Minimize difference between prod and preprod manifest trees

Author: lottspot

.github/workflows/deploy.yml

@@ -24,6 +24,11 @@ jobs:
         with:
           args: apply -f k8s/app.yaml
 
+      - name: Sync prod resources
+        uses: steebchen/[email protected]
+        with:
+          args: apply -Rf k8s.prod
+
       - name: Wait for deploy to complete
         uses: steebchen/[email protected]
         with:

.github/workflows/dockerpublish.yml

@@ -99,6 +99,11 @@ jobs:
         with:
           args: apply -f k8s/app.yaml
 
+      - name: Sync preprod resources
+        uses: steebchen/[email protected]
+        with:
+          args: apply -Rf k8s.preprod
+
       - name: Wait for deploy to complete
         uses: steebchen/[email protected]
         with:

k8s-preprod/app.yaml renamed to k8s.preprod/app-ingress.yaml

@@ -1,56 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: chime
-
----
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: chime
-  namespace: chime
-  labels:
-    app: chime
-spec:
-  replicas: 15
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: chime
-  template:
-    metadata:
-      labels:
-        app: chime
-    spec:
-      containers:
-      - image: docker.pkg.github.com/codeforphilly/chime/penn-chime:0.4.1
-        name: chime
-        ports:
-        - containerPort: 8000
-          name: http
-          protocol: TCP
-      imagePullSecrets:
-      - name: regcred
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: chime
-  namespace: chime
-  labels:
-    app: chime
-spec:
-  selector:
-    app: chime
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 8000
-
 ---
 
 apiVersion: extensions/v1beta1
@@ -63,12 +10,12 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: nginx
     certmanager.k8s.io/cluster-issuer: letsencrypt-prod
+    # allow requests larger than 1MiB
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
 spec:
   tls:
   - hosts:
     - penn-chime.bus.phl.io
-    - penn-chime-alt.bus.phl.io
     secretName: tls-secret
   rules:
   - host: penn-chime.bus.phl.io
@@ -78,6 +25,25 @@ spec:
         backend:
           serviceName: chime
           servicePort: 80
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: chime-alt
+  namespace: chime
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
+    # allow requests larger than 1MiB
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  tls:
+  - hosts:
+    - penn-chime-alt.bus.phl.io
+    secretName: tls-chime-alt
+  rules:
   - host: penn-chime-alt.bus.phl.io
     http:
       paths:

k8s.prod/app-ingress.yaml

@@ -0,0 +1,89 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: chime
+  namespace: chime
+  labels:
+    app: chime
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
+    # allow requests larger than 1MiB
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  tls:
+  - hosts:
+    - penn-chime.phl.io
+    secretName: tls-secret
+  rules:
+  - host: penn-chime.phl.io
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: chime
+          servicePort: 80
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: chime-alt
+  namespace: chime
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
+    # allow requests larger than 1MiB
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  tls:
+  - hosts:
+    - lke.penn-chime.phl.io
+    secretName: tls-chime-alt
+  rules:
+  - host: lke.penn-chime.phl.io
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: chime
+          servicePort: 80
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: chime-static
+  namespace: chime
+  labels:
+    app: chime
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"  # Important!
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      proxy_cache static-cache;
+      proxy_cache_valid 404 1m;
+      proxy_cache_valid 200 10m;
+      proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
+      proxy_cache_bypass $http_x_purge;
+      proxy_cache_key $proxy_upstream_name$request_uri;
+      proxy_cache_lock on;
+      proxy_cache_use_stale updating;
+      add_header X-Cache-Status $upstream_cache_status;
+spec:
+  rules:
+  - host: penn-chime.phl.io
+    http:
+      paths:
+      - path: /static/
+        backend:
+          serviceName: chime
+          servicePort: 80
+  - host: lke.penn-chime.phl.io
+    http:
+      paths:
+      - path: /static/
+        backend:
+          serviceName: chime
+          servicePort: 80

k8s/app.yaml

@@ -50,94 +50,3 @@ spec:
     port: 80
     protocol: TCP
     targetPort: 8000
-
----
-
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: chime
-  namespace: chime
-  labels:
-    app: chime
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
-    # allow requests larger than 1MiB
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-spec:
-  tls:
-  - hosts:
-    - penn-chime.phl.io
-    secretName: tls-secret
-  rules:
-  - host: penn-chime.phl.io
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: chime
-          servicePort: 80
-
----
-
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: chime-alt
-  namespace: chime
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
-    # allow requests larger than 1MiB
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-spec:
-  tls:
-  - hosts:
-    - lke.penn-chime.phl.io
-    secretName: tls-chime-alt
-  rules:
-  - host: lke.penn-chime.phl.io
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: chime
-          servicePort: 80
-
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: chime-static
-  namespace: chime
-  labels:
-    app: chime
-  annotations:
-    nginx.ingress.kubernetes.io/proxy-buffering: "on"  # Important!
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_cache static-cache;
-      proxy_cache_valid 404 1m;
-      proxy_cache_valid 200 10m;
-      proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
-      proxy_cache_bypass $http_x_purge;
-      proxy_cache_key $proxy_upstream_name$request_uri;
-      proxy_cache_lock on;
-      proxy_cache_use_stale updating;
-      add_header X-Cache-Status $upstream_cache_status;
-spec:
-  rules:
-  - host: penn-chime.phl.io
-    http:
-      paths:
-      - path: /static/
-        backend:
-          serviceName: chime
-          servicePort: 80
-  - host: lke.penn-chime.phl.io
-    http:
-      paths:
-      - path: /static/
-        backend:
-          serviceName: chime
-          servicePort: 80