Hell yeah! I enhanced my existing concourse pipeline of simply building the images to also grab secrets and run a k8s deployment. From a simple bump of a version file, my pipeline will now build, tag, and push an image, then deploy the new image into my k8s cluster for the world to see. Of course, I get a Mattermost notification when it succeeds or fails.
To outline roughly what the stack is for this website:
- Hugo: A wonderful static site generator written in Go.
- Docker: Most people should know this one. It’s… well, Docker.
- Concourse: A really cool CI system. I chose it mostly because I love the UI (see pictures below!)
- Helm: The one (and only?) package manager for K8s. It’s quite easy to write a helm chart for something simple like hosting this website.
- Helm Secrets: Helm secrets uses sops to encrypt yaml files so they can be checked in. I really like this solution because then I can avoid self-hosting something like Vault to manage my secrets for helm. I actually also use it for Concourse and Ansible secrets since those are all YAML based.
- Helmsman: A great tool to specify helm charts and their versions via a desired state file (DSF). It allows for easy environment overrides for setting helm values which is really great for CICD pipelines. It also can be run idempotently.
The repo for this site, its helm chart and the Helmsman DSF are all checked in my public Github Repo. You can also checkout my Concourse Repo.
Here’s the pipeline:
And here is the deploy task in deploy-to-k8s job:
Mattermost Notification:
