deployment to prod

9d451958 · François LAURENT · 6747f04e · 9d451958 · 9d451958 · 9d451958
Commit 9d451958 authored 5 months ago by François LAURENT
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 variables:
  GITLAB_PASTEUR_PROJECT_ID: 6531
+  PROJECT_NAME: nyxui
 stages:
  - build
@@ -72,20 +73,27 @@ build dev on gitlab.pasteur.fr:
      --docker-email=kubernetes@pasteur.fr
      --dry-run=client
      -n "$NAMESPACE" -o yaml | kubectl apply -f -
-    - cd $CI_PROJECT_DIR/nyxui
+   # - cd $CI_PROJECT_DIR/nyxui
-    - helm upgrade --install --debug nyxui . --namespace="$NAMESPACE"
+    - helmfile lint
-      --set front.image.tag=$CI_COMMIT_SHORT_SHA
+    - helmfile template
-      --set ingress.hosts[0].host="$PUBLIC_URL"
+    - helmfile sync
-      --set ingress.hosts[0].paths[0].path="/"
-      --set ingress.hosts[0].paths[0].pathType="Prefix"
  rules:
    - if: $CI_PROJECT_ID == $GITLAB_PASTEUR_PROJECT_ID      # gitlab.pasteur.fr only
 deploy to pasteur.cloud:
-  extends: .deploy-with-manifests
+  extends: .deploy-with-helm
  variables:
-    NAMESPACE: "nyx-prod"
+    IMAGE_URL: "registry-gitlab.pasteur.fr/nyx/nyxui.jl/front"
+    SERVICE_TARGET_PORT: "8080"
+    IMAGE_SECRETS: "registry-gitlab"
+    KUBE_NAMESPACE: "nyx-prod"
    PUBLIC_URL: "nyx.pasteur.cloud"
+    INGRESS_CLASS: "internal"
+    INGRESS_URL: "nyx.pasteur.cloud"
+    SERVICE_PORT: "80"
+    LIMITS_CPU: "2"
+    LIMITS_MEMORY: "4Gi"
+    LIMITS_STORAGE: "1Gi"
  environment:
    name: k8sprod-02/nyx-prod
    url: https://nyx.pasteur.cloud
@@ -94,13 +102,23 @@ deploy to pasteur.cloud:
      when: manual
 deploy to dev.pasteur.cloud:
-  extends: .deploy-with-manifests
+  extends: .deploy-with-helm
  variables:
-    NAMESPACE: "nyx-dev"
+    IMAGE_URL: "registry-gitlab.pasteur.fr/nyx/nyxui.jl/front"
+    SERVICE_TARGET_PORT: "8080"
+    IMAGE_SECRETS: "registry-gitlab"
+    KUBE_NAMESPACE: "nyx-dev"
    PUBLIC_URL: "nyx.dev.pasteur.cloud"
+    INGRESS_CLASS: "internal"
+    INGRESS_URL: "nyx.dev.pasteur.cloud"
+    SERVICE_PORT: "80"
+    LIMITS_CPU: "2"
+    LIMITS_MEMORY: "4Gi"
+    LIMITS_STORAGE: "1Gi"
  environment:
    name: k8sdev-01/nyx-dev
    url: https://nyx.dev.pasteur.cloud
  rules:
    - if: $CI_COMMIT_BRANCH == "dev"
+      when: manual
--- a/front/Manifest.toml
+++ b/front/Manifest.toml
@@ -27,9 +27,9 @@ version = "0.1.9"
 [[deps.Bonito]]
 deps = ["Base64", "CodecZlib", "Colors", "Dates", "Deno_jll", "HTTP", "Hyperscript", "LinearAlgebra", "Markdown", "MsgPack", "Observables", "RelocatableFolders", "SHA", "Sockets", "Tables", "ThreadPools", "URIs", "UUIDs", "WidgetsBase"]
-git-tree-sha1 = "262f58917d5d9644d16ec6f53480e11a6e128db2"
+git-tree-sha1 = "534820940e4359c09adc615f8bd06ca90d508ba6"
 uuid = "824d6782-a2ef-11e9-3a09-e5662e0c26f8"
-version = "4.0.0"
+version = "4.0.1"
 [[deps.CSTParser]]
 deps = ["Tokenize"]
@@ -438,11 +438,11 @@ version = "1.0.0"
 [[deps.NyxPlots]]
 deps = ["Bonito", "Observables", "PlotlyBase"]
-git-tree-sha1 = "08f7db5d9fe0d084773c96b15ac0ef69f2b6e283"
+git-tree-sha1 = "3d54e1c527baaf6a003e0d7a4fce5fcb9d3dd775"
 repo-rev = "main"
 repo-url = "https://gitlab.com/dbc-nyx/NyxPlots.jl"
 uuid = "e8b8ccdb-0776-4145-b74f-57bbbfff4409"
-version = "0.1.1"
+version = "0.1.2"
 [[deps.NyxWidgets]]
 deps = ["Bonito", "Colors", "Format", "LazyArtifacts", "Observables"]

--- a/helmfile.yaml
+++ b/helmfile.yaml
+helmDefaults:
+  createNamespace: false
+releases:
+  - name: nyxui
+    chart: ./nyxui
+    namespace: {{ requiredEnv "KUBE_NAMESPACE" }}
+    installed: true
+    values:
+    - ./values-yaml.gotmpl
--- a/k8s/front-deployment.yaml
+++ b/k8s/front-deployment.yaml
@@ -18,6 +18,15 @@ spec:
      containers:
        - name: $APP_NAME
          image: $FQ_IMAGE_NAME
+          resources:
+            limits:
+              cpu: "2"
+              ephemeral-storage: 1Gi
+              memory: 4Gi
+            requests:
+              cpu: "2"
+              ephemeral-storage: 1Gi
+              memory: 4Gi
          ports:
            - name: http
              containerPort: 8080
@@ -26,4 +35,4 @@ spec:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
\ No newline at end of file
--- a/nyxui/templates/_helpers.tpl
+++ b/nyxui/templates/_helpers.tpl
@@ -55,7 +55,7 @@ Create the name of the service account to use
 */}}
 {{- define "nyxui.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "nyxui.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "nyxui.name" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

--- a/nyxui/templates/deployment-front.yaml
+++ b/nyxui/templates/deployment-front.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "nyxui.fullname" . }}
+  name: {{ include "nyxui.name" . }}
  labels:
    {{- include "nyxui.labels" . | nindent 4 }}
 spec:

--- a/nyxui/templates/hpa.yaml
+++ b/nyxui/templates/hpa.yaml
@@ -2,14 +2,14 @@
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "nyxui.fullname" . }}
+  name: {{ include "nyxui.name" . }}
  labels:
    {{- include "nyxui.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
-    name: {{ include "nyxui.fullname" . }}
+    name: {{ include "nyxui.name" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:

--- a/nyxui/templates/ingress.yaml
+++ b/nyxui/templates/ingress.yaml
 {{- if .Values.ingress.enabled -}}
-{{- $fullName := include "nyxui.fullname" . -}}
+{{- $fullName := include "nyxui.name" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
@@ -15,9 +15,9 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: {{ .Values.ingress.name }}
  labels:
-    {{- include "nyxui.labels" . | nindent 4 }}
+    app: {{ .Values.ingress.name }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
@@ -49,11 +49,11 @@ spec:
            backend:
              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
              service:
-                name: {{ $fullName }}
+                name: {{ $fullName }}-front
                port:
                  number: {{ $svcPort }}
              {{- else }}
-              serviceName: {{ $fullName }}
+              serviceName: {{ $fullName }}-front
              servicePort: {{ $svcPort }}
              {{- end }}
          {{- end }}

--- a/nyxui/templates/service.yaml
+++ b/nyxui/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "nyxui.fullname" . }}
+  name: {{ include "nyxui.name" . }}
  labels:
    {{- include "nyxui.labels" . | nindent 4 }}
 spec:

--- a/nyxui/templates/tests/test-connection.yaml
+++ b/nyxui/templates/tests/test-connection.yaml
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{ include "nyxui.fullname" . }}-test-connection"
+  name: "{{ include "nyxui.name" . }}-test-connection"
  labels:
    {{- include "nyxui.labels" . | nindent 4 }}
  annotations:
@@ -11,5 +11,5 @@ spec:
    - name: wget
      image: busybox
      command: ['wget']
-      args: ['{{ include "nyxui.fullname" . }}:{{ .Values.service.port }}']
+      args: ['{{ include "nyxui.name" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
--- a/nyxui/values.yaml
+++ b/nyxui/values.yaml
@@ -49,12 +49,14 @@ service:
 ingress:
  enabled: true
-  className: ""
+  className: internal
+  name: nyxui
  annotations:
-    kubernetes.io/ingress.class: internal
+    meta.helm.sh/release-name: nyxui
-    # kubernetes.io/tls-acme: "true"
+    meta.helm.sh/release-namespace: nyxui-dev
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  hosts:
-    - host: nyx.pasteur.cloud
+    - host: nyx.dev.pasteur.cloud
      paths:
        - path: /
          pathType: Prefix
@@ -63,17 +65,15 @@ ingress:
  #    hosts:
  #      - chart-example.local
-resources: {}
+resources: 
-  # We usually recommend not to specify default resources and to leave this as a conscious
+  limits:
-  # choice for the user. This also increases chances charts run on environments with little
+    cpu: "2"
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    memory: 4Gi
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ephemeral-storage: 1Gi
-  # limits:
+  requests:
-  #   cpu: 100m
+    cpu: "2"
-  #   memory: 128Mi
+    memory: 4Gi
-  # requests:
+    ephemeral-storage: 1Gi
-  #   cpu: 100m
-  #   memory: 128Mi
 autoscaling:
  enabled: false

--- a/values-yaml.gotmpl
+++ b/values-yaml.gotmpl
+# Default values for nyxui.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: 1
+front:
+  image:
+    repository: {{ requiredEnv "IMAGE_URL" }}
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+  service:
+    targetPort: {{ requiredEnv "SERVICE_TARGET_PORT" }} 
+imagePullSecrets:
+  - name: {{ requiredEnv "IMAGE_SECRETS" }}
+nameOverride: ""
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+  # fsGroup: 2000
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+service:
+  type: ClusterIP
+  port: {{ requiredEnv "SERVICE_PORT" }}
+ingress:
+  enabled: true
+  name: nyxui
+  className: {{ requiredEnv "INGRESS_CLASS" }}
+  annotations:
+    meta.helm.sh/release-name:  {{ requiredEnv "INGRESS_CLASS" }}
+    meta.helm.sh/release-namespace: {{ requiredEnv "KUBE_NAMESPACE" }}
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  hosts:
+    - host: {{ requiredEnv "INGRESS_URL" }}
+      paths:
+        - path: /
+          pathType: Prefix
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+resources: 
+  limits:
+    cpu: {{ requiredEnv "LIMITS_CPU" }}
+    memory: {{ requiredEnv "LIMITS_MEMORY" }}
+    ephemeral-storage: {{ requiredEnv "LIMITS_STORAGE" }}
+  requests:
+    cpu: {{ requiredEnv "LIMITS_CPU" }}
+    memory: {{ requiredEnv "LIMITS_MEMORY" }}
+    ephemeral-storage: {{ requiredEnv "LIMITS_STORAGE" }}
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 1
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+# Additional volumes on the output Deployment definition.
+volumes: []
+# - name: foo
+#   secret:
+#     secretName: mysecret
+#     optional: false
+# Additional volumeMounts on the output Deployment definition.
+volumeMounts: []
+# - name: foo
+#   mountPath: "/etc/foo"
+#   readOnly: true
+nodeSelector: {}
+tolerations: []
+affinity: {}