From 13fb2a6ab86ecbcc417d3e0e92957d4003d3fce6 Mon Sep 17 00:00:00 2001
From: Matthieu Lamalle <mlamalle@cadoles.com>
Date: Thu, 28 Mar 2024 16:57:24 +0100
Subject: [PATCH] set secretgenerator

---
 .gitignore                                    |  9 +++--
 Makefile                                      | 12 +-----
 README.md                                     | 16 ++++++--
 kustomization/base/tekton/kustomization.yaml  | 32 ++++++++++++---
 .../base/tekton/pipelinerun/pipelinerun.yaml  | 39 -------------------
 .../base/tekton/secret/git-secret.yaml.dist   | 10 -----
 .../secret/gitea-access-token.yaml.dist       |  6 ---
 .../tekton/secret/gitea/access_token.dist     |  1 +
 .../base/tekton/secret/gitea/basicauth.dist   |  2 +
 .../base/tekton/secret/ssh-secret.yaml.dist   |  7 ----
 .../base/tekton/secret/ssh/id_ed25519.dist    |  1 +
 .../base/tekton/secret/ssh/known_hosts.dist   |  1 +
 12 files changed, 50 insertions(+), 86 deletions(-)
 delete mode 100644 kustomization/base/tekton/pipelinerun/pipelinerun.yaml
 delete mode 100644 kustomization/base/tekton/secret/git-secret.yaml.dist
 delete mode 100644 kustomization/base/tekton/secret/gitea-access-token.yaml.dist
 create mode 100644 kustomization/base/tekton/secret/gitea/access_token.dist
 create mode 100644 kustomization/base/tekton/secret/gitea/basicauth.dist
 delete mode 100644 kustomization/base/tekton/secret/ssh-secret.yaml.dist
 create mode 100644 kustomization/base/tekton/secret/ssh/id_ed25519.dist
 create mode 100644 kustomization/base/tekton/secret/ssh/known_hosts.dist

diff --git a/.gitignore b/.gitignore
index 0b6e071..67be294 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
-kustomization/base/tekton/secret/git-secret.yaml
-kustomization/base/tekton/secret/ssh-secret.yaml
-kustomization/base/tekton/secret/dockerconfig/config.json
-kustomization/base/tekton/secret/gitea-access-token.yaml
+kustomization/base/tekton/secret/gitea/access_token
+kustomization/base/tekton/secret/gitea/basicauth
+kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson
+kustomization/base/tekton/secret/ssh/id_ed25519
+kustomization/base/tekton/secret/ssh/known_hosts
diff --git a/Makefile b/Makefile
index af2266f..76daf6c 100644
--- a/Makefile
+++ b/Makefile
@@ -11,12 +11,11 @@ help:
 .PHONY: deploy
 create-cluster: ## Créer un cluster kubernetes avec Kind
 	kind create cluster --name tekton --config kind/kind-tekton.yaml
-	make setup-cluster
 	@echo "SubNet Docker :" $(SUBNET)
 	@echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé"
 
 .PHONY: setup-cluster
-setup-cluster:
+setup-cluster: create cluster
 	kubectl apply -k kind/cluster --server-side
 	kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller
 	kubectl --namespace metallb-system rollout status --timeout 5m deployment controller
@@ -27,15 +26,8 @@ setup-cluster:
 	@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
 	kubectl apply -k kind/cluster/lb --server-side
 
-docker-secret:
-	docker login reg.cadoles.com
-	mkdir -p kustomization/base/tekton/secret/dockerconfig
-	docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com
-	kubectl create secret generic regcred --from-file=config.json=kustomization/base/tekton/secret/dockerconfig/config.json -n tekton
-	kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}'
-
 deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
-	skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
+	skaffold dev --cleanup=false
 
 delete-cluster: ## Supprime le cluster kubernetes Kind
 	kind delete clusters tekton
diff --git a/README.md b/README.md
index 65340ea..69cd3ad 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,6 @@ CI du projet MSE
 
 ```
 make create-cluster
-skaffold dev --cleanup=false
 ```
 
 Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les CRDs :
@@ -17,11 +16,20 @@ Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les
 kubectl apply -k kind/cluster --server-side
 ```
 
+Il se peut qu'il y ait besoin de relancer la commande s'il n'arrive pas a charger `TektonConfig` correctement
+
+Puis
+
+```
+make deploy-dev
+```
+
 #### Préparer les secrets
 Créer les fichiers en renseignant et en copiant les fichiers `.dist` correspondants:
- - `kustomization/base/tekton/secret/git-secret.yaml`
- - `kustomization/base/tekton/secret/ssh-secret.yaml`
- - `kustomization/base/tekton/secret/gitea-access-token.yaml`
+ - `kustomization/base/tekton/secret/gitea/access_token`
+ - `kustomization/base/tekton/secret/gitea/basicauth`
+ - `kustomization/base/tekton/secret/ssh/id_ed25519`
+ - `kustomization/base/tekton/secret/ssh/known_hosts`
 
 Générer le secret docker
 ```
diff --git a/kustomization/base/tekton/kustomization.yaml b/kustomization/base/tekton/kustomization.yaml
index a94d2e7..aa21ebf 100644
--- a/kustomization/base/tekton/kustomization.yaml
+++ b/kustomization/base/tekton/kustomization.yaml
@@ -3,9 +3,6 @@ kind: Kustomization
 namespace: tekton
 resources:
 - namespace/namespace.yaml
-- secret/git-secret.yaml
-- secret/ssh-secret.yaml
-- secret/gitea-access-token.yaml
 - serviceaccount/service-account.yaml
 - serviceaccount/rbac.yaml
 - configmap/configmap-phpcsfixer.yaml
@@ -40,9 +37,32 @@ resources:
 
 # Events
 - event/mseproject.yaml
-# - event/msebuild.yaml
-# - event/imagebuild.yaml
-# - event/symfonycheck.yaml
+
 
 # Ingress
 # - ingress/dashboard.yaml
+
+generatorOptions:
+ disableNameSuffixHash: true
+secretGenerator:
+- name: regcred
+  type: kubernetes.io/dockerconfigjson
+  files:
+  - secret/dockerconfig/.dockerconfigjson
+
+- name: basic-auth
+  type: kubernetes.io/basic-auth
+  options:
+    annotations:
+      tekton.dev/git-0: https://forge.cadoles.com
+  envs:
+  - secret/gitea/basicauth
+
+- name: gitea-access-token
+  files:
+  - secret/gitea/access_token
+
+- name: git-credentials
+  files:
+  - secret/ssh/id_ed25519
+  - secret/ssh/known_hosts
diff --git a/kustomization/base/tekton/pipelinerun/pipelinerun.yaml b/kustomization/base/tekton/pipelinerun/pipelinerun.yaml
deleted file mode 100644
index a0ffc71..0000000
--- a/kustomization/base/tekton/pipelinerun/pipelinerun.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: PipelineRun
-metadata:
-  generateName: msebuild-run-
-  namespace: tekton
-spec:
-  serviceAccountName: build-bot
-  pipelineRef:
-    name: msebuild
-  podTemplate:
-    securityContext:
-      fsGroup: 65532
-  workspaces:
-  - name: shared-data
-    volumeClaimTemplate:
-      spec:
-        accessModes:
-        - ReadWriteOnce
-        resources:
-          requests:
-            storage: 1Gi
-  - name: config
-    configmap:
-      name: config-php-cs-fixer
-  - name: docker-credentials
-    secret:
-      secretName: regcred
-  params:
-  - name: image
-    value: reg.cadoles.com/mlamalle/testtekton
-  - name: tag
-    value: test
-  - name: dockerfile
-    value: ./misc/k8s/images/job-base/Dockerfile
-  - name: url
-    value: https://forge.cadoles.com/CNOUS/mse.git
-  - name: revision
-    value: sprint-6
-
diff --git a/kustomization/base/tekton/secret/git-secret.yaml.dist b/kustomization/base/tekton/secret/git-secret.yaml.dist
deleted file mode 100644
index 7aba742..0000000
--- a/kustomization/base/tekton/secret/git-secret.yaml.dist
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations:
-    tekton.dev/git-0: https://forge.cadoles.com
-  name: basic-auth
-type: kubernetes.io/basic-auth
-stringData:
-  username: <login>
-  password: <password>
diff --git a/kustomization/base/tekton/secret/gitea-access-token.yaml.dist b/kustomization/base/tekton/secret/gitea-access-token.yaml.dist
deleted file mode 100644
index e8770b0..0000000
--- a/kustomization/base/tekton/secret/gitea-access-token.yaml.dist
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitea-access-token
-data:
-  access_token: <base64 gitea access token>
diff --git a/kustomization/base/tekton/secret/gitea/access_token.dist b/kustomization/base/tekton/secret/gitea/access_token.dist
new file mode 100644
index 0000000..f161982
--- /dev/null
+++ b/kustomization/base/tekton/secret/gitea/access_token.dist
@@ -0,0 +1 @@
+TOKEN_HERE
diff --git a/kustomization/base/tekton/secret/gitea/basicauth.dist b/kustomization/base/tekton/secret/gitea/basicauth.dist
new file mode 100644
index 0000000..6c285a8
--- /dev/null
+++ b/kustomization/base/tekton/secret/gitea/basicauth.dist
@@ -0,0 +1,2 @@
+username=<login>
+password=<password>
diff --git a/kustomization/base/tekton/secret/ssh-secret.yaml.dist b/kustomization/base/tekton/secret/ssh-secret.yaml.dist
deleted file mode 100644
index b9614a2..0000000
--- a/kustomization/base/tekton/secret/ssh-secret.yaml.dist
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: git-credentials
-data:
-  id_ed25519: <base64 ssh private key>
-  known_hosts: <base64 known_host>
diff --git a/kustomization/base/tekton/secret/ssh/id_ed25519.dist b/kustomization/base/tekton/secret/ssh/id_ed25519.dist
new file mode 100644
index 0000000..2fc5cd1
--- /dev/null
+++ b/kustomization/base/tekton/secret/ssh/id_ed25519.dist
@@ -0,0 +1 @@
+YOUR_PRIVATE_KEY_HERE
diff --git a/kustomization/base/tekton/secret/ssh/known_hosts.dist b/kustomization/base/tekton/secret/ssh/known_hosts.dist
new file mode 100644
index 0000000..cd55d3b
--- /dev/null
+++ b/kustomization/base/tekton/secret/ssh/known_hosts.dist
@@ -0,0 +1 @@
+KNOWN_HOST_HERE