Commit 3f535d7c authored by Dan Thomson's avatar Dan Thomson

Merge branch 'refactor' into 'master'

Refactor

See merge request !2
parents e4f38d47 35608876
Pipeline #27692 passed with stages
in 7 seconds
stages:
- test
- show_results
- deploy
- cleanup
variables:
NAMESPACE: "${CI_PROJECT_NAME}-${CI_PIPELINE_ID}"
DEPLOYMENT_NAME: "${CI_PROJECT_NAME}-${CI_PIPELINE_ID}"
REGISTRY_HOSTNAME: kube-registry.triumf.ca
REGISTRY_YAML: registry-values.yaml
cleanup:
stage: cleanup
tags:
- minikube-runner
script:
- rm -f $REGISTRY_YAML
- helm delete "${DEPLOYMENT_NAME}" || true
- kubectl delete namespace "${NAMESPACE}" || true
when: always
test_lint:
- release
include:
- project: "gitlab/ci/templates"
ref: "master"
file: "k8s/HelmLint.gitlab-ci.yml"
- project: "gitlab/ci/templates"
ref: "master"
file: "k8s/HelmKubeval.gitlab-ci.yml"
- project: "gitlab/ci/templates"
ref: "master"
file: "k8s/HelmTag.gitlab-ci.yml"
lint:
extends: .helm_lint
stage: test
image:
name: alpine/helm
entrypoint: ["/bin/sh", "-c"]
tags:
- docker-runner
script:
- helm lint .
test_deploy:
kubeval:
extends: .helm_kubeval
stage: test
tags:
- minikube-runner
script:
- |
echo -e "registry:\n name: ${CI_REGISTRY}\n user: gitlab-ci-token\n password: ${CI_JOB_TOKEN}\n" > $REGISTRY_YAML
- set -ev
- |
if ! ls tests; then
exit 0
fi
# We now need to create a namespace before deployment with Helm version 3+
- |
for i in tests/*.yaml; do
echo "Installing test config $i"
kubectl create namespace "${NAMESPACE}"
helm upgrade --install --namespace=$NAMESPACE "${DEPLOYMENT_NAME}" --wait \
-f $REGISTRY_YAML \
-f $i \
--set "imagePullPolicy=Always" \
--set "cpuLimit=null" \
--set "memoryLimit=null" .
ENDPOINTS=$(kubectl --namespace=$NAMESPACE describe services "${DEPLOYMENT_NAME}" | grep Endpoints:|sed 's/Endpoint:\s+//')
if [ -z "${ENDPOINTS}" ] || [ "${ENDPOINTS}" = "<none>" ]; then
echo "Samba service has no valid endpoints!"
exit 1
fi
helm delete "${DEPLOYMENT_NAME}" || true
kubectl delete namespace "${NAMESPACE}"
done
after_script:
- |
if helm delete "${DEPLOYMENT_NAME}"; then
echo "Helm deployment ${DEPLOYMENT_NAME} not deleted"
fi
only:
- master
- branches
display_state:
stage: show_results
tags:
- minikube-runner
script:
- helm list
- kubectl --namespace=$NAMESPACE get pods
- kubectl --namespace=$NAMESPACE describe pods
- kubectl --namespace=$NAMESPACE get cm -o yaml
- |
for p in $(kubectl --namespace=$NAMESPACE get pods -l app=glassfish -o jsonpath='{.items[*].metadata.name}'); do
kubectl --namespace=$NAMESPACE logs $p || true
done
when: on_failure
- docker-runner
trigger_build:
stage: deploy
release:
extends: .helm_tag
stage: release
tags:
- docker-runner
script:
- |
if [ ! -z "${PUBLIC_CHARTS_PIPELINE_TOKEN}" ] ; then
curl -X POST -F token="${PUBLIC_CHARTS_PIPELINE_TOKEN}" -F ref="master" https://gitlab.triumf.ca/api/v4/projects/374/trigger/pipeline
fi
only:
- tags
---
apiVersion: v1
name: samba-ad-dc
version: 0.0.2
version: "0.0.3"
appVersion: "4.5.16"
description: Samba Active Directory Domain Controller Deployment
maintainers:
- name: Dan Thomson
......
......@@ -5,14 +5,20 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- define "samba-ad-dc.fullname" -}}
{{- printf "%s" (default .Chart.Name .Values.nameOverride | trunc 64 | trimSuffix "-") -}}
{{- end -}}
{{/*
Helper function to combine registry authentication values into an appropriate Secret object
*/}}
{{- define "imagePullSecret" }}
{{- define "samba-ad-dc.imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.registry.name (printf "%s:%s" .Values.registry.user .Values.registry.password | b64enc) | b64enc }}
{{- end }}
{{/*
Helper function for printing the full Docker image path from values
*/}}
{{- define "samba-ad-dc.image" }}
{{- printf "%s/%s:%s" (.Values.image.registry | default "docker.io") .Values.image.repository .Values.image.tag }}
{{- end }}
......@@ -2,7 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "fullname" . }}
name: {{ template "samba-ad-dc.fullname" . }}
data:
ad.domain: {{ .Values.ad.domain }}
ad.realm: {{ .Values.ad.realm }}
......
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
namespace: {{ .Release.Namespace }}
name: {{ template "samba-ad-dc.fullname" . }}
labels:
app: samba-ad-dc
triumf.ca/ad-domain: {{ .Values.ad.domain | quote }}
......@@ -22,52 +21,45 @@ spec:
spec:
{{- if and .Values.registry.password .Values.registry.user | and .Values.registry.name }}
imagePullSecrets:
- name: {{ template "fullname" . }}-imagepull
- name: {{ template "samba-ad-dc.fullname" . }}-imagepull
{{- end }}
containers:
- name: samba-ad-dc
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
image: {{ include "samba-ad-dc.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: AD_DISABLE_STRONG_AUTH
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}
key: ad.disableStrongAuth
- name: AD_HOST_NAME
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}
key: ad.hostName
- name: AD_HOST_IP
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}
key: ad.hostIP
- name: AD_DOMAIN
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}
key: ad.domain
- name: AD_REALM
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}
key: ad.realm
- name: AD_RFC2307
valueFrom:
configMapKeyRef:
name: {{ template "fullname" . }}
key: ad.rfc2307
resources:
{{- if or .Values.cpuLimit .Values.memoryLimit }}
limits:
{{- if .Values.cpuLimit }}
cpu: {{ .Values.cpuLimit }}
{{- end }}
{{- if .Values.memoryLimit }}
memory: {{ .Values.memoryLimit }}
{{- end }}
- name: AD_DISABLE_STRONG_AUTH
valueFrom:
configMapKeyRef:
name: {{ template "samba-ad-dc.fullname" . }}
key: ad.disableStrongAuth
- name: AD_HOST_NAME
valueFrom:
configMapKeyRef:
name: {{ template "samba-ad-dc.fullname" . }}
key: ad.hostName
- name: AD_HOST_IP
valueFrom:
configMapKeyRef:
name: {{ template "samba-ad-dc.fullname" . }}
key: ad.hostIP
- name: AD_DOMAIN
valueFrom:
configMapKeyRef:
name: {{ template "samba-ad-dc.fullname" . }}
key: ad.domain
- name: AD_REALM
valueFrom:
configMapKeyRef:
name: {{ template "samba-ad-dc.fullname" . }}
key: ad.realm
- name: AD_RFC2307
valueFrom:
configMapKeyRef:
name: {{ template "samba-ad-dc.fullname" . }}
key: ad.rfc2307
{{- with .Values.resources }}
resources: {{ . | toYaml | nindent 12 }}
{{- end }}
ports:
- containerPort: 389
......@@ -114,6 +106,7 @@ spec:
if [ $AD_DISABLE_STRONG_AUTH = "yes" ] && ! grep -q 'ldap server require strong auth = no' /etc/samba/smb.conf; then
sed -i 's/\[global\]/[global]\n\tldap server require strong auth = no/' /etc/samba/smb.conf
samba-tool domain passwordsettings set --complexity=off
fi
for nfile in $(find /var/lib/newusers -maxdepth 1 \( -type f -o -type l \) -iregex '^/var/lib/newusers/newusers[0-9]+$'); do
......@@ -123,10 +116,6 @@ spec:
fi
done
# if [ -f /newusers ] && [ "$(stat --printf='%s' /newusers)" -gt 0 ]; then
# /create-users.sh /newusers
# fi
exec /usr/sbin/samba -i </dev/null
volumeMounts:
- name: samba-data
......@@ -137,10 +126,10 @@ spec:
- name: samba-data
{{- if and .Values.persistence.enabled .Values.persistence.storageClass | and .Values.persistence.size }}
persistentVolumeClaim:
claimName: {{ template "fullname" . }}
claimName: {{ template "samba-ad-dc.fullname" . }}
{{- else }}
emptyDir: {}
{{- end }}
- name: newusers
secret:
secretName: {{ template "fullname" . }}-newusers
secretName: {{ template "samba-ad-dc.fullname" . }}-newusers
{{- if and .Values.registry.user .Values.registry.password | and .Values.registry.name }}
{{- if and .Values.image.registryUser .Values.image.registryPassword | and .Values.image.repository }}
---
apiVersion: v1
metadata:
name: {{ template "fullname" . }}-imagepull
name: {{ template "samba-ad-dc.fullname" . }}-imagepull
namespace: {{ .Release.Namespace }}
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
.dockerconfigjson: {{ template "samba-ad-dc.imagePullSecret" . }}
kind: Secret
type: kubernetes.io/dockerconfigjson
{{- end }}
---
apiVersion: v1
metadata:
name: {{ template "fullname" . }}
name: {{ template "samba-ad-dc.fullname" . }}
data:
adminPassword: {{ printf "%s" (default "" .Values.adminPassword) | quote | b64enc }}
kind: Secret
......@@ -31,7 +31,7 @@ in a base64 encoded secret.
*/}}
apiVersion: v1
metadata:
name: {{ template "fullname" . }}-newusers
name: {{ template "samba-ad-dc.fullname" . }}-newusers
data:
{{ range $idx, $user := .Values.newUsers }}
newusers{{ $idx }}: {{ printf "%s:%s\n" $user.username $user.password | b64enc }}
......
---
kind: Service
apiVersion: v1
metadata:
name: {{ template "fullname" . }}
name: {{ template "samba-ad-dc.fullname" . }}
labels:
app: samba-ad-dc
triumf.ca/ad-domain: {{ .Values.ad.domain | quote }}
......@@ -10,12 +11,11 @@ spec:
app: samba-ad-dc
triumf.ca/ad-domain: {{ .Values.ad.domain | quote }}
ports:
- name: ldap
protocol: TCP
port: 389
targetPort: 389
- name: ldaps
protocol: TCP
port: 686
targetPort: 686
---
- name: ldap
protocol: TCP
port: 389
targetPort: 389
- name: ldaps
protocol: TCP
port: 686
targetPort: 686
image: samba-ad-dc
imageTag: latest
cpuLimit: 500m
memoryLimit: 1Gi
---
image:
registry: registry.triumf.ca
repository: docker/samba-ad-dc
tag: latest
registryUser: null
registryPassword: null
resources:
limits:
cpu: 500m
memory: 1Gi
adminPassword: null
persistence:
enabled: false
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment