Archive for January 10th, 2023
gitlab CICD
.gitlab-ci.yml
stages:
- build
- deploy_to_cluster
- rollback_on_failure
- cleanup
variables:
PIPELINE_ID: "pipeline_id"
GIT_STRATEGY: clone
build:
stage: build
tags:
- build
only:
- master
script:
- |
echo "Build"
sudo /bin/docker image build -t $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID -f Dockerfile .
sudo /bin/docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
sudo /bin/docker push $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID
cat data/db.json > /home/gitlab-runner/db.json
sudo /bin/docker kill json-server || echo "no json-server running"
echo "restart json-server..."
sudo /bin/docker run --rm -d -p 127.0.0.1:8091:80 -v /home/gitlab-runner/db.json:/data/db.json --name json-server clue/json-server
kubernetes_deploy:
stage: deploy_to_cluster
tags:
- build
only:
- master
timeout: 30m
script:
- |
echo "Deploy revision $CI_PIPELINE_ID @ $CI_REGISTRY to Kubernetes cluster"
echo "`date`" > build_time
sudo /bin/kubectl get secret/regcred || sudo /bin/kubectl create secret docker-registry regcred --docker-server="$CI_REGISTRY" --docker-username="k8s_git_runner" --docker-password="$k8s_git_runner" --docker-email="harry@helpusdefend.com"
sudo /bin/kubectl get service frontend-harry || sudo /bin/kubectl apply -f k8s/frontend_harry.svc.yaml
sudo /bin/kubectl get deploy frontend-harry-app || sudo /bin/kubectl apply -f k8s/frontend_harry-app.yaml
sudo /bin/kubectl set image deployment frontend-harry-app frontend-harry=$CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID --record
echo "Deploy $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID" > imagetag.txt
sudo /bin/kubectl rollout history deploy frontend-harry-app
sudo /bin/kubectl rollout status --timeout=5m deploy frontend-harry-app
rollback_to_previous_version:
stage: rollback_on_failure
when: on_failure
tags:
- build
only:
- master
script:
- |
echo "rollback to previous version"
cat imagetag.txt && kubectl rollout undo deploy frontend-harry-app --to-revision=`sudo /bin/kubectl rollout history deploy/frontend-harry-app | tail -n 3 | head -n 1 | cut -f 1 -d' '`
cleanup_build:
stage: cleanup
when: always
tags:
- build
only:
- master
script:
- |
echo "cleanup"
rm -f build_time
rm -f imagetag.txt
frontend-harry.svc.yaml
apiVersion: v1
kind: Service
metadata:
name: frontend-harry
labels:
app: frontend-harry
spec:
type: LoadBalancer
selector:
app: frontend-harry
ports:
- port: 9080
targetPort: 8000
frontend-harry-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-harry-app
labels:
app: frontend-harry
spec:
replicas: 3
selector:
matchLabels:
app: frontend-harry
minReadySeconds: 5
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: frontend-harry
spec:
containers:
- image: c..com:5050/jason/front-end-/frontend_harry:latest
name: frontend-harry
ports:
- containerPort: 8000
imagePullSecrets:
- name: regcred
gitlab-runner ALL=(ALL) NOPASSWD: /bin/yum, /bin/docker, /bin/pip3, /bin/docker-composei, /bin/kubectl, /bin/k9s
wget https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh
sh script.rpm.sh
yum -y install gitlab-runner
gitlab menu -> /settings/reposistory/deploy-tokens/read_registry
squid.conf
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Squid normally listens to port 3128
http_port 80 accel defaultsite=46.17.175.144 vhost
cache_peer 10.109.76.54 parent 9080 0 no-query originserver name=harry_frontend
cache_peer 127.0.0.1 parent 8091 0 no-query originserver name=json_server
cache_peer 192.168.5.5 parent 8091 0 no-query originserver name=json_server2
cache_peer 10.100.43.53 parent 8888 0 no-query originserver name=anna_api
acl sites_harry_frontend dstdomain frontend.helpusdefend.org www.helpusdefend.org
acl sites_json_server dstdomain json-server.helpusdefend.org
acl sites_anna_api dstdomain anna.api.helpusdefend.org
cache_peer_access harry_frontend allow sites_harry_frontend
cache_peer_access json_server allow sites_json_server
cache_peer_access json_server2 allow sites_json_server
cache_peer_access anna_api allow sites_anna_api
http_access allow sites_harry_frontend
http_access allow sites_json_server
http_access allow sites_anna_api
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
#http_port 3128