113 lines
4.1 KiB
YAML
113 lines
4.1 KiB
YAML
name: deploy-trade-r001-canary
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- environments/sol/trade-r001-canary/**
|
|
- .gitea/workflows/deploy-trade-r001-canary.yaml
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
apply:
|
|
runs-on: k3s-deploy
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Materialize kubeconfig
|
|
env:
|
|
K3S_KUBECONFIG_B64: ${{ secrets.K3S_KUBECONFIG_B64 }}
|
|
run: |
|
|
test -n "$K3S_KUBECONFIG_B64"
|
|
printf '%s' "$K3S_KUBECONFIG_B64" | base64 -d >/tmp/kubeconfig
|
|
chmod 600 /tmp/kubeconfig
|
|
|
|
- name: Install kubectl
|
|
run: |
|
|
curl -fsSL -o /tmp/kubectl https://dl.k8s.io/release/v1.34.6/bin/linux/amd64/kubectl
|
|
install -m 0755 /tmp/kubectl /usr/local/bin/kubectl
|
|
kubectl version --client
|
|
|
|
- name: Verify prerequisite secrets
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl -n trade-r001-canary get secret trade-postgres trade-hasura trade-api trade-frontend-tokens trade-basic-auth gitea-registry
|
|
|
|
- name: Recreate bootstrap jobs
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl -n trade-r001-canary delete job postgres-migrate hasura-bootstrap --ignore-not-found=true
|
|
|
|
- name: Apply canary environment
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl apply -k environments/sol/trade-r001-canary
|
|
kubectl get ns trade-r001-canary --show-labels
|
|
kubectl -n trade-r001-canary get svc,resourcequota,limitrange
|
|
|
|
- name: Restart application surface
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl -n trade-r001-canary rollout restart deploy/hasura deploy/trade-api deploy/trade-frontend
|
|
|
|
- name: Wait for database and metadata bootstrap
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl -n trade-r001-canary wait --for=condition=complete job/postgres-migrate --timeout=300s
|
|
kubectl -n trade-r001-canary wait --for=condition=complete job/hasura-bootstrap --timeout=300s
|
|
|
|
- name: Wait for application rollouts
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl -n trade-r001-canary rollout status deploy/hasura --timeout=300s
|
|
kubectl -n trade-r001-canary rollout status deploy/trade-api --timeout=300s
|
|
kubectl -n trade-r001-canary rollout status deploy/trade-frontend --timeout=300s
|
|
kubectl -n trade-r001-canary get deploy,pods -o wide
|
|
|
|
- name: Verify canary namespace connectivity
|
|
env:
|
|
KUBECONFIG: /tmp/kubeconfig
|
|
run: |
|
|
kubectl -n trade-r001-canary delete pod canary-netcheck --ignore-not-found=true
|
|
kubectl -n trade-r001-canary run canary-netcheck \
|
|
--image=python:3.12-alpine \
|
|
--restart=Never \
|
|
--command -- sleep 600
|
|
kubectl -n trade-r001-canary wait --for=condition=Ready pod/canary-netcheck --timeout=180s
|
|
kubectl -n trade-r001-canary exec canary-netcheck -- python - <<'PY'
|
|
import socket
|
|
|
|
targets = [
|
|
("postgres-host.trade-infra.svc.cluster.local", 5432),
|
|
("redis-host.trade-infra.svc.cluster.local", 6379),
|
|
]
|
|
|
|
for host, port in targets:
|
|
with socket.create_connection((host, port), timeout=5):
|
|
print(f"OK {host}:{port}")
|
|
PY
|
|
kubectl -n trade-r001-canary exec canary-netcheck -- python - <<'PY'
|
|
import urllib.request
|
|
|
|
targets = [
|
|
"http://hasura:8080/healthz",
|
|
"http://trade-api:8787/healthz",
|
|
"http://trade-frontend:8081/healthz",
|
|
]
|
|
|
|
for url in targets:
|
|
with urllib.request.urlopen(url, timeout=10) as response:
|
|
if response.status != 200:
|
|
raise SystemExit(f"Unexpected status for {url}: {response.status}")
|
|
print(f"OK {url}")
|
|
PY
|
|
kubectl -n trade-r001-canary delete pod canary-netcheck --wait=true
|