vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding fission for real

Browse Source
This commit is contained in:
Sébastien Huss
2024-04-16 13:51:49 +02:00
parent 32bc211cb6
commit 085d8b1aeb
70 changed files with 2672 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
core/fission/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_mutating-webhook-configuration.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /mutate-fission-io-v1-package
failurePolicy: Fail
name: mpackage.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- packages
sideEffects: None

146
core/fission/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_validating-webhook-configuration.yaml Normal file
View File

@@ -0,0 +1,146 @@
# Source: fission-all/templates/webhook-server/webhooks.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-environment
failurePolicy: Fail
name: venvironment.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
resources:
- environments
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-function
failurePolicy: Fail
name: vfunction.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- functions
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-httptrigger
failurePolicy: Fail
name: vhttptrigger.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- httptriggers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-kuberneteswatchtrigger
failurePolicy: Fail
name: vkuberneteswatchtrigger.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- kuberneteswatchtriggers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-messagequeuetrigger
failurePolicy: Fail
name: vmessagequeuetrigger.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- messagequeuetriggers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-package
failurePolicy: Fail
name: vpackage.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- packages
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: fission
path: /validate-fission-io-v1-timetrigger
failurePolicy: Fail
name: vtimetrigger.fission.io
rules:
- apiGroups:
- fission.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- timetriggers
sideEffects: None

86
core/fission/apps_v1_Deployment_buildermgr.yaml Normal file
View File

@@ -0,0 +1,86 @@
# Source: fission-all/templates/buildermgr/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: buildermgr
labels:
chart: "fission-all-v1.20.1"
svc: buildermgr
spec:
replicas: 1
selector:
matchLabels:
svc: buildermgr
template:
metadata:
labels:
svc: buildermgr
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: buildermgr
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--builderMgr", "--storageSvcUrl", "http://storagesvc.fission"]
env:
- name: FETCHER_IMAGE
value: "fission/fetcher:v1.20.1"
- name: FETCHER_IMAGE_PULL_POLICY
value: "IfNotPresent"
- name: BUILDER_IMAGE_PULL_POLICY
value: "IfNotPresent"
- name: ENABLE_ISTIO
value: "false"
- name: FETCHER_MINCPU
value: "10m"
- name: FETCHER_MINMEM
value: "16Mi"
- name: FETCHER_MAXCPU
value: ""
- name: FETCHER_MAXMEM
value: ""
- name: DEBUG_ENV
value: "false"
- name: PPROF_ENABLED
value: "false"
- name: HELM_RELEASE_NAME
value: "fission-v1-20-1"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
ports:
- containerPort: 8080
name: metrics
resources:
{}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-buildermgr

111
core/fission/apps_v1_Deployment_executor.yaml Normal file
View File

@@ -0,0 +1,111 @@
# Source: fission-all/templates/executor/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: executor
labels:
chart: "fission-all-v1.20.1"
svc: executor
spec:
replicas: 1
selector:
matchLabels:
svc: executor
template:
metadata:
labels:
svc: executor
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: executor
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--executorPort", "8888"]
env:
- name: FETCHER_IMAGE
value: "fission/fetcher:v1.20.1"
- name: FETCHER_IMAGE_PULL_POLICY
value: "IfNotPresent"
- name: RUNTIME_IMAGE_PULL_POLICY
value: "IfNotPresent"
- name: ADOPT_EXISTING_RESOURCES
value: "false"
- name: POD_READY_TIMEOUT
value: "300s"
- name: ENABLE_ISTIO
value: "false"
- name: FETCHER_MINCPU
value: "10m"
- name: FETCHER_MINMEM
value: "16Mi"
- name: FETCHER_MAXCPU
value: ""
- name: FETCHER_MAXMEM
value: ""
- name: DEBUG_ENV
value: "false"
- name: PPROF_ENABLED
value: "false"
- name: OBJECT_REAPER_INTERVAL
value: "5"
- name: SERVICEACCOUNT_CHECK_ENABLED
value: "true"
- name: SERVICEACCOUNT_CHECK_INTERVAL
value: "0"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: HELM_RELEASE_NAME
value: "fission-v1-20-1"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
resources:
{}
readinessProbe:
httpGet:
path: "/healthz"
port: 8888
initialDelaySeconds: 1
periodSeconds: 1
failureThreshold: 30
livenessProbe:
httpGet:
path: "/healthz"
port: 8888
initialDelaySeconds: 35
periodSeconds: 5
ports:
- containerPort: 8080
name: metrics
- containerPort: 8888
name: http
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-executor

61
core/fission/apps_v1_Deployment_kubewatcher.yaml Normal file
View File

@@ -0,0 +1,61 @@
# Source: fission-all/templates/kubewatcher/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubewatcher
labels:
chart: "fission-all-v1.20.1"
svc: kubewatcher
spec:
replicas: 1
selector:
matchLabels:
svc: kubewatcher
template:
metadata:
labels:
svc: kubewatcher
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: kubewatcher
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--kubewatcher", "--routerUrl", "http://router.fission"]
env:
- name: DEBUG_ENV
value: "false"
- name: PPROF_ENABLED
value: "false"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
resources:
{}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-kubewatcher

75
core/fission/apps_v1_Deployment_mqtrigger-keda.yaml Normal file
View File

@@ -0,0 +1,75 @@
# Source: fission-all/templates/mqt-keda/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mqtrigger-keda
labels:
chart: "fission-all-v1.20.1"
svc: mqtrigger-keda
messagequeue: keda
spec:
replicas: 1
selector:
matchLabels:
svc: mqtrigger-keda
messagequeue: keda
template:
metadata:
labels:
svc: mqtrigger-keda
messagequeue: keda
spec:
containers:
- name: mqtrigger-keda
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--mqt_keda", "--routerUrl", "http://router.fission"]
env:
- name: DEBUG_ENV
value: "false"
- name: CONNECTOR_IMAGE_PULL_POLICY
value: "IfNotPresent"
- name: KAFKA_IMAGE
value: "ghcr.io/fission/keda-kafka-http-connector:v0.13"
- name: RABBITMQ_IMAGE
value: "ghcr.io/fission/keda-rabbitmq-http-connector:v0.11"
- name: AWS-KINESIS-STREAM_IMAGE
value: "ghcr.io/fission/keda-aws-kinesis-http-connector:v0.11"
- name: AWS-SQS-QUEUE_IMAGE
value: "ghcr.io/fission/keda-aws-sqs-http-connector:v0.12"
- name: STAN_IMAGE
value: "ghcr.io/fission/keda-nats-streaming-http-connector:v0.14"
- name: NATS-JETSTREAM_IMAGE
value: "ghcr.io/fission/keda-nats-jetstream-http-connector:v0.5"
- name: GCP-PUBSUB_IMAGE
value: "ghcr.io/fission/keda-gcp-pubsub-http-connector:v0.7"
- name: REDIS_IMAGE
value: "ghcr.io/fission/keda-redis-http-connector:v0.4"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
resources:
{}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-keda

118
core/fission/apps_v1_Deployment_router.yaml Normal file
View File

@@ -0,0 +1,118 @@
# Source: fission-all/templates/router/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: router
labels:
chart: "fission-all-v1.20.1"
svc: router
application: fission-router
spec:
replicas: 1
selector:
matchLabels:
application: fission-router
svc: router
template:
metadata:
labels:
application: fission-router
svc: router
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: router
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--routerPort", "8888", "--executorUrl", "http://executor.fission"]
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ROUTER_ROUND_TRIP_TIMEOUT
value: "50ms"
- name: ROUTER_ROUNDTRIP_TIMEOUT_EXPONENT
value: "2"
- name: ROUTER_ROUND_TRIP_KEEP_ALIVE_TIME
value: "30s"
- name: ROUTER_ROUND_TRIP_DISABLE_KEEP_ALIVE
value: "true"
- name: ROUTER_ROUND_TRIP_MAX_RETRIES
value: "10"
- name: ROUTER_SVC_ADDRESS_MAX_RETRIES
value: "5"
- name: ROUTER_SVC_ADDRESS_UPDATE_TIMEOUT
value: "30s"
- name: ROUTER_UNTAP_SERVICE_TIMEOUT
value: "3600s"
- name: USE_ENCODED_PATH
value: "false"
- name: DEBUG_ENV
value: "false"
- name: PPROF_ENABLED
value: "false"
- name: DISPLAY_ACCESS_LOG
value: "false"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
resources:
{}
readinessProbe:
httpGet:
path: "/router-healthz"
port: 8888
initialDelaySeconds: 1
periodSeconds: 1
failureThreshold: 30
livenessProbe:
httpGet:
path: "/router-healthz"
port: 8888
initialDelaySeconds: 35
periodSeconds: 5
volumeMounts:
- name: config-volume
mountPath: /etc/config/config.yaml
subPath: config.yaml
ports:
- containerPort: 8080
name: metrics
- containerPort: 8888
name: http
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-router
volumes:
- name: config-volume
configMap:
name: feature-config

97
core/fission/apps_v1_Deployment_storagesvc.yaml Normal file
View File

@@ -0,0 +1,97 @@
# Source: fission-all/templates/storagesvc/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: storagesvc
labels:
chart: "fission-all-v1.20.1"
svc: storagesvc
application: fission-storage
spec:
replicas: 1
selector:
matchLabels:
svc: storagesvc
application: fission-storage
template:
metadata:
labels:
svc: storagesvc
application: fission-storage
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: storagesvc
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--storageServicePort", "8000", "--storageType", "local"]
env:
- name: PRUNE_ENABLED
value: "true"
- name: PRUNE_INTERVAL
value: "60"
- name: DEBUG_ENV
value: "false"
- name: PPROF_ENABLED
value: "false"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
resources:
{}
volumeMounts:
- name: fission-storage
mountPath: /fission
readinessProbe:
httpGet:
path: "/healthz"
port: 8000
initialDelaySeconds: 1
periodSeconds: 1
failureThreshold: 30
livenessProbe:
httpGet:
path: "/healthz"
port: 8000
initialDelaySeconds: 35
periodSeconds: 5
ports:
- containerPort: 8080
name: metrics
- containerPort: 8000
name: http
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-storagesvc
volumes:
- name: fission-storage
persistentVolumeClaim:
claimName: fission-storage-pvc

61
core/fission/apps_v1_Deployment_timer.yaml Normal file
View File

@@ -0,0 +1,61 @@
# Source: fission-all/templates/timer/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: timer
labels:
chart: "fission-all-v1.20.1"
svc: timer
spec:
replicas: 1
selector:
matchLabels:
svc: timer
template:
metadata:
labels:
svc: timer
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: timer
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--timer", "--routerUrl", "http://router.fission"]
env:
- name: DEBUG_ENV
value: "false"
- name: PPROF_ENABLED
value: "false"
- name: FISSION_BUILDER_NAMESPACE
value: ""
- name: FISSION_FUNCTION_NAMESPACE
value: ""
- name: FISSION_DEFAULT_NAMESPACE
value: "default"
- name: FISSION_RESOURCE_NAMESPACES
value: default
- name: KUBE_CLIENT_QPS
value: "200"
- name: KUBE_CLIENT_BURST
value: "500"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: ""
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"
- name: OTEL_TRACES_SAMPLER
value: "parentbased_traceidratio"
- name: OTEL_TRACES_SAMPLER_ARG
value: "0.1"
- name: OTEL_PROPAGATORS
value: "tracecontext,baggage"
resources:
{}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
serviceAccountName: fission-timer

48
core/fission/apps_v1_Deployment_webhook.yaml Normal file
View File

@@ -0,0 +1,48 @@
# Source: fission-all/templates/webhook-server/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: webhook
labels:
chart: "fission-all-v1.20.1"
svc: webhook-service
application: fission-webhook
spec:
replicas: 1
selector:
matchLabels:
svc: webhook-service
application: fission-webhook
template:
metadata:
labels:
svc: webhook-service
application: fission-webhook
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
spec:
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
containers:
- name: webhook
image: "ghcr.io/fission/fission-bundle:v1.20.1"
imagePullPolicy: IfNotPresent
command: ["/fission-bundle"]
args: ["--webhookPort", "9443"]
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: serving-certs
readOnly: true
ports:
- containerPort: 8080
name: metrics
volumes:
- name: serving-certs
secret:
secretName: fission-webhook-certs
serviceAccountName: fission-webhook

35
core/fission/certs.tf Normal file
View File

@@ -0,0 +1,35 @@
resource "kubectl_manifest" "issuer" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "fission-selfsigned"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
selfSigned: {}
EOF
}
resource "kubectl_manifest" "fission-webhook-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "fission-webhook-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- webhook-service
- webhook-service.${var.namespace}
- webhook-service.${var.namespace}.svc
- webhook-service.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: fission-selfsigned
secretName: fission-webhook-certs
subject:
organizationalUnits:
- fission-webhook
EOF
}

453
core/fission/datas.tf Normal file
View File

@@ -0,0 +1,453 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
rb_patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
pull_policy_patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: "${var.images.bundle.pull_policy}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("WebhookConfiguration",file))<1]
images {
name = "ghcr.io/fission/fission-bundle"
new_name = "${var.images.bundle.registry}/${var.images.bundle.repository}"
new_tag = "${var.images.bundle.tag}"
}
patches {
target {
kind = "Deployment"
name = "router"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/args/3
value: "http://executor.${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/15/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/16/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "storagesvc"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/env/6/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/7/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "kubewatcher"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/args/2
value: "http://router.${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/4/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/5/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "timer"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/args/2
value: "http://router.${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/4/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/5/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "buildermgr"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/args/2
value: "http://storagesvc.${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/0/value
value: "${var.images.fetcher.registry}/${var.images.fetcher.repository}:${var.images.fetcher.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/13/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/14/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "executor"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/env/0/value
value: "${var.images.fetcher.registry}/${var.images.fetcher.repository}:${var.images.fetcher.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/17/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/18/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "mqtrigger-keda"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/args/2
value: "http://router.${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/2/value
value: "${var.images.keda-kafka.registry}/${var.images.keda-kafka.repository}:${var.images.keda-kafka.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/3/value
value: "${var.images.keda-rabbitmq.registry}/${var.images.keda-rabbitmq.repository}:${var.images.keda-rabbitmq.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/4/value
value: "${var.images.keda-aws-kinesis.registry}/${var.images.keda-aws-kinesis.repository}:${var.images.keda-aws-kinesis.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/5/value
value: "${var.images.keda-aws-sqs.registry}/${var.images.keda-aws-sqs.repository}:${var.images.keda-aws-sqs.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/6/value
value: "${var.images.keda-nats-streaming.registry}/${var.images.keda-nats-streaming.repository}:${var.images.keda-nats-streaming.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/7/value
value: "${var.images.keda-nats-jetstream.registry}/${var.images.keda-nats-jetstream.repository}:${var.images.keda-nats-jetstream.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/8/value
value: "${var.images.keda-gcp-pubsub.registry}/${var.images.keda-gcp-pubsub.repository}:${var.images.keda-gcp-pubsub.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/9/value
value: "${var.images.keda-redis.registry}/${var.images.keda-redis.repository}:${var.images.keda-redis.tag}"
- op: replace
path: /spec/template/spec/containers/0/env/12/value
value: "${var.namespace}"
- op: replace
path: /spec/template/spec/containers/0/env/13/value
value: "${var.additionnal_namespaces}"
EOF
}
patches {
target {
kind = "Deployment"
name = "buildermgr"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "executor"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "mqtrigger-keda"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "kubewatcher"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "webhook"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "timer"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "storagesvc"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "Deployment"
name = "router"
}
patch = local.pull_policy_patch
}
patches {
target {
kind = "PersistentVolumeClaim"
name = "fission-storage-pvc"
}
patch = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: fission-storage-pvc
spec:
accessModes:
- "${var.storage.volume.access_mode}"
resources:
requests:
storage: "${var.storage.volume.size}"
EOF
}
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0 || length(regexall("WebhookConfiguration",file))>0)]
patches {
target {
kind = "ClusterRoleBinding"
name = "buildermgr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "buildermgr-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "executor"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "executor-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "fission-builder"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "fission-fetcher"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "fission-fetcher-websocket"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "fluentbit"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "keda"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "keda-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "kubewatcher"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "kubewatcher-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "kubewatcher-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "router"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "router-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "storagesvc-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "timer"
}
patch = local.rb_patch
}
patches {
target {
kind = "ClusterRoleBinding"
name = "timer-fission-cr"
}
patch = local.rb_patch
}
patches {
target {
kind = "MutatingWebhookConfiguration"
name = "mutating-webhook-configuration"
}
patch = <<-EOF
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
EOF
}
patches {
target {
kind = "ValidatingWebhookConfiguration"
name = "validating-webhook-configuration"
}
patch = <<-EOF
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/1/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/2/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/3/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/4/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/5/clientConfig/service/namespace
value: "${var.namespace}"
- op: replace
path: /webhooks/6/clientConfig/service/namespace
value: "${var.namespace}"
EOF
}
patches {
target {
kind = "MutatingWebhookConfiguration"
name = "mutating-webhook-configuration"
}
patch = <<-EOF
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "${var.namespace}/fission-webhook-certs"
name: mutating-webhook-configuration
EOF
}
patches {
target {
kind = "ValidatingWebhookConfiguration"
name = "validating-webhook-configuration"
}
patch = <<-EOF
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "${var.namespace}/fission-webhook-certs"
name: validating-webhook-configuration
EOF
}
}

307
core/fission/index.yaml Normal file
View File

@@ -0,0 +1,307 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: core
metadata:
name: fission
description: null
options:
additionnal_namespaces:
default: default,vynil-monitor,vynil-functions
description: list of namespaces to support functions from (coma separated)
examples:
- default,vynil-monitor,vynil-functions
type: string
images:
default:
bundle:
pull_policy: IfNotPresent
registry: ghcr.io
repository: fission/fission-bundle
tag: v1.20.1
fetcher:
registry: docker.io
repository: fission/fetcher
tag: v1.20.1
keda-aws-kinesis:
registry: ghcr.io
repository: fission/keda-aws-kinesis-http-connector
tag: v0.11
keda-aws-sqs:
registry: ghcr.io
repository: fission/keda-aws-sqs-http-connector
tag: v0.12
keda-gcp-pubsub:
registry: ghcr.io
repository: fission/keda-gcp-pubsub-http-connector
tag: v0.7
keda-kafka:
registry: ghcr.io
repository: fission/keda-kafka-http-connector
tag: v0.13
keda-nats-jetstream:
registry: ghcr.io
repository: fission/keda-nats-jetstream-http-connector
tag: v0.5
keda-nats-streaming:
registry: ghcr.io
repository: fission/keda-nats-streaming-http-connector
tag: v0.14
keda-rabbitmq:
registry: ghcr.io
repository: fission/keda-rabbitmq-http-connector
tag: v0.11
keda-redis:
registry: ghcr.io
repository: fission/keda-redis-http-connector
tag: v0.4
examples:
- bundle:
pull_policy: IfNotPresent
registry: ghcr.io
repository: fission/fission-bundle
tag: v1.20.1
fetcher:
registry: docker.io
repository: fission/fetcher
tag: v1.20.1
keda-aws-kinesis:
registry: ghcr.io
repository: fission/keda-aws-kinesis-http-connector
tag: v0.11
keda-aws-sqs:
registry: ghcr.io
repository: fission/keda-aws-sqs-http-connector
tag: v0.12
keda-gcp-pubsub:
registry: ghcr.io
repository: fission/keda-gcp-pubsub-http-connector
tag: v0.7
keda-kafka:
registry: ghcr.io
repository: fission/keda-kafka-http-connector
tag: v0.13
keda-nats-jetstream:
registry: ghcr.io
repository: fission/keda-nats-jetstream-http-connector
tag: v0.5
keda-nats-streaming:
registry: ghcr.io
repository: fission/keda-nats-streaming-http-connector
tag: v0.14
keda-rabbitmq:
registry: ghcr.io
repository: fission/keda-rabbitmq-http-connector
tag: v0.11
keda-redis:
registry: ghcr.io
repository: fission/keda-redis-http-connector
tag: v0.4
properties:
bundle:
default:
pull_policy: IfNotPresent
registry: ghcr.io
repository: fission/fission-bundle
tag: v1.20.1
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: ghcr.io
type: string
repository:
default: fission/fission-bundle
type: string
tag:
default: v1.20.1
type: string
type: object
fetcher:
default:
registry: docker.io
repository: fission/fetcher
tag: v1.20.1
properties:
registry:
default: docker.io
type: string
repository:
default: fission/fetcher
type: string
tag:
default: v1.20.1
type: string
type: object
keda-aws-kinesis:
default:
registry: ghcr.io
repository: fission/keda-aws-kinesis-http-connector
tag: v0.11
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-aws-kinesis-http-connector
type: string
tag:
default: v0.11
type: string
type: object
keda-aws-sqs:
default:
registry: ghcr.io
repository: fission/keda-aws-sqs-http-connector
tag: v0.12
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-aws-sqs-http-connector
type: string
tag:
default: v0.12
type: string
type: object
keda-gcp-pubsub:
default:
registry: ghcr.io
repository: fission/keda-gcp-pubsub-http-connector
tag: v0.7
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-gcp-pubsub-http-connector
type: string
tag:
default: v0.7
type: string
type: object
keda-kafka:
default:
registry: ghcr.io
repository: fission/keda-kafka-http-connector
tag: v0.13
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-kafka-http-connector
type: string
tag:
default: v0.13
type: string
type: object
keda-nats-jetstream:
default:
registry: ghcr.io
repository: fission/keda-nats-jetstream-http-connector
tag: v0.5
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-nats-jetstream-http-connector
type: string
tag:
default: v0.5
type: string
type: object
keda-nats-streaming:
default:
registry: ghcr.io
repository: fission/keda-nats-streaming-http-connector
tag: v0.14
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-nats-streaming-http-connector
type: string
tag:
default: v0.14
type: string
type: object
keda-rabbitmq:
default:
registry: ghcr.io
repository: fission/keda-rabbitmq-http-connector
tag: v0.11
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-rabbitmq-http-connector
type: string
tag:
default: v0.11
type: string
type: object
keda-redis:
default:
registry: ghcr.io
repository: fission/keda-redis-http-connector
tag: v0.4
properties:
registry:
default: ghcr.io
type: string
repository:
default: fission/keda-redis-http-connector
type: string
tag:
default: v0.4
type: string
type: object
type: object
storage:
default:
volume:
access_mode: ReadWriteOnce
size: 8Gi
description: Configure this app storage
examples:
- volume:
access_mode: ReadWriteOnce
size: 8Gi
properties:
volume:
default:
access_mode: ReadWriteOnce
size: 8Gi
properties:
access_mode:
default: ReadWriteOnce
type: string
size:
default: 8Gi
type: string
type: object
type: object
dependencies:
- dist: null
category: crd
component: fission
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/buildermgr/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "buildermgr-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-buildermgr"
namespace: fission
roleRef:
kind: ClusterRole
name: "buildermgr-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-buildermgr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/buildermgr/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "buildermgr"
subjects:
- kind: ServiceAccount
name: "fission-buildermgr"
namespace: fission
roleRef:
kind: ClusterRole
name: "buildermgr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/executor/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "executor-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-executor"
namespace: fission
roleRef:
kind: ClusterRole
name: "executor-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-executor.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/executor/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "executor"
subjects:
- kind: ServiceAccount
name: "fission-executor"
namespace: fission
roleRef:
kind: ClusterRole
name: "executor"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-builder.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/misc-functions/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fission-builder
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fission-builder
subjects:
- kind: ServiceAccount
name: fission-builder
namespace: default

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher-websocket.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/misc-functions/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fission-fetcher-websocket
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fission-fetcher-websocket
subjects:
- kind: ServiceAccount
name: fission-fetcher
namespace: default

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fission-fetcher.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/misc-functions/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fission-fetcher
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fission-fetcher
subjects:
- kind: ServiceAccount
name: fission-fetcher
namespace: default

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-fluentbit.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/fluentbit/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "fluentbit"
subjects:
- kind: ServiceAccount
name: "fission-fluentbit"
namespace: fission
roleRef:
kind: ClusterRole
name: "fluentbit"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/mqt-keda/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "keda-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-keda"
namespace: fission
roleRef:
kind: ClusterRole
name: "keda-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-keda.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/mqt-keda/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "keda"
subjects:
- kind: ServiceAccount
name: "fission-keda"
namespace: fission
roleRef:
kind: ClusterRole
name: "keda"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/kubewatcher/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "kubewatcher-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-kubewatcher"
namespace: fission
roleRef:
kind: ClusterRole
name: "kubewatcher-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-kubewatcher.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/kubewatcher/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "kubewatcher"
subjects:
- kind: ServiceAccount
name: "fission-kubewatcher"
namespace: fission
roleRef:
kind: ClusterRole
name: "kubewatcher"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/router/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "router-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-router"
namespace: fission
roleRef:
kind: ClusterRole
name: "router-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-router.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/router/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "router"
subjects:
- kind: ServiceAccount
name: "fission-router"
namespace: fission
roleRef:
kind: ClusterRole
name: "router"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-storagesvc-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/storagesvc/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "storagesvc-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-storagesvc"
namespace: fission
roleRef:
kind: ClusterRole
name: "storagesvc-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/timer/role-fission-cr.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "timer-fission-cr"
subjects:
- kind: ServiceAccount
name: "fission-timer"
namespace: fission
roleRef:
kind: ClusterRole
name: "timer-fission-cr"
apiGroup: rbac.authorization.k8s.io

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRoleBinding_fission-v1-20-1-timer.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/timer/role-kubernetes.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "timer"
subjects:
- kind: ServiceAccount
name: "fission-timer"
namespace: fission
roleRef:
kind: ClusterRole
name: "timer"
apiGroup: rbac.authorization.k8s.io

20
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr-fission-cr.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Source: fission-all/templates/buildermgr/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "buildermgr-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- environments
- functions
- packages
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

43
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-buildermgr.yaml Normal file
View File

@@ -0,0 +1,43 @@
# Source: fission-all/templates/buildermgr/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "buildermgr"
rules:
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- create
- delete
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
- create
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch

20
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor-fission-cr.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Source: fission-all/templates/executor/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "executor-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- environments
- functions
- packages
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

99
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-executor.yaml Normal file
View File

@@ -0,0 +1,99 @@
# Source: fission-all/templates/executor/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "executor"
rules:
- apiGroups:
- ""
resources:
- pods
- services
- replicationcontrollers
verbs:
- create
- delete
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- apiGroups:
- authorization.k8s.io
resources:
- localsubjectaccessreviews
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- apiGroups:
- apps
resources:
- deployments
- deployments/scale
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list

19
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-builder.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Source: fission-all/templates/misc-functions/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fission-builder
rules:
- apiGroups:
- fission.io
resources:
- packages
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get

23
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher-websocket.yaml Normal file
View File

@@ -0,0 +1,23 @@
# Source: fission-all/templates/misc-functions/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fission-fetcher-websocket
rules:
- apiGroups:
- ""
resources:
- "events"
verbs:
- "get"
- "list"
- "watch"
- "create"
- "update"
- "patch"
- apiGroups:
- ""
resources:
- pods
verbs:
- get

19
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fission-fetcher.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Source: fission-all/templates/misc-functions/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fission-fetcher
rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- apiGroups:
- fission.io
resources:
- packages
verbs:
- get

14
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-fluentbit.yaml Normal file
View File

@@ -0,0 +1,14 @@
# Source: fission-all/templates/fluentbit/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "fluentbit"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch

21
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda-fission-cr.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Source: fission-all/templates/mqt-keda/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "keda-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- environments
- functions
- messagequeuetriggers
- packages
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

99
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-keda.yaml Normal file
View File

@@ -0,0 +1,99 @@
# Source: fission-all/templates/mqt-keda/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "keda"
rules:
- apiGroups:
- ""
resources:
- pods
- services
- replicationcontrollers
verbs:
- create
- delete
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
- deployments/scale
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- keda.sh
resources:
- scaledjobs
- scaledobjects
- scaledjobs/finalizers
- scaledjobs/status
- triggerauthentications
- triggerauthentications/status
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- keda.k8s.io
resources:
- scaledjobs
- scaledobjects
- scaledjobs/finalizers
- scaledjobs/status
- triggerauthentications
- triggerauthentications/status
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list

21
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher-fission-cr.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Source: fission-all/templates/kubewatcher/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "kubewatcher-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- environments
- functions
- kuberneteswatchtriggers
- packages
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

35
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-kubewatcher.yaml Normal file
View File

@@ -0,0 +1,35 @@
# Source: fission-all/templates/kubewatcher/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "kubewatcher"
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- services
- replicationcontrollers
- events
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch

21
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router-fission-cr.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Source: fission-all/templates/router/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "router-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- environments
- functions
- httptriggers
- packages
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

26
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-router.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Source: fission-all/templates/router/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "router"
rules:
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch

13
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-storagesvc-fission-cr.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Source: fission-all/templates/storagesvc/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "storagesvc-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- packages
verbs:
- get
- list

21
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer-fission-cr.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Source: fission-all/templates/timer/role-fission-cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "timer-fission-cr"
rules:
- apiGroups:
- fission.io
resources:
- environments
- functions
- packages
- timetriggers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

6
core/fission/rbac.authorization.k8s.io_v1_ClusterRole_fission-v1-20-1-timer.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/timer/role-kubernetes.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "timer"
rules: []

45
core/fission/ressources_no_ns.tf Normal file
View File

@@ -0,0 +1,45 @@
# first loop through resources in ids_prio[0]
resource "kustomization_resource" "pre_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[0]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
}
# then loop through resources in ids_prio[1]
# and set an explicit depends_on on kustomization_resource.pre
# wait 2 minutes for any deployment or daemonset to become ready
resource "kustomization_resource" "main_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[1]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
wait = true
timeouts {
create = "5m"
update = "5m"
}
depends_on = [kustomization_resource.pre_no_ns]
}
# finally, loop through resources in ids_prio[2]
# and set an explicit depends_on on kustomization_resource.main
resource "kustomization_resource" "post_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[2]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
depends_on = [kustomization_resource.main_no_ns]
}

8
core/fission/v1_ConfigMap_feature-config.yaml Normal file
View File

@@ -0,0 +1,8 @@
# Source: fission-all/templates/misc-functions/cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: feature-config
namespace: fission
data:
"config.yaml": Y2FuYXJ5OgogIGVuYWJsZWQ6IGZhbHNlCiAgcHJvbWV0aGV1c1N2YzogIiIKYXV0aDoKICBlbmFibGVkOiBmYWxzZQ==

15
core/fission/v1_PersistentVolumeClaim_fission-storage-pvc.yaml Normal file
View File

@@ -0,0 +1,15 @@
# Source: fission-all/templates/storagesvc/pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: fission-storage-pvc
labels:
app: fission-storage
chart: "fission-all-v1.20.1"
release: "fission-v1-20-1"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"

6
core/fission/v1_ServiceAccount_fission-builder.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/misc-functions/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-builder
namespace: default

7
core/fission/v1_ServiceAccount_fission-buildermgr.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
# Source: fission-all/templates/buildermgr/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-buildermgr
namespace: fission

6
core/fission/v1_ServiceAccount_fission-executor.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/executor/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-executor
namespace: fission

6
core/fission/v1_ServiceAccount_fission-fetcher.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/misc-functions/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-fetcher
namespace: default

6
core/fission/v1_ServiceAccount_fission-fluentbit.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/fluentbit/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-fluentbit
namespace: fission

6
core/fission/v1_ServiceAccount_fission-keda.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/mqt-keda/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-keda
namespace: fission

6
core/fission/v1_ServiceAccount_fission-kubewatcher.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/kubewatcher/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-kubewatcher
namespace: fission

6
core/fission/v1_ServiceAccount_fission-router.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/router/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-router
namespace: fission

6
core/fission/v1_ServiceAccount_fission-storagesvc.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/storagesvc/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-storagesvc
namespace: fission

6
core/fission/v1_ServiceAccount_fission-timer.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/timer/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-timer
namespace: fission

6
core/fission/v1_ServiceAccount_fission-webhook.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Source: fission-all/templates/webhook-server/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fission-webhook
namespace: fission

15
core/fission/v1_Service_executor.yaml Normal file
View File

@@ -0,0 +1,15 @@
# Source: fission-all/templates/executor/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: executor
labels:
svc: executor
chart: "fission-all-v1.20.1"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8888
selector:
svc: executor

16
core/fission/v1_Service_router.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Source: fission-all/templates/router/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: router
labels:
svc: router
application: fission-router
chart: "fission-all-v1.20.1"
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8888
selector:
svc: router

16
core/fission/v1_Service_storagesvc.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Source: fission-all/templates/storagesvc/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: storagesvc
labels:
svc: storagesvc
application: fission-storage
chart: "fission-all-v1.20.1"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
selector:
svc: storagesvc

16
core/fission/v1_Service_webhook-service.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Source: fission-all/templates/webhook-server/webhook-service.yaml
apiVersion: v1
kind: Service
metadata:
name: webhook-service
labels:
svc: webhook-service
application: fission-webhook
chart: "fission-all-v1.20.1"
spec:
type: ClusterIP
ports:
- port: 443
targetPort: 9443
selector:
svc: webhook-service

2
meta/addons/crds.tf
View File

@@ -193,7 +193,7 @@ resource "kubectl_manifest" "crd-keda" {
} }
resource "kubectl_manifest" "crd-fission" { resource "kubectl_manifest" "crd-fission" {
count = (var.crds.fission.enable) ? 1 : 0 count = (var.crds.fission.enable || var.fission.enable) ? 1 : 0
yaml_body = <<-EOF yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1" apiVersion: "vynil.solidite.fr/v1"
kind: "Install" kind: "Install"

30
meta/addons/fission.tf Normal file
View File

@@ -0,0 +1,30 @@
locals {
fission = { for k, v in var.fission : k => v if k!="enable" && k!="namespace" }
}
resource "kubernetes_namespace_v1" "fission-ns" {
count = var.fission.enable? 1 : 0
metadata {
annotations = local.annotations
labels = local.common-labels
name = var.fission.namespace
}
}
resource "kubectl_manifest" "fission" {
count = var.fission.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.fission-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "fission"
namespace: "${var.fission.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "${var.component}"
category: "core"
component: "fission"
options: ${jsonencode(local.fission)}
EOF
}

15
meta/addons/index.yaml
View File

@@ -215,6 +215,21 @@ options:
type: boolean type: boolean
type: object type: object
type: object type: object
fission:
default:
enable: false
namespace: vynil-functions
examples:
- enable: false
namespace: vynil-functions
properties:
enable:
default: false
type: boolean
namespace:
default: vynil-functions
type: string
type: object
flux: flux:
default: default:
enable: false enable: false

14
workflow/tekton-pipelines/datas.tf
View File

@@ -51,6 +51,20 @@ data "kustomization_overlay" "data" {
value: "${var.images.webhook.pull_policy}" value: "${var.images.webhook.pull_policy}"
EOF EOF
} }
patches {
target {
kind = "ConfigMap"
name = "feature-flags"
}
patch = <<-EOF
- op: replace
path: /data/enable-api-fields
value: "alpha"
- op: replace
path: /data/enable-cel-in-whenexpression
value: "true"
EOF
}
patches { patches {
target { target {
kind = "Deployment" kind = "Deployment"

64
workflow/tekton-triggers/datas.tf
View File

@@ -14,7 +14,16 @@ locals {
path: /subjects/0/namespace path: /subjects/0/namespace
value: "${var.namespace}" value: "${var.namespace}"
EOF EOF
webhook-patch = <<-EOF
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
EOF
interceptor-patch = <<-EOF
- op: replace
path: /spec/clientConfig/service/namespace
value: "${var.namespace}"
EOF
} }
data "kustomization_overlay" "data" { data "kustomization_overlay" "data" {
common_labels = local.common-labels common_labels = local.common-labels
@@ -106,33 +115,56 @@ data "kustomization_overlay" "data_no_ns" {
kind = "MutatingWebhookConfiguration" kind = "MutatingWebhookConfiguration"
name = "webhook.triggers.tekton.dev" name = "webhook.triggers.tekton.dev"
} }
patch = <<-EOF patch = local.webhook-patch
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
EOF
} }
patches { patches {
target { target {
kind = "ValidatingWebhookConfiguration" kind = "ValidatingWebhookConfiguration"
name = "config.webhook.triggers.tekton.dev" name = "config.webhook.triggers.tekton.dev"
} }
patch = <<-EOF patch = local.webhook-patch
- op: replace
path: /webhooks/0/clientConfig/service/namespace
value: "${var.namespace}"
EOF
} }
patches { patches {
target { target {
kind = "ValidatingWebhookConfiguration" kind = "ValidatingWebhookConfiguration"
name = "validation.webhook.triggers.tekton.dev" name = "validation.webhook.triggers.tekton.dev"
} }
patch = <<-EOF patch = local.webhook-patch
- op: replace }
path: /webhooks/0/clientConfig/service/namespace patches {
value: "${var.namespace}" target {
EOF kind = "ClusterInterceptor"
name = "cel"
}
patch = local.interceptor-patch
}
patches {
target {
kind = "ClusterInterceptor"
name = "bitbucket"
}
patch = local.interceptor-patch
}
patches {
target {
kind = "ClusterInterceptor"
name = "slack"
}
patch = local.interceptor-patch
}
patches {
target {
kind = "ClusterInterceptor"
name = "github"
}
patch = local.interceptor-patch
}
patches {
target {
kind = "ClusterInterceptor"
name = "gitlab"
}
patch = local.interceptor-patch
} }
} }