Compare commits
No commits in common. "42878c6d7d2c33caf64f3bb1087ed82ef452f826" and "5da3b51817dcd68c4f57d9e1d826267d25a8ed4e" have entirely different histories.
42878c6d7d
...
5da3b51817
63
Makefile
63
Makefile
@ -1,63 +0,0 @@
|
|||||||
.DEFAULT_GOAL := default
|
|
||||||
|
|
||||||
.PHONY: test # Run all tests, linting and format checks
|
|
||||||
test: lint check-format run-tests
|
|
||||||
|
|
||||||
.PHONY: lint # Perform lint checks against code
|
|
||||||
lint:
|
|
||||||
@echo "⚠️ 'lint' unimplemented"
|
|
||||||
|
|
||||||
.PHONY: check-format # Checks code formatting and returns a non-zero exit code if formatting errors found
|
|
||||||
check-format:
|
|
||||||
@cd terraform && terraform fmt -check
|
|
||||||
|
|
||||||
.PHONY: format # Performs automatic format fixes on all code
|
|
||||||
format:
|
|
||||||
@cd terraform && terraform fmt
|
|
||||||
|
|
||||||
.PHONY: run-tests # Runs all tests
|
|
||||||
run-tests:
|
|
||||||
@echo "⚠️ 'run-tests' unimplemented"
|
|
||||||
|
|
||||||
.PHONY: fetch-deps # Fetch all project dependencies
|
|
||||||
fetch-deps:
|
|
||||||
@cd terraform && terraform init
|
|
||||||
|
|
||||||
.PHONY: build # Build the project
|
|
||||||
build: lint check-format fetch-deps
|
|
||||||
@echo "⚠️ 'build' unimplemented"
|
|
||||||
|
|
||||||
.PHONY: docker-build # Build the docker image
|
|
||||||
docker-build:
|
|
||||||
@echo "⚠️ 'docker-build' unimplemented"
|
|
||||||
|
|
||||||
.PHONY: docker-publish # Push the docker image to the remote registry
|
|
||||||
docker-publish:
|
|
||||||
@echo "⚠️ 'docker-publish' unimplemented"
|
|
||||||
|
|
||||||
.PHONY: run # Run the application
|
|
||||||
run:
|
|
||||||
@echo "⚠️ 'run' unimplemented"
|
|
||||||
|
|
||||||
.PHONY: ci # Perform CI specific tasks to perform on a pull request
|
|
||||||
ci:
|
|
||||||
@cd terraform
|
|
||||||
@PLAN=$(terraform plan)
|
|
||||||
@curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \
|
|
||||||
-H 'Content-Type: application/json; charset=utf-8' \
|
|
||||||
-d $'{"body": "<details><summary>Terraform Plan:</summary>'$PLAN'</details>"}'
|
|
||||||
|
|
||||||
.PHONY: release # Release the latest version of the application
|
|
||||||
release:
|
|
||||||
@cd terraform && terraform apply -auto-approve
|
|
||||||
|
|
||||||
.PHONY: help # Show this list of commands
|
|
||||||
help:
|
|
||||||
@echo "${REPO_NAME}"
|
|
||||||
@echo "Usage: make [target]"
|
|
||||||
@echo ""
|
|
||||||
@echo "target description" | expand -t20
|
|
||||||
@echo "-----------------------------------"
|
|
||||||
@grep '^.PHONY: .* #' Makefile | sed 's/\.PHONY: \(.*\) # \(.*\)/\1 \2/' | expand -t20
|
|
||||||
|
|
||||||
default: test build
|
|
@ -1,109 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: cctv
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: cctv-auth
|
|
||||||
namespace: cctv
|
|
||||||
annotations:
|
|
||||||
kube-1password: mr6spkkx7n3memkbute6ojaarm
|
|
||||||
kube-1password/vault: Kubernetes
|
|
||||||
type: Opaque
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: cctv-auth
|
|
||||||
namespace: cctv
|
|
||||||
labels:
|
|
||||||
app: cctv-auth
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: cctv-auth
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: cctv-auth
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --cookie-secure=false
|
|
||||||
- --provider=oidc
|
|
||||||
- --provider-display-name=Auth0
|
|
||||||
- --upstream=http://inlets.inlets.svc.cluster.local
|
|
||||||
- --http-address=$(HOST_IP):8080
|
|
||||||
- --redirect-url=https://cctv.cluster.fun/oauth2/callback
|
|
||||||
- --email-domain=*
|
|
||||||
- --pass-basic-auth=false
|
|
||||||
- --pass-access-token=false
|
|
||||||
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
|
|
||||||
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
|
|
||||||
env:
|
|
||||||
- name: HOST_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: status.podIP
|
|
||||||
- name: OAUTH2_PROXY_CLIENT_ID
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
key: username
|
|
||||||
name: cctv-auth
|
|
||||||
- name: OAUTH2_PROXY_CLIENT_SECRET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
key: password
|
|
||||||
name: cctv-auth
|
|
||||||
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
|
|
||||||
name: oauth-proxy
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
protocol: TCP
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: cctv-auth
|
|
||||||
namespace: cctv
|
|
||||||
labels:
|
|
||||||
app: cctv-auth
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
port: 80
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: 8080
|
|
||||||
selector:
|
|
||||||
app: cctv-auth
|
|
||||||
type: ClusterIP
|
|
||||||
---
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: cctv-auth
|
|
||||||
namespace: cctv
|
|
||||||
labels:
|
|
||||||
app: cctv-auth
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt
|
|
||||||
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
|
|
||||||
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
|
||||||
traefik.ingress.kubernetes.io/redirect-permanent: "true"
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- cctv.cluster.fun
|
|
||||||
secretName: cctv-ingress
|
|
||||||
rules:
|
|
||||||
- host: cctv.cluster.fun
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: cctv-auth
|
|
||||||
servicePort: 80
|
|
5877
manifests/certmanager_1crd.yaml
Normal file
5877
manifests/certmanager_1crd.yaml
Normal file
File diff suppressed because it is too large
Load Diff
@ -4,9 +4,7 @@ metadata:
|
|||||||
name: cert-manager
|
name: cert-manager
|
||||||
labels:
|
labels:
|
||||||
certmanager.k8s.io/disable-validation: "true"
|
certmanager.k8s.io/disable-validation: "true"
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
apiVersion: helm.fluxcd.io/v1
|
apiVersion: helm.fluxcd.io/v1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
@ -16,10 +14,9 @@ spec:
|
|||||||
chart:
|
chart:
|
||||||
repository: https://charts.jetstack.io
|
repository: https://charts.jetstack.io
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
version: v0.15.0
|
version: v0.14.3
|
||||||
maxHistory: 5
|
maxHistory: 4
|
||||||
values:
|
values:
|
||||||
installCRDs: "true"
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: 10m
|
@ -1,79 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: inlets
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: inlets
|
|
||||||
namespace: inlets
|
|
||||||
annotations:
|
|
||||||
kube-1password: podju6t2s2osc3vbkimyce25ti
|
|
||||||
kube-1password/vault: Kubernetes
|
|
||||||
kube-1password/password-key: token
|
|
||||||
type: Opaque
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: inlets
|
|
||||||
namespace: inlets
|
|
||||||
labels:
|
|
||||||
app: inlets
|
|
||||||
spec:
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- port: 80
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: 8000
|
|
||||||
selector:
|
|
||||||
app: inlets
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: inlets
|
|
||||||
namespace: inlets
|
|
||||||
labels:
|
|
||||||
app: inlets
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: inlets
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: inlets
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: inlets
|
|
||||||
image: inlets/inlets:2.7.0
|
|
||||||
imagePullPolicy: Always
|
|
||||||
command: ["inlets"]
|
|
||||||
args:
|
|
||||||
- "server"
|
|
||||||
- "--token-from=/var/inlets/token"
|
|
||||||
volumeMounts:
|
|
||||||
- name: inlets-token-volume
|
|
||||||
mountPath: /var/inlets/
|
|
||||||
volumes:
|
|
||||||
- name: inlets-token-volume
|
|
||||||
secret:
|
|
||||||
secretName: inlets
|
|
||||||
---
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: inlets
|
|
||||||
namespace: inlets
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: inlets.cluster.fun
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: inlets
|
|
||||||
servicePort: 80
|
|
@ -17,5 +17,3 @@ spec:
|
|||||||
value: $(body.repository.name)
|
value: $(body.repository.name)
|
||||||
- name: isprivate
|
- name: isprivate
|
||||||
value: $(body.repository.private)
|
value: $(body.repository.private)
|
||||||
- name: prid
|
|
||||||
value: $(body.number)
|
|
||||||
|
@ -69,10 +69,6 @@ spec:
|
|||||||
params:
|
params:
|
||||||
- name: TARGET
|
- name: TARGET
|
||||||
value: "ci"
|
value: "ci"
|
||||||
- name: REPO
|
|
||||||
value: $(params.projectname)
|
|
||||||
- name: PR_ID
|
|
||||||
value: $(params.prid)
|
|
||||||
resources:
|
resources:
|
||||||
inputs:
|
inputs:
|
||||||
- name: src
|
- name: src
|
||||||
|
@ -17,13 +17,3 @@ spec:
|
|||||||
image: docker.cluster.fun/averagemarcus/ci-builder:latest
|
image: docker.cluster.fun/averagemarcus/ci-builder:latest
|
||||||
script: |
|
script: |
|
||||||
make --dry-run -t $(params.TARGET) &> /dev/null && make $(params.TARGET) || echo "No '$(params.TARGET)' target found, skipping"
|
make --dry-run -t $(params.TARGET) &> /dev/null && make $(params.TARGET) || echo "No '$(params.TARGET)' target found, skipping"
|
||||||
env:
|
|
||||||
- name: REPO
|
|
||||||
value: $(params.REPO)
|
|
||||||
- name: PR_ID
|
|
||||||
value: $(params.PR_ID)
|
|
||||||
- name: ACCESS_TOKEN
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: gitea-access-token
|
|
||||||
key: access-token
|
|
||||||
|
@ -15,8 +15,6 @@ spec:
|
|||||||
description: The ref of the PR
|
description: The ref of the PR
|
||||||
- name: projectname
|
- name: projectname
|
||||||
description: The name of the git project
|
description: The name of the git project
|
||||||
- name: prid
|
|
||||||
description: The number of the PR
|
|
||||||
resourcetemplates:
|
resourcetemplates:
|
||||||
- apiVersion: tekton.dev/v1beta1
|
- apiVersion: tekton.dev/v1beta1
|
||||||
kind: PipelineRun
|
kind: PipelineRun
|
||||||
@ -33,8 +31,6 @@ spec:
|
|||||||
value: $(params.gitrevision)
|
value: $(params.gitrevision)
|
||||||
- name: projectname
|
- name: projectname
|
||||||
value: $(params.projectname)
|
value: $(params.projectname)
|
||||||
- name: prid
|
|
||||||
value: $(params.prid)
|
|
||||||
resources:
|
resources:
|
||||||
- name: git-source
|
- name: git-source
|
||||||
resourceSpec:
|
resourceSpec:
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
provider "helm" {
|
provider "helm" {
|
||||||
kubernetes {
|
kubernetes {
|
||||||
load_config_file = false
|
load_config_file = false
|
||||||
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
|
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
|
||||||
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
|
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
|
||||||
cluster_ca_certificate = base64decode(
|
cluster_ca_certificate = base64decode(
|
||||||
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
|
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
|
||||||
)
|
)
|
||||||
|
@ -14,12 +14,12 @@ resource "scaleway_k8s_cluster_beta" "k8s-cluster" {
|
|||||||
|
|
||||||
|
|
||||||
resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" {
|
resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" {
|
||||||
cluster_id = scaleway_k8s_cluster_beta.k8s-cluster.id
|
cluster_id = scaleway_k8s_cluster_beta.k8s-cluster.id
|
||||||
name = "node pool 1"
|
name = "node pool 1"
|
||||||
node_type = "DEV1-M"
|
node_type = "DEV1-M"
|
||||||
size = 1
|
size = 1
|
||||||
min_size = 1
|
min_size = 1
|
||||||
max_size = 2
|
max_size = 2
|
||||||
autoscaling = true
|
autoscaling = true
|
||||||
autohealing = true
|
autohealing = true
|
||||||
}
|
}
|
||||||
|
@ -8,24 +8,24 @@ provider "kubectl" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "kubectl_manifest" "manifests" {
|
resource "kubectl_manifest" "manifests" {
|
||||||
for_each = fileset(path.module, "../manifests/*")
|
for_each = fileset(path.module, "../manifests/*")
|
||||||
yaml_body = file(each.key)
|
yaml_body = file(each.key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "kubectl_manifest" "tekton-install" {
|
resource "kubectl_manifest" "tekton-install" {
|
||||||
for_each = fileset(path.module, "../tekton/1-Install/*")
|
for_each = fileset(path.module, "../tekton/1-Install/*")
|
||||||
yaml_body = file(each.key)
|
yaml_body = file(each.key)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubectl_manifest" "tekton-setup" {
|
resource "kubectl_manifest" "tekton-setup" {
|
||||||
for_each = fileset(path.module, "../tekton/2-Setup/*")
|
for_each = fileset(path.module, "../tekton/2-Setup/*")
|
||||||
yaml_body = file(each.key)
|
yaml_body = file(each.key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "kubectl_manifest" "tekton" {
|
resource "kubectl_manifest" "tekton" {
|
||||||
for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
|
for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
|
||||||
yaml_body = file(each.key)
|
yaml_body = file(each.key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
provider "scaleway" {
|
provider "scaleway" {
|
||||||
zone = "fr-par-1"
|
zone = "fr-par-1"
|
||||||
region = "fr-par"
|
region = "fr-par"
|
||||||
organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc"
|
organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user