Compare commits

..

No commits in common. "42878c6d7d2c33caf64f3bb1087ed82ef452f826" and "5da3b51817dcd68c4f57d9e1d826267d25a8ed4e" have entirely different histories.

13 changed files with 5893 additions and 290 deletions

View File

@ -1,63 +0,0 @@
.DEFAULT_GOAL := default
.PHONY: test # Run all tests, linting and format checks
test: lint check-format run-tests
.PHONY: lint # Perform lint checks against code
lint:
@echo "⚠️ 'lint' unimplemented"
.PHONY: check-format # Checks code formatting and returns a non-zero exit code if formatting errors found
check-format:
@cd terraform && terraform fmt -check
.PHONY: format # Performs automatic format fixes on all code
format:
@cd terraform && terraform fmt
.PHONY: run-tests # Runs all tests
run-tests:
@echo "⚠️ 'run-tests' unimplemented"
.PHONY: fetch-deps # Fetch all project dependencies
fetch-deps:
@cd terraform && terraform init
.PHONY: build # Build the project
build: lint check-format fetch-deps
@echo "⚠️ 'build' unimplemented"
.PHONY: docker-build # Build the docker image
docker-build:
@echo "⚠️ 'docker-build' unimplemented"
.PHONY: docker-publish # Push the docker image to the remote registry
docker-publish:
@echo "⚠️ 'docker-publish' unimplemented"
.PHONY: run # Run the application
run:
@echo "⚠️ 'run' unimplemented"
.PHONY: ci # Perform CI specific tasks to perform on a pull request
ci:
@cd terraform
@PLAN=$(terraform plan)
@curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{"body": "<details><summary>Terraform Plan:</summary>'$PLAN'</details>"}'
.PHONY: release # Release the latest version of the application
release:
@cd terraform && terraform apply -auto-approve
.PHONY: help # Show this list of commands
help:
@echo "${REPO_NAME}"
@echo "Usage: make [target]"
@echo ""
@echo "target description" | expand -t20
@echo "-----------------------------------"
@grep '^.PHONY: .* #' Makefile | sed 's/\.PHONY: \(.*\) # \(.*\)/\1 \2/' | expand -t20
default: test build

View File

@ -1,109 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cctv
---
apiVersion: v1
kind: Secret
metadata:
name: cctv-auth
namespace: cctv
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cctv-auth
namespace: cctv
labels:
app: cctv-auth
spec:
replicas: 1
selector:
matchLabels:
app: cctv-auth
template:
metadata:
labels:
app: cctv-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://cctv.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: cctv-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: cctv-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: cctv-auth
namespace: cctv
labels:
app: cctv-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: cctv-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cctv-auth
namespace: cctv
labels:
app: cctv-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- cctv.cluster.fun
secretName: cctv-ingress
rules:
- host: cctv.cluster.fun
http:
paths:
- path: /
backend:
serviceName: cctv-auth
servicePort: 80

File diff suppressed because it is too large Load Diff

View File

@ -4,9 +4,7 @@ metadata:
name: cert-manager name: cert-manager
labels: labels:
certmanager.k8s.io/disable-validation: "true" certmanager.k8s.io/disable-validation: "true"
--- ---
apiVersion: helm.fluxcd.io/v1 apiVersion: helm.fluxcd.io/v1
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@ -16,10 +14,9 @@ spec:
chart: chart:
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
name: cert-manager name: cert-manager
version: v0.15.0 version: v0.14.3
maxHistory: 5 maxHistory: 4
values: values:
installCRDs: "true"
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

View File

@ -1,79 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: inlets
---
apiVersion: v1
kind: Secret
metadata:
name: inlets
namespace: inlets
annotations:
kube-1password: podju6t2s2osc3vbkimyce25ti
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: inlets
namespace: inlets
labels:
app: inlets
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
targetPort: 8000
selector:
app: inlets
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: inlets
namespace: inlets
labels:
app: inlets
spec:
replicas: 1
selector:
matchLabels:
app: inlets
template:
metadata:
labels:
app: inlets
spec:
containers:
- name: inlets
image: inlets/inlets:2.7.0
imagePullPolicy: Always
command: ["inlets"]
args:
- "server"
- "--token-from=/var/inlets/token"
volumeMounts:
- name: inlets-token-volume
mountPath: /var/inlets/
volumes:
- name: inlets-token-volume
secret:
secretName: inlets
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: inlets
namespace: inlets
spec:
rules:
- host: inlets.cluster.fun
http:
paths:
- path: /
backend:
serviceName: inlets
servicePort: 80

View File

@ -17,5 +17,3 @@ spec:
value: $(body.repository.name) value: $(body.repository.name)
- name: isprivate - name: isprivate
value: $(body.repository.private) value: $(body.repository.private)
- name: prid
value: $(body.number)

View File

@ -69,10 +69,6 @@ spec:
params: params:
- name: TARGET - name: TARGET
value: "ci" value: "ci"
- name: REPO
value: $(params.projectname)
- name: PR_ID
value: $(params.prid)
resources: resources:
inputs: inputs:
- name: src - name: src

View File

@ -17,13 +17,3 @@ spec:
image: docker.cluster.fun/averagemarcus/ci-builder:latest image: docker.cluster.fun/averagemarcus/ci-builder:latest
script: | script: |
make --dry-run -t $(params.TARGET) &> /dev/null && make $(params.TARGET) || echo "No '$(params.TARGET)' target found, skipping" make --dry-run -t $(params.TARGET) &> /dev/null && make $(params.TARGET) || echo "No '$(params.TARGET)' target found, skipping"
env:
- name: REPO
value: $(params.REPO)
- name: PR_ID
value: $(params.PR_ID)
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: gitea-access-token
key: access-token

View File

@ -15,8 +15,6 @@ spec:
description: The ref of the PR description: The ref of the PR
- name: projectname - name: projectname
description: The name of the git project description: The name of the git project
- name: prid
description: The number of the PR
resourcetemplates: resourcetemplates:
- apiVersion: tekton.dev/v1beta1 - apiVersion: tekton.dev/v1beta1
kind: PipelineRun kind: PipelineRun
@ -33,8 +31,6 @@ spec:
value: $(params.gitrevision) value: $(params.gitrevision)
- name: projectname - name: projectname
value: $(params.projectname) value: $(params.projectname)
- name: prid
value: $(params.prid)
resources: resources:
- name: git-source - name: git-source
resourceSpec: resourceSpec:

View File

@ -1,8 +1,8 @@
provider "helm" { provider "helm" {
kubernetes { kubernetes {
load_config_file = false load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode( cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
) )

View File

@ -14,12 +14,12 @@ resource "scaleway_k8s_cluster_beta" "k8s-cluster" {
resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" { resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" {
cluster_id = scaleway_k8s_cluster_beta.k8s-cluster.id cluster_id = scaleway_k8s_cluster_beta.k8s-cluster.id
name = "node pool 1" name = "node pool 1"
node_type = "DEV1-M" node_type = "DEV1-M"
size = 1 size = 1
min_size = 1 min_size = 1
max_size = 2 max_size = 2
autoscaling = true autoscaling = true
autohealing = true autohealing = true
} }

View File

@ -8,24 +8,24 @@ provider "kubectl" {
} }
resource "kubectl_manifest" "manifests" { resource "kubectl_manifest" "manifests" {
for_each = fileset(path.module, "../manifests/*") for_each = fileset(path.module, "../manifests/*")
yaml_body = file(each.key) yaml_body = file(each.key)
} }
resource "kubectl_manifest" "tekton-install" { resource "kubectl_manifest" "tekton-install" {
for_each = fileset(path.module, "../tekton/1-Install/*") for_each = fileset(path.module, "../tekton/1-Install/*")
yaml_body = file(each.key) yaml_body = file(each.key)
} }
resource "kubectl_manifest" "tekton-setup" { resource "kubectl_manifest" "tekton-setup" {
for_each = fileset(path.module, "../tekton/2-Setup/*") for_each = fileset(path.module, "../tekton/2-Setup/*")
yaml_body = file(each.key) yaml_body = file(each.key)
} }
resource "kubectl_manifest" "tekton" { resource "kubectl_manifest" "tekton" {
for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*") for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
yaml_body = file(each.key) yaml_body = file(each.key)
} }

View File

@ -1,5 +1,5 @@
provider "scaleway" { provider "scaleway" {
zone = "fr-par-1" zone = "fr-par-1"
region = "fr-par" region = "fr-par"
organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc" organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc"
} }