set secretgenerator

This commit is contained in:
Matthieu Lamalle 2024-03-28 16:57:24 +01:00
parent 6ab3e4c579
commit 13fb2a6ab8
12 changed files with 50 additions and 86 deletions

9
.gitignore vendored
View File

@ -1,4 +1,5 @@
kustomization/base/tekton/secret/git-secret.yaml
kustomization/base/tekton/secret/ssh-secret.yaml
kustomization/base/tekton/secret/dockerconfig/config.json
kustomization/base/tekton/secret/gitea-access-token.yaml
kustomization/base/tekton/secret/gitea/access_token
kustomization/base/tekton/secret/gitea/basicauth
kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson
kustomization/base/tekton/secret/ssh/id_ed25519
kustomization/base/tekton/secret/ssh/known_hosts

View File

@ -11,12 +11,11 @@ help:
.PHONY: deploy
create-cluster: ## Créer un cluster kubernetes avec Kind
kind create cluster --name tekton --config kind/kind-tekton.yaml
make setup-cluster
@echo "SubNet Docker :" $(SUBNET)
@echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé"
.PHONY: setup-cluster
setup-cluster:
setup-cluster: create cluster
kubectl apply -k kind/cluster --server-side
kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller
kubectl --namespace metallb-system rollout status --timeout 5m deployment controller
@ -27,15 +26,8 @@ setup-cluster:
@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
kubectl apply -k kind/cluster/lb --server-side
docker-secret:
docker login reg.cadoles.com
mkdir -p kustomization/base/tekton/secret/dockerconfig
docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com
kubectl create secret generic regcred --from-file=config.json=kustomization/base/tekton/secret/dockerconfig/config.json -n tekton
kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}'
deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
skaffold dev --cleanup=false
delete-cluster: ## Supprime le cluster kubernetes Kind
kind delete clusters tekton

View File

@ -8,7 +8,6 @@ CI du projet MSE
```
make create-cluster
skaffold dev --cleanup=false
```
Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les CRDs :
@ -17,11 +16,20 @@ Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les
kubectl apply -k kind/cluster --server-side
```
Il se peut qu'il y ait besoin de relancer la commande s'il n'arrive pas a charger `TektonConfig` correctement
Puis
```
make deploy-dev
```
#### Préparer les secrets
Créer les fichiers en renseignant et en copiant les fichiers `.dist` correspondants:
- `kustomization/base/tekton/secret/git-secret.yaml`
- `kustomization/base/tekton/secret/ssh-secret.yaml`
- `kustomization/base/tekton/secret/gitea-access-token.yaml`
- `kustomization/base/tekton/secret/gitea/access_token`
- `kustomization/base/tekton/secret/gitea/basicauth`
- `kustomization/base/tekton/secret/ssh/id_ed25519`
- `kustomization/base/tekton/secret/ssh/known_hosts`
Générer le secret docker
```

View File

@ -3,9 +3,6 @@ kind: Kustomization
namespace: tekton
resources:
- namespace/namespace.yaml
- secret/git-secret.yaml
- secret/ssh-secret.yaml
- secret/gitea-access-token.yaml
- serviceaccount/service-account.yaml
- serviceaccount/rbac.yaml
- configmap/configmap-phpcsfixer.yaml
@ -40,9 +37,32 @@ resources:
# Events
- event/mseproject.yaml
# - event/msebuild.yaml
# - event/imagebuild.yaml
# - event/symfonycheck.yaml
# Ingress
# - ingress/dashboard.yaml
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: regcred
type: kubernetes.io/dockerconfigjson
files:
- secret/dockerconfig/.dockerconfigjson
- name: basic-auth
type: kubernetes.io/basic-auth
options:
annotations:
tekton.dev/git-0: https://forge.cadoles.com
envs:
- secret/gitea/basicauth
- name: gitea-access-token
files:
- secret/gitea/access_token
- name: git-credentials
files:
- secret/ssh/id_ed25519
- secret/ssh/known_hosts

View File

@ -1,39 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: msebuild-run-
namespace: tekton
spec:
serviceAccountName: build-bot
pipelineRef:
name: msebuild
podTemplate:
securityContext:
fsGroup: 65532
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: config
configmap:
name: config-php-cs-fixer
- name: docker-credentials
secret:
secretName: regcred
params:
- name: image
value: reg.cadoles.com/mlamalle/testtekton
- name: tag
value: test
- name: dockerfile
value: ./misc/k8s/images/job-base/Dockerfile
- name: url
value: https://forge.cadoles.com/CNOUS/mse.git
- name: revision
value: sprint-6

View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
annotations:
tekton.dev/git-0: https://forge.cadoles.com
name: basic-auth
type: kubernetes.io/basic-auth
stringData:
username: <login>
password: <password>

View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-access-token
data:
access_token: <base64 gitea access token>

View File

@ -0,0 +1 @@
TOKEN_HERE

View File

@ -0,0 +1,2 @@
username=<login>
password=<password>

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: git-credentials
data:
id_ed25519: <base64 ssh private key>
known_hosts: <base64 known_host>

View File

@ -0,0 +1 @@
YOUR_PRIVATE_KEY_HERE

View File

@ -0,0 +1 @@
KNOWN_HOST_HERE