apiVersion: v1 kind: ConfigMap metadata: name: auto-cd-create-templates data: base-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cert.yaml - ingress.yaml - deploy.yaml - service.yaml - config.yaml - secret.yaml - repo.yaml - policy.yaml - update.yaml - ../install base-update.yaml.tmpl: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImageUpdateAutomation metadata: name: update spec: interval: 5m sourceRef: kind: GitRepository name: deploy-git git: checkout: ref: branch: main commit: author: email: fluxcd.automation@${ARTIFACTORY_URL} name: fluxcd messageTemplate: | Automated image update: {{ .AutomationObject }} Files: {{ range $filename, $_ := .Updated.Files -}} - {{ $filename }} {{ end -}} Objects: {{ range $resource, $_ := .Updated.Objects -}} - {{ $resource.Kind }} {{ $resource.Name }} {{ end -}} Images: {{ range .Updated.Images -}} - {{.}} {{ end -}} {{- $ChangeId := .AutomationObject -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }} Change-Name: {{ $ChangeId }} Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }} push: branch: main update: strategy: Setters base-repo.yaml: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: name: repo spec: interval: 5m provider: generic secretRef: name: gitea base-cert.yaml: |- --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: web spec: issuerRef: group: cert-manager.io kind: ClusterIssuer base-ingress.yaml: |- --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web spec: rules: - http: paths: - backend: service: name: svc port: number: 80 path: / pathType: Prefix base-policy.yaml: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: name: policy spec: imageRepositoryRef: base-deploy.yaml: |- --- apiVersion: apps/v1 kind: Deployment metadata: name: app spec: replicas: 1 selector: template: spec: securityContext: runAsGroup: 1000 runAsUser: 1000 fsGroup: 1000 containers: - name: app image: appli imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: "config" - secretRef: name: "secret" base-secret.yaml: |- --- apiVersion: v1 kind: Secret metadata: name: "secret" annotations: gramo.solidite.fr/no-parent: "true" labels: k8up.io/backup: "true" type: Opaque base-config.yaml: |- --- apiVersion: v1 kind: ConfigMap metadata: name: "config" labels: app: holdup labels: k8up.io/backup: "true" data: base-service.yaml: |- --- apiVersion: v1 kind: Service metadata: name: svc spec: ports: - name: app port: 80 protocol: TCP targetPort: app type: ClusterIP install-install.yaml: |- --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: install spec: interval: 5m sourceRef: kind: GitRepository name: deploy-git prune: true timeout: 1m install-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - install.yaml deploy-repo.yaml.tmpl: |- --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: git spec: interval: 5m0s url: ${DEPLOY_URL} ref: branch: main secretRef: name: ssh-credentials deploy-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namePrefix: deploy- resources: - repo-git.yaml - ../install project-kusto.yaml.tmpl: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namePrefix: ${PROJECT_NAME}- commonLabels: app.kubernetes.io/component: ${PROJECT_NAME} component: ${PROJECT_NAME} resources: - ../../bases/project patches: - target: kind: ImagePolicy name: policy patch: |- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: name: policy spec: imageRepositoryRef: name: ${PROJECT_NAME}-repo - target: kind: ImageRepository name: repo patch: |- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: name: repo spec: image: ${ARTIFACTORY_URL}/${PROJECT_PATH} - target: kind: Deployment name: app patch: |- apiVersion: apps/v1 kind: Deployment metadata: name: app annotations: configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config" secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret" spec: selector: template: spec: securityContext: runAsGroup: 1000 runAsUser: 1000 fsGroup: 1000 containers: - name: app ports: - name: app containerPort: 8080 protocol: TCP