vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-04-22 19:50:34 +02:00
parent aa63ce8451
commit d92bc212f7
7 changed files with 576 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
share/gitea-tekton-org/auto-cd.tf
View File

@@ -21,44 +21,67 @@ resource "kubectl_manifest" "cd-trigger-create" {
labels: ${jsonencode(local.create-labels)}
spec:
bindings:
- name: gitrepositoryname
value: $(body.repository.name)
- name: deployurl
value: $(extensions.deploy-url)
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: deploy-url
value: $(extensions.deploy-url)
template:
spec:
params:
- name: gitrepositoryname
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: deployurl
description: The git url for the deploy repository
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
kind: TaskRun
metadata:
generateName: $(tt.params.gitrepositoryname)-create-
generateName: auto-cd-create-$(tt.params.project-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
spec:
pipelineRef:
name: "${var.instance}-${var.component}-auto-create"
taskRef:
name: "auto-ci-create"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.gitrepositoryname)
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: deploy-url
value: $(tt.params.deployurl)
value: $(tt.params.deploy-url)
workspaces:
- name: source
volumeClaimTemplate:
metadata:
annotations:
"mayfly.cloud.namecheap.com/expire": "2h"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
persistentVolumeClaim:
claimName: source
subPath: "$(extensions.git-revision)"
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
@@ -83,44 +106,67 @@ resource "kubectl_manifest" "cd-trigger-activate" {
labels: ${jsonencode(local.activate-labels)}
spec:
bindings:
- name: gitrepositoryname
value: $(body.repository.name)
- name: deployurl
value: $(extensions.deploy-url)
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: deploy-url
value: $(extensions.deploy-url)
template:
spec:
params:
- name: gitrepositoryname
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: deployurl
description: The git url for the deploy repository
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
kind: TaskRun
metadata:
generateName: $(tt.params.gitrepositoryname)-activate-
generateName: auto-cd-activate-$(tt.params.project-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
spec:
pipelineRef:
name: "${var.instance}-${var.component}-auto-activate"
taskRef:
name: "auto-ci-activate"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.gitrepositoryname)
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: deploy-url
value: $(tt.params.deployurl)
value: $(tt.params.deploy-url)
workspaces:
- name: source
volumeClaimTemplate:
metadata:
annotations:
"mayfly.cloud.namecheap.com/expire": "2h"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
persistentVolumeClaim:
claimName: source
subPath: "$(extensions.git-revision)"
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials
@@ -145,44 +191,67 @@ resource "kubectl_manifest" "ci-trigger-delete" {
labels: ${jsonencode(local.delete-labels)}
spec:
bindings:
- name: gitrepositoryname
value: $(body.repository.name)
- name: deployurl
value: $(extensions.deploy-url)
- name: artifactory-url
value: "$(extensions.artifactory-url)"
- name: project-name
value: "$(extensions.project-name)"
- name: project-path
value: "$(extensions.project-path)"
- name: git-repository-url
value: "$(extensions.git-repository-url)"
- name: deploy-url
value: $(extensions.deploy-url)
template:
spec:
params:
- name: gitrepositoryname
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: deployurl
description: The git url for the deploy repository
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
kind: TaskRun
metadata:
generateName: $(tt.params.gitrepositoryname)-delete-
generateName: auto-cd-delete-$(tt.params.project-name)-
annotations:
"mayfly.cloud.namecheap.com/expire": "1440h" # 2 months
"mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks
spec:
pipelineRef:
name: "${var.instance}-${var.component}-delete"
taskRef:
name: "auto-ci-delete"
params:
- name: artifactory-url
value: $(tt.params.artifactory-url)
- name: project-name
value: $(tt.params.gitrepositoryname)
value: $(tt.params.project-name)
- name: project-path
value: $(tt.params.project-path)
- name: git-url
value: $(tt.params.git-repository-url)
- name: deploy-url
value: $(tt.params.deployurl)
value: $(tt.params.deploy-url)
workspaces:
- name: source
volumeClaimTemplate:
metadata:
annotations:
"mayfly.cloud.namecheap.com/expire": "2h"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
persistentVolumeClaim:
claimName: source
subPath: "$(extensions.git-revision)"
- name: dockerconfig
secret:
secretName: gitea-docker
items:
- key: ".dockerconfigjson"
path: "config.json"
- name: sslcertdir
secret:
secretName: gitea
items:
- key: "ca.crt"
path: "ca.crt"
- name: ssh
secret:
secretName: ssh-credentials

36
share/gitea-tekton-org/datas.tf
View File

@@ -28,4 +28,40 @@ data "kustomization_overlay" "data" {
value: http
EOF
}
patches {
target {
kind = "Task"
name = "auto-ci-create"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: ${var.issuer}
- op: add
path: /spec/params/2/default
value: ${var.domain_name}
EOF
}
patches {
target {
kind = "Pipeline"
name = "auto-ci-push"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: https://okd.${var.domain}
EOF
}
patches {
target {
kind = "Pipeline"
name = "auto-ci-tag"
}
patch = <<-EOF
- op: replace
path: /spec/params/1/default
value: https://okd.${var.domain}
EOF
}
}

10
share/gitea-tekton-org/index.yaml
View File

@@ -21,6 +21,16 @@ options:
examples:
- your-company
type: string
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
organization:
default: your-org
examples:

11
share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml
View File

@@ -13,6 +13,9 @@ spec:
default: docker.io
description: The url of the current artifactory
type: string
- name: okd-url
default: https://okd.media.rennes.home
type: string
- name: project-name
description: The name of the current project
type: string
@@ -43,7 +46,7 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
@@ -59,7 +62,7 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
@@ -75,7 +78,7 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE
@@ -91,7 +94,7 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
- name: STATE

34
share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml
View File

@@ -13,6 +13,9 @@ spec:
default: docker.io
description: The url of the current artifactory
type: string
- name: okd-url
default: https://okd.media.rennes.home
type: string
- name: project-name
description: The name of the current project
type: string
@@ -40,9 +43,9 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
value: "auto-ci-tag"
- name: STATE
value: "success"
taskRef:
@@ -56,9 +59,9 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
value: "auto-ci-tag"
- name: STATE
value: "warning"
taskRef:
@@ -72,9 +75,9 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
value: "auto-ci-tag"
- name: STATE
value: "error"
taskRef:
@@ -88,9 +91,9 @@ spec:
- name: SHA
value: $(params.git-revision)
- name: TARGET_URL
value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)"
- name: DESCRIPTION
value: "auto-ci-push"
value: "auto-ci-tag"
- name: STATE
value: "pending"
taskRef:
@@ -101,8 +104,6 @@ spec:
value: $(params.git-url)
- name: revision
value: $(params.git-revision)
- name: depth
value: 0
taskRef:
name: git-clone
workspaces:
@@ -110,17 +111,8 @@ spec:
workspace: source
- name: ssh-directory
workspace: ssh
- name: git-version
runAfter: [git-clone]
params:
- name: branch
value: $(params.branch-name)
taskRef:
name: git-version
workspaces:
- name: source
- name: detect-stages
runAfter: [git-version]
runAfter: [git-clone]
params:
- name: artifactory-url
value: $(params.artifactory-url)
@@ -129,7 +121,7 @@ spec:
- name: project-path
value: $(params.project-path)
- name: image-version
value: "$(params.branch-name)-$(tasks.git-version.results.packageVersion)"
value: "$(params.tag-name)"
taskRef:
name: auto-ci-detector
workspaces:

97
share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-create.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: auto-ci-create
spec:
params:
- name: toolbox-image
default: sebt3/basic-toolbox-image:1.30.0
description: The name of the toolbox image
type: string
- name: issuer-name
default: letsencrypt-prod
type: string
- name: domain-name
type: string
- name: artifactory-url
description: The url of the current artifactory
- name: project-name
description: The git repository name
- name: project-path
description: The path of the current project
- name: git-repository-url
description: The git repository url
- name: deploy-url
description: The git repository url for the deploy project
steps:
- name: cleanup
image: $(params.toolbox-image)
workingDir: $(workspaces.source.path)
env:
- name: ARTIFACTORY_URL
value: $(params.artifactory-url)
- name: PROJECT_NAME
value: $(params.project-name)
- name: DOMAIN_NAME
value: $(params.domain-name)
- name: ISSUER_NAME
value: $(params.issuer-name)
- name: PROJECT_PATH
value: $(params.project-path)
- name: GIT_REPOSITORY_URL
value: $(params.git-repository-url)
- name: DEPLOY_URL
value: $(params.deploy-url)
script: |-
#!/usr/bin/env ash
git clone "$(params.deploy-url)" --depth 1 .
mkdir -p "projects/$(params.project-name)" bases/project bases/install bases/deploy
added=0
copy() {
local src=/etc/templates/$1 dest=$2
if [ ! -f $dest ];then
cp "$src" "$dest"
git add "$dest"
added=$(($added+1))
fi
}
template() {
local src=/etc/templates/$1 dest=$2
if [ ! -f $dest ];then
envsubst <"$src" >"$dest"
git add "$dest"
added=$(($added+1))
fi
}
template base-update.yaml.tmpl bases/project/base-update.yaml
copy base-repo.yaml bases/project/repo.yaml
copy base-cert.yaml bases/project/cert.yaml
copy base-ingress.yaml bases/project/ingress.yaml
copy base-policy.yaml bases/project/policy.yaml
copy base-deploy.yaml bases/project/deploy.yaml
copy base-secret.yaml bases/project/secret.yaml
copy base-config.yaml bases/project/config.yaml
copy base-service.yaml bases/project/service.yaml
copy base-kusto.yaml bases/project/kustomization.yaml
copy install-install.yaml bases/install/install.yaml
copy install-kusto.yaml bases/install/kustomization.yaml
copy deploy-kusto.yaml bases/deploy/kustomization.yaml
template deploy-repo.yaml.tmpl bases/deploy/repo.yaml
template project-kusto.yaml.tmpl "projects/$(params.project-name)/kustomization.yaml"
volumeMounts:
- mountPath: /etc/templates
name: templates
volumes:
- name: templates
configmap:
name: auto-cd-create-templates
workspaces:
- name: source
mountPath: /data
- description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
name: ssh-directory
optional: true

274
share/gitea-tekton-org/v1_ConfigMap_auto-cd-create-templates.yaml Normal file
View File

@@ -0,0 +1,274 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: auto-cd-create-templates
data:
base-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert.yaml
- ingress.yaml
- deploy.yaml
- service.yaml
- config.yaml
- secret.yaml
- repo.yaml
- policy.yaml
- update.yaml
- ../install
base-update.yaml.tmpl: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: update
spec:
interval: 5m
sourceRef:
kind: GitRepository
name: deploy-git
git:
checkout:
ref:
branch: main
commit:
author:
email: fluxcd.automation@${ARTIFACTORY_URL}
name: fluxcd
messageTemplate: |
Automated image update: {{ .AutomationObject }}
Files:
{{ range $filename, $_ := .Updated.Files -}}
- {{ $filename }}
{{ end -}}
Objects:
{{ range $resource, $_ := .Updated.Objects -}}
- {{ $resource.Kind }} {{ $resource.Name }}
{{ end -}}
Images:
{{ range .Updated.Images -}}
- {{.}}
{{ end -}}
{{- $ChangeId := .AutomationObject -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}}
{{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }}
Change-Name: {{ $ChangeId }}
Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }}
push:
branch: main
update:
strategy: Setters
base-repo.yaml: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: repo
spec:
interval: 5m
provider: generic
secretRef:
name: gitea
base-cert.yaml: |-
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: web
spec:
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
base-ingress.yaml: |-
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web
spec:
rules:
- http:
paths:
- backend:
service:
name: svc
port:
number: 80
path: /
pathType: Prefix
base-policy.yaml: |-
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: policy
spec:
imageRepositoryRef:
base-deploy.yaml: |-
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
replicas: 1
selector:
template:
spec:
securityContext:
runAsGroup: 1000
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
image: appli
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: "config"
- secretRef:
name: "secret"
base-secret.yaml: |-
---
apiVersion: v1
kind: Secret
metadata:
name: "secret"
annotations:
gramo.solidite.fr/no-parent: "true"
labels:
k8up.io/backup: "true"
type: Opaque
base-config.yaml: |-
---
apiVersion: v1
kind: ConfigMap
metadata:
name: "config"
labels:
app: holdup
labels:
k8up.io/backup: "true"
data:
base-service.yaml: |-
---
apiVersion: v1
kind: Service
metadata:
name: svc
spec:
ports:
- name: app
port: 80
protocol: TCP
targetPort: app
type: ClusterIP
install-install.yaml: |-
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: install
spec:
interval: 5m
sourceRef:
kind: GitRepository
name: deploy-git
prune: true
timeout: 1m
install-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- install.yaml
deploy-repo.yaml.tmpl: |-
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: git
spec:
interval: 5m0s
url: ${DEPLOY_URL}
ref:
branch: main
secretRef:
name: ssh-credentials
deploy-kusto.yaml: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: deploy-
resources:
- repo-git.yaml
- ../install
project-kusto.yaml.tmpl: |-
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: ${PROJECT_NAME}-
commonLabels:
app.kubernetes.io/component: ${PROJECT_NAME}
component: ${PROJECT_NAME}
resources:
- ../../bases/project
patches:
- target:
kind: ImagePolicy
name: policy
patch: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: policy
spec:
imageRepositoryRef:
name: ${PROJECT_NAME}-repo
- target:
kind: ImageRepository
name: repo
patch: |-
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: repo
spec:
image: ${ARTIFACTORY_URL}/${PROJECT_PATH}
- target:
kind: Deployment
name: app
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
annotations:
configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config"
secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret"
spec:
selector:
template:
spec:
securityContext:
runAsGroup: 1000
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
ports:
- name: app
containerPort: 8080
protocol: TCP