Use project name in run name

Added Goldilocks to keep an eye on suggested improvements

Makefile

@@ -17,7 +17,7 @@ format:
 
 .PHONY: run-tests # Runs all tests
 run-tests:
-	@echo "⚠️ 'run-tests' unimplemented"
+	@cd terraform && terraform plan
 
 .PHONY: fetch-deps # Fetch all project dependencies
 fetch-deps:
@@ -41,11 +41,9 @@ run:
 
 .PHONY: ci # Perform CI specific tasks to perform on a pull request
 ci:
-	@cd terraform
-	@PLAN=$(terraform plan)
-	@curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \
+	@PLAN=$(cd terraform && terraform plan ./terraform) && curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \
 		-H 'Content-Type: application/json; charset=utf-8' \
-		-d $'{"body": "<details><summary>Terraform Plan:</summary>'$PLAN'</details>"}'
+		-d $'{"body": "<details><summary>Terraform Plan:</summary>'"$PLAN"'</details>"}'
 
 .PHONY: release # Release the latest version of the application
 release:
@@ -60,4 +58,4 @@ help:
 	@echo "-----------------------------------"
 	@grep '^.PHONY: .* #' Makefile | sed 's/\.PHONY: \(.*\) # \(.*\)/\1	\2/' | expand -t20
 
-default: test build
+default: test

manifests/blackhole.yaml

@@ -36,8 +36,11 @@ spec:
           name: web
         resources:
           limits:
-            memory: 20Mi
-            cpu: 10m
+            memory: 10Mi
+
+          requests:
+            memory: 10Mi
+
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/blog.yaml

@@ -39,6 +39,11 @@ spec:
         ports:
         - containerPort: 8000
           name: web
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            memory: 200Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/buzzers.yaml

@@ -39,6 +39,11 @@ spec:
         ports:
         - containerPort: 80
           name: web
+        resources:
+          limits:
+            memory: 283Mi
+          requests:
+            memory: 283Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/cctv.yaml

@@ -64,6 +64,11 @@ spec:
         ports:
         - containerPort: 8080
           protocol: TCP
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
 ---
 apiVersion: v1
 kind: Service

manifests/certmanager_chart.yaml

@@ -22,10 +22,10 @@ spec:
     installCRDs: "true"
     resources:
       requests:
-        cpu: 10m
+
         memory: 32Mi
       limits:
-        cpu: 20m
+
         memory: 64Mi
 
 ---

manifests/cors-proxy.yaml

@@ -23,7 +23,7 @@ metadata:
   name: cors-proxy
   namespace: cors-proxy
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: cors-proxy

manifests/dashboard.yaml

@@ -54,6 +54,11 @@ spec:
         ports:
         - containerPort: 80
           name: web
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/downloads.yaml

@@ -64,6 +64,11 @@ spec:
         ports:
         - containerPort: 8080
           protocol: TCP
+        resources:
+          limits:
+            memory: 250Mi
+          requests:
+            memory: 250Mi
 ---
 apiVersion: v1
 kind: Service

manifests/ghost_chart.yaml

@@ -1,67 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ghost
-
----
-
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: ghost
-  namespace: ghost
-spec:
-  chart:
-    repository: https://charts.bitnami.com/bitnami
-    name: ghost
-    version: 10.0.2
-  maxHistory: 4
-  values:
-    ghostHost: www.chloehiggins.co.uk
-    ghostUsername: chloe
-    ghostEmail: ghost@chloes.email
-    ghostBlogTitle: "Chloe's Website"
-    service:
-      type: ClusterIP
-    mariadb:
-      master:
-        persistence:
-          enabled: true
-          size: 1Gi
-    persistence:
-      enabled: true
-      size: 1Gi
-
----
-
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: ghost
-  namespace: ghost
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-spec:
-  tls:
-  - hosts:
-    - www.chloehiggins.co.uk
-    - chloehiggins.co.uk
-    secretName: ghost-ingress
-  rules:
-  - host: www.chloehiggins.co.uk
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: ghost-ghost
-          servicePort: 80
-  - host: chloehiggins.co.uk
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: ghost-ghost
-          servicePort: 80

manifests/gitea.yaml

@@ -80,7 +80,7 @@ spec:
         resources:
           requests:
             memory: 400Mi
-            cpu: 10m
+
         volumeMounts:
         - mountPath: /data
           name: git-data

manifests/harbor_chart.yaml

@@ -37,25 +37,21 @@ spec:
       resources:
         requests:
           memory: 64Mi
-          cpu: 10m
     core:
       resources:
         requests:
           memory: 64Mi
-          cpu: 10m
     jobservice:
       resources:
         requests:
           memory: 64Mi
-          cpu: 10m
     registry:
       registry:
         resources:
           requests:
             memory: 64Mi
-            cpu: 10m
       controller:
         resources:
           requests:
             memory: 64Mi
-            cpu: 10m
+

manifests/inlets.yaml

@@ -77,3 +77,27 @@ spec:
         backend:
           serviceName: inlets
           servicePort: 80
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: pyload
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - pyload.cluster.fun
+    secretName: pyload-ingress
+  rules:
+  - host: pyload.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: inlets
+          servicePort: 80

manifests/kube-janitor.yaml

@@ -53,11 +53,11 @@ data:
   rules.yaml: |-
     rules:
       - id: tekton-tasks
-        # remove deployments and statefulsets without a label "application"
         resources:
           - pods
+          - pipelineruns
         jmespath: "(metadata.labels.\"tekton.dev/pipeline\")"
-        ttl: 1h
+        ttl: 3h
 
 ---
 
@@ -93,7 +93,6 @@ spec:
           limits:
             memory: 100Mi
           requests:
-            cpu: 5m
             memory: 100Mi
         securityContext:
           readOnlyRootFilesystem: true

manifests/nextcloud_chart.yaml

@@ -58,4 +58,4 @@ spec:
     resources:
       requests:
         memory: 500Mi
-        cpu: 50m
+

manifests/nodered.yaml

@@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: node-red
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: node-red
+  namespace: node-red
+  annotations:
+    kube-1password: to62npgx5vvlknphuytg7qgrny
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: settings.js
+type: Opaque
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: node-red
+  namespace: node-red
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: node-red
+  namespace: node-red
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: node-red
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-red
+  namespace: node-red
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: node-red
+  template:
+    metadata:
+      labels:
+        app: node-red
+    spec:
+      securityContext:
+        fsGroup: 1000
+      initContainers:
+      - name: config-copy
+        image: bash:latest
+        imagePullPolicy: IfNotPresent
+        args:
+          - -c
+          - |
+            cp /config/settings.js /data/
+        volumeMounts:
+          - name: config
+            mountPath: /config/settings.js
+            subPath: settings.js
+          - name: data
+            mountPath: /data
+      containers:
+      - name: web
+        image: nodered/node-red:latest-12
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 1880
+          name: web
+        volumeMounts:
+          - name: data
+            mountPath: /data
+      volumes:
+        - name: config
+          secret:
+            secretName: node-red
+        - name: data
+          persistentVolumeClaim:
+            claimName: node-red
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: node-red
+  namespace: node-red
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - nodered.cluster.fun
+    secretName: node-red-ingress
+  rules:
+  - host: nodered.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: node-red
+          servicePort: 80

manifests/qr.yaml

@@ -23,7 +23,7 @@ metadata:
   name: qr
   namespace: qr
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: qr
@@ -39,6 +39,11 @@ spec:
         ports:
         - containerPort: 8080
           name: web
+        resources:
+          limits:
+            memory: 100Mi
+          requests:
+            memory: 100Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/rss.yaml

@@ -65,6 +65,11 @@ spec:
         ports:
         - containerPort: 8080
           name: web
+        resources:
+          limits:
+            memory: 308Mi
+          requests:
+            memory: 308Mi
         volumeMounts:
           - mountPath: /data
             name: storage

manifests/traefik-lb.yaml

@@ -14,3 +14,62 @@ spec:
       port: 443
       name: https
   type: LoadBalancer
+
+---
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: traefik-ingress-lb
+    k8s.scw.cloud/ingress: traefik
+    k8s.scw.cloud/object: DaemonSet
+    k8s.scw.cloud/system: ingress
+  name: ingress-traefik
+  namespace: kube-system
+spec:
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: traefik-ingress-lb
+  template:
+    metadata:
+      labels:
+        k8s-app: traefik-ingress-lb
+        name: ingress-traefik
+    spec:
+      containers:
+      - args:
+        - --api
+        - --kubernetes
+        - --logLevel=INFO
+        - --defaultentrypoints=http,https
+        - --entrypoints=Name:https Address::443 TLS
+        - --entrypoints=Name:http Address::80
+        - --accesslog
+        - --accesslog.format=json
+        image: docker.io/traefik:1.7
+        imagePullPolicy: IfNotPresent
+        name: ingress-traefik
+        ports:
+        - containerPort: 80
+          hostPort: 80
+          name: http
+          protocol: TCP
+        - containerPort: 443
+          hostPort: 443
+          name: https
+          protocol: TCP
+        - containerPort: 8080
+          name: admin
+          protocol: TCP
+        securityContext:
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - ALL
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      serviceAccount: ingress-traefik
+      serviceAccountName: ingress-traefik

manifests/twitter-profile-pic.yaml

@@ -4,6 +4,17 @@ metadata:
   name: twitter-profile-pic
 ---
 apiVersion: v1
+kind: Secret
+metadata:
+  name: twitter-profile-pic
+  namespace: twitter-profile-pic
+  annotations:
+    kube-1password: d2rt56v47q2wij47qgj27umrky
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .env
+type: Opaque
+---
+apiVersion: v1
 kind: Service
 metadata:
   name: twitter-profile-pic
@@ -23,7 +34,7 @@ metadata:
   name: twitter-profile-pic
   namespace: twitter-profile-pic
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: twitter-profile-pic
@@ -39,6 +50,19 @@ spec:
         ports:
         - containerPort: 9090
           name: web
+        resources:
+          limits:
+            memory: 250Mi
+          requests:
+            memory: 250Mi
+        volumeMounts:
+          - name: dotenv
+            mountPath: /app/.env
+            subPath: .env
+      volumes:
+      - name: dotenv
+        secret:
+          secretName: twitter-profile-pic
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/website-to-remarkable.yaml

@@ -34,6 +34,9 @@ spec:
   - port: 80
     targetPort: 8080
     name: web
+  - port: 8000
+    targetPort: 8000
+    name: noauth
   selector:
     app: website-to-remarkable
 ---
@@ -92,6 +95,11 @@ spec:
         ports:
         - containerPort: 8080
           protocol: TCP
+        resources:
+          limits:
+            memory: 125Mi
+          requests:
+            memory: 125Mi
       - name: web
         image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest
         imagePullPolicy: Always

tekton/pipelines/pr.yaml

@@ -39,6 +39,12 @@ spec:
       params:
         - name: TARGET
           value: "test"
+        - name: REPO
+          value: $(params.projectname)
+        - name: PR_ID
+          value: $(params.prid)
+        - name: SHA
+          value: $(params.gitrevision)
       resources:
         inputs:
           - name: src
@@ -55,6 +61,12 @@ spec:
       params:
         - name: TARGET
           value: "build"
+        - name: REPO
+          value: $(params.projectname)
+        - name: PR_ID
+          value: $(params.prid)
+        - name: SHA
+          value: $(params.gitrevision)
       resources:
         inputs:
           - name: src
@@ -75,6 +87,8 @@ spec:
           value: $(params.projectname)
         - name: PR_ID
           value: $(params.prid)
+        - name: SHA
+          value: $(params.gitrevision)
       resources:
         inputs:
           - name: src

tekton/tasks/pr-status.yaml

@@ -14,7 +14,7 @@ spec:
     default: "pending"
   steps:
   - name: pr-status-update
-    image: docker.cluster.fun/averagemarcus/gitea-pr-state:latest
+    image: docker.cluster.fun/averagemarcus/gitea-pr-status:latest
     env:
     - name: ACCESS_TOKEN
       valueFrom:
@@ -22,6 +22,6 @@ spec:
           name: gitea-access-token
           key: access-token
     args:
-    - "$(params.REPO)"
+    - "AverageMarcus/$(params.REPO)"
     - "$(params.SHA)"
     - "$(params.STATE)"

tekton/triggertemplates/deploy.yaml

@@ -22,7 +22,7 @@ spec:
   - apiVersion: tekton.dev/v1beta1
     kind: PipelineRun
     metadata:
-      generateName: deploy-project-
+      generateName: deploy-$(params.projectname)-
     spec:
       pipelineRef:
         name: deploy-project

tekton/triggertemplates/pr.yaml

@@ -21,7 +21,7 @@ spec:
     - apiVersion: tekton.dev/v1beta1
       kind: PipelineRun
       metadata:
-        generateName: pr-project-
+        generateName: pr-$(params.projectname)-
       spec:
         pipelineRef:
           name: pr-project

tekton/triggertemplates/tag.yaml

@@ -22,7 +22,7 @@ spec:
   - apiVersion: tekton.dev/v1beta1
     kind: PipelineRun
     metadata:
-      generateName: project-tag-
+      generateName: tag-$(params.projectname)-
     spec:
       pipelineRef:
         name: project-tag

terraform/kubernetes-cluster.tf

@@ -19,9 +19,13 @@ resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" {
   node_type   = "DEV1-M"
   size        = 1
   min_size    = 1
-  max_size    = 2
+  max_size    = 3
   autoscaling = true
   autohealing = true
+
+  lifecycle {
+    ignore_changes = [size]
+  }
 }
 
 output "api_server" {