From b6cd4f8070dfc50ec8e252c4bb9225cf838a09fe Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Mon, 23 Sep 2024 14:41:31 -0700 Subject: [PATCH 1/3] Bring default templates up to par with what Rails generates --- lib/kamal/cli/templates/deploy.yml | 50 +++++++++++++++++++----------- lib/kamal/cli/templates/secrets | 5 +-- 2 files changed, 35 insertions(+), 20 deletions(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index 8ecf5d044..2a2a9ffda 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -6,7 +6,18 @@ image: user/my-app # Deploy to these servers. servers: - - 192.168.0.1 + web: + - 192.168.0.1 + # job: + # hosts: + # - 192.168.0.1 + # cmd: bin/jobs + +# Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server). +# Set ssl: false if using something like Cloudflare to terminate SSL (but keep host!). +proxy: + ssl: true + host: app.example.com # Credentials for your image host. registry: @@ -18,23 +29,35 @@ registry: password: - KAMAL_REGISTRY_PASSWORD -# Configure builder setup. -builder: - arch: amd64 - -# Inject ENV variables into containers (secrets come from .env). -# Remember to run `kamal env push` after making changes! +# Inject ENV variables into containers (secrets come from .kamal/secrets). +# # env: # clear: # DB_HOST: 192.168.0.2 # secret: # - RAILS_MASTER_KEY +# Aliases are triggered with "bin/kamal ". You can overwrite arguments on invocation: +# "bin/kamal logs -r job" will tail logs from the first server in the job section. +aliases: + shell: app exec --interactive --reuse "bash" + +# Use a persistent storage volume. +# +# volumes: +# - "app_storage:/rails/storage" + +# Configure builder setup. +builder: + arch: amd64 + # Use a different ssh user than root +# # ssh: # user: app -# Use accessory services (secrets come from .env). +# Use accessory services (secrets come from .kamal/secrets). +# # accessories: # db: # image: mysql:8.0 @@ -61,12 +84,10 @@ builder: # hitting 404 on in-flight requests. Combines all files from new and old # version inside the asset_path. # -# If your app is using the Sprockets gem, ensure it sets `config.assets.manifest`. -# See https://github.com/basecamp/kamal/issues/626 for details -# # asset_path: /rails/public/assets # Configure rolling deploys by setting a wait time between batches of restarts. +# # boot: # limit: 10 # Can also specify as a percentage of total hosts, such as "25%" # wait: 2 @@ -74,11 +95,4 @@ builder: # Configure the role used to determine the primary_host. This host takes # deploy locks, runs health checks during the deploy, and follow logs, etc. # -# Caution: there's no support for role renaming yet, so be careful to cleanup -# the previous role on the deployed hosts. # primary_role: web - -# Controls if we abort when see a role with no hosts. Disabling this may be -# useful for more complex deploy configurations. -# -# allow_empty_roles: false diff --git a/lib/kamal/cli/templates/secrets b/lib/kamal/cli/templates/secrets index 91f4f239e..b13666047 100644 --- a/lib/kamal/cli/templates/secrets +++ b/lib/kamal/cli/templates/secrets @@ -1,5 +1,6 @@ -# WARNING: Avoid adding secrets directly to this file -# If you must, then add `.kamal/secrets*` to your .gitignore file +# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets, +# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either +# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git. # Option 1: Read secrets from the environment KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD From 9dde2044804a3f1e13fcdf08234b085b3e66d678 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Mon, 23 Sep 2024 16:30:16 -0700 Subject: [PATCH 2/3] Rearange --- lib/kamal/cli/templates/deploy.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index 2a2a9ffda..cf8d752b6 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -29,6 +29,10 @@ registry: password: - KAMAL_REGISTRY_PASSWORD +# Configure builder setup. +builder: + arch: amd64 + # Inject ENV variables into containers (secrets come from .kamal/secrets). # # env: @@ -39,18 +43,15 @@ registry: # Aliases are triggered with "bin/kamal ". You can overwrite arguments on invocation: # "bin/kamal logs -r job" will tail logs from the first server in the job section. -aliases: - shell: app exec --interactive --reuse "bash" +# +# aliases: +# shell: app exec --interactive --reuse "bash" # Use a persistent storage volume. # # volumes: # - "app_storage:/rails/storage" -# Configure builder setup. -builder: - arch: amd64 - # Use a different ssh user than root # # ssh: From 0f5dfa204f0f8e96023075f9ae19b82f66fb7609 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Mon, 23 Sep 2024 16:44:54 -0700 Subject: [PATCH 3/3] Rearrange one last time --- lib/kamal/cli/templates/deploy.yml | 41 +++++++++++++----------------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index cf8d752b6..7eec6aa23 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -2,7 +2,7 @@ service: my-app # Name of the container image. -image: user/my-app +image: my-user/my-app # Deploy to these servers. servers: @@ -25,7 +25,7 @@ registry: # server: registry.digitalocean.com / ghcr.io / ... username: my-user - # Always use an access token rather than real password when possible. + # Always use an access token rather than real password (pulled from .kamal/secrets). password: - KAMAL_REGISTRY_PASSWORD @@ -47,15 +47,27 @@ builder: # aliases: # shell: app exec --interactive --reuse "bash" +# Use a different ssh user than root +# +# ssh: +# user: app + # Use a persistent storage volume. # # volumes: -# - "app_storage:/rails/storage" +# - "app_storage:/app/storage" -# Use a different ssh user than root +# Bridge fingerprinted assets, like JS and CSS, between versions to avoid +# hitting 404 on in-flight requests. Combines all files from new and old +# version inside the asset_path. # -# ssh: -# user: app +# asset_path: /app/public/assets + +# Configure rolling deploys by setting a wait time between batches of restarts. +# +# boot: +# limit: 10 # Can also specify as a percentage of total hosts, such as "25%" +# wait: 2 # Use accessory services (secrets come from .kamal/secrets). # @@ -80,20 +92,3 @@ builder: # port: 6379 # directories: # - data:/data - -# Bridge fingerprinted assets, like JS and CSS, between versions to avoid -# hitting 404 on in-flight requests. Combines all files from new and old -# version inside the asset_path. -# -# asset_path: /rails/public/assets - -# Configure rolling deploys by setting a wait time between batches of restarts. -# -# boot: -# limit: 10 # Can also specify as a percentage of total hosts, such as "25%" -# wait: 2 - -# Configure the role used to determine the primary_host. This host takes -# deploy locks, runs health checks during the deploy, and follow logs, etc. -# -# primary_role: web