Rework review app deployment to use ingress per deployment

2018-07-28 09:49:30 +10:00 · 2018-07-28 09:49:30 +10:00 · f0d14754a7
commit f0d14754a7
parent 84b8a99a7f
2 changed files with 54 additions and 52 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -50,8 +50,7 @@ build_review_deployment:
  artifacts:
    paths:
    - k8s/deployment.json
-    - k8s/ingress-patch.json
-    - k8s/certificate-patch.json
+    - k8s/ingress.json

 build_2019_image:
  image: docker:git
@ -112,8 +111,8 @@ build_2019_image:
  - kubectl config set-context cluster --cluster=cluster --namespace=rego-review --user=rego-dev/gitlab-sa
  - kubectl config use-context cluster
  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json
-  - kubectl --token "${GL_KUBE_TOKEN}" describe ingress | grep "${CI_COMMIT_REF_SLUG}" || kubectl --token "${GL_KUBE_TOKEN}" patch ingress symposion-app-ingress -p "$(cat k8s/ingress-patch.json)" --type json
-  - kubectl --token "${GL_KUBE_TOKEN}" describe certificate | grep "${CI_COMMIT_REF_SLUG}" || kubectl --token "${GL_KUBE_TOKEN}" patch certificate dev-lca2019-org -p "$(cat k8s/certificate-patch.json)" --type json
+  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/ingress.json
+
  only:
  - /^dev\/.*$/
  environment:
@ -130,6 +129,7 @@ build_2019_image:
  - kubectl config set-context cluster --cluster=cluster --namespace=rego-review --user=rego-dev/gitlab-sa
  - kubectl config use-context cluster
  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json
+  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/ingress.json
  only:
  - /^dev\/.*$/
  when: manual
--- a/k8s/deployment_template.jsonnet
+++ b/k8s/deployment_template.jsonnet
@ -3,6 +3,7 @@ function (slug, sha) {
  local app = "symposion-app-" + slug,
  local namespace = "rego-review",
  local domain = slug + ".dev.lca2019.org",
+  local tls_secret = domain + "-tls",

  "deployment.json":
    {
@ -13,7 +14,7 @@ function (slug, sha) {
          "kind": "Service",
          "metadata": {
            "labels": {
-              "app": "symposion-app",
+              "app":  app,
              "slug": slug
            },
            "name": app,
@ -28,7 +29,7 @@ function (slug, sha) {
              }
            ],
            "selector": {
-              "app": "symposion-app",
+              "app": app,
              "slug": slug
            },
            "sessionAffinity": "None",
@ -40,7 +41,7 @@ function (slug, sha) {
          "kind": "Deployment",
          "metadata": {
            "labels": {
-              "app": "symposion-app",
+              "app": app,
              "slug": slug,
            },
            "name": app,
@ -51,7 +52,7 @@ function (slug, sha) {
            "revisionHistoryLimit": 1,
            "selector": {
              "matchLabels": {
-                "app": "symposion-app",
+                "app": app,
                "slug": slug
              }
            },
@ -65,7 +66,7 @@ function (slug, sha) {
            "template": {
              "metadata": {
                "labels": {
-                  "app": "symposion-app",
+                  "app": app,
                  "slug": slug
                }
              },
@ -148,47 +149,48 @@ function (slug, sha) {
      ],
      "kind": "List"
    },
-  "ingress-patch.json": [
+  "ingress.json":
+    {
+        "kind": "Ingress",
+        "apiVersion": "extensions/v1beta1",
+        "metadata": {
+            "name": app,
+            "namespace": namespace,
+            "annotations": {
+                "certmanager.k8s.io/acme-http01-edit-in-place": "true",
+                "kubernetes.io/ingress.class": "nginx-review",
+                "kubernetes.io/tls-acme": "true"
+            }
+        },
+        "spec": {
+            "backend": {
+                "serviceName": app,
+                "servicePort": 80
+            },
+            "tls": [
+                {
+                    "hosts": [
+                        domain
+                    ],
+                    "secretName": tls_secret,
+                }
+            ],
+            "rules": [
                {
-        "op": "add",
-        "path": "/spec/rules/-",
-        "value": {
                    "host": domain,
                    "http": {
                        "paths": [
                            {
+                                "path": "/",
                                "backend": {
                                    "serviceName": app,
                                    "servicePort": 8000
-                },
-                "path": "/"
+                                }
                            }
                        ]
                    }
                }
-      },
-      {
-        "op": "add",
-        "path": "/spec/tls/0/hosts/-",
-        "value": domain
-      }
-  ],
-   "certificate-patch.json": [
-      {
-        "op": "add",
-        "path": "/spec/acme/config/-",
-        "value": {
-          "domains": [ domain ],
-          "http01": {
-            "ingress": "",
-            "ingressClass": "nginx-review"
-          }
-        }
-      },
-      {
-        "op": "add",
-        "path": "/spec/dnsNames/-",
-        "value": domain
-      }
            ]
        }
+    }
+}