339 lines
8.3 KiB
YAML
339 lines
8.3 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: auto-cd-templates
|
|
data:
|
|
functions.sh: |-
|
|
added=0
|
|
copy() {
|
|
local src=${TEMPLATE_ROOT}/$1 dest=$2
|
|
if [ ! -f $dest ];then
|
|
cp "$src" "$dest"
|
|
git add "$dest"
|
|
added=$(($added+1))
|
|
fi
|
|
}
|
|
template() {
|
|
local src=${TEMPLATE_ROOT}/$1 dest=$2
|
|
if [ ! -f $dest ];then
|
|
envsubst <"$src" >"$dest"
|
|
git add "$dest"
|
|
added=$(($added+1))
|
|
fi
|
|
}
|
|
git_push() {
|
|
local message=$1
|
|
if [ $added -ne 0 ];then
|
|
git commit -am "$message"
|
|
git push
|
|
fi
|
|
}
|
|
cleanup() {
|
|
rm -rf . || true
|
|
}
|
|
git_prepare() {
|
|
local url=$1 username=$2 email=$3
|
|
mkdir -p "${HOME}/.ssh"
|
|
cp -Rv "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh"
|
|
chmod 700 "${HOME}/.ssh"
|
|
chmod 400 "${HOME}/.ssh"/*
|
|
git config --global user.name "$username"
|
|
git config --global user.email "$email"
|
|
git clone "$url" --branch main --depth 1 .
|
|
}
|
|
install_base() {
|
|
mkdir -p bases/project bases/install bases/deploy
|
|
template base-update.yaml.tmpl bases/project/base-update.yaml
|
|
copy base-repo.yaml bases/project/repo.yaml
|
|
copy base-cert.yaml bases/project/cert.yaml
|
|
copy base-ingress.yaml bases/project/ingress.yaml
|
|
copy base-policy.yaml bases/project/policy.yaml
|
|
copy base-deploy.yaml bases/project/deploy.yaml
|
|
copy base-secret.yaml bases/project/secret.yaml
|
|
copy base-config.yaml bases/project/config.yaml
|
|
copy base-service.yaml bases/project/service.yaml
|
|
copy base-kusto.yaml bases/project/kustomization.yaml
|
|
copy install-install.yaml bases/install/install.yaml
|
|
copy install-kusto.yaml bases/install/kustomization.yaml
|
|
copy deploy-kusto.yaml bases/deploy/kustomization.yaml
|
|
template deploy-repo.yaml.tmpl bases/deploy/repo.yaml
|
|
}
|
|
create_prj() {
|
|
mkdir -p "projects/${PROJECT_NAME}"
|
|
template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml"
|
|
}
|
|
activate_prj() {
|
|
touch /tmp/toto
|
|
}
|
|
delete_prj() {
|
|
rm -rf "projects/${PROJECT_NAME}"
|
|
}
|
|
base-kusto.yaml: |-
|
|
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
resources:
|
|
- cert.yaml
|
|
- ingress.yaml
|
|
- deploy.yaml
|
|
- service.yaml
|
|
- config.yaml
|
|
- secret.yaml
|
|
- repo.yaml
|
|
- policy.yaml
|
|
- update.yaml
|
|
- ../install
|
|
base-update.yaml.tmpl: |-
|
|
---
|
|
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
|
kind: ImageUpdateAutomation
|
|
metadata:
|
|
name: update
|
|
spec:
|
|
interval: 5m
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: deploy-git
|
|
git:
|
|
checkout:
|
|
ref:
|
|
branch: main
|
|
commit:
|
|
author:
|
|
email: fluxcd.automation@${ARTIFACTORY_URL}
|
|
name: fluxcd
|
|
messageTemplate: |
|
|
Automated image update: {{ .AutomationObject }}
|
|
|
|
Files:
|
|
{{ range $filename, $_ := .Updated.Files -}}
|
|
- {{ $filename }}
|
|
{{ end -}}
|
|
|
|
Objects:
|
|
{{ range $resource, $_ := .Updated.Objects -}}
|
|
- {{ $resource.Kind }} {{ $resource.Name }}
|
|
{{ end -}}
|
|
|
|
Images:
|
|
{{ range .Updated.Images -}}
|
|
- {{.}}
|
|
{{ end -}}
|
|
{{- $ChangeId := .AutomationObject -}}
|
|
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}}
|
|
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}}
|
|
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }}
|
|
Change-Name: {{ $ChangeId }}
|
|
Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }}
|
|
push:
|
|
branch: main
|
|
update:
|
|
strategy: Setters
|
|
base-repo.yaml: |-
|
|
---
|
|
apiVersion: image.toolkit.fluxcd.io/v1beta2
|
|
kind: ImageRepository
|
|
metadata:
|
|
name: repo
|
|
spec:
|
|
interval: 5m
|
|
provider: generic
|
|
secretRef:
|
|
name: gitea
|
|
base-cert.yaml: |-
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: web
|
|
spec:
|
|
issuerRef:
|
|
group: cert-manager.io
|
|
kind: ClusterIssuer
|
|
base-ingress.yaml: |-
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: web
|
|
spec:
|
|
rules:
|
|
- http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: svc
|
|
port:
|
|
number: 80
|
|
path: /
|
|
pathType: Prefix
|
|
base-policy.yaml: |-
|
|
---
|
|
apiVersion: image.toolkit.fluxcd.io/v1beta2
|
|
kind: ImagePolicy
|
|
metadata:
|
|
name: policy
|
|
spec:
|
|
imageRepositoryRef:
|
|
base-deploy.yaml: |-
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: app
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
template:
|
|
spec:
|
|
securityContext:
|
|
runAsGroup: 1000
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
containers:
|
|
- name: app
|
|
image: appli
|
|
imagePullPolicy: IfNotPresent
|
|
envFrom:
|
|
- configMapRef:
|
|
name: "config"
|
|
- secretRef:
|
|
name: "secret"
|
|
base-secret.yaml: |-
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "secret"
|
|
annotations:
|
|
gramo.solidite.fr/no-parent: "true"
|
|
labels:
|
|
k8up.io/backup: "true"
|
|
type: Opaque
|
|
base-config.yaml: |-
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "config"
|
|
labels:
|
|
app: holdup
|
|
labels:
|
|
k8up.io/backup: "true"
|
|
data:
|
|
base-service.yaml: |-
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: svc
|
|
spec:
|
|
ports:
|
|
- name: app
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: app
|
|
type: ClusterIP
|
|
install-install.yaml: |-
|
|
---
|
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
kind: Kustomization
|
|
metadata:
|
|
name: install
|
|
spec:
|
|
interval: 5m
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: deploy-git
|
|
prune: true
|
|
timeout: 1m
|
|
install-kusto.yaml: |-
|
|
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
resources:
|
|
- install.yaml
|
|
deploy-repo.yaml.tmpl: |-
|
|
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: GitRepository
|
|
metadata:
|
|
name: git
|
|
spec:
|
|
interval: 5m0s
|
|
url: ${DEPLOY_URL}
|
|
ref:
|
|
branch: main
|
|
secretRef:
|
|
name: ssh-credentials
|
|
deploy-kusto.yaml: |-
|
|
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namePrefix: deploy-
|
|
resources:
|
|
- repo-git.yaml
|
|
- ../install
|
|
project-kusto.yaml.tmpl: |-
|
|
---
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namePrefix: ${PROJECT_NAME}-
|
|
commonLabels:
|
|
app.kubernetes.io/component: ${PROJECT_NAME}
|
|
component: ${PROJECT_NAME}
|
|
|
|
resources:
|
|
- ../../bases/project
|
|
|
|
patches:
|
|
- target:
|
|
kind: ImagePolicy
|
|
name: policy
|
|
patch: |-
|
|
apiVersion: image.toolkit.fluxcd.io/v1beta2
|
|
kind: ImagePolicy
|
|
metadata:
|
|
name: policy
|
|
spec:
|
|
imageRepositoryRef:
|
|
name: ${PROJECT_NAME}-repo
|
|
- target:
|
|
kind: ImageRepository
|
|
name: repo
|
|
patch: |-
|
|
apiVersion: image.toolkit.fluxcd.io/v1beta2
|
|
kind: ImageRepository
|
|
metadata:
|
|
name: repo
|
|
spec:
|
|
image: ${ARTIFACTORY_URL}/${PROJECT_PATH}
|
|
- target:
|
|
kind: Deployment
|
|
name: app
|
|
patch: |-
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: app
|
|
annotations:
|
|
configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config"
|
|
secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret"
|
|
spec:
|
|
selector:
|
|
template:
|
|
spec:
|
|
securityContext:
|
|
runAsGroup: 1000
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
containers:
|
|
- name: app
|
|
ports:
|
|
- name: app
|
|
containerPort: 8080
|
|
protocol: TCP |