anydev/anyway-backend-deployment
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refined deployment config

Browse Source
This commit is contained in:
Remy Moll
2024-09-21 12:58:20 +02:00
parent d9d8aa8e8e
commit 2b8b8390bc
5 changed files with 66 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -40,7 +40,8 @@ kubectl -n <namespace> rollout restart deployment/anyway-backend
### CI/CD and credentials ### CI/CD and credentials
For the deployment to work, the CI runner needs to authenticate against the kubernetes cluster. This is done by creating a service account in the cluster and providing the CI runner with the necessary credentials through a kubeconfig file. This file is stored as a repository secret `KUBE_CONFIG` and is used by the `kubectl` command in the CI pipeline. For the deployment to work, the CI runner needs to authenticate against the kubernetes cluster. This is done by creating a service account in the cluster and providing the CI runner with the necessary credentials through a kubeconfig file. This file is stored as a repository secret `KUBE_CONFIG` and is used by the `kubectl` command in the CI pipeline.
The RBAC configuration for the service included for your reference in the file `rbac.yaml`. The RBAC configuration for the service included for your reference in the file `rbac.yaml`. To use it, extract the token from the secret `deployment-token-secret`.
Then fill in the token and service account name into the kubeconfig.
### Deployment environments ### Deployment environments

2
base/kustomization.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- namespace.yaml # - namespace.yaml
- pvc.yaml - pvc.yaml
- deployment.yaml - deployment.yaml
- service.yaml - service.yaml

3
overlays/prod/kustomization.yaml
View File

@@ -4,7 +4,8 @@ kind: Kustomization
resources: resources:
- ../../base - ../../base
namespace: anyway-prod namespace: anyway-backend
nameSuffix: -prod
images: images:
- name: backend-image - name: backend-image

4
overlays/stg/kustomization.yaml
View File

@@ -4,8 +4,8 @@ kind: Kustomization
resources: resources:
- ../../base - ../../base
namespace: anyway-stg namespace: anyway-backend
nameSuffix: -stg
images: images:
- name: backend-image - name: backend-image
newName: git.kluster.moll.re/anydev/anyway-backend newName: git.kluster.moll.re/anydev/anyway-backend

59
rbac.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: anyway-backend
name: deployment-role
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- pods
- services
- deployments
- ingresses
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: deployment-rolebinding
namespace: anyway-backend
subjects:
- kind: ServiceAccount
name: deployment-sa
namespace: anyway-backend
roleRef:
kind: Role
name: deployment-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: deployment-sa
namespace: anyway-backend
automountServiceAccountToken: false
---
apiVersion: v1
kind: Secret
metadata:
namespace: anyway-backend
name: deployment-token-secret
annotations:
kubernetes.io/service-account.name: deployment-sa
type: kubernetes.io/service-account-token