-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
267 lines (248 loc) · 7.42 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# This template can use to set up an AWS EKS cluster for specific project
# (group currently is not supported) and allows to you create and manage Nginx Ingress Controller,
# CertManager and other tools with custom values for Helm charts as you wish :)
#
variables:
CI_IMAGE_NAME: $CI_REGISTRY_IMAGE:terraform-v${TERRAFORM_VERSION}-helmfile-${HELMFILE_VERSION}-doctl-${DOCTL_VERSION}-kubectl-${KUBECTL_VER}-helm-${HELM_VER}
KUBECTL_VER: v1.16.0
HELM_VER: v2.15.1
HELMFILE_VERSION: v0.94.1 # https://github.com/roboll/helmfile/releases
DOCTL_VERSION: 1.36.0 # https://github.com/digitalocean/doctl/releases
PACKER_VER: 1.5.1 # https://packer.io/
TERRAFORM_VERSION: 0.12.18 # https://releases.hashicorp.com/terraform/
#
KUBEHOME_DIR: $CI_PROJECT_DIR/.kube
KUBECONFIG: $CI_PROJECT_DIR/.kube/config
# Terraform variables
PLAN: plan.tfplan
TF_VAR_kubeconfig_path: $CI_PROJECT_DIR/.kube/config
TF_VAR_root_gitlab_project: $CI_PROJECT_ID
# Set a group id to add a kubernetes cluster to its settings
# ⚠️ REPLACE WITH YOUR OWN ⚠️
TF_VAR_root_gitlab_group: 6638212
TF_VAR_dns_zone: $KUBE_INGRESS_BASE_DOMAIN
TF_VAR_gitlab_runner_installed: $GITLAB_RUNNER_INSTALLED
# helmfiles
# the helm charts are enabled for testing purposes, you may want to change these values to your own
GITLAB_RUNNER_INSTALLED: "true"
NGINX_INGRESS_INSTALLED: "true"
CERT_MANAGER_INSTALLED: "true"
# autoscaling is already configured by DOKS, you may want to install to AWS EKS
# CLUSTER_AUTOSCALER_INSTALLED: "false"
# helmfile environment variables
CREATE_NAMESPACE_IF_MISSING: "true" # indicate whether the namespace should be created if it does not exist
HELM_HOST: localhost:44134
TILLER_NAMESPACE: tillerless
#
CERT_MANAGER_INGRESS_SHIM_DEFAULT_ISSUER_NAME: "letsencrypt-prod"
image:
name: $CI_IMAGE_NAME
entrypoint:
- '/usr/bin/env'
- 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
cache:
paths:
- .terraform
before_script:
- mkdir -p $KUBEHOME_DIR
- echo $KUBECONFIG
- terraform --version
- terraform init $TERRAFORM_DIR
stages:
- prepare
- lint
- validate
- build
- test
- deploy
- gitlab
- infra
- testing
- destroy
validate:
stage: validate
extends:
- .terraform
script:
- terraform validate $TERRAFORM_DIR
# !!! At the same time will be used EKS or DOKS only.
# Please, specify TERRAFORM_VARS and TERRAFORM_DIR environment variables
# according to your choice in the variables of top this file !!!
plan:
stage: build
extends: .terraform
script:
- terraform plan -var-file=$TERRAFORM_VARS -out=$PLAN $TERRAFORM_DIR
artifacts:
name: plan
paths:
- $PLAN
apply with autoapprove:
extends: .apply
allow_failure: false
only:
- schedules
apply:
extends: .apply
when: manual
allow_failure: false
except:
- schedules
# At the same time will be created EKS or DOKS only.
.apply:
stage: deploy
extends: .terraform
environment:
name: production
script:
- terraform apply -input=false $PLAN
dependencies:
- plan
destroy from web:
extends: .destroy
except:
- schedules
when: manual
destroy with delay:
extends: .destroy
only:
- schedules
when: delayed
start_in: 5 minutes
# Builds the docker image, includes tools that might you want to use on the next stages
# Notice, that the $CI_IMAGE_NAME enviroment variables will be used in the next stage and
# based on the some env variables
# The versions of terraform and helmfile are defined on top of gitlab ci file, you can set others values
# - TERRAFORM_VERSION
# - HELMFILE_VERSION
docker-build-master:
# Official docker image.
image: docker:latest
stage: prepare
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- docker build --pull -t "$CI_IMAGE_NAME" --build-arg terraform_ver=$TERRAFORM_VERSION --build-arg helm_ver=$HELM_VER --build-arg kubectl_ver=$KUBECTL_VER --build-arg helmfile_ver=$HELMFILE_VERSION --build-arg doctl_ver=$DOCTL_VERSION .
- docker push "$CI_IMAGE_NAME"
except:
- schedules
only:
refs:
- master
changes:
- Dockerfile
- helmfile.d/*
build-aws-ami:
image: bitnami/minideb:stretch
stage: prepare
before_script:
- apt-get update && apt-get install -qy wget unzip curl git procps
- ./scripts/install_packer.sh
- packer validate packer.json
script:
- packer build packer.json
only:
changes:
- packer.json
variables:
- $AWS_ACCESS_KEY_ID
- $AWS_SECRET_ACCESS_KEY
except:
variables:
- $PACKER_DISABLED == "yes"
allow_failure: true
.auto-configure:
image: $CI_IMAGE_NAME
.destroy:
stage: destroy
extends:
- .before-script
- .terraform
environment:
name: production
script:
- export KUBE_CLUSTER_NAME=${KUBE_CLUSTER_NAME:-$EKS_CLUSTER_NAME}
- |
if [[ $DOKS_CLUSTER_ENABLED == "yes" ]]; then
doctl kubernetes cluster kubeconfig save $KUBE_CLUSTER_NAME
elif [[ $AWS_EKS_CLUSTER_ENABLED == "yes" ]]; then
aws eks update-kubeconfig --name $KUBE_CLUSTER_NAME
fi
- helm version -c
- helm init -c
- helm tiller install
- helm tiller start-ci
- ./scripts/destroy_helm_releases.sh
- terraform destroy -var-file $TERRAFORM_VARS -auto-approve $TERRAFORM_DIR
.before-script:
before_script:
- apt-get install -yq procps
- aws --version
- doctl version
- export KUBE_CLUSTER_NAME=${KUBE_CLUSTER_NAME:-$EKS_CLUSTER_NAME}
- |
if [[ $DOKS_CLUSTER_ENABLED == "yes" ]]; then
doctl kubernetes cluster kubeconfig save $KUBE_CLUSTER_NAME
elif [[ $AWS_EKS_CLUSTER_ENABLED == "yes" ]]; then
aws eks update-kubeconfig --name $KUBE_CLUSTER_NAME
fi
- kubectl version
- helm version -c
- helm init -c
- helm tiller install
- helm tiller start-ci
- helmfile -v
- helmfile deps
# Heavily used by included gitlab templates
.general:
only:
refs:
- master
variables:
- $AWS_EKS_CLUSTER_ENABLED == "yes"
- $DOKS_CLUSTER_ENABLED == "yes"
tags:
- docker
.terraform:
only:
refs:
- master
variables:
- $DOKS_CLUSTER_ENABLED == "yes"
- $AWS_EKS_CLUSTER_ENABLED == "yes"
before_script:
- mkdir -p $KUBEHOME_DIR
- echo $KUBECONFIG
- terraform --version
- apt-get install -yq procps
- |
if [[ $DOKS_CLUSTER_ENABLED == "yes" ]]; then
export AWS_SECRET_ACCESS_KEY=$AWS_S3_BACKEND_SECRET_ACCESS_KEY
export AWS_ACCESS_KEY_ID=$AWS_S3_BACKEND_ACCESS_KEY_ID
export TERRAFORM_DIR=./terraform/doks
export TERRAFORM_VARS=$TERRAFORM_DIR/fra1.tfvars
elif [[ $AWS_EKS_CLUSTER_ENABLED == "yes" ]]; then
export TERRAFORM_DIR="./terraform/aws-eks"
export TERRAFORM_VARS="$TERRAFORM_DIR/eu-central-1.tfvars"
fi
- terraform init $TERRAFORM_DIR
except:
variables:
- $TERRAFORM_DISABLED == "yes"
# in this branch `local` directive is replaced by `remote` to make possible include this .gitlab-ci.yml itself from another repo
include:
- project: lazyorangejs/staging.lazyorange.xyz
file: .gitlab/ci/templates/Jobs/Lint-Helmfile.gitlab-ci.yml
- project: lazyorangejs/staging.lazyorange.xyz
ref: master
file: .gitlab/ci/templates/Jobs/Auto-Ingress.gitalb-ci.yml
- project: lazyorangejs/staging.lazyorange.xyz
ref: master
file: .gitlab/ci/templates/Jobs/Gitlab-Runner.gitlab-ci.yml
- project: lazyorangejs/staging.lazyorange.xyz
ref: master
file: .gitlab/ci/templates/Jobs/Cluster-AutoScaler.gitlab-ci.yml
- project: lazyorangejs/staging.lazyorange.xyz
file: .gitlab/ci/templates/Jobs/Testing.gitalb-ci.yml