115 lines
3.5 KiB
HCL
115 lines
3.5 KiB
HCL
resource "kubernetes_namespace_v1" "ns-tekton" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
metadata {
|
|
annotations = local.annotations
|
|
labels = merge(local.common_labels, local.annotations)
|
|
name = "${var.domain}-ci-${var.instance}"
|
|
}
|
|
}
|
|
|
|
resource "kubectl_manifest" "tekton" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
depends_on = [kubernetes_namespace_v1.ns-tekton]
|
|
yaml_body = <<-EOF
|
|
apiVersion: "vynil.solidite.fr/v1"
|
|
kind: "Install"
|
|
metadata:
|
|
name: "tekton-base"
|
|
namespace: "${var.domain}-ci-${var.instance}"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
spec:
|
|
distrib: "${var.distributions.domain}"
|
|
category: "share"
|
|
component: "gitea-tekton-org"
|
|
options:
|
|
domain: "${var.domain}"
|
|
domain_name: "${var.domain_name}"
|
|
issuer: "${var.issuer}"
|
|
organization: "${trimprefix(var.instance,"org-")}"
|
|
stages: ${jsonencode(local.sorted-stage-name)}
|
|
haveFlux: ${jsonencode(var.haveFlux)}
|
|
autoCD: ${jsonencode(var.autoCD)}
|
|
known_repos: ${jsonencode(var.conditions.repos)}
|
|
gitea_ssh_prefix: ${jsonencode(var.gitea_ssh_prefix)}
|
|
gitea_ssh_port: ${jsonencode(var.gitea_ssh_port)}
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "tasks" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
depends_on = [kubernetes_namespace_v1.ns-tekton]
|
|
yaml_body = <<-EOF
|
|
apiVersion: "vynil.solidite.fr/v1"
|
|
kind: "Install"
|
|
metadata:
|
|
name: "tasks-base"
|
|
namespace: "${var.domain}-ci-${var.instance}"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
spec:
|
|
distrib: "${var.distributions.domain}"
|
|
category: "share"
|
|
component: "tekton-tasks"
|
|
options:
|
|
domain: "${var.domain}"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "ci-ssh-creds" {
|
|
depends_on = [kubernetes_namespace_v1.ns-tekton]
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
yaml_body = <<-EOF
|
|
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
|
|
kind: "SSHKeyPair"
|
|
metadata:
|
|
name: "ssh-credentials"
|
|
namespace: "${var.domain}-ci-${var.instance}"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
spec:
|
|
length: "4096"
|
|
forceRegenerate: false
|
|
data:
|
|
known_hosts: "${data.local_file.known_host[0].content}"
|
|
EOF
|
|
lifecycle {
|
|
ignore_changes = [
|
|
yaml_body,
|
|
]
|
|
}
|
|
}
|
|
|
|
data "kubernetes_secret_v1" "ci-ssh-creds-read" {
|
|
depends_on = [kubectl_manifest.ci-ssh-creds]
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
metadata {
|
|
name = "ssh-credentials"
|
|
namespace = "${var.domain}-ci-${var.instance}"
|
|
}
|
|
}
|
|
resource "gitea_public_key" "ci-user-keys" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
title = "Tekton token to read repository ${var.instance}"
|
|
username = gitea_user.user-ci[0].username
|
|
key = data.kubernetes_secret_v1.ci-ssh-creds-read[count.index].data["ssh-publickey"]
|
|
}
|
|
|
|
resource "kubernetes_secret" "ci-docker-config" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
metadata {
|
|
name = "gitea-docker"
|
|
namespace = "${var.domain}-ci-${var.instance}"
|
|
}
|
|
type = "kubernetes.io/dockerconfigjson"
|
|
data = {
|
|
".dockerconfigjson" = jsonencode({
|
|
auths = {
|
|
"${data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host}" = {
|
|
"username" = gitea_user.user-ci[0].username
|
|
"password" = local.ci-user-password
|
|
"email" = "auto-ci@${data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host}"
|
|
"auth" = base64encode("${gitea_user.user-ci[0].username}:${local.ci-user-password}")
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|