From 7868867908fe491bc5b68697f1d2ceb1daae9d05 Mon Sep 17 00:00:00 2001
From: ducoterra <ducoterra@gmail.com>
Date: Sat, 25 Apr 2020 11:15:23 -0400
Subject: [PATCH] new standard deploy templates

---
 .gitlab-ci.yml     |  9 ++++-----
 config/settings.py |  5 ++---
 k8s/configmap.yaml |  6 ++++++
 k8s/deploy.yaml    | 17 ++++++++++-------
 k8s/ingress.yaml   | 12 ++++++------
 k8s/pvc.yaml       |  2 +-
 k8s/service.yaml   |  4 ++--
 7 files changed, 31 insertions(+), 24 deletions(-)
 create mode 100644 k8s/configmap.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 646c09a..dd276b6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -36,15 +36,14 @@ deploy:
     - $CI_COMMIT_TAG
   stage: deploy
   image:
-    name: debian:latest
+    name: debian:10
     entrypoint: [""]
   script:
-    - echo $CI_REGISTRY_IMAGE
     - apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
     - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
     - chmod +x ./kubectl
-    - envsubst < k8s/deploy.yaml > out.yaml
-    - mv out.yaml k8s/deploy.yaml
-    - ./kubectl apply -f k8s
+    - mkdir /deploy
+    - for f in $(find k8s -regex '.*\\.ya*ml); do envsubst < $f > "/deploy/$(basename $f)"; done'
+    - ./kubectl apply -f /deploy
     - ./kubectl rollout status deploy $DEPLOY
     - ./kubectl exec $(./kubectl get pods --selector=app=$DEPLOY --output=jsonpath='{.items[*].metadata.name}') -- python manage.py migrate
\ No newline at end of file
diff --git a/config/settings.py b/config/settings.py
index b4c3fb1..59d85ac 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -20,13 +20,12 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'b8fi9=f-qj=@-#1iru34-f@a6pzfysgrf(1n_&d=ur%!1w$q*w'
+SECRET_KEY = os.getenv("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True if os.getenv("DEBUG") == "True" else False
 
-ALLOWED_HOSTS = ["localhost", "test.ducoterra.net"]
-
+ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS").split(",")
 
 # Application definition
 
diff --git a/k8s/configmap.yaml b/k8s/configmap.yaml
new file mode 100644
index 0000000..82f9e0f
--- /dev/null
+++ b/k8s/configmap.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: $DEPLOY
+data:
+  ALLOWED_HOSTS: localhost,test.ducoterra.net
\ No newline at end of file
diff --git a/k8s/deploy.yaml b/k8s/deploy.yaml
index a0ac459..4f00df7 100644
--- a/k8s/deploy.yaml
+++ b/k8s/deploy.yaml
@@ -1,22 +1,25 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: test
+  name: $DEPLOY
 spec:
   selector:
     matchLabels:
-      app: test
+      app: $DEPLOY
   template:
     metadata:
       labels:
-        app: test
+        app: $DEPLOY
     spec:
       containers:
-      - name: test
+      - name: $DEPLOY
         image: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+        envFrom:
+        - configMapRef:
+          name: gitlab
         volumeMounts:
           - mountPath: /app/db
-            name: test
+            name: $DEPLOY
         resources:
           limits:
             memory: "256Mi"
@@ -27,6 +30,6 @@ spec:
         ports:
         - containerPort: 8000
       volumes:
-        - name: test
+        - name: $DEPLOY
           persistentVolumeClaim:
-            claimName: test
\ No newline at end of file
+            claimName: $DEPLOY
\ No newline at end of file
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
index 9366542..9f9d935 100644
--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml
@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   annotations:
     ingress.kubernetes.io/ssl-redirect: "true"
-  name: test
+  name: $DEPLOY
 spec:
   tls:
   - hosts:
@@ -14,7 +14,7 @@ spec:
     http:
       paths:
       - backend:
-          serviceName: test
+          serviceName: $DEPLOY
           servicePort: 8000
 
 ---
@@ -22,7 +22,7 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: test-external-tls
+  name: $DEPLOY-external-tls
 spec:
   entryPoints:
     - websecure
@@ -32,7 +32,7 @@ spec:
   - match: Host(`test.ducoterra.net`)
     kind: Rule
     services:
-    - name: test
+    - name: $DEPLOY
       port: 8000
 
 ---
@@ -40,7 +40,7 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: test-external-web
+  name: $DEPLOY-external-web
 spec:
   entryPoints:
     - web
@@ -48,7 +48,7 @@ spec:
   - match: Host(`test.ducoterra.net`)
     kind: Rule
     services:
-    - name: test
+    - name: $DEPLOY
       port: 8000
     middlewares:
       - name: httpsredirect
\ No newline at end of file
diff --git a/k8s/pvc.yaml b/k8s/pvc.yaml
index f224a87..22fe2d8 100644
--- a/k8s/pvc.yaml
+++ b/k8s/pvc.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: test
+  name: $DEPLOY
 spec:
   storageClassName: nfs-encrypted
   accessModes:
diff --git a/k8s/service.yaml b/k8s/service.yaml
index 15a5d4f..4ec6c23 100644
--- a/k8s/service.yaml
+++ b/k8s/service.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: test
+  name: $DEPLOY
 spec:
   selector:
-    app: test
+    app: $DEPLOY
   ports:
   - port: 8000
     targetPort: 8000
\ No newline at end of file