initial pipelines concept

k8s-kustomizations/README.md

@@ -0,0 +1,23 @@
+# Environment Promotion using `kustomize`
+
+* Applications are defined at a central location in the repository
+* Each pipeline is represented in Git by a directory under `pipelines/`
+* Each stage of a pipeline is represented as a directory under `pipelines/<NAME>` where `<NAME>` is the pipeline's name
+* Differences between stages are tracked as `kustomize` patches
+* Promotion happens by modifying the respective `kustomize` patch file for the specific stage
+* Stage 0 is automatically updated using Flux's image update automation
+
+## Generic DevX
+
+### Promotion
+
+1. Build and push application image
+1. Check that Flux updates the application on dev and the app gets healthy
+1. Manually promote the application version from dev to staging by creating a commit changing the `kustomize` patch
+1. Check that Flux updates the application on staging and the app gets healthy
+1. Manually promote the application version from staging to prod by creating a commit changing the `kustomize` patch
+1. Check that Flux updates the application on staging and the app gets healthy
+
+### Pipeline Introspection
+
+Each pipeline stage is represented on the cluster by a `Kustomization`. The pipeline name is reflected by the `pipelines.weave.works/name` label on the Kustomization and the order of stages is represented by ascending values of the `pipelines.wave.works/stage` label.

k8s-kustomizations/apps/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- nginx.yaml

k8s-kustomizations/apps/nginx.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: nginx
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: 'nginx:latest'
+        name: nginx

k8s-kustomizations/pipelines/nginx/dev/imagepolicy_nginx.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: nginx-dev
+spec:
+  imageRepositoryRef:
+    name: nginx-repo
+  policy:
+    semver:
+      range: 1.x
+

k8s-kustomizations/pipelines/nginx/dev/imagerepository_nginx.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: nginx-repo
+spec:
+  image: nginx
+  interval: 1m0s
+

k8s-kustomizations/pipelines/nginx/dev/imageupdateautomation.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageUpdateAutomation
+metadata:
+  name: dev
+spec:
+  git:
+    checkout:
+      ref:
+        branch: main
+    commit:
+      author:
+        email: flux@e13.dev
+        name: flux
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system
+  update:
+    path: ./pipelines/k8s-kustomizations/environments/dev
+    strategy: Setters
+

k8s-kustomizations/pipelines/nginx/dev/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: dev
+resources:
+- ../../../apps/
+- imagerepository_nginx.yaml
+- imagepolicy_nginx.yaml
+- imageupdateautomation.yaml
+- sync.yaml
+patchesStrategicMerge:
+- nginx-tag.yaml

k8s-kustomizations/pipelines/nginx/dev/nginx-tag.yaml

@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.23.1 # {"$imagepolicy": "flux-system:nginx-dev"}

k8s-kustomizations/pipelines/nginx/dev/sync.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: nginx-dev
+  labels:
+    pipelines.weave.works/name: nginx
+    pipelines.weave.works/stage: "0"
+spec:
+  interval: 1m0s
+  path: ./pipelines/k8s-kustomizations/pipelines/nginx/dev
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system

k8s-kustomizations/pipelines/nginx/prod/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prod
+resources:
+- ../../../apps/
+- sync.yaml
+patchesStrategicMerge:
+- nginx-tag.yaml

k8s-kustomizations/pipelines/nginx/prod/nginx-tag.yaml

@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.21.6

k8s-kustomizations/pipelines/nginx/prod/sync.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: nginx-prod
+  labels:
+    pipelines.weave.works/name: nginx
+    pipelines.weave.works/stage: "2"
+spec:
+  interval: 1m0s
+  path: ./pipelines/k8s-kustomizations/pipelines/nginx/prod
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system

k8s-kustomizations/pipelines/nginx/staging/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: staging
+resources:
+- ../../../apps/
+- sync.yaml
+patchesStrategicMerge:
+- nginx-tag.yaml

k8s-kustomizations/pipelines/nginx/staging/nginx-tag.yaml

@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.22.0

k8s-kustomizations/pipelines/nginx/staging/sync.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: nginx-staging
+  labels:
+    pipelines.weave.works/name: nginx
+    pipelines.weave.works/stage: "1"
+spec:
+  interval: 1m0s
+  path: ./pipelines/k8s-kustomizations/pipelines/nginx/staging
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system