From 630ceb2473c192d21e2aaaeff20c753fd9def862 Mon Sep 17 00:00:00 2001 From: KevinMidboe Date: Tue, 26 Aug 2025 19:56:52 +0200 Subject: [PATCH] compile varnish tmpl from docker-entrypoint script also updates kubernetes resources to separate app & varnish into two different deployments --- .drone.yml | 108 ++++++++++++++--------------- .kubernetes/2-config-varnish.yml | 9 +++ .kubernetes/config-varnish.yml | 8 --- .kubernetes/deployment-app.yml | 49 +++++++++++++ .kubernetes/deployment-varnish.yml | 40 +++++++++++ .kubernetes/deployment.yml | 56 --------------- .kubernetes/ingress.yml | 2 +- .kubernetes/service.yml | 25 +++++-- docker-compose.yml | 9 +-- varnish/Dockerfile | 13 ++-- varnish/default.vcl.tmpl | 11 --- varnish/docker-entrypoint.sh | 8 +++ 12 files changed, 188 insertions(+), 150 deletions(-) create mode 100644 .kubernetes/2-config-varnish.yml delete mode 100644 .kubernetes/config-varnish.yml create mode 100644 .kubernetes/deployment-app.yml create mode 100644 .kubernetes/deployment-varnish.yml delete mode 100644 .kubernetes/deployment.yml create mode 100644 varnish/docker-entrypoint.sh diff --git a/.drone.yml b/.drone.yml index bd0d1f0..e42e506 100644 --- a/.drone.yml +++ b/.drone.yml @@ -61,61 +61,6 @@ trigger: depends_on: - Build ---- -kind: pipeline -type: docker -name: Publish - -platform: - os: linux - arch: amd64 -kind: pipeline -type: docker -name: config-check - -steps: - - name: check-config - image: alpine/git - commands: - - git fetch --no-tags --depth=2 - - | - if git diff --quiet HEAD^ HEAD -- varnish/default.vcl; then - echo "No changes in varnish config file, skipping..." - exit 78 # exit code 78 = skip in Drone - else - echo "Changes detected in varnish config" - fi - - - name: Publish varnish to ghcr - image: plugins/docker - settings: - registry: ghcr.io - repo: ghcr.io/kevinmidboe/varnish-infra-map - contexT: varnish - dockerfile: Dockerfile - compress: true - username: - from_secret: GITHUB_USERNAME - password: - from_secret: GHCR_UPLOAD_TOKEN - build_args_from_env: - - - tags: - - latest - - ${DRONE_COMMIT_SHA} - -trigger: - event: - include: - - push - exclude: - - pull_request - branch: - - main - - update -depends_on: - - Build - --- kind: pipeline type: docker @@ -136,7 +81,7 @@ steps: commands: - mkdir -p /root/.kube - echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env - - echo "VARNISH_IMAGE=ghcr.io/kevinmidboe/varnish-${DRONE_REPO_NAME}" >> /root/.kube/.env + - echo "VARNISH_IMAGE=ghcr.io/kevinmidboe/varnish-${DRONE_REPO_NAME}:latest" >> /root/.kube/.env - echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env - 'curl -s -H "X-Vault-Token: $VAULT_TOKEN" @@ -184,8 +129,57 @@ depends_on: volumes: - name: kube-config temp: {} + +--- +kind: pipeline +type: docker +name: Publish varnish + +platform: + os: linux + arch: amd64 + +steps: + - name: Check for varnish changes + image: alpine/git + commands: + - git fetch --no-tags --depth=2 + - | + if git diff-tree --no-commit-id --name-only -r HEAD | grep -qE '(\.drone.yml|(varnish/.+(vcl|tmpl)(\n|$)))'; then + echo "Changes detected in varnish config" + else + echo "No changes in varnish config file, skipping..." + exit 78 # exit code 78 = skip in Drone + fi + + - name: Publish varnish image to ghcr + image: plugins/docker + settings: + registry: ghcr.io + repo: ghcr.io/kevinmidboe/varnish-infra-map + context: varnish + dockerfile: varnish/Dockerfile + compress: true + username: + from_secret: GITHUB_USERNAME + password: + from_secret: GHCR_UPLOAD_TOKEN + tags: + - latest + - ${DRONE_COMMIT_SHA} + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main + - update + --- kind: signature -hmac: 01caa41521eac62356f6fc941cdd489dae8e2c4249bdb4e4dc1a32e101c639b7 +hmac: b4b6a98b76fdf3cf297b46cf986a3d46f3d4050e623f2c769267181c7075a6ca ... diff --git a/.kubernetes/2-config-varnish.yml b/.kubernetes/2-config-varnish.yml new file mode 100644 index 0000000..5dcc56e --- /dev/null +++ b/.kubernetes/2-config-varnish.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: varnish-config + namespace: ${NAMESPACE} +data: + PROXY_HOST: ${PROXY_HOST} + IMAGE_HOST: ${IMAGE_HOST} diff --git a/.kubernetes/config-varnish.yml b/.kubernetes/config-varnish.yml deleted file mode 100644 index 3704a18..0000000 --- a/.kubernetes/config-varnish.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: varnish-vcl - namespace: ${NAMESPACE} -binaryData: - default.vcl: dmNsIDQuMDsKCmltcG9ydCBzdGQ7CmltcG9ydCBkaWdlc3Q7CgojIERlZmluZSBiYWNrZW5kIHBvaW50aW5nIHRvIEhvbWUgQXNzaXN0YW50IElQCmJhY2tlbmQgaGFzc19iYWNrZW5kIHsKICAgIC5ob3N0ID0gIjEwLjAuMC44MiI7CiAgICAucG9ydCA9ICI4MTIzIjsKfQoKc3ViIHZjbF9yZWN2IHsKICAgICMgSGFuZGxlIENPUlMgcHJlZmxpZ2h0CiAgICBpZiAocmVxLm1ldGhvZCA9PSAiT1BUSU9OUyIpIHsKICAgICAgICByZXR1cm4gKHN5bnRoKDIwNCwgIlByZWZsaWdodCIpKTsKICAgIH0KCiAgICAjIFJld3JpdGUgaW1hZ2UgVVJMCiAgICBpZiAocmVxLnVybCB+ICJeL2ltYWdlLyIpIHsKICAgICAgICAjIEV4dHJhY3QgZXZlcnl0aGluZyBhZnRlciAvaW1hZ2UvIGFuZCBzdG9yZSBpdAogICAgICAgIHNldCByZXEuaHR0cC5YLUltYWdlLVVSTCA9IHJlZ3N1YihyZXEudXJsLCAiXi9pbWFnZS8oLiopIiwgIlwxIik7CiAgICAgICAgIyBSZXdyaXRlIHJlcS51cmwgdG8gbWF0Y2ggYmFja2VuZCBleHBlY3RhdGlvbnMKICAgICAgICBzZXQgcmVxLnVybCA9IHJlZ3N1YihyZXEuaHR0cC5YLUltYWdlLVVSTCwgIl5odHRwOi8vW14vXSsiLCAiIik7CiAgICB9CgogICAgIyBSZW1vdmUgY29va2llcyBzbyBjb250ZW50IGlzIGNhY2hlYWJsZQogICAgdW5zZXQgcmVxLmh0dHAuQ29va2llOwp9CgpzdWIgdmNsX3N5bnRoIHsKICAgIGlmIChyZXNwLnN0YXR1cyA9PSAyMDQpIHsKICAgICAgICBzZXQgcmVzcC5odHRwLkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbiA9ICIqIjsKICAgICAgICBzZXQgcmVzcC5odHRwLkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHMgPSAiR0VULCBPUFRJT05TIjsKICAgICAgICBzZXQgcmVzcC5odHRwLkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnMgPSAiQ29udGVudC1UeXBlLCBYLUNhY2hlLUlEIjsKICAgICAgICBzZXQgcmVzcC5odHRwLkNvbnRlbnQtTGVuZ3RoID0gIjAiOwogICAgICAgIHJldHVybiAoZGVsaXZlcik7CiAgICB9CgogICAgaWYgKHJlc3Auc3RhdHVzID09IDMwNCkgewogICAgICAgIHNldCByZXNwLmh0dHAuRVRhZyA9IHJlcS5odHRwLklmLU5vbmUtTWF0Y2g7CiAgICAgICAgc2V0IHJlc3AuaHR0cC5Db250ZW50LUxlbmd0aCA9ICIwIjsKICAgICAgICByZXR1cm4gKGRlbGl2ZXIpOwogICAgfQp9CgpzdWIgdmNsX2JhY2tlbmRfZmV0Y2ggewogICAgIyBBbHdheXMgdXNlIHRoZSBIQVNTIGJhY2tlbmQKICAgIHNldCBiZXJlcS5iYWNrZW5kID0gaGFzc19iYWNrZW5kOwoKICAgICMgU2V0IHByb3BlciBIb3N0IGhlYWRlciBmcm9tIG9yaWdpbmFsIFVSTAogICAgIyBpZiAoYmVyZXEuaHR0cC5YLUltYWdlLVVSTCkgewogICAgIyAgICAgc2V0IGJlcmVxLmh0dHAuSG9zdCA9IHJlZ3N1YihiZXJlcS5odHRwLlgtSW1hZ2UtVVJMLCAiXmh0dHA6Ly8oW14vXSspLioiLCAiXDEiKTsKICAgICMgICAgIHNldCBiZXJlcS5odHRwLkhvc3QgPSByZWdzdWIoYmVyZXEuaHR0cC5Ib3N0LCAiOlswLTldKyQiLCAiIik7CiAgICAjIH0KfQoKc3ViIHZjbF9iYWNrZW5kX3Jlc3BvbnNlIHsKICAgIHNldCBiZXJlc3AudHRsID0gMXM7CiAgICBzZXQgYmVyZXNwLmdyYWNlID0gNjBzOwogICAgc2V0IGJlcmVzcC5rZWVwID0gNjBzOwoKICAgICMgRW5zdXJlIEVUYWcgaXMgcGFzc2VkIHRvIGNsaWVudAogICAgaWYgKGJlcmVzcC5odHRwLkVUYWcpIHsKICAgICAgICBzZXQgYmVyZXNwLmh0dHAuWC1DYWNoZS1FVGFnID0gYmVyZXNwLmh0dHAuRVRhZzsKICAgIH0gZWxzZSB7CiAgICAgICAgIyBPcHRpb25hbDogZ2VuZXJhdGUgb25lIGlmIG5vdCBwcm92aWRlZAogICAgICAgICMgc2V0IGJlcmVzcC5odHRwLkVUYWcgPSBkaWdlc3QuaGFzaF9tZDUoYmVyZXNwLmJvZHkpOwogICAgICAgIHNldCBiZXJlc3AuaHR0cC5FVGFnID0gYmVyZXNwLmh0dHAuQ29udGVudC1MZW5ndGg7CiAgICAgICAgc2V0IGJlcmVzcC5odHRwLlgtQ2FjaGUtRVRhZyA9IGJlcmVzcC5odHRwLkVUYWc7CiAgICB9Cn0KCnN1YiB2Y2xfaGl0IHsKICAgIGlmIChvYmoudHRsIDwgMHMgJiYgc3RkLmhlYWx0aHkocmVxLmJhY2tlbmRfaGludCkpIHsKICAgICAgICByZXR1cm4gKGRlbGl2ZXIpOwogICAgfQp9CgpzdWIgdmNsX2RlbGl2ZXIgewogICAgdW5zZXQgcmVzcC5odHRwLlgtSW1hZ2UtVVJMOwogICAgc2V0IHJlc3AuaHR0cC5BY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW4gPSAiKiI7CgogICAgIyBIYW5kbGUgY29uZGl0aW9uYWwgcmVxdWVzdCB3aXRoIEVUYWcKICAgIGlmICgKICAgICAgICByZXEuaHR0cC5JZi1Ob25lLU1hdGNoICYmCiAgICAgICAgcmVxLmh0dHAuSWYtTm9uZS1NYXRjaCA9PSByZXNwLmh0dHAuRVRhZwogICAgKSB7CiAgICAgICAgcmV0dXJuIChzeW50aCgzMDQpKTsKICAgIH0KfQo= diff --git a/.kubernetes/deployment-app.yml b/.kubernetes/deployment-app.yml new file mode 100644 index 0000000..16fa3ee --- /dev/null +++ b/.kubernetes/deployment-app.yml @@ -0,0 +1,49 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + labels: + app: infra-map + name: infra-map + namespace: ${NAMESPACE} +spec: + replicas: 2 + selector: + matchLabels: + app: infra-map + template: + metadata: + labels: + app: infra-map + spec: + containers: + - name: infra-map + - env: + - name: ORIGIN + value: http://infra-map.infra-map.svc.cluster.local:3000 + - name: PROTOCOL_HEADER + value: x-forwarded-proto + - name: HOST_HEADER + value: x-forwarded-host + - name: PORT_HEADER + value: x-forwarded-port + - name: ENV + value: production + envFrom: + - secretRef: + name: secret-env-values + image: ${IMAGE} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 300m + memory: 828Mi + requests: + cpu: 250m + memory: 64Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullSecrets: + - name: ghcr-login-secret + dnsPolicy: ClusterFirst diff --git a/.kubernetes/deployment-varnish.yml b/.kubernetes/deployment-varnish.yml new file mode 100644 index 0000000..371824f --- /dev/null +++ b/.kubernetes/deployment-varnish.yml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + labels: + app: varnish + name: varnish + namespace: ${NAMESPACE} +spec: + replicas: 2 + selector: + matchLabels: + app: varnish + template: + metadata: + labels: + app: varnish + spec: + containers: + - command: + - /usr/local/bin/docker-entrypoint.sh + envFrom: + - configMapRef: + name: varnish-config + image: ghcr.io/kevinmidboe/varnish-infra-map:latest + imagePullPolicy: Always + name: varnish + resources: + limits: + cpu: 900m + memory: 828Mi + requests: + cpu: 250m + memory: 64Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullSecrets: + - name: ghcr-login-secret + dnsPolicy: ClusterFirst diff --git a/.kubernetes/deployment.yml b/.kubernetes/deployment.yml deleted file mode 100644 index 5273a3d..0000000 --- a/.kubernetes/deployment.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - labels: - app: infra-map - name: infra-map - namespace: ${NAMESPACE} -spec: - replicas: 2 - selector: - matchLabels: - app: infra-map - template: - metadata: - labels: - app: infra-map - spec: - containers: - - image: ${IMAGE} - imagePullPolicy: IfNotPresent - name: infra-map - envFrom: - - secretRef: - name: secret-env-values - resources: - limits: - cpu: 900m - memory: 828Mi - requests: - cpu: 250m - memory: 64Mi - - image: ${VARNISH_IMAGE}:latest - imagePullPolicy: IfNotPresent - name: varnish - command: ['varnishd'] - args: ['-F', '-f', '/etc/varnish/default.vcl', '-a', ':6081', '-s', 'malloc,512m'] - volumeMounts: - - name: varnish-vcl - mountPath: /etc/varnish/default.vcl - subPath: default.vcl - resources: - limits: - cpu: 900m - memory: 828Mi - requests: - cpu: 250m - memory: 64Mi - restartPolicy: Always - imagePullSecrets: - - name: ghcr-login-secret - volumes: - - name: varnish-vcl - configMap: - name: varnish-vcl diff --git a/.kubernetes/ingress.yml b/.kubernetes/ingress.yml index 5cf4803..06eed08 100644 --- a/.kubernetes/ingress.yml +++ b/.kubernetes/ingress.yml @@ -12,7 +12,7 @@ spec: paths: - backend: service: - name: infra-map-service + name: varnish port: number: 80 path: / diff --git a/.kubernetes/service.yml b/.kubernetes/service.yml index 5273176..a3f1b2f 100644 --- a/.kubernetes/service.yml +++ b/.kubernetes/service.yml @@ -3,8 +3,8 @@ apiVersion: v1 kind: Service metadata: labels: - app: infra-map - name: infra-map-service + app: varnish + name: varnish namespace: ${NAMESPACE} spec: ports: @@ -12,9 +12,26 @@ spec: name: http protocol: TCP targetPort: 6081 + selector: + app: varnish + sessionAffinity: None + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: infra-map + name: infra-map + namespace: ${NAMESPACE} +spec: + ports: + - port: 80 + name: http + protocol: TCP + targetPort: 3000 selector: app: infra-map sessionAffinity: None type: ClusterIP -status: - loadBalancer: {} diff --git a/docker-compose.yml b/docker-compose.yml index 3d78c91..1ebc20e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,10 +5,10 @@ services: build: context: varnish dockerfile: Dockerfile - args: - # sets build variables. Overridden by env, but has sane defaults - IMAGE_HOST: ${IMAGE_HOST:-homeassistant.local} - PROXY_HOST: ${PROXY_HOST:-app} + environment: + # sets environment variables. Overridden by env, but has sane defaults + IMAGE_HOST: ${IMAGE_HOST:-homeassistant.local} + PROXY_HOST: ${PROXY_HOST:-app} ports: - '6081:6081' depends_on: @@ -20,6 +20,7 @@ services: dockerfile: Dockerfile env_file: .env # sets container's environment environment: + - ORIGIN=http://localhost:3000 - NODE_ENV=production - PROTOCOL_HEADER=x-forwarded-proto - HOST_HEADER=x-forwarded-host diff --git a/varnish/Dockerfile b/varnish/Dockerfile index 8bab89b..0f939fc 100644 --- a/varnish/Dockerfile +++ b/varnish/Dockerfile @@ -44,14 +44,9 @@ COPY default.vcl.tmpl /etc/varnish/ COPY *.vcl /etc/varnish/ COPY includes /etc/varnish/includes -# Set variables for *.tmpl files -ARG PROXY_HOST=$PROXY_HOST -ARG IMAGE_HOST=$IMAGE_HOST - -# Generate VCL -RUN gomplate -f /etc/varnish/default.vcl.tmpl -o /etc/varnish/default.vcl -RUN rm /etc/varnish/default.vcl.tmpl +# Create entrypoint script +COPY docker-entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/docker-entrypoint.sh EXPOSE 6081 -CMD ["varnishd", "-F", "-f", "/etc/varnish/default.vcl", "-a", ":6081", "-s", "malloc,512m"] - +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] diff --git a/varnish/default.vcl.tmpl b/varnish/default.vcl.tmpl index 65fb394..13eb58f 100644 --- a/varnish/default.vcl.tmpl +++ b/varnish/default.vcl.tmpl @@ -46,17 +46,6 @@ sub vcl_recv { unset req.http.Cookie; } -// Svelte-kit needs to distinguish between it's own files and the Host header. -// The X-Forwarded-* headers below are to tell svelte-kit where it's local files are, -// and the Host header is included in the returned html & js referencing the external -// domain or proxy requested by client. -// https://svelte.dev/docs/kit/adapter-node#Environment-variables-ORIGIN-PROTOCOL_HEADER-HOST_HEADER-and-PORT_HEADER -sub vcl_backend_fetch { - set bereq.http.X-Forwarded-Host = "localhost"; - set bereq.http.X-Forwarded-Port = "3000"; - set bereq.http.X-Forwarded-Proto = "http"; -} - sub vcl_synth { if (resp.status == 204) { set resp.http.Access-Control-Allow-Origin = "*"; diff --git a/varnish/docker-entrypoint.sh b/varnish/docker-entrypoint.sh new file mode 100644 index 0000000..b3844a0 --- /dev/null +++ b/varnish/docker-entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -e + +# Generate VCL at runtime +gomplate -f /etc/varnish/default.vcl.tmpl -o /etc/varnish/default.vcl + +# Execute startup CMD +exec varnishd -F -f /etc/varnish/default.vcl -a :6081 -s malloc,512m