Skip to content

Deployment Overview

Parameter model (deployment-agnostic)

Use these parameters in all commands and explanations:

Parameter Meaning Example in this repo
ENTITY_NAMESPACE Business/entity namespace used in routing and registry pathing france-titres
APP_SLUG Application/service identifier hello-world
REGISTRY_HOST Container registry hostname tools.playground.france-identite.gouv.fr
K8S_NAMESPACE Kubernetes namespace for release resources hello-world
RELEASE_NAME Helm release name hello-world

Repository responsibilities

  • hello-world-main/: builds and pushes the container image through GitLab CI. Source: hello-world-main/.gitlab-ci.yml (build job)
  • helm-hello-world-main/: deploys workload/service and defines Istio VirtualService routing. Source: helm-hello-world-main/templates/*.yaml

End-to-end flow

flowchart LR
  A[Commit to main] --> B[GitLab build pipeline]
  B --> C[docker login to registry]
  C --> D[docker build APP image]
  D --> E[docker push image tag]
  E --> F[Helm upgrade install]
  F --> G[Kubernetes Deployment and Service]
  G --> H[Istio VirtualService]
  H --> I[Traffic routed by entity namespace and app path]

Current implementation examples:

  • Image path pattern: ${REGISTRY_HOST}/${ENTITY_NAMESPACE}/${APP_SLUG}
  • Tag used by CI: latest
  • Route prefix pattern: /${ENTITY_NAMESPACE}/${APP_SLUG}/

Sources: - hello-world-main/.gitlab-ci.yml (IMAGE, TAG) - helm-hello-world-main/templates/virtualservice.yaml (prefix: /france-titres/hello-world/)

What is implemented today

  • CI contains only one stage (build) and triggers only on main. Source: hello-world-main/.gitlab-ci.yml
  • CI pushes mutable latest tag (no semantic/tag/SHA tagging). Source: hello-world-main/.gitlab-ci.yml (TAG: latest)
  • Helm deployment uses image.repository:image.tag from values. Source: helm-hello-world-main/templates/deployment.yaml, helm-hello-world-main/values.yaml
  • VirtualService routing fields are hardcoded in template (not values-driven). Source: helm-hello-world-main/templates/virtualservice.yaml

Important implementation caveats

  • Docker build file in source repo is named dockerfile (lowercase), while CI runs docker build ... . without -f. Source: hello-world-main/dockerfile, hello-world-main/.gitlab-ci.yml
  • Compose maps 5173:5173 while container runtime serves on 80. Source: hello-world-main/docker-compose.yml, hello-world-main/dockerfile
  • Deployment template hardcodes imagePullPolicy: Always and hardcodes imagePullSecret name. Source: helm-hello-world-main/templates/deployment.yaml

Assumptions

  • Registry credentials/variables are provided by GitLab CI variables. Why: referenced in pipeline, values not defined in repo. Source: hello-world-main/.gitlab-ci.yml
  • Helm apply step is executed outside hello-world-main pipeline. Why: no deploy stage/job in app CI file. Source: hello-world-main/.gitlab-ci.yml