This repository was archived by the owner on Mar 4, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Deployment Details
Dylan Barkowsky edited this page May 16, 2023
·
3 revisions
Images can be built using the standard docker build commands or with docker-compose.
If using a Mac with an M1 chip, the build command must specify the target architecture:
docker buildx build --platform linux/amd64 -f ./Dockerfile -t <image-tag> .
- Get the login token for your cluster
- Providers (gov.bc.ca)
- Use the command provided from that link to login to OpenShift in the terminal
- Create a project
oc process -f https://raw.githubusercontent.com/bcgov/platform-services-archeobot/master/archeobot/config/samples/tmpl-artifactoryproject.yaml -p NAME="<project name>" | oc create -f -- Note: I had to create a local version of the yaml file and run the command using that due to permission issues.
- Check project creation status with:
oc describe artproj <project name>
- Log in to Docker
docker login artifacts.developer.gov.bc.ca -u <username> -p <password>- To get these credentials:
- Go to OpenShift Portal:
https://console.apps.silver.devops.gov.bc.ca/ - Select your project-tools from the dropdown. e.g. ec1236-tools
- Select Secrets on the menu bar.
- Select the
artifacts-default-ulwidlsecret. - The username and password should be listed at the bottom.
- Go to OpenShift Portal:
- Tag the image using Docker
docker tag <imageID> artifacts.developer.gov.bc.ca/<Artifactory repo name>/<image name>:<image tag>- Image name and tag can be anything you want, but OpenShift will be expecting consistency.
- The Artifactory repo name is the name of a repository created in Artifactory/JFrog
- e.g.
artifacts.developer.gov.bc.ca/cec1-ec1236-image-repository/spr-api:latest
- e.g.
- Push that image to the Artifactory repository
docker push artifacts.developer.gov.bc.ca/<Artifactory repo name>/<image name>:<image tag>
- Follow the same instructions for Docker CLI login as in Pushing Images.
- Pull an image from Artifactory with this command:
docker push artifacts.developer.gov.bc.ca/<artifactory repo name>/<image name>:<image tag>- e.g.
docker pull artifacts.developer.gov.bc.ca/cec1-ec1236-image-repository/spr-api:latest
- Log in to OpenShift cluster using Azure IDIR
- Select Add+ -> Container Images
- Fill out the supplied form:
- Image: The URL to the storage location of your image (e.g. Artifactory, Docker, etc.)
- Application: The application name. Determines pod groupings.
- Name: The name of this specific pod.
- Resources: Choose DeploymentConfig.
- Target Port: The pod's incoming exposed port.
- Create a Route: This should be selected if the pod needs to be accessible from outside of your application.
- Fill in any necessary environment variables.
- Find this section by clicking on the pod name and selecting the Environment tab.
- Log in to OpenShift Cluster using Azure IDIR
- Select Add+ -> Database
- Select your database and click Instantiate Template.
- Fill out the template. Most fields can remain as the default unless you require specific values.
- Use these values in the environment variables for your application to access the database.
- Have an existing example available.
- In a new file, use the template header
kind: Template
apiVersion: template.openshift.io/v1
metadata:
name: ${CONTAINER_NAME}-template
labels:
template: ${CONTAINER_NAME}-template- Copy the YAML from your DeploymentConfig in OpenShift.
- Select DeploymentConfig and click name in righthand-side inspect popout.
- Select YAML tab.
- Paste that under an
objectsfield
objects:
- kind: DeploymentConfig
...- Compare to existing example to see what fields are necessary to keep, and what values are necessary to hide behind parameters.
Some sections you can delete:
- status:
- Anything in metadata that isn't name, namespace, labels, or annotations
- triggers: that are type ImageChange
- Insert parameters at the bottom of the DeploymentConfig for any variables used throughout the file. Example:
parameters:
- description: Container Name
displayName: Container Name
name: CONTAINER_NAME
required: true- In the DeploymentConfig, a parameter for the Artifactory credentials must be added under
objects/spec/template/spec/imagePullSecrets. This includes the authorization token and can be retrieved from the key.dockerconfigjsonin the secretartifactoryin the project name (e.g.ec1236-dev). Insert that like so:
imagePullSecrets:
- name: artifactory-pullThe deployment workflow used in GitHub Actions currently has the following steps:
- Build, tag, and push the image to Artifactory.
- Pull that image and deploy it into OpenShift.
- Check that the OpenShift pod is running successfully.
- Remove previous OpenShift objects.

Notes on OpenShift deployment:
- The DeploymentConfig (
openshift/templates/api-deployment-config.yaml) expects several environment variables. It gets these from the script.github/helpers/deploy.shwhich gets them from the workflow.github/workflows/api-build-deploy.yaml. Some of these are explicit in the workflow. Some are GitHub secrets. - Script files in GitHub Actions runners will not run without permissions. Use chmod +x before running in runner, or add permissions to the file before commit with
git update-index --chmod=+x script.sh. - The Mongo container may fail upon startup if the startup is too slow, causing the readiness probe to fail. Increase the timeout to avoid this.
In the deployment workflow, the parameters for the deploy.sh script not filled with secrets need the following:
- DEPLOYMENT_CONFIG refers to the config file. e.g.
api-deployment-config.yaml. - CONTAINER_NAME is the name given to your container/DeploymentConfig in OpenShift.
- APPLICATION_NAME is the OpenShift project name that groups your DeploymentConfigs.
Not all of these are actually secrets, but they have been abstracted to allow for use on other projects.
| Secret | Example | Where to Obtain |
|---|---|---|
| ARTIFACTORY_URL | artifacts.developer.gov.bc.ca | n/a |
| ARTIFACTORY_USERNAME | my_username | Under -tools in OpenShift, view Secrets, artifacts-default-ulwidl |
| ARTIFACTORY_PASSWORD | my_password | Under -tools in OpenShift, view Secrets, artifacts-default-ulwidl |
| IMAGE_REPOSITORY | cec1-ec1236-image-repository | In Artifactory, the name given to your project folder. |
| OPENSHIFT_NAMESPACE | ec1236-dev | Visible in OpenShift |
| OPENSHIFT_SERVER_URL | https://... | In OpenShift Portal, select your username in top right and choose Copy login command. Follow prompts until you can see login commands. Use the address from the Log in with this token section. |
| OPENSHIFT_PASSWORD | supersecrettoken | From your OpenShift project (e.g. ec1236-dev), select Secrets, and view the github-actions-token-856gt. Copy from the token key. |