Commit d60823dd authored by Thomas Boni's avatar Thomas Boni
Browse files

remove wrongly added helm_deploy job

parent dfbb9a8c
Loading
Loading
Loading
Loading

jobs/helm_deploy/README.md

deleted100644 → 0
+0 −56
Original line number Diff line number Diff line
# ☸️  Helm Review

## Description

Deploy your [helm](https://helm.sh/docs/intro/quickstart/) charts as a review environment when a pipeline is run in a merge request

## How to use it

1. To use this job, you have to provide a helm chart to deploy your project. The chart location must be defined in the CHART_PATH variable. If you want to use custom values files, check the `VALUES_FILE` and `VALUES_SECRET_FILE` variables. More information about helm charts in [documentation](https://helm.sh/docs/chart_template_guide/getting_started/)
2. Prepare the secret PGP variables (`PGP_PUBLIC` and `PGP_PRIVATE`) in your CI/CD variables (as files and not variables!) in [gitlab](https://docs.gitlab.com/12.10/ee/ci/variables/#via-the-ui) if you need encrypted variables
3. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/use-the-hub/)). Example:

    ```yaml
    include:
      - remote: 'https://jobs.r2devops.io/helm_deploy.yml'
    ```

4. If you need to customize the job (stage, variables, ...) 👉 check the [jobs
   customization](/use-the-hub/#jobs-customization)
5. Well done, your job is ready to work ! 😀

## Job details

* Job name: `helm_deploy`
* Docker image:
[`lachlanevenson/k8s-helm:v3.3.4`](https://hub.docker.com/r/lachlanevenson/k8s-helm/)
* Default stage: `deployment`
* Rules: run only on `$CI_DEFAULT_BRANCH`

### Variables

| Name | Description | Default |
| ---- | ----------- | ------- |
| `CHART_PATH` <img width=250/> | Path to the chart directory from repository root | `./charts/$CI_PROJECT_NAME`
| `VALUES_FILE_PATH` | Path to custom values file from repository root. Declare it empty to not use custom value file | `./conf/values/${ENVIRONMENT}.yaml`
| `VALUES_SECRET_FILE_PATH` | Path to custom secrets (encrypted) values file from repository root. Declare it empty to not use custom secret value file | `./conf/values/secrets.${ENVIRONMENT}.yaml`
| `REGISTRY` | Registry from where to pull container image | `${CI_REGISTRY_IMAGE}`
| `KUBECTL_URL` | Url to get kubectl binary | `https://storage.googleapis.com/kubernetes-release/release/v1.19.3/bin/linux/amd64/kubectl` |
| `HELMSECRETS_URL` | Url to get kubectl secrets plugin | `https://github.com/futuresimple/helm-secrets` |
| `HELMSECRETS_VERSION` | Version of kubectl secrets plugin | `v2.0.2` | Only if the secret file `VALUES_SECRET_FILE` exists |
| `STABLE_REPO_URL` | Url of stable repo to add to helm | `https://kubernetes-charts.storage.googleapis.com/`
| `HELM_ADDITIONAL_OPTIONS` | Additional settings to give to helm for deployment | ` `

**Gitlab CI/CD variables:**

| Name | Description | Type | Mandatory |
| ---- | ----------- | ---- | --------- |
| `PGP_PUBLIC` | PGP public key used to encrypt secret file | File | Only if the secret file `VALUES_SECRET_FILE` exists |
| `PGP_PRIVATE` | PGP private key used to encrypt secret file | File | Only if the secret file `VALUES_SECRET_FILE` exists |

### Secrets

Secrets files are encrypted with the helm plugin [secrets](https://github.com/zendesk/helm-secrets).
It will allow to encrypt or decrypt any yaml files that you have in your `${VALUES_PATH}` so you can push values that will be decrypted at runtime but not seen from the source code.
For example, you can `helm secrets enc review.yaml` to encrypt it to a `secret.review.yaml`, so you will have some public variables in a `review.yalm` file and a password for example in `secrets.review.yaml`.

jobs/helm_deploy/helm_deploy.yml

deleted100644 → 0
+0 −97
Original line number Diff line number Diff line
# Job from r2devops hub --> hub.r2devops.io

stages:
  - review

.helm:
  image:
    name: lachlanevenson/k8s-helm:v3.3.4
    entrypoint: [""]
  variables:
    CHART_PATH: "./charts/$CI_PROJECT_NAME"

    # 2 following variables must be defined in job awaiting
    # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1809#note_412430651
    VALUES_FILE_PATH: ""
    VALUES_SECRET_FILE_PATH: ""

    REGISTRY: "${CI_REGISTRY_IMAGE}"
    KUBECTL_URL: "https://storage.googleapis.com/kubernetes-release/release/v1.19.3/bin/linux/amd64/kubectl"
    HELMSECRETS_URL: "https://github.com/futuresimple/helm-secrets"
    HELMSECRETS_VERSION: "v2.0.2"
    STABLE_REPO_URL: "https://kubernetes-charts.storage.googleapis.com/"
    HELM_ADDITIONAL_OPTIONS: ""
    ENVIRONMENT: "production"

helm_deploy:
  extends: .helm
  stage: review
  environment:
    name: ${ENVIRONMENT}
    url: https://${CI_ENVIRONMENT_SLUG}.${CI_PROJECT_NAME}.${KUBE_INGRESS_BASE_DOMAIN}/
    on_stop: cleanup_review
  except:
    refs:
      - master
  script:
    - apk add --no-cache curl gnupg git bash
    - curl --output /bin/kubectl ${KUBECTL_URL} && chmod a+x /bin/kubectl
    # Following variables defined must be replaced by job variables as soon as
    # issue #1809 will be closed (see comment in variables section)
    - if [ -z ${VALUES_FILE_PATH} ]; then
      # TODO: it doesn't work, think about uses cases: var empty, custom or
      # default
    -   export VALUES_FILE_PATH="./conf/values/${ENVIRONMENT}.yaml"
    - fi
    - if [ -z ${VALUES_SECRET_FILE_PATH} ]; then
    -   export VALUES_SECRET_FILE_PATH="./conf/values/secrets.${ENVIRONMENT}.yaml"
    - fi
    # End of section to replace
    - if [ ! -z ${VALUES_SECRET_FILE_PATH} ]; then
    -   mkdir ${HELM_HOME}/plugins
    -   helm plugin install $HELMSECRETS_URL --version ${HELMSECRETS_VERSION}
    -   gpg --import "${PGP_PUBLIC}"
    -   gpg --allow-secret-key-import --import "${PGP_PRIVATE}"
    - fi
    - helm repo add stable ${STABLE_REPO_URL}
    - helm repo update
    - if [ -f "${VALUES_PATH}/${VALUES_SECRET_FILE}" ]
    - then
    -     SECRET_OPTION="-f ${VALUES_PATH}/${VALUES_SECRET_FILE}"
    - fi
    - helm secrets upgrade ${CI_PROJECT_PATH_SLUG} ${CHART_PATH}
        --namespace "${KUBE_NAMESPACE}" --install
        -f ${VALUES_PATH}/${VALUES_FILE} ${SECRET_OPTION}
        --set-string image.registry=${REGISTRY}
        --set-string image.tag=${CI_COMMIT_SHA}
        --set-string ingress.hostPrefix="${CI_ENVIRONMENT_SLUG}."
        --set-string gitlab.env=${CI_ENVIRONMENT_SLUG}
        --set-string gitlab.app=${CI_PROJECT_PATH_SLUG}
        ${HELM_ADDITIONAL_OPTIONS}

cleanup_review:
  extends: .helm
  stage: review
  variables:
    GIT_STRATEGY: none
  when: manual
  script:
    - apk add --no-cache curl gnupg git bash
    - curl --output /bin/kubectl ${KUBECTL_URL}
        && chmod a+x /bin/kubectl
        && mkdir ${HELM_HOME}/plugins
        && helm plugin install $HELMSECRETS_URL --version ${HELMSECRETS_VERSION}
    - gpg --import "${PGP_PUBLIC}"
    - gpg --allow-secret-key-import --import "${PGP_PRIVATE}"
    - helm repo add stable ${STABLE_REPO_URL}
    - helm repo update
    - apk add --no-cache findutils
    - helm ls --all --short -n ${KUBE_NAMESPACE} | xargs -L1 helm -n ${KUBE_NAMESPACE} delete
    # - kubectl delete namespace $KUBE_NAMESPACE # TODO: it's forbidden due to user RBAC
  environment:
    name: review/${CI_COMMIT_REF_SLUG}
    action: stop
  allow_failure: true
  except:
    refs:
      - master

jobs/helm_deploy/job.yml

deleted100644 → 0
+0 −6
Original line number Diff line number Diff line
name: helm_review
description: A ready-to-use helm job to deploy your review environment in a merge request
default_stage: review
icon: ☸️
maintainer: thomasboni
license: MIT
 No newline at end of file
+0 −1
Original line number Diff line number Diff line
Initial version
 No newline at end of file