Skip to content
This repository was archived by the owner on Mar 4, 2025. It is now read-only.

Deployment Details

Dylan Barkowsky edited this page May 16, 2023 · 3 revisions

Artifactory

Documentation

Image and artifact management with Artifactory | Private Cloud as a Service Platform Technical Documentation (gov.bc.ca)

Building Images

Images can be built using the standard docker build commands or with docker-compose. If using a Mac with an M1 chip, the build command must specify the target architecture:

docker buildx build --platform linux/amd64 -f ./Dockerfile -t <image-tag> .

Pushing Images

  1. Get the login token for your cluster
    1. Providers (gov.bc.ca)
    2. Use the command provided from that link to login to OpenShift in the terminal
  2. Create a project
    1. oc process -f https://raw.githubusercontent.com/bcgov/platform-services-archeobot/master/archeobot/config/samples/tmpl-artifactoryproject.yaml -p NAME="<project name>" | oc create -f -
    2. Note: I had to create a local version of the yaml file and run the command using that due to permission issues.
    3. Check project creation status with: oc describe artproj <project name>
  3. Log in to Docker
    1. docker login artifacts.developer.gov.bc.ca -u <username> -p <password>
    2. To get these credentials:
      1. Go to OpenShift Portal: https://console.apps.silver.devops.gov.bc.ca/
      2. Select your project-tools from the dropdown. e.g. ec1236-tools
      3. Select Secrets on the menu bar.
      4. Select the artifacts-default-ulwidl secret.
      5. The username and password should be listed at the bottom.
  4. Tag the image using Docker
    1. docker tag <imageID> artifacts.developer.gov.bc.ca/<Artifactory repo name>/<image name>:<image tag>
    2. Image name and tag can be anything you want, but OpenShift will be expecting consistency.
    3. The Artifactory repo name is the name of a repository created in Artifactory/JFrog
      1. e.g. artifacts.developer.gov.bc.ca/cec1-ec1236-image-repository/spr-api:latest
  5. Push that image to the Artifactory repository
    1. docker push artifacts.developer.gov.bc.ca/<Artifactory repo name>/<image name>:<image tag>

Pulling Images

  1. Follow the same instructions for Docker CLI login as in Pushing Images.
  2. Pull an image from Artifactory with this command:
    1. docker push artifacts.developer.gov.bc.ca/<artifactory repo name>/<image name>:<image tag>
    2. e.g. docker pull artifacts.developer.gov.bc.ca/cec1-ec1236-image-repository/spr-api:latest

OpenShift

Initial Setup: Repository Containers

  1. Log in to OpenShift cluster using Azure IDIR
  2. Select Add+ -> Container Images
  3. Fill out the supplied form:
    1. Image: The URL to the storage location of your image (e.g. Artifactory, Docker, etc.)
    2. Application: The application name. Determines pod groupings.
    3. Name: The name of this specific pod.
    4. Resources: Choose DeploymentConfig.
    5. Target Port: The pod's incoming exposed port.
    6. Create a Route: This should be selected if the pod needs to be accessible from outside of your application.
  4. Fill in any necessary environment variables.
    1. Find this section by clicking on the pod name and selecting the Environment tab.

Initial Setup: Database Containers

  1. Log in to OpenShift Cluster using Azure IDIR
  2. Select Add+ -> Database
  3. Select your database and click Instantiate Template.
  4. Fill out the template. Most fields can remain as the default unless you require specific values.
  5. Use these values in the environment variables for your application to access the database.

Creating a DeploymentConfig Template

  1. Have an existing example available.
  2. In a new file, use the template header
kind: Template
apiVersion: template.openshift.io/v1
metadata:
  name: ${CONTAINER_NAME}-template
labels:
  template: ${CONTAINER_NAME}-template
  1. Copy the YAML from your DeploymentConfig in OpenShift.
    1. Select DeploymentConfig and click name in righthand-side inspect popout.
    2. Select YAML tab.
  2. Paste that under an objects field
objects:
 - kind: DeploymentConfig
	...
  1. Compare to existing example to see what fields are necessary to keep, and what values are necessary to hide behind parameters. Some sections you can delete:
    1. status:
    2. Anything in metadata that isn't name, namespace, labels, or annotations
    3. triggers: that are type ImageChange
  2. Insert parameters at the bottom of the DeploymentConfig for any variables used throughout the file. Example:
parameters:
  - description: Container Name
    displayName: Container Name
    name: CONTAINER_NAME
    required: true
  1. In the DeploymentConfig, a parameter for the Artifactory credentials must be added under objects/spec/template/spec/imagePullSecrets. This includes the authorization token and can be retrieved from the key .dockerconfigjson in the secret artifactory in the project name (e.g. ec1236-dev). Insert that like so:
imagePullSecrets:
  - name: artifactory-pull

Workflow

The deployment workflow used in GitHub Actions currently has the following steps:

  1. Build, tag, and push the image to Artifactory.
  2. Pull that image and deploy it into OpenShift.
  3. Check that the OpenShift pod is running successfully.
  4. Remove previous OpenShift objects.

Deployment Workflow Diagram

Notes on OpenShift deployment:

  • The DeploymentConfig (openshift/templates/api-deployment-config.yaml) expects several environment variables. It gets these from the script .github/helpers/deploy.sh which gets them from the workflow .github/workflows/api-build-deploy.yaml. Some of these are explicit in the workflow. Some are GitHub secrets.
  • Script files in GitHub Actions runners will not run without permissions. Use chmod +x before running in runner, or add permissions to the file before commit with git update-index --chmod=+x script.sh.
  • The Mongo container may fail upon startup if the startup is too slow, causing the readiness probe to fail. Increase the timeout to avoid this.

In the deployment workflow, the parameters for the deploy.sh script not filled with secrets need the following:

  • DEPLOYMENT_CONFIG refers to the config file. e.g. api-deployment-config.yaml.
  • CONTAINER_NAME is the name given to your container/DeploymentConfig in OpenShift.
  • APPLICATION_NAME is the OpenShift project name that groups your DeploymentConfigs.

Needed Secrets for Deployment Workflow

Not all of these are actually secrets, but they have been abstracted to allow for use on other projects.

Secret Example Where to Obtain
ARTIFACTORY_URL artifacts.developer.gov.bc.ca n/a
ARTIFACTORY_USERNAME my_username Under -tools in OpenShift, view Secrets, artifacts-default-ulwidl
ARTIFACTORY_PASSWORD my_password Under -tools in OpenShift, view Secrets, artifacts-default-ulwidl
IMAGE_REPOSITORY cec1-ec1236-image-repository In Artifactory, the name given to your project folder.
OPENSHIFT_NAMESPACE ec1236-dev Visible in OpenShift
OPENSHIFT_SERVER_URL https://... In OpenShift Portal, select your username in top right and choose Copy login command. Follow prompts until you can see login commands. Use the address from the Log in with this token section.
OPENSHIFT_PASSWORD supersecrettoken From your OpenShift project (e.g. ec1236-dev), select Secrets, and view the github-actions-token-856gt. Copy from the token key.

Clone this wiki locally