Skip to content

Kubernetes Deployment (Gitlab CI/CD)

The Kubernetes deploy template is used to deploy the Capella Collaboration Manager to a Kubernetes cluster using Helm.

Please add the following section to your .gitlab-ci.yml:

include:
  - remote: https://raw.githubusercontent.com/DSD-DBS/capella-collab-manager/${CAPELLA_COLLABORATION_MANAGER_REVISION}/ci-templates/gitlab/k8s-deploy.yml

You have to add the following environment variables on repository level. Make sure to enable the "Expand variable reference" flag.

  • PRIVATE_GPG_PATH: Path to the private GPG key used to decrypt the secret.k8s.json files.
  • GRAFANA_HELM_CHART: (Optional) - This variable is used to set the URL for the Grafana Helm chart. It is useful if your deployment environment has limited access, so you can specify a URL that is accessible for you.

In addition you can adjust the following variables when running a pipeline:

  • TARGET: The target for which you want to build the images (More information why this is important below)
  • REVISION: The revision of the capella collab manager repository you want to use

Docker and Kubernetes SOPS Files

For the k8s-deploy.yml you need to have some secret sops files in place. First of all, you need a secret.docker.json file as described here. In addition, you need to have a secret.k8s.json in each target directory created by a json file having the following structure:

{
  "server_unencrypted": "<k8s server>",
  "namespace_unencrypted": "<namespace>",
  "release_unencrypted": "<release>",
  "username_unencrypted": "<username>",
  "token": "<unencrypted token>"
}

In addition, you need to have a general.values.yaml containing all the values.yaml values that do not have to be encrypted and a secret.values.yaml only containing the values that should be encrypted (Please do not use YAML anchors in the secret.values.yaml file and do not use the _unencrypted suffix in the variable names).

Please delete the plain text files containing secrets directly after encrypting them.

Gitlab Repository Tree

The tree inside of your Gitlab repository should look like:

├── .gitlab-ci.yml
├── .sops.yaml
├── favicon.ico
├── target1
│   ├── general.values.yaml
│   ├── secret.values.yaml
│   ├── secret.docker.json
│   └── secret.k8s.json
├── target2
│   ├── general.values.yaml
│   ├── secret.values.yaml
│   ├── secret.docker.json
│   └── secret.k8s.json
└── ...

This is the (minimal) configuration. For more advanced configuration options, please refer to the k8s-deploy Gitlab template.