diff --git a/kubernetes/ci.sh b/kubernetes/ci.sh index ec59186..2fdde95 100644 --- a/kubernetes/ci.sh +++ b/kubernetes/ci.sh @@ -1,27 +1,26 @@ buildImages() { echo Logging into Bluemix... - bx api api.ng.bluemix.net - bx login --apikey ${BLUEMIX_APIKEY} + ibmcloud api api.$API_REGION.bluemix.net + ibmcloud login --apikey ${BLUEMIX_API_KEY} - OUT=$(bx cr) + OUT=$(ibmcloud cr) if [ $? -ne 0 ]; then echo "We need the container registry plugin to do this stuff. Grabbing it..." - bx plugin install -f container-registry + ibmcloud plugin install -f container-registry else echo "Container registry plugin is installed." fi echo Configuring Docker for the IBM Container Registry... - bx cr login - - export NAMESPACE=indyworld + ibmcloud cr login echo --------------------------------- echo VON-NETWORK IMAGE echo --------------------------------- - bx cr build -t registry.ng.bluemix.net/$NAMESPACE/von-base ./von-network + ${DOCKER_BUILDER} -t $REGISTRY/von-base ./von-network + docker push $REGISTRY/von-base echo --------------------------------- echo THE ORG BOOK IMAGES @@ -33,27 +32,27 @@ buildImages() { docker build \ https://github.com/bcgov/openshift-solr.git \ - -t $NAMESPACE/solr-base + -t $REG_NAMESPACE/solr-base echo Building solr deployable image... - s2i build ./TheOrgBook/tob-solr/cores $NAMESPACE/solr-base registry.ng.bluemix.net/$NAMESPACE/solr + s2i build ./TheOrgBook/tob-solr/cores $REG_NAMESPACE/solr-base $REGISTRY/solr echo Pushing solr image... - docker push registry.ng.bluemix.net/$NAMESPACE/solr + docker push $REGISTRY/solr echo ** SCHEMA SPY ** echo Building schema-spy image... - docker build -t registry.ng.bluemix.net/$NAMESPACE/schema-spy \ + docker build -t $REGISTRY/schema-spy \ https://github.com/bcgov/SchemaSpy.git echo Pushing the schema-spy image... - docker push registry.ng.bluemix.net/$NAMESPACE/schema-spy + docker push $REGISTRY/schema-spy echo ** TOB WEB ** echo First the nginx-runtime image... - docker build -t $NAMESPACE/nginx-runtime \ + docker build -t $REG_NAMESPACE/nginx-runtime \ -f TheOrgBook/tob-web/openshift/templates/nginx-runtime/Dockerfile \ TheOrgBook/tob-web/openshift/templates/nginx-runtime/ @@ -61,39 +60,39 @@ buildImages() { s2i build -e "NG_BASE_HREF=/" \ -e "TOB_THEME=indy-world" \ TheOrgBook/tob-web centos/nodejs-6-centos7:6 \ - $NAMESPACE/angular-app + $REG_NAMESPACE/angular-app echo And finally the angular-on-nginx image... - docker build --build-arg imagenamespace=$NAMESPACE/ \ - -t registry.ng.bluemix.net/$NAMESPACE/angular-on-nginx \ + docker build --build-arg imagenamespace=$REG_NAMESPACE/ \ + -t $REGISTRY/angular-on-nginx \ -f TheOrgBook/tob-web/openshift/templates/angular-on-nginx/Dockerfile \ TheOrgBook/tob-web/openshift/templates/angular-on-nginx echo And pushing that out... - docker push registry.ng.bluemix.net/$NAMESPACE/angular-on-nginx + docker push $REGISTRY/angular-on-nginx echo ** TOB API ** echo Building the libindy image... - docker build -t $NAMESPACE/libindy \ + docker build -t $REG_NAMESPACE/libindy \ -f TheOrgBook/tob-api/openshift/templates/libindy/Dockerfile \ TheOrgBook/tob-api/openshift/templates/libindy/ echo Building the python-libindy image... - docker build -t $NAMESPACE/python-libindy \ - --build-arg imagenamespace=$NAMESPACE/ \ + docker build -t $REG_NAMESPACE/python-libindy \ + --build-arg imagenamespace=$REG_NAMESPACE/ \ -f TheOrgBook/tob-api/openshift/templates/python-libindy/Dockerfile \ TheOrgBook/tob-api/openshift/templates/python-libindy/ echo Building the tob-api deployable image... s2i build TheOrgBook/tob-api \ - $NAMESPACE/python-libindy \ - registry.ng.bluemix.net/$NAMESPACE/django + $REG_NAMESPACE/python-libindy \ + $REGISTRY/django echo Pushing out the tob-api image... - docker push registry.ng.bluemix.net/$NAMESPACE/django + docker push $REGISTRY/django echo --------------------------------- @@ -102,39 +101,49 @@ buildImages() { echo Building libindy... - docker build -t $NAMESPACE/libindy \ + docker build -t $REG_NAMESPACE/libindy \ -f permitify/docker/libindy/Dockerfile \ permitify/docker/libindy/ echo Building libindy-python... - docker build -t $NAMESPACE/python-libindy \ - --build-arg imagenamespace=$NAMESPACE/ \ + docker build -t $REG_NAMESPACE/python-libindy \ + --build-arg imagenamespace=$REG_NAMESPACE/ \ -f permitify/docker/python-libindy/Dockerfile \ permitify/docker/python-libindy/ echo Building permitify-dmv image... - docker build -t registry.ng.bluemix.net/$NAMESPACE/permitify \ - --build-arg imagenamespace=$NAMESPACE/ \ + docker build -t $REGISTRY/permitify \ + --build-arg imagenamespace=$REG_NAMESPACE/ \ -f permitify/docker/permitify/Dockerfile \ permitify/ echo And pushing it out... - docker push registry.ng.bluemix.net/$NAMESPACE/permitify + docker push $REGISTRY/permitify } deployLatest() { echo Logging into Bluemix ... - bx api api.ng.bluemix.net - bx login --apikey ${BLUEMIX_APIKEY} + ibmcloud api api.$API_REGION.bluemix.net + ibmcloud login --apikey ${BLUEMIX_API_KEY} + ibmcloud cs region-set ${IKS_REGION} - echo Setting up Kubernetes client to use indy world cluster... - $(bx cs cluster-config new-indy-world --export) + echo Setting up Kubernetes client to use $IKS_CLUSTER_NAME cluster for indy world demo... + $(ibmcloud cs cluster-config ${IKS_CLUSTER_NAME} --export) - echo Using bankkyc namespace... - kubectl config set-context $(kubectl config current-context) --namespace=bankkyc + echo Checking for namespace $KUBE_NAMESPACE + if [ -z $(kubectl get namespace | grep ^$KUBE_NAMESPACE -i)] + then + echo "Namespace $KUBE_NAMESPACE does not exist. Creating..." + kubectl create namespace $KUBE_NAMESPACE + else + echo "Namespace $KUBE_NAMESPACE already exists." + fi + + echo Using $KUBE_NAMESPACE namespace... + kubectl config set-context $(kubectl config current-context) --namespace=$KUBE_NAMESPACE echo The currently running pods are... kubectl get pods @@ -145,15 +154,40 @@ deployLatest() { kubectl delete deployments --all echo Deploying von-network... - kubectl apply -f von-network.yml - sleep 30 + # Substitute image registry + sed -e s/\$REGISTRY/$REGISTRY/g \ + von-network.yml | \ + kubectl --namespace $KUBE_NAMESPACE apply -f - + echo "Waiting 120 seconds for containers to complete initialisation" + countdown 120 echo Deploying theorgbook... - kubectl apply -f theorgbook.yml - sleep 45 + sed -e s/\$REGISTRY/$REGISTRY/g \ + theorgbook.yml | \ + kubectl --namespace $KUBE_NAMESPACE apply -f - + echo "Waiting 120 seconds for containers to complete initialisation" + countdown 120 echo Deploying permitify... - kubectl apply -f permitify.yml + sed -e s/\$REGISTRY/$REGISTRY/g \ + -e s/\$INGRESS_SUBDOMAIN/${INGRESS_SUBDOMAIN}/g \ + permitify.yml | \ + kubectl --namespace $KUBE_NAMESPACE apply -f - + + deployIngress + + echo Indy world is deployed to namespace $KUBE_NAMESPACE + echo Please wait a couple of minutes for containers to complete initialisation. +} + +deployIngress() { + + echo Deploying ingress + sed -e s/\$INGRESS_SUBDOMAIN/${INGRESS_SUBDOMAIN}/g \ + -e s/\$TLS_SECRET_NAME/${TLS_SECRET_NAME}/g \ + iks-ingress.yml | \ + kubectl -n $KUBE_NAMESPACE apply -f - + } certs() { @@ -161,16 +195,26 @@ certs() { exit 1 } +countdown() { + secs=$1 + echo "Seconds remaining:" + while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) + done +} usage() { cat <<-EOF Usage: $0 {build|deploy|certs} - build Logs into Bluemix using BLUEMIX_APIKEY environment variable + build Logs into Bluemix using BLUEMIX_API_KEY environment variable and builds all the images in this project. Where possible, it - uses the bx cr command instead of docker build, so as to limit - the amount of disk space used (bx cr images get built on ICS servers) + uses the ibmcloud cr command instead of docker build, so as to + limit the amount of disk space used (ibmcloud cr images get built + on IKS servers) When finished, everything in the namespace for this project should be the latest images built based on master. @@ -183,6 +227,28 @@ usage() { EOF exit 1 +} + +# if Using IBM Container Registry service +#export REG_REGION=au-syd +#export REG_NAMESPACE=iwinoto_ibm +#export REGISTRY=registry.$REG_REGION.bluemix.net/$REG_NAMESPACE +#export DOCKER_BUILDER="ibmcloud cr build" + +# If using Docker hub as image registry +export REG_NAMESPACE=iwinoto +export REGISTRY=$REG_NAMESPACE +export DOCKER_BUILDER="docker build" + +# Region for IBM Cloud api endpoint +export API_REGION=au-syd + +# Parameters for IBM Cloud Kubernetes Service (IKS) +export IKS_REGION=ap-south +export IKS_CLUSTER_NAME=iw-iks-demo +export KUBE_NAMESPACE=bankkyc +export INGRESS_SUBDOMAIN=iw-iks-demo.au-syd.containers.appdomain.cloud +export TLS_SECRET_NAME=iw-iks-demo case "$1" in build) @@ -191,6 +257,9 @@ case "$1" in deploy) deployLatest ;; + ingress) + deployIngress + ;; certs) certs ;; diff --git a/kubernetes/iks-ingress.yml b/kubernetes/iks-ingress.yml new file mode 100644 index 0000000..1a47563 --- /dev/null +++ b/kubernetes/iks-ingress.yml @@ -0,0 +1,84 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: indyworld-ingress + annotations: + ingress.bluemix.net/redirect-to-https: "True" + ingress.kubernetes.io/rewrite-target: / +spec: + tls: + - hosts: + - indyworld.$INGRESS_SUBDOMAIN + - indyworld-von-web.$INGRESS_SUBDOMAIN + - indyworld-api.$INGRESS_SUBDOMAIN + - indyworld-schema-spy.$INGRESS_SUBDOMAIN + - indyworld-person.$INGRESS_SUBDOMAIN + - indyworld-faber.$INGRESS_SUBDOMAIN + - indyworld-acme-corp.$INGRESS_SUBDOMAIN + - indyworld-acme-corp-apply.$INGRESS_SUBDOMAIN + - indyworld-thrift.$INGRESS_SUBDOMAIN + secretName: $TLS_SECRET_NAME + rules: + - host: indyworld.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: tob-web + servicePort: 8080 + - host: indyworld-api.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: tob-api + servicePort: 8080 + - host: indyworld-von-web.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: von-web + servicePort: 8000 + - host: indyworld-schema-spy.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: schema-spy + servicePort: 8080 + - host: indyworld-person.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: person + servicePort: 8080 + - host: indyworld-faber.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: faber + servicePort: 8080 + - host: indyworld-acme-corp.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: acme-corp + servicePort: 8080 + - host: indyworld-acme-corp-apply.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: acme-corp-apply + servicePort: 8080 + - host: indyworld-thrift.$INGRESS_SUBDOMAIN + http: + paths: + - path: / + backend: + serviceName: thrift-bank + servicePort: 8080 diff --git a/kubernetes/permitify.yml b/kubernetes/permitify.yml index a0a2870..84c2bbd 100644 --- a/kubernetes/permitify.yml +++ b/kubernetes/permitify.yml @@ -15,7 +15,7 @@ spec: - name: bluemix-default-secret containers: - name: person - image: registry.ng.bluemix.net/indyworld/permitify + image: $REGISTRY/permitify resources: requests: cpu: 100m @@ -34,7 +34,7 @@ spec: - name: THE_ORG_BOOK_API_URL value: http://tob-api:8080/api/v1 - name: THE_ORG_BOOK_APP_URL - value: https://indyworld.vcreds.org + value: https://indyworld.$INGRESS_SUBDOMAIN - name: TEMPLATE_NAME value: person - name: INDY_WALLET_SEED @@ -48,7 +48,7 @@ spec: - name: LEDGER_URL value: http://von-web:8000 - name: APPLICATION_URL - value: https://indyworld-person.vcreds.org + value: https://indyworld-person.$INGRESS_SUBDOMAIN --- apiVersion: v1 kind: Service @@ -78,7 +78,7 @@ spec: - name: bluemix-default-secret containers: - name: dmv - image: registry.ng.bluemix.net/indyworld/permitify + image: $REGISTRY/permitify resources: requests: cpu: 100m @@ -97,7 +97,7 @@ spec: - name: THE_ORG_BOOK_API_URL value: http://tob-api:8080/api/v1 - name: THE_ORG_BOOK_APP_URL - value: https://indyworld.vcreds.org + value: https://indyworld.$INGRESS_SUBDOMAIN - name: TEMPLATE_NAME value: faber_college - name: INDY_WALLET_SEED @@ -111,7 +111,7 @@ spec: - name: LEDGER_URL value: http://von-web:8000 - name: APPLICATION_URL - value: https://indyworld-faber.vcreds.org + value: https://indyworld-faber.$INGRESS_SUBDOMAIN --- apiVersion: v1 kind: Service @@ -141,7 +141,7 @@ spec: - name: bluemix-default-secret containers: - name: thrift-bank - image: registry.ng.bluemix.net/indyworld/permitify + image: $REGISTRY/permitify resources: requests: cpu: 100m @@ -160,7 +160,7 @@ spec: - name: THE_ORG_BOOK_API_URL value: http://tob-api:8080/api/v1 - name: THE_ORG_BOOK_APP_URL - value: https://indyworld.vcreds.org + value: https://indyworld.$INGRESS_SUBDOMAIN - name: TEMPLATE_NAME value: acme_corp - name: INDY_WALLET_SEED @@ -174,7 +174,7 @@ spec: - name: LEDGER_URL value: http://von-web:8000 - name: APPLICATION_URL - value: https://indyworld-acme-corp.vcreds.org + value: https://indyworld-acme-corp.$INGRESS_SUBDOMAIN --- apiVersion: v1 kind: Service @@ -204,7 +204,7 @@ spec: - name: bluemix-default-secret containers: - name: thrift-bank - image: registry.ng.bluemix.net/indyworld/permitify + image: $REGISTRY/permitify resources: requests: cpu: 100m @@ -223,7 +223,7 @@ spec: - name: THE_ORG_BOOK_API_URL value: http://tob-api:8080/api/v1 - name: THE_ORG_BOOK_APP_URL - value: https://indyworld.vcreds.org + value: https://indyworld.$INGRESS_SUBDOMAIN - name: TEMPLATE_NAME value: acme_corp_apply - name: INDY_WALLET_SEED @@ -237,7 +237,7 @@ spec: - name: LEDGER_URL value: http://von-web:8000 - name: APPLICATION_URL - value: https://indyworld-acme-corp-apply.vcreds.org + value: https://indyworld-acme-corp-apply.$INGRESS_SUBDOMAIN --- apiVersion: v1 kind: Service @@ -267,7 +267,7 @@ spec: - name: bluemix-default-secret containers: - name: thrift-bank - image: registry.ng.bluemix.net/indyworld/permitify + image: $REGISTRY/permitify resources: requests: cpu: 100m @@ -286,7 +286,7 @@ spec: - name: THE_ORG_BOOK_API_URL value: http://tob-api:8080/api/v1 - name: THE_ORG_BOOK_APP_URL - value: https://indyworld.vcreds.org + value: https://indyworld.$INGRESS_SUBDOMAIN - name: TEMPLATE_NAME value: thrift_bank - name: INDY_WALLET_SEED @@ -300,7 +300,7 @@ spec: - name: LEDGER_URL value: http://von-web:8000 - name: APPLICATION_URL - value: https://indyworld-thrift.vcreds.org + value: https://indyworld-thrift.$INGRESS_SUBDOMAIN --- apiVersion: v1 kind: Service diff --git a/kubernetes/theorgbook.yml b/kubernetes/theorgbook.yml index aaa5285..859c6f3 100644 --- a/kubernetes/theorgbook.yml +++ b/kubernetes/theorgbook.yml @@ -57,7 +57,7 @@ spec: - name: bluemix-default-secret containers: - name: tob-solr - image: registry.ng.bluemix.net/indyworld/solr + image: $REGISTRY/solr resources: requests: cpu: 100m @@ -97,7 +97,7 @@ spec: - name: bluemix-default-secret containers: - name: tob-api - image: registry.ng.bluemix.net/indyworld/django + image: $REGISTRY/django resources: requests: cpu: 100m @@ -166,7 +166,7 @@ spec: - name: bluemix-default-secret containers: - name: tob-web - image: registry.ng.bluemix.net/indyworld/angular-on-nginx + image: $REGISTRY/angular-on-nginx resources: requests: cpu: 100m @@ -214,7 +214,7 @@ spec: - name: bluemix-default-secret containers: - name: schema-spy - image: registry.ng.bluemix.net/indyworld/schema-spy + image: $REGISTRY/schema-spy resources: requests: cpu: 100m diff --git a/kubernetes/von-network.yml b/kubernetes/von-network.yml index db9270f..06b8f6f 100644 --- a/kubernetes/von-network.yml +++ b/kubernetes/von-network.yml @@ -28,7 +28,7 @@ spec: - name: von-web command: ["bash", "-c", "sleep 5 && ./scripts/start_webserver.sh"] - image: registry.ng.bluemix.net/indyworld/von-base + image: $REGISTRY/von-base resources: requests: cpu: 100m @@ -50,7 +50,7 @@ spec: - name: node-4-volume mountPath: /home/indy/.mnt/node4 - name: node-1 - image: registry.ng.bluemix.net/indyworld/von-base + image: $REGISTRY/von-base command: ["bash", "-c", "./scripts/start_node.sh; sleep 3000"] resources: @@ -75,7 +75,7 @@ spec: - name: node-1-volume mountPath: /var/lib/indy - name: node-2 - image: registry.ng.bluemix.net/indyworld/von-base + image: $REGISTRY/von-base command: ["bash", "-c", "./scripts/start_node.sh; sleep 3000"] resources: @@ -100,7 +100,7 @@ spec: - name: node-2-volume mountPath: /var/lib/indy - name: node-3 - image: registry.ng.bluemix.net/indyworld/von-base + image: $REGISTRY/von-base command: ["bash", "-c", "./scripts/start_node.sh; sleep 3000"] resources: @@ -125,7 +125,7 @@ spec: - name: node-3-volume mountPath: /var/lib/indy - name: node-4 - image: registry.ng.bluemix.net/indyworld/von-base + image: $REGISTRY/von-base command: ["bash", "-c", "./scripts/start_node.sh; sleep 3000"] resources: