set secretgenerator
This commit is contained in:
parent
6ab3e4c579
commit
13fb2a6ab8
9
.gitignore
vendored
9
.gitignore
vendored
@ -1,4 +1,5 @@
|
||||
kustomization/base/tekton/secret/git-secret.yaml
|
||||
kustomization/base/tekton/secret/ssh-secret.yaml
|
||||
kustomization/base/tekton/secret/dockerconfig/config.json
|
||||
kustomization/base/tekton/secret/gitea-access-token.yaml
|
||||
kustomization/base/tekton/secret/gitea/access_token
|
||||
kustomization/base/tekton/secret/gitea/basicauth
|
||||
kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson
|
||||
kustomization/base/tekton/secret/ssh/id_ed25519
|
||||
kustomization/base/tekton/secret/ssh/known_hosts
|
||||
|
12
Makefile
12
Makefile
@ -11,12 +11,11 @@ help:
|
||||
.PHONY: deploy
|
||||
create-cluster: ## Créer un cluster kubernetes avec Kind
|
||||
kind create cluster --name tekton --config kind/kind-tekton.yaml
|
||||
make setup-cluster
|
||||
@echo "SubNet Docker :" $(SUBNET)
|
||||
@echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé"
|
||||
|
||||
.PHONY: setup-cluster
|
||||
setup-cluster:
|
||||
setup-cluster: create cluster
|
||||
kubectl apply -k kind/cluster --server-side
|
||||
kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller
|
||||
kubectl --namespace metallb-system rollout status --timeout 5m deployment controller
|
||||
@ -27,15 +26,8 @@ setup-cluster:
|
||||
@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
|
||||
kubectl apply -k kind/cluster/lb --server-side
|
||||
|
||||
docker-secret:
|
||||
docker login reg.cadoles.com
|
||||
mkdir -p kustomization/base/tekton/secret/dockerconfig
|
||||
docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com
|
||||
kubectl create secret generic regcred --from-file=config.json=kustomization/base/tekton/secret/dockerconfig/config.json -n tekton
|
||||
kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}'
|
||||
|
||||
deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
|
||||
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
|
||||
skaffold dev --cleanup=false
|
||||
|
||||
delete-cluster: ## Supprime le cluster kubernetes Kind
|
||||
kind delete clusters tekton
|
||||
|
16
README.md
16
README.md
@ -8,7 +8,6 @@ CI du projet MSE
|
||||
|
||||
```
|
||||
make create-cluster
|
||||
skaffold dev --cleanup=false
|
||||
```
|
||||
|
||||
Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les CRDs :
|
||||
@ -17,11 +16,20 @@ Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les
|
||||
kubectl apply -k kind/cluster --server-side
|
||||
```
|
||||
|
||||
Il se peut qu'il y ait besoin de relancer la commande s'il n'arrive pas a charger `TektonConfig` correctement
|
||||
|
||||
Puis
|
||||
|
||||
```
|
||||
make deploy-dev
|
||||
```
|
||||
|
||||
#### Préparer les secrets
|
||||
Créer les fichiers en renseignant et en copiant les fichiers `.dist` correspondants:
|
||||
- `kustomization/base/tekton/secret/git-secret.yaml`
|
||||
- `kustomization/base/tekton/secret/ssh-secret.yaml`
|
||||
- `kustomization/base/tekton/secret/gitea-access-token.yaml`
|
||||
- `kustomization/base/tekton/secret/gitea/access_token`
|
||||
- `kustomization/base/tekton/secret/gitea/basicauth`
|
||||
- `kustomization/base/tekton/secret/ssh/id_ed25519`
|
||||
- `kustomization/base/tekton/secret/ssh/known_hosts`
|
||||
|
||||
Générer le secret docker
|
||||
```
|
||||
|
@ -3,9 +3,6 @@ kind: Kustomization
|
||||
namespace: tekton
|
||||
resources:
|
||||
- namespace/namespace.yaml
|
||||
- secret/git-secret.yaml
|
||||
- secret/ssh-secret.yaml
|
||||
- secret/gitea-access-token.yaml
|
||||
- serviceaccount/service-account.yaml
|
||||
- serviceaccount/rbac.yaml
|
||||
- configmap/configmap-phpcsfixer.yaml
|
||||
@ -40,9 +37,32 @@ resources:
|
||||
|
||||
# Events
|
||||
- event/mseproject.yaml
|
||||
# - event/msebuild.yaml
|
||||
# - event/imagebuild.yaml
|
||||
# - event/symfonycheck.yaml
|
||||
|
||||
|
||||
# Ingress
|
||||
# - ingress/dashboard.yaml
|
||||
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
secretGenerator:
|
||||
- name: regcred
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
files:
|
||||
- secret/dockerconfig/.dockerconfigjson
|
||||
|
||||
- name: basic-auth
|
||||
type: kubernetes.io/basic-auth
|
||||
options:
|
||||
annotations:
|
||||
tekton.dev/git-0: https://forge.cadoles.com
|
||||
envs:
|
||||
- secret/gitea/basicauth
|
||||
|
||||
- name: gitea-access-token
|
||||
files:
|
||||
- secret/gitea/access_token
|
||||
|
||||
- name: git-credentials
|
||||
files:
|
||||
- secret/ssh/id_ed25519
|
||||
- secret/ssh/known_hosts
|
||||
|
@ -1,39 +0,0 @@
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: PipelineRun
|
||||
metadata:
|
||||
generateName: msebuild-run-
|
||||
namespace: tekton
|
||||
spec:
|
||||
serviceAccountName: build-bot
|
||||
pipelineRef:
|
||||
name: msebuild
|
||||
podTemplate:
|
||||
securityContext:
|
||||
fsGroup: 65532
|
||||
workspaces:
|
||||
- name: shared-data
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
- name: config
|
||||
configmap:
|
||||
name: config-php-cs-fixer
|
||||
- name: docker-credentials
|
||||
secret:
|
||||
secretName: regcred
|
||||
params:
|
||||
- name: image
|
||||
value: reg.cadoles.com/mlamalle/testtekton
|
||||
- name: tag
|
||||
value: test
|
||||
- name: dockerfile
|
||||
value: ./misc/k8s/images/job-base/Dockerfile
|
||||
- name: url
|
||||
value: https://forge.cadoles.com/CNOUS/mse.git
|
||||
- name: revision
|
||||
value: sprint-6
|
||||
|
@ -1,10 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
tekton.dev/git-0: https://forge.cadoles.com
|
||||
name: basic-auth
|
||||
type: kubernetes.io/basic-auth
|
||||
stringData:
|
||||
username: <login>
|
||||
password: <password>
|
@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-access-token
|
||||
data:
|
||||
access_token: <base64 gitea access token>
|
1
kustomization/base/tekton/secret/gitea/access_token.dist
Normal file
1
kustomization/base/tekton/secret/gitea/access_token.dist
Normal file
@ -0,0 +1 @@
|
||||
TOKEN_HERE
|
2
kustomization/base/tekton/secret/gitea/basicauth.dist
Normal file
2
kustomization/base/tekton/secret/gitea/basicauth.dist
Normal file
@ -0,0 +1,2 @@
|
||||
username=<login>
|
||||
password=<password>
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: git-credentials
|
||||
data:
|
||||
id_ed25519: <base64 ssh private key>
|
||||
known_hosts: <base64 known_host>
|
1
kustomization/base/tekton/secret/ssh/id_ed25519.dist
Normal file
1
kustomization/base/tekton/secret/ssh/id_ed25519.dist
Normal file
@ -0,0 +1 @@
|
||||
YOUR_PRIVATE_KEY_HERE
|
1
kustomization/base/tekton/secret/ssh/known_hosts.dist
Normal file
1
kustomization/base/tekton/secret/ssh/known_hosts.dist
Normal file
@ -0,0 +1 @@
|
||||
KNOWN_HOST_HERE
|
Loading…
x
Reference in New Issue
Block a user