prod deploy

.gitlab-ci.yml

@@ -1,7 +1,6 @@
 variables:
   CI_PROJECT_DIR: "."
   CI_REGISTRY_IMAGE: hub.ducoterra.net/ducoterra/mysite
-  DEPLOY: test
 
 stages:
   - build
@@ -17,34 +16,61 @@ build:
     name: gcr.io/kaniko-project/executor:debug
     entrypoint: [""]
   script:
+    - echo $DEPLOY
     - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
 
 test:
+  stage: test
   only:
     variables:
     - $CI_COMMIT_TAG
-  stage: test
   image:
     name: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
     entrypoint: [""]
   script:
     - python manage.py test
 
-deploy:
+deploy_to_test:
+  variables:
+    DEPLOY: test
+  stage: deploy
   only:
     variables:
     - $CI_COMMIT_TAG
-  stage: deploy
   image:
-    name: debian:latest
+    name: debian:10
     entrypoint: [""]
   script:
-    - echo $CI_REGISTRY_IMAGE
     - apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
     - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
     - chmod +x ./kubectl
-    - envsubst < k8s/deploy.yaml > out.yaml
+    - mkdir /deploy
-    - mv out.yaml k8s/deploy.yaml
+    - for f in $(find k8s -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
-    - ./kubectl apply -f k8s
+    - for f in $(find k8s/test -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
+    - ./kubectl apply -f /deploy
     - ./kubectl rollout status deploy $DEPLOY
-    - ./kubectl exec $(./kubectl get pods --selector=app=$DEPLOY --output=jsonpath='{.items[*].metadata.name}') -- python manage.py migrate
+    - POD=$(./kubectl get pods --selector=app=$DEPLOY --output=jsonpath='{.items[*].metadata.name}')
+    - ./kubectl exec $POD -- python manage.py migrate
+
+deploy_to_prod:
+  variables:
+    DEPLOY: prod
+  stage: deploy
+  only:
+    variables:
+    - $CI_COMMIT_TAG
+  when: manual
+  image:
+    name: debian:10
+    entrypoint: [""]
+  script:
+    - apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
+    - curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
+    - chmod +x ./kubectl
+    - mkdir /deploy
+    - for f in $(find k8s -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
+    - for f in $(find k8s/prod -regex '.*\.ya*ml'); do envsubst < $f > "/deploy/$(basename $f)"; done
+    - ./kubectl apply -f /deploy
+    - ./kubectl rollout status deploy $DEPLOY
+    - POD=$(./kubectl get pods --selector=app=$DEPLOY --output=jsonpath='{.items[*].metadata.name}')
+    - ./kubectl exec $POD -- python manage.py migrate

.vscode/launch.json

@@ -5,7 +5,7 @@
     "version": "0.2.0",
     "configurations": [
         {
-            "name": "Python: Django",
+            "name": "Test",
             "type": "python",
             "request": "launch",
             "program": "${workspaceFolder}/manage.py",
@@ -13,6 +13,17 @@
                 "test",
             ],
             "django": true
+        },
+        {
+            "name": "Run Server",
+            "type": "python",
+            "request": "launch",
+            "program": "${workspaceFolder}/manage.py",
+            "args": [
+                "runserver",
+                "--noreload"
+            ],
+            "django": true
         }
     ]
 }

README.md

@@ -2,4 +2,23 @@
 
 My CI testing pipeline for a django project.
 
-[![pipeline status](http://gitlab.ducoterra.net/ducoterra/ci_builder/badges/master/pipeline.svg)](http://gitlab.ducoterra.net/ducoterra/ci_builder/-/commits/master)
+[![pipeline status](http://gitlab.ducoterra.net/ducoterra/ci_builder/badges/master/pipeline.svg)](http://gitlab.ducoterra.net/ducoterra/ci_builder/-/commits/master)
+
+## Django Environment Variables
+
+### Django Secret
+
+```bash
+kubectl create secret generic django-secrets --from-literal=SECRET_KEY=$(python -c "import secrets ; print(secrets.token_urlsafe(32))")
+```
+
+### Django Allowed Hosts
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test
+data:
+  ALLOWED_HOSTS: localhost,test.ducoterra.net
+```

config/settings.py

@@ -20,13 +20,12 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'b8fi9=f-qj=@-#1iru34-f@a6pzfysgrf(1n_&d=ur%!1w$q*w'
+SECRET_KEY = os.getenv("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True if os.getenv("DEBUG") == "True" else False
 
-ALLOWED_HOSTS = ["localhost", "test.ducoterra.net"]
+ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "localhost").split(",")
-
 
 # Application definition
 

config/urls.py

@@ -18,7 +18,7 @@ from django.urls import path, include
 from django.http import JsonResponse
 
 urlpatterns = [
-    path('', include('api.urls')),
+    # path('api/', include('api.urls')),
     path('', include('ui.urls')),
-    path('admin/', admin.site.urls),
+    # path('admin/', admin.site.urls),
 ]

k8s/configmap.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: $DEPLOY
+data:
+  ALLOWED_HOSTS: localhost,$DEPLOY.ducoterra.net

k8s/deploy.yaml

@@ -1,22 +1,27 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: test
+  name: $DEPLOY
 spec:
   selector:
     matchLabels:
-      app: test
+      app: $DEPLOY
   template:
     metadata:
       labels:
-        app: test
+        app: $DEPLOY
     spec:
       containers:
-      - name: test
+      - name: $DEPLOY
         image: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+        envFrom:
+        - configMapRef:
+            name: $DEPLOY
+        - secretRef:
+            name: django-secrets
         volumeMounts:
           - mountPath: /app/db
-            name: test
+            name: $DEPLOY
         resources:
           limits:
             memory: "256Mi"
@@ -27,6 +32,6 @@ spec:
         ports:
         - containerPort: 8000
       volumes:
-        - name: test
+        - name: $DEPLOY
           persistentVolumeClaim:
-            claimName: test
+            claimName: $DEPLOY

k8s/prod/ingress.yaml

@@ -3,18 +3,18 @@ kind: Ingress
 metadata:
   annotations:
     ingress.kubernetes.io/ssl-redirect: "true"
-  name: test
+  name: $DEPLOY
 spec:
   tls:
   - hosts:
-    - test.ducoterra.net
+    - $DEPLOY.ducoterra.net
     secretName: letsencrypt
   rules:
-  - host: test.ducoterra.net
+  - host: $DEPLOY.ducoterra.net
     http:
       paths:
       - backend:
-          serviceName: test
+          serviceName: $DEPLOY
           servicePort: 8000
 
 ---
@@ -22,17 +22,17 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: test-external-tls
+  name: $DEPLOY-external-tls
 spec:
   entryPoints:
     - websecure
   tls:
     secretName: letsencrypt
   routes:
-  - match: Host(`test.ducoterra.net`)
+  - match: Host(`$DEPLOY.ducoterra.net`)
     kind: Rule
     services:
-    - name: test
+    - name: $DEPLOY
       port: 8000
 
 ---
@@ -40,15 +40,15 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: test-external-web
+  name: $DEPLOY-external-web
 spec:
   entryPoints:
     - web
   routes:
-  - match: Host(`test.ducoterra.net`)
+  - match: Host(`$DEPLOY.ducoterra.net`)
     kind: Rule
     services:
-    - name: test
+    - name: $DEPLOY
       port: 8000
     middlewares:
       - name: httpsredirect

k8s/pvc.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: test
+  name: $DEPLOY
 spec:
   storageClassName: nfs-encrypted
   accessModes:

k8s/service.yaml

@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: test
+  name: $DEPLOY
 spec:
   selector:
-    app: test
+    app: $DEPLOY
   ports:
   - port: 8000
     targetPort: 8000

k8s/test/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/ssl-redirect: "true"
+  name: $DEPLOY
+spec:
+  tls:
+  - hosts:
+    - $DEPLOY.ducoterra.net
+    secretName: letsencrypt
+  rules:
+  - host: $DEPLOY.ducoterra.net
+    http:
+      paths:
+      - backend:
+          serviceName: $DEPLOY
+          servicePort: 8000

manage.py

@@ -6,6 +6,7 @@ import sys
 
 def main():
     os.environ.setdefault('DEBUG', 'True')
+    os.environ.setdefault('SECRET_KEY', 'SeVOOxOHISQZv82RfCPds0B2l8M6jGju4G8F-GcuSrc')
     os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
     try:
         from django.core.management import execute_from_command_line

ui/static/ui/button.css

@@ -0,0 +1,17 @@
+html, body { 
+    height: 100%;
+    width: 100%;
+    touch-action: manipulation;
+}
+
+.section, .container {
+    height: 100%;
+}
+
+.container {
+    display: flex;
+    justify-content: center;
+    flex-direction: column;
+    align-items: center;
+    text-align: center;
+}

ui/static/ui/button.js

@@ -1,26 +1,12 @@
-function getCookie(name) {
+const csrftoken = getCookie('csrftoken');
-    var cookieValue = null;
+const button = document.getElementById("BUTTON");
-    if (document.cookie && document.cookie !== '') {
+const count = document.getElementById("COUNT");
-        var cookies = document.cookie.split(';');
-        for (var i = 0; i < cookies.length; i++) {
-            var cookie = cookies[i].trim();
-            // Does this cookie string begin with the name we want?
-            if (cookie.substring(0, name.length + 1) === (name + '=')) {
-                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
-                break;
-            }
-        }
-    }
-    return cookieValue;
-}
-
-var csrftoken = getCookie('csrftoken');
-var button = document.getElementById("BUTTON");
-var count = document.getElementById("COUNT");
 
+// when button is clicked submit an empty post request
 button.addEventListener("click", event => {
     button.disabled = true;
-    fetch('/button', {
+    button.classList.add("is-loading");
+    fetch('/button/', {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
@@ -34,7 +20,9 @@ button.addEventListener("click", event => {
             count.innerText = data.pressed;
         }).finally(() => {
             button.disabled = false;
+            button.classList.remove("is-loading");
         });
 });
 
+// when the page is loaded automatically select the button
 button.focus();

ui/static/ui/helper.js

@@ -0,0 +1,16 @@
+// get cookies when fetching with django
+function getCookie(name) {
+    var cookieValue = null;
+    if (document.cookie && document.cookie !== '') {
+        var cookies = document.cookie.split(';');
+        for (var i = 0; i < cookies.length; i++) {
+            var cookie = cookies[i].trim();
+            // Does this cookie string begin with the name we want?
+            if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                break;
+            }
+        }
+    }
+    return cookieValue;
+}

ui/templates/ui/base.html

@@ -5,7 +5,7 @@
 
 <head>
     <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=1">
     <title>The Button</title>
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.8.2/css/bulma.min.css">
     <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>

ui/templates/ui/button.html

@@ -7,10 +7,10 @@
 {% endblock %}
 
 {% block js %}
+<script src="{% static 'ui/helper.js' %}"></script>
 <script src="{% static 'ui/button.js' %}"></script>
 {% endblock %}
 
-
 {% block body %}
 <section class="section">
     <div class="container">

ui/urls.py

@@ -2,5 +2,5 @@ from django.urls import path
 from . import views
 
 urlpatterns = [
-    path('button', views.button, name = 'button'),
+    path('button/', views.button, name = 'button'),
 ]