diff --git a/kubernetes/Charts/.gitlab-ci.yml b/kubernetes/Charts/.gitlab-ci.yml new file mode 100644 index 0000000..884cc73 --- /dev/null +++ b/kubernetes/Charts/.gitlab-ci.yml @@ -0,0 +1,122 @@ +image: alpine:latest + +stages: + - test + - staging + - production + +test: + stage: test + script: + - exit 0 + only: + - triggers + - branches + +staging: + stage: staging + script: + - install_dependencies + - ensure_namespace + - install_tiller + - deploy + variables: + KUBE_NAMESPACE: staging + environment: + name: staging + url: http://staging + only: + refs: + - master + kubernetes: active + +production: + stage: production + script: + - install_dependencies + - ensure_namespace + - install_tiller + - deploy + variables: + KUBE_NAMESPACE: production + environment: + name: production + url: http://production + when: manual + only: + refs: + - master + kubernetes: active + +.auto_devops: &auto_devops | + # Auto DevOps variables and functions + [[ "$TRACE" ]] && set -x + export CI_REGISTRY="index.docker.io" + export CI_APPLICATION_REPOSITORY=$CI_REGISTRY/$CI_PROJECT_PATH + export CI_APPLICATION_TAG=$CI_COMMIT_REF_SLUG + export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} + export TILLER_NAMESPACE="kube-system" + + function deploy() { + echo $KUBE_NAMESPACE + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + helm dep build reddit + + # for microservice in $(helm dep ls | grep "file://" | awk '{print $1}') ; do + # SET_VERSION="$SET_VERSION \ --set $microservice.image.tag='$(curl http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/ui/raw/master/VERSION)' " + + helm upgrade --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set ui.image.tag="$(curl http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/ui/raw/master/VERSION)" \ + --set post.image.tag="$(curl http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/post/raw/master/VERSION)" \ + --set comment.image.tag="$(curl http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/comment/raw/master/VERSION)" \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit + } + + function install_dependencies() { + + apk add -U openssl curl tar gzip bash ca-certificates git + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + apk add glibc-2.23-r3.apk + rm glibc-2.23-r3.apk + + curl https://get.helm.sh/helm-v2.14.1-linux-amd64.tar.gz | tar zx + + mv linux-amd64/helm /usr/bin/ + helm version --client + + curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + chmod +x /usr/bin/kubectl + kubectl version --client + } + + function ensure_namespace() { + kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + } + + function install_tiller() { + echo "Checking Tiller..." + helm init --upgrade + kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + echo "" + } + + function delete() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + helm delete "$name" || true + } + +before_script: + - *auto_devops + \ No newline at end of file diff --git a/kubernetes/Charts/comment/.gitlab-ci.yml b/kubernetes/Charts/comment/.gitlab-ci.yml new file mode 100644 index 0000000..0de5eb0 --- /dev/null +++ b/kubernetes/Charts/comment/.gitlab-ci.yml @@ -0,0 +1,175 @@ +image: alpine:latest + +stages: + - build + - test + - review + - release + +build: + stage: build + image: docker:git + services: + - docker:dind + script: + - setup_docker + - build + variables: + DOCKER_DRIVER: overlay2 + only: + - branches + +test: + stage: test + script: + - exit 0 + only: + - branches + +release: + stage: release + image: docker + services: + - docker:dind + script: + - setup_docker + - release + only: + - master + +review: + stage: review + script: + - install_dependencies + - ensure_namespace + - install_tiller + - deploy + variables: + KUBE_NAMESPACE: review + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + url: http://$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + only: + refs: + - branches + kubernetes: active + except: + - master + +.auto_devops: &auto_devops | + [[ "$TRACE" ]] && set -x + export CI_REGISTRY="index.docker.io" + export CI_APPLICATION_REPOSITORY=$CI_REGISTRY/$CI_PROJECT_PATH + export CI_APPLICATION_TAG=$CI_COMMIT_REF_SLUG + export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} + export TILLER_NAMESPACE="kube-system" + + function deploy() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + + if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + + echo "Clone deploy repository..." + git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + + echo "Download helm dependencies..." + helm dep update reddit-deploy/reddit + + echo "Deploy helm release $name to $KUBE_NAMESPACE" + helm upgrade --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag=$CI_APPLICATION_TAG \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit-deploy/reddit/ + } + + function install_dependencies() { + + apk add -U openssl curl tar gzip bash ca-certificates git + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + apk add glibc-2.23-r3.apk + rm glibc-2.23-r3.apk + + curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + export PATH=${PATH}:$HOME/gsutil + + curl https://kubernetes-helm.storage.googleapis.com/helm-v2.9.1-linux-amd64.tar.gz | tar zx + + mv linux-amd64/helm /usr/bin/ + helm version --client + + curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + chmod a+x /usr/bin/sync-repo.sh + + curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + chmod +x /usr/bin/kubectl + kubectl version --client + } + + function setup_docker() { + if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + } + + function ensure_namespace() { + kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + } + + function release() { + + echo "Updating docker images ..." + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + docker pull "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + docker push "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + echo "" + } + + function build() { + + echo "Building Dockerfile-based application..." + echo `git show --format="%h" HEAD | head -1` > build_info.txt + echo `git rev-parse --abbrev-ref HEAD` >> build_info.txt + docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" . + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + echo "Pushing to GitLab Container Registry..." + docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + echo "" + } + + function install_tiller() { + echo "Checking Tiller..." + helm init --upgrade + kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + echo "" + } + +before_script: + - *auto_devops \ No newline at end of file diff --git a/kubernetes/Charts/comment/Chart.yaml b/kubernetes/Charts/comment/Chart.yaml new file mode 100644 index 0000000..b9fcfc5 --- /dev/null +++ b/kubernetes/Charts/comment/Chart.yaml @@ -0,0 +1,7 @@ +name: comment +version: 1.0.0 +description: OTUS reddit application UI +maintainers: + - name: Someone + email: my@mail.com +appVersion: 1.0 \ No newline at end of file diff --git a/kubernetes/Charts/comment/templates/_helpers.tpl b/kubernetes/Charts/comment/templates/_helpers.tpl new file mode 100644 index 0000000..9f74850 --- /dev/null +++ b/kubernetes/Charts/comment/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "comment.fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/Charts/comment/templates/deployment.yaml b/kubernetes/Charts/comment/templates/deployment.yaml new file mode 100644 index 0000000..8736051 --- /dev/null +++ b/kubernetes/Charts/comment/templates/deployment.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + labels: + app: reddit + component: comment + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: reddit + component: comment + release: {{ .Release.Name }} + template: + metadata: + name: comment + labels: + app: reddit + component: comment + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + name: comment + ports: + - containerPort: {{ .Values.service.internalPort }} + name: comment + protocol: TCP + env: + - name: COMMENT_DATABASE_HOST + value: {{ .Values.databaseHost | default (printf "%s-mongodb" .Release.Name) }} \ No newline at end of file diff --git a/kubernetes/Charts/comment/templates/service.yaml b/kubernetes/Charts/comment/templates/service.yaml new file mode 100644 index 0000000..c6ef7b3 --- /dev/null +++ b/kubernetes/Charts/comment/templates/service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "comment.fullname" . }} + labels: + app: reddit + component: comment + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: {{ .Values.service.internalPort }} + selector: + app: reddit + component: comment + release: {{ .Release.Name }} \ No newline at end of file diff --git a/kubernetes/Charts/comment/values.yaml b/kubernetes/Charts/comment/values.yaml new file mode 100644 index 0000000..702bfd0 --- /dev/null +++ b/kubernetes/Charts/comment/values.yaml @@ -0,0 +1,10 @@ +--- +service: + internalPort: 9292 + externalPort: 9292 + +image: + repository: yashkin/comment + tag: latest + +databaseHost: \ No newline at end of file diff --git a/kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml b/kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml new file mode 100644 index 0000000..c0e9a6b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/.gitlab-ci.yml @@ -0,0 +1,19 @@ +image: registry.gitlab.com/charts/alpine-helm + +stages: + - test + - release + +lint: + stage: test + script: + - helm lint . + except: + - master + +release-chart: + stage: release + script: + - curl --request POST --form "token=$CI_JOB_TOKEN" --form ref=master https://gitlab.com/api/v4/projects/2860651/trigger/pipeline + only: + - master diff --git a/kubernetes/Charts/gitlab-omnibus/.helmignore b/kubernetes/Charts/gitlab-omnibus/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/Charts/gitlab-omnibus/CHANGELOG.md b/kubernetes/Charts/gitlab-omnibus/CHANGELOG.md new file mode 100644 index 0000000..c23e6a7 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/CHANGELOG.md @@ -0,0 +1,11 @@ +**0.1.35** +> Upgrade note: +* Due to the change in default access mode, existing users will have to specify `ReadWriteMany` as the access mode. For example: +``` +gitlabDataAccessMode=ReadWriteMany +gitlabRegistryAccessMode=ReadWriteMany +gitlabConfigAccessMode=ReadWriteMany +``` + +* Sets the default access mode for `gitlab-storage`, `gitlab-registry-storage`, and `gitlab-config-storage` to be `ReadWriteOnce` to be compatible with Kubernetes 1.7.0+. +* The parameter name to configure the size of the `gitlab-storage` PVC has changed from `gitlabRailsStorageSize` to `gitlabDataStorageSize`. For backwards compatability, `gitlabRailsStorageSize` will still apply provided `gitlabDataStorageSize` is undefined. \ No newline at end of file diff --git a/kubernetes/Charts/gitlab-omnibus/Chart.yaml b/kubernetes/Charts/gitlab-omnibus/Chart.yaml new file mode 100644 index 0000000..aefe028 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +deprecated: true +description: GitLab Omnibus all-in-one bundle +home: https://about.gitlab.com +icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png +keywords: +- git +- ci +- cd +- deploy +- issue tracker +- code review +- wiki +maintainers: +- email: support@gitlab.com + name: GitLab Inc. +- name: Mark Pundsack +- name: Jason Plum +- name: DJ Mountney +- name: Joshua Lambert +name: gitlab-omnibus +sources: +- http://docs.gitlab.com/ce/install/kubernetes/ +- https://gitlab.com/charts/charts.gitlab.io +tillerVersion: '>=2.5.0' +version: 0.1.37 diff --git a/kubernetes/Charts/gitlab-omnibus/README.md b/kubernetes/Charts/gitlab-omnibus/README.md new file mode 100644 index 0000000..3870232 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/README.md @@ -0,0 +1,24 @@ +# DEPRECATION NOTICE + +This chart is **DEPRECATED**. + +### Replacement + +We have built a set of fully cloud native charts in [gitlab/gitlab](https://gitlab.com/charts/gitlab). +These new charts are designed from the ground up to be performant, flexible, scalable, and resilient. + +We _very strongly_ recommend transitioning, if you are currently using these charts. If you have +never used these charts, _do not now_. + +### Availability + +This project remains visible as an example of how to convert a full monolith application to Kubernetes capable. +[Monolith to Microservice: Pitchforks not included](https://youtu.be/rIUth_KrJdw?list=PLj6h78yzYM2PZf9eA7bhWnIh_mK1vyOfU) (video) +details the work done to break this monolithic container into component parts. + +# GitLab-Omnibus Helm Chart + +This chart is an easy way to get started with GitLab on Kubernetes. It includes everything needed to run GitLab, including: a Runner, Container Registry, automatic SSL, and an Ingress. + +For more information, please review [our documentation](http://docs.gitlab.com/ee/install/kubernetes/gitlab_omnibus.html). + diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml new file mode 100644 index 0000000..c0e9a6b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.gitlab-ci.yml @@ -0,0 +1,19 @@ +image: registry.gitlab.com/charts/alpine-helm + +stages: + - test + - release + +lint: + stage: test + script: + - helm lint . + except: + - master + +release-chart: + stage: release + script: + - curl --request POST --form "token=$CI_JOB_TOKEN" --form ref=master https://gitlab.com/api/v4/projects/2860651/trigger/pipeline + only: + - master diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml new file mode 100644 index 0000000..6c54279 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/Chart.yaml @@ -0,0 +1,16 @@ +description: GitLab Runner +icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png +keywords: +- git +- ci +- deploy +maintainers: +- email: support@gitlab.com + name: GitLab Inc. +- email: dj@gitlab.com + name: DJ Mountney +name: gitlab-runner +sources: +- https://hub.docker.com/r/gitlab/gitlab-runner/ +- https://docs.gitlab.com/runner/ +version: 0.1.13 diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md new file mode 100644 index 0000000..a05c351 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/README.md @@ -0,0 +1,3 @@ +# GitLab Runner Helm Chart + +This chart deploys a GitLab Runner instance into your Kubernetes cluster. For more information, please review [our documentation](http://docs.gitlab.com/ee/install/kubernetes/gitlab_runner_chart.html). \ No newline at end of file diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt new file mode 100644 index 0000000..af5a074 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/NOTES.txt @@ -0,0 +1,27 @@ +{{- if include "gitlabUrl" . }} +{{- if or (default "" .Values.runnerRegistrationToken) (default "" .Values.runnerToken) }} +Your GitLab Runner should now be registered against the GitLab instance reachable at: {{ template "gitlabUrl" . }} +{{- else -}} +############################################################################## +## WARNING: You did not specify an runnerRegistrationToken in your 'helm install' call. ## +############################################################################## + +This deployment will be incomplete until you provide the Registration Token for your +GitLab instance: + + helm upgrade {{ .Release.Name }} \ + --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ + stable/gitlab-runner +{{- end -}} +{{- else -}} +############################################################################## +## WARNING: You did not specify an gitlabUrl in your 'helm install' call. ## +############################################################################## + +This deployment will be incomplete until you provide the URL that your +GitLab instance is reachable at: + + helm upgrade {{ .Release.Name }} \ + --set gitlabUrl=http://gitlab.your-domain.com,runnerRegistrationToken=your-registration-token \ + stable/gitlab-runner +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl new file mode 100644 index 0000000..4641b02 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_cache_s3.tpl @@ -0,0 +1,26 @@ +{{- define "cache_s3" }} +- name: CACHE_TYPE + value: {{ default "" .Values.runners.cache.cacheType | quote }} +- name: S3_SERVER_ADDRESS + value: {{ default "" .Values.runners.cache.s3ServerAddress | quote }} +- name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: s3access + key: accessKey +- name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: s3access + key: secretKey +- name: S3_BUCKET_NAME + value: {{ default "" .Values.runners.cache.s3BucketName | quote }} +- name: S3_BUCKET_LOCATION + value: {{ default "" .Values.runners.cache.s3BucketLocation | quote }} +- name: S3_CACHE_INSECURE + value: {{ default "" .Values.runners.cache.s3CacheInsecure | quote }} +- name: S3_CACHE_PATH + value: {{ default "" .Values.runners.cache.s3CachePath | quote }} +- name: CACHE_SHARED + value: {{ default "" .Values.runners.cache.cacheShared | quote }} +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl new file mode 100644 index 0000000..ec4c5bd --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Template for outputing the gitlabUrl +*/}} +{{- define "gitlabUrl" -}} +{{- .Values.gitlabUrl | quote -}} +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml new file mode 100644 index 0000000..059f2d6 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/configmap.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + entrypoint: | + #!/bin/bash + + set -xe + + cp /scripts/config.toml /etc/gitlab-runner/ + + # Register the runner + /entrypoint register --non-interactive \ + --executor kubernetes \ + {{- range .Values.runners.imagePullSecrets }} + --kubernetes-image-pull-secrets {{ . | quote }} \ + {{- end }} + + # Start the runner + /entrypoint run --user=gitlab-runner \ + --working-directory=/home/gitlab-runner + config.toml: | + concurrent = {{ .Values.concurrent }} + check_interval = {{ .Values.checkInterval }} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml new file mode 100644 index 0000000..53985af --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/deployment.yaml @@ -0,0 +1,122 @@ +{{- if and (include "gitlabUrl" .) (or (default "" .Values.runnerRegistrationToken) (default "" .Values.runnerToken)) }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ if .Values.rbac.create }}{{ template "fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + containers: + - name: {{ template "fullname" . }} + image: {{ .Values.image }} + {{- if and .Values.unregisterRunners .Values.runnerRegistrationToken }} + lifecycle: + preStop: + exec: + command: ["gitlab-runner", "unregister", "--all-runners"] + {{- end }} + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + command: ["/bin/bash", "/scripts/entrypoint"] + env: + - name: CI_SERVER_URL + value: {{ template "gitlabUrl" . }} + - name: CI_SERVER_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }} + key: runner-token + - name: REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }} + key: runner-registration-token + - name: KUBERNETES_IMAGE + value: {{ .Values.runners.image | quote }} + {{ if .Values.runners.privileged }} + - name: KUBERNETES_PRIVILEGED + value: "true" + {{ end }} + - name: KUBERNETES_NAMESPACE + value: {{ default .Release.Namespace .Values.runners.namespace | quote }} + - name: KUBERNETES_CPU_LIMIT + value: {{ default "" .Values.runners.builds.cpuLimit | quote }} + - name: KUBERNETES_MEMORY_LIMIT + value: {{ default "" .Values.runners.builds.memoryLimit | quote }} + - name: KUBERNETES_CPU_REQUEST + value: {{ default "" .Values.runners.builds.cpuRequests | quote }} + - name: KUBERNETES_MEMORY_REQUEST + value: {{ default "" .Values.runners.builds.memoryRequests| quote }} + - name: KUBERNETES_SERVICE_CPU_LIMIT + value: {{ default "" .Values.runners.services.cpuLimit | quote }} + - name: KUBERNETES_SERVICE_MEMORY_LIMIT + value: {{ default "" .Values.runners.services.memoryLimit | quote }} + - name: KUBERNETES_SERVICE_CPU_REQUEST + value: {{ default "" .Values.runners.services.cpuRequests | quote }} + - name: KUBERNETES_SERVICE_MEMORY_REQUEST + value: {{ default "" .Values.runners.services.memoryRequests | quote }} + - name: KUBERNETES_HELPERS_CPU_LIMIT + value: {{ default "" .Values.runners.helpers.cpuLimit | quote }} + - name: KUBERNETES_HELPERS_MEMORY_LIMIT + value: {{ default "" .Values.runners.helpers.memoryLimit | quote }} + - name: KUBERNETES_HELPERS_CPU_REQUEST + value: {{ default "" .Values.runners.helpers.cpuRequests | quote }} + - name: KUBERNETES_HELPERS_MEMORY_REQUEST + value: {{ default "" .Values.runners.helpers.memoryRequests | quote }} + {{- if .Values.runners.cache -}} + {{ include "cache_s3" . | indent 8 }} + {{- end }} + livenessProbe: + exec: + command: ["/usr/bin/pgrep","gitlab.*runner"] + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: ["/usr/bin/pgrep","gitlab.*runner"] + initialDelaySeconds: 10 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: scripts + mountPath: /scripts + {{- if .Values.certsSecretName }} + - name: custom-certs + readOnly: true + mountPath: /etc/gitlab-runner/certs/ + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + volumes: + {{ if .Values.runners.privileged }} + - name: var-run-docker-sock + hostPath: + path: /var/run/docker.sock + {{ end }} + {{- if .Values.certsSecretName }} + - name: custom-certs + secret: + secretName: {{ .Values.certsSecretName }} + {{- end }} + - name: scripts + configMap: + name: {{ template "fullname" . }} +{{ else }} +{{ end }} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml new file mode 100644 index 0000000..c1044eb --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role-binding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRoleBinding"{{ else }}"RoleBinding"{{ end }} +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }} + name: {{ template "fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: "{{ .Release.Namespace }}" +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml new file mode 100644 index 0000000..ecb0ba2 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/role.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }} +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: [""] + resources: ["*"] + verbs: ["*"] +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml new file mode 100644 index 0000000..de1adec --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + runner-registration-token: {{ default "" .Values.runnerRegistrationToken | b64enc | quote }} + runner-token: {{ default "" .Values.runnerToken | b64enc | quote }} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml new file mode 100644 index 0000000..1d049fd --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/templates/service-account.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml new file mode 100644 index 0000000..d6fac7e --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/charts/gitlab-runner/values.yaml @@ -0,0 +1,144 @@ +## GitLab Runner Image +## ref: https://hub.docker.com/r/gitlab/gitlab-runner/tags/ +## +image: gitlab/gitlab-runner:alpine-v10.3.0 + +## Specify a imagePullPolicy +## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +# imagePullPolicy: + +## The GitLab Server URL (with protocol) that want to register the runner against +## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-register +## +# gitlabUrl: http://gitlab.your-domain.com/ + +## The Registration Token for adding new Runners to the GitLab Server. This must +## be retreived from your GitLab Instance. +## ref: https://docs.gitlab.com/ce/ci/runners/README.html#creating-and-registering-a-runner +## +# runnerRegistrationToken: "" + +## The Runner Token for adding new Runners to the GitLab Server. This must +## be retreived from your GitLab Instance. It is token of already registered runner. +## ref: (we don't yet have docs for that, but we want to use existing token) +## +# runnerToken: "" + +## Unregister all runners before termination +## +## Updating the runner's chart version or configuration will cause the runner container +## to be terminated and created again. This may cause your Gitlab instance to reference +## non-existant runners. Un-registering the runner before termination mitigates this issue. +## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister +## +unregisterRunners: true + +## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use +## Provide resource name for a Kubernetes Secret Object in the same namespace, +## this is used to populate the /etc/gitlab-runner/certs directory +## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates +## +# certsSecretName: + +## Configure the maximum number of concurrent jobs +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +concurrent: 10 + +## Defines in seconds how often to check GitLab for a new builds +## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section +## +checkInterval: 30 + +## For RBAC support: +rbac: + create: false + + ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs + ## cluster-wide or only within namespace + clusterWideAccess: false + + ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create) + ## + # serviceAccountName: default + +## Configuration for the Pods that that the runner launches for each new job +## +runners: + ## Default container image to use for builds when none is specified + ## + image: ubuntu:16.04 + + ## Specify one or more imagePullSecrets + ## + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # imagePullSecrets: [] + + ## Run all containers with the privileged flag enabled + ## This will allow the docker:dind image to run if you need to run Docker + ## commands. Please read the docs before turning this on: + ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-docker-dind + ## + privileged: false + + ## Namespace to run Kubernetes jobs in (defaults to the same namespace of this release) + ## + # namespace: + + ## Distributed runners caching + ## ref: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md#distributed-runners-caching + ## + ## Create a secret 's3access' containing 'accessKey' & 'secretKey' + ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ + ## + ## $ kubectl create secret generic s3access --\ + ## --from-literal=accessKey="YourAccessKey" \ + ## --from-literal=secretKey="YourSecretKey" + ## ref: https://kubernetes.io/docs/concepts/configuration/secret/ + ## + cache: {} + # cacheType: s3 + # s3ServerAddress: s3.amazonaws.com + # s3BucketName: + # s3BucketLocation: + # s3CacheInsecure: false + # s3CachePath: "gitlab_runner" + # cacheShared: true + + ## Build Container specific configuration + ## + builds: {} + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Service Container specific configuration + ## + services: {} + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Helper Container specific configuration + ## + helpers: {} + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} + # limits: + # memory: 256Mi + # cpu: 200m + # requests: + # memory: 128Mi + # cpu: 100m diff --git a/kubernetes/Charts/gitlab-omnibus/requirements.lock b/kubernetes/Charts/gitlab-omnibus/requirements.lock new file mode 100644 index 0000000..0125b10 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.1.13 +digest: sha256:0aee2695db7d33f0d894372aedde81e5675c72ac058393f3c0f29182b15b5065 +generated: 2019-07-03T15:47:21.235708572Z diff --git a/kubernetes/Charts/gitlab-omnibus/requirements.yaml b/kubernetes/Charts/gitlab-omnibus/requirements.yaml new file mode 100644 index 0000000..a13ac14 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: gitlab-runner + version: 0.1.13 + repository: https://charts.gitlab.io/ diff --git a/kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt b/kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt new file mode 100644 index 0000000..410e5fc --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/NOTES.txt @@ -0,0 +1,28 @@ +{{- if and (default "" .Values.baseDomain) (default "" .Values.legoEmail) }} + It may take several minutes for GitLab to reconfigure. + You can watch the status by running `kubectl get deployment -w {{ template "fullname" . }} --namespace {{ .Release.Namespace }} + + {{- if .Values.baseIP }} + Make sure to configure DNS with something like: + *.{{ .Values.baseDomain }} 300 IN A {{ .Values.baseIP }} + {{- else }} + You did not specify a baseIP so one will be assigned for you. + It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc -w --namespace nginx-ingress nginx', then: + + export SERVICE_IP=$(kubectl get svc --namespace nginx-ingress nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + + Then make sure to configure DNS with something like: + *.{{ .Values.baseDomain }} 300 IN A $SERVICE_IP + {{- end }} +{{- else }} +#################################################################################################### +## WARNING: You did not specify an baseDomain, gitlab-runner.gitlabUrl, and legoEmail in your 'helm install' call. ## +#################################################################################################### + +This deployment will be incomplete until you provide these variables: + +$ helm upgrade {{ .Release.Name }} \ + --set baseDomain=example.com,gitlab-runner.gitlabUrl=https://gitlab.example.com,legoEmail=you@example.com \ + gitlab/kubernetes-gitlab-demo +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl b/kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl new file mode 100644 index 0000000..5dfb005 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/_helpers.tpl @@ -0,0 +1,45 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified postgresql name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- $appName := (include "fullname" .) | trunc 54 | trimSuffix "-" -}} +{{- printf "%s-%s" $appName "postgresql" -}} +{{- end -}} + +{{/* +Create a default fully qualified redis name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redis.fullname" -}} +{{- $appName := (include "fullname" .) | trunc 57 | trimSuffix "-" -}} +{{- printf "%s-%s" $appName "redis" -}} +{{- end -}} + +{{/* +Template for outputing the gitlabUrl +*/}} +{{- define "gitlabUrl" -}} +{{- if .Values.gitlabUrl -}} +{{- .Values.gitlabUrl | quote -}} +{{- else -}} +{{- printf "http://%s-gitlab.%s:8005/" .Release.Name .Release.Namespace | quote -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml new file mode 100644 index 0000000..b692811 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/fast-storage/storage.yaml @@ -0,0 +1,20 @@ +{{- if (eq .Values.provider "gke") }} +kind: StorageClass +apiVersion: {{ if .Capabilities.APIVersions.Has "storage.k8s.io/v1" }}storage.k8s.io/v1{{ else }}storage.k8s.io/v1beta1{{ end }} +metadata: + name: {{ template "fullname" . }}-fast + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + storageclass.beta.kubernetes.io/is-default-class: "false" + labels: + kubernetes.io/cluster-service: "true" +{{- if eq .Values.provider "gke" }} +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-ssd +{{- end }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml new file mode 100644 index 0000000..a7618c2 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab-config.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-config + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + external_scheme: http + external_hostname: {{ template "fullname" . }} + registry_external_scheme: https + registry_external_hostname: registry.{{ .Values.baseDomain }} + mattermost_external_scheme: https + mattermost_external_hostname: mattermost.{{ .Values.baseDomain }} + mattermost_app_uid: {{ .Values.mattermostAppUID }} + postgres_user: gitlab + postgres_db: gitlab_production +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }}-secrets + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + postgres_password: {{ .Values.postgresPassword }} + initial_shared_runners_registration_token: {{ default "" .Values.initialSharedRunnersRegistrationToken | b64enc | quote }} + mattermost_app_secret: {{ .Values.mattermostAppSecret | b64enc | quote }} +{{- if .Values.gitlabEELicense }} + gitlab_ee_license: {{ .Values.gitlabEELicense | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml new file mode 100644 index 0000000..1ec6c38 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-config-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }}-config-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.gitlabConfigStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabConfigStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.gitlabConfigAccessMode | quote }} + resources: + requests: + storage: {{ default "1Gi" .Values.gitlabConfigStorageSize }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml new file mode 100644 index 0000000..606656f --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-deployment.yaml @@ -0,0 +1,246 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + name: {{ template "fullname" . }} + spec: + containers: + - name: gitlab + {{- if eq .Values.gitlab "ee" }} + image: {{ .Values.gitlabEEImage }} + {{- else }} + image: {{ .Values.gitlabCEImage }} + {{- end }} + imagePullPolicy: IfNotPresent + command: ["/bin/bash", "-c", + "sed -i \"s/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password/environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password, 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] })/g\" /opt/gitlab/embedded/cookbooks/gitlab/recipes/database_migrations.rb && echo 'gitlab-omnibus-helm-chart' > /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE && exec /assets/wrapper"] + env: + - name: GITLAB_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: external_scheme + - name: GITLAB_EXTERNAL_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: external_hostname + - name: GITLAB_REGISTRY_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: registry_external_scheme + - name: GITLAB_REGISTRY_EXTERNAL_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: registry_external_hostname + - name: GITLAB_MATTERMOST_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: mattermost_external_scheme + - name: GITLAB_MATTERMOST_EXTERNAL_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: mattermost_external_hostname + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: postgres_password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_db + - name: GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: initial_shared_runners_registration_token + - name: MATTERMOST_APP_UID + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: mattermost_app_uid + - name: MATTERMOST_APP_SECRET + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: mattermost_app_secret + {{- if .Values.gitlabEELicense }} + - name: GITLAB_EE_LICENSE + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: gitlab_ee_license + {{- end }} + {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain }} + - name: PAGES_EXTERNAL_SCHEME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: pages_external_scheme + - name: PAGES_EXTERNAL_DOMAIN + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: pages_external_domain + {{- end }} + - name: GITLAB_OMNIBUS_CONFIG + value: | + external_url "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}" + registry_external_url "#{ENV['GITLAB_REGISTRY_EXTERNAL_SCHEME']}://#{ENV['GITLAB_REGISTRY_EXTERNAL_HOSTNAME']}" + mattermost_external_url "#{ENV['GITLAB_MATTERMOST_EXTERNAL_SCHEME']}://#{ENV['GITLAB_MATTERMOST_EXTERNAL_HOSTNAME']}" + + gitlab_rails['initial_shared_runners_registration_token'] = ENV['GITLAB_INITIAL_SHARED_RUNNERS_REGISTRATION_TOKEN'] + + nginx['enable'] = false + registry_nginx['enable'] = false + mattermost_nginx['enable'] = false + + gitlab_workhorse['listen_network'] = 'tcp' + gitlab_workhorse['listen_addr'] = '0.0.0.0:8005' + + mattermost['service_address'] = '0.0.0.0' + mattermost['service_port'] = '8065' + + registry['registry_http_addr'] = '0.0.0.0:8105' + + postgresql['enable'] = false + gitlab_rails['db_host'] = '{{ template "postgresql.fullname" . }}' + gitlab_rails['db_password'] = ENV['POSTGRES_PASSWORD'] + gitlab_rails['db_username'] = ENV['POSTGRES_USER'] + gitlab_rails['db_database'] = ENV['POSTGRES_DB'] + + redis['enable'] = false + gitlab_rails['redis_host'] = '{{ template "redis.fullname" . }}' + + mattermost['file_directory'] = '/gitlab-data/mattermost'; + mattermost['sql_driver_name'] = 'postgres'; + mattermost['sql_data_source'] = "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=mattermost_production password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable"; + mattermost['gitlab_enable'] = true; + mattermost['gitlab_secret'] = ENV['MATTERMOST_APP_SECRET']; + mattermost['gitlab_id'] = ENV['MATTERMOST_APP_UID']; + mattermost['gitlab_scope'] = ''; + mattermost['gitlab_auth_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/authorize"; + mattermost['gitlab_token_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/oauth/token"; + mattermost['gitlab_user_api_endpoint'] = "#{ENV['GITLAB_EXTERNAL_SCHEME']}://#{ENV['GITLAB_EXTERNAL_HOSTNAME']}/api/v4/user" + + manage_accounts['enable'] = true + manage_storage_directories['manage_etc'] = false + + if ENV['PAGES_EXTERNAL_SCHEME'] && ENV['PAGES_EXTERNAL_DOMAIN'] + pages_external_url "#{ENV['PAGES_EXTERNAL_SCHEME']}://#{ENV['PAGES_EXTERNAL_DOMAIN']}/" + gitlab_pages['enable'] = true + gitlab_pages['listen_proxy'] = "0.0.0.0:8090" + end + + gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys' + git_data_dirs({ "default" => { "path" => "/gitlab-data/git-data" } }) + gitlab_rails['shared_path'] = '/gitlab-data/shared' + gitlab_rails['uploads_directory'] = '/gitlab-data/uploads' + gitlab_ci['builds_directory'] = '/gitlab-data/builds' + gitlab_rails['registry_path'] = '/gitlab-registry' + gitlab_rails['trusted_proxies'] = ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"] + + prometheus['listen_address'] = '0.0.0.0:9090' + postgres_exporter['enable'] = true + postgres_exporter['env'] = { + 'DATA_SOURCE_NAME' => "user=#{ENV['POSTGRES_USER']} host={{ template "postgresql.fullname" . }} port=5432 dbname=#{ENV['POSTGRES_DB']} password=#{ENV['POSTGRES_PASSWORD']} sslmode=disable" + } + redis_exporter['enable'] = true + redis_exporter['flags'] = { + 'redis.addr' => "{{ template "redis.fullname" . }}:6379", + } + +{{ .Values.omnibusConfigRuby | default "" | indent 12 }} + - name: GITLAB_POST_RECONFIGURE_CODE + value: | + include Gitlab::CurrentSettings + + Doorkeeper::Application.where(uid: ENV["MATTERMOST_APP_UID"]).first_or_create( + name: "GitLab Mattermost", + secret: ENV["MATTERMOST_APP_SECRET"], + redirect_uri: "#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/signup/gitlab/complete\r\n#{ENV["GITLAB_MATTERMOST_EXTERNAL_SCHEME"]}://#{ENV["GITLAB_MATTERMOST_EXTERNAL_HOSTNAME"]}/login/gitlab/complete") + + PrometheusService.where(template: true).first_or_create( + active: true, api_url: "http://localhost:9090") + + KubernetesService.where(template: true).first_or_create( + active: true, + api_url: "https://#{ENV["KUBERNETES_SERVICE_HOST"]}:#{ENV["KUBERNETES_SERVICE_PORT"]}", + token: File.read("/var/run/secrets/kubernetes.io/serviceaccount/token"), + ca_pem: File.read("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")) + + Gitlab::CurrentSettings.current_application_settings.update_attribute(:health_check_access_token, '{{.Values.healthCheckToken}}') + + {{- if .Values.gitlabEELicense }} + License.first_or_create(data: "#{ENV["GITLAB_EE_LICENSE"]}") + {{- end }} + - name: GITLAB_POST_RECONFIGURE_SCRIPT + value: | + /opt/gitlab/bin/gitlab-rails runner -e production "$GITLAB_POST_RECONFIGURE_CODE" + ports: + - name: registry + containerPort: 8105 + - name: mattermost + containerPort: 8065 + - name: workhorse + containerPort: 8005 + - name: ssh + containerPort: 22 + - name: prometheus + containerPort: 9090 + {{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain }} + - name: pages + containerPort: 8090 + {{- end }} + volumeMounts: + - name: config + mountPath: /etc/gitlab + - name: data + mountPath: /gitlab-data + subPath: gitlab-data + - name: registry + mountPath: /gitlab-registry + livenessProbe: + httpGet: + path: /health_check?token={{.Values.healthCheckToken}} + port: 8005 + initialDelaySeconds: 180 + timeoutSeconds: 15 + readinessProbe: + httpGet: + path: /health_check?token={{.Values.healthCheckToken}} + port: 8005 + initialDelaySeconds: 15 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-storage + - name: registry + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-registry-storage + - name: config + persistentVolumeClaim: + claimName: {{ template "fullname" . }}-config-storage diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml new file mode 100644 index 0000000..45fd8eb --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-storage.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }}-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.gitlabDataStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabDataStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.gitlabDataAccessMode | quote }} + resources: + requests: + # Fallback to supporting older value: gitlabRailsStorageSize when the new one is not set + storage: {{ coalesce .Values.gitlabDataStorageSize .Values.gitlabRailsStorageSize "30Gi" }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }}-registry-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.gitlabRegistryStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.gitlabRegistryStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.gitlabRegistryAccessMode | quote }} + resources: + requests: + storage: {{ default "30Gi" .Values.gitlabRegistryStorageSize }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml new file mode 100644 index 0000000..3d872fa --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/gitlab-svc.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + name: {{ template "fullname" . }} + ports: + - name: ssh + port: 22 + targetPort: ssh + - name: mattermost + port: 8065 + targetPort: mattermost + - name: registry + port: 8105 + targetPort: registry + - name: workhorse + port: 8005 + targetPort: workhorse + - name: prometheus + port: 9090 + targetPort: prometheus + - name: web + port: 80 + targetPort: workhorse \ No newline at end of file diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml new file mode 100644 index 0000000..a965a0e --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-initdb + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + 01_create_mattermost_production.sql: | + CREATE DATABASE mattermost_production WITH OWNER gitlab; diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml new file mode 100644 index 0000000..5ddd4ba --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + name: {{ template "postgresql.fullname" . }} + spec: + containers: + - name: postgresql + image: {{ .Values.postgresImage }} + imagePullPolicy: IfNotPresent + env: + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "fullname" . }}-secrets + key: postgres_password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }}-config + key: postgres_db + - name: DB_EXTENSION + value: pg_trgm + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - name: postgres + containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: data + subPath: postgres + - mountPath: /docker-entrypoint-initdb.d + name: initdb + readOnly: true + livenessProbe: + exec: + command: + - pg_isready + - -h + - localhost + - -U + - postgres + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - pg_isready + - -h + - localhost + - -U + - postgres + initialDelaySeconds: 5 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ if .Values.postgresDedicatedStorage }} {{ template "postgresql.fullname" . }}-storage {{ else }} {{ template "fullname" . }}-storage {{ end }} + - name: initdb + configMap: + name: {{ template "postgresql.fullname" . }}-initdb diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml new file mode 100644 index 0000000..71ce994 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-storage.yaml @@ -0,0 +1,25 @@ +{{- if .Values.postgresDedicatedStorage }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "postgresql.fullname" . }}-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.postgresStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.postgresStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.postgresAccessMode | quote }} + resources: + requests: + storage: {{ default "30Gi" .Values.postgresStorageSize }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml new file mode 100644 index 0000000..b9d3171 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/postgresql-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + ports: + - name: postgres + port: 5432 + targetPort: postgres + selector: + name: {{ template "postgresql.fullname" . }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml new file mode 100644 index 0000000..c3c8dd5 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "redis.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + name: {{ template "redis.fullname" . }} + app: {{ template "fullname" . }} + spec: + containers: + - name: redis + image: {{ .Values.redisImage }} + imagePullPolicy: IfNotPresent + ports: + - name: redis + containerPort: 6379 + volumeMounts: + - mountPath: /var/lib/redis + name: data + subPath: redis + livenessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 5 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ if .Values.redisDedicatedStorage }} {{ template "redis.fullname" . }}-storage {{ else }} {{ template "fullname" . }}-storage {{ end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml new file mode 100644 index 0000000..6c1cbdc --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-storage.yaml @@ -0,0 +1,25 @@ +{{- if .Values.redisDedicatedStorage }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "redis.fullname" . }}-storage + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- if .Values.redisStorageClass }} + volume.beta.kubernetes.io/storage-class: {{ .Values.redisStorageClass | quote }} + {{- else if (eq .Values.provider "gke") }} + volume.beta.kubernetes.io/storage-class: {{ template "fullname" . }}-fast + {{- else }} + volume.alpha.kubernetes.io/storage-class: default + {{- end }} +spec: + accessModes: + - {{ default "ReadWriteOnce" .Values.redisAccessMode | quote }} + resources: + requests: + storage: {{ default "5Gi" .Values.redisStorageSize }} +{{- end }} diff --git a/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml new file mode 100644 index 0000000..a039c7d --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/gitlab/redis-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + name: {{ template "redis.fullname" . }} + ports: + - name: redis + port: 6379 + targetPort: redis diff --git a/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml new file mode 100644 index 0000000..e1900d6 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-ingress.yaml @@ -0,0 +1,50 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: "nginx" +spec: + tls: + - hosts: + - gitlab.{{ .Values.baseDomain }} + - registry.{{ .Values.baseDomain }} + - mattermost.{{ .Values.baseDomain }} + - prometheus.{{ .Values.baseDomain }} + secretName: gitlab-tls + rules: + - host: {{ template "fullname" . }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8005 + - host: registry.{{ .Values.baseDomain }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8105 + - host: mattermost.{{ .Values.baseDomain }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8065 + - host: prometheus.{{ .Values.baseDomain }} + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 9090 +--- diff --git a/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml new file mode 100644 index 0000000..34cbf75 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/ingress/gitlab-pages-ingress.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.pagesExternalScheme .Values.pagesExternalDomain}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "fullname" . }}-pages + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + kubernetes.io/ingress.class: "nginx" +spec: + {{- if .Values.pagesTlsSecret }} + tls: + - hosts: + - "*.{{ .Values.pagesExternalDomain }}" + secretName: {{ .Values.pagesTlsSecret }} + {{- end }} + rules: + - host: "*.{{ .Values.pagesExternalDomain }}" + http: + paths: + - path: / + backend: + serviceName: {{ template "fullname" . }} + servicePort: 8090 +{{- end }} +--- diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml new file mode 100644 index 0000000..be95521 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/00-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kube-lego diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml new file mode 100644 index 0000000..0b8c74e --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +metadata: + name: kube-lego + namespace: kube-lego +data: + # modify this to specify your address + lego.email: "{{ .Values.legoEmail }}" + # configure letencrypt's production api + lego.url: "https://acme-v01.api.letsencrypt.org/directory" +kind: ConfigMap diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml new file mode 100644 index 0000000..eb623a8 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/lego/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: kube-lego + namespace: kube-lego +spec: + replicas: 1 + template: + metadata: + labels: + app: kube-lego + spec: + containers: + - name: kube-lego + image: jetstack/kube-lego:0.1.6 + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: LEGO_EMAIL + valueFrom: + configMapKeyRef: + name: kube-lego + key: lego.email + - name: LEGO_URL + valueFrom: + configMapKeyRef: + name: kube-lego + key: lego.url + - name: LEGO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LEGO_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 1 diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml new file mode 100644 index 0000000..4b60fec --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/00-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-ingress diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml new file mode 100644 index 0000000..e85a70f --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + proxy-connect-timeout: "15" + proxy-read-timeout: "600" + proxy-send-timeout: "600" + hsts-include-subdomains: "false" + proxy-body-size: "1024m" + server-name-hash-bucket-size: "256" + enable-vts-status: "true" +kind: ConfigMap +metadata: + namespace: nginx-ingress + name: nginx diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml new file mode 100644 index 0000000..0e6a356 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/daemonset.yaml @@ -0,0 +1,45 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: nginx + namespace: nginx-ingress +spec: + template: + metadata: + labels: + app: nginx + annotations: + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + spec: + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11 + name: nginx + imagePullPolicy: Always + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 80 + - containerPort: 443 + - containerPort: 22 + - containerPort: 18080 + - containerPort: 10254 + args: + - /nginx-ingress-controller + - --default-backend-service=nginx-ingress/default-http-backend + - --configmap=nginx-ingress/nginx + - --tcp-services-configmap=nginx-ingress/tcp-ports diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml new file mode 100644 index 0000000..ab92454 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: default-http-backend + namespace: nginx-ingress +spec: + replicas: 1 + template: + metadata: + labels: + app: default-http-backend + spec: + containers: + - name: default-http-backend + # Any image is permissable as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml new file mode 100644 index 0000000..d9db408 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/default-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: nginx-ingress +spec: + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + selector: + app: default-http-backend diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml new file mode 100644 index 0000000..41644e1 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: nginx-ingress + annotations: + service.beta.kubernetes.io/external-traffic: "OnlyLocal" +spec: + type: LoadBalancer +{{- if .Values.baseIP }} + loadBalancerIP: {{ .Values.baseIP }} +{{- end }} + ports: + - port: 80 + name: http + - port: 443 + name: https + - port: 22 + name: git + selector: + app: nginx +apiVersion: v1 diff --git a/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml new file mode 100644 index 0000000..af26e5b --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/templates/load-balancer/nginx/tcp-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-ports + namespace: nginx-ingress +data: + 22: "{{ .Release.Namespace }}/{{ template "fullname" . }}:22" diff --git a/kubernetes/Charts/gitlab-omnibus/values.yaml b/kubernetes/Charts/gitlab-omnibus/values.yaml new file mode 100644 index 0000000..fbbc759 --- /dev/null +++ b/kubernetes/Charts/gitlab-omnibus/values.yaml @@ -0,0 +1,97 @@ +# Default values for kubernetes-gitlab-demo. +# This is a YAML-formatted file. + +# Required variables + +# baseDomain is the top-most part of the domain. Subdomains will be generated +# for gitlab, mattermost, registry, and prometheus. +# Recommended to set up an A record on the DNS to *.your-domain.com to point to +# the baseIP +# e.g. *.your-domain.com. A 300 baseIP +baseDomain: example.com + +# legoEmail is a valid email address used by Let's Encrypt. It does not have to +# be at the baseDomain. +legoEmail: you@example.com + +# Optional variables +# baseIP is an externally provisioned static IP address to use instead of the provisioned one. +# baseIP: 35.184.199.209 +nameOverride: gitlab +# `ce` or `ee` +gitlab: ce +gitlabCEImage: gitlab/gitlab-ce:10.1.0-ce.0 +gitlabEEImage: gitlab/gitlab-ee:10.1.0-ee.0 +postgresPassword: NDl1ZjNtenMxcWR6NXZnbw== +initialSharedRunnersRegistrationToken: "tQtCbx5UZy_ByS7FyzUH" +mattermostAppSecret: NDl1ZjNtenMxcWR6NXZnbw== +mattermostAppUID: aadas +redisImage: redis:3.2.10 +redisDedicatedStorage: true +#redisStorageSize: 5Gi +redisAccessMode: ReadWriteOnce +postgresImage: postgres:9.6.5 +# If you disable postgresDedicatedStorage, you should consider bumping up gitlabRailsStorageSize +postgresDedicatedStorage: true +postgresAccessMode: ReadWriteOnce +#postgresStorageSize: 30Gi +gitlabDataAccessMode: ReadWriteOnce +#gitlabDataStorageSize: 30Gi +gitlabRegistryAccessMode: ReadWriteOnce +#gitlabRegistryStorageSize: 30Gi +gitlabConfigAccessMode: ReadWriteOnce +#gitlabConfigStorageSize: 1Gi +gitlabRunnerImage: gitlab/gitlab-runner:alpine-v10.1.0 +# Valid values for provider are `gke` for Google Container Engine. Leaving it blank (or any othervalue) will disable fast disk options. +provider: gke + +## Storage Class Options +## If defined, volume.beta.kubernetes.io/storage-class: +## If not defined, but provider is gke, will use SSDs +## Otherwise default: volume.alpha.kubernetes.io/storage-class: default +#gitlabConfigStorageClass: default +#gitlabDataStorageClass: default +#gitlabRegistryStorageClass: default +#postgresStorageClass: default +#redisStorageClass: default + +healthCheckToken: 'SXBAQichEJasbtDSygrD' +# Optional, for GitLab EE images only +#gitlabEELicense: base64-encoded-license + +gitlab-runner: + checkInterval: 1 + # runnerRegistrationToken must equal initialSharedRunnersRegistrationToken + runnerRegistrationToken: "tQtCbx5UZy_ByS7FyzUH" + # resources: + # limits: + # memory: 500Mi + # cpu: 600m + # requests: + # memory: 500Mi + # cpu: 600m + runners: + privileged: true + ## Build Container specific configuration + ## + # builds: + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Service Container specific configuration + ## + # services: + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi + + ## Helper Container specific configuration + ## + # helpers: + # cpuLimit: 200m + # memoryLimit: 256Mi + # cpuRequests: 100m + # memoryRequests: 128Mi \ No newline at end of file diff --git a/kubernetes/Charts/post/.gitlab-ci.yml b/kubernetes/Charts/post/.gitlab-ci.yml new file mode 100644 index 0000000..0de5eb0 --- /dev/null +++ b/kubernetes/Charts/post/.gitlab-ci.yml @@ -0,0 +1,175 @@ +image: alpine:latest + +stages: + - build + - test + - review + - release + +build: + stage: build + image: docker:git + services: + - docker:dind + script: + - setup_docker + - build + variables: + DOCKER_DRIVER: overlay2 + only: + - branches + +test: + stage: test + script: + - exit 0 + only: + - branches + +release: + stage: release + image: docker + services: + - docker:dind + script: + - setup_docker + - release + only: + - master + +review: + stage: review + script: + - install_dependencies + - ensure_namespace + - install_tiller + - deploy + variables: + KUBE_NAMESPACE: review + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + url: http://$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + only: + refs: + - branches + kubernetes: active + except: + - master + +.auto_devops: &auto_devops | + [[ "$TRACE" ]] && set -x + export CI_REGISTRY="index.docker.io" + export CI_APPLICATION_REPOSITORY=$CI_REGISTRY/$CI_PROJECT_PATH + export CI_APPLICATION_TAG=$CI_COMMIT_REF_SLUG + export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} + export TILLER_NAMESPACE="kube-system" + + function deploy() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + + if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + + echo "Clone deploy repository..." + git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + + echo "Download helm dependencies..." + helm dep update reddit-deploy/reddit + + echo "Deploy helm release $name to $KUBE_NAMESPACE" + helm upgrade --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag=$CI_APPLICATION_TAG \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit-deploy/reddit/ + } + + function install_dependencies() { + + apk add -U openssl curl tar gzip bash ca-certificates git + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + apk add glibc-2.23-r3.apk + rm glibc-2.23-r3.apk + + curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + export PATH=${PATH}:$HOME/gsutil + + curl https://kubernetes-helm.storage.googleapis.com/helm-v2.9.1-linux-amd64.tar.gz | tar zx + + mv linux-amd64/helm /usr/bin/ + helm version --client + + curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + chmod a+x /usr/bin/sync-repo.sh + + curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + chmod +x /usr/bin/kubectl + kubectl version --client + } + + function setup_docker() { + if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + } + + function ensure_namespace() { + kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + } + + function release() { + + echo "Updating docker images ..." + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + docker pull "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + docker push "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + echo "" + } + + function build() { + + echo "Building Dockerfile-based application..." + echo `git show --format="%h" HEAD | head -1` > build_info.txt + echo `git rev-parse --abbrev-ref HEAD` >> build_info.txt + docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" . + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + echo "Pushing to GitLab Container Registry..." + docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + echo "" + } + + function install_tiller() { + echo "Checking Tiller..." + helm init --upgrade + kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + echo "" + } + +before_script: + - *auto_devops \ No newline at end of file diff --git a/kubernetes/Charts/post/Chart.yaml b/kubernetes/Charts/post/Chart.yaml new file mode 100644 index 0000000..22b8d72 --- /dev/null +++ b/kubernetes/Charts/post/Chart.yaml @@ -0,0 +1,7 @@ +name: post +version: 1.0.0 +description: OTUS reddit application UI +maintainers: + - name: Someone + email: my@mail.com +appVersion: 1.0 \ No newline at end of file diff --git a/kubernetes/Charts/post/templates/_helpers.tpl b/kubernetes/Charts/post/templates/_helpers.tpl new file mode 100644 index 0000000..356397a --- /dev/null +++ b/kubernetes/Charts/post/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "post.fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/Charts/post/templates/deployment.yaml b/kubernetes/Charts/post/templates/deployment.yaml new file mode 100644 index 0000000..e4d1324 --- /dev/null +++ b/kubernetes/Charts/post/templates/deployment.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + labels: + app: reddit + component: post + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: reddit + component: post + release: {{ .Release.Name }} + template: + metadata: + name: post + labels: + app: reddit + component: post + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + name: post + ports: + - containerPort: {{ .Values.service.internalPort }} + name: post + protocol: TCP + env: + - name: POST_DATABASE_HOST + value: {{ .Values.databaseHost | default (printf "%s-mongodb" .Release.Name) }} \ No newline at end of file diff --git a/kubernetes/Charts/post/templates/service.yaml b/kubernetes/Charts/post/templates/service.yaml new file mode 100644 index 0000000..73da097 --- /dev/null +++ b/kubernetes/Charts/post/templates/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "post.fullname" . }} + labels: + app: reddit + component: post + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: {{ .Values.service.internalPort }} +selector: + app: reddit + component: post + release: {{ .Release.Name }} \ No newline at end of file diff --git a/kubernetes/Charts/post/values.yaml b/kubernetes/Charts/post/values.yaml new file mode 100644 index 0000000..080d6f0 --- /dev/null +++ b/kubernetes/Charts/post/values.yaml @@ -0,0 +1,10 @@ +--- +service: + internalPort: 5000 + externalPort: 5000 + +image: + repository: yashkin/post + tag: latest + +databaseHost: \ No newline at end of file diff --git a/kubernetes/Charts/reddit/Chart.yaml b/kubernetes/Charts/reddit/Chart.yaml new file mode 100644 index 0000000..2ed82ca --- /dev/null +++ b/kubernetes/Charts/reddit/Chart.yaml @@ -0,0 +1,6 @@ +name: reddit +version: 0.1.0 +description: OTUS sample reddit application +maintainers: + - name: Yury Yashkin + email: theyahkins@gmail.com \ No newline at end of file diff --git a/kubernetes/Charts/reddit/charts/comment-1.0.0.tgz b/kubernetes/Charts/reddit/charts/comment-1.0.0.tgz new file mode 100644 index 0000000..6f7b9b5 Binary files /dev/null and b/kubernetes/Charts/reddit/charts/comment-1.0.0.tgz differ diff --git a/kubernetes/Charts/reddit/charts/mongodb-0.4.18.tgz b/kubernetes/Charts/reddit/charts/mongodb-0.4.18.tgz new file mode 100644 index 0000000..3350e27 Binary files /dev/null and b/kubernetes/Charts/reddit/charts/mongodb-0.4.18.tgz differ diff --git a/kubernetes/Charts/reddit/charts/post-1.0.0.tgz b/kubernetes/Charts/reddit/charts/post-1.0.0.tgz new file mode 100644 index 0000000..7b2264e Binary files /dev/null and b/kubernetes/Charts/reddit/charts/post-1.0.0.tgz differ diff --git a/kubernetes/Charts/reddit/charts/ui-1.0.0.tgz b/kubernetes/Charts/reddit/charts/ui-1.0.0.tgz new file mode 100644 index 0000000..84f155c Binary files /dev/null and b/kubernetes/Charts/reddit/charts/ui-1.0.0.tgz differ diff --git a/kubernetes/Charts/reddit/requirements.lock b/kubernetes/Charts/reddit/requirements.lock new file mode 100644 index 0000000..77b2c6f --- /dev/null +++ b/kubernetes/Charts/reddit/requirements.lock @@ -0,0 +1,15 @@ +dependencies: +- name: ui + repository: file://../ui + version: 1.0.0 +- name: post + repository: file://../post + version: 1.0.0 +- name: comment + repository: file://../comment + version: 1.0.0 +- name: mongodb + repository: https://kubernetes-charts.storage.googleapis.com + version: 0.4.18 +digest: sha256:a58cafa7da570fb588484d9e175636bfdf327881cc078a7315d3a0e666c6f071 +generated: "2019-07-03T22:19:07.548285626+03:00" diff --git a/kubernetes/Charts/reddit/requirements.yaml b/kubernetes/Charts/reddit/requirements.yaml new file mode 100644 index 0000000..db53a5a --- /dev/null +++ b/kubernetes/Charts/reddit/requirements.yaml @@ -0,0 +1,13 @@ +dependencies: + - name: ui + version: "1.0.0" + repository: "file://../ui" + - name: post + version: 1.0.0 + repository: file://../post + - name: comment + version: 1.0.0 + repository: file://../comment + - name: mongodb + version: 0.4.18 + repository: https://kubernetes-charts.storage.googleapis.com \ No newline at end of file diff --git a/kubernetes/Charts/reddit/values.yaml b/kubernetes/Charts/reddit/values.yaml new file mode 100644 index 0000000..44e4994 --- /dev/null +++ b/kubernetes/Charts/reddit/values.yaml @@ -0,0 +1,20 @@ +comment: + image: + repository: yashkin/comment + tag: latest + service: + externalPort: 9292 + +post: + image: + repository: yashkin/post + tag: latest + service: + externalPort: 5000 + +ui: + image: + repository: yashkin/ui + tag: latest + service: + externalPort: 9292 \ No newline at end of file diff --git a/kubernetes/Charts/ui/.gitlab-ci.yml b/kubernetes/Charts/ui/.gitlab-ci.yml new file mode 100644 index 0000000..0de5eb0 --- /dev/null +++ b/kubernetes/Charts/ui/.gitlab-ci.yml @@ -0,0 +1,175 @@ +image: alpine:latest + +stages: + - build + - test + - review + - release + +build: + stage: build + image: docker:git + services: + - docker:dind + script: + - setup_docker + - build + variables: + DOCKER_DRIVER: overlay2 + only: + - branches + +test: + stage: test + script: + - exit 0 + only: + - branches + +release: + stage: release + image: docker + services: + - docker:dind + script: + - setup_docker + - release + only: + - master + +review: + stage: review + script: + - install_dependencies + - ensure_namespace + - install_tiller + - deploy + variables: + KUBE_NAMESPACE: review + host: $CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + environment: + name: review/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME + url: http://$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_SLUG + only: + refs: + - branches + kubernetes: active + except: + - master + +.auto_devops: &auto_devops | + [[ "$TRACE" ]] && set -x + export CI_REGISTRY="index.docker.io" + export CI_APPLICATION_REPOSITORY=$CI_REGISTRY/$CI_PROJECT_PATH + export CI_APPLICATION_TAG=$CI_COMMIT_REF_SLUG + export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} + export TILLER_NAMESPACE="kube-system" + + function deploy() { + track="${1-stable}" + name="$CI_ENVIRONMENT_SLUG" + + if [[ "$track" != "stable" ]]; then + name="$name-$track" + fi + + echo "Clone deploy repository..." + git clone http://gitlab-gitlab/$CI_PROJECT_NAMESPACE/reddit-deploy.git + + echo "Download helm dependencies..." + helm dep update reddit-deploy/reddit + + echo "Deploy helm release $name to $KUBE_NAMESPACE" + helm upgrade --install \ + --wait \ + --set ui.ingress.host="$host" \ + --set $CI_PROJECT_NAME.image.tag=$CI_APPLICATION_TAG \ + --namespace="$KUBE_NAMESPACE" \ + --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ + "$name" \ + reddit-deploy/reddit/ + } + + function install_dependencies() { + + apk add -U openssl curl tar gzip bash ca-certificates git + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk + apk add glibc-2.23-r3.apk + rm glibc-2.23-r3.apk + + curl https://storage.googleapis.com/pub/gsutil.tar.gz | tar -xz -C $HOME + export PATH=${PATH}:$HOME/gsutil + + curl https://kubernetes-helm.storage.googleapis.com/helm-v2.9.1-linux-amd64.tar.gz | tar zx + + mv linux-amd64/helm /usr/bin/ + helm version --client + + curl -o /usr/bin/sync-repo.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/sync-repo.sh + chmod a+x /usr/bin/sync-repo.sh + + curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + chmod +x /usr/bin/kubectl + kubectl version --client + } + + function setup_docker() { + if ! docker info &>/dev/null; then + if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then + export DOCKER_HOST='tcp://localhost:2375' + fi + fi + } + + function ensure_namespace() { + kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE" + } + + function release() { + + echo "Updating docker images ..." + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + docker pull "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + docker tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + docker push "$CI_APPLICATION_REPOSITORY:$(cat VERSION)" + echo "" + } + + function build() { + + echo "Building Dockerfile-based application..." + echo `git show --format="%h" HEAD | head -1` > build_info.txt + echo `git rev-parse --abbrev-ref HEAD` >> build_info.txt + docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" . + + if [[ -n "$CI_REGISTRY_USER" ]]; then + echo "Logging to GitLab Container Registry with CI credentials..." + docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" + echo "" + fi + + echo "Pushing to GitLab Container Registry..." + docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" + echo "" + } + + function install_tiller() { + echo "Checking Tiller..." + helm init --upgrade + kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + if ! helm version --debug; then + echo "Failed to init Tiller." + return 1 + fi + echo "" + } + +before_script: + - *auto_devops \ No newline at end of file diff --git a/kubernetes/Charts/ui/Chart.yaml b/kubernetes/Charts/ui/Chart.yaml new file mode 100644 index 0000000..622c2d1 --- /dev/null +++ b/kubernetes/Charts/ui/Chart.yaml @@ -0,0 +1,7 @@ +name: ui +version: 1.0.0 +description: OTUS reddit application UI +maintainers: + - name: Someone + email: my@mail.com +appVersion: 1.0 \ No newline at end of file diff --git a/kubernetes/Charts/ui/templates/_helpers.tpl b/kubernetes/Charts/ui/templates/_helpers.tpl new file mode 100644 index 0000000..b793d39 --- /dev/null +++ b/kubernetes/Charts/ui/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "ui.fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/Charts/ui/templates/deployment.yaml b/kubernetes/Charts/ui/templates/deployment.yaml new file mode 100644 index 0000000..d36b7a5 --- /dev/null +++ b/kubernetes/Charts/ui/templates/deployment.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ template "ui.fullname" . }} + labels: + app: reddit + component: ui + release: {{ .Release.Name }} +spec: + replicas: 2 + selector: + matchLabels: + app: reddit + component: ui + release: {{ .Release.Name }} + template: + metadata: + name: ui-pod + labels: + app: reddit + component: ui + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + name: ui + ports: + - containerPort: {{ .Values.service.internalPort }} + name: ui + protocol: TCP + env: + - name: POST_SERVICE_HOST + value: {{ .Values.postHost | default (printf "%s-post" .Release.Name) }} + - name: POST_SERVICE_PORT + value: {{ .Values.postPort | default "5000" | quote }} + - name: COMMENT_SERVICE_HOST + value: {{ .Values.commentHost | default (printf "%s-comment" .Release.Name) }} + - name: COMMENT_SERVICE_PORT + value: {{ .Values.commentPort | default "9292" | quote }} + - name: ENV + valueFrom: + fieldRef: + fieldPath: metadata.namespace \ No newline at end of file diff --git a/kubernetes/Charts/ui/templates/ingress.yaml b/kubernetes/Charts/ui/templates/ingress.yaml new file mode 100644 index 0000000..6563ce2 --- /dev/null +++ b/kubernetes/Charts/ui/templates/ingress.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} + annotations: + kubernetes.io/ingress.class: "gce" +spec: + rules: + - http: + paths: + - path: /* + backend: + serviceName: {{ .Release.Name }}-{{ .Chart.Name }} + servicePort: 9292 \ No newline at end of file diff --git a/kubernetes/Charts/ui/templates/service.yaml b/kubernetes/Charts/ui/templates/service.yaml new file mode 100644 index 0000000..76bd356 --- /dev/null +++ b/kubernetes/Charts/ui/templates/service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "ui.fullname" . }} + labels: + app: reddit + component: ui + release: {{ .Release.Name }} +spec: + type: NodePort + ports: + - port: 9292 + protocol: TCP + targetPort: 9292 + selector: + app: reddit + component: ui + release: {{ .Release.Name }} \ No newline at end of file diff --git a/kubernetes/Charts/ui/values.yaml b/kubernetes/Charts/ui/values.yaml new file mode 100644 index 0000000..7c12857 --- /dev/null +++ b/kubernetes/Charts/ui/values.yaml @@ -0,0 +1,16 @@ +--- +service: + internalPort: 9292 + externalPort: 9292 + +image: + repository: yashkin/ui + tag: latest + +ingress: + class: nginx + +postHost: +postPort: +commentHost: +commentPort: \ No newline at end of file diff --git a/kubernetes/reddit/tiller.yml b/kubernetes/reddit/tiller.yml new file mode 100644 index 0000000..e76e587 --- /dev/null +++ b/kubernetes/reddit/tiller.yml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tiller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tiller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: tiller + namespace: kube-system \ No newline at end of file diff --git a/kubernetes/reddit/values.yaml b/kubernetes/reddit/values.yaml new file mode 100644 index 0000000..e69de29