mirror of
https://github.com/ghndrx/k8s-game-2048.git
synced 2026-02-10 14:54:59 +00:00
63b53dfc1b
- Replace SSH/kubectl deployment with secure webhook-based approach - Add comprehensive webhook handler with HMAC signature verification - Support blue-green deployment strategy for production - Implement auto-promotion pipeline: dev → staging → prod - Add health checks using canonical Knative domains only - Include complete deployment documentation and setup scripts Changes: - Updated deploy-dev.yml, deploy-staging.yml, deploy-prod.yml workflows - Added webhook handler Python script with Flask API - Created Kubernetes manifests for webhook system deployment - Added ingress and service configuration for external access - Created setup script for automated webhook system installation - Documented complete webhook-based deployment guide Perfect for k3s clusters behind NAT without direct API access.
126 lines
4.7 KiB
Bash
Executable File
126 lines
4.7 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# Webhook-based Deployment Setup Script for k8s-game-2048
|
|
echo "🚀 Setting up webhook-based deployment for k8s-game-2048..."
|
|
|
|
# Configuration
|
|
WEBHOOK_SECRET="${WEBHOOK_SECRET:-$(openssl rand -hex 32)}"
|
|
MANIFESTS_PATH="${MANIFESTS_PATH:-/home/administrator/k8s-game-2048/manifests}"
|
|
WEBHOOK_DOMAIN="${WEBHOOK_DOMAIN:-webhook.$(hostname -f)}"
|
|
|
|
echo "📋 Configuration:"
|
|
echo " Webhook Secret: ${WEBHOOK_SECRET:0:8}..."
|
|
echo " Manifests Path: $MANIFESTS_PATH"
|
|
echo " Webhook Domain: $WEBHOOK_DOMAIN"
|
|
|
|
# Step 1: Create webhook system namespace
|
|
echo ""
|
|
echo "📦 Creating webhook system namespace..."
|
|
kubectl create namespace webhook-system --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
# Step 2: Create webhook secret
|
|
echo "🔐 Creating webhook secret..."
|
|
kubectl create secret generic webhook-secret \
|
|
--from-literal=webhook-secret="$WEBHOOK_SECRET" \
|
|
-n webhook-system \
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
# Step 3: Update webhook handler manifests with correct paths
|
|
echo "🔧 Updating webhook handler manifests..."
|
|
sed -i "s|/home/administrator/k8s-game-2048/manifests|$MANIFESTS_PATH|g" manifests/webhook/webhook-handler.yaml
|
|
sed -i "s|webhook.yourdomain.com|$WEBHOOK_DOMAIN|g" manifests/webhook/webhook-ingress.yaml
|
|
|
|
# Step 4: Deploy webhook handler script ConfigMap
|
|
echo "📜 Deploying webhook handler script..."
|
|
kubectl apply -f manifests/webhook/webhook-script-configmap.yaml
|
|
|
|
# Step 5: Deploy webhook handler
|
|
echo "🤖 Deploying webhook handler..."
|
|
kubectl apply -f manifests/webhook/webhook-handler.yaml
|
|
|
|
# Step 6: Deploy ingress (optional)
|
|
if [ "$DEPLOY_INGRESS" = "true" ]; then
|
|
echo "🌐 Deploying webhook ingress..."
|
|
kubectl apply -f manifests/webhook/webhook-ingress.yaml
|
|
else
|
|
echo "⏭️ Skipping ingress deployment (set DEPLOY_INGRESS=true to enable)"
|
|
fi
|
|
|
|
# Step 7: Wait for deployment to be ready
|
|
echo "⏳ Waiting for webhook handler to be ready..."
|
|
kubectl wait --for=condition=available deployment/webhook-handler -n webhook-system --timeout=300s
|
|
|
|
# Step 8: Get service information
|
|
echo ""
|
|
echo "📊 Webhook handler status:"
|
|
kubectl get pods -n webhook-system -l app=webhook-handler
|
|
|
|
echo ""
|
|
echo "🌐 Service endpoints:"
|
|
kubectl get svc -n webhook-system
|
|
|
|
# Step 9: Test webhook handler
|
|
echo ""
|
|
echo "🧪 Testing webhook handler..."
|
|
WEBHOOK_POD=$(kubectl get pods -n webhook-system -l app=webhook-handler -o jsonpath='{.items[0].metadata.name}')
|
|
if [ -n "$WEBHOOK_POD" ]; then
|
|
echo "Testing health endpoint..."
|
|
kubectl port-forward -n webhook-system pod/$WEBHOOK_POD 8080:8080 &
|
|
KUBECTL_PID=$!
|
|
sleep 5
|
|
|
|
if curl -s http://localhost:8080/health | grep -q "healthy"; then
|
|
echo "✅ Webhook handler health check passed!"
|
|
else
|
|
echo "⚠️ Webhook handler health check failed"
|
|
fi
|
|
|
|
kill $KUBECTL_PID 2>/dev/null || true
|
|
fi
|
|
|
|
# Step 10: Display setup information
|
|
echo ""
|
|
echo "🎉 Webhook-based deployment setup completed!"
|
|
echo ""
|
|
echo "📝 Next steps:"
|
|
echo "1. Configure GitHub repository secrets:"
|
|
echo " - WEBHOOK_SECRET: $WEBHOOK_SECRET"
|
|
echo " - DEV_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo " - STAGING_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo " - PROD_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo " - KNATIVE_DOMAIN: your-knative-domain.com"
|
|
echo ""
|
|
echo "2. Expose webhook handler externally:"
|
|
if [ "$DEPLOY_INGRESS" != "true" ]; then
|
|
echo " # Option A: Use port-forward for testing"
|
|
echo " kubectl port-forward -n webhook-system svc/webhook-handler-external 8080:80"
|
|
echo ""
|
|
echo " # Option B: Get LoadBalancer IP (if available)"
|
|
echo " kubectl get svc webhook-handler-external -n webhook-system"
|
|
echo ""
|
|
echo " # Option C: Deploy ingress with your domain"
|
|
echo " DEPLOY_INGRESS=true WEBHOOK_DOMAIN=your-domain.com ./scripts/setup-webhook-deployment.sh"
|
|
fi
|
|
echo ""
|
|
echo "3. Test webhook endpoint:"
|
|
echo " curl -X POST https://$WEBHOOK_DOMAIN/webhook/deploy \\"
|
|
echo " -H 'Content-Type: application/json' \\"
|
|
echo " -H 'X-Signature-SHA256: sha256=SIGNATURE' \\"
|
|
echo " -d '{\"environment\":\"dev\",\"image\":\"nginx:latest\",\"namespace\":\"default\",\"service_name\":\"test\"}'"
|
|
echo ""
|
|
echo "4. Push code changes to trigger automated deployment!"
|
|
|
|
# Output webhook secret for GitHub configuration
|
|
echo ""
|
|
echo "🔑 GitHub Secrets Configuration:"
|
|
echo "===============================|"
|
|
echo "SECRET NAME | SECRET VALUE"
|
|
echo "===============================|"
|
|
echo "WEBHOOK_SECRET | $WEBHOOK_SECRET"
|
|
echo "DEV_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo "STAGING_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo "PROD_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo "KNATIVE_DOMAIN | your-knative-domain.com"
|
|
echo "===============================|"
|