apiVersion: v1 kind: ConfigMap metadata: name: auto-cd-templates data: functions.sh: |- added=0 copy() { local src=${TEMPLATE_ROOT}/$1 dest=$2 if [ ! -f $dest ];then cp "$src" "$dest" git add "$dest" added=$(($added+1)) fi } template() { local src=${TEMPLATE_ROOT}/$1 dest=$2 if [ ! -f $dest ];then envsubst <"$src" >"$dest" git add "$dest" added=$(($added+1)) fi } git_push() { local message=$1 if [ $added -ne 0 ];then git commit -am "$message" git push fi } cleanup() { rm -rf . || true } git_prepare() { local url=$1 username=$2 email=$3 mkdir -p "${HOME}/.ssh" cp -v "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh" chmod 700 "${HOME}/.ssh" chmod 400 "${HOME}/.ssh"/* git config --global user.name "$username" git config --global user.email "$email" git clone "$url" --branch main --depth 1 . } install_base() { mkdir -p bases/project bases/install bases/deploy template base-update.yaml.tmpl bases/project/base-update.yaml copy base-repo.yaml bases/project/repo.yaml copy base-cert.yaml bases/project/cert.yaml copy base-ingress.yaml bases/project/ingress.yaml copy base-policy.yaml bases/project/policy.yaml copy base-deploy.yaml bases/project/deploy.yaml copy base-secret.yaml bases/project/secret.yaml copy base-config.yaml bases/project/config.yaml copy base-service.yaml bases/project/service.yaml copy base-kusto.yaml bases/project/kustomization.yaml copy install-install.yaml bases/install/install.yaml copy install-kusto.yaml bases/install/kustomization.yaml copy deploy-kusto.yaml bases/deploy/kustomization.yaml template deploy-repo.yaml.tmpl bases/deploy/repo.yaml } create_prj() { mkdir -p "projects/${PROJECT_NAME}" template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml" } activate_prj() { touch /tmp/toto } delete_prj() { rm -rf "projects/${PROJECT_NAME}" } base-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cert.yaml - ingress.yaml - deploy.yaml - service.yaml - config.yaml - secret.yaml - repo.yaml - policy.yaml - update.yaml - ../install base-update.yaml.tmpl: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImageUpdateAutomation metadata: name: update spec: interval: 5m sourceRef: kind: GitRepository name: deploy-git git: checkout: ref: branch: main commit: author: email: fluxcd.automation@${ARTIFACTORY_URL} name: fluxcd messageTemplate: | Automated image update: {{ .AutomationObject }} Files: {{ range $filename, $_ := .Updated.Files -}} - {{ $filename }} {{ end -}} Objects: {{ range $resource, $_ := .Updated.Objects -}} - {{ $resource.Kind }} {{ $resource.Name }} {{ end -}} Images: {{ range .Updated.Images -}} - {{.}} {{ end -}} {{- $ChangeId := .AutomationObject -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }} Change-Name: {{ $ChangeId }} Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }} push: branch: main update: strategy: Setters base-repo.yaml: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: name: repo spec: interval: 5m provider: generic secretRef: name: gitea base-cert.yaml: |- --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: web spec: issuerRef: group: cert-manager.io kind: ClusterIssuer base-ingress.yaml: |- --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web spec: rules: - http: paths: - backend: service: name: svc port: number: 80 path: / pathType: Prefix base-policy.yaml: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: name: policy spec: imageRepositoryRef: base-deploy.yaml: |- --- apiVersion: apps/v1 kind: Deployment metadata: name: app spec: replicas: 1 selector: template: spec: securityContext: runAsGroup: 1000 runAsUser: 1000 fsGroup: 1000 containers: - name: app image: appli imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: "config" - secretRef: name: "secret" base-secret.yaml: |- --- apiVersion: v1 kind: Secret metadata: name: "secret" annotations: gramo.solidite.fr/no-parent: "true" labels: k8up.io/backup: "true" type: Opaque base-config.yaml: |- --- apiVersion: v1 kind: ConfigMap metadata: name: "config" labels: app: holdup labels: k8up.io/backup: "true" data: base-service.yaml: |- --- apiVersion: v1 kind: Service metadata: name: svc spec: ports: - name: app port: 80 protocol: TCP targetPort: app type: ClusterIP install-install.yaml: |- --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: install spec: interval: 5m sourceRef: kind: GitRepository name: deploy-git prune: true timeout: 1m install-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - install.yaml deploy-repo.yaml.tmpl: |- --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: git spec: interval: 5m0s url: ${DEPLOY_URL} ref: branch: main secretRef: name: ssh-credentials deploy-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namePrefix: deploy- resources: - repo-git.yaml - ../install project-kusto.yaml.tmpl: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namePrefix: ${PROJECT_NAME}- commonLabels: app.kubernetes.io/component: ${PROJECT_NAME} component: ${PROJECT_NAME} resources: - ../../bases/project patches: - target: kind: ImagePolicy name: policy patch: |- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: name: policy spec: imageRepositoryRef: name: ${PROJECT_NAME}-repo - target: kind: ImageRepository name: repo patch: |- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: name: repo spec: image: ${ARTIFACTORY_URL}/${PROJECT_PATH} - target: kind: Deployment name: app patch: |- apiVersion: apps/v1 kind: Deployment metadata: name: app annotations: configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config" secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret" spec: selector: template: spec: securityContext: runAsGroup: 1000 runAsUser: 1000 fsGroup: 1000 containers: - name: app ports: - name: app containerPort: 8080 protocol: TCP