Added manifests

manifests/blackhole.yaml

@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: black-hole
+  namespace: kube-system
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: 9090
+    name: web
+  selector:
+    app: black-hole
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: black-hole
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: black-hole
+  template:
+    metadata:
+      labels:
+        app: black-hole
+    spec:
+      containers:
+      - name: black-hole
+        image: averagemarcus/black-hole:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 9090
+          name: web
+        resources:
+          limits:
+            memory: 20Mi
+            cpu: 10m
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: black-hole
+  namespace: kube-system
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        backend:
+          serviceName: black-hole
+          servicePort: 80

manifests/certmanager_2chart.yaml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    certmanager.k8s.io/disable-validation: "true"
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  chart:
+    repository: https://charts.jetstack.io
+    name: cert-manager
+    version: v0.14.3
+  maxHistory: 4
+  values:
+    resources:
+      requests:
+        cpu: 10m
+        memory: 32Mi
+      limits:
+        cpu: 20m
+        memory: 64Mi
+
+---
+
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: letsencrypt@marcusnoble.co.uk
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: traefik

manifests/gitea.yaml

@@ -0,0 +1,119 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-secret-key
+  namespace: gitea
+  annotations:
+    kube-1password: 2j4lrhtz5k6eqiwato4pebu3r4
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: git
+  namespace: gitea
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: git
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: git
+  namespace: gitea
+  labels:
+    app: git
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: git
+  serviceName: "git"
+  template:
+    metadata:
+      labels:
+        app: git
+    spec:
+      containers:
+      - name: git
+        image: gitea/gitea:1.11
+        env:
+        - name: APP_NAME
+          value: "Git"
+        - name: RUN_MODE
+          value: prod
+        - name: DISABLE_SSH
+          value: "true"
+        - name: ROOT_URL
+          value: https://git.cluster.fun
+        - name: DISABLE_REGISTRATION
+          value: "true"
+        - name: DEFAULT_PRIVATE
+          value: private
+        - name: ENABLE_PUSH_CREATE_USER
+          value: "true"
+        - name: ENABLE_PUSH_CREATE_ORG
+          value: "true"
+        - name: ISSUE_PAGING_NUM
+          value: "20"
+        - name: DEFAULT_THEME
+          value: arc-green
+        - name: SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: gitea-secret-key
+              key: password
+        ports:
+        - containerPort: 3000
+          name: web
+        resources:
+          requests:
+            memory: 400Mi
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /data
+          name: git-data
+  volumeClaimTemplates:
+  - metadata:
+      name: git-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: scw-bssd-retain
+      resources:
+        requests:
+          storage: 20Gi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: git
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - git.cluster.fun
+    secretName: git
+  rules:
+  - host: git.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: git
+          servicePort: 80

manifests/harbor_chart.yaml

@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-values
+  namespace: harbor
+  annotations:
+    kube-1password: igey7vjjiqmj25v64eck7cyj34
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: values.yaml
+type: Opaque
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  chart:
+    repository: https://helm.goharbor.io
+    name: harbor
+    version: 1.3.2
+  maxHistory: 4
+  skipCRDs: false
+  valuesFrom:
+  - secretKeyRef:
+      name: harbor-values
+      namespace: harbor
+      key: values.yaml
+      optional: false
+  values:
+    portal:
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 10m
+    core:
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 10m
+    jobservice:
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 10m
+    registry:
+      registry:
+        resources:
+          requests:
+            memory: 64Mi
+            cpu: 10m
+      controller:
+        resources:
+          requests:
+            memory: 64Mi
+            cpu: 10m

manifests/loki_chart.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: logging
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-credentials
+  namespace: logging
+  annotations:
+    kube-1password: wpynfxkdipeeacyfxkvtdsuj54
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: loki
+  namespace: logging
+spec:
+  chart:
+    repository: https://grafana.github.io/loki/charts
+    name: loki-stack
+    version: 0.36.2
+  maxHistory: 4
+  skipCRDs: false
+  values:
+    fluent-bit:
+      enabled: "true"
+    promtail:
+      enabled: "true"
+    loki:
+      persistence:
+        enabled: "true"
+        size: 10Gi
+
+# ---
+# apiVersion: helm.fluxcd.io/v1
+# kind: HelmRelease
+# metadata:
+#   name: grafana
+#   namespace: logging
+# spec:
+#   chart:
+#     repository: https://kubernetes-charts.storage.googleapis.com
+#     name: grafana
+#     version: 5.0.22
+#   maxHistory: 4
+#   skipCRDs: false
+#   values:
+#     admin:
+#       existingSecret: "grafana-credentials"
+#       userKey: username
+#       passwordKey: password
+#     persistence:
+#       enabled: "false"
+#     datasources:
+#       datasources.yaml:
+#         apiVersion: 1
+#         datasources:
+#         - name: Loki
+#           type: loki
+#           url: http://logging-loki.logging:3100
+#           access: proxy
+#           jsonData:
+#             maxLines: 1000

manifests/traefik-lb.yaml

@@ -0,0 +1,16 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: traefik-ingress-service
+  namespace: kube-system
+spec:
+  selector:
+    k8s-app: traefik-ingress-lb
+  ports:
+    - protocol: TCP
+      port: 80
+      name: http
+    - protocol: TCP
+      port: 443
+      name: https
+  type: LoadBalancer

tekton/1-Install/1-pipeline.yaml

@@ -971,10 +971,6 @@ spec:
           value: config-logging
         - name: CONFIG_OBSERVABILITY_NAME
           value: config-observability
-        - name: CONFIG_ARTIFACT_BUCKET_NAME
-          value: config-artifact-bucket
-        - name: CONFIG_ARTIFACT_PVC_NAME
-          value: config-artifact-pvc
         - name: METRICS_DOMAIN
           value: tekton.dev/pipeline
       volumes:

tekton/2-Setup/docker-creds.yaml

@@ -7,5 +7,5 @@ metadata:
     kube-1password: kgpbumszi4stqgyzg4kqrttxam
     kube-1password/vault: Kubernetes
     tekton.dev/docker-0: https://docker.cloud.cluster.fun/averagemarcus
-type: kubernetes.io/basic-auth
+type: Opaque
 

tekton/2-Setup/gitea-creds.yaml

@@ -19,4 +19,4 @@ metadata:
     kube-1password: 3jgo56jlsrdxilf2vdp5zsw6lq
     kube-1password/vault: Kubernetes
     tekton.dev/git-0: https://git.cloud.cluster.fun
-type: kubernetes.io/basic-auth
+type: Opaque

terraform/kubernetes-manifests.tf

@@ -0,0 +1,31 @@
+provider "kubectl" {
+  load_config_file = false
+  host             = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
+  token            = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
+  cluster_ca_certificate = base64decode(
+    scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
+  )
+}
+
+resource "kubectl_manifest" "manifests" {
+  for_each = fileset(path.module, "../manifests/*")
+  yaml_body = file(each.key)
+}
+
+
+resource "kubectl_manifest" "tekton-install" {
+  for_each = fileset(path.module, "../tekton/1-Install/*")
+  yaml_body = file(each.key)
+}
+
+resource "kubectl_manifest" "tekton-setup" {
+  for_each = fileset(path.module, "../tekton/2-Setup/*")
+  yaml_body = file(each.key)
+}
+
+
+resource "kubectl_manifest" "tekton" {
+  for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
+  yaml_body = file(each.key)
+}
+