Merge lp:~ricardokirkner/isitdeployable/improve-makefile-config-templates into lp:isitdeployable
- improve-makefile-config-templates
- Merge into trunk
Proposed by
Ricardo Kirkner
| Status: | Merged |
|---|---|
| Approved by: | Ricardo Kirkner |
| Approved revision: | 275 |
| Merge reported by: | Otto Co-Pilot |
| Merged at revision: | not available |
| Proposed branch: | lp:~ricardokirkner/isitdeployable/improve-makefile-config-templates |
| Merge into: | lp:isitdeployable |
| Diff against target: |
768 lines (+241/-253) 15 files modified
Makefile.k8s (+67/-38) README.k8s (+7/-7) deployment/configmaps.yaml.tpl (+3/-3) deployment/deployments.yaml.tpl (+15/-16) deployment/dpa.k8s.crt (+0/-18) deployment/dpa.k8s.key (+0/-28) deployment/ingress.yaml.tpl (+2/-2) deployment/namespace.yaml.tpl (+2/-2) deployment/secrets.yaml.tpl (+2/-2) deployment/services-dev.yaml.tpl (+113/-0) deployment/services-dev.yml (+0/-105) deployment/services.yaml.tpl (+5/-5) envrc (+1/-0) envrc.mk (+24/-0) scripts/generate-config (+0/-27) |
| To merge this branch: | bzr merge lp:~ricardokirkner/isitdeployable/improve-makefile-config-templates |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Colin Watson (community) | Approve | ||
|
Review via email:
|
|||
Commit message
better config rendering from templates
- simplified rendering of templates
- deleted no longer necessary files (crt/key)
- separate environment variables definition from makefile
- automatically create namespace before deploying dev services
Description of the change
To post a comment you must log in.
- 273. By Ricardo Kirkner
-
update configmaps template
- 274. By Ricardo Kirkner
-
apply quoting to exported env vars
- 275. By Ricardo Kirkner
-
make envrc the default target
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'Makefile.k8s' |
| 2 | --- Makefile.k8s 2017-09-12 18:18:08 +0000 |
| 3 | +++ Makefile.k8s 2017-10-19 17:13:30 +0000 |
| 4 | @@ -1,22 +1,17 @@ |
| 5 | KUBECONFIG ?= $(HOME)/.kube/config |
| 6 | KUBECTL = kubectl --kubeconfig=$(KUBECONFIG) --insecure-skip-tls-verify=true |
| 7 | +REGISTRY_CONFIG = deployment/registry.yaml |
| 8 | |
| 9 | -DOCKER_REGISTRY ?= localhost:5000 |
| 10 | -REGISTRY_CONFIG = deployment/registry.yml |
| 11 | IMAGE_NAME ?= isitdeployable |
| 12 | IMAGE_TAG ?= $(shell bzr version-info --custom --template={branch_nick}-{revno}) |
| 13 | -NAMESPACE ?= isitdeployable |
| 14 | -DB_EXTERNAL_NAME ?= db.default.svc.cluster.local |
| 15 | -AMQP_EXTERNAL_NAME ?= amqp.default.svc.cluster.local |
| 16 | - |
| 17 | -DOMAIN ?= dpa.k8s |
| 18 | -TLS_CRT ?= $(shell cat deployment/$(DOMAIN).crt | base64 -w0) |
| 19 | -TLS_KEY ?= $(shell cat deployment/$(DOMAIN).key | base64 -w0) |
| 20 | |
| 21 | HTTP_PROXY ?= $(http_proxy) |
| 22 | HTTPS_PROXY ?= $(https_proxy) |
| 23 | NO_PROXY ?= $(no_proxy) |
| 24 | |
| 25 | +# automatically source environment variables |
| 26 | +include envrc.mk |
| 27 | + |
| 28 | # public targets |
| 29 | |
| 30 | k8s-bootstrap: $(ENV) fetch-sourcedeps ## Bootstrap k8s environment |
| 31 | @@ -30,6 +25,7 @@ |
| 32 | $(KUBECTL) --namespace kube-system port-forward $(REGISTRY_POD) 5000:5000 |
| 33 | |
| 34 | k8s-build: fetch-sourcedeps ## Build container image |
| 35 | + @$(check-env-vars) |
| 36 | @echo 'Building image on:' $(shell lsb_release -cs) |
| 37 | @echo 'Building image using docker version:' $(shell docker version -f "Server: {{.Server.Version}} Client: {{.Client.Version}}") |
| 38 | $(eval BUILD_ARGS = --label revision="$(shell bzr revno)") |
| 39 | @@ -45,10 +41,14 @@ |
| 40 | docker build $(BUILD_ARGS) -t $(IMAGE_NAME):$(IMAGE_TAG) . |
| 41 | |
| 42 | k8s-upload: ## Upload image to registry |
| 43 | + @$(check-env-vars) |
| 44 | docker tag $(IMAGE_NAME):$(IMAGE_TAG) $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) |
| 45 | docker push $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) |
| 46 | |
| 47 | -k8s-render-templates: $(shell find deployment -name *.yml.j2 -printf 'tmp/%f\n' | sed -e 's/.j2//g') |
| 48 | +k8s-render-config: $(shell find deployment -name '*.yaml.tpl' -printf 'tmp/%f\n' | sed -e 's/.tpl//g') |
| 49 | + |
| 50 | +k8s-clean-config: |
| 51 | + rm -f tmp/*.yaml |
| 52 | |
| 53 | k8s-deploy-all: ## Deploy isitdeployable full stack (PRODUCTION) |
| 54 | $(MAKE) k8s-deploy-namespace |
| 55 | @@ -58,50 +58,79 @@ |
| 56 | $(MAKE) k8s-deploy-app |
| 57 | $(MAKE) k8s-deploy-firewall |
| 58 | |
| 59 | -k8s-deploy-namespace: k8s-render-templates ## Deploy namespace for isitdeployable (PRODUCTION) |
| 60 | - $(KUBECTL) create -f tmp/namespace.yml || true |
| 61 | +k8s-deploy-namespace: k8s-render-config ## Deploy namespace for isitdeployable (PRODUCTION) |
| 62 | + $(KUBECTL) create -f tmp/namespace.yaml || true |
| 63 | |
| 64 | -k8s-deploy-config: k8s-render-templates ## Deploy configuration for isitdeployable (PRODUCTION) |
| 65 | - $(KUBECTL) create -f tmp/configmaps.yml || true |
| 66 | +k8s-deploy-config: k8s-render-config ## Deploy configuration for isitdeployable (PRODUCTION) |
| 67 | + $(KUBECTL) create -f tmp/configmaps.yaml || true |
| 68 | |
| 69 | k8s-deploy-registry-secret: k8s-deploy-namespace ## Deploy secret for registry access into isitdeployable namespace (PRODUCTION) |
| 70 | + @$(check-env-vars) |
| 71 | $(KUBECTL) get secret registry-access -o yaml | sed 's/default/$(NAMESPACE)/g' | kubectl -n $(NAMESPACE) create -f - || true |
| 72 | |
| 73 | -k8s-deploy-services: k8s-render-templates ## Deploy isitdeployable supporting services (PRODUCTION) |
| 74 | - $(KUBECTL) create -f tmp/services.yml || true |
| 75 | +k8s-deploy-services: k8s-render-config ## Deploy isitdeployable supporting services (PRODUCTION) |
| 76 | + $(KUBECTL) create -f tmp/services.yaml || true |
| 77 | |
| 78 | -k8s-deploy-app: k8s-render-templates ## Deploy isitdeployable app |
| 79 | - $(KUBECTL) create --record -f tmp/secrets.yml -f tmp/deployments.yml || true |
| 80 | +k8s-deploy-app: k8s-render-config ## Deploy isitdeployable app |
| 81 | + @$(check-env-vars) |
| 82 | + $(KUBECTL) create --record -f tmp/secrets.yaml -f tmp/deployments.yaml || true |
| 83 | $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/app |
| 84 | |
| 85 | -k8s-deploy-firewall: k8s-render-templates ## Deploy ingress rules |
| 86 | - $(KUBECTL) create -f tmp/ingress.yml || true |
| 87 | +k8s-deploy-firewall: k8s-render-config ## Deploy ingress rules |
| 88 | + $(KUBECTL) create -f tmp/ingress.yaml || true |
| 89 | |
| 90 | k8s-update-app: ## Update isitdeployable app |
| 91 | + @$(check-env-vars) |
| 92 | $(KUBECTL) --namespace $(NAMESPACE) set image deployment/app app=$(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) worker=$(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) |
| 93 | $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/app |
| 94 | |
| 95 | -k8s-deploy-all-dev: k8s-render-templates ## Deploy isitdeployable full stack for development |
| 96 | +k8s-deploy-all-dev: k8s-render-config ## Deploy isitdeployable full stack for development |
| 97 | + $(MAKE) k8s-deploy-namespace |
| 98 | $(MAKE) k8s-deploy-services-dev |
| 99 | $(MAKE) k8s-deploy-all |
| 100 | |
| 101 | -k8s-deploy-services-dev: k8s-render-templates ## Deploy isitdeployable supporting services for development |
| 102 | - $(KUBECTL) create -f deployment/services-dev.yml || true |
| 103 | - $(KUBECTL) rollout status deployment/db |
| 104 | - $(KUBECTL) rollout status deployment/amqp |
| 105 | +k8s-deploy-services-dev: k8s-render-config ## Deploy isitdeployable supporting services for development |
| 106 | + @$(check-env-vars) |
| 107 | + $(KUBECTL) create -f tmp/services-dev.yaml || true |
| 108 | + $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/db |
| 109 | + $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/amqp |
| 110 | |
| 111 | # helper targets |
| 112 | |
| 113 | -tmp/%.yml: deployment/%.yml.j2 |
| 114 | - $(MAKE) generate-config K8S_CONFIG=$@ K8S_CONFIG_TEMPLATE=$< |
| 115 | - |
| 116 | -generate-config: |
| 117 | - IMAGE_NAME="$(IMAGE_NAME)" IMAGE_TAG="$(IMAGE_TAG)" \ |
| 118 | - DOCKER_REGISTRY="$(DOCKER_REGISTRY)" \ |
| 119 | - BUILD_REVISION="$(shell docker inspect -f '{{ .Config.Labels.revision }}' $(DOCKER_REGISTRY):$(IMAGE_NAME):$(IMAGE_TAG))" \ |
| 120 | - NAMESPACE=$(NAMESPACE) \ |
| 121 | - DB_EXTERNAL_NAME=$(DB_EXTERNAL_NAME) \ |
| 122 | - AMQP_EXTERNAL_NAME=$(AMQP_EXTERNAL_NAME) \ |
| 123 | - DOMAIN="$(DOMAIN)" TLS_CRT="$(TLS_CRT)" TLS_KEY="$(TLS_KEY)" \ |
| 124 | - LP_BOT="$(shell bzr lp-login)" \ |
| 125 | - python scripts/generate-config $(K8S_CONFIG_TEMPLATE) > $(K8S_CONFIG) |
| 126 | +tmp/%.yaml: deployment/%.yaml.tpl |
| 127 | + $(MAKE) render-template SRC=$< DST=$@ |
| 128 | + |
| 129 | +render-template: |
| 130 | + @$(check-env-vars) |
| 131 | + @$(eval REVISION=$(shell docker inspect -f '{{.Config.Labels.revision}}' $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG))) |
| 132 | + @REVISION=$(REVISION) IMAGE_NAME=$(IMAGE_NAME) IMAGE_TAG=$(IMAGE_TAG) envsubst < $(SRC) > $(DST) |
| 133 | + |
| 134 | +# defines |
| 135 | + |
| 136 | +define check-env-vars |
| 137 | + if test -z "$(NAMESPACE)"; then \ |
| 138 | + echo "NAMESPACE variable not defined; aborting."; \ |
| 139 | + exit 1; \ |
| 140 | + elif test -z "$(DOMAIN)"; then \ |
| 141 | + echo "DOMAIN variable not defined; aborting."; \ |
| 142 | + exit 1; \ |
| 143 | + elif test -z "$(DB_EXTERNAL_NAME)"; then \ |
| 144 | + echo "DB_EXTERNAL_NAME variable not defined; aborting."; \ |
| 145 | + exit 1; \ |
| 146 | + elif test -z "$(AMQP_EXTERNAL_NAME)"; then \ |
| 147 | + echo "AMQP_EXTERNAL_NAME variable not defined; aborting."; \ |
| 148 | + exit 1; \ |
| 149 | + elif test -z "$(DOCKER_REGISTRY)"; then \ |
| 150 | + echo "DOCKER_REGISTRY variable not defined; aborting."; \ |
| 151 | + exit 1; \ |
| 152 | + elif test -z "$(IMAGE_NAME)"; then \ |
| 153 | + echo "IMAGE_NAME variable not defined; aborting."; \ |
| 154 | + exit 1; \ |
| 155 | + elif test -z "$(IMAGE_TAG)"; then \ |
| 156 | + echo "IMAGE_TAG variable not defined; aborting."; \ |
| 157 | + exit 1; \ |
| 158 | + elif test -z "$(LP_BOT)"; then \ |
| 159 | + echo "LP_BOT variable not defined; aborting."; \ |
| 160 | + exit 1; \ |
| 161 | + fi |
| 162 | +endef |
| 163 | |
| 164 | === modified file 'README.k8s' |
| 165 | --- README.k8s 2017-08-31 15:05:26 +0000 |
| 166 | +++ README.k8s 2017-10-19 17:13:30 +0000 |
| 167 | @@ -77,7 +77,7 @@ |
| 168 | |
| 169 | $ make k8s-deploy-all-dev |
| 170 | [...] |
| 171 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services-dev.yml |
| 172 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services-dev.yaml |
| 173 | deployment "amqp" created |
| 174 | service "amqp" created |
| 175 | persistentvolumeclaim "db-data" created |
| 176 | @@ -90,13 +90,13 @@ |
| 177 | kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true rollout status deployment/amqp |
| 178 | deployment "amqp" successfully rolled out |
| 179 | [...] |
| 180 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/configmaps.yml |
| 181 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/configmaps.yaml |
| 182 | configmap "app" created |
| 183 | [...] |
| 184 | -kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services.yml |
| 185 | +kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services.yaml |
| 186 | service "app" created |
| 187 | [...] |
| 188 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create --record -f secrets.yml -f /tmp/deployments.yml |
| 189 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create --record -f secrets.yaml -f /tmp/deployments.yaml |
| 190 | secret "app" created |
| 191 | deployment "app" created |
| 192 | kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true rollout status deployment/app |
| 193 | @@ -104,7 +104,7 @@ |
| 194 | Waiting for rollout to finish: 1 of 2 updated replicas are available... |
| 195 | deployment "app" successfully rolled out |
| 196 | [...] |
| 197 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/ingress.yml |
| 198 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/ingress.yaml |
| 199 | ingress "app" created |
| 200 | secret "dpa.k8s" created |
| 201 | [...] |
| 202 | @@ -140,9 +140,9 @@ |
| 203 | ------- |
| 204 | |
| 205 | The files used by kubectl to trigger deployments are generated from the templates in the `deployment` directory. |
| 206 | -See the Makefile targets handling these .yml files. |
| 207 | +See the Makefile targets handling these .yaml files. |
| 208 | |
| 209 | -Two important parts of these .yml files are at the bottom: the ingress object and the secret object. |
| 210 | +Two important parts of these .yaml files are at the bottom: the ingress object and the secret object. |
| 211 | The secret object contains a .crt and a .key file both currently self-signed and base64'ed. |
| 212 | They relate to a ingress rule that says which DNS record (which domain) will use them. |
| 213 | By default this is dpa.k8s. |
| 214 | |
| 215 | === renamed file 'deployment/configmaps.yml.j2' => 'deployment/configmaps.yaml.tpl' |
| 216 | --- deployment/configmaps.yml.j2 2017-09-08 12:44:47 +0000 |
| 217 | +++ deployment/configmaps.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 218 | @@ -2,13 +2,13 @@ |
| 219 | kind: ConfigMap |
| 220 | metadata: |
| 221 | name: app |
| 222 | - namespace: {{ NAMESPACE }} |
| 223 | + namespace: ${NAMESPACE} |
| 224 | data: |
| 225 | ADMINAUDIT_EMAILS_RECIPIENTS: "[]" |
| 226 | - ALLOWED_HOSTS: '["{{ DOMAIN }}", "dpa-app"]' |
| 227 | + ALLOWED_HOSTS: "['${DOMAIN}', 'dpa-app']" |
| 228 | BRANCH_CACHE_DIR: "tmp/branches" |
| 229 | GIT_SSH_DEFAULT_PORT: "9422" |
| 230 | - GIT_SSH_DEFAULT_USERNAME: "" |
| 231 | + GIT_SSH_DEFAULT_USERNAME: "${LP_BOT}" |
| 232 | METRICS_PREFIX: "" |
| 233 | METRICS_TARGET: "" |
| 234 | OOPS_REPORTER: "DEFAULT" |
| 235 | |
| 236 | === renamed file 'deployment/deployments.yml.j2' => 'deployment/deployments.yaml.tpl' |
| 237 | --- deployment/deployments.yml.j2 2017-10-18 20:19:33 +0000 |
| 238 | +++ deployment/deployments.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 239 | @@ -3,28 +3,27 @@ |
| 240 | metadata: |
| 241 | labels: |
| 242 | app: app |
| 243 | - revision: {{ BUILD_REVISION }} |
| 244 | + revision: "${REVISION}" |
| 245 | name: app |
| 246 | - namespace: {{ NAMESPACE }} |
| 247 | + namespace: ${NAMESPACE} |
| 248 | spec: |
| 249 | replicas: 2 |
| 250 | revisionHistoryLimit: 2 |
| 251 | strategy: |
| 252 | type: RollingUpdate |
| 253 | rollingUpdate: |
| 254 | - maxSurge: 0 |
| 255 | - maxUnavailable: 1 |
| 256 | + maxSurge: 1 |
| 257 | + maxUnavailable: 0 |
| 258 | minReadySeconds: 5 |
| 259 | selector: |
| 260 | matchLabels: |
| 261 | app: app |
| 262 | - revision: {{ BUILD_REVISION }} |
| 263 | template: |
| 264 | metadata: |
| 265 | - namespace: {{ NAMESPACE }} |
| 266 | + namespace: ${NAMESPACE} |
| 267 | labels: |
| 268 | app: app |
| 269 | - revision: {{ BUILD_REVISION }} |
| 270 | + revision: "${REVISION}" |
| 271 | spec: |
| 272 | imagePullSecrets: |
| 273 | - name: registry-access |
| 274 | @@ -41,12 +40,8 @@ |
| 275 | mode: 0644 |
| 276 | initContainers: |
| 277 | - name: migrate-db |
| 278 | - image: {{ DOCKER_REGISTRY }}/{{ IMAGE_NAME }}:{{ IMAGE_TAG }} |
| 279 | + image: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} |
| 280 | imagePullPolicy: Always |
| 281 | - volumeMounts: |
| 282 | - - name: ssh-config |
| 283 | - readOnly: true |
| 284 | - mountPath: /home/ubuntu/.ssh |
| 285 | env: |
| 286 | # config |
| 287 | - name: DJANGO_SETTINGS_MODULE |
| 288 | @@ -70,14 +65,18 @@ |
| 289 | command: ["make", "app-update-db"] |
| 290 | containers: |
| 291 | - name: app |
| 292 | - image: {{ DOCKER_REGISTRY }}/{{ IMAGE_NAME }}:{{ IMAGE_TAG }} |
| 293 | + image: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} |
| 294 | imagePullPolicy: Always |
| 295 | readinessProbe: |
| 296 | httpGet: |
| 297 | port: 8000 |
| 298 | path: /_status/ping |
| 299 | + httpHeaders: |
| 300 | + - name: Host |
| 301 | + value: ${DOMAIN} |
| 302 | initialDelaySeconds: 5 |
| 303 | - periodSeconds: 1 |
| 304 | + periodSeconds: 10 |
| 305 | + timeoutSeconds: 5 |
| 306 | ports: |
| 307 | - containerPort: 8000 |
| 308 | protocol: TCP |
| 309 | @@ -166,7 +165,7 @@ |
| 310 | name: app |
| 311 | key: SECRET_KEY |
| 312 | - name: worker |
| 313 | - image: {{ DOCKER_REGISTRY }}/{{ IMAGE_NAME }}:{{ IMAGE_TAG }} |
| 314 | + image: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} |
| 315 | imagePullPolicy: Always |
| 316 | volumeMounts: |
| 317 | - name: ssh-config |
| 318 | @@ -259,7 +258,7 @@ |
| 319 | command: ["/bin/sh", "-c", "mkdir -p ~/.ssh && \ |
| 320 | ln -sf ~/.secrets/ssh-config/id_rsa ~/.ssh/id_rsa && \ |
| 321 | ln -sf ~/.secrets/ssh-config/id_rsa.pub ~/.ssh/id_rsa.pub && \ |
| 322 | - /usr/src/app/scripts/setup-bzr {{ LP_BOT }}"] |
| 323 | + /usr/src/app/scripts/setup-bzr ${LP_BOT}"] |
| 324 | securityContext: |
| 325 | runAsNonRoot: true |
| 326 | runAsUser: 1000 |
| 327 | |
| 328 | === removed file 'deployment/dpa.k8s.crt' |
| 329 | --- deployment/dpa.k8s.crt 2017-07-31 17:22:13 +0000 |
| 330 | +++ deployment/dpa.k8s.crt 1970-01-01 00:00:00 +0000 |
| 331 | @@ -1,18 +0,0 @@ |
| 332 | ------BEGIN CERTIFICATE----- |
| 333 | -MIIC9zCCAd+gAwIBAgIJAIrLU+VQJq3pMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV |
| 334 | -BAMMB2RwYS5rOHMwHhcNMTcwNzMxMTIwMTIwWhcNMTgwNzMxMTIwMTIwWjASMRAw |
| 335 | -DgYDVQQDDAdkcGEuazhzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA |
| 336 | -mL0iObnJePe4XF9Dyl/X0boLtcWDGzf5ol6mKjWYe4RTlmUvPcwPBF4U/rMe/o4c |
| 337 | -fKDZMUrR0ZqYDuZfjD0fL/cJ/6Z11L3Bbt2kDHg/+Mk5Ez72YRrFSylEopPBAN1E |
| 338 | -89fSDhfWedgg7RmaV/9AaCD34mK3BMS1yvlX5utLY+sTOUMZhINzuNt1fKgQiVmF |
| 339 | -Sv20lHvNh8aRUn2YVvDYsG9hLYBRT6oemxKTGoecnhAUpu2FjMLgrftDYwLl1jc8 |
| 340 | -w5JBQpyFxvT1NjEIF/3nTgrb/qaXmY2//fdYdZ82ERFwZsQCKK/voJZIf1NAmGge |
| 341 | -bwle8oe47nfJKlfMXjl/GQIDAQABo1AwTjAdBgNVHQ4EFgQUAfgwyLQvF5ZaRW3m |
| 342 | -rNGwA4gmpukwHwYDVR0jBBgwFoAUAfgwyLQvF5ZaRW3mrNGwA4gmpukwDAYDVR0T |
| 343 | -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV0lbypxz90lYQuGSQwLj9KvgBPoi |
| 344 | -GOoxG2yAd7s0MQ8wLBYUcrUX/e/ol6yIJI1kRqBNhjx2DWXZtc1PD8SNJenjRdwS |
| 345 | -rOLZyDFX96QKp74S81OIHDD+iFSKhIyNTlj/d7Lb+VT0JFjuLIWemVSO9vctovtx |
| 346 | -z3p3c60j+KfOjhy6OMGNJCojJIkkih5cA3PCAeuxHBxaH7wBIxZk18UJaNmpnQgx |
| 347 | -dwCwKqrCbuIEjvOf6HhNXpLtZZDoXg5qvzXGyxxvvPIuw1kHTbzvAWX03Luphoc+ |
| 348 | -RCaiZVQC5xAVBWvzM636QIfR3NLA/asDxuDyrf++AeJm4aRI2pUXaO0owQ== |
| 349 | ------END CERTIFICATE----- |
| 350 | |
| 351 | === removed file 'deployment/dpa.k8s.key' |
| 352 | --- deployment/dpa.k8s.key 2017-07-31 17:22:13 +0000 |
| 353 | +++ deployment/dpa.k8s.key 1970-01-01 00:00:00 +0000 |
| 354 | @@ -1,28 +0,0 @@ |
| 355 | ------BEGIN PRIVATE KEY----- |
| 356 | -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCYvSI5ucl497hc |
| 357 | -X0PKX9fRugu1xYMbN/miXqYqNZh7hFOWZS89zA8EXhT+sx7+jhx8oNkxStHRmpgO |
| 358 | -5l+MPR8v9wn/pnXUvcFu3aQMeD/4yTkTPvZhGsVLKUSik8EA3UTz19IOF9Z52CDt |
| 359 | -GZpX/0BoIPfiYrcExLXK+Vfm60tj6xM5QxmEg3O423V8qBCJWYVK/bSUe82HxpFS |
| 360 | -fZhW8Niwb2EtgFFPqh6bEpMah5yeEBSm7YWMwuCt+0NjAuXWNzzDkkFCnIXG9PU2 |
| 361 | -MQgX/edOCtv+ppeZjb/991h1nzYREXBmxAIor++glkh/U0CYaB5vCV7yh7jud8kq |
| 362 | -V8xeOX8ZAgMBAAECggEAUORSPQpVVrizrlBR4dtyvMNwsjtB3Wd+0WyZSl+KO1hw |
| 363 | -wIUkSPFKvsBpFB+feaegFK1HeiCrEPx0Lef6kJZKbyfB5uCtJRe+W04NNQF2t/cy |
| 364 | -QCwnZnQ8KztW+1ePbzrA6vfRat9bGrrJbWkS4inwXXWgcwhe76qSsUXvNQBGtEqZ |
| 365 | -LdYy1UP3Q7jZGSIp2rzm5XCaovKzbD+eAMh5cOBYHMB9erzWHJwBJpr5pvVxora3 |
| 366 | -t0ZA4vWjjNFlM13vqnnymqpaebKVOSVrPXzW3xLmPVFVP0sp3UZTNcI6nalGNbT3 |
| 367 | -yw4V54blZjFqG7eQok9gGO2YDbL8K4FcPiEYbRuGgQKBgQDJYuZP7VwwH+dD9y19 |
| 368 | -zic5DbKwFx9xtHZnx7kuKyKq7C5Xx461ZgSscvZhmraDXSSnNG73gZIv+tb9hIzR |
| 369 | -V1y3aej2zVPdn2E8uJ5f0RFZAK4iIcJLKJrUX55Nz9zhnEw1QJjEVW2+ThdBZ1Ix |
| 370 | -9aPUs9PvoIj/KCM51I7wzYGbkQKBgQDCKOoz00YAbhuvDAmX+7/lvtWkO+KQAhxv |
| 371 | -bi0FdkOEdXS7C6Ju2CwvcJbc0gZNSY+t3amEP1Eu87r022ggCu03rFW1nFCq12CX |
| 372 | -EKCOxdhft1w4ZsxCpKaI9jezedpYiPTHJTYCm/y6z3C9KsUke7hflyEo0I9oFhQv |
| 373 | -/KuFUiEXCQKBgQDH2ZKvbOEYjQCHLSuC9mtsLhDOuROmVi1OziASFhKARoOy7sHL |
| 374 | -eKNYs3mX4N4QvQVbvSgGDRqS7L4ftkO8l5LWHY9oJNl+TOVFSf05HxO1HHyyOIhE |
| 375 | -59XGveEuXQJZDi9+hU1VQWX3/i0L5cnm9FsSASdoXQq3FBDpGeyEQZzGUQKBgDe8 |
| 376 | -QQbhhj3HXeERBov/c6XC81cy7aXDRWBjcz8XJOiYQwsSmu1Q1tZDbrsy+yYikMEr |
| 377 | -WWciOe7NfoSdmzVfjZsmuG/q0GlKbGrRFhYGC0fmve1e7RHQbBHzBChcOWai4gls |
| 378 | -0CVNm+4QcF+NMIx5i4K9QoKR5CjP9bmUwbQC0IbpAoGAZXKTFey67ODrfgXfst4s |
| 379 | -w/ZB/LD9n+5ycwAvgP6RwH0sWsObpN3GI5V4ibDTxX16lXf+BHbf+qFxAZ8Ec/M5 |
| 380 | -EFY5HkOEBICV7EBzJFBalFVRbb1/esNCQzMxcUlmsTJW0+9i3yT64gpK6mBam/LW |
| 381 | -VYrB6/uyKXre1BShf3xC6AA= |
| 382 | ------END PRIVATE KEY----- |
| 383 | |
| 384 | === renamed file 'deployment/ingress.yml.j2' => 'deployment/ingress.yaml.tpl' |
| 385 | --- deployment/ingress.yml.j2 2017-08-31 12:09:44 +0000 |
| 386 | +++ deployment/ingress.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 387 | @@ -2,12 +2,12 @@ |
| 388 | kind: Ingress |
| 389 | metadata: |
| 390 | name: app |
| 391 | - namespace: {{ NAMESPACE }} |
| 392 | + namespace: ${NAMESPACE} |
| 393 | annotations: |
| 394 | ingress.kubernetes.io/rewrite-target: / |
| 395 | spec: |
| 396 | rules: |
| 397 | - - host: {{ DOMAIN }} |
| 398 | + - host: ${DOMAIN} |
| 399 | http: |
| 400 | paths: |
| 401 | - path: / |
| 402 | |
| 403 | === renamed file 'deployment/namespace.yml.j2' => 'deployment/namespace.yaml.tpl' |
| 404 | --- deployment/namespace.yml.j2 2017-08-14 12:29:47 +0000 |
| 405 | +++ deployment/namespace.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 406 | @@ -1,6 +1,6 @@ |
| 407 | apiVersion: v1 |
| 408 | kind: Namespace |
| 409 | metadata: |
| 410 | - name: {{ NAMESPACE }} |
| 411 | + name: ${NAMESPACE} |
| 412 | labels: |
| 413 | - name: {{ NAMESPACE }} |
| 414 | + name: ${NAMESPACE} |
| 415 | |
| 416 | === renamed file 'deployment/registry.yml' => 'deployment/registry.yaml' |
| 417 | === renamed file 'deployment/secrets.yml.j2' => 'deployment/secrets.yaml.tpl' |
| 418 | --- deployment/secrets.yml.j2 2017-08-31 15:05:26 +0000 |
| 419 | +++ deployment/secrets.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 420 | @@ -2,7 +2,7 @@ |
| 421 | kind: Secret |
| 422 | metadata: |
| 423 | name: app |
| 424 | - namespace: {{ NAMESPACE }} |
| 425 | + namespace: ${NAMESPACE} |
| 426 | type: Opaque |
| 427 | data: |
| 428 | CELERY_BROKER_URL: YW1xcDovL2FtcXA= |
| 429 | @@ -15,7 +15,7 @@ |
| 430 | kind: Secret |
| 431 | metadata: |
| 432 | name: ssh-config |
| 433 | - namespace: {{ NAMESPACE }} |
| 434 | + namespace: ${NAMESPACE} |
| 435 | type: Opaque |
| 436 | data: |
| 437 | id_rsa: Cg== |
| 438 | |
| 439 | === added file 'deployment/services-dev.yaml.tpl' |
| 440 | --- deployment/services-dev.yaml.tpl 1970-01-01 00:00:00 +0000 |
| 441 | +++ deployment/services-dev.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 442 | @@ -0,0 +1,113 @@ |
| 443 | +################ |
| 444 | +# AMQP Service # |
| 445 | +################ |
| 446 | +kind: Deployment |
| 447 | +apiVersion: extensions/v1beta1 |
| 448 | +metadata: |
| 449 | + labels: |
| 450 | + app: amqp |
| 451 | + name: amqp |
| 452 | + namespace: ${NAMESPACE} |
| 453 | +spec: |
| 454 | + replicas: 1 |
| 455 | + revisionHistoryLimit: 2 |
| 456 | + selector: |
| 457 | + matchLabels: |
| 458 | + app: amqp |
| 459 | + template: |
| 460 | + metadata: |
| 461 | + labels: |
| 462 | + app: amqp |
| 463 | + namespace: ${NAMESPACE} |
| 464 | + spec: |
| 465 | + containers: |
| 466 | + - name: amqp |
| 467 | + image: rabbitmq |
| 468 | +--- |
| 469 | +kind: Service |
| 470 | +apiVersion: v1 |
| 471 | +metadata: |
| 472 | + labels: |
| 473 | + app: amqp |
| 474 | + name: amqp |
| 475 | + namespace: ${NAMESPACE} |
| 476 | +spec: |
| 477 | + ports: |
| 478 | + - port: 5672 |
| 479 | + protocol: TCP |
| 480 | + targetPort: 5672 |
| 481 | + selector: |
| 482 | + app: amqp |
| 483 | +--- |
| 484 | +###################### |
| 485 | +# PostgreSQL Service # |
| 486 | +###################### |
| 487 | +kind: PersistentVolumeClaim |
| 488 | +apiVersion: v1 |
| 489 | +metadata: |
| 490 | + name: db-data |
| 491 | + namespace: ${NAMESPACE} |
| 492 | +spec: |
| 493 | + accessModes: |
| 494 | + - ReadWriteOnce |
| 495 | + resources: |
| 496 | + requests: |
| 497 | + storage: 5Gi |
| 498 | +--- |
| 499 | +kind: PersistentVolume |
| 500 | +apiVersion: v1 |
| 501 | +metadata: |
| 502 | + name: pv0001 |
| 503 | + namespace: ${NAMESPACE} |
| 504 | +spec: |
| 505 | + accessModes: |
| 506 | + - ReadWriteOnce |
| 507 | + capacity: |
| 508 | + storage: 5Gi |
| 509 | + hostPath: |
| 510 | + path: /data/pv0001/ |
| 511 | +--- |
| 512 | +kind: Deployment |
| 513 | +apiVersion: extensions/v1beta1 |
| 514 | +metadata: |
| 515 | + labels: |
| 516 | + app: db |
| 517 | + name: db |
| 518 | + namespace: ${NAMESPACE} |
| 519 | +spec: |
| 520 | + replicas: 1 |
| 521 | + revisionHistoryLimit: 2 |
| 522 | + selector: |
| 523 | + matchLabels: |
| 524 | + app: db |
| 525 | + template: |
| 526 | + metadata: |
| 527 | + labels: |
| 528 | + app: db |
| 529 | + namespace: ${NAMESPACE} |
| 530 | + spec: |
| 531 | + containers: |
| 532 | + - name: postgres |
| 533 | + image: postgres:9.5 |
| 534 | + volumeMounts: |
| 535 | + - name: postgresdata |
| 536 | + mountPath: /var/lib/postgresql/data |
| 537 | + volumes: |
| 538 | + - name: postgresdata |
| 539 | + persistentVolumeClaim: |
| 540 | + claimName: db-data |
| 541 | +--- |
| 542 | +kind: Service |
| 543 | +apiVersion: v1 |
| 544 | +metadata: |
| 545 | + labels: |
| 546 | + app: db |
| 547 | + name: db |
| 548 | + namespace: ${NAMESPACE} |
| 549 | +spec: |
| 550 | + ports: |
| 551 | + - port: 5432 |
| 552 | + protocol: TCP |
| 553 | + targetPort: 5432 |
| 554 | + selector: |
| 555 | + app: db |
| 556 | |
| 557 | === removed file 'deployment/services-dev.yml' |
| 558 | --- deployment/services-dev.yml 2017-08-31 15:05:26 +0000 |
| 559 | +++ deployment/services-dev.yml 1970-01-01 00:00:00 +0000 |
| 560 | @@ -1,105 +0,0 @@ |
| 561 | -################ |
| 562 | -# AMQP Service # |
| 563 | -################ |
| 564 | -kind: Deployment |
| 565 | -apiVersion: extensions/v1beta1 |
| 566 | -metadata: |
| 567 | - labels: |
| 568 | - app: amqp |
| 569 | - name: amqp |
| 570 | -spec: |
| 571 | - replicas: 1 |
| 572 | - revisionHistoryLimit: 2 |
| 573 | - selector: |
| 574 | - matchLabels: |
| 575 | - app: amqp |
| 576 | - template: |
| 577 | - metadata: |
| 578 | - labels: |
| 579 | - app: amqp |
| 580 | - spec: |
| 581 | - containers: |
| 582 | - - name: amqp |
| 583 | - image: rabbitmq |
| 584 | ---- |
| 585 | -kind: Service |
| 586 | -apiVersion: v1 |
| 587 | -metadata: |
| 588 | - labels: |
| 589 | - app: amqp |
| 590 | - name: amqp |
| 591 | -spec: |
| 592 | - ports: |
| 593 | - - port: 5672 |
| 594 | - protocol: TCP |
| 595 | - targetPort: 5672 |
| 596 | - selector: |
| 597 | - app: amqp |
| 598 | ---- |
| 599 | -###################### |
| 600 | -# PostgreSQL Service # |
| 601 | -###################### |
| 602 | -kind: PersistentVolumeClaim |
| 603 | -apiVersion: v1 |
| 604 | -metadata: |
| 605 | - name: db-data |
| 606 | -spec: |
| 607 | - accessModes: |
| 608 | - - ReadWriteOnce |
| 609 | - resources: |
| 610 | - requests: |
| 611 | - storage: 5Gi |
| 612 | ---- |
| 613 | -kind: PersistentVolume |
| 614 | -apiVersion: v1 |
| 615 | -metadata: |
| 616 | - name: pv0001 |
| 617 | -spec: |
| 618 | - accessModes: |
| 619 | - - ReadWriteOnce |
| 620 | - capacity: |
| 621 | - storage: 5Gi |
| 622 | - hostPath: |
| 623 | - path: /data/pv0001/ |
| 624 | ---- |
| 625 | -kind: Deployment |
| 626 | -apiVersion: extensions/v1beta1 |
| 627 | -metadata: |
| 628 | - labels: |
| 629 | - app: db |
| 630 | - name: db |
| 631 | -spec: |
| 632 | - replicas: 1 |
| 633 | - revisionHistoryLimit: 2 |
| 634 | - selector: |
| 635 | - matchLabels: |
| 636 | - app: db |
| 637 | - template: |
| 638 | - metadata: |
| 639 | - labels: |
| 640 | - app: db |
| 641 | - spec: |
| 642 | - containers: |
| 643 | - - name: postgres |
| 644 | - image: postgres:9.5 |
| 645 | - volumeMounts: |
| 646 | - - name: postgresdata |
| 647 | - mountPath: /var/lib/postgresql/data |
| 648 | - volumes: |
| 649 | - - name: postgresdata |
| 650 | - persistentVolumeClaim: |
| 651 | - claimName: db-data |
| 652 | ---- |
| 653 | -kind: Service |
| 654 | -apiVersion: v1 |
| 655 | -metadata: |
| 656 | - labels: |
| 657 | - app: db |
| 658 | - name: db |
| 659 | -spec: |
| 660 | - ports: |
| 661 | - - port: 5432 |
| 662 | - protocol: TCP |
| 663 | - targetPort: 5432 |
| 664 | - selector: |
| 665 | - app: db |
| 666 | |
| 667 | === renamed file 'deployment/services.yml.j2' => 'deployment/services.yaml.tpl' |
| 668 | --- deployment/services.yml.j2 2017-08-31 12:09:44 +0000 |
| 669 | +++ deployment/services.yaml.tpl 2017-10-19 17:13:30 +0000 |
| 670 | @@ -4,7 +4,7 @@ |
| 671 | labels: |
| 672 | app: app |
| 673 | name: app |
| 674 | - namespace: {{ NAMESPACE }} |
| 675 | + namespace: ${NAMESPACE} |
| 676 | spec: |
| 677 | ports: |
| 678 | - port: 8000 |
| 679 | @@ -24,10 +24,10 @@ |
| 680 | labels: |
| 681 | app: db |
| 682 | name: db |
| 683 | - namespace: {{ NAMESPACE }} |
| 684 | + namespace: ${NAMESPACE} |
| 685 | spec: |
| 686 | type: ExternalName |
| 687 | - externalName: {{ DB_EXTERNAL_NAME }} |
| 688 | + externalName: ${DB_EXTERNAL_NAME} |
| 689 | --- |
| 690 | apiVersion: v1 |
| 691 | kind: Service |
| 692 | @@ -35,7 +35,7 @@ |
| 693 | labels: |
| 694 | app: amqp |
| 695 | name: amqp |
| 696 | - namespace: {{ NAMESPACE }} |
| 697 | + namespace: ${NAMESPACE} |
| 698 | spec: |
| 699 | type: ExternalName |
| 700 | - externalName: {{ AMQP_EXTERNAL_NAME }} |
| 701 | + externalName: ${AMQP_EXTERNAL_NAME} |
| 702 | |
| 703 | === added file 'envrc' |
| 704 | --- envrc 1970-01-01 00:00:00 +0000 |
| 705 | +++ envrc 2017-10-19 17:13:30 +0000 |
| 706 | @@ -0,0 +1,1 @@ |
| 707 | +eval $(make -f envrc.mk) |
| 708 | |
| 709 | === added file 'envrc.mk' |
| 710 | --- envrc.mk 1970-01-01 00:00:00 +0000 |
| 711 | +++ envrc.mk 2017-10-19 17:13:30 +0000 |
| 712 | @@ -0,0 +1,24 @@ |
| 713 | +DOCKER_REGISTRY = localhost:5000 |
| 714 | +NAMESPACE = isitdeployable |
| 715 | +DOMAIN = dpa.k8s |
| 716 | +DB_EXTERNAL_NAME = db.$(NAMESPACE).svc.cluster.local |
| 717 | +AMQP_EXTERNAL_NAME = amqp.$(NAMESPACE).svc.cluster.local |
| 718 | +LP_BOT = $(shell bzr lp-login) |
| 719 | + |
| 720 | +.DEFAULT_GOAL := envrc |
| 721 | + |
| 722 | +# Quote a string for the shell. |
| 723 | +quote = '$(subst ','\'',$(1))' |
| 724 | +# Produce a shell command that exports a shell variable with the value of |
| 725 | +# the corresponding make variable. We need an extra layer of quoting here |
| 726 | +# because the echo command itself will expand its arguments. |
| 727 | +exportvar = echo $(call quote,export $(1)=$(call quote,$($(1)))) |
| 728 | + |
| 729 | +.PHONY: envrc |
| 730 | +envrc: |
| 731 | + @$(call exportvar,DOCKER_REGISTRY) |
| 732 | + @$(call exportvar,NAMESPACE) |
| 733 | + @$(call exportvar,DOMAIN) |
| 734 | + @$(call exportvar,DB_EXTERNAL_NAME) |
| 735 | + @$(call exportvar,AMQP_EXTERNAL_NAME) |
| 736 | + @$(call exportvar,LP_BOT) |
| 737 | |
| 738 | === removed file 'scripts/generate-config' |
| 739 | --- scripts/generate-config 2017-07-31 17:21:03 +0000 |
| 740 | +++ scripts/generate-config 1970-01-01 00:00:00 +0000 |
| 741 | @@ -1,27 +0,0 @@ |
| 742 | -#!/usr/bin/env python3 |
| 743 | - |
| 744 | -from os import environ, path |
| 745 | -from sys import argv, exit |
| 746 | - |
| 747 | -from jinja2 import Environment, FileSystemLoader |
| 748 | -import yaml |
| 749 | - |
| 750 | - |
| 751 | -def main(): |
| 752 | - template_name = argv[1] |
| 753 | - env = Environment( |
| 754 | - loader=FileSystemLoader(path.dirname(path.dirname(__file__)))) |
| 755 | - template = env.get_template(template_name) |
| 756 | - |
| 757 | - config = template.render(**environ) |
| 758 | - |
| 759 | - # Test we can load all the documents without error |
| 760 | - if '.yml' in template_name: |
| 761 | - list(yaml.load_all(config)) |
| 762 | - |
| 763 | - print(config) |
| 764 | - return 0 |
| 765 | - |
| 766 | - |
| 767 | -if __name__ == '__main__': |
| 768 | - exit(main()) |
I don't know the underlying system particularly well, but mostly looks OK. Just some comments on the make/shell interface.