Use project name in run name

Makefile

@@ -17,7 +17,7 @@ format:
 
 .PHONY: run-tests # Runs all tests
 run-tests:
-	@echo "⚠️ 'run-tests' unimplemented"
+	@cd terraform && terraform plan
 
 .PHONY: fetch-deps # Fetch all project dependencies
 fetch-deps:
@@ -41,11 +41,9 @@ run:
 
 .PHONY: ci # Perform CI specific tasks to perform on a pull request
 ci:
-	@cd terraform
-	@PLAN=$(terraform plan)
-	@curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \
+	@PLAN=$(cd terraform && terraform plan ./terraform) && curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \
 		-H 'Content-Type: application/json; charset=utf-8' \
-		-d $'{"body": "<details><summary>Terraform Plan:</summary>'$PLAN'</details>"}'
+		-d $'{"body": "<details><summary>Terraform Plan:</summary>'"$PLAN"'</details>"}'
 
 .PHONY: release # Release the latest version of the application
 release:
@@ -60,4 +58,4 @@ help:
 	@echo "-----------------------------------"
 	@grep '^.PHONY: .* #' Makefile | sed 's/\.PHONY: \(.*\) # \(.*\)/\1	\2/' | expand -t20
 
-default: test build
+default: test

manifests/blackhole.yaml

@@ -36,8 +36,11 @@ spec:
           name: web
         resources:
           limits:
-            memory: 20Mi
-            cpu: 10m
+            memory: 10Mi
+
+          requests:
+            memory: 10Mi
+
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/blog.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: blog
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Service
@@ -43,11 +41,9 @@ spec:
           name: web
         resources:
           limits:
-            cpu: 25m
-            memory: 250Mi
+            memory: 200Mi
           requests:
-            cpu: 25m
-            memory: 250Mi
+            memory: 200Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/buzzers.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: buzzers
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Service
@@ -43,10 +41,8 @@ spec:
           name: web
         resources:
           limits:
-            cpu: 25m
             memory: 283Mi
           requests:
-            cpu: 25m
             memory: 283Mi
 ---
 apiVersion: extensions/v1beta1

manifests/cctv.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: cctv
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Secret
@@ -68,11 +66,9 @@ spec:
           protocol: TCP
         resources:
           limits:
-            cpu: 25m
-            memory: 250Mi
+            memory: 50Mi
           requests:
-            cpu: 25m
-            memory: 250Mi
+            memory: 50Mi
 ---
 apiVersion: v1
 kind: Service

manifests/certmanager_chart.yaml

@@ -22,10 +22,10 @@ spec:
     installCRDs: "true"
     resources:
       requests:
-        cpu: 10m
+
         memory: 32Mi
       limits:
-        cpu: 20m
+
         memory: 64Mi
 
 ---

manifests/cors-proxy.yaml

@@ -23,7 +23,7 @@ metadata:
   name: cors-proxy
   namespace: cors-proxy
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: cors-proxy

manifests/dashboard.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: dashboard
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Secret
@@ -58,11 +56,9 @@ spec:
           name: web
         resources:
           limits:
-            cpu: 25m
-            memory: 250Mi
+            memory: 50Mi
           requests:
-            cpu: 25m
-            memory: 250Mi
+            memory: 50Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/downloads.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: downloads
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Secret
@@ -68,10 +66,8 @@ spec:
           protocol: TCP
         resources:
           limits:
-            cpu: 25m
             memory: 250Mi
           requests:
-            cpu: 25m
             memory: 250Mi
 ---
 apiVersion: v1

manifests/ghost_chart.yaml

@@ -1,76 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ghost
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
-
----
-
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: ghost
-  namespace: ghost
-spec:
-  chart:
-    repository: https://charts.bitnami.com/bitnami
-    name: ghost
-    version: 10.0.2
-  maxHistory: 4
-  values:
-    ghostHost: www.chloehiggins.co.uk
-    ghostUsername: chloe
-    ghostEmail: ghost@chloes.email
-    ghostBlogTitle: "Chloe's Website"
-    service:
-      type: ClusterIP
-    mariadb:
-      master:
-        persistence:
-          enabled: true
-          size: 1Gi
-    persistence:
-      enabled: true
-      size: 1Gi
-    resources:
-      limits:
-        cpu: 25m
-        memory: 250Mi
-      requests:
-        cpu: 25m
-        memory: 250Mi
-
----
-
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: ghost
-  namespace: ghost
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-spec:
-  tls:
-  - hosts:
-    - www.chloehiggins.co.uk
-    - chloehiggins.co.uk
-    secretName: ghost-ingress
-  rules:
-  - host: www.chloehiggins.co.uk
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: ghost-ghost
-          servicePort: 80
-  - host: chloehiggins.co.uk
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: ghost-ghost
-          servicePort: 80

manifests/gitea.yaml

@@ -80,7 +80,7 @@ spec:
         resources:
           requests:
             memory: 400Mi
-            cpu: 10m
+
         volumeMounts:
         - mountPath: /data
           name: git-data

manifests/goldilocks_chart.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: goldilocks
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
-
----
-
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: goldilocks
-  namespace: goldilocks
-spec:
-  chart:
-    repository: https://charts.fairwinds.com/stable
-    name: goldilocks
-    version: 2.3.1
-  maxHistory: 4
-  values:
-    installVPA: true

manifests/harbor_chart.yaml

@@ -37,25 +37,21 @@ spec:
       resources:
         requests:
           memory: 64Mi
-          cpu: 10m
     core:
       resources:
         requests:
           memory: 64Mi
-          cpu: 10m
     jobservice:
       resources:
         requests:
           memory: 64Mi
-          cpu: 10m
     registry:
       registry:
         resources:
           requests:
             memory: 64Mi
-            cpu: 10m
       controller:
         resources:
           requests:
             memory: 64Mi
-            cpu: 10m
+

manifests/kube-janitor.yaml

@@ -53,11 +53,11 @@ data:
   rules.yaml: |-
     rules:
       - id: tekton-tasks
-        # remove deployments and statefulsets without a label "application"
         resources:
           - pods
+          - pipelineruns
         jmespath: "(metadata.labels.\"tekton.dev/pipeline\")"
-        ttl: 1h
+        ttl: 3h
 
 ---
 
@@ -93,7 +93,6 @@ spec:
           limits:
             memory: 100Mi
           requests:
-            cpu: 5m
             memory: 100Mi
         securityContext:
           readOnlyRootFilesystem: true

manifests/linx-server.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: linx-server
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: ConfigMap

manifests/loki_chart.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: logging
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Secret

manifests/nextcloud_chart.yaml

@@ -58,4 +58,4 @@ spec:
     resources:
       requests:
         memory: 500Mi
-        cpu: 50m
+

manifests/nodered.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: node-red
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Secret

manifests/qr.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: qr
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Service
@@ -25,7 +23,7 @@ metadata:
   name: qr
   namespace: qr
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: qr
@@ -43,11 +41,9 @@ spec:
           name: web
         resources:
           limits:
-            cpu: 25m
-            memory: 250Mi
+            memory: 100Mi
           requests:
-            cpu: 25m
-            memory: 250Mi
+            memory: 100Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/rss.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: rss
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -69,10 +67,8 @@ spec:
           name: web
         resources:
           limits:
-            cpu: 25m
             memory: 308Mi
           requests:
-            cpu: 25m
             memory: 308Mi
         volumeMounts:
           - mountPath: /data

manifests/traefik-lb.yaml

@@ -14,3 +14,62 @@ spec:
       port: 443
       name: https
   type: LoadBalancer
+
+---
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: traefik-ingress-lb
+    k8s.scw.cloud/ingress: traefik
+    k8s.scw.cloud/object: DaemonSet
+    k8s.scw.cloud/system: ingress
+  name: ingress-traefik
+  namespace: kube-system
+spec:
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: traefik-ingress-lb
+  template:
+    metadata:
+      labels:
+        k8s-app: traefik-ingress-lb
+        name: ingress-traefik
+    spec:
+      containers:
+      - args:
+        - --api
+        - --kubernetes
+        - --logLevel=INFO
+        - --defaultentrypoints=http,https
+        - --entrypoints=Name:https Address::443 TLS
+        - --entrypoints=Name:http Address::80
+        - --accesslog
+        - --accesslog.format=json
+        image: docker.io/traefik:1.7
+        imagePullPolicy: IfNotPresent
+        name: ingress-traefik
+        ports:
+        - containerPort: 80
+          hostPort: 80
+          name: http
+          protocol: TCP
+        - containerPort: 443
+          hostPort: 443
+          name: https
+          protocol: TCP
+        - containerPort: 8080
+          name: admin
+          protocol: TCP
+        securityContext:
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - ALL
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      serviceAccount: ingress-traefik
+      serviceAccountName: ingress-traefik

manifests/twitter-profile-pic.yaml

@@ -2,8 +2,17 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: twitter-profile-pic
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: twitter-profile-pic
+  namespace: twitter-profile-pic
+  annotations:
+    kube-1password: d2rt56v47q2wij47qgj27umrky
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .env
+type: Opaque
 ---
 apiVersion: v1
 kind: Service
@@ -25,7 +34,7 @@ metadata:
   name: twitter-profile-pic
   namespace: twitter-profile-pic
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: twitter-profile-pic
@@ -43,11 +52,17 @@ spec:
           name: web
         resources:
           limits:
-            cpu: 25m
             memory: 250Mi
           requests:
-            cpu: 25m
             memory: 250Mi
+        volumeMounts:
+          - name: dotenv
+            mountPath: /app/.env
+            subPath: .env
+      volumes:
+      - name: dotenv
+        secret:
+          secretName: twitter-profile-pic
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/website-to-remarkable.yaml

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: website-to-remarkable
-  labels:
-    goldilocks.fairwinds.com/enabled: "true"
 ---
 apiVersion: v1
 kind: Secret
@@ -36,6 +34,9 @@ spec:
   - port: 80
     targetPort: 8080
     name: web
+  - port: 8000
+    targetPort: 8000
+    name: noauth
   selector:
     app: website-to-remarkable
 ---
@@ -96,10 +97,8 @@ spec:
           protocol: TCP
         resources:
           limits:
-            cpu: 12m
             memory: 125Mi
           requests:
-            cpu: 12m
             memory: 125Mi
       - name: web
         image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest
@@ -113,13 +112,6 @@ spec:
         ports:
         - containerPort: 8000
           name: web
-        resources:
-          limits:
-            cpu: 12m
-            memory: 125Mi
-          requests:
-            cpu: 12m
-            memory: 125Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

tekton/pipelines/pr.yaml

@@ -39,6 +39,12 @@ spec:
       params:
         - name: TARGET
           value: "test"
+        - name: REPO
+          value: $(params.projectname)
+        - name: PR_ID
+          value: $(params.prid)
+        - name: SHA
+          value: $(params.gitrevision)
       resources:
         inputs:
           - name: src
@@ -55,6 +61,12 @@ spec:
       params:
         - name: TARGET
           value: "build"
+        - name: REPO
+          value: $(params.projectname)
+        - name: PR_ID
+          value: $(params.prid)
+        - name: SHA
+          value: $(params.gitrevision)
       resources:
         inputs:
           - name: src
@@ -75,6 +87,8 @@ spec:
           value: $(params.projectname)
         - name: PR_ID
           value: $(params.prid)
+        - name: SHA
+          value: $(params.gitrevision)
       resources:
         inputs:
           - name: src

tekton/tasks/pr-status.yaml

@@ -14,7 +14,7 @@ spec:
     default: "pending"
   steps:
   - name: pr-status-update
-    image: docker.cluster.fun/averagemarcus/gitea-pr-state:latest
+    image: docker.cluster.fun/averagemarcus/gitea-pr-status:latest
     env:
     - name: ACCESS_TOKEN
       valueFrom:
@@ -22,6 +22,6 @@ spec:
           name: gitea-access-token
           key: access-token
     args:
-    - "$(params.REPO)"
+    - "AverageMarcus/$(params.REPO)"
     - "$(params.SHA)"
     - "$(params.STATE)"

tekton/triggertemplates/deploy.yaml

@@ -22,7 +22,7 @@ spec:
   - apiVersion: tekton.dev/v1beta1
     kind: PipelineRun
     metadata:
-      generateName: deploy-project-
+      generateName: deploy-$(params.projectname)-
     spec:
       pipelineRef:
         name: deploy-project

tekton/triggertemplates/pr.yaml

@@ -21,7 +21,7 @@ spec:
     - apiVersion: tekton.dev/v1beta1
       kind: PipelineRun
       metadata:
-        generateName: pr-project-
+        generateName: pr-$(params.projectname)-
       spec:
         pipelineRef:
           name: pr-project

tekton/triggertemplates/tag.yaml

@@ -22,7 +22,7 @@ spec:
   - apiVersion: tekton.dev/v1beta1
     kind: PipelineRun
     metadata:
-      generateName: project-tag-
+      generateName: tag-$(params.projectname)-
     spec:
       pipelineRef:
         name: project-tag

terraform/kubernetes-cluster.tf

@@ -19,7 +19,7 @@ resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" {
   node_type   = "DEV1-M"
   size        = 1
   min_size    = 1
-  max_size    = 2
+  max_size    = 3
   autoscaling = true
   autohealing = true