From 987d2d41802b3ce686c689a505addb93281a78d9 Mon Sep 17 00:00:00 2001 From: Roy Razon Date: Sun, 17 Mar 2024 18:35:34 +0200 Subject: [PATCH 1/2] fix workflow --- .github/workflows/preevy-down.yaml | 18 +---- .github/workflows/preevy-up.yaml | 24 ++----- preevy-template.yaml.njk | 104 +++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+), 37 deletions(-) create mode 100644 preevy-template.yaml.njk diff --git a/.github/workflows/preevy-down.yaml b/.github/workflows/preevy-down.yaml index 62c46c5..aeb1771 100644 --- a/.github/workflows/preevy-down.yaml +++ b/.github/workflows/preevy-down.yaml @@ -34,23 +34,7 @@ jobs: location: ${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_LOCATION }} cluster: ${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_NAME }} - # use a preexisting kubernetes builder which already has cached layers - - name: Find pod of existing kubernetes builder - id: find_pod - run: | - pod=$(kubectl get pod --selector=app='${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_BUILDER }}' -o jsonpath='{.items[0].metadata.name}') - echo "pod=${pod}" >> $GITHUB_OUTPUT - - - name: Configure buildx to use the existing kubernetes builder - id: buildx_setup - uses: docker/setup-buildx-action@v3 - with: - driver: remote - # https://github.com/moby/buildkit/tree/master/examples/kubernetes#pod - # uses the kube-pod connection helper: https://github.com/moby/buildkit/pull/951 - endpoint: kube-pod://${{ steps.find_pod.outputs.pod }} - - - uses: livecycle/preevy-down-action@f94196c17c7d53dcde0f0bb158be20fd3e08a62f + - uses: livecycle/preevy-down-action@v1.4.0 with: profile-url: ${{ vars.PREEVY_PROFILE_URL }} install: 'gh-release' diff --git a/.github/workflows/preevy-up.yaml b/.github/workflows/preevy-up.yaml index ddcd3c4..4e60cba 100644 --- a/.github/workflows/preevy-up.yaml +++ b/.github/workflows/preevy-up.yaml @@ -48,34 +48,18 @@ jobs: location: ${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_LOCATION }} cluster: ${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_NAME }} - # use a preexisting kubernetes builder which already has cached layers - - name: Find pod of existing kubernetes builder - id: find_pod - run: | - pod=$(kubectl get pod --selector=app='${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_BUILDER }}' -o jsonpath='{.items[0].metadata.name}') - echo "pod=${pod}" >> $GITHUB_OUTPUT - - - name: Configure buildx to use the existing kubernetes builder + - name: Configure buildx id: buildx_setup uses: docker/setup-buildx-action@v3 with: - driver: remote - # https://github.com/moby/buildkit/tree/master/examples/kubernetes#pod - # uses the kube-pod connection helper: https://github.com/moby/buildkit/pull/951 - endpoint: kube-pod://${{ steps.find_pod.outputs.pod }} + driver: kubernetes - name: Deploy Preevy environment id: preevy_up - uses: livecycle/preevy-up-action@v2.3.0 + uses: livecycle/preevy-up-action@v2.4.0 with: install: 'gh-release' profile-url: ${{ vars.PREEVY_PROFILE_URL }} - args: "--driver kube-pod --registry '${{ vars.GOOGLE_CLOUD_REGISTRY }}' --builder '${{ steps.buildx_setup.outputs.name }}'" + args: "--driver kube-pod --registry '${{ vars.GOOGLE_CLOUD_REGISTRY }}' --builder '${{ steps.buildx_setup.outputs.name }}' --kube-pod-template=preevy-template.yaml.njk" env: GITHUB_TOKEN: ${{ github.token }} - - - name: Link environment to livecycle - env: - LIVECYCLE_API_KEY: ${{ secrets.LIVECYCLE_API_KEY }} - PREVIEW_URL: ${{ fromJson(steps.preevy_up.outputs.urls-map).frontend[3000] }} - run: npx @livecycle/cli link --url=$PREVIEW_URL --from-git=. --api-key=$LIVECYCLE_API_KEY diff --git a/preevy-template.yaml.njk b/preevy-template.yaml.njk new file mode 100644 index 0000000..3636c19 --- /dev/null +++ b/preevy-template.yaml.njk @@ -0,0 +1,104 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ id }}-sa + namespace: {{ namespace }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ id }}-dc + namespace: {{ namespace }} +data: + daemon.json: | + { + "tls": false + } +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ id }} + namespace: {{ namespace }} + labels: + app.kubernetes.io/component: docker-host +spec: + replicas: 1 + selector: + matchLabels: + {% for k, v in labels %} + {{ k }}: {{ v }} + {% endfor %} + template: + metadata: + labels: + {% for k, v in labels %} + {{ k }}: {{ v }} + {% endfor %} + spec: + serviceAccountName: {{ id }}-sa + containers: + - name: docker + image: docker:24.0.7-dind-alpine3.18 + securityContext: + privileged: true + command: ["dockerd", "--host=tcp://0.0.0.0:2375", "--host=unix:///var/run/docker.sock"] + volumeMounts: + - name: docker-config + mountPath: /etc/docker + - name: data + subPath: docker + mountPath: /var/lib/docker + - name: data + subPath: preevy + mountPath: /var/lib/preevy + volumes: + - name: docker-config + configMap: + name: {{ id }}-dc + volumeClaimTemplates: + - metadata: + name: data + labels: + {% for k, v in labels %} + {{ k }}: {{ v }} + {% endfor %} + spec: + accessModes: ["ReadWriteOnce"] +{% if storageClass %} + storageClassName: "{{ storageClass }}" +{% endif %} + resources: + requests: + storage: {{ storageSize }}Gi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ id }}-role + namespace: {{ namespace }} +rules: +- apiGroups: + - metrics.k8s.io + - "" + resources: + - pods + verbs: + - get + - list + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ id }}-rolebind + namespace: {{ namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ id }}-role +subjects: +- kind: ServiceAccount + name: {{ id }}-sa From 508faa49971d86a083304553b4e1fe993aa7f179 Mon Sep 17 00:00:00 2001 From: Roy Razon Date: Mon, 25 Mar 2024 12:29:06 +0200 Subject: [PATCH 2/2] fix compose --- compose.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/compose.yaml b/compose.yaml index c8e2e48..2ae2876 100644 --- a/compose.yaml +++ b/compose.yaml @@ -28,6 +28,8 @@ services: - private depends_on: - db + links: + - db db: # We use a mariadb image which supports both amd64 & arm64 architecture image: mariadb:10.6.4-focal @@ -59,6 +61,8 @@ services: - public depends_on: - backend + links: + - backend networks: public: private: