Github Action to deploy to AKS

.github/workflows/docker-kubernetes.yml

@@ -0,0 +1,38 @@
+name: Docker build and push, Kubernetes apply
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Docker Login
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Kubernetes set context
+        uses: Azure/k8s-set-context@v1
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBE_CONFIG }}
+
+      - name: Docker build and push
+        run: |
+          docker build --tag ${{ secrets.DOCKER_USERNAME }}/tapiriik:${{ github.sha }} .
+          docker push ${{ secrets.DOCKER_USERNAME }}/tapiriik:${{ github.sha }}
+
+      - name: kubectl apply
+        # NB: the secrets need to be friendly to sed, eg & should be escaped as \&
+        run: |
+          sed -i'' -e 's#WEB_ROOT#${{ secrets.WEB_ROOT }}#g' -e 's/ALLOWED_HOSTS/${{ secrets.ALLOWED_HOSTS }}/g' -e 's#REDIS_HOST#${{ secrets.REDIS_HOST }}#g' -e 's#RABBITMQ_BROKER_URL#${{ secrets.RABBITMQ_BROKER_URL }}#g' -e 's#MONGO_HOST#${{ secrets.MONGO_HOST }}#g' -e 's/RUNKEEPER_CLIENT_ID/${{ secrets.RUNKEEPER_CLIENT_ID }}/g' -e 's/RUNKEEPER_CLIENT_SECRET/${{ secrets.RUNKEEPER_CLIENT_SECRET }}/g' -e 's/DROPBOX_APP_KEY/${{ secrets.DROPBOX_APP_KEY }}/g' -e 's/DROPBOX_APP_SECRET/${{ secrets.DROPBOX_APP_SECRET }}/g' -e 's/DROPBOX_FULL_APP_KEY/${{ secrets.DROPBOX_FULL_APP_KEY }}/g' -e 's/DROPBOX_FULL_APP_SECRET/${{ secrets.DROPBOX_FULL_APP_SECRET }}/g' -e 's/STRAVA_CLIENT_ID/${{ secrets.STRAVA_CLIENT_ID }}/g' -e 's/STRAVA_CLIENT_SECRET/${{ secrets.STRAVA_CLIENT_SECRET }}/g' -e 's/SPORTTRACKS_CLIENT_ID/${{ secrets.SPORTTRACKS_CLIENT_ID }}/g' -e 's/SPORTTRACKS_CLIENT_SECRET/${{ secrets.SPORTTRACKS_CLIENT_SECRET }}/g' -e 's/RWGPS_APIKEY/${{ secrets.RWGPS_APIKEY }}/g' kubernetes-secrets.yml
+          sed -i'' -e 's/tapiriik:latest/tapiriik:${{ github.sha }}/g' kubernetes.yml
+          kubectl apply -f kubernetes-secrets.yml --namespace tapiriik
+          kubectl apply -f kubernetes.yml --namespace tapiriik

README.md

@@ -26,8 +26,9 @@ or don't use Redis at all (by not defining `REDIS_HOST`).
 To run on Kubernetes,
 eg [AKS](https://docs.microsoft.com/en-us/azure/aks/):
 - edit [`kubernetes-secrets.yml`](kubernetes-secrets.yml) (or a copy of it)
-- `kubectl apply -f kubernetes-secrets.yml`
-- `kubectl apply -f kubernetes.yml`
+- `kubectl apply -f kubernetes-secrets.yml --namespace tapiriik`
+- `kubectl apply -f kubernetes.yml --namespace tapiriik`
+- add [TLS ingress](https://docs.microsoft.com/en-us/azure/aks/ingress-tls)
 
 ## Want to help with development?
 

kubernetes-secrets.yml

@@ -4,17 +4,19 @@ metadata:
   name: tapiriik-secret
 type: Opaque
 stringData:
-  redis-host: "tapiriik-redis"
-  rabbitmq-broker-url: "amqp://guest@tapiriik_rabbitmq//"
-  mongo-host: "mongodb://root:example@tapiriik_mongo:27017/admin"
-  runkeeper-client-id: "####"
-  runkeeper-client-secret: "####"
-  dropbox-app-key: "####"
-  dropbox-app-secret: "####"
-  dropbox-full-app-key: "####"
-  dropbox-full-app-secret: "####"
-  strava-client-id: "####"
-  strava-client-secret: "####"
-  sporttracks-client-id: "####"
-  sporttracks-client-secret: "####"
-  rwgps-api-key: "####"
+  web-root: "WEB_ROOT"
+  allowed-hosts: "ALLOWED_HOSTS"
+  redis-host: "REDIS_HOST"
+  rabbitmq-broker-url: "RABBITMQ_BROKER_URL"
+  mongo-host: "MONGO_HOST"
+  runkeeper-client-id: "RUNKEEPER_CLIENT_ID"
+  runkeeper-client-secret: "RUNKEEPER_CLIENT_SECRET"
+  dropbox-app-key: "DROPBOX_APP_KEY"
+  dropbox-app-secret: "DROPBOX_APP_SECRET"
+  dropbox-full-app-key: "DROPBOX_FULL_APP_KEY"
+  dropbox-full-app-secret: "DROPBOX_FULL_APP_SECRET"
+  strava-client-id: "STRAVA_CLIENT_ID"
+  strava-client-secret: "STRAVA_CLIENT_SECRET"
+  sporttracks-client-id: "SPORTTRACKS_CLIENT_ID"
+  sporttracks-client-secret: "SPORTTRACKS_CLIENT_SECRET"
+  rwgps-api-key: "RWGPS_APIKEY"

kubernetes.yml

@@ -59,7 +59,7 @@ spec:
         "beta.kubernetes.io/os": linux
       containers:
       - name: tapiriik-scheduler
-        image: neilb27/tapiriik:kubernetes
+        image: neilb27/tapiriik:latest
         command: ["python3"]
         args: ["sync_scheduler.py"]
         resources:
@@ -161,7 +161,7 @@ spec:
         "beta.kubernetes.io/os": linux
       containers:
       - name: tapiriik-worker
-        image: neilb27/tapiriik:kubernetes
+        image: neilb27/tapiriik:latest
         command: ["python3"]
         args: ["sync_worker.py"]
         resources:
@@ -265,7 +265,7 @@ spec:
         "beta.kubernetes.io/os": linux
       containers:
       - name: tapiriik-web
-        image: neilb27/tapiriik:kubernetes
+        image: neilb27/tapiriik:latest
         command: ["python3"]
         args: ["manage.py", "runserver", "0.0.0.0:80", "--insecure"]
         resources:
@@ -281,9 +281,15 @@ spec:
         - name: DEBUG
           value: "False"
         - name: WEB_ROOT
-          value: "https://www.siiink.com/"
+          valueFrom:
+            secretKeyRef:
+              name: tapiriik-secret
+              key: web-root
         - name: ALLOWED_HOSTS
-          value: "www.siiink.com"
+          valueFrom:
+            secretKeyRef:
+              name: tapiriik-secret
+              key: allowed-hosts
         - name: SOFT_LAUNCH_SERVICES
           value: "runkeeper,garminconnect,endomondo,trainingpeaks,trainasone,pulsstory,motivato,nikeplus,velohero,trainerroad,smashrun,beginnertriathlete,setio,singletracker,aerobia"
         - name: REDIS_HOST