Skip to content
Snippets Groups Projects
Commit 5dec7dfc authored by Lennart Kramer's avatar Lennart Kramer
Browse files

add git-rollout

parent 97bd5bf3
Branches
No related tags found
No related merge requests found
stages:
- steve
- build_webservice
- test_maxima
- build_server
- build
variables:
GIT_SUBMODULE_STRATEGY: recursive
......@@ -9,8 +8,8 @@ variables:
# gitlab ci script taken from https://gist.github.com/danielneis/5c6140ec8150c6151a54bccd26950278
steve_jobs:
stage: steve
build_server_binary:
stage: build_server
image: golang
tags:
- docker
......@@ -21,12 +20,25 @@ steve_jobs:
- bin/web
expire_in: 1 week
build_webservice:
build_goemaxima_containers:
image: "docker:latest"
stage: build_webservice
stage: build
tags:
- docker
before_script:
- docker login -u mathinstitut -p "$DOCKERHUB_PASS"
script:
- ./build.sh "$REGISTRY" "$CI_COMMIT_TAG"
build_gitrollout:
image: "docker:latest"
stage: build
tags:
- docker
before_script:
- docker login -u mathinstitut -p "$DOCKERHUB_PASS"
script:
- docker build -t mathinstitut/gitrollout:latest git-rollout
only:
changes:
- git-rollout/**
from alpine:latest
run apk update && apk add git git-daemon jq && \
wget "https://dl.k8s.io/release/$(wget -q -O- https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
chmod a+x kubectl && \
cp kubectl /bin/kubectl && \
mkdir -p /git
copy update.sh /bin/update.sh
workdir /git
entrypoint ["/bin/update.sh"]
git-rollout
===========
This directory contains git-rollout, a small container and kubernetes config to update
rollout new containers whenever some git repository is updated.
At the MI, this is used to make the goemaxima containers automatically restart with new
macro files downloaded from git (see also the enableGitRollout and gitRollout values
in helmmaxima).
It has to be in the same namespace as the goemaxima instances and looks for the label
gitrollout=goemaxima label, which is already added if you use the helmmaxima chart with
enableGitRollout value set to true.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: git-rollout
rules:
- apiGroups: ["apps", "extensions"]
resources: ["deployments"]
verbs: ["get", "patch", "list"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: git-rollout
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: git-rollout
subjects:
- kind: ServiceAccount
name: git-rollout
roleRef:
kind: Role
name: git-rollout
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: git-rollout
labels:
app: git-rollout
spec:
selector:
matchLabels:
app: git-rollout
template:
metadata:
labels:
app: git-rollout
spec:
serviceAccountName: git-rollout
containers:
- name: git-rollout
image: "mathinstitut/git-rollout:latest"
imagePullPolicy: "Always"
args: ['https://github.com/eLearning-TUDarmstadt/maxima-scripts', 'gitrollout=goemaxima']
ports:
- containerPort: 9418
---
apiVersion: v1
kind: Service
metadata:
name: git-rollout
spec:
selector:
app: git-rollout
ports:
- protocol: TCP
port: 9418
targetPort: 9418
#!/bin/sh
SLEEP_TIME=180
DIR_NAME="git"
rm -rf "$DIR_NAME"
git clone "$1" "$DIR_NAME"
# required for git daemon to work on this repo
touch "$DIR_NAME/.git/git-daemon-export-ok"
git daemon --base-path="$(pwd)" --log-destination=stderr &
cd "$DIR_NAME"
while true; do
git remote update
# check whether there has been any update
if [ "$(git rev-parse @)" = "$(git rev-parse '@{u}')" ]; then
# do nothing if no update
sleep "$SLEEP_TIME"
continue
fi
# checkout latest commit
git reset --hard origin
# names of all deployments that match the labels in $2
deployments="$(kubectl get deployment -l "$2" -o json | jq -r '.items[].metadata.name')"
# restart all those deployments
for deployment in $deployments; do
kubectl rollout restart "deployment/$deployment"
done
sleep "$SLEEP_TIME"
done
......@@ -3,6 +3,9 @@ kind: Deployment
metadata:
name: {{ include "helmmaxima.fullname" . }}
labels:
{{ if .Values.enableGitRollout -}}
gitrollout: goemaxima
{{- end -}}
{{- include "helmmaxima.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
......@@ -15,6 +18,7 @@ spec:
{{- include "helmmaxima.selectorLabels" . | nindent 8 }}
app: {{ include "helmmaxima.fullname" . }}
spec:
terminationGracePeriodSeconds: 45
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
......@@ -22,6 +26,20 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
automountServiceAccountToken: false
{{ if .Values.enableGitRollout }}
initContainers:
- name: "{{ .Chart.Name }}-git"
image: "k8s.gcr.io/git-sync/git-sync:v3.6.1"
args: ['--root=/mnt', '--one-time', '--depth=1']
volumeMounts:
- mountPath: /mnt
name: git
env:
- name: GIT_SYNC_REPO
value: "{{ .Values.gitRollout.repo }}"
- name: GIT_SYNC_BRANCH
value: "{{ .Values.gitRollout.branch }}"
{{ end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
......@@ -35,6 +53,10 @@ spec:
volumeMounts:
- mountPath: /tmp
name: tmptmpfs
{{ if .Values.enableGitRollout }}
- mountPath: /mnt
name: git
{{ end }}
livenessProbe:
httpGet:
path: '/maxima?health=1'
......@@ -49,12 +71,26 @@ spec:
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
{{ if .Values.enableGitRollout }}
env:
- name: GOEMAXIMA_EXTRA_PACKAGES
value: "{{ .Values.gitRollout.includefile }}"
{{ end }}
lifecycle:
preStop:
exec:
command: ["/bin/sleep", "35"]
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: tmptmpfs
emptyDir:
medium: "Memory"
{{ if .Values.enableGitRollout }}
- name: git
emptyDir:
medium: "Memory"
{{ end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
......
......@@ -6,6 +6,16 @@ spec:
podSelector:
matchLabels:
app: {{ include "helmmaxima.fullname" . }}
# block all egress traffic
# block egress traffic
policyTypes:
- Egress
{{ if .Values.enableGitRollout }}
egress:
- to:
- podSelector:
matchLabels:
app: git-rollout
- ports:
- protocol: TCP
port: 9418
{{ end }}
......@@ -12,6 +12,12 @@ image:
image_prefix: mathinstitut/goemaxima
pullPolicy: Always
enableGitRollout: false
gitRollout:
repo: 'git://$(GIT_ROLLOUT_SERVICE_HOST)/git'
branch: main
includefile: '/mnt/git/main.mac'
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment