Commit f08ba9ee authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Actualiza detalles de CI y deploy 

Omite parámetros inexistentes de check de salud, reduce memoria
reservada, parametriza, nombra configs y secrets, reduce timeouts de
reinicio.
parent dabba00f

.gitlab-ci.yml

+9 −22
Original line number Diff line number Diff line 
image: docker:stable



stages:

  - package

  - test-package

  - deploy



image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest



variables:

  DOCKER_DRIVER: overlay2

  STACK: ${CI_PROJECT_NAME}

  SERVICES_TO_CHECK: ${CI_PROJECT_NAME}_${CI_PROJECT_NAME}

  IMAGE_NAME: ${CI_REGISTRY_IMAGE}

  IMAGE_TAG: ${CI_COMMIT_SHA}



services:

  - docker:dind



docker-build-development:

  stage: package

  image: docker:stable

  only:

    - branches

  except:
@@ -24,6 +29,7 @@ docker-build-development: 


docker-build-stable:

  stage: package

  image: docker:stable

  only:

    - master

  script:
@@ -33,6 +39,7 @@ docker-build-stable: 


container-scanning:

  stage: test-package

  image: docker:stable

  allow_failure: true

  only:

    - branches
@@ -54,13 +61,8 @@ container-scanning: 


deploy-supporting-branch-develop:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest

  variables:

    SSH_REMOTE: ${DEV_SSH_REMOTE}

    STACK: ${CI_PROJECT_NAME}

    SERVICES_TO_CHECK: ${CI_PROJECT_NAME}_${CI_PROJECT_NAME}

    IMAGE_NAME: ${CI_REGISTRY_IMAGE}

    IMAGE_TAG: ${CI_COMMIT_SHA}

    COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml

    PUBLIC_HOSTNAME: ${DEV_PUBLIC_HOSTNAME}

  script:
@@ -78,13 +80,8 @@ deploy-supporting-branch-develop: 


deploy-stable-branch-develop:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest

  variables:

    SSH_REMOTE: ${DEV_SSH_REMOTE}

    STACK: ${CI_PROJECT_NAME}

    SERVICES_TO_CHECK: ${CI_PROJECT_NAME}_${CI_PROJECT_NAME}

    IMAGE_NAME: ${CI_REGISTRY_IMAGE}

    IMAGE_TAG: ${CI_COMMIT_SHA}

    COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml

    PUBLIC_HOSTNAME: ${DEV_PUBLIC_HOSTNAME}

  script:
@@ -100,13 +97,8 @@ deploy-stable-branch-develop: 


deploy-supporting-branch-production:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest

  variables:

    SSH_REMOTE: ${PRO_SSH_REMOTE}

    STACK: ${CI_PROJECT_NAME}

    SERVICES_TO_CHECK: ${CI_PROJECT_NAME}_${CI_PROJECT_NAME}

    IMAGE_NAME: ${CI_REGISTRY_IMAGE}

    IMAGE_TAG: ${CI_COMMIT_SHA}

    COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml

    PUBLIC_HOSTNAME: ${PRO_PUBLIC_HOSTNAME}

  script:
@@ -124,13 +116,8 @@ deploy-supporting-branch-production: 


deploy-stable-branch-production:

  stage: deploy

  image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest

  variables:

    SSH_REMOTE: ${PRO_SSH_REMOTE}

    STACK: ${CI_PROJECT_NAME}

    SERVICES_TO_CHECK: ${CI_PROJECT_NAME}_${CI_PROJECT_NAME}

    IMAGE_NAME: ${CI_REGISTRY_IMAGE}

    IMAGE_TAG: ${CI_COMMIT_SHA}

    COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml

    PUBLIC_HOSTNAME: ${PRO_PUBLIC_HOSTNAME}

  script:

deploy/docker-compose.dev.yml

+1 −0
Original line number Diff line number Diff line
@@ -2,4 +2,5 @@ version: '3.5' 


configs:

  blacklist:

    name: ${BLACKLIST_NAME:-nginx-blacklist}

    file: ./config/dev-blacklist.conf

deploy/docker-compose.prod.yml

+1 −0
Original line number Diff line number Diff line
@@ -2,4 +2,5 @@ version: '3.5' 


configs:

  blacklist:

    name: ${BLACKLIST_NAME:-nginx-blacklist}

    file: ./config/pro-blacklist.conf

deploy/docker-compose.tmpl.yml

+12 −7
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@ services: 
      - source: cert-privkey

        target: /etc/nginx/certs/privkey.pem

    healthcheck:

      test: wget --spider -S -t 3 http://${PUBLIC_HOSTNAME:-localhost} || (count=$$(ps aux | grep openssl | wc -l); [ $${count} -gt 1 ])

      test: wget --spider http://${PUBLIC_HOSTNAME:-localhost} || (count=$$(ps aux | grep openssl | wc -l); [ $${count} -gt 1 ])

      interval: 30s

      timeout: 10s

      retries: 3
@@ -43,39 +43,44 @@ services: 
        constraints:

          - node.role == manager

      restart_policy:

        delay: 30s

        window: 2m

        delay: 10s

        window: 1m

      resources:

        limits:

          cpus: '2'

          memory: 128M

        reservations:

          memory: 103M

          memory: 64M



networks:

  traefik-net:

    name: ${TRAEFIK_NET_NAME:-traefik-net}

    external: true



volumes:

  cache-vol:

    name: nginx-cache-vol

    name: ${CACHE_VOL_NAME:-nginx-cache-vol}



  persistent-vol:

    name: nginx-persistent-vol

    name: ${PERSISTENT_VOL_NAME:-nginx-persistent-vol}



  acme-vol:

    name: acme-vol

    name: ${ACME_VOL_NAME:-acme-vol}



configs:

  blockips:

    name: ${BLOCKLIPS_NAME:-nginx-blockips}

    file: ./config/blockips.conf



secrets:

  cert-chain:

    name: ${CERT_CHAIN_NAME:-cert-chain}

    external: true



  cert-fullchain:

    name: ${CERT_FULLCHAIN_NAME:-cert-fullchain}

    external: true



  cert-privkey:

    name: ${CERT_PRIVKEY_NAME:-cert-privkey}

    external: true