set secretgenerator

.gitignore

@@ -1,4 +1,5 @@
-kustomization/base/tekton/secret/git-secret.yaml
+kustomization/base/tekton/secret/gitea/access_token
-kustomization/base/tekton/secret/ssh-secret.yaml
+kustomization/base/tekton/secret/gitea/basicauth
-kustomization/base/tekton/secret/dockerconfig/config.json
+kustomization/base/tekton/secret/dockerconfig/.dockerconfigjson
-kustomization/base/tekton/secret/gitea-access-token.yaml
+kustomization/base/tekton/secret/ssh/id_ed25519
+kustomization/base/tekton/secret/ssh/known_hosts

Makefile

@@ -11,12 +11,11 @@ help:
 .PHONY: deploy
 create-cluster: ## Créer un cluster kubernetes avec Kind
 	kind create cluster --name tekton --config kind/kind-tekton.yaml
-	make setup-cluster
 	@echo "SubNet Docker :" $(SUBNET)
 	@echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé"
 
 .PHONY: setup-cluster
-setup-cluster:
+setup-cluster: create cluster
 	kubectl apply -k kind/cluster --server-side
 	kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller
 	kubectl --namespace metallb-system rollout status --timeout 5m deployment controller
@@ -27,15 +26,8 @@ setup-cluster:
 	@yq -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
 	kubectl apply -k kind/cluster/lb --server-side
 
-docker-secret:
-	docker login reg.cadoles.com
-	mkdir -p kustomization/base/tekton/secret/dockerconfig
-	docker --config kustomization/base/tekton/secret/dockerconfig login reg.cadoles.com
-	kubectl create secret generic regcred --from-file=config.json=kustomization/base/tekton/secret/dockerconfig/config.json -n tekton
-	kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}'
-
 deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
-	skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
+	skaffold dev --cleanup=false
 
 delete-cluster: ## Supprime le cluster kubernetes Kind
 	kind delete clusters tekton

README.md

@@ -8,7 +8,6 @@ CI du projet MSE
 
 ```
 make create-cluster
-skaffold dev --cleanup=false
 ```
 
 Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les CRDs :
@@ -17,11 +16,20 @@ Si vous disposez déjà d'un environnement kubernetes, appliquez uniquement les
 kubectl apply -k kind/cluster --server-side
 ```
 
+Il se peut qu'il y ait besoin de relancer la commande s'il n'arrive pas a charger `TektonConfig` correctement
+
+Puis
+
+```
+make deploy-dev
+```
+
 #### Préparer les secrets
 Créer les fichiers en renseignant et en copiant les fichiers `.dist` correspondants:
- - `kustomization/base/tekton/secret/git-secret.yaml`
+ - `kustomization/base/tekton/secret/gitea/access_token`
- - `kustomization/base/tekton/secret/ssh-secret.yaml`
+ - `kustomization/base/tekton/secret/gitea/basicauth`
- - `kustomization/base/tekton/secret/gitea-access-token.yaml`
+ - `kustomization/base/tekton/secret/ssh/id_ed25519`
+ - `kustomization/base/tekton/secret/ssh/known_hosts`
 
 Générer le secret docker
 ```

kustomization/base/tekton/kustomization.yaml

@@ -3,9 +3,6 @@ kind: Kustomization
 namespace: tekton
 resources:
 - namespace/namespace.yaml
-- secret/git-secret.yaml
-- secret/ssh-secret.yaml
-- secret/gitea-access-token.yaml
 - serviceaccount/service-account.yaml
 - serviceaccount/rbac.yaml
 - configmap/configmap-phpcsfixer.yaml
@@ -40,9 +37,32 @@ resources:
 
 # Events
 - event/mseproject.yaml
-# - event/msebuild.yaml
+
-# - event/imagebuild.yaml
-# - event/symfonycheck.yaml
 
 # Ingress
 # - ingress/dashboard.yaml
+
+generatorOptions:
+ disableNameSuffixHash: true
+secretGenerator:
+- name: regcred
+  type: kubernetes.io/dockerconfigjson
+  files:
+  - secret/dockerconfig/.dockerconfigjson
+
+- name: basic-auth
+  type: kubernetes.io/basic-auth
+  options:
+    annotations:
+      tekton.dev/git-0: https://forge.cadoles.com
+  envs:
+  - secret/gitea/basicauth
+
+- name: gitea-access-token
+  files:
+  - secret/gitea/access_token
+
+- name: git-credentials
+  files:
+  - secret/ssh/id_ed25519
+  - secret/ssh/known_hosts

kustomization/base/tekton/pipelinerun/pipelinerun.yaml

@@ -1,39 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: PipelineRun
-metadata:
-  generateName: msebuild-run-
-  namespace: tekton
-spec:
-  serviceAccountName: build-bot
-  pipelineRef:
-    name: msebuild
-  podTemplate:
-    securityContext:
-      fsGroup: 65532
-  workspaces:
-  - name: shared-data
-    volumeClaimTemplate:
-      spec:
-        accessModes:
-        - ReadWriteOnce
-        resources:
-          requests:
-            storage: 1Gi
-  - name: config
-    configmap:
-      name: config-php-cs-fixer
-  - name: docker-credentials
-    secret:
-      secretName: regcred
-  params:
-  - name: image
-    value: reg.cadoles.com/mlamalle/testtekton
-  - name: tag
-    value: test
-  - name: dockerfile
-    value: ./misc/k8s/images/job-base/Dockerfile
-  - name: url
-    value: https://forge.cadoles.com/CNOUS/mse.git
-  - name: revision
-    value: sprint-6
-

kustomization/base/tekton/secret/git-secret.yaml.dist

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations:
-    tekton.dev/git-0: https://forge.cadoles.com
-  name: basic-auth
-type: kubernetes.io/basic-auth
-stringData:
-  username: <login>
-  password: <password>

kustomization/base/tekton/secret/gitea-access-token.yaml.dist

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitea-access-token
-data:
-  access_token: <base64 gitea access token>

kustomization/base/tekton/secret/gitea/access_token.dist

@@ -0,0 +1 @@
+TOKEN_HERE

kustomization/base/tekton/secret/gitea/basicauth.dist

@@ -0,0 +1,2 @@
+username=<login>
+password=<password>

kustomization/base/tekton/secret/ssh-secret.yaml.dist

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: git-credentials
-data:
-  id_ed25519: <base64 ssh private key>
-  known_hosts: <base64 known_host>

kustomization/base/tekton/secret/ssh/id_ed25519.dist

@@ -0,0 +1 @@
+YOUR_PRIVATE_KEY_HERE

kustomization/base/tekton/secret/ssh/known_hosts.dist

@@ -0,0 +1 @@
+KNOWN_HOST_HERE