From d9d8aa8e8e675f8c967e0b8af923777ee040687b Mon Sep 17 00:00:00 2001 From: Remy Moll Date: Fri, 20 Sep 2024 22:09:48 +0200 Subject: [PATCH] update deployment for multi-environment setup --- README.md | 44 ++++++++++++------- deployment.yaml => base/deployment.yaml | 6 +-- ingress.yaml => base/ingress.yaml | 6 +-- kustomization.yaml => base/kustomization.yaml | 8 ---- {memcached => base/memcached}/deployment.yaml | 0 .../memcached}/kustomization.yaml | 0 {memcached => base/memcached}/service.yaml | 0 namespace.yaml => base/namespace.yaml | 0 pvc.yaml => base/pvc.yaml | 0 service.yaml => base/service.yaml | 4 +- overlays/prod/kustomization.yaml | 18 ++++++++ overlays/prod/patch-ingress.yaml | 3 ++ overlays/stg/kustomization.yaml | 18 ++++++++ overlays/stg/patch-ingress.yaml | 3 ++ 14 files changed, 78 insertions(+), 32 deletions(-) rename deployment.yaml => base/deployment.yaml (92%) rename ingress.yaml => base/ingress.yaml (68%) rename kustomization.yaml => base/kustomization.yaml (56%) rename {memcached => base/memcached}/deployment.yaml (100%) rename {memcached => base/memcached}/kustomization.yaml (100%) rename {memcached => base/memcached}/service.yaml (100%) rename namespace.yaml => base/namespace.yaml (100%) rename pvc.yaml => base/pvc.yaml (100%) rename service.yaml => base/service.yaml (72%) create mode 100644 overlays/prod/kustomization.yaml create mode 100644 overlays/prod/patch-ingress.yaml create mode 100644 overlays/stg/kustomization.yaml create mode 100644 overlays/stg/patch-ingress.yaml diff --git a/README.md b/README.md index efe3183..bc378a2 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,49 @@ # Backend deployment -## Overview +The container is built using the Dockerfile and deployed to our own kubernetes cluster. + +Both steps are handled by the CI/CD pipeline: +- First the container is built in the workflow `workflow_build-image.yaml` and pushed to the (local) container registry. +- Then the deployment is handled in the workflow `workflow_deploy-container.yaml` which deploys the container to the kubernetes cluster. Depending on the branch, the deployment is done to the staging or production environment. + -This repository contains the necessary files for deploying the backend application to a kubernetes environment. ## Prerequisites -Before deploying the backend application, ensure that you have the following prerequisites: +For the deployment of the **backend** application, the following prerequisites need to be met: -- Kubernetes cluster with the following components: +- On the cluster side: a Kubernetes cluster with the following components: - ingress controller - storage class -- `kubectl` installed (`kustomize` is usually bundled) +- On the local side: for development and local testing: + - `kubectl` installed + - `kustomize` (usually bundled with `kubectl`) -## Deployment Steps -### Initial deployment +## Manual deployment + +#### Initial deployment To deploy the backend application, follow these steps: -1. Clone this repository: `git clone https://github.com/your-repo.git` -1. Apply the kustomization: `kubectl apply -k .` +1. Clone this repository +1. Apply the desired overly: `kubectl apply -k ` -### Rolling updates -Since the deployment uses the `latest` tag for the backend application, we simply need to trigger a rolling update which will pull the latest image from the registry. To do this, run the following command: +#### Rolling updates +Since the deployment uses a single tag (along with the `always` pull policy) for the backend application, we simply need to trigger a rolling update which will pull the latest image from the registry. To do this, run the following command: ```bash -kubectl -n anyway-backend rollout restart deployment/nav-backend +kubectl -n rollout restart deployment/anyway-backend ``` -## Configuration +## Automated deployment +### CI/CD and credentials +For the deployment to work, the CI runner needs to authenticate against the kubernetes cluster. This is done by creating a service account in the cluster and providing the CI runner with the necessary credentials through a kubeconfig file. This file is stored as a repository secret `KUBE_CONFIG` and is used by the `kubectl` command in the CI pipeline. -The kustomization allows for easy configuration of the backend application. To customize the deployment, modify the `kustomization.yaml` file. +The RBAC configuration for the service included for your reference in the file `rbac.yaml`. -### Memcached -The backend application requires a memcached instance. By default, the kustomization deploys this instance, as configured under `memcached/`. To disable this, comment out the `memcached` overlay in the `kustomization.yaml` file. \ No newline at end of file + +### Deployment environments +The deployment is done to two environments: +- Staging: All builds from forks and pull requests are deployed to the staging environment. This is done to test the changes before merging them to the main branch. +- Production: Only builds from the main branch are deployed to the production environment. This is the live environment that is used by the users. The main branch is protected and can only be merged to through pull requests. diff --git a/deployment.yaml b/base/deployment.yaml similarity index 92% rename from deployment.yaml rename to base/deployment.yaml index acf5f66..762c3b7 100644 --- a/deployment.yaml +++ b/base/deployment.yaml @@ -1,16 +1,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: nav-backend + name: anyway-backend spec: replicas: 1 selector: matchLabels: - app: nav-backend + app: anyway-backend template: metadata: labels: - app: nav-backend + app: anyway-backend spec: containers: - name: worker diff --git a/ingress.yaml b/base/ingress.yaml similarity index 68% rename from ingress.yaml rename to base/ingress.yaml index bc835e7..02672ef 100644 --- a/ingress.yaml +++ b/base/ingress.yaml @@ -1,15 +1,15 @@ kind: IngressRoute apiVersion: traefik.io/v1alpha1 metadata: - name: nav-ingress + name: anyway-ingress spec: entryPoints: - websecure routes: - - match: Host(`anyway.kluster.moll.re`) + - match: Host(`dummy`) kind: Rule services: - - name: nav-service + - name: anyway-backend port: 8000 tls: certResolver: default-tls diff --git a/kustomization.yaml b/base/kustomization.yaml similarity index 56% rename from kustomization.yaml rename to base/kustomization.yaml index 79981e9..f972df4 100644 --- a/kustomization.yaml +++ b/base/kustomization.yaml @@ -1,8 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - -namespace: anyway-backend resources: - namespace.yaml - pvc.yaml @@ -10,9 +8,3 @@ resources: - service.yaml - ingress.yaml - memcached/ - - -images: - - name: backend-image - newName: git.kluster.moll.re/anydev/anyway-backend - newTag: latest diff --git a/memcached/deployment.yaml b/base/memcached/deployment.yaml similarity index 100% rename from memcached/deployment.yaml rename to base/memcached/deployment.yaml diff --git a/memcached/kustomization.yaml b/base/memcached/kustomization.yaml similarity index 100% rename from memcached/kustomization.yaml rename to base/memcached/kustomization.yaml diff --git a/memcached/service.yaml b/base/memcached/service.yaml similarity index 100% rename from memcached/service.yaml rename to base/memcached/service.yaml diff --git a/namespace.yaml b/base/namespace.yaml similarity index 100% rename from namespace.yaml rename to base/namespace.yaml diff --git a/pvc.yaml b/base/pvc.yaml similarity index 100% rename from pvc.yaml rename to base/pvc.yaml diff --git a/service.yaml b/base/service.yaml similarity index 72% rename from service.yaml rename to base/service.yaml index c4e5de3..5fe8866 100644 --- a/service.yaml +++ b/base/service.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: Service metadata: - name: nav-service + name: anyway-backend spec: selector: - app: nav-backend + app: anyway-backend ports: - protocol: TCP port: 8000 diff --git a/overlays/prod/kustomization.yaml b/overlays/prod/kustomization.yaml new file mode 100644 index 0000000..956a70e --- /dev/null +++ b/overlays/prod/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +namespace: anyway-prod + +images: + - name: backend-image + newName: git.kluster.moll.re/anydev/anyway-backend + newTag: stable + +patches: + - path: patch-ingress.yaml + target: + kind: IngressRoute + name: anyway-ingress diff --git a/overlays/prod/patch-ingress.yaml b/overlays/prod/patch-ingress.yaml new file mode 100644 index 0000000..83800fa --- /dev/null +++ b/overlays/prod/patch-ingress.yaml @@ -0,0 +1,3 @@ +- op: replace #action + path: /spec/routes/0/match + value: Host(`anyway.anydev.info`) || Host(`anyway.kluster.moll.re`) diff --git a/overlays/stg/kustomization.yaml b/overlays/stg/kustomization.yaml new file mode 100644 index 0000000..0fd698e --- /dev/null +++ b/overlays/stg/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +namespace: anyway-stg + +images: + - name: backend-image + newName: git.kluster.moll.re/anydev/anyway-backend + newTag: unstable + +patches: + - path: patch-ingress.yaml + target: + kind: IngressRoute + name: anyway-ingress diff --git a/overlays/stg/patch-ingress.yaml b/overlays/stg/patch-ingress.yaml new file mode 100644 index 0000000..0b0418a --- /dev/null +++ b/overlays/stg/patch-ingress.yaml @@ -0,0 +1,3 @@ +- op: replace #action + path: /spec/routes/0/match + value: Host(`anyway-stg.anydev.info`) || Host(`anyway-stg.kluster.moll.re`)