[PATCH 13 of 15 intranet] [docker] add kubernetes deployment files

Philippe Pepiot philippe.pepiot at logilab.fr
Thu May 9 11:20:21 CEST 2019


# HG changeset patch
# User Philippe Pepiot <philippe.pepiot at logilab.fr>
# Date 1557234710 -7200
#      Tue May 07 15:11:50 2019 +0200
# Node ID bd8e4ed677c7c647b8a3e3a2368eb075e34ca44c
# Parent  79785a906da1c71a5f7b45023119bff8c2576deb
[docker] add kubernetes deployment files

This is actually the way we run our instance.

Add a "make deploy" target which applies the deployment with newer image and
trigger a rolling-release.

diff --git a/MANIFEST.in b/MANIFEST.in
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -7,4 +7,5 @@ include *.ini
 include Makefile
 include Dockerfile .dockerignore
 recursive-include docker *.ini *.j2 *.sh *.txt
+recursive-include deploy *.yaml
 prune debian
diff --git a/Makefile b/Makefile
--- a/Makefile
+++ b/Makefile
@@ -3,6 +3,7 @@ VERSION?=$(shell hg log -r . -T "{sub(':
 IMAGE?=$(REGISTRY):$(VERSION)
 PORT?=8080
 DOCKER_ARGS?=$(shell test -e .env && echo --env-file .env) -p $(PORT):8080 -v /var/run/postgresql:/var/run/postgresql -e CW_DB_USER=$(shell id -nu)
+NAMESPACE=intranet
 
 all: build
 
@@ -20,4 +21,7 @@ run: build
 dev: build
 	docker run --rm -it $(DOCKER_ARGS) -v `pwd`:/src $(IMAGE) bash
 
-.PHONY: all build push run dev
+deploy: push
+	sed "s at hub.extranet.logilab.fr/logilab/intranet@$(IMAGE)@" deploy/deployment.yaml | kubectl -n $(NAMESPACE) apply -f -
+
+.PHONY: all build push run dev deploy
diff --git a/README.rst b/README.rst
--- a/README.rst
+++ b/README.rst
@@ -16,3 +16,32 @@ Some useful commands::
 
 * ``cubicweb-ctl pyramid -D -l info intranet`` will start the instance on
   http://localhost:8080
+
+Deploying on kubernetes
+=======================
+
+To create the initial database from an existing empty database::
+
+   kubectl run -it intranet-dbcreate \
+      --env CW_DB_HOST=db \
+      --env CW_DB_USER=user \
+      --env CW_DB_PASSWORD=pass \
+      --env CW_DB_NAME=intranet \
+      --image=r.in.philpep.org/intranet --command -- \
+      cubicweb-ctl db-create --automatic --create-db=n intranet
+   kubectl delete deployment intranet-dbcreate
+
+
+Then generate a secret named "intranet" from where environment variables are set::
+
+   kubectl create secret generic intranet-env \
+      --from-literal CW_DB_HOST=db
+      --from-literal CW_DB_USER=user \
+      --from-literal CW_DB_PASSWORD=pass \
+      --from-literal CW_DB_NAME=intranet \
+      --from-literal CW_BASE_URL=https://intranet.example.com
+
+
+Then deploy intranet with::
+
+   kubectl apply -f deployment.yaml
diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
new file mode 100644
--- /dev/null
+++ b/deploy/deployment.yaml
@@ -0,0 +1,136 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: intranet
+data:
+  default.conf: |
+    server {
+      listen 8000 default_server;
+      root /etc/cubicweb.d/intranet/data;
+      rewrite ^/intra/(.*) /$1 last;
+
+      location / {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_redirect off;
+        proxy_buffering off;
+        # This make cubicweb-signedrequest works even if HTTP Host header is
+        # not supposed to contains URL path...
+        proxy_set_header Host $host/intra;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Remote-user $http_x_remote_user;
+      }
+
+      location /data {
+        alias /etc/cubicweb.d/intranet/data;
+        expires 30d;
+      }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: intranet
+spec:
+  selector:
+    matchLabels:
+      app: intranet
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: intranet
+    spec:
+      imagePullSecrets:
+        - name: regcred
+      volumes:
+        - name: static
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: intranet
+      containers:
+        - name: intranet
+          image: hub.extranet.logilab.fr/logilab/intranet
+          imagePullPolicy: Always
+          envFrom:
+            - secretRef:
+                name: intranet-env
+          volumeMounts:
+            - name: static
+              mountPath: /etc/cubicweb.d/intranet/data
+          resources:
+            requests:
+              cpu: 500m
+              memory: 500Mi
+            limits:
+              memory: 500Mi
+        - name: nginx
+          image: hub.extranet.logilab.fr/library/nginx
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: config
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+            - name: static
+              mountPath: /etc/cubicweb.d/intranet/data
+          resources:
+            requests:
+              cpu: 100m
+              memory: 50Mi
+            limits:
+              memory: 50Mi
+          readinessProbe:
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 20
+            httpGet:
+              path: /siteinfo
+              port: 8000
+              httpHeaders:
+                - name: X-Remote-User
+                  value: nico
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: intranet-scheduler
+spec:
+  selector:
+    matchLabels:
+      app: intranet-scheduler
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: intranet-scheduler
+    spec:
+      imagePullSecrets:
+        - name: regcred
+      containers:
+        - name: intranet
+          image: hub.extranet.logilab.fr/logilab/intranet
+          imagePullPolicy: Always
+          envFrom:
+            - secretRef:
+                name: intranet-env
+          command: ["cubicweb-ctl", "scheduler", "intranet"]
+          resources:
+            requests:
+              cpu: 100m
+              memory: 250Mi
+            limits:
+              memory: 250Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: intranet
+spec:
+  selector:
+    app: intranet
+  ports:
+    - protocol: TCP
+      port: 8000



More information about the cubicweb-devel mailing list