This quest is using the following components:
- Node
- Go
- Docker
- Helm
- Circle CI
A feature branch can be created off master and work a feature preview in there. Eventually a PR will be created and merge to Master.
Once a new commit is done in master, a Circle CI pipeline called prod-workflow
will build a docker image using the following parameters:
- AWS Account ID
- AWS Access Keys for circle ci user
- AWS Secret keys for circle ci user
- AWS Region
- AWS ECR name
- Build arguments to set a secret locally
- Environment (which is prod)
- Cluster name
- EKS Namespace
All of these variables are configure in Circle CI context and added to the job as environment variables.
The build job is using an orb that build the docker iamge and push it to the required ECR repo
aws-ecr/build-and-push-image:
account-url: AWS_ECR_ACCOUNT_URL
aws-access-key-id: AWS_ACCESS_KEY_ID
aws-secret-access-key: AWS_SECRET_ACCESS_KEY
region: AWS_DEFAULT_REGION
repo: ${ECR_NAME}
skip-when-tags-exist: false
extra-build-args: '--build-arg buildtime_secret="local-strong-secret"'
tag: '${ENVIRONMENT}-${CIRCLE_SHA1:0:7},${CIRCLE_SHA1:0:7}'
There is one step to approve the deployment and can be secure with Github groups
The deployment job is using orbs for Helm/Helmfile/AWS/Kubectl to get all the context of the cluster and deploy the manifest using Helm + Helmfile
IMAGE_TAG=${TAG} K8S_NAMESPACE=${NAMESPACE} helmfile -e ${ENVIRONMENT} -f helm/quest/helmfile.yaml apply