From 43afad7dba7e9a83f65658ec6c4b5e4b120dc0c0 Mon Sep 17 00:00:00 2001 From: Milas Holsting Date: Sat, 23 May 2026 03:05:16 +0200 Subject: [PATCH] deploy --- .gitea/workflows/build-push.yaml | 82 +++++++++++++++++++ deploy/.gitkeep | 0 deploy/base/app-secret.yaml | 12 +++ deploy/base/cert.yaml | 11 +++ deploy/base/deployment.yaml | 72 ++++++++++++++++ deploy/base/ingress.yaml | 16 ++++ deploy/base/kustomization.yaml | 11 +++ deploy/base/pvc.yaml | 10 +++ deploy/base/service.yaml | 14 ++++ deploy/overlays/production/deployment.yaml | 20 +++++ deploy/overlays/production/kustomization.yaml | 20 +++++ 11 files changed, 268 insertions(+) create mode 100644 .gitea/workflows/build-push.yaml create mode 100644 deploy/.gitkeep create mode 100644 deploy/base/app-secret.yaml create mode 100644 deploy/base/cert.yaml create mode 100644 deploy/base/deployment.yaml create mode 100644 deploy/base/ingress.yaml create mode 100644 deploy/base/kustomization.yaml create mode 100644 deploy/base/pvc.yaml create mode 100644 deploy/base/service.yaml create mode 100644 deploy/overlays/production/deployment.yaml create mode 100644 deploy/overlays/production/kustomization.yaml diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml new file mode 100644 index 0000000..b379b76 --- /dev/null +++ b/.gitea/workflows/build-push.yaml @@ -0,0 +1,82 @@ +name: Build and Push Container Image + +on: + push: + branches: + - main + paths-ignore: + - "deploy/**" +env: + REGISTRY: reg.milasholsting.dk + IMAGE_NAME: apps/mal + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + config-inline: | + [registry."reg.milasholsting.dk"] + http = false + insecure = true + + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=sha,prefix=sha-,format=short + type=raw,value=latest + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Install Kustomize + run: | + curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash + sudo mv kustomize /usr/local/bin/ + + - name: Update Kustomize + run: | + IMAGE_TAG=$(echo '${{ steps.meta.outputs.json }}' | jq -r '.tags[] | select(startswith("reg.milasholsting.dk/apps/mal:sha-"))' | cut -d: -f2) + + echo "Targeting Tag: $IMAGE_TAG" + + cd deploy/overlays/production + kustomize edit set image main=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG + + - name: Commit and Push Change + run: | + git config user.name "Gitea Action" + git config user.email "actions@gitea.io" + + git add deploy/overlays/production/kustomization.yaml + + if git diff --staged --quiet; then + echo "No changes to commit" + else + git commit -m "chore(deploy): update image to ${{ steps.meta.outputs.version }}" + git push origin main + fi diff --git a/deploy/.gitkeep b/deploy/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/deploy/base/app-secret.yaml b/deploy/base/app-secret.yaml new file mode 100644 index 0000000..ce53f4b --- /dev/null +++ b/deploy/base/app-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultStaticSecret +metadata: + name: mal-app +spec: + type: kv-v2 + mount: secret + path: mal + destination: + name: mal + create: true + refreshAfter: 1h diff --git a/deploy/base/cert.yaml b/deploy/base/cert.yaml new file mode 100644 index 0000000..4c518b8 --- /dev/null +++ b/deploy/base/cert.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mal-tls +spec: + secretName: mal-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - mal.melosh.tech diff --git a/deploy/base/deployment.yaml b/deploy/base/deployment.yaml new file mode 100644 index 0000000..9e05d02 --- /dev/null +++ b/deploy/base/deployment.yaml @@ -0,0 +1,72 @@ +# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mal + labels: + app: mal +spec: + replicas: 1 + selector: + matchLabels: + app: mal + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: mal + labels: + app: mal + spec: + containers: + - name: mal + image: main + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + name: http + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi + livenessProbe: + tcpSocket: + port: 3000 + initialDelaySeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 10 + readinessProbe: + tcpSocket: + port: 3000 + initialDelaySeconds: 2 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 10 + env: + - name: DATABASE_FILE + value: /app/data/mal.db + - name: GIN_MODE + value: release + - name: PLAYBACK_PROXY_SECRET + valueFrom: + secretKeyRef: + name: mal + key: PLAYBACK_PROXY_SECRET + volumeMounts: + - name: data + mountPath: /app/data + volumes: + - name: data + persistentVolumeClaim: + claimName: mal-data + restartPolicy: Always diff --git a/deploy/base/ingress.yaml b/deploy/base/ingress.yaml new file mode 100644 index 0000000..70d6d17 --- /dev/null +++ b/deploy/base/ingress.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: mal-ingress +spec: + entryPoints: + - websecure + - web + routes: + - match: Host(`mal.melosh.tech`) + kind: Rule + services: + - name: mal + port: 3000 + tls: + secretName: mal-tls diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml new file mode 100644 index 0000000..64b9d97 --- /dev/null +++ b/deploy/base/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mal + +resources: + - ./deployment.yaml + - ./ingress.yaml + - ./cert.yaml + - ./service.yaml + - ./pvc.yaml + - ./app-secret.yaml diff --git a/deploy/base/pvc.yaml b/deploy/base/pvc.yaml new file mode 100644 index 0000000..9e3daa9 --- /dev/null +++ b/deploy/base/pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mal-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/deploy/base/service.yaml b/deploy/base/service.yaml new file mode 100644 index 0000000..9bba901 --- /dev/null +++ b/deploy/base/service.yaml @@ -0,0 +1,14 @@ +# https://kubernetes.io/docs/concepts/services-networking/service/ +apiVersion: v1 +kind: Service +metadata: + name: mal +spec: + selector: + app: mal + type: ClusterIP + ports: + - name: mal + protocol: TCP + port: 3000 + targetPort: 3000 diff --git a/deploy/overlays/production/deployment.yaml b/deploy/overlays/production/deployment.yaml new file mode 100644 index 0000000..bb9ec55 --- /dev/null +++ b/deploy/overlays/production/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mal +spec: + replicas: 1 + template: + spec: + containers: + - name: mal + resources: + limits: + cpu: "1" + memory: "1Gi" + requests: + cpu: "500m" + memory: "512Mi" + env: + - name: ENV + value: production diff --git a/deploy/overlays/production/kustomization.yaml b/deploy/overlays/production/kustomization.yaml new file mode 100644 index 0000000..3801a3e --- /dev/null +++ b/deploy/overlays/production/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# 1. Point to the base manifests +resources: +- ../../base + +# 2. Apply the production-specific changes +patches: +- path: deployment.yaml + target: + kind: Deployment + name: mal + +namespace: mal + +images: +- name: main + newName: reg.milasholsting.dk/apps/mal + newTag: latest