diff --git a/infra/Jenkinsfile b/infra/Jenkinsfile index d45448900..6f05d53c1 100644 --- a/infra/Jenkinsfile +++ b/infra/Jenkinsfile @@ -1,6 +1,10 @@ pipeline { agent any + environment { + ACR_SECRET = credentials('acr-auth') + } + stages { stage('init') { steps { @@ -11,13 +15,15 @@ pipeline { stage('init_and_plan') { steps { dir('infra/terraform') { - sh "terraform init" withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp', subscriptionIdVariable: 'ARM_SUBSCRIPTION_ID', clientIdVariable: 'ARM_CLIENT_ID', clientSecretVariable: 'ARM_CLIENT_SECRET', - tenantIdVariable: 'ARM_TENANT_ID')]) { - sh "terraform plan -out=plan" + tenantIdVariable: 'ARM_TENANT_ID'), + azureStorage(credentialsId: 'jenkins-storage', + storageAccountKeyVariable: 'ARM_ACCESS_KEY')]) { + sh "terraform init" + sh "terraform plan -out=plan -var 'client_id=$ARM_CLIENT_ID' -var 'client_secret=$ARM_CLIENT_SECRET'" } } } @@ -30,8 +36,11 @@ pipeline { subscriptionIdVariable: 'ARM_SUBSCRIPTION_ID', clientIdVariable: 'ARM_CLIENT_ID', clientSecretVariable: 'ARM_CLIENT_SECRET', - tenantIdVariable: 'ARM_TENANT_ID')]) { - sh 'terraform apply plan' + tenantIdVariable: 'ARM_TENANT_ID'), + azureStorage(credentialsId: 'jenkins-storage', + storageAccountKeyVariable: 'ARM_ACCESS_KEY')]) { + sh "terraform apply plan" + sh "terraform output kube_config > ~/.kube/config" } } } @@ -39,14 +48,15 @@ pipeline { stage('setup_aks') { steps { - withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp', - subscriptionIdVariable: 'AZURE_SUBSCRIPTION_ID', - clientIdVariable: 'AZURE_CLIENT_ID', - clientSecretVariable: 'AZURE_SECRET', - tenantIdVariable: 'AZURE_TENANT')]) { - ansiblePlaybook installation: 'ansible', - playbook: 'infra/ansible/setenv.yaml' - } + echo "$ACR_SECRET" + withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp', + subscriptionIdVariable: 'AZURE_SUBSCRIPTION_ID', + clientIdVariable: 'AZURE_CLIENT_ID', + clientSecretVariable: 'AZURE_SECRET', + tenantIdVariable: 'AZURE_TENANT')]) { + ansiblePlaybook installation: 'ansible', + playbook: 'infra/ansible/setenv.yaml' + } } } } diff --git a/infra/ansible/production/main.yaml b/infra/ansible/production/main.yaml new file mode 100644 index 000000000..18a4528b7 --- /dev/null +++ b/infra/ansible/production/main.yaml @@ -0,0 +1,14 @@ +- name: deploy staging environment + hosts: localhost + connection: local + vars: + resource_group: azure-k8stest + tasks: + - name: apply deployment + k8s: + state: present + src: ../../kube/workloads/production/deployment.yaml + - name: apply service + k8s: + state: present + src: ../../kube/workloads/production/service.yaml diff --git a/infra/ansible/setenv.yaml b/infra/ansible/setenv.yaml index be16eef5c..eb4a61c68 100644 --- a/infra/ansible/setenv.yaml +++ b/infra/ansible/setenv.yaml @@ -12,3 +12,11 @@ k8s: state: present src: ../kube/namespaces/production.yaml + - name: Create staging ACR secret + k8s: + state: present + src: ../kube/secrets/production-registry.yaml + - name: Create production ACR secret + k8s: + state: present + src: ../kube/secrets/staging-registry.yaml diff --git a/infra/kube/Jenkinsfile b/infra/kube/Jenkinsfile index 74d4755ec..e30d55066 100644 --- a/infra/kube/Jenkinsfile +++ b/infra/kube/Jenkinsfile @@ -2,10 +2,21 @@ pipeline { agent any stages { + stage('init') { + steps { + git url: "git@github.com:azure-devops/spring-petclinic.git", + credentialsId: "github_ssh_key", + branch: "ignite" - stage('deploy') { - environment { - sha = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim() + script { + env.SHA = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim() + } + } + } + + stage('deploy to staging') { + when { + changeset "infra/kube/workloads/staging/*" } steps { @@ -19,5 +30,22 @@ pipeline { } } } + + stage('deploy to production') { + when { + changeset "infra/kube/workloads/production/*" + } + + steps { + withCredentials([azureServicePrincipal(credentialsId: 'jenkins-sp', + subscriptionIdVariable: 'AZURE_SUBSCRIPTION_ID', + clientIdVariable: 'AZURE_CLIENT_ID', + clientSecretVariable: 'AZURE_SECRET', + tenantIdVariable: 'AZURE_TENANT')]) { + ansiblePlaybook installation: 'ansible', + playbook: 'infra/ansible/production/main.yaml' + } + } + } } } diff --git a/infra/kube/secrets/production-registry.yaml b/infra/kube/secrets/production-registry.yaml new file mode 100644 index 000000000..ebb7e9d86 --- /dev/null +++ b/infra/kube/secrets/production-registry.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: acr-secret + namespace: production +data: + .dockerconfigjson: "{{ lookup('env', 'ACR_SECRET') }}" +type: kubernetes.io/dockerconfigjson diff --git a/infra/kube/secrets/staging-registry.yaml b/infra/kube/secrets/staging-registry.yaml new file mode 100644 index 000000000..eddc74ba0 --- /dev/null +++ b/infra/kube/secrets/staging-registry.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: acr-secret + namespace: staging +data: + .dockerconfigjson: "{{ lookup('env', 'ACR_SECRET') }}" +type: kubernetes.io/dockerconfigjson diff --git a/infra/kube/workloads/production/deployment.yaml b/infra/kube/workloads/production/deployment.yaml index 41edb5354..2da8855a1 100644 --- a/infra/kube/workloads/production/deployment.yaml +++ b/infra/kube/workloads/production/deployment.yaml @@ -12,12 +12,12 @@ spec: metadata: labels: app: pet-clinic - version: v0.0.0 + version: v0.0.1 spec: containers: - name: pet-clinic - image: "jenkinsdemosacr.azurecr.io/pet-clinic:v0.0.0" + image: "jenkinsdemosacr.azurecr.io/pet-clinic:v0.0.1" ports: - containerPort: 8080 imagePullSecrets: diff --git a/infra/kube/workloads/production/service.yaml b/infra/kube/workloads/production/service.yaml index e4b19f7ac..5d87d31c0 100644 --- a/infra/kube/workloads/production/service.yaml +++ b/infra/kube/workloads/production/service.yaml @@ -4,11 +4,11 @@ metadata: name: pet-clinic namespace: production labels: - version: v0.0.0 + version: v0.0.1 spec: selector: app: auth-service - version: v0.0.0 + version: v0.0.1 ports: - port: 80 targetPort: 8080 diff --git a/infra/terraform/main.tf b/infra/terraform/main.tf index 798ff5497..1a06f25af 100644 --- a/infra/terraform/main.tf +++ b/infra/terraform/main.tf @@ -3,4 +3,9 @@ provider "azurerm" { } terraform { + backend "azurerm" { + storage_account_name = "jenkinsdemo1" + container_name = "tfstate" + key = "terraform.tfstate" + } } diff --git a/infra/terraform/output.tf b/infra/terraform/output.tf index 3aa3b154f..b9f834bd6 100644 --- a/infra/terraform/output.tf +++ b/infra/terraform/output.tf @@ -1,27 +1,27 @@ output "client_key" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_key}" + value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key } output "client_certificate" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate}" + value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate } output "cluster_ca_certificate" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate}" + value = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate } output "cluster_username" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.username}" + value = azurerm_kubernetes_cluster.k8s.kube_config[0].username } output "cluster_password" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.password}" + value = azurerm_kubernetes_cluster.k8s.kube_config[0].password } output "kube_config" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config_raw}" + value = azurerm_kubernetes_cluster.k8s.kube_config_raw } output "host" { - value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}" + value = azurerm_kubernetes_cluster.k8s.kube_config[0].host } diff --git a/infra/terraform/variables.tf b/infra/terraform/variables.tf index 69932ea6c..9a9286a2d 100644 --- a/infra/terraform/variables.tf +++ b/infra/terraform/variables.tf @@ -1,8 +1,8 @@ variable "client_id" { - default = "764b3430-7053-4520-bbba-d74b8df5270c" + default = "" } variable "client_secret" { - default = "Z.4tiyJc/l]ahAi:XKI2Ox3xg5UXWXdC" + default = "" } variable "agent_count" {