Skip to content

Commit

Permalink
az deploy CI
Browse files Browse the repository at this point in the history
04
  • Loading branch information
unkcpz committed Feb 13, 2024
1 parent e7f4c74 commit fff2f87
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 1 deletion.
62 changes: 62 additions & 0 deletions .github/workflows/deploy-to-aks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
name: Deploy to AKS

on:
push:
branches:
- main

# OIDC token being allowed be generated
permissions:
id-token: write
contents: read

jobs:
build-and-deploy:
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Azure Login
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Setup kubectl
uses: azure/setup-kubectl@v3
with:
version: 'latest'

- name: Setup Helm
uses: azure/setup-helm@v3
with:
version: 'latest'
token: ${{ secrets.GITHUB_TOKEN }}

- name: Install tool for rendering templates
run: |
python3 -m pip install -r requirements.txt
- name: Render values.yaml
run: |
jinja2 --format=env basehub/values.yaml.j2 > basehub/values.yaml
env:
OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }}
OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }}
OAUTH_CALLBACK_URL: ${{ secrets.OAUTH_CALLBACK_URL }}

- name: Connect to AKS
run: az aks get-credentials --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --name ${{ secrets.AZURE_KUBERNETES_CLUSTER }}

- name: Deploy to AKS
run: |
./deploy.sh
env:
K8S_NAMESPACE: ${{ vars.K8S_NAMESPACE }}

- name: Logout of Azure
run: az logout
20 changes: 19 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,12 @@ source k8s-deploy-venv/bin/activate
python3 -m pip install -r requirements.txt
```

Render the `values.yaml` file with the following command:

```bash
jinja2 --format=env basehub/values.yaml.j2 > basehub/values.yaml
```

The following environment variables are required to be set:

* `K8S_NAMESPACE`: The namespace where the JupyterHub will be installed, e.g. `production`, `staging`.
Expand All @@ -198,4 +204,16 @@ To deploy the JupyterHub, run the following command:
./deploy.sh
```

If the namespace does not exist, it will be created.
If the namespace does not exist, it will be created.


## For maintainers

### Automatic CI/CD deployment

We simply run helm upgrade in CI workflow to deploy the JupyterHub.
The CI workflow requires login to the Azure account, and we use OpenID Connect to authenticate the user.

Go to the entra.microsoft.com and navigate to the `aiidalab-sp` -> `Certificates & secrets` -> `Fedrated credentials`. Set credentials for the GitHub production and staging environments.

On the GitHub repository, the secrets are set for `production` and `staging` environments respectively.

0 comments on commit fff2f87

Please sign in to comment.