diff --git a/.circleci/README.md b/.circleci/README.md index 97d4f3c..2e916b6 100644 --- a/.circleci/README.md +++ b/.circleci/README.md @@ -13,11 +13,15 @@ $ aws eks list-clusters --query "clusters" - AWS_ACCESS_KEY_ID # AWS access key for the circleci user - this should be in AWS secret manager - AWS_SECRET_ACCESS_KEY # AWS secret for the circleci user - this should be in AWS secret manager -- AWS_DEFAULT_REGION # Region of your cluster +- AWS_REGION # Region of your EKS cluster - AWS_ECR_ACCOUNT_URL # {awsAccountNum}.dkr.ecr.{region}.amazonaws.com - AWS_ECR_REPO_NAME # The ECR repository name to write images to - PRODUCTION_EKS_CLUSTER_NAME # The name of the production EKS cluster to deploy into - STAGING_EKS_CLUSTER_NAME # The name of the staging EKS cluster to deploy into +- AWS_CLUSTER_AUTH_ROLE_ARN_STAGING # The ARN of the role to assume that allows access to the EK cluster. Most likely ends with `kubernetes-admin-staging` +- AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION # The ARN of the role to assume that allows access to the EKS cluster. Same as above but for production +- SLACK_WEBHOOK # Webhook for slack notifications. Must be specified, but doesn't need to be set to a real value +- CIRCLECI_API_KEY # Needed for the queueing orb. You can generate this in the project settings in CircleCI. It needs the `status` scope. ## Deployment Process diff --git a/.circleci/config.yml b/.circleci/config.yml index 69346c5..80f4552 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -193,7 +193,8 @@ jobs: - version-tag/get - run: *install-binaries - aws-cli/install - - aws-cli/setup + - aws-cli/setup: + aws-region: AWS_REGION - aws-eks/update-kubeconfig-with-authenticator: cluster-name: << parameters.cluster-name >> cluster-authentication-role-arn: << parameters.cluster-authentication-role-arn >> @@ -204,6 +205,7 @@ jobs: - run: name: Deploy command: | + kubectl create namespace << parameters.namespace >> || echo "Namespace already exists" cd kubernetes/overlays/<< parameters.config-environment >> IMAGE=${AWS_ECR_ACCOUNT_URL}/<< parameters.repo >> kustomize edit set image fake-image=${IMAGE}:${VERSION_TAG} @@ -233,8 +235,8 @@ workflows: cluster-name: "${STAGING_EKS_CLUSTER_NAME}" config-environment: "staging" cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_STAGING}" - region: "${AWS_DEFAULT_REGION}" - namespace: "${CIRCLE_BRANCH}" + region: "${AWS_REGION}" + namespace: "${AWS_ECR_REPO_NAME}" tag: "${VERSION_TAG}" requires: - build_and_push @@ -255,8 +257,8 @@ workflows: cluster-name: "${PRODUCTION_EKS_CLUSTER_NAME}" config-environment: "production" cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION}" - region: "${AWS_DEFAULT_REGION}" - namespace: "${CIRCLE_BRANCH}" + region: "${AWS_REGION}" + namespace: "${AWS_ECR_REPO_NAME}" tag: "${VERSION_TAG}" requires: - queue/block_workflow diff --git a/kubernetes/base/deployment.yml b/kubernetes/base/deployment.yml index 05d8224..e567226 100644 --- a/kubernetes/base/deployment.yml +++ b/kubernetes/base/deployment.yml @@ -33,14 +33,19 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 2 + ports: + - containerPort: 80 + name: http envFrom: - configMapRef: name: <% .Name %>-config env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SERVER_PORT + value: "80" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: DATABASE_USERNAME valueFrom: secretKeyRef: diff --git a/kubernetes/base/service.yml b/kubernetes/base/service.yml index 67742a8..8a2533f 100644 --- a/kubernetes/base/service.yml +++ b/kubernetes/base/service.yml @@ -7,6 +7,6 @@ spec: - name: http protocol: TCP port: 80 - targetPort: 80 + targetPort: http selector: app: <% .Name %> diff --git a/kubernetes/overlays/production/kustomization.yml b/kubernetes/overlays/production/kustomization.yml index 71f5f64..249d4e0 100644 --- a/kubernetes/overlays/production/kustomization.yml +++ b/kubernetes/overlays/production/kustomization.yml @@ -1,13 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: -- ../../base - patchesStrategicMerge: - deployment.yml resources: +- ../../base - ingress.yaml - pdb.yaml diff --git a/kubernetes/overlays/staging/deployment.yml b/kubernetes/overlays/staging/deployment.yml index 7df50fd..569c23a 100644 --- a/kubernetes/overlays/staging/deployment.yml +++ b/kubernetes/overlays/staging/deployment.yml @@ -10,7 +10,7 @@ spec: resources: requests: memory: 128Mi - cpu: 0.5 + cpu: 0.1 limits: memory: 512Mi cpu: 1.0 diff --git a/kubernetes/overlays/staging/kustomization.yml b/kubernetes/overlays/staging/kustomization.yml index bcc5ea0..613cbe0 100644 --- a/kubernetes/overlays/staging/kustomization.yml +++ b/kubernetes/overlays/staging/kustomization.yml @@ -1,13 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: -- ../../base - patchesStrategicMerge: - deployment.yml resources: +- ../../base - ingress.yml configMapGenerator: diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md index efd8c4d..405ce62 100644 --- a/kubernetes/secrets/README.md +++ b/kubernetes/secrets/README.md @@ -17,7 +17,7 @@ Application secrets are stored in the kubernetes secrets management system, wher ## Adding a new secret to staging / production kuberenetes (Similar to the dev process) -1. Download the `secrets.env` and `settings.ini` for the correct environment from lastpass +1. Download the `secrets.env` for the correct environment from where it is stored 2. Make sure your `kubectl` context is set to the proper environment 3. Run `kubectl apply -k .` (Change the namespace if necessary using `-n `)