diff --git a/share/gitea-tekton-org/auto-cd.tf b/share/gitea-tekton-org/auto-cd.tf index 9b017ab..cbb1727 100644 --- a/share/gitea-tekton-org/auto-cd.tf +++ b/share/gitea-tekton-org/auto-cd.tf @@ -21,44 +21,67 @@ resource "kubectl_manifest" "cd-trigger-create" { labels: ${jsonencode(local.create-labels)} spec: bindings: - - name: gitrepositoryname - value: $(body.repository.name) - - name: deployurl - value: $(extensions.deploy-url) + - name: artifactory-url + value: "$(extensions.artifactory-url)" + - name: project-name + value: "$(extensions.project-name)" + - name: project-path + value: "$(extensions.project-path)" + - name: git-repository-url + value: "$(extensions.git-repository-url)" + - name: deploy-url + value: $(extensions.deploy-url) template: spec: params: - - name: gitrepositoryname + - name: artifactory-url + description: The url of the current artifactory + - name: project-name description: The git repository name - - name: deployurl - description: The git url for the deploy repository + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project resourcetemplates: - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun + kind: TaskRun metadata: - generateName: $(tt.params.gitrepositoryname)-create- + generateName: auto-cd-create-$(tt.params.project-name)- annotations: "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks spec: - pipelineRef: - name: "${var.instance}-${var.component}-auto-create" + taskRef: + name: "auto-ci-create" params: + - name: artifactory-url + value: $(tt.params.artifactory-url) - name: project-name - value: $(tt.params.gitrepositoryname) + value: $(tt.params.project-name) + - name: project-path + value: $(tt.params.project-path) + - name: git-url + value: $(tt.params.git-repository-url) - name: deploy-url - value: $(tt.params.deployurl) + value: $(tt.params.deploy-url) workspaces: - name: source - volumeClaimTemplate: - metadata: - annotations: - "mayfly.cloud.namecheap.com/expire": "2h" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi + persistentVolumeClaim: + claimName: source + subPath: "$(extensions.git-revision)" + - name: dockerconfig + secret: + secretName: gitea-docker + items: + - key: ".dockerconfigjson" + path: "config.json" + - name: sslcertdir + secret: + secretName: gitea + items: + - key: "ca.crt" + path: "ca.crt" - name: ssh secret: secretName: ssh-credentials @@ -83,44 +106,67 @@ resource "kubectl_manifest" "cd-trigger-activate" { labels: ${jsonencode(local.activate-labels)} spec: bindings: - - name: gitrepositoryname - value: $(body.repository.name) - - name: deployurl - value: $(extensions.deploy-url) + - name: artifactory-url + value: "$(extensions.artifactory-url)" + - name: project-name + value: "$(extensions.project-name)" + - name: project-path + value: "$(extensions.project-path)" + - name: git-repository-url + value: "$(extensions.git-repository-url)" + - name: deploy-url + value: $(extensions.deploy-url) template: spec: params: - - name: gitrepositoryname + - name: artifactory-url + description: The url of the current artifactory + - name: project-name description: The git repository name - - name: deployurl - description: The git url for the deploy repository + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project resourcetemplates: - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun + kind: TaskRun metadata: - generateName: $(tt.params.gitrepositoryname)-activate- + generateName: auto-cd-activate-$(tt.params.project-name)- annotations: "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks spec: - pipelineRef: - name: "${var.instance}-${var.component}-auto-activate" + taskRef: + name: "auto-ci-activate" params: + - name: artifactory-url + value: $(tt.params.artifactory-url) - name: project-name - value: $(tt.params.gitrepositoryname) + value: $(tt.params.project-name) + - name: project-path + value: $(tt.params.project-path) + - name: git-url + value: $(tt.params.git-repository-url) - name: deploy-url - value: $(tt.params.deployurl) + value: $(tt.params.deploy-url) workspaces: - name: source - volumeClaimTemplate: - metadata: - annotations: - "mayfly.cloud.namecheap.com/expire": "2h" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi + persistentVolumeClaim: + claimName: source + subPath: "$(extensions.git-revision)" + - name: dockerconfig + secret: + secretName: gitea-docker + items: + - key: ".dockerconfigjson" + path: "config.json" + - name: sslcertdir + secret: + secretName: gitea + items: + - key: "ca.crt" + path: "ca.crt" - name: ssh secret: secretName: ssh-credentials @@ -145,44 +191,67 @@ resource "kubectl_manifest" "ci-trigger-delete" { labels: ${jsonencode(local.delete-labels)} spec: bindings: - - name: gitrepositoryname - value: $(body.repository.name) - - name: deployurl - value: $(extensions.deploy-url) + - name: artifactory-url + value: "$(extensions.artifactory-url)" + - name: project-name + value: "$(extensions.project-name)" + - name: project-path + value: "$(extensions.project-path)" + - name: git-repository-url + value: "$(extensions.git-repository-url)" + - name: deploy-url + value: $(extensions.deploy-url) template: spec: params: - - name: gitrepositoryname + - name: artifactory-url + description: The url of the current artifactory + - name: project-name description: The git repository name - - name: deployurl - description: The git url for the deploy repository + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project resourcetemplates: - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun + kind: TaskRun metadata: - generateName: $(tt.params.gitrepositoryname)-delete- + generateName: auto-cd-delete-$(tt.params.project-name)- annotations: - "mayfly.cloud.namecheap.com/expire": "1440h" # 2 months + "mayfly.cloud.namecheap.com/expire": "336h" # 2 weeks spec: - pipelineRef: - name: "${var.instance}-${var.component}-delete" + taskRef: + name: "auto-ci-delete" params: + - name: artifactory-url + value: $(tt.params.artifactory-url) - name: project-name - value: $(tt.params.gitrepositoryname) + value: $(tt.params.project-name) + - name: project-path + value: $(tt.params.project-path) + - name: git-url + value: $(tt.params.git-repository-url) - name: deploy-url - value: $(tt.params.deployurl) + value: $(tt.params.deploy-url) workspaces: - name: source - volumeClaimTemplate: - metadata: - annotations: - "mayfly.cloud.namecheap.com/expire": "2h" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi + persistentVolumeClaim: + claimName: source + subPath: "$(extensions.git-revision)" + - name: dockerconfig + secret: + secretName: gitea-docker + items: + - key: ".dockerconfigjson" + path: "config.json" + - name: sslcertdir + secret: + secretName: gitea + items: + - key: "ca.crt" + path: "ca.crt" - name: ssh secret: secretName: ssh-credentials diff --git a/share/gitea-tekton-org/datas.tf b/share/gitea-tekton-org/datas.tf index 85dd33e..0ea324e 100644 --- a/share/gitea-tekton-org/datas.tf +++ b/share/gitea-tekton-org/datas.tf @@ -28,4 +28,40 @@ data "kustomization_overlay" "data" { value: http EOF } + patches { + target { + kind = "Task" + name = "auto-ci-create" + } + patch = <<-EOF + - op: replace + path: /spec/params/1/default + value: ${var.issuer} + - op: add + path: /spec/params/2/default + value: ${var.domain_name} + EOF + } + patches { + target { + kind = "Pipeline" + name = "auto-ci-push" + } + patch = <<-EOF + - op: replace + path: /spec/params/1/default + value: https://okd.${var.domain} + EOF + } + patches { + target { + kind = "Pipeline" + name = "auto-ci-tag" + } + patch = <<-EOF + - op: replace + path: /spec/params/1/default + value: https://okd.${var.domain} + EOF + } } diff --git a/share/gitea-tekton-org/index.yaml b/share/gitea-tekton-org/index.yaml index e4bcc5c..9ac89ae 100644 --- a/share/gitea-tekton-org/index.yaml +++ b/share/gitea-tekton-org/index.yaml @@ -21,6 +21,16 @@ options: examples: - your-company type: string + domain_name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string organization: default: your-org examples: diff --git a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml index 584b6fe..39a1eb2 100644 --- a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml +++ b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-push.yaml @@ -13,6 +13,9 @@ spec: default: docker.io description: The url of the current artifactory type: string + - name: okd-url + default: https://okd.media.rennes.home + type: string - name: project-name description: The name of the current project type: string @@ -43,7 +46,7 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION value: "auto-ci-push" - name: STATE @@ -59,7 +62,7 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION value: "auto-ci-push" - name: STATE @@ -75,7 +78,7 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION value: "auto-ci-push" - name: STATE @@ -91,7 +94,7 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION value: "auto-ci-push" - name: STATE diff --git a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml index 8e55a84..94079cb 100644 --- a/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml +++ b/share/gitea-tekton-org/tekton.dev_v1_Pipeline_auto-ci-tag.yaml @@ -13,6 +13,9 @@ spec: default: docker.io description: The url of the current artifactory type: string + - name: okd-url + default: https://okd.media.rennes.home + type: string - name: project-name description: The name of the current project type: string @@ -40,9 +43,9 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION - value: "auto-ci-push" + value: "auto-ci-tag" - name: STATE value: "success" taskRef: @@ -56,9 +59,9 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION - value: "auto-ci-push" + value: "auto-ci-tag" - name: STATE value: "warning" taskRef: @@ -72,9 +75,9 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION - value: "auto-ci-push" + value: "auto-ci-tag" - name: STATE value: "error" taskRef: @@ -88,9 +91,9 @@ spec: - name: SHA value: $(params.git-revision) - name: TARGET_URL - value: "https://okd.media.rennes.home/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" + value: "$(params.okd-url)/k8s/ns/$(context.pipelineRun.namespace)/tekton.dev~v1~PipelineRun/$(context.pipelineRun.name)" - name: DESCRIPTION - value: "auto-ci-push" + value: "auto-ci-tag" - name: STATE value: "pending" taskRef: @@ -101,8 +104,6 @@ spec: value: $(params.git-url) - name: revision value: $(params.git-revision) - - name: depth - value: 0 taskRef: name: git-clone workspaces: @@ -110,17 +111,8 @@ spec: workspace: source - name: ssh-directory workspace: ssh - - name: git-version - runAfter: [git-clone] - params: - - name: branch - value: $(params.branch-name) - taskRef: - name: git-version - workspaces: - - name: source - name: detect-stages - runAfter: [git-version] + runAfter: [git-clone] params: - name: artifactory-url value: $(params.artifactory-url) @@ -129,7 +121,7 @@ spec: - name: project-path value: $(params.project-path) - name: image-version - value: "$(params.branch-name)-$(tasks.git-version.results.packageVersion)" + value: "$(params.tag-name)" taskRef: name: auto-ci-detector workspaces: diff --git a/share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-create.yaml b/share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-create.yaml new file mode 100644 index 0000000..1ec3a27 --- /dev/null +++ b/share/gitea-tekton-org/tekton.dev_v1_Task_auto-ci-create.yaml @@ -0,0 +1,97 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: auto-ci-create +spec: + params: + - name: toolbox-image + default: sebt3/basic-toolbox-image:1.30.0 + description: The name of the toolbox image + type: string + - name: issuer-name + default: letsencrypt-prod + type: string + - name: domain-name + type: string + - name: artifactory-url + description: The url of the current artifactory + - name: project-name + description: The git repository name + - name: project-path + description: The path of the current project + - name: git-repository-url + description: The git repository url + - name: deploy-url + description: The git repository url for the deploy project + steps: + - name: cleanup + image: $(params.toolbox-image) + workingDir: $(workspaces.source.path) + env: + - name: ARTIFACTORY_URL + value: $(params.artifactory-url) + - name: PROJECT_NAME + value: $(params.project-name) + - name: DOMAIN_NAME + value: $(params.domain-name) + - name: ISSUER_NAME + value: $(params.issuer-name) + - name: PROJECT_PATH + value: $(params.project-path) + - name: GIT_REPOSITORY_URL + value: $(params.git-repository-url) + - name: DEPLOY_URL + value: $(params.deploy-url) + script: |- + #!/usr/bin/env ash + git clone "$(params.deploy-url)" --depth 1 . + mkdir -p "projects/$(params.project-name)" bases/project bases/install bases/deploy + added=0 + copy() { + local src=/etc/templates/$1 dest=$2 + if [ ! -f $dest ];then + cp "$src" "$dest" + git add "$dest" + added=$(($added+1)) + fi + } + template() { + local src=/etc/templates/$1 dest=$2 + if [ ! -f $dest ];then + envsubst <"$src" >"$dest" + git add "$dest" + added=$(($added+1)) + fi + } + template base-update.yaml.tmpl bases/project/base-update.yaml + copy base-repo.yaml bases/project/repo.yaml + copy base-cert.yaml bases/project/cert.yaml + copy base-ingress.yaml bases/project/ingress.yaml + copy base-policy.yaml bases/project/policy.yaml + copy base-deploy.yaml bases/project/deploy.yaml + copy base-secret.yaml bases/project/secret.yaml + copy base-config.yaml bases/project/config.yaml + copy base-service.yaml bases/project/service.yaml + copy base-kusto.yaml bases/project/kustomization.yaml + copy install-install.yaml bases/install/install.yaml + copy install-kusto.yaml bases/install/kustomization.yaml + copy deploy-kusto.yaml bases/deploy/kustomization.yaml + template deploy-repo.yaml.tmpl bases/deploy/repo.yaml + template project-kusto.yaml.tmpl "projects/$(params.project-name)/kustomization.yaml" + volumeMounts: + - mountPath: /etc/templates + name: templates + volumes: + - name: templates + configmap: + name: auto-cd-create-templates + workspaces: + - name: source + mountPath: /data + - description: | + A .ssh directory with private key, known_hosts, config, etc. Copied to + the user's home before git commands are executed. Used to authenticate + with the git remote when performing the clone. Binding a Secret to this + Workspace is strongly recommended over other volume types. + name: ssh-directory + optional: true \ No newline at end of file diff --git a/share/gitea-tekton-org/v1_ConfigMap_auto-cd-create-templates.yaml b/share/gitea-tekton-org/v1_ConfigMap_auto-cd-create-templates.yaml new file mode 100644 index 0000000..51ae266 --- /dev/null +++ b/share/gitea-tekton-org/v1_ConfigMap_auto-cd-create-templates.yaml @@ -0,0 +1,274 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: auto-cd-create-templates +data: + base-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + resources: + - cert.yaml + - ingress.yaml + - deploy.yaml + - service.yaml + - config.yaml + - secret.yaml + - repo.yaml + - policy.yaml + - update.yaml + - ../install + base-update.yaml.tmpl: |- + --- + apiVersion: image.toolkit.fluxcd.io/v1beta1 + kind: ImageUpdateAutomation + metadata: + name: update + spec: + interval: 5m + sourceRef: + kind: GitRepository + name: deploy-git + git: + checkout: + ref: + branch: main + commit: + author: + email: fluxcd.automation@${ARTIFACTORY_URL} + name: fluxcd + messageTemplate: | + Automated image update: {{ .AutomationObject }} + + Files: + {{ range $filename, $_ := .Updated.Files -}} + - {{ $filename }} + {{ end -}} + + Objects: + {{ range $resource, $_ := .Updated.Objects -}} + - {{ $resource.Kind }} {{ $resource.Name }} + {{ end -}} + + Images: + {{ range .Updated.Images -}} + - {{.}} + {{ end -}} + {{- $ChangeId := .AutomationObject -}} + {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}} + {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}} + {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }} + Change-Name: {{ $ChangeId }} + Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }} + push: + branch: main + update: + strategy: Setters + base-repo.yaml: |- + --- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImageRepository + metadata: + name: repo + spec: + interval: 5m + provider: generic + secretRef: + name: gitea + base-cert.yaml: |- + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: web + spec: + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + base-ingress.yaml: |- + --- + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: web + spec: + rules: + - http: + paths: + - backend: + service: + name: svc + port: + number: 80 + path: / + pathType: Prefix + base-policy.yaml: |- + --- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImagePolicy + metadata: + name: policy + spec: + imageRepositoryRef: + base-deploy.yaml: |- + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: app + spec: + replicas: 1 + selector: + template: + spec: + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: app + image: appli + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: "config" + - secretRef: + name: "secret" + base-secret.yaml: |- + --- + apiVersion: v1 + kind: Secret + metadata: + name: "secret" + annotations: + gramo.solidite.fr/no-parent: "true" + labels: + k8up.io/backup: "true" + type: Opaque + base-config.yaml: |- + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: "config" + labels: + app: holdup + labels: + k8up.io/backup: "true" + data: + base-service.yaml: |- + --- + apiVersion: v1 + kind: Service + metadata: + name: svc + spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: app + type: ClusterIP + install-install.yaml: |- + --- + apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + metadata: + name: install + spec: + interval: 5m + sourceRef: + kind: GitRepository + name: deploy-git + prune: true + timeout: 1m + install-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + resources: + - install.yaml + deploy-repo.yaml.tmpl: |- + --- + apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + metadata: + name: git + spec: + interval: 5m0s + url: ${DEPLOY_URL} + ref: + branch: main + secretRef: + name: ssh-credentials + deploy-kusto.yaml: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + namePrefix: deploy- + resources: + - repo-git.yaml + - ../install + project-kusto.yaml.tmpl: |- + --- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + + namePrefix: ${PROJECT_NAME}- + commonLabels: + app.kubernetes.io/component: ${PROJECT_NAME} + component: ${PROJECT_NAME} + + resources: + - ../../bases/project + + patches: + - target: + kind: ImagePolicy + name: policy + patch: |- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImagePolicy + metadata: + name: policy + spec: + imageRepositoryRef: + name: ${PROJECT_NAME}-repo + - target: + kind: ImageRepository + name: repo + patch: |- + apiVersion: image.toolkit.fluxcd.io/v1beta2 + kind: ImageRepository + metadata: + name: repo + spec: + image: ${ARTIFACTORY_URL}/${PROJECT_PATH} + - target: + kind: Deployment + name: app + patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: app + annotations: + configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config" + secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret" + spec: + selector: + template: + spec: + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: app + ports: + - name: app + containerPort: 8080 + protocol: TCP \ No newline at end of file