kube-workflow
Advanced tools
Comparing version 1.2.2 to 1.2.3
@@ -5,2 +5,15 @@ # Changelog | ||
### [1.2.3](https://github.com/SocialGouv/kube-workflow/compare/v1.2.2...v1.2.3) (2022-03-23) | ||
### Bug Fixes | ||
* force retag ([58b8ae2](https://github.com/SocialGouv/kube-workflow/commit/58b8ae2230d7f3bc4e14f1d4adbf69cfa453dbbf)) | ||
* job add psp ([4618de7](https://github.com/SocialGouv/kube-workflow/commit/4618de7c4df6617699f1bbccc0ad46527939a847)) | ||
* kapp override existing resources ([cb2d9c9](https://github.com/SocialGouv/kube-workflow/commit/cb2d9c932217c5e648872ff91470517f61b31e47)) | ||
* security context ([79c0a6d](https://github.com/SocialGouv/kube-workflow/commit/79c0a6d06879c3b9a0060c90e772d16850cfe25e)) | ||
* security context ([867ee47](https://github.com/SocialGouv/kube-workflow/commit/867ee47668eaa0fd52aaafb00b535452dc1e7185)) | ||
* security context ([4975ed9](https://github.com/SocialGouv/kube-workflow/commit/4975ed9c89127ba453aaa74fba9d51e8fc872a46)) | ||
* security context option ([e335f1f](https://github.com/SocialGouv/kube-workflow/commit/e335f1f5b4e563915f6560ab30b399a682be6826)) | ||
### [1.2.2](https://github.com/SocialGouv/kube-workflow/compare/v1.2.1...v1.2.2) (2022-03-22) | ||
@@ -7,0 +20,0 @@ |
{ | ||
"name": "kube-workflow", | ||
"version": "1.2.2", | ||
"version": "1.2.3", | ||
"repository": "git@github.com:SocialGouv/kube-workflow.git", | ||
@@ -55,4 +55,10 @@ "license": "MIT", | ||
"build-manifests": "node action/build/build.js", | ||
"release": "standard-version" | ||
"release": "standard-version", | ||
"retag": "git tag -f $(git describe --tags $(git rev-list --tags --max-count=1) | cut -d '.' -f 1)" | ||
}, | ||
"standard-version": { | ||
"scripts": { | ||
"posttag": "yarn retag && git push -f --tags" | ||
} | ||
}, | ||
"bin": { | ||
@@ -59,0 +65,0 @@ "kube-workflow": "./bin/cli.js" |
268
README.md
@@ -1,10 +0,12 @@ | ||
# `socialgouv/kube-workflow` 🚀 | ||
Deploy application over kubernetes | ||
# Kube-Workflow - CI on Kubernetes 🚀 | ||
## Call it in review, preprod, and prod github workflows | ||
## GitHub Action Entrypoint | ||
Call it in review, preprod, and prod github workflows | ||
`.github/workflow/review.yaml` | ||
```yaml | ||
- uses: SocialGouv/kube-workflow@master | ||
with: | ||
environment: "dev" | ||
environment: dev | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
@@ -14,8 +16,8 @@ kubeconfig: ${{ secrets.KUBECONFIG }} | ||
rancherProjectName: ${{ secrets.RANCHER_PROJECT_NAME }} | ||
imagePackage: app | ||
# imageName: fabrique/www | ||
# components: app hasura | ||
``` | ||
## Configure your project's Helm Charts values | ||
You can configure your project by adding `.kube-workflow/common/values.yaml` and `.kube-workflow/$ENVIRONMENT/values.yaml`. | ||
## Configure your project | ||
`.kube-workflow/common/values.yaml` | ||
```yaml | ||
@@ -25,15 +27,123 @@ # here you define variables shared by all helm subcharts/components | ||
# here you can configure components values, key same name as in `components` sections | ||
# here you can configure components values | ||
app: | ||
enabled: true | ||
containerPort: 80 | ||
enabled: true # enable each component | ||
containerPort: 3000 | ||
``` | ||
Here is the order, the last in the list is the last applied: | ||
- `$KUBEWORKFLOW_ACTION/chart/values.yaml` (the defaults) | ||
- default values generated by the pipeline [$KUBEWORKFLOW_ACTION/action/values.js](action/values.js) | ||
- `.kube-workflow/common/values.yaml` (the common project's config) | ||
- `.kube-workflow/$ENVIRONMENT/values.yaml` | ||
From kube-workflow repository: | ||
- `$KUBEWORKFLOW_ACTION/charts/$COMPONENT/values.yaml` (the defaults) | ||
- default values generated by the pipeline [$KUBEWORKFLOW_ACTION/action/build/values.js](action/build/values.js) | ||
From your project repository: | ||
- `.kube-workflow/common/values.yaml` | ||
- `.kube-workflow/env/$ENVIRONMENT/values.yaml` | ||
## Generate manifests | ||
see kube manifests for your project directory | ||
```sh | ||
npx kube-workflow b -so | ||
``` | ||
get documentation of kube-workflow cli | ||
``` | ||
npx kube-workflow --help | ||
npx kube-workflow b --help | ||
``` | ||
pre-requisites: | ||
- helm v3 [install guide](https://helm.sh/docs/intro/install/) | ||
```sh | ||
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
``` | ||
- kustomize v4 [install guide](https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/) | ||
```sh | ||
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash | ||
``` | ||
- node >= 14 | ||
- yarn | ||
## Components | ||
To see all components availables go to [charts folder](charts/): | ||
- [app](charts/app) | ||
- [hasura](charts/hasura) | ||
- [jobs](charts/jobs) | ||
- [maildev](charts/maildev) | ||
- [metabase](charts/metabase) | ||
- [pgweb](charts/pgweb) | ||
To see all availables options by component see each chart's values.yaml file: | ||
- [app](charts/app/values.yaml) | ||
- [hasura](charts/hasura/values.yaml) | ||
- [jobs](charts/jobs/values.yaml) | ||
- [maildev](charts/maildev/values.yaml) | ||
- [metabase](charts/metabase/values.yaml) | ||
- [pgweb](charts/pgweb/values.yaml) | ||
## Components instance | ||
You can declare as many instances as you want of a component, the name must start with the chart's name suffixed by `-`, eg: | ||
```yaml | ||
app: | ||
enabled: true | ||
host: ozensemble.fr | ||
redirectFrom: | ||
- "{{ .Values.global.host }}" | ||
- www.ozensemble.fr | ||
app-2nd-instance: | ||
enabled: true | ||
probesPath: /healthz | ||
envFrom: | ||
- secretRef: | ||
name: "{{ .Values.global.pgSecretName }}" | ||
- secretRef: | ||
name: app-sealed-secret | ||
- configMapRef: | ||
name: app-configmap | ||
``` | ||
## The "jobs" component | ||
The component called "jobs" is a special component that allow you to define a full pipeline: | ||
```yaml | ||
hasura: | ||
needs: [db] | ||
jobs: | ||
enabled: true | ||
runs: | ||
- name: db | ||
# use: ./.kube-workflow/jobs/create-db # local job, defined in project repository | ||
# use: https://github.com/SocialGouv/kube-workflow/jobs/create-db # degit full url | ||
use: SocialGouv/kube-workflow/jobs/create-db # degit implicit github | ||
with: | ||
pgAdminSecretRefName: pg-scaleway | ||
``` | ||
see [jobs/create-db/use.yaml](jobs/create-db/use.yaml) for full example. | ||
All vues from `runs` keys will be interpolated in the job, but you can also uses all parameters directly, except the `with` parameter that is reserved to be used with `use` and inject variable to the called job. | ||
All others components can declare dependencies on jobs using the `needs` key, and all jobs can declare depencencies on other jobs and other components too, using instances names. | ||
Mains jobs parameters are: | ||
- `use` and `with`: to include job definition from elsewhere, usage can be recursive (job can use job, that can use job etc...) | ||
- `image` the docker image file that will run the job (default is debian for now, in future this will be a generic image with almost all needed tooling) | ||
- `action` repository (or subfolder in a repository) that will be degitted in mountpoint `/action/` in the job execition | ||
- `run` a custom command that will override docker image default run, can be a full bash script or just a call to a command | ||
- `checkout` (default `true`), this enable the degit of the repository at current commit in mountpoint `/workspace/` in the job | ||
There is a shared storage volume between jobs of a same pipeline, it's mounted at `/workflow/` in the job execution, you can share artifacts between jobs in this directory. | ||
Same as other components, you can define multiple instance of jobs, for example, if you want to use one pipeline from a manual triggered action. | ||
## Merge commons manifests as helm templates | ||
Every yaml file in `.kube-workflow/templates` will be merged with the helm Chart `templates` folder before the build. | ||
Every yaml file in `.kube-workflow/common/templates` will be merged with the helm Chart `templates` folder before the build. | ||
@@ -51,11 +161,3 @@ All theses files can use the Helm templating syntax (or not if you don't need it, helm template is a superset of yaml). | ||
## Override and extends everything from your project | ||
Everything is overridable using filesystem merging. | ||
The `.kube-workflow` directoty of your project will be merged and eventually overwrite content of this repository `chart` directory. | ||
### Override the full Chart | ||
- You can optout from the generic Chart and define a new one by creating your own `Chart.yaml` in the directory `.kube-workflow/charts/kube-workflow`. More often, you can use kustomize to adjust the manifests. | ||
### Override and extends kustomizations | ||
## Override and extends kustomizations | ||
The kustomization patches are applied after Helm template rendering. | ||
@@ -101,65 +203,54 @@ | ||
more_set_headers "X-Content-Type-Options: nosniff"; | ||
``` | ||
- target: | ||
kind: Deployment | ||
path: patches/kapp-delete-orphan.yaml | ||
- target: | ||
kind: Service | ||
path: patches/kapp-delete-orphan.yaml | ||
- target: | ||
kind: Ingress | ||
path: patches/kapp-delete-orphan.yaml | ||
If you think you patches can be reused by other project, contribute to [common/patches](common/patches) and `env/*/patches` folders of the action by sharing them. | ||
# - target: | ||
# kind: Service | ||
# path: patches/kapp.yaml | ||
## Charts re-use | ||
All charts are published and released as a chart repository at `https://socialgouv.github.io/kube-workflow/`. | ||
You can use it in your Chart.yaml as: | ||
```yaml | ||
dependencies: | ||
- repository: https://socialgouv.github.io/kube-workflow/ | ||
name: kube-workflow | ||
version: "1" | ||
``` | ||
`kube-workflow` is the "umbrella hcart" (the main chart in helm jargon), it contain namespace, psp and all others components as subcharts, you can call all components from subkeys in your values, global remain at top. | ||
If you think you patches can be reused by other project, contribute to [chart/patches](chart/patches) folder of the action by sharing them. | ||
## Releasing | ||
### Test Helm chart generation | ||
Releasing follow semantic versioning using standard-version tool. Versioning is volountary trigerred manually on dev machine too not block rapid iteration of master branch code. | ||
Just run `yarn release` on master branch and CHANGELOG will be feeded with informations from commits using the conventionnal commit standard, then package will be bumped, as the charts versions and commited, then tagged. Then just follow cli instruction that say: git push --follow-tags. | ||
Then the action will publish automatically new version of npm cli, and charts index. | ||
#### required: | ||
- helm v3 [install guide](https://helm.sh/docs/intro/install/) | ||
```sh | ||
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
``` | ||
- kustomize v4 [install guide](https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/) | ||
```sh | ||
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash | ||
``` | ||
- node >= 16 | ||
- yarn | ||
## CONTRIBUTING (developments on kube-workflow) | ||
#### developments on your project, easy test, got to your project directory | ||
### Test | ||
all directories added to [tests/samples](tests/samples) are like a `.kube-workflow` directory in a project, it will be automatically tested when you will run `yarn test`. | ||
To run only one test at once you can run `yarn test -t name-of-my-test`. | ||
To upgrade snapshots run `yarn test -u`. | ||
```sh | ||
npx kube-workflow b | ||
``` | ||
### Contribute adding more Helm charts | ||
New charts are welcome in folder [charts/](charts/). | ||
More options on existing charts will be carefully design, in case of doubt, or if you don't want to wait, you can hack everything using kustomize from your repository. Feel free, then give us feedback to ensure we follow best practices and are preserving project maintainability. | ||
#### developments on kubeworkflow, test with local kube-workflow repository and local project | ||
Wee need: | ||
- oauth2-proxy-service | ||
... (many things that we don't know that we need until we'll have them) | ||
```sh | ||
# get kube-workflow | ||
export KUBEWORKFLOW_PATH=$PWD/kube-workflow | ||
git clone https://github.com/SocialGouv/kube-workflow $KUBEWORKFLOW_PATH | ||
yarn --cwd $KUBEWORKFLOW_PATH | ||
### Contribute adding more kustomize patches | ||
New patches are welcome in folders [common/patches/](common/patches/) and `env/*/patches/` | ||
# get the project repository, here template for example | ||
export WORKSPACE_PATH=$PWD/template | ||
git clone https://github.com/SocialGouv/template $WORKSPACE_PATH | ||
### Contribute adding more jobs | ||
New jobs are welcome in folder [jobs/](jobs/) | ||
# run manifest generation as snapshots using symlink to tests | ||
REPOSITORY_NAME=$(basename $WORKSPACE_PATH) | ||
ln -s $WORKSPACE_PATH/.kube-workflow $KUBEWORKFLOW_PATH/tests/samples/$REPOSITORY_NAME | ||
cd $KUBEWORKFLOW_PATH | ||
yarn test -t $REPOSITORY_NAME | ||
``` | ||
wee need: | ||
- drop-db | ||
- docker-build (using buildkit) | ||
- generate-sitemap | ||
- comments publish to github pr | ||
... | ||
then check content of | ||
- `$KUBEWORKFLOW_PATH/tests/__snapshots__/ | ||
- $REPOSITORY_NAME.dev.yaml | ||
- $REPOSITORY_NAME.preprod.yaml | ||
- $REPOSITORY_NAME.prod.yaml | ||
### Development resources | ||
@@ -178,30 +269,1 @@ | ||
- [Kapp doc](https://carvel.dev/kapp/docs/v0.46.0/) | ||
### TODO | ||
#### documentation: | ||
- jobs workflow (needs, shared-storage, action, image, run, shell, uses) | ||
- tests | ||
- best-practices and contributing how-to add | ||
- charts | ||
- jobs | ||
- patches | ||
- options | ||
- tests | ||
#### features | ||
- add default runner image with all base tooling for actions | ||
#### repo cycle automation | ||
- build docker image for default runner image | ||
via itself with jobs/docker-build, et la boucle est bouclée | ||
#### more jobs | ||
- add jobs: | ||
- docker-build | ||
- run-workflow (to replace github action) | ||
triggerable by webhook (need to add webhook as app on argoCD before) | ||
#### more charts | ||
- add charts: | ||
- an oauth2 proxy service (?) |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
611656
265