apiVersion: v1 kind: ConfigMap metadata: name: auto-cd-templates data: functions.sh: |- added=0 copy() { local src=${TEMPLATE_ROOT}/$1 dest=$2 if [ ! -f $dest ];then cp "$src" "$dest" git add "$dest" added=$(($added+1)) fi } template() { local src=${TEMPLATE_ROOT}/$1 dest=$2 if [ ! -f $dest ];then envsubst <"$src" >"$dest" git add "$dest" added=$(($added+1)) fi } git_push() { local message=$1 if [ $added -ne 0 ];then git commit -am "$message" git push fi } cleanup() { rm -rf .* * || true } git_prepare() { local url=$1 username=$2 email=$3 mkdir -p "${HOME}/.ssh" cp -v "${WORKSPACE_SSH_DIRECTORY_PATH}"/* "${HOME}/.ssh" chmod 700 "${HOME}/.ssh" chmod 400 "${HOME}/.ssh"/* git config --global user.name "$username" git config --global user.email "$email" git clone "$url" --branch main --depth 1 . } install_base() { mkdir -p bases/project bases/install bases/deploy bases/images template base-update.yaml.tmpl bases/images/update.yaml copy yamllint.yaml .yamllint.yaml copy base-repo.yaml bases/images/repo.yaml copy base-cert.yaml bases/project/cert.yaml copy base-ingress.yaml bases/project/ingress.yaml copy base-policy.yaml bases/images/policy.yaml copy base-deploy.yaml bases/project/deploy.yaml copy base-secret.yaml bases/project/secret.yaml copy base-config.yaml bases/project/config.yaml copy base-service.yaml bases/project/service.yaml copy base-kusto.yaml bases/project/kustomization.yaml copy install-install.yaml bases/install/install.yaml copy install-kusto.yaml bases/install/kustomization.yaml copy deploy-kusto.yaml bases/deploy/kustomization.yaml template deploy-repo.yaml.tmpl bases/deploy/repo.yaml } create_prj() { export ORG_NAME=$(echo ${PROJECT_PATH}|sed 's#/.*##') mkdir -p "projects/${PROJECT_NAME}" template project-kusto.yaml.tmpl "projects/${PROJECT_NAME}/kustomization.yaml" while [ $# -gt 0 ];do export STAGE=$1 mkdir -p "stages/${STAGE}/${PROJECT_NAME}" "stages/${STAGE}/deploy/${PROJECT_NAME}" template stagep-kusto.yaml.tmpl "stages/deploy/${PROJECT_NAME}/kustomization.yaml" template stages-kusto.yaml.tmpl "stages/deploy/kustomization.yaml" template stages-kusto.yaml.tmpl "stages/${STAGE}/kustomization.yaml" template stage-kusto.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/kustomization.yaml" template stage-ingress.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/ingress.yaml" template stage-cert.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/cert.yaml" template stage-config.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/config.yaml" shift done } activate_prj() { touch /tmp/toto } delete_prj() { rm -rf "projects/${PROJECT_NAME}" } staged-kusto.yaml: |- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - policy.yaml - update.yaml - ../install stages-kusto.yaml: |- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: stage-kusto.yaml.tmpl: |- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../../projects/${PROJECT_NAME} commonLabels: app.kubernetes.io/instance: ${STAGE} images: - name: appli newName: ${ARTIFACTORY_URL}/${ORG_NAME}/${PROJECT_NAME} newTag: latest # {"$imagepolicy": "${NAMESPACE}:${PROJECT_NAME}-policy:tag"} patches: - target: kind: ConfigMap name: ${PROJECT_NAME}-config patch: config.yaml - target: kind: Certificate name: ${PROJECT_NAME}-web patch: cert.yaml - target: kind: Ingress name: ${PROJECT_NAME}-web patch: ingress.yaml stage-ingress.yaml.tmpl: |- - op: add path: /spec/rules/O/host value: ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME} - op: add path: /spec/tls/O value: secretName: ${PROJECT_NAME}-cert hosts: - "${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME}" stage-cert.yaml.tmpl: |- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ${PROJECT_NAME}-web spec: secretName: ${PROJECT_NAME}-cert dnsNames: - ${PROJECT_NAME}.${STAGE}.${ORG_NAME}.${DOMAIN_NAME} stage-config.yaml.tmpl: |- apiVersion: v1 kind: ConfigMap metadata: name: ${PROJECT_NAME}-config data: yamllint.yaml: |- --- extends: default rules: document-start: present: true empty-lines: max-end: 1 indentation: spaces: 2 indent-sequences: false line-length: disable colons: max-spaces-after: -1 base-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cert.yaml - ingress.yaml - deploy.yaml - service.yaml - config.yaml - secret.yaml base-update.yaml.tmpl: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImageUpdateAutomation metadata: name: update spec: interval: 5m sourceRef: kind: GitRepository name: deploy-git git: checkout: ref: branch: main commit: author: email: fluxcd.automation@${ARTIFACTORY_URL} name: fluxcd messageTemplate: | Automated image update: {{ .AutomationObject }} Files: {{ range $filename, $_ := .Updated.Files -}} - {{ $filename }} {{ end -}} Objects: {{ range $resource, $_ := .Updated.Objects -}} - {{ $resource.Kind }} {{ $resource.Name }} {{ end -}} Images: {{ range .Updated.Images -}} - {{.}} {{ end -}} {{- $ChangeId := .AutomationObject -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Files | toString ) -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Objects | toString ) -}} {{- $ChangeId = printf "%s-%s" $ChangeId ( .Updated.Images | toString ) }} Change-Name: {{ $ChangeId }} Change-Id: {{ printf "I%s" ( sha256sum $ChangeId | trunc 40 ) }} push: branch: main update: strategy: Setters base-repo.yaml: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: name: repo spec: interval: 5m provider: generic secretRef: name: gitea base-cert.yaml: |- --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: web spec: issuerRef: group: cert-manager.io kind: ClusterIssuer base-ingress.yaml: |- --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web spec: rules: - http: paths: - backend: service: name: svc port: number: 80 path: / pathType: Prefix base-policy.yaml: |- --- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: name: policy spec: imageRepositoryRef: base-deploy.yaml: |- --- apiVersion: apps/v1 kind: Deployment metadata: name: app spec: replicas: 1 selector: template: spec: securityContext: runAsGroup: 1000 runAsUser: 1000 fsGroup: 1000 containers: - name: app image: appli imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: "config" - secretRef: name: "secret" base-secret.yaml: |- --- apiVersion: v1 kind: Secret metadata: name: "secret" annotations: gramo.solidite.fr/no-parent: "true" labels: k8up.io/backup: "true" type: Opaque base-config.yaml: |- --- apiVersion: v1 kind: ConfigMap metadata: name: "config" labels: k8up.io/backup: "true" data: base-service.yaml: |- --- apiVersion: v1 kind: Service metadata: name: svc spec: ports: - name: app port: 80 protocol: TCP targetPort: app type: ClusterIP install-install.yaml: |- --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: install spec: interval: 5m sourceRef: kind: GitRepository name: deploy-git prune: true timeout: 1m install-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - install.yaml deploy-repo.yaml.tmpl: |- --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: git spec: interval: 5m0s url: ${DEPLOY_URL} ref: branch: main secretRef: name: ssh-credentials deploy-kusto.yaml: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namePrefix: deploy- resources: - repo-git.yaml - ../install project-kusto.yaml.tmpl: |- --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namePrefix: ${PROJECT_NAME}- commonLabels: app.kubernetes.io/name: ${ORG_NAME} app.kubernetes.io/component: ${PROJECT_NAME} component: ${PROJECT_NAME} resources: - ../../bases/project patches: - target: kind: ImagePolicy name: policy patch: |- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: name: policy spec: imageRepositoryRef: name: ${PROJECT_NAME}-repo - target: kind: ImageRepository name: repo patch: |- apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: name: repo spec: image: ${ARTIFACTORY_URL}/${PROJECT_PATH} - target: kind: Deployment name: app patch: |- apiVersion: apps/v1 kind: Deployment metadata: name: app annotations: configmap.reloader.stakater.com/reload: "${PROJECT_NAME}-config" secret.reloader.stakater.com/reload: "${PROJECT_NAME}-secret" spec: selector: template: spec: securityContext: runAsGroup: 1000 runAsUser: 1000 fsGroup: 1000 containers: - name: app ports: - name: app containerPort: 8080 protocol: TCP