Merge lp:~ricardokirkner/isitdeployable/improve-makefile-config-templates into lp:isitdeployable
- improve-makefile-config-templates
- Merge into trunk
Proposed by
Ricardo Kirkner
Status: | Merged |
---|---|
Approved by: | Ricardo Kirkner |
Approved revision: | 275 |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | lp:~ricardokirkner/isitdeployable/improve-makefile-config-templates |
Merge into: | lp:isitdeployable |
Diff against target: |
768 lines (+241/-253) 15 files modified
Makefile.k8s (+67/-38) README.k8s (+7/-7) deployment/configmaps.yaml.tpl (+3/-3) deployment/deployments.yaml.tpl (+15/-16) deployment/dpa.k8s.crt (+0/-18) deployment/dpa.k8s.key (+0/-28) deployment/ingress.yaml.tpl (+2/-2) deployment/namespace.yaml.tpl (+2/-2) deployment/secrets.yaml.tpl (+2/-2) deployment/services-dev.yaml.tpl (+113/-0) deployment/services-dev.yml (+0/-105) deployment/services.yaml.tpl (+5/-5) envrc (+1/-0) envrc.mk (+24/-0) scripts/generate-config (+0/-27) |
To merge this branch: | bzr merge lp:~ricardokirkner/isitdeployable/improve-makefile-config-templates |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Colin Watson (community) | Approve | ||
Review via email: mp+332496@code.launchpad.net |
Commit message
better config rendering from templates
- simplified rendering of templates
- deleted no longer necessary files (crt/key)
- separate environment variables definition from makefile
- automatically create namespace before deploying dev services
Description of the change
To post a comment you must log in.
- 273. By Ricardo Kirkner
-
update configmaps template
- 274. By Ricardo Kirkner
-
apply quoting to exported env vars
- 275. By Ricardo Kirkner
-
make envrc the default target
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'Makefile.k8s' |
2 | --- Makefile.k8s 2017-09-12 18:18:08 +0000 |
3 | +++ Makefile.k8s 2017-10-19 17:13:30 +0000 |
4 | @@ -1,22 +1,17 @@ |
5 | KUBECONFIG ?= $(HOME)/.kube/config |
6 | KUBECTL = kubectl --kubeconfig=$(KUBECONFIG) --insecure-skip-tls-verify=true |
7 | +REGISTRY_CONFIG = deployment/registry.yaml |
8 | |
9 | -DOCKER_REGISTRY ?= localhost:5000 |
10 | -REGISTRY_CONFIG = deployment/registry.yml |
11 | IMAGE_NAME ?= isitdeployable |
12 | IMAGE_TAG ?= $(shell bzr version-info --custom --template={branch_nick}-{revno}) |
13 | -NAMESPACE ?= isitdeployable |
14 | -DB_EXTERNAL_NAME ?= db.default.svc.cluster.local |
15 | -AMQP_EXTERNAL_NAME ?= amqp.default.svc.cluster.local |
16 | - |
17 | -DOMAIN ?= dpa.k8s |
18 | -TLS_CRT ?= $(shell cat deployment/$(DOMAIN).crt | base64 -w0) |
19 | -TLS_KEY ?= $(shell cat deployment/$(DOMAIN).key | base64 -w0) |
20 | |
21 | HTTP_PROXY ?= $(http_proxy) |
22 | HTTPS_PROXY ?= $(https_proxy) |
23 | NO_PROXY ?= $(no_proxy) |
24 | |
25 | +# automatically source environment variables |
26 | +include envrc.mk |
27 | + |
28 | # public targets |
29 | |
30 | k8s-bootstrap: $(ENV) fetch-sourcedeps ## Bootstrap k8s environment |
31 | @@ -30,6 +25,7 @@ |
32 | $(KUBECTL) --namespace kube-system port-forward $(REGISTRY_POD) 5000:5000 |
33 | |
34 | k8s-build: fetch-sourcedeps ## Build container image |
35 | + @$(check-env-vars) |
36 | @echo 'Building image on:' $(shell lsb_release -cs) |
37 | @echo 'Building image using docker version:' $(shell docker version -f "Server: {{.Server.Version}} Client: {{.Client.Version}}") |
38 | $(eval BUILD_ARGS = --label revision="$(shell bzr revno)") |
39 | @@ -45,10 +41,14 @@ |
40 | docker build $(BUILD_ARGS) -t $(IMAGE_NAME):$(IMAGE_TAG) . |
41 | |
42 | k8s-upload: ## Upload image to registry |
43 | + @$(check-env-vars) |
44 | docker tag $(IMAGE_NAME):$(IMAGE_TAG) $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) |
45 | docker push $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) |
46 | |
47 | -k8s-render-templates: $(shell find deployment -name *.yml.j2 -printf 'tmp/%f\n' | sed -e 's/.j2//g') |
48 | +k8s-render-config: $(shell find deployment -name '*.yaml.tpl' -printf 'tmp/%f\n' | sed -e 's/.tpl//g') |
49 | + |
50 | +k8s-clean-config: |
51 | + rm -f tmp/*.yaml |
52 | |
53 | k8s-deploy-all: ## Deploy isitdeployable full stack (PRODUCTION) |
54 | $(MAKE) k8s-deploy-namespace |
55 | @@ -58,50 +58,79 @@ |
56 | $(MAKE) k8s-deploy-app |
57 | $(MAKE) k8s-deploy-firewall |
58 | |
59 | -k8s-deploy-namespace: k8s-render-templates ## Deploy namespace for isitdeployable (PRODUCTION) |
60 | - $(KUBECTL) create -f tmp/namespace.yml || true |
61 | +k8s-deploy-namespace: k8s-render-config ## Deploy namespace for isitdeployable (PRODUCTION) |
62 | + $(KUBECTL) create -f tmp/namespace.yaml || true |
63 | |
64 | -k8s-deploy-config: k8s-render-templates ## Deploy configuration for isitdeployable (PRODUCTION) |
65 | - $(KUBECTL) create -f tmp/configmaps.yml || true |
66 | +k8s-deploy-config: k8s-render-config ## Deploy configuration for isitdeployable (PRODUCTION) |
67 | + $(KUBECTL) create -f tmp/configmaps.yaml || true |
68 | |
69 | k8s-deploy-registry-secret: k8s-deploy-namespace ## Deploy secret for registry access into isitdeployable namespace (PRODUCTION) |
70 | + @$(check-env-vars) |
71 | $(KUBECTL) get secret registry-access -o yaml | sed 's/default/$(NAMESPACE)/g' | kubectl -n $(NAMESPACE) create -f - || true |
72 | |
73 | -k8s-deploy-services: k8s-render-templates ## Deploy isitdeployable supporting services (PRODUCTION) |
74 | - $(KUBECTL) create -f tmp/services.yml || true |
75 | +k8s-deploy-services: k8s-render-config ## Deploy isitdeployable supporting services (PRODUCTION) |
76 | + $(KUBECTL) create -f tmp/services.yaml || true |
77 | |
78 | -k8s-deploy-app: k8s-render-templates ## Deploy isitdeployable app |
79 | - $(KUBECTL) create --record -f tmp/secrets.yml -f tmp/deployments.yml || true |
80 | +k8s-deploy-app: k8s-render-config ## Deploy isitdeployable app |
81 | + @$(check-env-vars) |
82 | + $(KUBECTL) create --record -f tmp/secrets.yaml -f tmp/deployments.yaml || true |
83 | $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/app |
84 | |
85 | -k8s-deploy-firewall: k8s-render-templates ## Deploy ingress rules |
86 | - $(KUBECTL) create -f tmp/ingress.yml || true |
87 | +k8s-deploy-firewall: k8s-render-config ## Deploy ingress rules |
88 | + $(KUBECTL) create -f tmp/ingress.yaml || true |
89 | |
90 | k8s-update-app: ## Update isitdeployable app |
91 | + @$(check-env-vars) |
92 | $(KUBECTL) --namespace $(NAMESPACE) set image deployment/app app=$(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) worker=$(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) |
93 | $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/app |
94 | |
95 | -k8s-deploy-all-dev: k8s-render-templates ## Deploy isitdeployable full stack for development |
96 | +k8s-deploy-all-dev: k8s-render-config ## Deploy isitdeployable full stack for development |
97 | + $(MAKE) k8s-deploy-namespace |
98 | $(MAKE) k8s-deploy-services-dev |
99 | $(MAKE) k8s-deploy-all |
100 | |
101 | -k8s-deploy-services-dev: k8s-render-templates ## Deploy isitdeployable supporting services for development |
102 | - $(KUBECTL) create -f deployment/services-dev.yml || true |
103 | - $(KUBECTL) rollout status deployment/db |
104 | - $(KUBECTL) rollout status deployment/amqp |
105 | +k8s-deploy-services-dev: k8s-render-config ## Deploy isitdeployable supporting services for development |
106 | + @$(check-env-vars) |
107 | + $(KUBECTL) create -f tmp/services-dev.yaml || true |
108 | + $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/db |
109 | + $(KUBECTL) --namespace $(NAMESPACE) rollout status deployment/amqp |
110 | |
111 | # helper targets |
112 | |
113 | -tmp/%.yml: deployment/%.yml.j2 |
114 | - $(MAKE) generate-config K8S_CONFIG=$@ K8S_CONFIG_TEMPLATE=$< |
115 | - |
116 | -generate-config: |
117 | - IMAGE_NAME="$(IMAGE_NAME)" IMAGE_TAG="$(IMAGE_TAG)" \ |
118 | - DOCKER_REGISTRY="$(DOCKER_REGISTRY)" \ |
119 | - BUILD_REVISION="$(shell docker inspect -f '{{ .Config.Labels.revision }}' $(DOCKER_REGISTRY):$(IMAGE_NAME):$(IMAGE_TAG))" \ |
120 | - NAMESPACE=$(NAMESPACE) \ |
121 | - DB_EXTERNAL_NAME=$(DB_EXTERNAL_NAME) \ |
122 | - AMQP_EXTERNAL_NAME=$(AMQP_EXTERNAL_NAME) \ |
123 | - DOMAIN="$(DOMAIN)" TLS_CRT="$(TLS_CRT)" TLS_KEY="$(TLS_KEY)" \ |
124 | - LP_BOT="$(shell bzr lp-login)" \ |
125 | - python scripts/generate-config $(K8S_CONFIG_TEMPLATE) > $(K8S_CONFIG) |
126 | +tmp/%.yaml: deployment/%.yaml.tpl |
127 | + $(MAKE) render-template SRC=$< DST=$@ |
128 | + |
129 | +render-template: |
130 | + @$(check-env-vars) |
131 | + @$(eval REVISION=$(shell docker inspect -f '{{.Config.Labels.revision}}' $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG))) |
132 | + @REVISION=$(REVISION) IMAGE_NAME=$(IMAGE_NAME) IMAGE_TAG=$(IMAGE_TAG) envsubst < $(SRC) > $(DST) |
133 | + |
134 | +# defines |
135 | + |
136 | +define check-env-vars |
137 | + if test -z "$(NAMESPACE)"; then \ |
138 | + echo "NAMESPACE variable not defined; aborting."; \ |
139 | + exit 1; \ |
140 | + elif test -z "$(DOMAIN)"; then \ |
141 | + echo "DOMAIN variable not defined; aborting."; \ |
142 | + exit 1; \ |
143 | + elif test -z "$(DB_EXTERNAL_NAME)"; then \ |
144 | + echo "DB_EXTERNAL_NAME variable not defined; aborting."; \ |
145 | + exit 1; \ |
146 | + elif test -z "$(AMQP_EXTERNAL_NAME)"; then \ |
147 | + echo "AMQP_EXTERNAL_NAME variable not defined; aborting."; \ |
148 | + exit 1; \ |
149 | + elif test -z "$(DOCKER_REGISTRY)"; then \ |
150 | + echo "DOCKER_REGISTRY variable not defined; aborting."; \ |
151 | + exit 1; \ |
152 | + elif test -z "$(IMAGE_NAME)"; then \ |
153 | + echo "IMAGE_NAME variable not defined; aborting."; \ |
154 | + exit 1; \ |
155 | + elif test -z "$(IMAGE_TAG)"; then \ |
156 | + echo "IMAGE_TAG variable not defined; aborting."; \ |
157 | + exit 1; \ |
158 | + elif test -z "$(LP_BOT)"; then \ |
159 | + echo "LP_BOT variable not defined; aborting."; \ |
160 | + exit 1; \ |
161 | + fi |
162 | +endef |
163 | |
164 | === modified file 'README.k8s' |
165 | --- README.k8s 2017-08-31 15:05:26 +0000 |
166 | +++ README.k8s 2017-10-19 17:13:30 +0000 |
167 | @@ -77,7 +77,7 @@ |
168 | |
169 | $ make k8s-deploy-all-dev |
170 | [...] |
171 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services-dev.yml |
172 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services-dev.yaml |
173 | deployment "amqp" created |
174 | service "amqp" created |
175 | persistentvolumeclaim "db-data" created |
176 | @@ -90,13 +90,13 @@ |
177 | kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true rollout status deployment/amqp |
178 | deployment "amqp" successfully rolled out |
179 | [...] |
180 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/configmaps.yml |
181 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/configmaps.yaml |
182 | configmap "app" created |
183 | [...] |
184 | -kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services.yml |
185 | +kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f deployment/services.yaml |
186 | service "app" created |
187 | [...] |
188 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create --record -f secrets.yml -f /tmp/deployments.yml |
189 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create --record -f secrets.yaml -f /tmp/deployments.yaml |
190 | secret "app" created |
191 | deployment "app" created |
192 | kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true rollout status deployment/app |
193 | @@ -104,7 +104,7 @@ |
194 | Waiting for rollout to finish: 1 of 2 updated replicas are available... |
195 | deployment "app" successfully rolled out |
196 | [...] |
197 | - kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/ingress.yml |
198 | + kubectl --kubeconfig=/home/ricardo/.kube/config --insecure-skip-tls-verify=true create -f /tmp/ingress.yaml |
199 | ingress "app" created |
200 | secret "dpa.k8s" created |
201 | [...] |
202 | @@ -140,9 +140,9 @@ |
203 | ------- |
204 | |
205 | The files used by kubectl to trigger deployments are generated from the templates in the `deployment` directory. |
206 | -See the Makefile targets handling these .yml files. |
207 | +See the Makefile targets handling these .yaml files. |
208 | |
209 | -Two important parts of these .yml files are at the bottom: the ingress object and the secret object. |
210 | +Two important parts of these .yaml files are at the bottom: the ingress object and the secret object. |
211 | The secret object contains a .crt and a .key file both currently self-signed and base64'ed. |
212 | They relate to a ingress rule that says which DNS record (which domain) will use them. |
213 | By default this is dpa.k8s. |
214 | |
215 | === renamed file 'deployment/configmaps.yml.j2' => 'deployment/configmaps.yaml.tpl' |
216 | --- deployment/configmaps.yml.j2 2017-09-08 12:44:47 +0000 |
217 | +++ deployment/configmaps.yaml.tpl 2017-10-19 17:13:30 +0000 |
218 | @@ -2,13 +2,13 @@ |
219 | kind: ConfigMap |
220 | metadata: |
221 | name: app |
222 | - namespace: {{ NAMESPACE }} |
223 | + namespace: ${NAMESPACE} |
224 | data: |
225 | ADMINAUDIT_EMAILS_RECIPIENTS: "[]" |
226 | - ALLOWED_HOSTS: '["{{ DOMAIN }}", "dpa-app"]' |
227 | + ALLOWED_HOSTS: "['${DOMAIN}', 'dpa-app']" |
228 | BRANCH_CACHE_DIR: "tmp/branches" |
229 | GIT_SSH_DEFAULT_PORT: "9422" |
230 | - GIT_SSH_DEFAULT_USERNAME: "" |
231 | + GIT_SSH_DEFAULT_USERNAME: "${LP_BOT}" |
232 | METRICS_PREFIX: "" |
233 | METRICS_TARGET: "" |
234 | OOPS_REPORTER: "DEFAULT" |
235 | |
236 | === renamed file 'deployment/deployments.yml.j2' => 'deployment/deployments.yaml.tpl' |
237 | --- deployment/deployments.yml.j2 2017-10-18 20:19:33 +0000 |
238 | +++ deployment/deployments.yaml.tpl 2017-10-19 17:13:30 +0000 |
239 | @@ -3,28 +3,27 @@ |
240 | metadata: |
241 | labels: |
242 | app: app |
243 | - revision: {{ BUILD_REVISION }} |
244 | + revision: "${REVISION}" |
245 | name: app |
246 | - namespace: {{ NAMESPACE }} |
247 | + namespace: ${NAMESPACE} |
248 | spec: |
249 | replicas: 2 |
250 | revisionHistoryLimit: 2 |
251 | strategy: |
252 | type: RollingUpdate |
253 | rollingUpdate: |
254 | - maxSurge: 0 |
255 | - maxUnavailable: 1 |
256 | + maxSurge: 1 |
257 | + maxUnavailable: 0 |
258 | minReadySeconds: 5 |
259 | selector: |
260 | matchLabels: |
261 | app: app |
262 | - revision: {{ BUILD_REVISION }} |
263 | template: |
264 | metadata: |
265 | - namespace: {{ NAMESPACE }} |
266 | + namespace: ${NAMESPACE} |
267 | labels: |
268 | app: app |
269 | - revision: {{ BUILD_REVISION }} |
270 | + revision: "${REVISION}" |
271 | spec: |
272 | imagePullSecrets: |
273 | - name: registry-access |
274 | @@ -41,12 +40,8 @@ |
275 | mode: 0644 |
276 | initContainers: |
277 | - name: migrate-db |
278 | - image: {{ DOCKER_REGISTRY }}/{{ IMAGE_NAME }}:{{ IMAGE_TAG }} |
279 | + image: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} |
280 | imagePullPolicy: Always |
281 | - volumeMounts: |
282 | - - name: ssh-config |
283 | - readOnly: true |
284 | - mountPath: /home/ubuntu/.ssh |
285 | env: |
286 | # config |
287 | - name: DJANGO_SETTINGS_MODULE |
288 | @@ -70,14 +65,18 @@ |
289 | command: ["make", "app-update-db"] |
290 | containers: |
291 | - name: app |
292 | - image: {{ DOCKER_REGISTRY }}/{{ IMAGE_NAME }}:{{ IMAGE_TAG }} |
293 | + image: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} |
294 | imagePullPolicy: Always |
295 | readinessProbe: |
296 | httpGet: |
297 | port: 8000 |
298 | path: /_status/ping |
299 | + httpHeaders: |
300 | + - name: Host |
301 | + value: ${DOMAIN} |
302 | initialDelaySeconds: 5 |
303 | - periodSeconds: 1 |
304 | + periodSeconds: 10 |
305 | + timeoutSeconds: 5 |
306 | ports: |
307 | - containerPort: 8000 |
308 | protocol: TCP |
309 | @@ -166,7 +165,7 @@ |
310 | name: app |
311 | key: SECRET_KEY |
312 | - name: worker |
313 | - image: {{ DOCKER_REGISTRY }}/{{ IMAGE_NAME }}:{{ IMAGE_TAG }} |
314 | + image: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} |
315 | imagePullPolicy: Always |
316 | volumeMounts: |
317 | - name: ssh-config |
318 | @@ -259,7 +258,7 @@ |
319 | command: ["/bin/sh", "-c", "mkdir -p ~/.ssh && \ |
320 | ln -sf ~/.secrets/ssh-config/id_rsa ~/.ssh/id_rsa && \ |
321 | ln -sf ~/.secrets/ssh-config/id_rsa.pub ~/.ssh/id_rsa.pub && \ |
322 | - /usr/src/app/scripts/setup-bzr {{ LP_BOT }}"] |
323 | + /usr/src/app/scripts/setup-bzr ${LP_BOT}"] |
324 | securityContext: |
325 | runAsNonRoot: true |
326 | runAsUser: 1000 |
327 | |
328 | === removed file 'deployment/dpa.k8s.crt' |
329 | --- deployment/dpa.k8s.crt 2017-07-31 17:22:13 +0000 |
330 | +++ deployment/dpa.k8s.crt 1970-01-01 00:00:00 +0000 |
331 | @@ -1,18 +0,0 @@ |
332 | ------BEGIN CERTIFICATE----- |
333 | -MIIC9zCCAd+gAwIBAgIJAIrLU+VQJq3pMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV |
334 | -BAMMB2RwYS5rOHMwHhcNMTcwNzMxMTIwMTIwWhcNMTgwNzMxMTIwMTIwWjASMRAw |
335 | -DgYDVQQDDAdkcGEuazhzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA |
336 | -mL0iObnJePe4XF9Dyl/X0boLtcWDGzf5ol6mKjWYe4RTlmUvPcwPBF4U/rMe/o4c |
337 | -fKDZMUrR0ZqYDuZfjD0fL/cJ/6Z11L3Bbt2kDHg/+Mk5Ez72YRrFSylEopPBAN1E |
338 | -89fSDhfWedgg7RmaV/9AaCD34mK3BMS1yvlX5utLY+sTOUMZhINzuNt1fKgQiVmF |
339 | -Sv20lHvNh8aRUn2YVvDYsG9hLYBRT6oemxKTGoecnhAUpu2FjMLgrftDYwLl1jc8 |
340 | -w5JBQpyFxvT1NjEIF/3nTgrb/qaXmY2//fdYdZ82ERFwZsQCKK/voJZIf1NAmGge |
341 | -bwle8oe47nfJKlfMXjl/GQIDAQABo1AwTjAdBgNVHQ4EFgQUAfgwyLQvF5ZaRW3m |
342 | -rNGwA4gmpukwHwYDVR0jBBgwFoAUAfgwyLQvF5ZaRW3mrNGwA4gmpukwDAYDVR0T |
343 | -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAV0lbypxz90lYQuGSQwLj9KvgBPoi |
344 | -GOoxG2yAd7s0MQ8wLBYUcrUX/e/ol6yIJI1kRqBNhjx2DWXZtc1PD8SNJenjRdwS |
345 | -rOLZyDFX96QKp74S81OIHDD+iFSKhIyNTlj/d7Lb+VT0JFjuLIWemVSO9vctovtx |
346 | -z3p3c60j+KfOjhy6OMGNJCojJIkkih5cA3PCAeuxHBxaH7wBIxZk18UJaNmpnQgx |
347 | -dwCwKqrCbuIEjvOf6HhNXpLtZZDoXg5qvzXGyxxvvPIuw1kHTbzvAWX03Luphoc+ |
348 | -RCaiZVQC5xAVBWvzM636QIfR3NLA/asDxuDyrf++AeJm4aRI2pUXaO0owQ== |
349 | ------END CERTIFICATE----- |
350 | |
351 | === removed file 'deployment/dpa.k8s.key' |
352 | --- deployment/dpa.k8s.key 2017-07-31 17:22:13 +0000 |
353 | +++ deployment/dpa.k8s.key 1970-01-01 00:00:00 +0000 |
354 | @@ -1,28 +0,0 @@ |
355 | ------BEGIN PRIVATE KEY----- |
356 | -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCYvSI5ucl497hc |
357 | -X0PKX9fRugu1xYMbN/miXqYqNZh7hFOWZS89zA8EXhT+sx7+jhx8oNkxStHRmpgO |
358 | -5l+MPR8v9wn/pnXUvcFu3aQMeD/4yTkTPvZhGsVLKUSik8EA3UTz19IOF9Z52CDt |
359 | -GZpX/0BoIPfiYrcExLXK+Vfm60tj6xM5QxmEg3O423V8qBCJWYVK/bSUe82HxpFS |
360 | -fZhW8Niwb2EtgFFPqh6bEpMah5yeEBSm7YWMwuCt+0NjAuXWNzzDkkFCnIXG9PU2 |
361 | -MQgX/edOCtv+ppeZjb/991h1nzYREXBmxAIor++glkh/U0CYaB5vCV7yh7jud8kq |
362 | -V8xeOX8ZAgMBAAECggEAUORSPQpVVrizrlBR4dtyvMNwsjtB3Wd+0WyZSl+KO1hw |
363 | -wIUkSPFKvsBpFB+feaegFK1HeiCrEPx0Lef6kJZKbyfB5uCtJRe+W04NNQF2t/cy |
364 | -QCwnZnQ8KztW+1ePbzrA6vfRat9bGrrJbWkS4inwXXWgcwhe76qSsUXvNQBGtEqZ |
365 | -LdYy1UP3Q7jZGSIp2rzm5XCaovKzbD+eAMh5cOBYHMB9erzWHJwBJpr5pvVxora3 |
366 | -t0ZA4vWjjNFlM13vqnnymqpaebKVOSVrPXzW3xLmPVFVP0sp3UZTNcI6nalGNbT3 |
367 | -yw4V54blZjFqG7eQok9gGO2YDbL8K4FcPiEYbRuGgQKBgQDJYuZP7VwwH+dD9y19 |
368 | -zic5DbKwFx9xtHZnx7kuKyKq7C5Xx461ZgSscvZhmraDXSSnNG73gZIv+tb9hIzR |
369 | -V1y3aej2zVPdn2E8uJ5f0RFZAK4iIcJLKJrUX55Nz9zhnEw1QJjEVW2+ThdBZ1Ix |
370 | -9aPUs9PvoIj/KCM51I7wzYGbkQKBgQDCKOoz00YAbhuvDAmX+7/lvtWkO+KQAhxv |
371 | -bi0FdkOEdXS7C6Ju2CwvcJbc0gZNSY+t3amEP1Eu87r022ggCu03rFW1nFCq12CX |
372 | -EKCOxdhft1w4ZsxCpKaI9jezedpYiPTHJTYCm/y6z3C9KsUke7hflyEo0I9oFhQv |
373 | -/KuFUiEXCQKBgQDH2ZKvbOEYjQCHLSuC9mtsLhDOuROmVi1OziASFhKARoOy7sHL |
374 | -eKNYs3mX4N4QvQVbvSgGDRqS7L4ftkO8l5LWHY9oJNl+TOVFSf05HxO1HHyyOIhE |
375 | -59XGveEuXQJZDi9+hU1VQWX3/i0L5cnm9FsSASdoXQq3FBDpGeyEQZzGUQKBgDe8 |
376 | -QQbhhj3HXeERBov/c6XC81cy7aXDRWBjcz8XJOiYQwsSmu1Q1tZDbrsy+yYikMEr |
377 | -WWciOe7NfoSdmzVfjZsmuG/q0GlKbGrRFhYGC0fmve1e7RHQbBHzBChcOWai4gls |
378 | -0CVNm+4QcF+NMIx5i4K9QoKR5CjP9bmUwbQC0IbpAoGAZXKTFey67ODrfgXfst4s |
379 | -w/ZB/LD9n+5ycwAvgP6RwH0sWsObpN3GI5V4ibDTxX16lXf+BHbf+qFxAZ8Ec/M5 |
380 | -EFY5HkOEBICV7EBzJFBalFVRbb1/esNCQzMxcUlmsTJW0+9i3yT64gpK6mBam/LW |
381 | -VYrB6/uyKXre1BShf3xC6AA= |
382 | ------END PRIVATE KEY----- |
383 | |
384 | === renamed file 'deployment/ingress.yml.j2' => 'deployment/ingress.yaml.tpl' |
385 | --- deployment/ingress.yml.j2 2017-08-31 12:09:44 +0000 |
386 | +++ deployment/ingress.yaml.tpl 2017-10-19 17:13:30 +0000 |
387 | @@ -2,12 +2,12 @@ |
388 | kind: Ingress |
389 | metadata: |
390 | name: app |
391 | - namespace: {{ NAMESPACE }} |
392 | + namespace: ${NAMESPACE} |
393 | annotations: |
394 | ingress.kubernetes.io/rewrite-target: / |
395 | spec: |
396 | rules: |
397 | - - host: {{ DOMAIN }} |
398 | + - host: ${DOMAIN} |
399 | http: |
400 | paths: |
401 | - path: / |
402 | |
403 | === renamed file 'deployment/namespace.yml.j2' => 'deployment/namespace.yaml.tpl' |
404 | --- deployment/namespace.yml.j2 2017-08-14 12:29:47 +0000 |
405 | +++ deployment/namespace.yaml.tpl 2017-10-19 17:13:30 +0000 |
406 | @@ -1,6 +1,6 @@ |
407 | apiVersion: v1 |
408 | kind: Namespace |
409 | metadata: |
410 | - name: {{ NAMESPACE }} |
411 | + name: ${NAMESPACE} |
412 | labels: |
413 | - name: {{ NAMESPACE }} |
414 | + name: ${NAMESPACE} |
415 | |
416 | === renamed file 'deployment/registry.yml' => 'deployment/registry.yaml' |
417 | === renamed file 'deployment/secrets.yml.j2' => 'deployment/secrets.yaml.tpl' |
418 | --- deployment/secrets.yml.j2 2017-08-31 15:05:26 +0000 |
419 | +++ deployment/secrets.yaml.tpl 2017-10-19 17:13:30 +0000 |
420 | @@ -2,7 +2,7 @@ |
421 | kind: Secret |
422 | metadata: |
423 | name: app |
424 | - namespace: {{ NAMESPACE }} |
425 | + namespace: ${NAMESPACE} |
426 | type: Opaque |
427 | data: |
428 | CELERY_BROKER_URL: YW1xcDovL2FtcXA= |
429 | @@ -15,7 +15,7 @@ |
430 | kind: Secret |
431 | metadata: |
432 | name: ssh-config |
433 | - namespace: {{ NAMESPACE }} |
434 | + namespace: ${NAMESPACE} |
435 | type: Opaque |
436 | data: |
437 | id_rsa: Cg== |
438 | |
439 | === added file 'deployment/services-dev.yaml.tpl' |
440 | --- deployment/services-dev.yaml.tpl 1970-01-01 00:00:00 +0000 |
441 | +++ deployment/services-dev.yaml.tpl 2017-10-19 17:13:30 +0000 |
442 | @@ -0,0 +1,113 @@ |
443 | +################ |
444 | +# AMQP Service # |
445 | +################ |
446 | +kind: Deployment |
447 | +apiVersion: extensions/v1beta1 |
448 | +metadata: |
449 | + labels: |
450 | + app: amqp |
451 | + name: amqp |
452 | + namespace: ${NAMESPACE} |
453 | +spec: |
454 | + replicas: 1 |
455 | + revisionHistoryLimit: 2 |
456 | + selector: |
457 | + matchLabels: |
458 | + app: amqp |
459 | + template: |
460 | + metadata: |
461 | + labels: |
462 | + app: amqp |
463 | + namespace: ${NAMESPACE} |
464 | + spec: |
465 | + containers: |
466 | + - name: amqp |
467 | + image: rabbitmq |
468 | +--- |
469 | +kind: Service |
470 | +apiVersion: v1 |
471 | +metadata: |
472 | + labels: |
473 | + app: amqp |
474 | + name: amqp |
475 | + namespace: ${NAMESPACE} |
476 | +spec: |
477 | + ports: |
478 | + - port: 5672 |
479 | + protocol: TCP |
480 | + targetPort: 5672 |
481 | + selector: |
482 | + app: amqp |
483 | +--- |
484 | +###################### |
485 | +# PostgreSQL Service # |
486 | +###################### |
487 | +kind: PersistentVolumeClaim |
488 | +apiVersion: v1 |
489 | +metadata: |
490 | + name: db-data |
491 | + namespace: ${NAMESPACE} |
492 | +spec: |
493 | + accessModes: |
494 | + - ReadWriteOnce |
495 | + resources: |
496 | + requests: |
497 | + storage: 5Gi |
498 | +--- |
499 | +kind: PersistentVolume |
500 | +apiVersion: v1 |
501 | +metadata: |
502 | + name: pv0001 |
503 | + namespace: ${NAMESPACE} |
504 | +spec: |
505 | + accessModes: |
506 | + - ReadWriteOnce |
507 | + capacity: |
508 | + storage: 5Gi |
509 | + hostPath: |
510 | + path: /data/pv0001/ |
511 | +--- |
512 | +kind: Deployment |
513 | +apiVersion: extensions/v1beta1 |
514 | +metadata: |
515 | + labels: |
516 | + app: db |
517 | + name: db |
518 | + namespace: ${NAMESPACE} |
519 | +spec: |
520 | + replicas: 1 |
521 | + revisionHistoryLimit: 2 |
522 | + selector: |
523 | + matchLabels: |
524 | + app: db |
525 | + template: |
526 | + metadata: |
527 | + labels: |
528 | + app: db |
529 | + namespace: ${NAMESPACE} |
530 | + spec: |
531 | + containers: |
532 | + - name: postgres |
533 | + image: postgres:9.5 |
534 | + volumeMounts: |
535 | + - name: postgresdata |
536 | + mountPath: /var/lib/postgresql/data |
537 | + volumes: |
538 | + - name: postgresdata |
539 | + persistentVolumeClaim: |
540 | + claimName: db-data |
541 | +--- |
542 | +kind: Service |
543 | +apiVersion: v1 |
544 | +metadata: |
545 | + labels: |
546 | + app: db |
547 | + name: db |
548 | + namespace: ${NAMESPACE} |
549 | +spec: |
550 | + ports: |
551 | + - port: 5432 |
552 | + protocol: TCP |
553 | + targetPort: 5432 |
554 | + selector: |
555 | + app: db |
556 | |
557 | === removed file 'deployment/services-dev.yml' |
558 | --- deployment/services-dev.yml 2017-08-31 15:05:26 +0000 |
559 | +++ deployment/services-dev.yml 1970-01-01 00:00:00 +0000 |
560 | @@ -1,105 +0,0 @@ |
561 | -################ |
562 | -# AMQP Service # |
563 | -################ |
564 | -kind: Deployment |
565 | -apiVersion: extensions/v1beta1 |
566 | -metadata: |
567 | - labels: |
568 | - app: amqp |
569 | - name: amqp |
570 | -spec: |
571 | - replicas: 1 |
572 | - revisionHistoryLimit: 2 |
573 | - selector: |
574 | - matchLabels: |
575 | - app: amqp |
576 | - template: |
577 | - metadata: |
578 | - labels: |
579 | - app: amqp |
580 | - spec: |
581 | - containers: |
582 | - - name: amqp |
583 | - image: rabbitmq |
584 | ---- |
585 | -kind: Service |
586 | -apiVersion: v1 |
587 | -metadata: |
588 | - labels: |
589 | - app: amqp |
590 | - name: amqp |
591 | -spec: |
592 | - ports: |
593 | - - port: 5672 |
594 | - protocol: TCP |
595 | - targetPort: 5672 |
596 | - selector: |
597 | - app: amqp |
598 | ---- |
599 | -###################### |
600 | -# PostgreSQL Service # |
601 | -###################### |
602 | -kind: PersistentVolumeClaim |
603 | -apiVersion: v1 |
604 | -metadata: |
605 | - name: db-data |
606 | -spec: |
607 | - accessModes: |
608 | - - ReadWriteOnce |
609 | - resources: |
610 | - requests: |
611 | - storage: 5Gi |
612 | ---- |
613 | -kind: PersistentVolume |
614 | -apiVersion: v1 |
615 | -metadata: |
616 | - name: pv0001 |
617 | -spec: |
618 | - accessModes: |
619 | - - ReadWriteOnce |
620 | - capacity: |
621 | - storage: 5Gi |
622 | - hostPath: |
623 | - path: /data/pv0001/ |
624 | ---- |
625 | -kind: Deployment |
626 | -apiVersion: extensions/v1beta1 |
627 | -metadata: |
628 | - labels: |
629 | - app: db |
630 | - name: db |
631 | -spec: |
632 | - replicas: 1 |
633 | - revisionHistoryLimit: 2 |
634 | - selector: |
635 | - matchLabels: |
636 | - app: db |
637 | - template: |
638 | - metadata: |
639 | - labels: |
640 | - app: db |
641 | - spec: |
642 | - containers: |
643 | - - name: postgres |
644 | - image: postgres:9.5 |
645 | - volumeMounts: |
646 | - - name: postgresdata |
647 | - mountPath: /var/lib/postgresql/data |
648 | - volumes: |
649 | - - name: postgresdata |
650 | - persistentVolumeClaim: |
651 | - claimName: db-data |
652 | ---- |
653 | -kind: Service |
654 | -apiVersion: v1 |
655 | -metadata: |
656 | - labels: |
657 | - app: db |
658 | - name: db |
659 | -spec: |
660 | - ports: |
661 | - - port: 5432 |
662 | - protocol: TCP |
663 | - targetPort: 5432 |
664 | - selector: |
665 | - app: db |
666 | |
667 | === renamed file 'deployment/services.yml.j2' => 'deployment/services.yaml.tpl' |
668 | --- deployment/services.yml.j2 2017-08-31 12:09:44 +0000 |
669 | +++ deployment/services.yaml.tpl 2017-10-19 17:13:30 +0000 |
670 | @@ -4,7 +4,7 @@ |
671 | labels: |
672 | app: app |
673 | name: app |
674 | - namespace: {{ NAMESPACE }} |
675 | + namespace: ${NAMESPACE} |
676 | spec: |
677 | ports: |
678 | - port: 8000 |
679 | @@ -24,10 +24,10 @@ |
680 | labels: |
681 | app: db |
682 | name: db |
683 | - namespace: {{ NAMESPACE }} |
684 | + namespace: ${NAMESPACE} |
685 | spec: |
686 | type: ExternalName |
687 | - externalName: {{ DB_EXTERNAL_NAME }} |
688 | + externalName: ${DB_EXTERNAL_NAME} |
689 | --- |
690 | apiVersion: v1 |
691 | kind: Service |
692 | @@ -35,7 +35,7 @@ |
693 | labels: |
694 | app: amqp |
695 | name: amqp |
696 | - namespace: {{ NAMESPACE }} |
697 | + namespace: ${NAMESPACE} |
698 | spec: |
699 | type: ExternalName |
700 | - externalName: {{ AMQP_EXTERNAL_NAME }} |
701 | + externalName: ${AMQP_EXTERNAL_NAME} |
702 | |
703 | === added file 'envrc' |
704 | --- envrc 1970-01-01 00:00:00 +0000 |
705 | +++ envrc 2017-10-19 17:13:30 +0000 |
706 | @@ -0,0 +1,1 @@ |
707 | +eval $(make -f envrc.mk) |
708 | |
709 | === added file 'envrc.mk' |
710 | --- envrc.mk 1970-01-01 00:00:00 +0000 |
711 | +++ envrc.mk 2017-10-19 17:13:30 +0000 |
712 | @@ -0,0 +1,24 @@ |
713 | +DOCKER_REGISTRY = localhost:5000 |
714 | +NAMESPACE = isitdeployable |
715 | +DOMAIN = dpa.k8s |
716 | +DB_EXTERNAL_NAME = db.$(NAMESPACE).svc.cluster.local |
717 | +AMQP_EXTERNAL_NAME = amqp.$(NAMESPACE).svc.cluster.local |
718 | +LP_BOT = $(shell bzr lp-login) |
719 | + |
720 | +.DEFAULT_GOAL := envrc |
721 | + |
722 | +# Quote a string for the shell. |
723 | +quote = '$(subst ','\'',$(1))' |
724 | +# Produce a shell command that exports a shell variable with the value of |
725 | +# the corresponding make variable. We need an extra layer of quoting here |
726 | +# because the echo command itself will expand its arguments. |
727 | +exportvar = echo $(call quote,export $(1)=$(call quote,$($(1)))) |
728 | + |
729 | +.PHONY: envrc |
730 | +envrc: |
731 | + @$(call exportvar,DOCKER_REGISTRY) |
732 | + @$(call exportvar,NAMESPACE) |
733 | + @$(call exportvar,DOMAIN) |
734 | + @$(call exportvar,DB_EXTERNAL_NAME) |
735 | + @$(call exportvar,AMQP_EXTERNAL_NAME) |
736 | + @$(call exportvar,LP_BOT) |
737 | |
738 | === removed file 'scripts/generate-config' |
739 | --- scripts/generate-config 2017-07-31 17:21:03 +0000 |
740 | +++ scripts/generate-config 1970-01-01 00:00:00 +0000 |
741 | @@ -1,27 +0,0 @@ |
742 | -#!/usr/bin/env python3 |
743 | - |
744 | -from os import environ, path |
745 | -from sys import argv, exit |
746 | - |
747 | -from jinja2 import Environment, FileSystemLoader |
748 | -import yaml |
749 | - |
750 | - |
751 | -def main(): |
752 | - template_name = argv[1] |
753 | - env = Environment( |
754 | - loader=FileSystemLoader(path.dirname(path.dirname(__file__)))) |
755 | - template = env.get_template(template_name) |
756 | - |
757 | - config = template.render(**environ) |
758 | - |
759 | - # Test we can load all the documents without error |
760 | - if '.yml' in template_name: |
761 | - list(yaml.load_all(config)) |
762 | - |
763 | - print(config) |
764 | - return 0 |
765 | - |
766 | - |
767 | -if __name__ == '__main__': |
768 | - exit(main()) |
I don't know the underlying system particularly well, but mostly looks OK. Just some comments on the make/shell interface.