diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fd1068e2ff142cf16abaa1c1451315abe700dea1..2d549ff8530cc217b74cf891886ff2552d117a38 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,6 @@
variables:
GITLAB_PASTEUR_PROJECT_ID: 6531
+ PROJECT_NAME: nyxui
stages:
- build
@@ -52,15 +53,18 @@ build dev on gitlab.pasteur.fr:
--docker-username="$DOCKER_USER"
--docker-password="$DOCKER_TOKEN"
--docker-email=kubernetes@pasteur.fr
- -n "$NAMESPACE"
+ -n "$KUBE_NAMESPACE"
--dry-run=client -o yaml | kubectl apply -f -
- - envsubst < k8s/front-deployment.yaml | kubectl apply -n "$NAMESPACE" -f -
- - envsubst < k8s/front-service.yaml | kubectl apply -n "$NAMESPACE" -f -
- - envsubst < k8s/ingress.yaml | kubectl apply -n "$NAMESPACE" -f -
+ - envsubst < k8s/front-deployment.yaml | kubectl apply -n "$KUBE_NAMESPACE" -f -
+ - envsubst < k8s/front-service.yaml | kubectl apply -n "$KUBE_NAMESPACE" -f -
+ - envsubst < k8s/ingress.yaml | kubectl apply -n "$KUBE_NAMESPACE" -f -
.deploy-with-helm:
stage: deploy
image: docker.io/enix/ci-toolbox:1.21
+ variables:
+ IMAGE_NAME: "front"
+ IMAGE_POLICY: "Always"
script:
- kubectl create secret
docker-registry registry-gitlab
@@ -70,18 +74,23 @@ build dev on gitlab.pasteur.fr:
--docker-email=kubernetes@pasteur.fr
--dry-run=client
-n "$NAMESPACE" -o yaml | kubectl apply -f -
- - cd $CI_PROJECT_DIR/nyxui
- - helm upgrade --install --debug nyxui . --namespace="$NAMESPACE"
- --set front.image.tag=$CI_COMMIT_SHORT_SHA
- --set ingress.hosts[0].host="$PUBLIC_URL"
- --set ingress.hosts[0].paths[0].path="/"
- --set ingress.hosts[0].paths[0].pathType="Prefix"
+ - helmfile lint
+ - helmfile template
+ - helmfile sync
deploy to pasteur.cloud:
- extends: .deploy-with-manifests
+ extends: .deploy-with-helm
variables:
- NAMESPACE: "nyx-prod"
+ SERVICE_TARGET_PORT: "8080"
+ IMAGE_SECRETS: "registry-gitlab"
+ KUBE_NAMESPACE: "nyx-prod"
PUBLIC_URL: "nyx.pasteur.cloud"
+ INGRESS_CLASS: "external"
+ INGRESS_URL: "nyx.pasteur.cloud"
+ SERVICE_PORT: "80"
+ LIMITS_CPU: "2"
+ LIMITS_MEMORY: "4Gi"
+ LIMITS_STORAGE: "1Gi"
environment:
name: k8sprod-02/nyx-prod
url: https://nyx.pasteur.cloud
@@ -91,14 +100,23 @@ deploy to pasteur.cloud:
when: manual
deploy to dev.pasteur.cloud:
- extends: .deploy-with-manifests
+ extends: .deploy-with-helm
variables:
- NAMESPACE: "nyx-dev"
+ SERVICE_TARGET_PORT: "8080"
+ IMAGE_SECRETS: "registry-gitlab"
+ KUBE_NAMESPACE: "nyx-dev"
PUBLIC_URL: "nyx.dev.pasteur.cloud"
+ INGRESS_CLASS: "internal"
+ INGRESS_URL: "nyx.dev.pasteur.cloud"
+ SERVICE_PORT: "80"
+ LIMITS_CPU: "2"
+ LIMITS_MEMORY: "4Gi"
+ LIMITS_STORAGE: "1Gi"
environment:
name: k8sdev-01/nyx-dev
url: https://nyx.dev.pasteur.cloud
rules:
- if: ($CI_COMMIT_BRANCH == "dev" &&
$CI_PROJECT_ID == $GITLAB_PASTEUR_PROJECT_ID) # gitlab.pasteur.fr only
+ when: manual
diff --git a/helmfile.yaml b/helmfile.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bf74d576d800241b2043700f26d9822fa26bd107
--- /dev/null
+++ b/helmfile.yaml
@@ -0,0 +1,9 @@
+helmDefaults:
+ createNamespace: false
+releases:
+ - name: nyxui
+ chart: ./nyxui
+ namespace: {{ requiredEnv "KUBE_NAMESPACE" }}
+ installed: true
+ values:
+ - ./values-yaml.gotmpl
diff --git a/nyxui/templates/_helpers.tpl b/nyxui/templates/_helpers.tpl
index 125531c06952395d6ab6f6de924551ec54a8e226..773eca2628ab1c5458380f1ef95ba5b858c9d6b8 100644
--- a/nyxui/templates/_helpers.tpl
+++ b/nyxui/templates/_helpers.tpl
@@ -55,7 +55,7 @@ Create the name of the service account to use
*/}}
{{- define "nyxui.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
-{{- default (include "nyxui.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "nyxui.name" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
diff --git a/nyxui/templates/deployment-front.yaml b/nyxui/templates/deployment-front.yaml
index 7c126b79d441b5df3844bf0446912f85500e0bf0..e4319b60f95077b28ca3c82ebbb063a4c36914a9 100644
--- a/nyxui/templates/deployment-front.yaml
+++ b/nyxui/templates/deployment-front.yaml
@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: {{ include "nyxui.fullname" . }}
+ name: {{ include "nyxui.name" . }}
labels:
{{- include "nyxui.labels" . | nindent 4 }}
spec:
@@ -34,7 +34,7 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
- image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag | default .Chart.AppVersion }}"
+ image: "{{ .Values.front.image.repository }}/{{ .Values.front.image.name }}:{{ .Values.front.image.tag }}"
imagePullPolicy: {{ .Values.front.image.pullPolicy }}
ports:
- name: http
diff --git a/nyxui/templates/hpa.yaml b/nyxui/templates/hpa.yaml
index 0b7c7d49f87fe8fd7016978b77e9c127014479f6..4835fd88cad216fbe50d2a03bb75e61ad12b4004 100644
--- a/nyxui/templates/hpa.yaml
+++ b/nyxui/templates/hpa.yaml
@@ -2,14 +2,14 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
- name: {{ include "nyxui.fullname" . }}
+ name: {{ include "nyxui.name" . }}
labels:
{{- include "nyxui.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: {{ include "nyxui.fullname" . }}
+ name: {{ include "nyxui.name" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
diff --git a/nyxui/templates/ingress.yaml b/nyxui/templates/ingress.yaml
index 1e8b4d4a3bc20a71199d72e290a8e9f860e5891a..79522d81581951e662142e67a07a2f658f1dbbc0 100644
--- a/nyxui/templates/ingress.yaml
+++ b/nyxui/templates/ingress.yaml
@@ -1,5 +1,5 @@
{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "nyxui.fullname" . -}}
+{{- $fullName := include "nyxui.name" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
@@ -15,9 +15,9 @@ apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
- name: {{ $fullName }}
+ name: {{ .Values.ingress.name }}
labels:
- {{- include "nyxui.labels" . | nindent 4 }}
+ app: {{ .Values.ingress.name }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/nyxui/templates/service.yaml b/nyxui/templates/service.yaml
index f27ec2454928759ba141fe06387524388aa2d759..60862517ccbf08121aa79a056685be0af95c2916 100644
--- a/nyxui/templates/service.yaml
+++ b/nyxui/templates/service.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
- name: {{ include "nyxui.fullname" . }}
+ name: {{ include "nyxui.name" . }}
labels:
{{- include "nyxui.labels" . | nindent 4 }}
spec:
diff --git a/nyxui/templates/tests/test-connection.yaml b/nyxui/templates/tests/test-connection.yaml
index 94ce042f9f0e6e3dcdd04a233f37ad3c3bc89e07..99f08c826cfd767d9c6a9d6ae55eb82ad93f205a 100644
--- a/nyxui/templates/tests/test-connection.yaml
+++ b/nyxui/templates/tests/test-connection.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
- name: "{{ include "nyxui.fullname" . }}-test-connection"
+ name: "{{ include "nyxui.name" . }}-test-connection"
labels:
{{- include "nyxui.labels" . | nindent 4 }}
annotations:
@@ -11,5 +11,5 @@ spec:
- name: wget
image: busybox
command: ['wget']
- args: ['{{ include "nyxui.fullname" . }}:{{ .Values.service.port }}']
+ args: ['{{ include "nyxui.name" . }}:{{ .Values.service.port }}']
restartPolicy: Never
diff --git a/nyxui/values.yaml b/nyxui/values.yaml
index 0a56e70df5fd29d2617cff6b1e0a7316cef3fbaf..c7bde4b53aa898e7b498be9c48dd79fee0850467 100644
--- a/nyxui/values.yaml
+++ b/nyxui/values.yaml
@@ -6,10 +6,10 @@ replicaCount: 1
front:
image:
- repository: registry-gitlab.pasteur.fr/nyx/nyxui.jl/front
- pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
+ repository: registry-gitlab.pasteur.fr/nyx/nyxui.jl
+ name: front
tag: ""
+ pullPolicy: Always
service:
targetPort: 8080
@@ -49,12 +49,14 @@ service:
ingress:
enabled: true
- className: ""
+ className: internal
+ name: nyxui
annotations:
- kubernetes.io/ingress.class: internal
- # kubernetes.io/tls-acme: "true"
+ meta.helm.sh/release-name: nyxui
+ meta.helm.sh/release-namespace: nyxui-dev
+ nginx.ingress.kubernetes.io/proxy-body-size: "0"
hosts:
- - host: nyx.pasteur.cloud
+ - host: nyx.dev.pasteur.cloud
paths:
- path: /
pathType: Prefix
@@ -63,17 +65,15 @@ ingress:
# hosts:
# - chart-example.local
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- # limits:
- # cpu: 100m
- # memory: 128Mi
- # requests:
- # cpu: 100m
- # memory: 128Mi
+resources:
+ limits:
+ cpu: "2"
+ memory: 4Gi
+ ephemeral-storage: 1Gi
+ requests:
+ cpu: "2"
+ memory: 4Gi
+ ephemeral-storage: 1Gi
autoscaling:
enabled: false
diff --git a/values-yaml.gotmpl b/values-yaml.gotmpl
new file mode 100644
index 0000000000000000000000000000000000000000..d2b4df2f2498b992c4b4f9c3589308ffe201af6f
--- /dev/null
+++ b/values-yaml.gotmpl
@@ -0,0 +1,102 @@
+# Default values for nyxui.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+front:
+ image:
+ repository: {{ requiredEnv "CI_REGISTRY_IMAGE" }}
+ name: {{ requiredEnv "IMAGE_NAME" }}
+ tag: {{ requiredEnv "CI_COMMIT_SHORT_SHA" }}
+ pullPolicy: {{ requiredEnv "IMAGE_POLICY" }}
+ service:
+ targetPort: {{ requiredEnv "SERVICE_TARGET_PORT" }}
+
+imagePullSecrets:
+ - name: {{ requiredEnv "IMAGE_SECRETS" }}
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+podLabels: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: ClusterIP
+ port: {{ requiredEnv "SERVICE_PORT" }}
+
+ingress:
+ enabled: true
+ name: nyxui
+ className: {{ requiredEnv "INGRESS_CLASS" }}
+ annotations:
+ meta.helm.sh/release-name: {{ requiredEnv "INGRESS_CLASS" }}
+ meta.helm.sh/release-namespace: {{ requiredEnv "KUBE_NAMESPACE" }}
+ nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ hosts:
+ - host: {{ requiredEnv "INGRESS_URL" }}
+ paths:
+ - path: /
+ pathType: Prefix
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources:
+ limits:
+ cpu: {{ requiredEnv "LIMITS_CPU" }}
+ memory: {{ requiredEnv "LIMITS_MEMORY" }}
+ ephemeral-storage: {{ requiredEnv "LIMITS_STORAGE" }}
+ requests:
+ cpu: {{ requiredEnv "LIMITS_CPU" }}
+ memory: {{ requiredEnv "LIMITS_MEMORY" }}
+ ephemeral-storage: {{ requiredEnv "LIMITS_STORAGE" }}
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 1
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+# Additional volumes on the output Deployment definition.
+volumes: []
+# - name: foo
+# secret:
+# secretName: mysecret
+# optional: false
+
+# Additional volumeMounts on the output Deployment definition.
+volumeMounts: []
+# - name: foo
+# mountPath: "/etc/foo"
+# readOnly: true
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}