Deployment
Github Actions
The Initium CLI is able to create CI/CD pipelines from scratch in order to help automate the build and deployment process, as part of a newly created application source code repo.
When using the --github flag, the tool is able to create new pipelines responsible for building & deploying actions either during pull request creation or when a PR is merged to the main branch.
initium init github
The files that will be created:
# This file is generate by https://github.com/nearform/initium-cli
name: Deploy on PR
on:
pull_request:
types: [opened, synchronize, reopened, closed]
jobs:
on_pr:
if: github.event.action != 'closed'
concurrency: ${{ github.head_ref }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.head_ref }}
- name: build and deploy application
uses: docker://ghcr.io/nearform/initium-cli:latest
with:
args: onbranch
env:
INITIUM_REGISTRY_USER: ${{ github.actor }}
INITIUM_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
INITIUM_CLUSTER_ENDPOINT: ${{ secrets.CLUSTER_ENDPOINT }}
INITIUM_CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
INITIUM_CLUSTER_CA_CERT: ${{ secrets.CLUSTER_CA_CERT }}
closed_pr:
if: github.event.action == 'closed'
concurrency: ${{ github.head_ref }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: delete application
uses: docker://ghcr.io/nearform/initium-cli:latest
with:
args: onbranch --clean --branch-name ${{ github.head_ref }}
env:
INITIUM_REGISTRY_USER: ${{ github.actor }}
INITIUM_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
INITIUM_CLUSTER_ENDPOINT: ${{ secrets.CLUSTER_ENDPOINT }}
INITIUM_CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
INITIUM_CLUSTER_CA_CERT: ${{ secrets.CLUSTER_CA_CERT }}
# This file is generate by https://github.com/nearform/initium-cli
name: Deploy on main
on:
push:
branches:
- main
jobs:
cli:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: build and deploy on main
uses: docker://ghcr.io/nearform/initium-cli:latest
with:
args: onmain
env:
INITIUM_REGISTRY_USER: ${{ github.actor }}
INITIUM_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
INITIUM_CLUSTER_ENDPOINT: ${{ secrets.CLUSTER_ENDPOINT }}
INITIUM_CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
INITIUM_CLUSTER_CA_CERT: ${{ secrets.CLUSTER_CA_CERT }}
Running locally
Setup local environment
These are the environment variables that you have to set in order to use the onmain, onbranch commands from your local environment
export INITIUM_REGISTRY_PASSWORD="<github_pat>"
export INITIUM_REGISTRY_USER="<github_user>"
and
export INITIUM_CLUSTER_ENDPOINT=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "kind-k8s-kurated-addons")].cluster.server}')
export INITIUM_CLUSTER_TOKEN=$(kubectl get secrets initium-cli-token -o jsonpath="{.data.token}" | base64 -d)
export INITIUM_CLUSTER_CA_CERT=$(kubectl get secrets initium-cli-token -o jsonpath="{.data.ca\.crt}" | base64 -d)
Feature branch
Builds & deploys the code to the Kubernetes cluster using knative, setting the namespace as the branch name.
initium onbranch
Main branch
Builds & deploys the code to the Kubernetes cluster using knative, setting main as the namespace.
initium onmain
Application Access
In order for the application to be reachable, you need to follow the steps below.
For exposing the platform load balancer:
export INITIUM_LB_ENDPOINT="$(kubectl get service -n istio-ingress istio-ingressgateway -o go-template='{{(index .status.loadBalancer.ingress 0).ip}}'):80"
Alternative: we noticed that in some setups that the docker network is not reachable. In that scenario you can expose the service with:
kubectl port-forward service/istio-ingressgateway -n istio-ingress 8080:80 &
export INITIUM_LB_ENDPOINT="127.0.0.1:8080"
Github Actions: The application endpoint can be found at the bottom of the pipeline output. The hostname will look like this: initium-nodejs-demo-app.initium-test.example.com In order to access the application, use the following command:
curl -H "Host: <replace_with_hostname>" $INITIUM_LB_ENDPOINT
The same command applies for onbranch & onmain deployments. The part that will be different is the namespace.