Quang tru HUYNH
Python Django Template

Repository

# https://docs.docker.com/engine/reference/builder/
# FROM refer the image where we start from
# Here we will use a basic python 3 debian image

FROM python:3

# Use the RUN command to pass command to be run
# Here we update the image and add python3 virtualenv

RUN apt-get update && apt-get upgrade -y && apt-get install \
  -y --no-install-recommends python3 virtualenv

# Create a virtualenv for the application dependencies.
# # If you want to use Python 2, use the -p python2.7 flag.
RUN virtualenv -p python3 /env
ENV PATH /env/bin:$PATH

# Install pip dependencies
ADD requirements.txt /app/requirements.txt
RUN /env/bin/pip install --upgrade pip && /env/bin/pip install -r /app/requirements.txt

# We add the current content of the git repo in the /app directory
ADD . /app

# We use the CMD command to start the gunicorn daemon
# when we start the container.
# Note the $PORT variable, we will need to define it when we start the container
CMD gunicorn -b :$PORT mysite.wsgi
stages:
  - build
  - deploy

services:
  - docker:dind

variables:
  DOCKER_HOST: tcp://localhost:2375

build:
  image: docker:latest
  stage: build
  script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - docker build -t ${CI_REGISTRY}/${CI_PROJECT_NAME}/polls:${CI_COMMIT_SHORT_SHA} .
    - docker tag ${CI_REGISTRY}/${CI_PROJECT_NAME}/polls:${CI_COMMIT_SHORT_SHA} ${CI_REGISTRY}/${CI_PROJECT_NAME}/polls:latest
    - docker push -- ${CI_REGISTRY}/${CI_PROJECT_NAME}/polls
  tags:
    - k8s
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-claim
labels:
    app: postgresql
spec:
accessModes:
    - ReadWriteOnce
resources:
    requests:
    storage: 1Gi
apiVersion: v1
kind: Secret
metadata:
name: postgresql-credentials
type: Opaque
data:
username: cG9sbHNfdXNlcgo=
password: c2xsb3BfYzNiaQo=
database: cG9sbHMK
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: postgresql
labels:
    app: postgresql
spec:
strategy:
    type: Recreate
template:
    metadata:
    labels:
        app: postgresql
        tier: postgreSQL
    spec:
    containers:
        - image: postgres:9.6.2-alpine
        name: postgresql
        env:
            - name: POSTGRES_USER
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: username
            - name: POSTGRES_DB
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: database
            - name: POSTGRES_PASSWORD
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: password
        ports:
            - containerPort: 5432
            name: postgresql
        volumeMounts:
            - name: postgresql
            mountPath: /var/lib/postgresql/data
            subPath: data
    volumes:
        - name: postgresql
        persistentVolumeClaim:
            claimName: postgres-claim
        - name: postgresql-credentials
        secret:
            secretName: postgresql
apiVersion: v1
kind: Service
metadata:
name: postgresql
labels:
    app: postgresql
spec:
ports:
    - port: 5432
selector:
    app: postgresql
    tier: postgreSQL
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: polls
labels:
    app: polls
spec:
replicas: 3
template:
    metadata:
    labels:
        app: polls
    spec:
    containers:
    name: polls-app
        image: ${CI_REGISTRY}/${CI_PROJECT_NAME}/polls:${CI_COMMIT_SHORT_SHA}
        # This setting makes nodes pull the docker image every time before
        # starting the pod. This is useful when debugging, but should be turned
        # off in production.
        imagePullPolicy: Always
        env:
            - name: DATABASE_NAME
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: database
            - name: DATABASE_USER
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: username
            - name: DATABASE_PASSWORD
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: password
        ports:
        - containerPort: 8080
    volumes:
        - name: postgresql-credentials
        secret:
            secretName: postgresql
apiVersion: v1
kind: Service
metadata:
name: polls
labels:
    app: polls
spec:
type: ClusterIP
ports:
- port: 80
    targetPort: 8080
selector:
    app: polls
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
    kubernetes.io/ingress.class: traefik
labels:
    app: polls
name: polls
spec:
rules:
- host: https://${CI_PROJECT_NAME}.k8s-dev.pasteur.fr
    http:
    paths:
    - backend:
        serviceName: polls
        servicePort: 80
        path: /
apiVersion: batch/v1
kind: Job
metadata:
name: polls-migrations
spec:
template:
    spec:
    containers:
        - name: django
        image: ${CI_REGISTRY}/${CI_PROJECT_NAME}/polls:${CI_COMMIT_SHORT_SHA}
        command: ['python', 'manage.py', 'migrate']
        env:
            - name: DATABASE_NAME
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: database
            - name: DATABASE_USER
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: username
            - name: DATABASE_PASSWORD
            valueFrom:
                secretKeyRef:
                name: postgresql-credentials
                key: password
    restartPolicy: Never
backoffLimit: 5
deploy:
  stage: deploy
  image: registry-gitlab.pasteur.fr/dsi-tools/docker-images:docker_kubernetes_image
  variables:
    NAMESPACE: "mynamespace"
  environment:
    name: mynamespace
    url: https://${CI_PROJECT_NAME}.k8s-dev.pasteur.fr
  script:
    - kubectl delete secret registry-gitlab -n ${NAMESPACE} --ignore-not-found=true
    - kubectl create secret docker-registry -n ${NAMESPACE} registry-gitlab --docker-server=registry-gitlab.pasteur.fr --docker-username=${DEPLOY_USER} --docker-password=${DEPLOY_TOKEN} --docker-email=kubernetes@pasteur.fr
    - envsubst < polls.yaml | kubectl apply -f -
    - kubectl patch deployment polls -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"date\":\"`date +'%s'`\"}}}}}"
  tags:
    - k8s