From bfd177eb97519d833a27866f30b6ff7c9dae1eb1 Mon Sep 17 00:00:00 2001 From: Bulat Saifullin Date: Mon, 12 Feb 2024 18:12:33 +0400 Subject: [PATCH] Move deployment to argocd (#266) --- .gitlab-ci.yml | 61 +++++++--------------------- helm/.gitignore | 3 -- helm/Chart.yaml | 13 ------ helm/values-parity-prod.yaml | 61 ---------------------------- helm/values-parity-stg.yaml | 61 ---------------------------- helm/values.yaml | 77 ------------------------------------ 6 files changed, 14 insertions(+), 262 deletions(-) delete mode 100644 helm/.gitignore delete mode 100644 helm/Chart.yaml delete mode 100644 helm/values-parity-prod.yaml delete mode 100644 helm/values-parity-stg.yaml delete mode 100644 helm/values.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 46f3e50..cabfd21 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,19 +10,9 @@ variables: # BUILDAH_IMAGE is defined in group variables BUILDAH_COMMAND: "buildah --storage-driver overlay2" DOCKER_TAG: ${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA} - DATA_PATH: /data - PING_PORT: 3001 - TASK_DB_VERSION: v3 DOCKERFILE: Dockerfile - VAULT_ADDR: "https://vault.parity-mgmt-vault.parity.io" - VAULT_AUTH_PATH: "gitlab-parity-io-jwt-oidc" - VAULT_AUTH_ROLE: "gitlab_oidc_${CI_PROJECT_NAME}" - HELM_SECRETS_DRIVER: vals default: - id_tokens: - VAULT_ID_TOKEN: - aud: https://gitlab.parity.io image: $CI_IMAGE tags: - kubernetes-parity-build @@ -129,53 +119,30 @@ push-docker-image-description: #### App deployment .deploy-k8s: &deploy-k8s - image: paritytech/kubetools:3.5.3 + image: quay.io/argoproj/argocd:v2.7.9 + variables: + ARGOCD_OPTS: --grpc-web --grpc-web-root-path /$ENVIRONMENT + APP: command-bot + environment: + name: $ENVIRONMENT script: - # Change the app version during build so that Kubernetes is able to update - # the deployment even if the images' tags did not change - # $CI_PIPELINE_ID is guaranteed to be unique - - export KUBERNETES_VERSION_TAG="$CI_PIPELINE_ID" - # Those values are embedded in the annotations and that's how the change is - # noticed - - |- - sed -i "s/appVersion:.*/appVersion: $KUBERNETES_VERSION_TAG/" helm/Chart.yaml - # https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/#example - - export VAULT_TOKEN="$(vault write -field=token auth/$VAULT_AUTH_PATH/login role=$VAULT_AUTH_ROLE jwt=$VAULT_ID_TOKEN)" - - helm dependency update helm/ - - helm secrets --version - - helm secrets upgrade - --install - --atomic - --timeout 600s - --namespace ${CI_PROJECT_NAME} - --values helm/values.yaml - --values helm/values-$ENVIRONMENT.yaml - --set common.image.repository="$IMAGE_NAME" - --set common.image.tag="$DOCKER_TAG" - --set common.persistence.mountPath="$DATA_PATH" - --set env.DATA_PATH="$DATA_PATH" - --set env.IS_DEPLOYMENT="true" - --set env.TMPDIR="$DATA_PATH/tmp" - --set env.TASK_DB_VERSION="$TASK_DB_VERSION" - --set env.PING_PORT="$PING_PORT" - --set env.LOG_FORMAT=json - --set env.MIN_LOG_LEVEL=debug - $CI_PROJECT_NAME helm/ + - argocd app list + - argocd app set $APP --helm-set common.image.tag="$DOCKER_TAG" + - argocd app sync $APP + - argocd app wait $APP --timeout 180 + tags: + - kubernetes-parity-build deploy-stg: stage: staging - <<: *deploy-k8s + extends: .deploy-k8s <<: *publish-refs variables: ENVIRONMENT: parity-stg - tags: - - cmd-bot-stg deploy-production: stage: production - <<: *deploy-k8s + extends: .deploy-k8s <<: *production-refs variables: ENVIRONMENT: parity-prod - tags: - - cmd-bot-prod diff --git a/helm/.gitignore b/helm/.gitignore deleted file mode 100644 index 7e469d9..0000000 --- a/helm/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -# Helm dependency files -Chart.lock -charts/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml deleted file mode 100644 index db471eb..0000000 --- a/helm/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: command-bot -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "0.1.0" -dependencies: - # - name: gcloud-sqlproxy - # version: "0.22.6" - # repository: "https://charts.rimusz.net" - - name: common - version: "0.6.3" - repository: "https://paritytech.github.io/helm-charts/" diff --git a/helm/values-parity-prod.yaml b/helm/values-parity-prod.yaml deleted file mode 100644 index c134110..0000000 --- a/helm/values-parity-prod.yaml +++ /dev/null @@ -1,61 +0,0 @@ -gcloud-sqlproxy: - serviceAccount: - annotations: - iam.gke.io/gcp-service-account: "command-bot@parity-prod.iam.gserviceaccount.com" - cloudsql: - instances: - - instance: "command-bot-pgsql" - project: "parity-prod" - region: "europe-west3" - port: 5432 - -common: - env: - GITLAB_PUSH_NAMESPACE: parity/mirrors - GITLAB_JOB_IMAGE: paritytech/ci-unified:bullseye-1.75.0-2024-01-22-v20240109 - GITLAB_DOMAIN: gitlab.parity.io - DATA_PATH: /data - IS_DEPLOYMENT: true - TMPDIR: /data/tmp - TASK_DB_VERSION: v3 - PING_PORT: 3001 - LOG_FORMAT: json - MIN_LOG_LEVEL: debug - DB_CLIENT: postgres - DB_PORT: 5432 - CMD_BOT_URL: https://command-bot.parity-prod.parity.io/ - BOT_PR_COMMENT_MENTION: bot - PIPELINE_SCRIPTS_REF: main - PROCESSBOT_SUPPORTED_REPOS: "substrate,polkadot,cumulus" - secrets: - ALLOWED_ORGANIZATIONS: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#ALLOWED_ORGANIZATIONS - APP_ID: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#APP_ID - CLIENT_ID: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#CLIENT_ID - CLIENT_SECRET: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#CLIENT_SECRET - GITLAB_ACCESS_TOKEN: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#GITLAB_ACCESS_TOKEN - GITLAB_ACCESS_TOKEN_USERNAME: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#GITLAB_ACCESS_TOKEN_USERNAME - MASTER_TOKEN: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#MASTER_TOKEN - PRIVATE_KEY_BASE64: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#PRIVATE_KEY_BASE64 - WEBHOOK_SECRET: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#WEBHOOK_SECRET - DB_USER: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#DB_USER - DB_PASSWORD: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#DB_PASSWORD - DB_HOST: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#DB_HOST - DB_NAME: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-prod#DB_NAME - ingress: - annotations: - external-dns.alpha.kubernetes.io/target: traefik-external.parity-prod.parity.io. - rules: - - host: command-bot.parity-prod.parity.io - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: command-bot - port: - name: http - tls: - - hosts: - - command-bot.parity-prod.parity.io - secretName: command-bot.parity-prod.parity.io diff --git a/helm/values-parity-stg.yaml b/helm/values-parity-stg.yaml deleted file mode 100644 index 1d9500d..0000000 --- a/helm/values-parity-stg.yaml +++ /dev/null @@ -1,61 +0,0 @@ -gcloud-sqlproxy: - serviceAccount: - annotations: - iam.gke.io/gcp-service-account: "command-bot@parity-stg.iam.gserviceaccount.com" - cloudsql: - instances: - - instance: "command-bot-pgsql" - project: "parity-stg" - region: "europe-west3" - port: 5432 - -common: - env: - GITLAB_PUSH_NAMESPACE: parity/mirrors - GITLAB_JOB_IMAGE: paritytech/ci-unified:bullseye-1.75.0-2024-01-22-v20240109 - GITLAB_DOMAIN: gitlab-stg.parity.io - DATA_PATH: /data - IS_DEPLOYMENT: true - TMPDIR: /data/tmp - TASK_DB_VERSION: v3 - PING_PORT: 3001 - LOG_FORMAT: json - MIN_LOG_LEVEL: debug - DB_CLIENT: postgres - DB_PORT: 5432 - CMD_BOT_URL: https://command-bot.parity-stg.parity.io/ - PIPELINE_SCRIPTS_REF: main - BOT_PR_COMMENT_MENTION: bot - PROCESSBOT_SUPPORTED_REPOS: "substrate,polkadot,cumulus" - secrets: - ALLOWED_ORGANIZATIONS: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#ALLOWED_ORGANIZATIONS - APP_ID: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#APP_ID - CLIENT_ID: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#CLIENT_ID - CLIENT_SECRET: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#CLIENT_SECRET - GITLAB_ACCESS_TOKEN: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#GITLAB_ACCESS_TOKEN - GITLAB_ACCESS_TOKEN_USERNAME: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#GITLAB_ACCESS_TOKEN_USERNAME - MASTER_TOKEN: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#MASTER_TOKEN - PRIVATE_KEY_BASE64: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#PRIVATE_KEY_BASE64 - WEBHOOK_SECRET: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#WEBHOOK_SECRET - DB_USER: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#DB_USER - DB_PASSWORD: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#DB_PASSWORD - DB_HOST: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#DB_HOST - DB_NAME: ref+vault://kv/gitlab/parity/mirrors/command-bot/devops-parity-stg#DB_NAME - ingress: - annotations: - external-dns.alpha.kubernetes.io/target: traefik-external.parity-stg.parity.io. - rules: - - host: command-bot.parity-stg.parity.io - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: command-bot - port: - name: http - tls: - - hosts: - - command-bot.parity-stg.parity.io - secretName: command-bot.parity-stg.parity.io diff --git a/helm/values.yaml b/helm/values.yaml deleted file mode 100644 index 8cb1007..0000000 --- a/helm/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# gcloud-sqlproxy: -# serviceAccountName: "command-bot" -# serviceAccount: -# create: true -# name: command-bot -# networkPolicy: -# enabled: false - -common: - fullnameOverride: "command-bot" - extraLabels: - team: "opstooling" - serviceAccount: - create: false - image: - repository: paritytech/command-bot - envFrom: - - secretRef: - name: command-bot - service: - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 3000 - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-dns01 - kubernetes.io/ingress.class: traefik-external - traefik.ingress.kubernetes.io/router.entrypoints: web,websecure - traefik.ingress.kubernetes.io/router.tls: "true" - persistence: - enabled: true - mountPath: "" - subPath: "" - annotations: {} - storageClass: hdd-csi - size: 100G - accessModes: - - ReadWriteOnce - env: - GITLAB_PUSH_NAMESPACE: parity/mirrors - GITLAB_JOB_IMAGE: paritytech/ci-unified:bullseye-1.75.0-2024-01-22-v20240109 - GITLAB_DOMAIN: gitlab.parity.io - PIPELINE_SCRIPTS_REPOSITORY: https://github.com/paritytech/command-bot-scripts/ - PIPELINE_SCRIPTS_REF: main - # We only want one instance at all times so that the execution queue can be - # sanely tracked across multiple MRs. - autoscaling: - enabled: false - - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 60 - periodSeconds: 5 - - readinessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 60 - periodSeconds: 5 - - serviceMonitor: - enabled: true - endpoints: - - port: http - path: /metrics - interval: 1m - scheme: http - scrapeTimeout: 30s - honorLabels: true - targetLabels: - - team