前情提要
(资料图)
FROM node:15.4.0-alpineENV TIME_ZONE=Asia/ShanghaiRUN \mkdir -p /usr/src/app \&& apk add --no-cache tzdata \&& echo "${TIME_ZONE}" > /etc/timezone \&& ln -sf /usr/share/zoneinfo/${TIME_ZONE} /etc/localtimeWORKDIR /usr/src/app# RUN npm i --registry=https://registry.npm.taobao.orgCOPY . /usr/src/appRUN yarn && yarn buildEXPOSE 7001CMD yarn eggstart
"eggstart": "NODE_ENV=k8s EGG_SERVER_ENV=k8s eggctl start --workers=1 --no-daemon",
docker build -t jefftian/alpha:"$1" .docker imagesdocker run --network host -e CI=true -d -p 127.0.0.1:7001:7001 --name alpha:"$1"jefftian/alphadocker ps | grep -q alphadocker ps -aqf "name=alpha$"docker push jefftian/alpha:"$1"docker logs $(docker ps -aqf name=alpha$)curl localhost:7001 || docker logs $(docker ps -aqf name=alpha$)docker kill alpha || echo "alpha killed"docker rm alpha || echo "alpha removed"
sh ./dockerize.sh test-tag
- run: wget https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64- run: sudo cp sops-v3.7.3.linux.amd64 /usr/local/bin/sops- run: sudo chmod +x /usr/local/bin/sops
creation_rules:# If assuming roles for another account use "arn+role_arn".# See Advanced usage- path_regex: k8s\/secrets\.yaml$kms: "arn:aws:kms:us-east-1:443862765029:key/b1739688-ec15-407d-895d-d05ca1217a2f"aws_profile: lambda-doc-rotary
[lambda-doc-rotary]aws_access_key_id = xxxaws_secret_access_key = yyy
- run: mkdir ${HOME}/.aws- run: echo -e "[lambda-doc-rotary]\naws_access_key_id = ${{secrets.AWS_ACCESS_KEY}}\naws_secret_access_key = ${{secrets.AWS_SECRET_KEY}}\n" > ~/.aws/config
sops -e -i k8s/secrets.yaml --aws-profile lambda-doc-rotary
sops -d -i k8s/secrets.yaml --aws-profile lambda-doc-rotary
apiVersion: v1kind: Secretmetadata:name: alpha-secretslabels:branch: maintype: OpaquestringData:MYSQL_HOST: alpha.xxxx.rds.cn-northwest-1.amazonaws.com.cnMYSQL_PORT: "3306"MYSQL_USERNAME: adminMYSQL_PASSWORD: yyyyMYSQL_DATABASE: alphaREDIS_URI: redis://username:password@host:port
apiVersion: kustomize.config.k8s.io/v1beta1kind: Kustomizationbases: []resources:- deployment.yaml- service.yaml
apiVersion: v1kind: Servicemetadata:name: alphaannotations:dev.okteto.com/auto-ingress: "true"spec:type: ClusterIPports:- name: tcpport: 7001protocol: TCPtargetPort: 7001selector:app: alphatier: backend
apiVersion: apps/v1kind: Deploymentmetadata:labels:app: alphatier: backenddeployedBy: deploy-node-appname: alphaspec:minReadySeconds: 5progressDeadlineSeconds: 600replicas: 2revisionHistoryLimit: 10selector:matchLabels:app: alphatier: backendstrategy:rollingUpdate:maxSurge: 1maxUnavailable: 0type: RollingUpdatetemplate:metadata:labels:app: alphatier: backenddeployedBy: deploy-node-appspec:containers:- image: jefftian/alphaimagePullPolicy: Alwaysname: alphaports:- containerPort: 7001name: httpprotocol: TCPresources:limits:cpu: 500mmemory: 512Mirequests:cpu: 250mmemory: 256MienvFrom:- secretRef:name: alpha-secretsrestartPolicy: AlwaysterminationGracePeriodSeconds: 30
build-docker-image:runs-on: ubuntu-latestneeds: buildsteps:- uses: actions/checkout@v3- run: echo "${{secrets.DOCKER_PASSWORD}}" | docker login -u "${{secrets.DOCKER_USERNAME}}" --password-stdin- run: git_hash=$(git rev-parse ${{ github.sha }})- run: sh .github/dockerize.sh ${{ github.sha }}
deploy-okteto:runs-on: ubuntu-latestneeds: build-docker-imagesteps:- uses: actions/checkout@v3- run: mkdir ${HOME}/.aws- run: echo -e "[lambda-doc-rotary]\naws_access_key_id = ${{secrets.AWS_ACCESS_KEY}}\naws_secret_access_key = ${{secrets.AWS_SECRET_KEY}}\n" > ~/.aws/config- run: wget https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64- run: sudo cp sops-v3.7.3.linux.amd64 /usr/local/bin/sops- run: sudo chmod +x /usr/local/bin/sops- run: curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl- run: chmod +x ./kubectl- run: sudo mv ./kubectl /usr/local/bin/kubectl- run: mkdir ${HOME}/.kube- run: npm i -g k8ss- run: echo -e "machine github.com\n login ${{secrets.GH_TOKEN}}" > ~/.netrc- run: git clone https://github.com/Jeff-Tian/k8s-config.git ${HOME}/k8s-config- run: k8ss switch --cluster=okteto --namespace=jeff-tian- run: sops -d k8s/secrets.yaml --aws-profile lambda-doc-rotary | kubectl apply -f -- run: kubectl apply -k k8s- run: kubectl set image deployment alpha alpha=jefftian/alpha:${{ github.sha }}
标签: