this post was submitted on 19 Sep 2023
14 points (100.0% liked)

Selfhosted

40041 readers
749 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
14
What's the best approach to deploy a static website to K8s cluster from a CI pipeline? (infosec.pub)
submitted 1 year ago by xinayder@infosec.pub to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

I have a small VPS that hosts some services I use daily and I'd like to migrate that to a K8s cluster. One of the services being hosted is my personal website, built with Hugo and served by Caddy.

Right now, I have the code for my website on Codeberg and I have a CI pipeline that builds the website and uploads it to my VPS via rsync.

I want to move the website to the k8s cluster, but I have no idea how to do it "securely". What I have right now is a separate user on my VPS called deploy and it rsyncs the files to the data directory Caddy is using to serve my files.

I thought I could do the same on the k8s cluster server, but it's usually not a good idea to mount host paths with k8s unless absolutely necessary, because container escaping is an actual problem.

So far the only alternative I could think of is to change the CI pipeline to publish my website on another branch and signal it to my K8s cluster so the files should be updated, but I'd like to know what better options exist and how easy they are to setup.

you are viewing a single comment's thread
view the rest of the comments
[–] ArbiterXero@lemmy.world 3 points 1 year ago (1 children)

The docker image needs to actually host the site, so more than just files, you’ll need nginx in the image.

K8s is WAY over complicated for this, it’s designed for auto scaling and self healing, but I’m assuming you’re using this as a “cool” or “learning” exercise.

Helm packages for k8s are super helpful and will give you a template for all the networking pieces

[–] xinayder@infosec.pub 1 points 1 year ago (2 children)

That's a nice suggestion. I guess I can make the CI build a Docker image containing my website's files and then have a plugin for it to restart the pod that serves the website so it fetches the latest image.

[–] ArbiterXero@lemmy.world 4 points 1 year ago

K8s is that “restart” mechanism.

Docker images are just the thing that it restarts.

Docker itself or “docker compose” can restart images and do everything you need, but if you want to go the full k8s it’s complicated but great learning

[–] doeknius_gloek@feddit.de 2 points 1 year ago* (last edited 1 year ago)

One simple way to pull the new image into your cluster is to overwrite the latest tag, specify imagePullPolicy: Always in your deployment and then use kubectl rollout restart deployment my-static-site from within your pipeline. Kubernetes will then terminate all pods and replace them with new ones that pull the latest image.

You can also work with versioned tags and kubectl set image deployment/my-static-site site=my/image:version. This might be a bit nicer and allows imagePullPolicy: IfNotPresent, but you have to pass your version number into your pipeline somehow, e.g. with git tags.