From b50ff48d66d43b678b09e79e5341c9282feb4799 Mon Sep 17 00:00:00 2001 From: Fawzi Mohamed <fawzi.mohamed@fhi-berlin.mpg.de> Date: Fri, 29 Mar 2019 11:22:53 +0100 Subject: [PATCH] switching to gitlab as docker registry --- deploy/deploy.sh | 59 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 45 insertions(+), 14 deletions(-) diff --git a/deploy/deploy.sh b/deploy/deploy.sh index e7dff99..d4895e4 100755 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -73,7 +73,7 @@ if [ -n "$buildDocker" ] ; then git describe --tags --always --dirty > version_to_deploy fi version=$(cat version_to_deploy) -name="analytics-toolkit.nomad-coe.eu:5509/nomadlab/nomad-container-manager:$version" +name="gitlab-registry.mpcdf.mpg.de/nomad-lab/container-manager:$version" if [ -n "$buildDocker" ] ; then if [ -n "$alwaysPull" ] ; then docker pull node:carbon @@ -196,15 +196,6 @@ echo " mkdir -p $chownRoot/prometheus/server-volume" echo " kubectl create -f prometheus-server-volume.yaml" echo " helm install $tls --name prometheus -f prometheus-values.yaml stable/prometheus" -if [ -n updateDeploy ]; then - cat >container-manager-namespace.yaml <<EOF -kind: Namespace -apiVersion: v1 -metadata: - name: analytics -EOF -fi - echo "## Environment setup, redis db for the sessions" if [ -n updateDeploy ]; then if [ ! -e session-db-redis-pwd.txt ]; then @@ -376,18 +367,58 @@ echo " fi" echo "## Environment setup for container manager" if [ -n updateDeploy ]; then -cat >container-manager-namespace.yaml <<EOF + cat >container-manager-namespace.yaml <<EOF kind: Namespace apiVersion: v1 metadata: name: analytics +EOF + cat >container-manager-user.yaml <<EOF +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: analytics-user + namespace: analytics +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: analytics-user-full-access + namespace: analytics +rules: +- apiGroups: ["", "extensions", "apps"] + resources: ["*"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: + - jobs + - cronjobs + verbs: ["*"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: analytics-user-view + namespace: analytics +subjects: +- kind: ServiceAccount + name: analytics-user + namespace: analytics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: analytics-user-full-access EOF fi echo "# create namespace for pods of container manager" echo " kubectl create -f container-manager-namespace.yaml" -echo "# secret to pull images from analytics-toolkit.nomad-coe.eu:5509" -echo " kubectl create secret docker-registry garching-kube --docker-server=analytics-toolkit.nomad-coe.eu:5509 --docker-username=\$DOCKER_USERNAME --docker-password=\"\$DOCKER_PASSWORD\" --docker-email=\$DOCKER_EMAIL" -echo " kubectl --namespace analytics create secret docker-registry garching-kube --docker-server=analytics-toolkit.nomad-coe.eu:5509 --docker-username=\$DOCKER_USERNAME --docker-password=\"\$DOCKER_PASSWORD\" --docker-email=\$DOCKER_EMAIL" +echo "# create user for namespace of pods of container manager" +echo " kubectl create -f container-manager-user.yaml" +echo "# secret to pull images from gitlab-registry.mpcdf.mpg.de" +echo " kubectl create secret docker-registry garching-kube --docker-server=gitlab-registry.mpcdf.mpg.de --docker-username=\$DOCKER_USERNAME --docker-password=\"\$DOCKER_PASSWORD\" --docker-email=\$DOCKER_EMAIL" +echo " kubectl --namespace analytics create secret docker-registry garching-kube --docker-server=gitlab-registry.mpcdf.mpg.de --docker-username=\$DOCKER_USERNAME --docker-password=\"\$DOCKER_PASSWORD\" --docker-email=\$DOCKER_EMAIL" echo "# get certificates to connect to kubernetes (either from kube-certs of ~/.minikube)" echo " if [ -f kube-certs/client.key ] ; then" echo " pushd kube-certs" -- GitLab