Vous avez reçu un message "Your GitLab account has been locked ..." ? Pas d'inquiétude : lisez cet article https://docs.gricad-pages.univ-grenoble-alpes.fr/help/unlock/

Commit b32e4cac authored by Jonathan Schaeffer's avatar Jonathan Schaeffer
Browse files

Réorganisation

parent 8f113e3b
# creation rules are evaluated sequentially, the first match wins
creation_rules:
- path_regex: secrets\.yaml$
pgp: 'C83ECA1E0B9D719C7FA2470F18E4F5A58801E669'
encrypted_regex: '^(data|stringData)$'
#+TITLE: Déploiement de ws-logstodb
Ce dépôt permet de gérer les déploiements de =ws-logstodb= (https://gricad-gitlab.univ-grenoble-alpes.fr/OSUG/RESIF/ws-logstodb)
* Secret
Le fichier =secrets.yaml= est généré avec l'outil SOPS et présent pour chaque overlay.
Le comportement de sops est configuré avec le fichier =.sops.yaml=.
* Déploiement
** En production
On reste simple et basiques :
: sops -d prod-secrets.yaml | kubectl apply -
: kubectl apply ws-logstodb-prod.yaml
** En préprod avec kustomize
Pour déployer l'application,
- choisir l'overlay (correspondant à un environnement d'exécution)
: cd overlays/preprod
- appliquer le secret dans k8s
: kubectl apply -f sercrets.yaml
- appliquer les ressources /kustomisées/
: kubectl apply -k .
* Mise à jour
Pour déployer une nouvelle image docker de l'application : choisir l'overlay et éditer le fichier =kustomization.yaml= en mettant à jour le champs =newTag=.
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ws-logstodb
environment: preprod
name: ws-logstodb-deployment
spec:
replicas: 1
selector:
matchLabels:
app: ws-logstodb
environment: preprod
template:
metadata:
labels:
app: ws-logstodb
environment: preprod
spec:
containers:
- name: ws-logstodb
image: gricad-registry.univ-grenoble-alpes.fr/osug/resif/ws-logstodb/ws-logstodb:101b108f
ports:
- containerPort: 8000
protocol: TCP
env:
- name: LOGSDB_PGPASSWORD
valueFrom:
secretKeyRef:
name: ws-logstodb-secrets-prod
key: pgpassword
- name: RESIFINV_PGPASSWORD
valueFrom:
secretKeyRef:
name: ws-logstodb-secrets-prod
key: resifinv_pgpassword
- name: DATABASE_URI
value: "postgresql://wslogstodb:$(LOGSDB_PGPASSWORD)@resif-pgprod.u-ga.fr:5432/resifstats"
- name: RESIFINV_DBURI
value: "postgresql://resifinv_ro:$(RESIFINV_PGPASSWORD)@resif-pgprod.u-ga.fr/resifInv-Prod"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ws-logstodb-ingress
labels:
app: ws-logstodb
environment: preprod
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/proxy-body-size: 15m # Permettre l'envoi de gros fichiers de logs
spec:
rules:
- http:
paths:
- path: /logstodb/1/(.*)
pathType: Prefix
backend:
service:
name: ws-logstodb-service
port:
number: 8000
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ws-logstodb
environment: preprod
name: ws-logstodb-service
spec:
type: ClusterIP
ports:
- port: 8000
selector:
app: ws-logstodb
environment: preprod
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ws-logstodb
environment: production
name: ws-logstodb-deployment
spec:
replicas: 1
selector:
matchLabels:
app: ws-logstodb
environment: production
template:
metadata:
labels:
app: ws-logstodb
environment: production
spec:
containers:
- name: ws-logstodb
image: gricad-registry.univ-grenoble-alpes.fr/osug/resif/ws-logstodb/ws-logstodb:101b108f
ports:
- containerPort: 8000
protocol: TCP
env:
- name: LOGSDB_PGPASSWORD
valueFrom:
secretKeyRef:
name: ws-logstodb-secrets-prod
key: pgpassword
- name: RESIFINV_PGPASSWORD
valueFrom:
secretKeyRef:
name: ws-logstodb-secrets-prod
key: resifinv_pgpassword
- name: DATABASE_URI
value: "postgresql://wslogstodb:$(LOGSDB_PGPASSWORD)@resif-pgprod.u-ga.fr:5432/resifstats"
- name: RESIFINV_DBURI
value: "postgresql://resifinv_ro:$(RESIFINV_PGPASSWORD)@resif-pgprod.u-ga.fr/resifInv-Prod"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ws-logstodb-ingress
labels:
app: ws-logstodb
environment: production
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/proxy-body-size: 15m # Permettre l'envoi de gros fichiers de logs
spec:
rules:
- http:
paths:
- path: /logstodb/1/(.*)
pathType: Prefix
backend:
service:
name: ws-logstodb-service
port:
number: 8000
......@@ -5,12 +5,13 @@ metadata:
type: Opaque
stringData:
pgpassword: ENC[AES256_GCM,data:gF5Y+QHIWnt7X+1T,iv:p7jVBwy9exewNaglUdrsnZxCc7YH+1ZNX+GIIhxIepA=,tag:b61vnq/LXE2gbc74zl6eJw==,type:str]
resifinv_pgpassword: ENC[AES256_GCM,data:aVHq0/UxB5qS+HMlfDtT9A==,iv:eeaeKTO+AAXJevvHciDHhMBI58SNajwFKCTNwGBjowg=,tag:lqKAMr+HZwL5A7qlocTsqw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
lastmodified: '2020-12-08T15:15:38Z'
mac: ENC[AES256_GCM,data:kA9WJ7izErWupiSAQdj8Gs/CySn7/6FigL1e6SgHyu9Ue6GZsakCoBa+sKz8ftEdeY8WbIWoHn9kr0eSU151dL2ONe3ZpY2WpZ9DYnilpdsRQcnXwbIgyycaSWjUj81u5mMC7PvVyrwxDkYKDLurjw4HHgOkeCrptfA6nVxIp6Y=,iv:j7Wsk1gx1nz+pR3OU89+KoEmeTFSzWjVGDpf2I5+HN0=,tag:yXPC4IjpdVkH2BCF/CA8fQ==,type:str]
lastmodified: '2021-01-27T13:12:33Z'
mac: ENC[AES256_GCM,data:lT8r5uOr/gZUQU+rE8gstC5bI8Zt6DacjAJjsEtCjzv2vxOGh3lEaJIozmV+mmt1qnjM8kP6yRIEeZmvjIYEnvHGPoP/B0gE0y87GGYC32rSCvCEsvRACDMsp20Bj+NYK7eF8RsTZ2GsVqATYRkjAyVru8Y9eecvzF1jHHYRLzM=,iv:h7XLx6kv8P/BpR/elo2YlGHRig+7Oa9IRyoocrumkKY=,tag:sQZYxtzKJcTcdFiiL8JvLw==,type:str]
pgp:
- created_at: '2020-12-08T15:10:20Z'
enc: |
......
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ws-logstodb
environment: production
name: ws-logstodb-service
spec:
type: ClusterIP
ports:
- port: 8000
selector:
app: ws-logstodb
environment: production
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment