CA file when the script exits
function cleanup {
printf "Cleaning up...\n"
rm -vf "${HOME}/k8s_ca.crt"
printf "Cleaning done."
}
trap cleanup EXIT

4
deploy/kubernetes/atst.yml
View File

@ -24,10 +24,10 @@ spec:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst - name: atst
image: registry.atat.codes:443/atst-prod:a1916b1 image: registry.atat.codes:443/atst-prod:23e5c04
resources: resources:
requests: requests:
memory: "2500Mi" memory: "6000Mi"
envFrom: envFrom:
- configMapRef: - configMapRef:
name: atst-envvars name: atst-envvars