stack_car 0.8.0 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitlab-ci.yml +17 -12
- data/README.md +122 -1
- data/lib/stack_car/cli.rb +253 -41
- data/lib/stack_car/dot_rc.rb +25 -0
- data/lib/stack_car/version.rb +1 -1
- data/lib/stack_car.rb +1 -0
- data/stack_car.gemspec +2 -0
- data/templates/.dockerignore.erb +2 -2
- data/templates/.env.development.erb +2 -0
- data/templates/.env.erb +29 -16
- data/templates/.gitlab/issue_templates/Bug.md +46 -0
- data/templates/.gitlab/issue_templates/Feature.md +41 -0
- data/templates/.gitlab/issue_templates/Question.md +18 -0
- data/templates/.gitlab/merge_request_templates/Bug.md +36 -0
- data/templates/.gitlab/merge_request_templates/Feature.md +36 -0
- data/templates/.gitlab-ci.yml.erb +98 -65
- data/templates/.sops.yaml.erb +3 -0
- data/templates/Dockerfile.erb +26 -7
- data/templates/README.md +81 -7
- data/templates/chart/.gitignore +3 -0
- data/templates/chart/.helmignore +23 -0
- data/templates/chart/Chart.yaml.tt +30 -0
- data/templates/chart/README.md +223 -0
- data/templates/chart/bin/check_sidekiq.rb +0 -0
- data/templates/chart/bin/decrypt +17 -0
- data/templates/chart/bin/deploy +14 -0
- data/templates/chart/bin/encrypt +15 -0
- data/templates/chart/bin/remove +15 -0
- data/templates/chart/sample-values.yaml.tt +153 -0
- data/templates/chart/templates/_helpers.tpl.tt +85 -0
- data/templates/chart/templates/rails-env-cm.yaml.tt +47 -0
- data/templates/chart/templates/rails-env-secret.yaml +10 -0
- data/templates/chart/templates/rails-pvc-shared.yml +20 -0
- data/templates/chart/templates/setup-job.yaml +73 -0
- data/templates/chart/templates/web-deploy.yaml +67 -0
- data/templates/chart/templates/web-ing-wildcard.yaml +20 -0
- data/templates/chart/templates/web-ing.yaml +20 -0
- data/templates/chart/templates/web-svc.yaml +20 -0
- data/templates/chart-fcrepo/fcrepo-deploy.yaml +63 -0
- data/templates/chart-fcrepo/fcrepo-env-cm.yaml +8 -0
- data/templates/chart-fcrepo/fcrepo-env-secret.yaml.tt +10 -0
- data/templates/chart-fcrepo/fcrepo-pvc.yaml +20 -0
- data/templates/chart-fcrepo/fcrepo-svc.yaml +19 -0
- data/templates/chart-sidekiq/sidekiq-deploy.yaml +80 -0
- data/templates/database.yml.erb +10 -11
- data/templates/decrypt-secrets +22 -0
- data/templates/development.rb.erb +90 -0
- data/templates/docker-compose.yml.erb +52 -18
- data/templates/encrypt-secrets +19 -0
- data/templates/env.conf.erb +11 -11
- data/templates/nginx.sh.erb +17 -0
- data/templates/production.rb.erb +117 -0
- metadata +71 -12
- data/templates/Dockerfile.base.erb +0 -48
- data/templates/Dockerfile.builder.erb +0 -13
- data/templates/docker-compose.ci.yml.erb +0 -87
- data/templates/docker-compose.production.yml.erb +0 -26
data/templates/Dockerfile.erb
CHANGED
@@ -1,14 +1,33 @@
|
|
1
1
|
FROM CHANGEME/base:latest
|
2
|
+
<% if options[:git] -%>
|
3
|
+
ARG BRANCH=master
|
4
|
+
ARG REPO_URL
|
5
|
+
<% end -%>
|
2
6
|
|
3
|
-
ADD http://time.jsontest.com build-time
|
4
7
|
ADD ops/webapp.conf /etc/nginx/sites-enabled/webapp.conf
|
5
8
|
ADD ops/env.conf /etc/nginx/main.d/env.conf
|
6
|
-
ADD . $APP_HOME
|
7
9
|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
10
|
+
<% if options[:git] -%>
|
11
|
+
RUN /sbin/setuser app bash -l -c "set -x && \
|
12
|
+
git fetch -ap && \
|
13
|
+
git reset --hard && \
|
14
|
+
git checkout $BRANCH && \
|
15
|
+
git pull && \
|
16
|
+
(bundle check || bundle install) && \
|
17
|
+
bundle exec rake assets:clobber assets:precompile DATABASE_ADAPTER=nulldb && \
|
18
|
+
mv /home/app/webapp/public/assets /home/app/webapp/public/assets-new && \
|
19
|
+
mv /home/app/webapp/public/packs /home/app/webapp/public/packs-new"
|
20
|
+
<% else -%>
|
21
|
+
RUN gem install bundler -v CHANGEME # Add the BUNDLED WITH version listed at the bottom of the Gemfile.lock
|
22
|
+
COPY --chown=app . $APP_HOME
|
23
|
+
RUN /sbin/setuser app bash -l -c "set -x && \
|
24
|
+
(bundle check || bundle install) && \
|
25
|
+
bundle exec rake assets:clobber assets:precompile DATABASE_ADAPTER=nulldb && \
|
26
|
+
mv /home/app/webapp/public/assets /home/app/webapp/public/assets-new && \
|
27
|
+
mv /home/app/webapp/public/packs /home/app/webapp/public/packs-new"
|
28
|
+
<% end -%>
|
29
|
+
|
30
|
+
RUN bash -l -c "set -x && \
|
31
|
+
rm -f /etc/service/nginx/down"
|
13
32
|
|
14
33
|
CMD ["/sbin/my_init"]
|
data/templates/README.md
CHANGED
@@ -1,19 +1,93 @@
|
|
1
|
+
[Docker development setup](#docker-development-setup)
|
2
|
+
|
3
|
+
[Bash into the container](#bash-into-the-container)
|
4
|
+
|
5
|
+
[Handling Secrets with SOPS](#handling-secrets-with-sops)
|
6
|
+
|
7
|
+
[Deploy a new release](#deploy-a-new-release)
|
8
|
+
|
9
|
+
[Run import from admin page](#run-import-from-admin-page)
|
10
|
+
|
1
11
|
# Docker development setup
|
2
12
|
|
3
|
-
|
13
|
+
We recommend committing .env to your repo with good defaults. .env.development, .env.production etc can be used for local overrides and should not be in the repo. See [Handling Secrets with SOPS](#handling-secrets-with-sops) for how to manage secrets.
|
14
|
+
|
15
|
+
1) Install Docker.app
|
4
16
|
|
5
|
-
2)
|
17
|
+
2) Install stack car
|
18
|
+
``` bash
|
19
|
+
gem install stack_car
|
20
|
+
```
|
6
21
|
|
7
|
-
3)
|
22
|
+
3) Sign in with dory
|
23
|
+
``` bash
|
24
|
+
dory up
|
25
|
+
```
|
8
26
|
|
9
|
-
4)
|
27
|
+
4) Install dependencies
|
28
|
+
``` bash
|
29
|
+
yarn install
|
30
|
+
```
|
10
31
|
|
32
|
+
5) Start the server
|
33
|
+
``` bash
|
34
|
+
sc up
|
35
|
+
```
|
36
|
+
|
37
|
+
6) Load and seed the database
|
38
|
+
``` bash
|
39
|
+
sc be rake db:migrate db: seed
|
40
|
+
```
|
41
|
+
### Troubleshooting Docker Development Setup
|
42
|
+
Confirm or configure settings. Sub your information for the examples.
|
11
43
|
``` bash
|
12
|
-
|
13
|
-
|
44
|
+
git config --global user.name example
|
45
|
+
git config --global user.email example@example.com
|
46
|
+
docker login registry.gitlab.com
|
47
|
+
```
|
48
|
+
|
49
|
+
### While in the container you can do the following
|
50
|
+
- Run rspec
|
51
|
+
``` bash
|
52
|
+
bundle exec rspec
|
53
|
+
```
|
54
|
+
- Access the rails console
|
55
|
+
``` bash
|
56
|
+
bundle exec rails c
|
57
|
+
```
|
58
|
+
|
59
|
+
### Handling Secrets with SOPS
|
60
|
+
|
61
|
+
[**SOPS**](https://github.com/mozilla/sops) is used to handle this project's secrets.
|
14
62
|
|
63
|
+
The secrets in this repository include:
|
64
|
+
- `.env*` files
|
65
|
+
- `*-values.yaml` files
|
66
|
+
|
67
|
+
Scripts (`bin/decrypt-secrets` and `bin/encrypt-secrets`) are included in this project to help with managing secrets.
|
68
|
+
|
69
|
+
**To decrypt secrets**:
|
70
|
+
|
71
|
+
You will need to do this if you are new to the project or there have been changes to any secrets files that are required for development.
|
72
|
+
|
73
|
+
In terminal:
|
74
|
+
```bash
|
75
|
+
bin/decrypt-secrets
|
76
|
+
```
|
77
|
+
|
78
|
+
This will find and decrypt files with the `.enc` extension.
|
79
|
+
|
80
|
+
**To encrypt secrets**:
|
81
|
+
|
82
|
+
You will need to do this when you have edited secrets and are ready to commit them.
|
83
|
+
|
84
|
+
In terminal:
|
85
|
+
```bash
|
86
|
+
bin/encrypt-secrets
|
15
87
|
```
|
16
88
|
|
89
|
+
This will find and output an encrypted version of secret files with an `.enc` extension.
|
90
|
+
|
17
91
|
# Deploy a new release
|
18
92
|
|
19
93
|
``` bash
|
@@ -21,4 +95,4 @@ sc release {staging | production} # creates and pushes the correct tags
|
|
21
95
|
sc deploy {staging | production} # deployes those tags to the server
|
22
96
|
```
|
23
97
|
|
24
|
-
|
98
|
+
Release and Deployment are handled by the gitlab ci by default. See ops/deploy-app to deploy from locally, but note all Rancher install pull the currently tagged registry image
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# Patterns to ignore when building packages.
|
2
|
+
# This supports shell glob matching, relative path matching, and
|
3
|
+
# negation (prefixed with !). Only one pattern per line.
|
4
|
+
.DS_Store
|
5
|
+
# Common VCS dirs
|
6
|
+
.git/
|
7
|
+
.gitignore
|
8
|
+
.bzr/
|
9
|
+
.bzrignore
|
10
|
+
.hg/
|
11
|
+
.hgignore
|
12
|
+
.svn/
|
13
|
+
# Common backup files
|
14
|
+
*.swp
|
15
|
+
*.bak
|
16
|
+
*.tmp
|
17
|
+
*~
|
18
|
+
# Various IDEs
|
19
|
+
.project
|
20
|
+
.idea/
|
21
|
+
*.tmproj
|
22
|
+
server.pem
|
23
|
+
server.key
|
@@ -0,0 +1,30 @@
|
|
1
|
+
apiVersion: v1
|
2
|
+
appVersion: "0.0.1"
|
3
|
+
description: A Helm chart for <%= @project_name %>
|
4
|
+
name: <%= @project_name %>
|
5
|
+
version: 0.0.1
|
6
|
+
dependencies:
|
7
|
+
<%- if options[:solr] %>
|
8
|
+
- name: solr
|
9
|
+
version: 1.5.2
|
10
|
+
repository: https://charts.helm.sh/incubator
|
11
|
+
condition: solr.enabled
|
12
|
+
<%- end %>
|
13
|
+
<%- if options[:redis] %>
|
14
|
+
- name: redis
|
15
|
+
version: 11.0.4
|
16
|
+
repository: https://charts.bitnami.com/bitnami
|
17
|
+
condition: redis.enabled
|
18
|
+
<%- end %>
|
19
|
+
<%- if options[:postgres] %>
|
20
|
+
- name: postgresql
|
21
|
+
version: 10.3.18
|
22
|
+
repository: https://charts.bitnami.com/bitnami
|
23
|
+
condition: postgresql.enabled
|
24
|
+
<%- end %>
|
25
|
+
<%- if options[:mysql] %>
|
26
|
+
- name: mariadb
|
27
|
+
version: 7.3.14
|
28
|
+
repository: https://charts.helm.sh/stable
|
29
|
+
condition: mariadb.enabled
|
30
|
+
<%- end %>
|
@@ -0,0 +1,223 @@
|
|
1
|
+
Helm Chart
|
2
|
+
==========
|
3
|
+
|
4
|
+
This is a Rails Helm Chart which can be used to deploy a Rails instance to a Kubernetes cluster.
|
5
|
+
|
6
|
+
# Requirements
|
7
|
+
|
8
|
+
* helm
|
9
|
+
```
|
10
|
+
brew install helm
|
11
|
+
```
|
12
|
+
|
13
|
+
* kubernetes
|
14
|
+
Kubectl is the command line tool for controlling Kubernetes clusters. It is available via (https://docs.docker.com/docker-for-mac/)[Docker for Mac]
|
15
|
+
|
16
|
+
Alternatively:
|
17
|
+
```
|
18
|
+
brew install kubectl
|
19
|
+
```
|
20
|
+
|
21
|
+
# Getting Started Locally using Docker for Mac
|
22
|
+
|
23
|
+
## Setup
|
24
|
+
|
25
|
+
Install Docker for Mac (DfM)
|
26
|
+
|
27
|
+
Enable the Kubernetes Cluster in the DfM Settings
|
28
|
+
|
29
|
+
In the menu bar item for DfM you'll 'Kubernetes', this will list the available clusters. For local deployment make sure docker-desktop is selected.
|
30
|
+
|
31
|
+
## KubeConfig
|
32
|
+
|
33
|
+
Kubernetetes creates a config file at `~/.kube/config`. When we come to setting up access to external clusters, we will be editing this file. That will add clusters to the DfM Kubernetes list. Remember that if you are running deployment actions using helm or kubectl they will use the cluster selected in that list, so if you were deploying to a production server yesterday, that will still be selected. It is a good practice to run `kubectl cluster-info` or `kubectl config current-context` before starting any deployment to make sure you are deploying to the right cluster.
|
34
|
+
|
35
|
+
## GitLab Secret
|
36
|
+
|
37
|
+
To pull images from a private registry, you'll need a secret
|
38
|
+
|
39
|
+
For GitLab, create a Personal Access Token in GitLab with read access.
|
40
|
+
|
41
|
+
Create your secret (called gitlab) in kubectl, substituting the items in {} with your data:
|
42
|
+
```
|
43
|
+
create secret docker-registry gitlab --docker-server=https://registry.gitlab.com --docker-username={YOUR USERNAME} --docker-password={PERSONAL ACCESS TOKEN} --docker-email={YOUR EMAIL} --namespace {NAMESPACE eg. hyku-staging}
|
44
|
+
```
|
45
|
+
|
46
|
+
Reference the secret in `imagePullSecrets`, see the sample.yamnl file for an example.
|
47
|
+
|
48
|
+
For other private registries, please consult their documentation on access tokens.
|
49
|
+
|
50
|
+
## TLS Secret
|
51
|
+
|
52
|
+
We also need to setup a secret for TLS certificates.
|
53
|
+
|
54
|
+
```
|
55
|
+
# this command will generate self signed server certificate and key: server.pem, server.key
|
56
|
+
# key and cert are stored in Secret object named `demoapp-puma-tls`.
|
57
|
+
# you can confirm this object by `kubectl describe secret demoapp-puma-tls`
|
58
|
+
export COMMON_NAME=localhost
|
59
|
+
openssl req -new -x509 -nodes -keyout server.key -days 3650 \
|
60
|
+
-subj "/CN=${COMMON_NAME}" \
|
61
|
+
-extensions v3_req \
|
62
|
+
-config <(cat openssl.conf | sed s/\${COMMON_NAME}/$COMMON_NAME/) > server.pem
|
63
|
+
```
|
64
|
+
|
65
|
+
NOTE: you may need change openssl.conf to point to your local path, eg. /System/Library/OpenSSL/openssl.cnf
|
66
|
+
|
67
|
+
```
|
68
|
+
kubectl create secret tls demoapp-puma-tls --key server.key --cert server.pem
|
69
|
+
```
|
70
|
+
|
71
|
+
## Add Helm Chart Repository
|
72
|
+
|
73
|
+
We are going to need to install a couple of things on our local cluster. For this we need to install charts from the Helm stable chart repository.
|
74
|
+
|
75
|
+
One off installation of the repository:
|
76
|
+
```
|
77
|
+
helm repo add stable https://kubernetes-charts.storage.googleapis.com
|
78
|
+
```
|
79
|
+
|
80
|
+
## Install NFS
|
81
|
+
|
82
|
+
To run locally and use NFS file mounts we'll need an NFS server:
|
83
|
+
|
84
|
+
Helm install to run the nfs server on kubernetes:
|
85
|
+
```
|
86
|
+
helm install stable/nfs-server-provisioner --generate-name
|
87
|
+
```
|
88
|
+
|
89
|
+
NOTE: you can substitute --generate-name with --name followed by your chosen name for the resource
|
90
|
+
|
91
|
+
NOTE: stop / remove it with helm uninstall {name} --namespace default
|
92
|
+
|
93
|
+
### Ingress
|
94
|
+
|
95
|
+
To run locally we'll need an Ingress controller - this provides us with the ability to access the application on the web:
|
96
|
+
|
97
|
+
Helm install to run the ingress controller on kubernetes:
|
98
|
+
```
|
99
|
+
helm install stable/nginx-ingress --generate-name
|
100
|
+
```
|
101
|
+
|
102
|
+
NOTE: you can substitute --generate-name with --name followed by your chosen name for the resource
|
103
|
+
|
104
|
+
NOTE: stop / remove it with helm uninstall {name} --namespace default
|
105
|
+
|
106
|
+
## Values
|
107
|
+
|
108
|
+
When deploying the Helm chart we will provide a yaml file containing various configurations choices.
|
109
|
+
|
110
|
+
A sample values file is provided to give defaults: `sample.yaml`. Copy this file (eg. to development-values.yamnl) and change values as appropriate.
|
111
|
+
|
112
|
+
**Handling values files**
|
113
|
+
|
114
|
+
Since values files are likely to contain sensitive information like API keys, they are included in `.gitignore` and MUST NOT be added to the repository. Encrypt the file before committing them to the repository, using the provided bin scripts in this directory.
|
115
|
+
|
116
|
+
Example workflow (given values file is already created):
|
117
|
+
- Edit values file
|
118
|
+
- `chart/bin/encrypt staging <keybase-team-name>`
|
119
|
+
- This command will create `staging-values.yaml.enc`
|
120
|
+
- `git add staging-values.yaml.enc`
|
121
|
+
- Commit and push
|
122
|
+
|
123
|
+
When pulling down a repo or branch, you will need to start by decrypting.
|
124
|
+
|
125
|
+
Example:
|
126
|
+
- `chart/bin/decrypt staging`
|
127
|
+
|
128
|
+
## Deploy using Helm
|
129
|
+
|
130
|
+
From ./chart/
|
131
|
+
|
132
|
+
```
|
133
|
+
./bin/deploy development latest
|
134
|
+
```
|
135
|
+
|
136
|
+
Open demoapp in browser
|
137
|
+
```
|
138
|
+
open locaallhost
|
139
|
+
```
|
140
|
+
|
141
|
+
## Cleanup
|
142
|
+
helm uninstall development --namespace REPO_NAME
|
143
|
+
|
144
|
+
eg. `helm uninstall development --namespace project-env`
|
145
|
+
|
146
|
+
Tip: add the --dry-run to see what will be deleted
|
147
|
+
|
148
|
+
## Kubernetes Dashboard
|
149
|
+
|
150
|
+
Kubernetes provides a web-based dashboard for viewing and managing the deployed resources.
|
151
|
+
|
152
|
+
# Install it:
|
153
|
+
```
|
154
|
+
helm install stable/kubernetes-dashboard --generate-name
|
155
|
+
```
|
156
|
+
|
157
|
+
Make a note of the start command printed on install. It includes the release name (eg. kubernetes-dashboard-1579333192).
|
158
|
+
|
159
|
+
Tip: You can replace --generate-name with --name and supply a name for the release to give you a stable name.
|
160
|
+
|
161
|
+
Start it:
|
162
|
+
```
|
163
|
+
(RELEASE_NAME will be the value from your installation - find it with helm ls)
|
164
|
+
|
165
|
+
export POD_NAME=$(kubectl get pods -n default -l "app=kubernetes-dashboard,release=RELEASE_NAME" -o jsonpath="{.items[0].metadata.name}")
|
166
|
+
echo https://127.0.0.1:8443/
|
167
|
+
kubectl -n default port-forward $POD_NAME 8443:8443
|
168
|
+
```
|
169
|
+
|
170
|
+
Open it:
|
171
|
+
```
|
172
|
+
https://127.0.0.1:8443/
|
173
|
+
```
|
174
|
+
|
175
|
+
It will ask you to login by one of two methods. Opt for 'access token'.
|
176
|
+
|
177
|
+
Print your access token in a console as follwos, and then copy paste it into the token box on the dashboard login:
|
178
|
+
```
|
179
|
+
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | awk '/^deployment-controller-token-/{print $1}') | awk '$1=="token:"{print $2}'
|
180
|
+
```
|
181
|
+
|
182
|
+
# Deploying to Staging and Production clusters
|
183
|
+
|
184
|
+
Staging and Production deployment require the following steps:
|
185
|
+
|
186
|
+
1. Add the necessary kube config for your remote cluster
|
187
|
+
|
188
|
+
2. Switch kubernetes context
|
189
|
+
|
190
|
+
Either using the list in DfM Kubernetes, or with the following:
|
191
|
+
|
192
|
+
```
|
193
|
+
# check the current context
|
194
|
+
kubectl config current-context
|
195
|
+
# find the context you want in the list
|
196
|
+
kubectl config get-contexts
|
197
|
+
# switch
|
198
|
+
kubectl config use-context CONTEXT_NAME
|
199
|
+
```
|
200
|
+
|
201
|
+
3. Setup the *-values.yaml for staging or production
|
202
|
+
|
203
|
+
4. Deploy
|
204
|
+
|
205
|
+
```
|
206
|
+
# bin/deploy ENVIRONMENT TAG
|
207
|
+
bin/deploy staging latest
|
208
|
+
```
|
209
|
+
|
210
|
+
NOTE: the TAG will be used to pull the latest image from the GitLab repository. If the code has changed, make sure it's been pushed and the tagged image in the repository updated.
|
211
|
+
|
212
|
+
The namespace will be set to the git repository name, eg. project-env. Make sure the namespace exists in your cluster. Create it with `kubectl create namespace project-env`
|
213
|
+
|
214
|
+
# Troubleshooting
|
215
|
+
|
216
|
+
The Kubernetes Dashboard (locally) allows you to view logs and access a shell session. If problems occur during deployment, there is an event history that can provide more information.
|
217
|
+
|
218
|
+
There are equivalent kubectl commands for logs and accessing a shell, eg.
|
219
|
+
|
220
|
+
```
|
221
|
+
kubectl kubectl exec -it POD --namespace NAMESPACE -- /bin/bash
|
222
|
+
kubectl kubectl logs POD --namespace NAMESPACE
|
223
|
+
```
|
File without changes
|
@@ -0,0 +1,17 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
3
|
+
cd $DIR/../../chart
|
4
|
+
|
5
|
+
echo $DIR
|
6
|
+
|
7
|
+
REPO=$(basename $(git config --get remote.origin.url))
|
8
|
+
NAMESPACE=${REPO%.git}
|
9
|
+
|
10
|
+
if [ -z "$1" ]
|
11
|
+
then
|
12
|
+
echo './chart/bin/decrypt ENVIRONMENT'
|
13
|
+
exit 1
|
14
|
+
fi
|
15
|
+
|
16
|
+
keybase decrypt -i $1-values.yaml.enc -o $1-values.yaml
|
17
|
+
|