Merge branch 'deployment' into 'master'

Add k8s deployment

See merge request !50

.gitlab-ci.yml

@@ -16,7 +16,7 @@ zola check:
   script:
   - zola check
 
-docker build:
+.build:
   stage: build
   interruptible: true
   image:
@@ -28,5 +28,78 @@ docker build:
        --context $CI_PROJECT_DIR
        --dockerfile $CI_PROJECT_DIR/Dockerfile
        --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+       --digest-file DIGESTFILE
+       --build-arg BASE_URL=$BASE_URL
        --cache=true
        --cleanup
+  artifacts:
+    paths:
+      - DIGESTFILE
+
+
+build production:
+  extends: .build
+  only:
+    - master
+
+build review:
+  extends: .build
+  variables:
+    BASE_URL: https://$CI_COMMIT_REF_SLUG.review.teckids.org
+  only:
+    - merge_requests
+
+.deploy:
+  stage: deploy
+  image: line/kubectl-kustomize:latest
+  tags:
+    - teckids-trusted
+  before_script:
+    - echo $KUBECONFIG | base64 -d > /tmp/kubeconfig
+
+deploy production:
+  extends: .deploy
+  environment:
+    name: production
+    url: https://teckids.org
+  script:
+    - cd deploy/overlays/production
+    - kustomize edit set image registry.edugit.org/teckids/team-pr/teckids.org:$CI_COMMIT_REF_NAME@$(cat ../../../DIGESTFILE)
+    - kustomize build > output.yaml
+    - kubectl --kubeconfig=/tmp/kubeconfig apply -f output.yaml
+  only:
+    - master
+
+deploy review:
+  extends: .deploy
+  script: deploy_review
+  environment:
+    name: review/$CI_COMMIT_REF_SLUG
+    url: https://$CI_COMMIT_REF_SLUG.review.teckids.org
+    on_stop: delete review
+    auto_stop_in: 3 days
+  only:
+    - merge_requests
+  when: manual
+  script:
+    - cd deploy/overlays/review
+    - kustomize edit set image registry.edugit.org/teckids/team-pr/teckids.org:$CI_COMMIT_REF_NAME@$(cat ../../../DIGESTFILE)
+    - kustomize edit set nameprefix $CI_COMMIT_REF_SLUG
+    - kustomize build | sed s/__REVIEW_NAME__/$CI_COMMIT_REF_SLUG/g > output.yaml
+    - kubectl --kubeconfig=/tmp/kubeconfig apply -f output.yaml
+
+delete review:
+  extends: .deploy
+  script: delete_review
+  environment:
+    name: review/$CI_COMMIT_REF_SLUG
+    action: stop
+  before_script:
+    - echo $KUBECONFIG | base64 -d > /tmp/kubeconfig
+    - cd deploy/overlays/review
+    - kustomize build | sed s/__REVIEW_NAME__/$CI_COMMIT_REF_SLUG/g > output.yaml
+  script:
+    - kubectl --kubeconfig=/tmp/kubeconfig delete -f output.yaml
+  when: manual
+  only:
+    - merge_requests

Caddyfile

-http://teckids.org {
+http:// {
     root * /srv
     encode zstd gzip
     file_server

Dockerfile

 FROM alpine:latest AS build
 
+ARG BASE_URL=https://teckids.org
+
 RUN apk add --update-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ zola yarn
 
 COPY . /src
 WORKDIR /src
 
 RUN yarn install
-RUN zola build
+RUN zola build -u $BASE_URL
 
 
 FROM caddy:alpine AS serve

deploy/base/deployment.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: teckids-website
+  namespace: teckids-website
+  labels:
+    app: teckids-website
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: teckids-website
+  template:
+    metadata:
+      labels:
+        app: teckids-website
+    spec:
+      containers:
+      - name: caddy
+        image: registry.edugit.org/teckids/team-pr/teckids.org:IMAGE_TAG
+        ports:
+          - containerPort: 80
+            name: http
+        livenessProbe:
+          httpGet:
+            scheme: HTTP
+            port: http
+            path: /
+          timeoutSeconds: 10
+        readinessProbe:
+          httpGet:
+            scheme: HTTP
+            port: http
+            path: /
+          timeoutSeconds: 10

deploy/base/ingress.yaml

+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/tls-acme: "true"
+  name: teckids-website-caddy
+  namespace: teckids-website
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: teckids.org
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - teckids.org
+    secretName: teckids-website-tls

deploy/base/kustomization.yaml

+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonAnnotations:
+  source-repository: https://edugit.org/Teckids/team-pr/teckids.org
+resources:
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+labels:
+- includeSelectors: true
+  pairs:
+    app: teckids-website

deploy/base/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: teckids-website
+  namespace: teckids-website
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: teckids-website
+  sessionAffinity: None
+  type: ClusterIP

deploy/overlays/production/ingress_redirects.yaml

+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/tls-acme: "true"
+  name: teckids-website-redirects
+  namespace: teckids-website
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: www.teckids.org
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: hacknfun.camp
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: www.hacknfun.camp
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: hacknsun.camp
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: www.hacknsun.camp
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: schul-frei.dev
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: www.schul-frei.dev
+    http:
+      paths:
+      - backend:
+          service:
+            name: teckids-website
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - www.teckids.org
+    - hacknfun.camp
+    - www.hacknfun.camp
+    - hacknsun.camp
+    - www.hacknsun.camp
+    - schul-frei.dev
+    - www.schul-frei.dev
+    secretName: teckids-website-redirects-tls

deploy/overlays/production/kustomization.yaml

+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonAnnotations:
+  source-repository: https://edugit.org/Teckids/team-pr/teckids.org
+namespace: teckids-website
+patches:
+- patch: |-
+    - op: replace
+      path: /spec/rules/0/host
+      value: teckids.org
+    - op: replace
+      path: /spec/tls/0/hosts/0
+      value: teckids.org
+  target:
+    kind: Ingress
+    name: teckids-website-caddy
+resources:
+- ../../base
+- ingress_redirects.yaml
+labels:
+- includeSelectors: true
+  pairs:
+    app: teckids-website
+    environment: production

deploy/overlays/review/kustomization.yaml

+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonAnnotations:
+  source-repository: https://edugit.org/Teckids/team-pr/teckids.org
+namespace: teckids-website
+patches:
+- patch: |-
+    - op: replace
+      path: /spec/rules/0/host
+      value: __REVIEW_NAME__.review.teckids.org
+    - op: replace
+      path: /spec/tls/0/hosts/0
+      value: __REVIEW_NAME__.review.teckids.org
+    - op: replace
+      path: /spec/tls/0/secretName
+      value: __REVIEW_NAME__-website-tls
+  target:
+    kind: Ingress
+    name: teckids-website-caddy
+resources:
+- ../../base
+labels:
+- includeSelectors: true
+  pairs:
+    app: teckids-website
+    environment: __REVIEW_NAME__