Compare commits
3 Commits
720bfb8b62
...
9c66dac0f9
Author | SHA1 | Date | |
---|---|---|---|
9c66dac0f9 | |||
7e4350201e | |||
a28d0d8364 |
100
manifests/rss.yaml
Normal file
100
manifests/rss.yaml
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: rss
|
||||||
|
---
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: rss
|
||||||
|
namespace: rss
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Gi
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: rss
|
||||||
|
namespace: rss
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
targetPort: 8080
|
||||||
|
name: web
|
||||||
|
selector:
|
||||||
|
app: rss
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: rss
|
||||||
|
namespace: rss
|
||||||
|
labels:
|
||||||
|
app: rss
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: rss
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: rss
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 1000
|
||||||
|
dnsConfig:
|
||||||
|
options:
|
||||||
|
- name: ndots
|
||||||
|
value: "2"
|
||||||
|
containers:
|
||||||
|
- name: web
|
||||||
|
image: mdswanson/stringer
|
||||||
|
env:
|
||||||
|
- name: SECRET_TOKEN
|
||||||
|
value: inward-popcorn-decamp-epsilon
|
||||||
|
- name: PORT
|
||||||
|
value: "8080"
|
||||||
|
- name: DATABASE_URL
|
||||||
|
value: sqlite3:/data/stringer.db
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: web
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /data
|
||||||
|
name: storage
|
||||||
|
volumes:
|
||||||
|
- name: storage
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: rss
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: rss
|
||||||
|
namespace: rss
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
|
||||||
|
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
||||||
|
traefik.ingress.kubernetes.io/redirect-permanent: "true"
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- rss.cluster.fun
|
||||||
|
secretName: rss-ingress
|
||||||
|
rules:
|
||||||
|
- host: rss.cluster.fun
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
backend:
|
||||||
|
serviceName: rss
|
||||||
|
servicePort: 80
|
||||||
|
|
||||||
|
---
|
132
manifests/website-to-remarkable.yaml
Normal file
132
manifests/website-to-remarkable.yaml
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: website-to-remarkable
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: website-to-remarkable-auth
|
||||||
|
namespace: website-to-remarkable
|
||||||
|
annotations:
|
||||||
|
kube-1password: mr6spkkx7n3memkbute6ojaarm
|
||||||
|
kube-1password/vault: Kubernetes
|
||||||
|
type: Opaque
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: website-to-remarkable
|
||||||
|
namespace: website-to-remarkable
|
||||||
|
annotations:
|
||||||
|
kube-1password: smp3qkv74qt72ttzkltyhiktja
|
||||||
|
kube-1password/vault: Kubernetes
|
||||||
|
type: Opaque
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: website-to-remarkable
|
||||||
|
namespace: website-to-remarkable
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
targetPort: 8080
|
||||||
|
name: web
|
||||||
|
selector:
|
||||||
|
app: website-to-remarkable
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: website-to-remarkable
|
||||||
|
namespace: website-to-remarkable
|
||||||
|
labels:
|
||||||
|
app: website-to-remarkable
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: website-to-remarkable
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: website-to-remarkable
|
||||||
|
spec:
|
||||||
|
dnsConfig:
|
||||||
|
options:
|
||||||
|
- name: ndots
|
||||||
|
value: "2"
|
||||||
|
containers:
|
||||||
|
- args:
|
||||||
|
- --cookie-secure=false
|
||||||
|
- --provider=oidc
|
||||||
|
- --provider-display-name=Auth0
|
||||||
|
- --upstream=http://localhost:8000
|
||||||
|
- --http-address=$(HOST_IP):8080
|
||||||
|
- --redirect-url=https://website-to-remarkable.cluster.fun/oauth2/callback
|
||||||
|
- --email-domain=*
|
||||||
|
- --pass-basic-auth=false
|
||||||
|
- --pass-access-token=false
|
||||||
|
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
|
||||||
|
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
|
||||||
|
env:
|
||||||
|
- name: HOST_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
apiVersion: v1
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: OAUTH2_PROXY_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: username
|
||||||
|
name: website-to-remarkable-auth
|
||||||
|
- name: OAUTH2_PROXY_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: password
|
||||||
|
name: website-to-remarkable-auth
|
||||||
|
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
|
||||||
|
name: oauth-proxy
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
protocol: TCP
|
||||||
|
- name: web
|
||||||
|
image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: REMARKABLE_TOKEN
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: website-to-remarkable
|
||||||
|
key: password
|
||||||
|
ports:
|
||||||
|
- containerPort: 8000
|
||||||
|
name: web
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: website-to-remarkable
|
||||||
|
namespace: website-to-remarkable
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
|
||||||
|
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
||||||
|
traefik.ingress.kubernetes.io/redirect-permanent: "true"
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- website-to-remarkable.cluster.fun
|
||||||
|
secretName: website-to-remarkable-ingress
|
||||||
|
rules:
|
||||||
|
- host: website-to-remarkable.cluster.fun
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
backend:
|
||||||
|
serviceName: website-to-remarkable
|
||||||
|
servicePort: 80
|
||||||
|
|
||||||
|
---
|
10
tekton/2-Setup/kubeconfig-creds.yaml
Normal file
10
tekton/2-Setup/kubeconfig-creds.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: kubeconfig
|
||||||
|
namespace: tekton-pipelines
|
||||||
|
annotations:
|
||||||
|
kube-1password: ppvndbst3pdqpvfaavgy7mkluq
|
||||||
|
kube-1password/vault: Kubernetes
|
||||||
|
kube-1password/secret-text-key: config
|
||||||
|
type: Opaque
|
@ -65,12 +65,36 @@ spec:
|
|||||||
inputs:
|
inputs:
|
||||||
- name: src
|
- name: src
|
||||||
resource: git-source
|
resource: git-source
|
||||||
- name: make-release
|
- name: build-and-publish-sha-public
|
||||||
|
conditions:
|
||||||
|
- conditionRef: is-public-project
|
||||||
|
params:
|
||||||
|
- name: isprivate
|
||||||
|
value: $(params.isprivate)
|
||||||
taskRef:
|
taskRef:
|
||||||
name: make
|
name: docker-build-and-publish
|
||||||
params:
|
params:
|
||||||
- name: TARGET
|
- name: IMAGE
|
||||||
value: "release"
|
value: $(params.publicdockerregistry)/$(params.projectname):$(params.gitrevision)
|
||||||
|
resources:
|
||||||
|
inputs:
|
||||||
|
- name: src
|
||||||
|
resource: git-source
|
||||||
|
- name: make-release
|
||||||
|
taskRef:
|
||||||
|
name: make
|
||||||
|
runAfter:
|
||||||
|
- build-and-publish-sha
|
||||||
|
- build-and-publish-sha-public
|
||||||
|
params:
|
||||||
|
- name: TARGET
|
||||||
|
value: "release"
|
||||||
|
- name: REPO
|
||||||
|
value: $(params.projectname)
|
||||||
|
- name: PR_ID
|
||||||
|
value: ""
|
||||||
|
- name: SHA
|
||||||
|
value: $(params.gitrevision)
|
||||||
resources:
|
resources:
|
||||||
inputs:
|
inputs:
|
||||||
- name: src
|
- name: src
|
||||||
|
@ -41,6 +41,7 @@ spec:
|
|||||||
- --destination=$(params.IMAGE)
|
- --destination=$(params.IMAGE)
|
||||||
- --oci-layout-path=/workspace/src/image-digest
|
- --oci-layout-path=/workspace/src/image-digest
|
||||||
- --digest-file=/tekton/results/IMAGE_DIGEST
|
- --digest-file=/tekton/results/IMAGE_DIGEST
|
||||||
|
- --cache=true
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -7,6 +7,12 @@ spec:
|
|||||||
params:
|
params:
|
||||||
- name: TARGET
|
- name: TARGET
|
||||||
description: The make target to run
|
description: The make target to run
|
||||||
|
- name: REPO
|
||||||
|
description: The name of the repo
|
||||||
|
- name: PR_ID
|
||||||
|
description: The ID of the pull request
|
||||||
|
- name: SHA
|
||||||
|
description: The commit sha
|
||||||
resources:
|
resources:
|
||||||
inputs:
|
inputs:
|
||||||
- name: src
|
- name: src
|
||||||
@ -16,14 +22,27 @@ spec:
|
|||||||
workingDir: /workspace/src
|
workingDir: /workspace/src
|
||||||
image: docker.cluster.fun/averagemarcus/ci-builder:latest
|
image: docker.cluster.fun/averagemarcus/ci-builder:latest
|
||||||
script: |
|
script: |
|
||||||
make --dry-run -t $(params.TARGET) &> /dev/null && make $(params.TARGET) || echo "No '$(params.TARGET)' target found, skipping"
|
make --dry-run $(params.TARGET) &> /dev/null || (echo "No '$(params.TARGET)' target found, skipping" && exit 0)
|
||||||
|
make $(params.TARGET)
|
||||||
env:
|
env:
|
||||||
- name: REPO
|
- name: REPO
|
||||||
value: $(params.REPO)
|
value: $(params.REPO)
|
||||||
- name: PR_ID
|
- name: PR_ID
|
||||||
value: $(params.PR_ID)
|
value: $(params.PR_ID)
|
||||||
|
- name: SHA
|
||||||
|
value: $(params.SHA)
|
||||||
- name: ACCESS_TOKEN
|
- name: ACCESS_TOKEN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: gitea-access-token
|
name: gitea-access-token
|
||||||
key: access-token
|
key: access-token
|
||||||
|
- name: KUBECONFIG
|
||||||
|
value: /root/.kube/config
|
||||||
|
volumeMounts:
|
||||||
|
- name: kubeconfig
|
||||||
|
mountPath: /root/.kube/config
|
||||||
|
subPath: config
|
||||||
|
volumes:
|
||||||
|
- name: kubeconfig
|
||||||
|
secret:
|
||||||
|
secretName: kubeconfig
|
||||||
|
Loading…
Reference in New Issue
Block a user