Switch deployment from kubectl to SSH for EC certificate compatibility
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m33s
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m33s
K3s uses EC certificates which CI kubectl cannot parse. Deploy via SSH to server where local kubectl works natively. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
ecde54b8d8
commit
cc8cfe60cf
@ -47,46 +47,48 @@ jobs:
|
|||||||
--tag ${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-web:latest \
|
--tag ${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-web:latest \
|
||||||
./web 2>&1 | tee -a /tmp/build.log
|
./web 2>&1 | tee -a /tmp/build.log
|
||||||
|
|
||||||
- name: Setup Kubectl
|
- name: Setup SSH
|
||||||
run: |
|
run: |
|
||||||
curl -LO "https://dl.k8s.io/release/v1.34.1/bin/linux/amd64/kubectl" || \
|
mkdir -p ~/.ssh
|
||||||
curl -LO "https://cdn.dl.k8s.io/release/v1.34.1/bin/linux/amd64/kubectl"
|
echo "${{ secrets.K3S_SSH_KEY }}" > ~/.ssh/id_rsa
|
||||||
chmod +x kubectl
|
chmod 600 ~/.ssh/id_rsa
|
||||||
mv kubectl /usr/local/bin/
|
ssh-keyscan -H ${{ secrets.K3S_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||||
|
|
||||||
- name: Deploy to K3s
|
- name: Deploy to K3s via SSH
|
||||||
run: |
|
|
||||||
mkdir -p ~/.kube
|
|
||||||
echo "${{ secrets.KUBE_CONFIG_K3S }}" > ~/.kube/config
|
|
||||||
|
|
||||||
- name: Create or Update Secrets
|
|
||||||
run: |
|
|
||||||
kubectl create secret generic video-backend-secrets \
|
|
||||||
--from-literal=ARK_API_KEY=${{ secrets.ARK_API_KEY }} \
|
|
||||||
--from-literal=TOS_ACCESS_KEY=${{ secrets.TOS_ACCESS_KEY }} \
|
|
||||||
--from-literal=TOS_SECRET_KEY=${{ secrets.TOS_SECRET_KEY }} \
|
|
||||||
--from-literal=DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} \
|
|
||||||
--from-literal=DB_HOST=${{ secrets.DB_HOST }} \
|
|
||||||
--from-literal=DB_USER=${{ secrets.DB_USER }} \
|
|
||||||
--from-literal=DB_PASSWORD=${{ secrets.DB_PASSWORD }} \
|
|
||||||
--dry-run=client -o yaml | kubectl apply -f -
|
|
||||||
|
|
||||||
- name: Apply K8s Manifests
|
|
||||||
id: deploy
|
id: deploy
|
||||||
run: |
|
run: |
|
||||||
# Replace image placeholders
|
SWR_IMAGE="${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}"
|
||||||
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-backend:latest|g" k8s/backend-deployment.yaml
|
|
||||||
sed -i "s|\${CI_REGISTRY_IMAGE}/video-web:latest|${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-web:latest|g" k8s/web-deployment.yaml
|
|
||||||
|
|
||||||
# Apply all manifests (cert-manager & issuer already installed on cluster)
|
# Replace image placeholders in yaml files
|
||||||
|
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${SWR_IMAGE}/video-backend:latest|g" k8s/backend-deployment.yaml
|
||||||
|
sed -i "s|\${CI_REGISTRY_IMAGE}/video-web:latest|${SWR_IMAGE}/video-web:latest|g" k8s/web-deployment.yaml
|
||||||
|
|
||||||
|
# Copy k8s manifests to server
|
||||||
|
scp -o StrictHostKeyChecking=no k8s/backend-deployment.yaml k8s/web-deployment.yaml k8s/ingress.yaml root@${{ secrets.K3S_HOST }}:/tmp/
|
||||||
|
|
||||||
|
# Create/update secrets and apply manifests on server
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
{
|
ssh -o StrictHostKeyChecking=no root@${{ secrets.K3S_HOST }} << ENDSSH
|
||||||
kubectl apply -f k8s/backend-deployment.yaml
|
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
|
||||||
kubectl apply -f k8s/web-deployment.yaml
|
|
||||||
kubectl apply -f k8s/ingress.yaml
|
kubectl create secret generic video-backend-secrets \
|
||||||
|
--from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \
|
||||||
|
--from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \
|
||||||
|
--from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \
|
||||||
|
--from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \
|
||||||
|
--from-literal=DB_HOST='${{ secrets.DB_HOST }}' \
|
||||||
|
--from-literal=DB_USER='${{ secrets.DB_USER }}' \
|
||||||
|
--from-literal=DB_PASSWORD='${{ secrets.DB_PASSWORD }}' \
|
||||||
|
--dry-run=client -o yaml | kubectl apply -f -
|
||||||
|
|
||||||
|
kubectl apply -f /tmp/backend-deployment.yaml
|
||||||
|
kubectl apply -f /tmp/web-deployment.yaml
|
||||||
|
kubectl apply -f /tmp/ingress.yaml
|
||||||
kubectl rollout restart deployment/video-backend
|
kubectl rollout restart deployment/video-backend
|
||||||
kubectl rollout restart deployment/video-web
|
kubectl rollout restart deployment/video-web
|
||||||
} 2>&1 | tee /tmp/deploy.log
|
|
||||||
|
rm -f /tmp/backend-deployment.yaml /tmp/web-deployment.yaml /tmp/ingress.yaml
|
||||||
|
ENDSSH
|
||||||
|
|
||||||
# ===== Log Center: failure reporting =====
|
# ===== Log Center: failure reporting =====
|
||||||
- name: Report failure to Log Center
|
- name: Report failure to Log Center
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user