Compare commits
16 Commits
fix/shift-
...
7272358746
| Author | SHA1 | Date | |
|---|---|---|---|
|
7272358746 | ||
|
|
9b1ceb1fb4 | ||
|
|
90ae752652 | ||
|
|
3c41f0e40c | ||
|
|
fce8b28114 | ||
|
|
b204f6aa32 | ||
|
|
0a4d99b65b | ||
|
|
c9841d6cfc | ||
|
|
641a6d0af0 | ||
|
|
b1c351e936 | ||
|
|
df625f3b3a | ||
|
|
b028c06636 | ||
|
|
9f4bea36fe | ||
|
|
c5b3fbe4cb | ||
|
|
4f6d0ae6df | ||
| c6981324d6 |
90
.gitea/workflows/cd-deploy.yml
Normal file
90
.gitea/workflows/cd-deploy.yml
Normal file
@@ -0,0 +1,90 @@
|
|||||||
|
name: CD Deployment - Kubernetes
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_run:
|
||||||
|
workflows: ["CD Bootstrap - Release Image Publish"]
|
||||||
|
types: [completed]
|
||||||
|
branches: [main, develop]
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
image_tag:
|
||||||
|
description: 'Image tag to deploy (e.g., latest, dev)'
|
||||||
|
required: true
|
||||||
|
default: 'dev'
|
||||||
|
type: string
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
name: Deploy to Kubernetes
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Install kubectl
|
||||||
|
run: |
|
||||||
|
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||||
|
chmod +x kubectl
|
||||||
|
sudo mv kubectl /usr/local/bin/
|
||||||
|
|
||||||
|
- name: Install Kustomize
|
||||||
|
run: |
|
||||||
|
curl -Lo kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.1/kustomize_v5.4.1_linux_amd64.tar.gz
|
||||||
|
tar -xzf kustomize.tar.gz
|
||||||
|
chmod +x kustomize
|
||||||
|
sudo mv kustomize /usr/local/bin/
|
||||||
|
|
||||||
|
- name: Set Image Tag
|
||||||
|
run: |
|
||||||
|
IMAGE_TAG="${{ github.event.inputs.image_tag }}"
|
||||||
|
if [[ -z "$IMAGE_TAG" ]]; then
|
||||||
|
IMAGE_TAG="dev" # Default for auto-trigger
|
||||||
|
fi
|
||||||
|
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Kustomize Edit Image Tag
|
||||||
|
working-directory: ./infra/k8s/overlays/dev
|
||||||
|
run: |
|
||||||
|
kustomize edit set image 192.168.241.13:8080/workclub-api=192.168.241.13:8080/workclub-api:$IMAGE_TAG
|
||||||
|
kustomize edit set image 192.168.241.13:8080/workclub-frontend=192.168.241.13:8080/workclub-frontend:$IMAGE_TAG
|
||||||
|
|
||||||
|
- name: Deploy to Kubernetes
|
||||||
|
run: |
|
||||||
|
export KUBECONFIG=$HOME/.kube/config
|
||||||
|
mkdir -p $HOME/.kube
|
||||||
|
if echo "${{ secrets.KUBECONFIG }}" | grep -q "apiVersion"; then
|
||||||
|
echo "Detected plain text KUBECONFIG"
|
||||||
|
printf '%s' "${{ secrets.KUBECONFIG }}" > $KUBECONFIG
|
||||||
|
else
|
||||||
|
echo "Detected base64 KUBECONFIG"
|
||||||
|
# Handle potential newlines/wrapping in the secret
|
||||||
|
printf '%s' "${{ secrets.KUBECONFIG }}" | base64 -d > $KUBECONFIG
|
||||||
|
fi
|
||||||
|
chmod 600 $KUBECONFIG
|
||||||
|
|
||||||
|
# Diagnostics
|
||||||
|
echo "Kubeconfig path: $KUBECONFIG"
|
||||||
|
echo "Kubeconfig size: $(wc -c < $KUBECONFIG) bytes"
|
||||||
|
echo "Available contexts:"
|
||||||
|
kubectl config get-contexts
|
||||||
|
|
||||||
|
if ! grep -q "current-context" $KUBECONFIG; then
|
||||||
|
echo "Warning: current-context missing, attempting to fix..."
|
||||||
|
FIRST_CONTEXT=$(kubectl config get-contexts -o name | head -n 1)
|
||||||
|
if [ -n "$FIRST_CONTEXT" ]; then
|
||||||
|
kubectl config use-context "$FIRST_CONTEXT"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Current context: $(kubectl config current-context)"
|
||||||
|
|
||||||
|
# Ensure target namespace exists
|
||||||
|
kubectl create namespace workclub-dev --dry-run=client -o yaml | kubectl apply -f -
|
||||||
|
|
||||||
|
# Delete existing StatefulSet to allow immutable field changes (vct -> emptyDir)
|
||||||
|
kubectl delete statefulset workclub-postgres -n workclub-dev --ignore-not-found
|
||||||
|
|
||||||
|
kubectl config view --minify # Verification of context
|
||||||
|
kubectl apply -k infra/k8s/overlays/dev
|
||||||
Binary file not shown.
|
Before Width: | Height: | Size: 300 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 205 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 121 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 126 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 170 KiB |
@@ -18,7 +18,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: api
|
- name: api
|
||||||
image: workclub-api:latest
|
image: 192.168.241.13:8080/workclub-api:latest
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
@@ -28,10 +28,10 @@ spec:
|
|||||||
httpGet:
|
httpGet:
|
||||||
path: /health/startup
|
path: /health/startup
|
||||||
port: http
|
port: http
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 10
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
timeoutSeconds: 5
|
timeoutSeconds: 5
|
||||||
failureThreshold: 30
|
failureThreshold: 60
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /health/live
|
path: /health/live
|
||||||
@@ -44,10 +44,10 @@ spec:
|
|||||||
httpGet:
|
httpGet:
|
||||||
path: /health/ready
|
path: /health/ready
|
||||||
port: http
|
port: http
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 60
|
||||||
periodSeconds: 10
|
periodSeconds: 15
|
||||||
timeoutSeconds: 5
|
timeoutSeconds: 5
|
||||||
failureThreshold: 2
|
failureThreshold: 10
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@@ -55,7 +55,7 @@ spec:
|
|||||||
memory: 256Mi
|
memory: 256Mi
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
memory: 512Mi
|
memory: 768Mi
|
||||||
|
|
||||||
env:
|
env:
|
||||||
- name: ASPNETCORE_ENVIRONMENT
|
- name: ASPNETCORE_ENVIRONMENT
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: frontend
|
- name: frontend
|
||||||
image: workclub-frontend:latest
|
image: 192.168.241.13:8080/workclub-frontend:latest
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ spec:
|
|||||||
- name: keycloak
|
- name: keycloak
|
||||||
image: quay.io/keycloak/keycloak:26.1
|
image: quay.io/keycloak/keycloak:26.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
args:
|
||||||
- start
|
- start
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
@@ -30,26 +30,26 @@ spec:
|
|||||||
httpGet:
|
httpGet:
|
||||||
path: /health/ready
|
path: /health/ready
|
||||||
port: http
|
port: http
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 150
|
||||||
periodSeconds: 10
|
periodSeconds: 15
|
||||||
timeoutSeconds: 5
|
timeoutSeconds: 5
|
||||||
failureThreshold: 2
|
failureThreshold: 10
|
||||||
|
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /health/live
|
path: /health/live
|
||||||
port: http
|
port: http
|
||||||
initialDelaySeconds: 20
|
initialDelaySeconds: 240
|
||||||
periodSeconds: 15
|
periodSeconds: 20
|
||||||
timeoutSeconds: 5
|
timeoutSeconds: 5
|
||||||
failureThreshold: 3
|
failureThreshold: 5
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
memory: 256Mi
|
memory: 256Mi
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
memory: 512Mi
|
memory: 1024Mi
|
||||||
env:
|
env:
|
||||||
- name: KC_DB
|
- name: KC_DB
|
||||||
value: postgres
|
value: postgres
|
||||||
@@ -66,9 +66,12 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: workclub-secrets
|
name: workclub-secrets
|
||||||
key: keycloak-db-password
|
key: keycloak-db-password
|
||||||
- name: KEYCLOAK_ADMIN
|
- name: KC_BOOTSTRAP_ADMIN_USERNAME
|
||||||
value: admin
|
valueFrom:
|
||||||
- name: KEYCLOAK_ADMIN_PASSWORD
|
secretKeyRef:
|
||||||
|
name: workclub-secrets
|
||||||
|
key: keycloak-admin-username
|
||||||
|
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: workclub-secrets
|
name: workclub-secrets
|
||||||
@@ -79,3 +82,5 @@ spec:
|
|||||||
value: "edge"
|
value: "edge"
|
||||||
- name: KC_HTTP_ENABLED
|
- name: KC_HTTP_ENABLED
|
||||||
value: "true"
|
value: "true"
|
||||||
|
- name: KC_HEALTH_ENABLED
|
||||||
|
value: "true"
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ kind: Kustomization
|
|||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ../../base
|
- ../../base
|
||||||
|
- secrets.yaml
|
||||||
|
|
||||||
namespace: workclub-dev
|
namespace: workclub-dev
|
||||||
|
|
||||||
@@ -11,8 +12,10 @@ commonLabels:
|
|||||||
|
|
||||||
images:
|
images:
|
||||||
- name: workclub-api
|
- name: workclub-api
|
||||||
|
newName: 192.168.241.13:8080/workclub-api
|
||||||
newTag: dev
|
newTag: dev
|
||||||
- name: workclub-frontend
|
- name: workclub-frontend
|
||||||
|
newName: 192.168.241.13:8080/workclub-frontend
|
||||||
newTag: dev
|
newTag: dev
|
||||||
|
|
||||||
replicas:
|
replicas:
|
||||||
@@ -30,3 +33,7 @@ patches:
|
|||||||
target:
|
target:
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
name: workclub-frontend
|
name: workclub-frontend
|
||||||
|
- path: patches/postgres-patch.yaml
|
||||||
|
target:
|
||||||
|
kind: StatefulSet
|
||||||
|
name: workclub-postgres
|
||||||
|
|||||||
11
infra/k8s/overlays/dev/patches/postgres-patch.yaml
Normal file
11
infra/k8s/overlays/dev/patches/postgres-patch.yaml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: workclub-postgres
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
volumes:
|
||||||
|
- name: postgres-data
|
||||||
|
emptyDir: {}
|
||||||
|
volumeClaimTemplates: [] # This removes the VCT from the base
|
||||||
11
infra/k8s/overlays/dev/secrets.yaml
Normal file
11
infra/k8s/overlays/dev/secrets.yaml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: workclub-secrets
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
database-connection-string: "Host=workclub-postgres;Database=workclub;Username=app;Password=devpassword"
|
||||||
|
postgres-password: "devpassword"
|
||||||
|
keycloak-db-password: "keycloakpass"
|
||||||
|
keycloak-admin-username: "admin"
|
||||||
|
keycloak-admin-password: "adminpassword"
|
||||||
Reference in New Issue
Block a user