Why production auto-deployments is a bad idea?

Most companies DevOps have setup multiple environments: dev, test ,stage, production. And if not you should be doing that today!
These enable you to reduce risk and ensure software engineering ships quality code.
You might have even hired a DevOps developer which has setup a CI/CD pipeline, helped Dockerize your app and run them in a Kubernetes Cluster.
This is a very common setup these days, it ensures developers can easily make code change, which case then be ready to test on the cloud in a matter of minutes.
This automation is blessed for most environments, when a developer wants to test a new feature, when someone needs to qa or approve the feature, etc.

DevOps – DeployBot

I don’t like the idea of auto-deploy to production. Many times we want to control and decide how and when we deploy to production.
Maybe we want to group together a bunch of features, maybe we want to deploy new features only on Monday, etc.

Enter DeployBot. This Slack ChatBot can deploy your application by sending a message on a secure Slack channel. As simple as that.
You don’t even need technical skills. It’s developed in Python, and if you don’t have those skills in-house, you can hire a python developer to configure my code very quickly for you.

DeployBot Slack Configuration

The first step, is to setup the SlackBot application and channel for using SlackBot.
Also please note, this configuration is correct as per March, 2020, so future changes to the api might be needed:

  • First go to you Slack app page https://api.slack.com/apps?new_classic_app=1 and sign in.
  • Make sure you create a Class App as in the link I have attached above.Give it your DeployBot Name (something like DeployBot) and choose the workspace you would like to run in.

  • One the App Configuration Screen, from the Features and Functionality select the bots.<;li>
  • Add a Legacy Bot and give it a name and select a user. Something like DeployBot and Deploy_bot for example.

  • Click on oAuth and Permission, and scroll down to “scopes”
  • DO NOT CLICK UPDATE SCOPES!
  • Use the add oAuth Scope and add the following permissions: app_mentions:read, chat:write, im:write, incoming-webhook

  • After that click install into workspace (Auth and Permissions) and install your Slack Bot App
  • Take a note of the oAuth token and Slack bot Token (we will need them later)
  • Then go to your slack client, and click on apps (bottom left hand side list of contacts). you should see your slackbot there
  • Click on it and hover over the SlackBot name, make a note of the url, the last part is your slackbot ID.
    https://hexanow.slack.com/team/U012GGEU0HJ would mean that U012GGEU0HJ is your slackbot user id!

Now we are ready to configure the bot and install it into the workspace.

Bot Configuration and Installation

Now we need to setup the Deploybot installation in your organization.
This might require some simple DevOps skills, and perhaps some very basic Python skills. If you do not have these skills in-house, it can be very easy to hire a DevOps engineer and hire a Python developer to do this step for you. Feel free to contact us for help in getting setup.

Steps for setup

  • Clone the project:

    git clone [email protected]:DoryZi/SlackKubeDeployBot.git

  • Edit your setup.yaml

    This file contains all your definitions. First we need to update the secrets yaml.
    In this section please update the AWS SECRET, you Slackbot oauth token from the Slackbot installation, and the Kuberentes Cluster Token and Token2.
    The KUBE TOKEN are not mandatory, the kubernetes setup will try to use in Cluster Authorization. If that fails, or if you Slackbot is running in a different cluster.
    You can use the AUTH TOKENS. The first one is the default Auth token for all your cluster, the second one, is used if you need to override for a particular app.
    For example if you have 2 different clusters you wish to run deploy bot on. You can also easily extend this setup to support multiple clusters. If you need to hire a python developer to help you setup this up, feel free to reach out to us.
    You need to base64 encode you secrets:
    echo "" | base64 -w 0

    
apiVersion: v1
kind: Secret
metadata:
  name: slackbot-secrets
  namespace: slackbot
type: Opaque
data:
  AWS_SECRET_ACCESS_KEY: <base64 encoded secret access key>
  SLACKBOT_API_TOKEN: <base64 encoded copied slackbot oauth token>
  KUBE_TOKEN: <base64 encoded kubetoken>
  KUBE_TOKEN2: <base64 encoded kubetoken>

    More info on kuberenetes secrets

  • Configure environment variables and App Information

    So this step involves setting up your app configuration. This is contained in the ConfigMap part of the setup.yaml
    The env variables, bellow are pretty simple and strait forward, I will try to explain how the app config works.
    For each up app you wish Deploybot to recognize you must add an APP CONFIG entry.
    Each entry consists of:

    • “app-name” – name of your app, this will be the base when it looks for ECR entries for new builds too
    • “deployment” – the name of your kuberenetes deployment running this application.
    • “container-name” – the name of your kuberentes deplyoment container name
    • “cluster-token” – optional – a cluster token if this deployment runs in a different cluster to the default one. This is taken from KUBE_TOKEN2.
    • “cluster-endpoint” – optional a second cluster endpoint, if this deployment runs in a different cluster to the default one, This is tkane from KUBE_ENDPOINT2
    
apiVersion: v1
kind: ConfigMap
metadata:
  name: slackbot-config
  namespace: slackbot
data:
  APP_CONFIG: |
  {
    "app-name": {
      "deployment": '',
      "namespace": "",
      "container-name": "",
      "cluster-token": NEW_CLUSTER_TOKEN, # this is optional if you're running in another cluster
      "cluster-endpoint": NEW_CLUSTER_ENDPOINT # this is optional if you're running in another cluster
    },
  }
  ECR_REGISTRY: ""
  DEPLOYBOT_USER_ID: ""
  AWS_ACCOUNT_ID: ""
  AWS_DEFAULT_REGION: ""
  AWS_ACCESS_KEY_ID : ""
  KUBE_CLUSTER_ENDPOINT: ""
  KUBE_CLUSTER_ENDPOINT2: ""

  • Apply your configuration

    : kubectl apply -f setup.yaml

    • After all of this, your slackbot is ready to be used.
    Feel free to create a secure channel, or directly message to your chat bot.
    It should be able to run a few commands such as:
    You can check for a new image in the registry (compared to what your deployment is running), check your running image, or deploy the latest image to the live.

    Extending – a DevOps engineer or Python Developer task

    This app uses the kubernetes API and aws API. It can easily be extended to run on GCP, however this would require you to have Python skills and DevOps skills.
    If you do not have them in-house feel free to reach out to us to hire a python developer.
    We hope this helps, and that you find DeployBot useful.