KevinMidboe/infra-map
1
0
Fork 0
mirror of https://github.com/KevinMidboe/infra-map.git synced 2025-10-29 17:40:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

compile varnish tmpl from docker-entrypoint script

Browse Source 
also updates kubernetes resources to separate app & varnish into two different deployments
This commit is contained in:
Kevin
2025-08-26 19:56:52 +02:00
parent d233c8081a
commit 630ceb2473
12 changed files with 188 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
.drone.yml
View File

@@ -61,61 +61,6 @@ trigger:
depends_on: depends_on:
- Build - Build
---
kind: pipeline
type: docker
name: Publish
platform:
os: linux
arch: amd64
kind: pipeline
type: docker
name: config-check
steps:
- name: check-config
image: alpine/git
commands:
- git fetch --no-tags --depth=2
- |
if git diff --quiet HEAD^ HEAD -- varnish/default.vcl; then
echo "No changes in varnish config file, skipping..."
exit 78 # exit code 78 = skip in Drone
else
echo "Changes detected in varnish config"
fi
- name: Publish varnish to ghcr
image: plugins/docker
settings:
registry: ghcr.io
repo: ghcr.io/kevinmidboe/varnish-infra-map
contexT: varnish
dockerfile: Dockerfile
compress: true
username:
from_secret: GITHUB_USERNAME
password:
from_secret: GHCR_UPLOAD_TOKEN
build_args_from_env:
-
tags:
- latest
- ${DRONE_COMMIT_SHA}
trigger:
event:
include:
- push
exclude:
- pull_request
branch:
- main
- update
depends_on:
- Build
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@@ -136,7 +81,7 @@ steps:
commands: commands:
- mkdir -p /root/.kube - mkdir -p /root/.kube
- echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env - echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env
- echo "VARNISH_IMAGE=ghcr.io/kevinmidboe/varnish-${DRONE_REPO_NAME}" >> /root/.kube/.env - echo "VARNISH_IMAGE=ghcr.io/kevinmidboe/varnish-${DRONE_REPO_NAME}:latest" >> /root/.kube/.env
- echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env - echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env
- 'curl -s - 'curl -s
-H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Token: $VAULT_TOKEN"
@@ -184,8 +129,57 @@ depends_on:
volumes: volumes:
- name: kube-config - name: kube-config
temp: {} temp: {}
---
kind: pipeline
type: docker
name: Publish varnish
platform:
os: linux
arch: amd64
steps:
- name: Check for varnish changes
image: alpine/git
commands:
- git fetch --no-tags --depth=2
- |
if git diff-tree --no-commit-id --name-only -r HEAD | grep -qE '(\.drone.yml|(varnish/.+(vcl|tmpl)(\n|$)))'; then
echo "Changes detected in varnish config"
else
echo "No changes in varnish config file, skipping..."
exit 78 # exit code 78 = skip in Drone
fi
- name: Publish varnish image to ghcr
image: plugins/docker
settings:
registry: ghcr.io
repo: ghcr.io/kevinmidboe/varnish-infra-map
context: varnish
dockerfile: varnish/Dockerfile
compress: true
username:
from_secret: GITHUB_USERNAME
password:
from_secret: GHCR_UPLOAD_TOKEN
tags:
- latest
- ${DRONE_COMMIT_SHA}
trigger:
event:
include:
- push
exclude:
- pull_request
branch:
- main
- update
--- ---
kind: signature kind: signature
hmac: 01caa41521eac62356f6fc941cdd489dae8e2c4249bdb4e4dc1a32e101c639b7 hmac: b4b6a98b76fdf3cf297b46cf986a3d46f3d4050e623f2c769267181c7075a6ca
... ...

9
.kubernetes/2-config-varnish.yml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: varnish-config
namespace: ${NAMESPACE}
data:
PROXY_HOST: ${PROXY_HOST}
IMAGE_HOST: ${IMAGE_HOST}

8
.kubernetes/config-varnish.yml
View File

@@ -1,8 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: varnish-vcl
namespace: ${NAMESPACE}
binaryData:
default.vcl: dmNsIDQuMDsKCmltcG9ydCBzdGQ7CmltcG9ydCBkaWdlc3Q7CgojIERlZmluZSBiYWNrZW5kIHBvaW50aW5nIHRvIEhvbWUgQXNzaXN0YW50IElQCmJhY2tlbmQgaGFzc19iYWNrZW5kIHsKICAgIC5ob3N0ID0gIjEwLjAuMC44MiI7CiAgICAucG9ydCA9ICI4MTIzIjsKfQoKc3ViIHZjbF9yZWN2IHsKICAgICMgSGFuZGxlIENPUlMgcHJlZmxpZ2h0CiAgICBpZiAocmVxLm1ldGhvZCA9PSAiT1BUSU9OUyIpIHsKICAgICAgICByZXR1cm4gKHN5bnRoKDIwNCwgIlByZWZsaWdodCIpKTsKICAgIH0KCiAgICAjIFJld3JpdGUgaW1hZ2UgVVJMCiAgICBpZiAocmVxLnVybCB+ICJeL2ltYWdlLyIpIHsKICAgICAgICAjIEV4dHJhY3QgZXZlcnl0aGluZyBhZnRlciAvaW1hZ2UvIGFuZCBzdG9yZSBpdAogICAgICAgIHNldCByZXEuaHR0cC5YLUltYWdlLVVSTCA9IHJlZ3N1YihyZXEudXJsLCAiXi9pbWFnZS8oLiopIiwgIlwxIik7CiAgICAgICAgIyBSZXdyaXRlIHJlcS51cmwgdG8gbWF0Y2ggYmFja2VuZCBleHBlY3RhdGlvbnMKICAgICAgICBzZXQgcmVxLnVybCA9IHJlZ3N1YihyZXEuaHR0cC5YLUltYWdlLVVSTCwgIl5odHRwOi8vW14vXSsiLCAiIik7CiAgICB9CgogICAgIyBSZW1vdmUgY29va2llcyBzbyBjb250ZW50IGlzIGNhY2hlYWJsZQogICAgdW5zZXQgcmVxLmh0dHAuQ29va2llOwp9CgpzdWIgdmNsX3N5bnRoIHsKICAgIGlmIChyZXNwLnN0YXR1cyA9PSAyMDQpIHsKICAgICAgICBzZXQgcmVzcC5odHRwLkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbiA9ICIqIjsKICAgICAgICBzZXQgcmVzcC5odHRwLkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHMgPSAiR0VULCBPUFRJT05TIjsKICAgICAgICBzZXQgcmVzcC5odHRwLkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnMgPSAiQ29udGVudC1UeXBlLCBYLUNhY2hlLUlEIjsKICAgICAgICBzZXQgcmVzcC5odHRwLkNvbnRlbnQtTGVuZ3RoID0gIjAiOwogICAgICAgIHJldHVybiAoZGVsaXZlcik7CiAgICB9CgogICAgaWYgKHJlc3Auc3RhdHVzID09IDMwNCkgewogICAgICAgIHNldCByZXNwLmh0dHAuRVRhZyA9IHJlcS5odHRwLklmLU5vbmUtTWF0Y2g7CiAgICAgICAgc2V0IHJlc3AuaHR0cC5Db250ZW50LUxlbmd0aCA9ICIwIjsKICAgICAgICByZXR1cm4gKGRlbGl2ZXIpOwogICAgfQp9CgpzdWIgdmNsX2JhY2tlbmRfZmV0Y2ggewogICAgIyBBbHdheXMgdXNlIHRoZSBIQVNTIGJhY2tlbmQKICAgIHNldCBiZXJlcS5iYWNrZW5kID0gaGFzc19iYWNrZW5kOwoKICAgICMgU2V0IHByb3BlciBIb3N0IGhlYWRlciBmcm9tIG9yaWdpbmFsIFVSTAogICAgIyBpZiAoYmVyZXEuaHR0cC5YLUltYWdlLVVSTCkgewogICAgIyAgICAgc2V0IGJlcmVxLmh0dHAuSG9zdCA9IHJlZ3N1YihiZXJlcS5odHRwLlgtSW1hZ2UtVVJMLCAiXmh0dHA6Ly8oW14vXSspLioiLCAiXDEiKTsKICAgICMgICAgIHNldCBiZXJlcS5odHRwLkhvc3QgPSByZWdzdWIoYmVyZXEuaHR0cC5Ib3N0LCAiOlswLTldKyQiLCAiIik7CiAgICAjIH0KfQoKc3ViIHZjbF9iYWNrZW5kX3Jlc3BvbnNlIHsKICAgIHNldCBiZXJlc3AudHRsID0gMXM7CiAgICBzZXQgYmVyZXNwLmdyYWNlID0gNjBzOwogICAgc2V0IGJlcmVzcC5rZWVwID0gNjBzOwoKICAgICMgRW5zdXJlIEVUYWcgaXMgcGFzc2VkIHRvIGNsaWVudAogICAgaWYgKGJlcmVzcC5odHRwLkVUYWcpIHsKICAgICAgICBzZXQgYmVyZXNwLmh0dHAuWC1DYWNoZS1FVGFnID0gYmVyZXNwLmh0dHAuRVRhZzsKICAgIH0gZWxzZSB7CiAgICAgICAgIyBPcHRpb25hbDogZ2VuZXJhdGUgb25lIGlmIG5vdCBwcm92aWRlZAogICAgICAgICMgc2V0IGJlcmVzcC5odHRwLkVUYWcgPSBkaWdlc3QuaGFzaF9tZDUoYmVyZXNwLmJvZHkpOwogICAgICAgIHNldCBiZXJlc3AuaHR0cC5FVGFnID0gYmVyZXNwLmh0dHAuQ29udGVudC1MZW5ndGg7CiAgICAgICAgc2V0IGJlcmVzcC5odHRwLlgtQ2FjaGUtRVRhZyA9IGJlcmVzcC5odHRwLkVUYWc7CiAgICB9Cn0KCnN1YiB2Y2xfaGl0IHsKICAgIGlmIChvYmoudHRsIDwgMHMgJiYgc3RkLmhlYWx0aHkocmVxLmJhY2tlbmRfaGludCkpIHsKICAgICAgICByZXR1cm4gKGRlbGl2ZXIpOwogICAgfQp9CgpzdWIgdmNsX2RlbGl2ZXIgewogICAgdW5zZXQgcmVzcC5odHRwLlgtSW1hZ2UtVVJMOwogICAgc2V0IHJlc3AuaHR0cC5BY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW4gPSAiKiI7CgogICAgIyBIYW5kbGUgY29uZGl0aW9uYWwgcmVxdWVzdCB3aXRoIEVUYWcKICAgIGlmICgKICAgICAgICByZXEuaHR0cC5JZi1Ob25lLU1hdGNoICYmCiAgICAgICAgcmVxLmh0dHAuSWYtTm9uZS1NYXRjaCA9PSByZXNwLmh0dHAuRVRhZwogICAgKSB7CiAgICAgICAgcmV0dXJuIChzeW50aCgzMDQpKTsKICAgIH0KfQo=

49
.kubernetes/deployment-app.yml Normal file
View File

@@ -0,0 +1,49 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
labels:
app: infra-map
name: infra-map
namespace: ${NAMESPACE}
spec:
replicas: 2
selector:
matchLabels:
app: infra-map
template:
metadata:
labels:
app: infra-map
spec:
containers:
- name: infra-map
- env:
- name: ORIGIN
value: http://infra-map.infra-map.svc.cluster.local:3000
- name: PROTOCOL_HEADER
value: x-forwarded-proto
- name: HOST_HEADER
value: x-forwarded-host
- name: PORT_HEADER
value: x-forwarded-port
- name: ENV
value: production
envFrom:
- secretRef:
name: secret-env-values
image: ${IMAGE}
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 300m
memory: 828Mi
requests:
cpu: 250m
memory: 64Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullSecrets:
- name: ghcr-login-secret
dnsPolicy: ClusterFirst

40
.kubernetes/deployment-varnish.yml Normal file
View File

@@ -0,0 +1,40 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
labels:
app: varnish
name: varnish
namespace: ${NAMESPACE}
spec:
replicas: 2
selector:
matchLabels:
app: varnish
template:
metadata:
labels:
app: varnish
spec:
containers:
- command:
- /usr/local/bin/docker-entrypoint.sh
envFrom:
- configMapRef:
name: varnish-config
image: ghcr.io/kevinmidboe/varnish-infra-map:latest
imagePullPolicy: Always
name: varnish
resources:
limits:
cpu: 900m
memory: 828Mi
requests:
cpu: 250m
memory: 64Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullSecrets:
- name: ghcr-login-secret
dnsPolicy: ClusterFirst

56
.kubernetes/deployment.yml
View File

@@ -1,56 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
labels:
app: infra-map
name: infra-map
namespace: ${NAMESPACE}
spec:
replicas: 2
selector:
matchLabels:
app: infra-map
template:
metadata:
labels:
app: infra-map
spec:
containers:
- image: ${IMAGE}
imagePullPolicy: IfNotPresent
name: infra-map
envFrom:
- secretRef:
name: secret-env-values
resources:
limits:
cpu: 900m
memory: 828Mi
requests:
cpu: 250m
memory: 64Mi
- image: ${VARNISH_IMAGE}:latest
imagePullPolicy: IfNotPresent
name: varnish
command: ['varnishd']
args: ['-F', '-f', '/etc/varnish/default.vcl', '-a', ':6081', '-s', 'malloc,512m']
volumeMounts:
- name: varnish-vcl
mountPath: /etc/varnish/default.vcl
subPath: default.vcl
resources:
limits:
cpu: 900m
memory: 828Mi
requests:
cpu: 250m
memory: 64Mi
restartPolicy: Always
imagePullSecrets:
- name: ghcr-login-secret
volumes:
- name: varnish-vcl
configMap:
name: varnish-vcl

2
.kubernetes/ingress.yml
View File

@@ -12,7 +12,7 @@ spec:
paths: paths:
- backend: - backend:
service: service:
name: infra-map-service name: varnish
port: port:
number: 80 number: 80
path: / path: /

25
.kubernetes/service.yml
View File

@@ -3,8 +3,8 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
app: infra-map app: varnish
name: infra-map-service name: varnish
namespace: ${NAMESPACE} namespace: ${NAMESPACE}
spec: spec:
ports: ports:
@@ -12,9 +12,26 @@ spec:
name: http name: http
protocol: TCP protocol: TCP
targetPort: 6081 targetPort: 6081
selector:
app: varnish
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: infra-map
name: infra-map
namespace: ${NAMESPACE}
spec:
ports:
- port: 80
name: http
protocol: TCP
targetPort: 3000
selector: selector:
app: infra-map app: infra-map
sessionAffinity: None sessionAffinity: None
type: ClusterIP type: ClusterIP
status:
loadBalancer: {}

9
docker-compose.yml
View File

@@ -5,10 +5,10 @@ services:
build: build:
context: varnish context: varnish
dockerfile: Dockerfile dockerfile: Dockerfile
args: environment:
# sets build variables. Overridden by env, but has sane defaults # sets environment variables. Overridden by env, but has sane defaults
IMAGE_HOST: ${IMAGE_HOST:-homeassistant.local} IMAGE_HOST: ${IMAGE_HOST:-homeassistant.local}
PROXY_HOST: ${PROXY_HOST:-app} PROXY_HOST: ${PROXY_HOST:-app}
ports: ports:
- '6081:6081' - '6081:6081'
depends_on: depends_on:
@@ -20,6 +20,7 @@ services:
dockerfile: Dockerfile dockerfile: Dockerfile
env_file: .env # sets container's environment env_file: .env # sets container's environment
environment: environment:
- ORIGIN=http://localhost:3000
- NODE_ENV=production - NODE_ENV=production
- PROTOCOL_HEADER=x-forwarded-proto - PROTOCOL_HEADER=x-forwarded-proto
- HOST_HEADER=x-forwarded-host - HOST_HEADER=x-forwarded-host

13
varnish/Dockerfile
View File

@@ -44,14 +44,9 @@ COPY default.vcl.tmpl /etc/varnish/
COPY *.vcl /etc/varnish/ COPY *.vcl /etc/varnish/
COPY includes /etc/varnish/includes COPY includes /etc/varnish/includes
# Set variables for *.tmpl files # Create entrypoint script
ARG PROXY_HOST=$PROXY_HOST COPY docker-entrypoint.sh /usr/local/bin/
ARG IMAGE_HOST=$IMAGE_HOST RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# Generate VCL
RUN gomplate -f /etc/varnish/default.vcl.tmpl -o /etc/varnish/default.vcl
RUN rm /etc/varnish/default.vcl.tmpl
EXPOSE 6081 EXPOSE 6081
CMD ["varnishd", "-F", "-f", "/etc/varnish/default.vcl", "-a", ":6081", "-s", "malloc,512m"] ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]

11
varnish/default.vcl.tmpl
View File

@@ -46,17 +46,6 @@ sub vcl_recv {
unset req.http.Cookie; unset req.http.Cookie;
} }
// Svelte-kit needs to distinguish between it's own files and the Host header.
// The X-Forwarded-* headers below are to tell svelte-kit where it's local files are,
// and the Host header is included in the returned html & js referencing the external
// domain or proxy requested by client.
// https://svelte.dev/docs/kit/adapter-node#Environment-variables-ORIGIN-PROTOCOL_HEADER-HOST_HEADER-and-PORT_HEADER
sub vcl_backend_fetch {
set bereq.http.X-Forwarded-Host = "localhost";
set bereq.http.X-Forwarded-Port = "3000";
set bereq.http.X-Forwarded-Proto = "http";
}
sub vcl_synth { sub vcl_synth {
if (resp.status == 204) { if (resp.status == 204) {
set resp.http.Access-Control-Allow-Origin = "*"; set resp.http.Access-Control-Allow-Origin = "*";

8
varnish/docker-entrypoint.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
set -e
# Generate VCL at runtime
gomplate -f /etc/varnish/default.vcl.tmpl -o /etc/varnish/default.vcl
# Execute startup CMD
exec varnishd -F -f /etc/varnish/default.vcl -a :6081 -s malloc,512m