From 4efd6740f2ad8f9b28078baf6523faf581debb7c Mon Sep 17 00:00:00 2001
From: Roman Morozov <rom@local>
Date: Sun, 21 Jan 2024 14:19:34 -0800
Subject: [PATCH 1/9] chore: consumer ci and charts,deployments
---
.github/workflows/build-images.yaml | 64 +++++++++++++++++++++
packages/cloud/helmfile.yaml | 4 +-
packages/consumer/Chart.yaml | 5 ++
packages/consumer/Dockerfile | 20 +++++++
packages/consumer/templates/Deployment.yaml | 21 +++++++
packages/consumer/templates/_helpers.tpl | 24 ++++++++
packages/consumer/values.yaml | 14 +++++
7 files changed, 151 insertions(+), 1 deletion(-)
create mode 100644 .github/workflows/build-images.yaml
create mode 100644 packages/consumer/Chart.yaml
create mode 100644 packages/consumer/Dockerfile
create mode 100644 packages/consumer/templates/Deployment.yaml
create mode 100644 packages/consumer/templates/_helpers.tpl
create mode 100644 packages/consumer/values.yaml
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
new file mode 100644
index 0000000..eb29f05
--- /dev/null
+++ b/.github/workflows/build-images.yaml
@@ -0,0 +1,64 @@
+name: Build and Push to GHCR
+
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+ paths:
+ - "**/consumer/**"
+ pull_request:
+ branches:
+ - main
+
+jobs:
+ build-and-push:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - name: Check Out Repo
+ uses: actions/checkout@v4
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@v1
+ with:
+ registry: ghcr.io
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Extract metadata (tags, labels) for Docker
+ id: meta
+ uses: docker/metadata-action@v3
+ with:
+ images: ghcr.io/${{ github.repository }}/consumer
+ tags: |
+ type=sha,prefix=commit,length=7
+
+ - name: Build and push to GHCR
+ uses: docker/build-push-action@v2
+ with:
+ context: packages/consumer
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+
+ # - name: Build and push to GHCR
+ # uses: docker/build-push-action@v2
+ # with:
+ # context: packages/consumer
+ # file: ./Dockerfile
+ # push: true
+ # tags: ghcr.io/${{ github.repository }}/consumer:latest
+
+ # - name: Helm Deploy
+ # uses: deliverybot/helm@v1
+ # with:
+ # release: your-release
+ # namespace: your-namespace
+ # chart: ./helm-chart
+ # values: ./helm-chart/values.yaml
+ # token: ${{ secrets.KUBE_TOKEN }}
diff --git a/packages/cloud/helmfile.yaml b/packages/cloud/helmfile.yaml
index a49b00e..2cdfbc3 100644
--- a/packages/cloud/helmfile.yaml
+++ b/packages/cloud/helmfile.yaml
@@ -47,4 +47,6 @@ releases:
service:
omitClusterIP: true
tcp:
- '9092': "default/kafka:9092"
+ "9092": "default/kafka:9092"
+ - name: consumer
+ chart: ../consumer
diff --git a/packages/consumer/Chart.yaml b/packages/consumer/Chart.yaml
new file mode 100644
index 0000000..4ccb0ce
--- /dev/null
+++ b/packages/consumer/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: go
+description: Go Web Application
+version: 1.0.0
+type: application
diff --git a/packages/consumer/Dockerfile b/packages/consumer/Dockerfile
new file mode 100644
index 0000000..a8b35d9
--- /dev/null
+++ b/packages/consumer/Dockerfile
@@ -0,0 +1,20 @@
+# Start from the latest golang base image
+FROM golang:latest
+
+# Set the Current Working Directory inside the container
+WORKDIR /app
+
+# Copy go mod and sum files
+COPY go.mod go.sum ./
+
+# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed
+RUN go mod download
+
+# Copy the source from the current directory to the Working Directory inside the container
+COPY . .
+
+# Build the Go app
+RUN go build -o main .
+
+# Command to run the executable
+CMD ["./main"]
diff --git a/packages/consumer/templates/Deployment.yaml b/packages/consumer/templates/Deployment.yaml
new file mode 100644
index 0000000..7de44dd
--- /dev/null
+++ b/packages/consumer/templates/Deployment.yaml
@@ -0,0 +1,21 @@
+{{ $fullname := include "app.fullname" . }}
+{{ $registry := .Values.image.registry }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ $fullname }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ spec: {{ if and $registry.url $registry.username $registry.password }}
+ imagePullSecrets:
+ - name: {{ include "app.registry" . }} {{ else }} {{ with $imagePullSecrets := .Values.image.pullSecrets }}
+ imagePullSecrets: {{ range $imagePullSecrets }}
+ - name: {{ tpl . $ }} {{ end }} {{ end }} {{ end }}
+
+ containers:
+ - name: go-app
+ image: {{ printf "%s/%s:%s" .Values.image.registry.url .Values.image.repository .Values.image.tag | quote }}
+ env:
+ - name: XPERM
+ value: "1.2.3"
diff --git a/packages/consumer/templates/_helpers.tpl b/packages/consumer/templates/_helpers.tpl
new file mode 100644
index 0000000..7497bc0
--- /dev/null
+++ b/packages/consumer/templates/_helpers.tpl
@@ -0,0 +1,24 @@
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "app.registry" -}}
+{{- printf "%s-%s" .Release.Name "registry" }}
+{{- end }}
+
+{{- define "app.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
diff --git a/packages/consumer/values.yaml b/packages/consumer/values.yaml
new file mode 100644
index 0000000..e372e23
--- /dev/null
+++ b/packages/consumer/values.yaml
@@ -0,0 +1,14 @@
+image:
+ registry:
+ url: ghcr.io/hiberbee
+ username: "fromEnv"
+ password: "fromEnv"
+ repository: vortexia/consumer
+ tag: commit9d918aef
+
+ pullSecrets: []
+
+replicaCount: 1
+
+nameOverride: ""
+fullnameOverride: ""
From b8a06a326425bb75d71beea406cca4062ccaf960 Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:31:49 +0200
Subject: [PATCH 2/9] Added secrets management with env vars & github actions.
Helmfile manifest update
---
.github/workflows/build-images.yaml | 55 +++++++++++++++------
packages/cloud/helmfile.yaml | 6 +++
packages/consumer/templates/Deployment.yaml | 11 +++--
packages/consumer/templates/Secret.yaml | 8 +++
packages/consumer/values.yaml | 5 +-
5 files changed, 64 insertions(+), 21 deletions(-)
create mode 100644 packages/consumer/templates/Secret.yaml
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index eb29f05..fe10e1e 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -12,7 +12,7 @@ on:
- main
jobs:
- build-and-push:
+ build:
runs-on: ubuntu-latest
permissions:
contents: read
@@ -38,6 +38,7 @@ jobs:
images: ghcr.io/${{ github.repository }}/consumer
tags: |
type=sha,prefix=commit,length=7
+ type=raw,value=latest,enable=true
- name: Build and push to GHCR
uses: docker/build-push-action@v2
@@ -46,19 +47,41 @@ jobs:
push: true
tags: ${{ steps.meta.outputs.tags }}
- # - name: Build and push to GHCR
- # uses: docker/build-push-action@v2
- # with:
- # context: packages/consumer
- # file: ./Dockerfile
- # push: true
- # tags: ghcr.io/${{ github.repository }}/consumer:latest
+ deploy:
+ needs: build
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check Out Repo
+ uses: actions/checkout@v4
- # - name: Helm Deploy
- # uses: deliverybot/helm@v1
- # with:
- # release: your-release
- # namespace: your-namespace
- # chart: ./helm-chart
- # values: ./helm-chart/values.yaml
- # token: ${{ secrets.KUBE_TOKEN }}
+ - name: Set up Cloud SDK
+ uses: google-github-actions/setup-gcloud@v0.2.0
+ with:
+ service_account_key: '${{ secrets.GCP_CREDENTIALS }}'
+ project_id: '${{ secrets.GCP_PROJECT_ID }}'
+
+ - name: Get kubernetes config
+ env:
+ USE_GKE_GCLOUD_AUTH_PLUGIN: "true"
+ run: |
+ gcloud components install kubectl
+ gcloud components install gke-gcloud-auth-plugin
+ gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone ${{ secrets.GCP_ZONE }} --project ${{ secrets.GCP_PROJECT_ID }}
+
+ - name: Verify kubernetes config
+ run: |
+ kubectl cluster-info dump
+
+ - name: Apply Helmfile
+ uses: hiberbee/github-action-helm@1.3.0
+ working-directory: packages/cloud
+ env:
+ IMAGE_TAG: '${GITHUB_SHA::7}'
+ DOCKER_USERNAME: '${{ github.repository_owner }}'
+ DOCKER_PASSWORD: '${{ secrets.GITHUB_TOKEN }}'
+ INTERBROKER_PASSWORD: '{{ secrets.INTERBROKER_PASSWORD }}'
+ CONTROLLER_PASSWORD: '{{ secrets.CONTROLLER_PASSWORD }}'
+ KRAFT_CLUSTER_ID: '{{ secrets.KRAFT_CLUSTER_ID }}'
+ with:
+ helmfile: diff
+ helmfile-version: 0.160.0
diff --git a/packages/cloud/helmfile.yaml b/packages/cloud/helmfile.yaml
index 2cdfbc3..c8f7a9c 100644
--- a/packages/cloud/helmfile.yaml
+++ b/packages/cloud/helmfile.yaml
@@ -50,3 +50,9 @@ releases:
"9092": "default/kafka:9092"
- name: consumer
chart: ../consumer
+ values:
+ - image:
+ tag: '{{ requiredEnv "IMAGE_TAG" }}'
+ registry:
+ username: '{{ requiredEnv "DOCKER_USERNAME" }}'
+ password: '{{ requiredEnv "DOCKER_PASSWORD" }}'
diff --git a/packages/consumer/templates/Deployment.yaml b/packages/consumer/templates/Deployment.yaml
index 7de44dd..827e67b 100644
--- a/packages/consumer/templates/Deployment.yaml
+++ b/packages/consumer/templates/Deployment.yaml
@@ -6,13 +6,16 @@ metadata:
name: {{ $fullname }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ $fullname }}
template:
+ metadata:
+ labels:
+ app: {{ $fullname }}
spec: {{ if and $registry.url $registry.username $registry.password }}
imagePullSecrets:
- - name: {{ include "app.registry" . }} {{ else }} {{ with $imagePullSecrets := .Values.image.pullSecrets }}
- imagePullSecrets: {{ range $imagePullSecrets }}
- - name: {{ tpl . $ }} {{ end }} {{ end }} {{ end }}
-
+ - name: {{ include "app.registry" . }} {{ end }}
containers:
- name: go-app
image: {{ printf "%s/%s:%s" .Values.image.registry.url .Values.image.repository .Values.image.tag | quote }}
diff --git a/packages/consumer/templates/Secret.yaml b/packages/consumer/templates/Secret.yaml
new file mode 100644
index 0000000..6cac260
--- /dev/null
+++ b/packages/consumer/templates/Secret.yaml
@@ -0,0 +1,8 @@
+{{ with .Values.image.registry }} {{ if and .url .username .password }}
+kind: Secret
+apiVersion: v1
+metadata:
+ name: {{ include "app.registry" $ }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .url .username .password (printf "%s@%s" $.Values.app.name .url) (printf "%s:%s" .username .password | b64enc) | b64enc | quote }} {{ end }} {{ end }}
diff --git a/packages/consumer/values.yaml b/packages/consumer/values.yaml
index e372e23..775c61f 100644
--- a/packages/consumer/values.yaml
+++ b/packages/consumer/values.yaml
@@ -4,10 +4,13 @@ image:
username: "fromEnv"
password: "fromEnv"
repository: vortexia/consumer
- tag: commit9d918aef
+ tag: latest
pullSecrets: []
+app:
+ name: vortexia
+
replicaCount: 1
nameOverride: ""
From 7565c71ba31acc8534a04b48d30d8145d9226edd Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:32:52 +0200
Subject: [PATCH 3/9] Fixed path to config
---
.github/workflows/build-images.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index fe10e1e..6268033 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -74,7 +74,6 @@ jobs:
- name: Apply Helmfile
uses: hiberbee/github-action-helm@1.3.0
- working-directory: packages/cloud
env:
IMAGE_TAG: '${GITHUB_SHA::7}'
DOCKER_USERNAME: '${{ github.repository_owner }}'
@@ -84,4 +83,5 @@ jobs:
KRAFT_CLUSTER_ID: '{{ secrets.KRAFT_CLUSTER_ID }}'
with:
helmfile: diff
+ helmfile-config: packages/cloud/helmfile.yaml
helmfile-version: 0.160.0
From 801203718e940cf3c9c06a972aa2111bf267e518 Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:35:26 +0200
Subject: [PATCH 4/9] Fixed path to config
---
.github/workflows/build-images.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index 6268033..5be16b6 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -66,7 +66,7 @@ jobs:
run: |
gcloud components install kubectl
gcloud components install gke-gcloud-auth-plugin
- gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone ${{ secrets.GCP_ZONE }} --project ${{ secrets.GCP_PROJECT_ID }}
+ gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone=${{ secrets.GCP_ZONE }} --project=${{ secrets.GCP_PROJECT_ID }}
- name: Verify kubernetes config
run: |
From eb89a4a3d83fef5dd60a9e70501e9d1b870017a6 Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:39:04 +0200
Subject: [PATCH 5/9] Fixed path to config
---
.github/workflows/build-images.yaml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index 5be16b6..b643694 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -63,10 +63,11 @@ jobs:
- name: Get kubernetes config
env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "true"
+ GCP_CLUSTER_NAME: ${{ secrets.GCP_CLUSTER_NAME }}
+ GCP_ZONE: ${{ secrets.GCP_ZONE }}
run: |
- gcloud components install kubectl
gcloud components install gke-gcloud-auth-plugin
- gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone=${{ secrets.GCP_ZONE }} --project=${{ secrets.GCP_PROJECT_ID }}
+ gcloud container clusters get-credentials $GCP_CLUSTER_NAME --zone=$GCP_ZONE
- name: Verify kubernetes config
run: |
From 1101370a57628ee3b883ad71219bd332b7913d8d Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:43:05 +0200
Subject: [PATCH 6/9] Fixed path to config
---
.github/workflows/build-images.yaml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index b643694..f9a8ab6 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -50,6 +50,8 @@ jobs:
deploy:
needs: build
runs-on: ubuntu-latest
+ environment:
+ name: production
steps:
- name: Check Out Repo
uses: actions/checkout@v4
@@ -63,20 +65,22 @@ jobs:
- name: Get kubernetes config
env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "true"
- GCP_CLUSTER_NAME: ${{ secrets.GCP_CLUSTER_NAME }}
- GCP_ZONE: ${{ secrets.GCP_ZONE }}
run: |
gcloud components install gke-gcloud-auth-plugin
- gcloud container clusters get-credentials $GCP_CLUSTER_NAME --zone=$GCP_ZONE
+ gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone=${{ secrets.GCP_ZONE }}
- name: Verify kubernetes config
run: |
kubectl cluster-info dump
+ - name: Get tag name
+ id: tag
+ run: echo "::set-output name=sha::${GITHUB_SHA::7}"
+
- name: Apply Helmfile
uses: hiberbee/github-action-helm@1.3.0
env:
- IMAGE_TAG: '${GITHUB_SHA::7}'
+ IMAGE_TAG: '${{ steps.tag.outputs.name }}'
DOCKER_USERNAME: '${{ github.repository_owner }}'
DOCKER_PASSWORD: '${{ secrets.GITHUB_TOKEN }}'
INTERBROKER_PASSWORD: '{{ secrets.INTERBROKER_PASSWORD }}'
From d9ce3f720304ea9eaf7d8874b052ee9ca838bef7 Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:46:35 +0200
Subject: [PATCH 7/9] Fixed path to config
---
.github/workflows/build-images.yaml | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index f9a8ab6..6418b1f 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -69,16 +69,12 @@ jobs:
gcloud components install gke-gcloud-auth-plugin
gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone=${{ secrets.GCP_ZONE }}
- - name: Verify kubernetes config
- run: |
- kubectl cluster-info dump
-
- name: Get tag name
id: tag
run: echo "::set-output name=sha::${GITHUB_SHA::7}"
- name: Apply Helmfile
- uses: hiberbee/github-action-helm@1.3.0
+ uses: hiberbee/github-action-helm@latest
env:
IMAGE_TAG: '${{ steps.tag.outputs.name }}'
DOCKER_USERNAME: '${{ github.repository_owner }}'
From 421ea274380b062d03bf78c6bac2f7d5970f3e86 Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:51:02 +0200
Subject: [PATCH 8/9] Fixed helmfile version
---
.github/workflows/build-images.yaml | 1 -
packages/cloud/helmfile.lock | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index 6418b1f..71615f3 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -85,4 +85,3 @@ jobs:
with:
helmfile: diff
helmfile-config: packages/cloud/helmfile.yaml
- helmfile-version: 0.160.0
diff --git a/packages/cloud/helmfile.lock b/packages/cloud/helmfile.lock
index 26aee66..a622762 100644
--- a/packages/cloud/helmfile.lock
+++ b/packages/cloud/helmfile.lock
@@ -1,4 +1,4 @@
-version: 0.160.0
+version: 0.144.0
dependencies:
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
From 2b188cae46500520f433a9b55bfdefbf113ae19b Mon Sep 17 00:00:00 2001
From: Vlad Volkov <vlad@peoplevine.com>
Date: Mon, 29 Jan 2024 01:54:01 +0200
Subject: [PATCH 9/9] Fixed tag name
---
.github/workflows/build-images.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index 71615f3..4f0a71c 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -76,7 +76,7 @@ jobs:
- name: Apply Helmfile
uses: hiberbee/github-action-helm@latest
env:
- IMAGE_TAG: '${{ steps.tag.outputs.name }}'
+ IMAGE_TAG: '${{ steps.tag.outputs.sha }}'
DOCKER_USERNAME: '${{ github.repository_owner }}'
DOCKER_PASSWORD: '${{ secrets.GITHUB_TOKEN }}'
INTERBROKER_PASSWORD: '{{ secrets.INTERBROKER_PASSWORD }}'