90 lines
2.6 KiB
HCL
90 lines
2.6 KiB
HCL
resource "kubernetes_namespace_v1" "ns-tekton" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
metadata {
|
|
annotations = local.annotations
|
|
labels = merge(local.common-labels, local.annotations)
|
|
name = "${var.domain}-ci-${var.instance}"
|
|
}
|
|
}
|
|
|
|
resource "kubectl_manifest" "tekton" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
depends_on = [kubernetes_namespace_v1.ns-tekton]
|
|
yaml_body = <<-EOF
|
|
apiVersion: "vynil.solidite.fr/v1"
|
|
kind: "Install"
|
|
metadata:
|
|
name: "tekton-base"
|
|
namespace: "${var.domain}-ci-${var.instance}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
distrib: "${var.distributions.domain}"
|
|
category: "share"
|
|
component: "gitea-tekton-org"
|
|
options:
|
|
domain: "${var.domain}"
|
|
organization: "${trimprefix(var.instance,"org-")}"
|
|
autoCI: ${jsonencode(var.haveGitea&&var.haveTekton&& var.autoCI)}
|
|
autoCD: ${jsonencode(var.haveGitea&&var.haveTekton&& var.autoCD)}
|
|
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "ci-ssh-creds" {
|
|
depends_on = [kubernetes_namespace_v1.ns-tekton]
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
yaml_body = <<-EOF
|
|
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
|
|
kind: "SSHKeyPair"
|
|
metadata:
|
|
name: "ssh-credentials"
|
|
namespace: "${var.domain}-ci-${var.instance}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
length: "2048"
|
|
forceRegenerate: false
|
|
data:
|
|
known_hosts: "${data.local_file.known_host[0].content}"
|
|
EOF
|
|
lifecycle {
|
|
ignore_changes = [
|
|
yaml_body,
|
|
]
|
|
}
|
|
}
|
|
|
|
data "kubernetes_secret_v1" "ci-ssh-creds-read" {
|
|
depends_on = [kubectl_manifest.ci-ssh-creds]
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
metadata {
|
|
name = "ssh-credentials"
|
|
namespace = "${var.domain}-ci-${var.instance}"
|
|
}
|
|
}
|
|
resource "gitea_public_key" "ci-user-keys" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
title = "Tekton token to read repository ${var.instance}"
|
|
username = gitea_user.user-ci[0].username
|
|
key = data.kubernetes_secret_v1.ci-ssh-creds-read[count.index].data["ssh-publickey"]
|
|
}
|
|
|
|
resource "gitea_token" "ci-user-token" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
username = gitea_user.user-ci[0].username
|
|
name = "tekton-${var.instance}-${var.component}"
|
|
}
|
|
|
|
resource "kubernetes_secret_v1" "ci-user-token-secret" {
|
|
count = var.haveGitea && var.haveTekton?1:0
|
|
metadata {
|
|
name = "gitea"
|
|
namespace = "${var.domain}-ci-${var.instance}"
|
|
}
|
|
data = {
|
|
url = "gitea-http.${var.domain}-ci.svc:3000"
|
|
username = gitea_user.user-ci[0].username
|
|
token = resource.gitea_token.ci-user-token[0].token
|
|
}
|
|
}
|
|
|