From 3690d7bcad4604c9ebc7c80aad48bd2b0136a08d Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Thu, 25 Jan 2024 09:01:48 +0100 Subject: [PATCH] first commit --- .gitignore | 1 + Makefile | 46 +++++++++++++++++ README.md | 15 ++++++ doc/tekton.md | 21 ++++++++ kind/cluster/coredns/custom-dns.yaml | 31 ++++++++++++ kind/cluster/kustomization.yaml | 13 +++++ kind/cluster/lb/kustomization.yaml | 7 +++ kind/cluster/lb/resources/advertise.yaml | 9 ++++ kind/cluster/lb/resources/ipaddresspoool.yaml | 8 +++ kind/kind-tekton.yaml | 45 +++++++++++++++++ kind/scripts/init-kind.sh | 13 +++++ kustomization/base/kustomization.yaml | 5 ++ .../configmap/configmap-php-cs-fixer.yaml | 47 +++++++++++++++++ .../base/tekton/file/.php-cs-fixer.dist.php | 45 +++++++++++++++++ kustomization/base/tekton/kustomization.yaml | 13 +++++ .../base/tekton/namespace/namespace.yaml | 4 ++ .../base/tekton/pipeline/pipeline.yaml | 50 +++++++++++++++++++ .../base/tekton/pipeline/pipelinerun.yaml | 24 +++++++++ .../base/tekton/secret/secret.yaml.dist | 12 +++++ .../serviceaccount/service-account.yaml | 6 +++ .../base/tekton/task/php-cs-fixer.yaml | 22 ++++++++ .../base/tekton/task/php-security-check.yaml | 19 +++++++ .../base/tekton/task/show-readme.yaml | 14 ++++++ skaffold.yaml | 11 ++++ 24 files changed, 481 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 README.md create mode 100644 doc/tekton.md create mode 100644 kind/cluster/coredns/custom-dns.yaml create mode 100644 kind/cluster/kustomization.yaml create mode 100644 kind/cluster/lb/kustomization.yaml create mode 100644 kind/cluster/lb/resources/advertise.yaml create mode 100644 kind/cluster/lb/resources/ipaddresspoool.yaml create mode 100644 kind/kind-tekton.yaml create mode 100755 kind/scripts/init-kind.sh create mode 100644 kustomization/base/kustomization.yaml create mode 100644 kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml create mode 100644 kustomization/base/tekton/file/.php-cs-fixer.dist.php create mode 100644 kustomization/base/tekton/kustomization.yaml create mode 100644 kustomization/base/tekton/namespace/namespace.yaml create mode 100644 kustomization/base/tekton/pipeline/pipeline.yaml create mode 100644 kustomization/base/tekton/pipeline/pipelinerun.yaml create mode 100644 kustomization/base/tekton/secret/secret.yaml.dist create mode 100644 kustomization/base/tekton/serviceaccount/service-account.yaml create mode 100644 kustomization/base/tekton/task/php-cs-fixer.yaml create mode 100644 kustomization/base/tekton/task/php-security-check.yaml create mode 100644 kustomization/base/tekton/task/show-readme.yaml create mode 100644 skaffold.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..abd66a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +kustomization/base/tekton/secret/secret.yaml diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..54fd65f --- /dev/null +++ b/Makefile @@ -0,0 +1,46 @@ +DESTDIR=./ + +REG_CRED=$(shell kubectl get secret -n tekton -l type=regcred -o jsonpath='{.items[0].metadata.name}') +SUBNET=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}') +BASEIP=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}' | cut -d "/" -f 1) + +.PHONY: help +help: + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +.PHONY: deploy +create-cluster: ## Créer un cluster kubernetes avec Kind + kind create cluster --name tekton --config kind/kind-tekton.yaml + make setup-cluster + @echo "SubNet Docker :" $(SUBNET) + @echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé" + +.PHONY: setup-cluster +setup-cluster: + kubectl apply -k kind/cluster --server-side + kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller + kubectl --namespace metallb-system rollout status --timeout 5m deployment controller + + sed -i "/mse.dev.local/ s/.*/ $(BASEIP)\tmse.dev.local/g" kind/cluster/coredns/custom-dns.yaml + kubectl apply -f kind/cluster/coredns/custom-dns.yaml + kubectl -n kube-system rollout restart deployment/coredns + kubectl -n kube-system rollout status --timeout 5m deployment/coredns + @yq -y -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml + kubectl apply -k kind/cluster/lb --server-side + +ssh-secret: + cp kustomization/overlays/dev/resources/tekton/secret/secret.yaml.distkustomization/overlays/dev/resources/tekton/secret/secret.yaml + +deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME) + skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME} + +delete-cluster: ## Supprime le cluster kubernetes Kind + kind delete clusters tekton + + + +.mktools: + rm -rf .mktools + curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL) + +-include .mktools/*.mk diff --git a/README.md b/README.md new file mode 100644 index 0000000..ba5f576 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# MSE Tekton + +CI du projet MSE + + +[Documentation](doc/tekton.md) + + +### Lancement de l'environnement + +``` +make create-cluster + +skaffold dev +``` diff --git a/doc/tekton.md b/doc/tekton.md new file mode 100644 index 0000000..f38c8f5 --- /dev/null +++ b/doc/tekton.md @@ -0,0 +1,21 @@ +### Accès au Dashboard +[Doc Tekton](https://tekton.dev/docs/dashboard/install/) + +On crée un port-forward pour accéder au dashboard + +``` +kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097 +``` + +### Lancement du pipeline + +``` +kubectl create -f kustomization/base/tekton/pipeline/pipelinerun.yaml +``` + +### Lister et voir les logs des pipelines + +``` +tkn pipelinerun list +tkn pipelinerun logs clone-read-run-dqwcx -f +``` diff --git a/kind/cluster/coredns/custom-dns.yaml b/kind/cluster/coredns/custom-dns.yaml new file mode 100644 index 0000000..6bff592 --- /dev/null +++ b/kind/cluster/coredns/custom-dns.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + hosts { + # Liste des noms de dommaine à résoudre dans le cluster.local + 172.18.0.0 mse.dev.local + + fallthrough + } + } +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system diff --git a/kind/cluster/kustomization.yaml b/kind/cluster/kustomization.yaml new file mode 100644 index 0000000..b911933 --- /dev/null +++ b/kind/cluster/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml +- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop +- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop +- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop +- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop +- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop +- https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml +- https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml + diff --git a/kind/cluster/lb/kustomization.yaml b/kind/cluster/lb/kustomization.yaml new file mode 100644 index 0000000..6446c8b --- /dev/null +++ b/kind/cluster/lb/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: metallb-system + +resources: +- ./resources/ipaddresspoool.yaml +- ./resources/advertise.yaml diff --git a/kind/cluster/lb/resources/advertise.yaml b/kind/cluster/lb/resources/advertise.yaml new file mode 100644 index 0000000..d251dba --- /dev/null +++ b/kind/cluster/lb/resources/advertise.yaml @@ -0,0 +1,9 @@ +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: l2-ip-pool-ad + namespace: metallb-system +spec: + ipAddressPools: + - main-pool + diff --git a/kind/cluster/lb/resources/ipaddresspoool.yaml b/kind/cluster/lb/resources/ipaddresspoool.yaml new file mode 100644 index 0000000..5db3e4a --- /dev/null +++ b/kind/cluster/lb/resources/ipaddresspoool.yaml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: main-pool + namespace: metallb-system +spec: + addresses: + - 172.18.0.0/16 diff --git a/kind/kind-tekton.yaml b/kind/kind-tekton.yaml new file mode 100644 index 0000000..451f8ba --- /dev/null +++ b/kind/kind-tekton.yaml @@ -0,0 +1,45 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +name: tekton +nodes: +- role: control-plane + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 31000 + hostPort: 31000 + listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" + - containerPort: 80 + hostPort: 8080 + listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" + labels: + ingress-ready: true +- role: worker + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi +- role: worker + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi +- role: worker + image: kindest/node:v1.27.2 + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi diff --git a/kind/scripts/init-kind.sh b/kind/scripts/init-kind.sh new file mode 100755 index 0000000..eee8e78 --- /dev/null +++ b/kind/scripts/init-kind.sh @@ -0,0 +1,13 @@ +#!/bin/bash + + + +${ENGINE} create cluster --config kind/kind-mse.yaml +sleep 5 +kubectl apply -k kind/cluster --server-side +sleep 5 +docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r +echo "Si tout est ok :" +echo "kubectl apply -k kind/cluster/lb --server-side" +echo "skaffold dev -p dev --cleanup=false " + diff --git a/kustomization/base/kustomization.yaml b/kustomization/base/kustomization.yaml new file mode 100644 index 0000000..3395f88 --- /dev/null +++ b/kustomization/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- tekton/ diff --git a/kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml b/kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml new file mode 100644 index 0000000..2e9f331 --- /dev/null +++ b/kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-php-cs-fixer +data: + .php-cs-fixer.dist.php: | + in(__DIR__.'/src') + ->name('*.php'); + // TODO: Définir les règles de style communes + // spécifiques au projet + return (new PhpCsFixer\Config()) + ->setRules([ + '@Symfony' => true, + 'concat_space' => ['spacing' => 'none'], + 'array_syntax' => ['syntax' => 'short'], + 'combine_consecutive_issets' => true, + 'explicit_indirect_variable' => true, + 'no_useless_return' => true, + 'ordered_imports' => true, + 'no_unused_imports' => true, + 'no_spaces_after_function_name' => true, + 'no_spaces_inside_parenthesis' => true, + 'ternary_operator_spaces' => true, + 'class_definition' => ['single_line' => true], + 'whitespace_after_comma_in_array' => true, + // phpdoc + 'phpdoc_add_missing_param_annotation' => ['only_untyped' => true], + 'phpdoc_order' => true, + 'phpdoc_types_order' => [ + 'null_adjustment' => 'always_last', + 'sort_algorithm' => 'alpha', + ], + 'phpdoc_no_empty_return' => false, + 'phpdoc_summary' => false, + 'general_phpdoc_annotation_remove' => [ + 'annotations' => [ + 'expectedExceptionMessageRegExp', + 'expectedException', + 'expectedExceptionMessage', + 'author', + ], + ], + ]) + ->setFinder($finder); + diff --git a/kustomization/base/tekton/file/.php-cs-fixer.dist.php b/kustomization/base/tekton/file/.php-cs-fixer.dist.php new file mode 100644 index 0000000..daa8926 --- /dev/null +++ b/kustomization/base/tekton/file/.php-cs-fixer.dist.php @@ -0,0 +1,45 @@ +in(__DIR__.'/src') + ->name('*.php') +; + +// TODO: Définir les règles de style communes +// spécifiques au projet +return (new PhpCsFixer\Config()) + ->setRules([ + '@Symfony' => true, + 'concat_space' => ['spacing' => 'none'], + 'array_syntax' => ['syntax' => 'short'], + 'combine_consecutive_issets' => true, + 'explicit_indirect_variable' => true, + 'no_useless_return' => true, + 'ordered_imports' => true, + 'no_unused_imports' => true, + 'no_spaces_after_function_name' => true, + 'no_spaces_inside_parenthesis' => true, + 'ternary_operator_spaces' => true, + 'class_definition' => ['single_line' => true], + 'whitespace_after_comma_in_array' => true, + + // phpdoc + 'phpdoc_add_missing_param_annotation' => ['only_untyped' => true], + 'phpdoc_order' => true, + 'phpdoc_types_order' => [ + 'null_adjustment' => 'always_last', + 'sort_algorithm' => 'alpha', + ], + 'phpdoc_no_empty_return' => false, + 'phpdoc_summary' => false, + 'general_phpdoc_annotation_remove' => [ + 'annotations' => [ + 'expectedExceptionMessageRegExp', + 'expectedException', + 'expectedExceptionMessage', + 'author', + ], + ], + ]) + ->setFinder($finder) +; diff --git a/kustomization/base/tekton/kustomization.yaml b/kustomization/base/tekton/kustomization.yaml new file mode 100644 index 0000000..f2b9cd9 --- /dev/null +++ b/kustomization/base/tekton/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: tekton +resources: +- namespace/namespace.yaml +- configmap/configmap-php-cs-fixer.yaml +- pipeline/pipeline.yaml +- secret/secret.yaml +- serviceaccount/service-account.yaml +- https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml +- task/show-readme.yaml +- task/php-cs-fixer.yaml +- task/php-security-check.yaml diff --git a/kustomization/base/tekton/namespace/namespace.yaml b/kustomization/base/tekton/namespace/namespace.yaml new file mode 100644 index 0000000..3a3a509 --- /dev/null +++ b/kustomization/base/tekton/namespace/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tekton diff --git a/kustomization/base/tekton/pipeline/pipeline.yaml b/kustomization/base/tekton/pipeline/pipeline.yaml new file mode 100644 index 0000000..5a11718 --- /dev/null +++ b/kustomization/base/tekton/pipeline/pipeline.yaml @@ -0,0 +1,50 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: clone-read +spec: + description: | + This pipeline clones a git repo, then echoes the README file to the stout. + params: + - name: repo-url + type: string + description: The git repo URL to clone from. + workspaces: + - name: shared-data + description: | + This workspace contains the cloned repo files, so they can be read by the + next task. + tasks: + - name: fetch-source + taskRef: + name: git-clone + workspaces: + - name: output + workspace: shared-data + params: + - name: url + value: $(params.repo-url) + + - name: show-readme + runAfter: ["fetch-source"] + taskRef: + name: show-readme + workspaces: + - name: source + workspace: shared-data + + - name: php-security-check + runAfter: ["fetch-source"] + taskRef: + name: php-security-check + workspaces: + - name: source + workspace: shared-data + + - name: php-cs-fixer + runAfter: ["fetch-source"] + taskRef: + name: php-cs-fixer + workspaces: + - name: source + workspace: shared-data diff --git a/kustomization/base/tekton/pipeline/pipelinerun.yaml b/kustomization/base/tekton/pipeline/pipelinerun.yaml new file mode 100644 index 0000000..b5e42a7 --- /dev/null +++ b/kustomization/base/tekton/pipeline/pipelinerun.yaml @@ -0,0 +1,24 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: clone-read-run- +spec: + serviceAccountName: build-bot + pipelineRef: + name: clone-read + podTemplate: + securityContext: + fsGroup: 65532 + workspaces: + - name: shared-data + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + params: + - name: repo-url + value: https://forge.cadoles.com/Cadoles/hydra-dispatcher.git + \ No newline at end of file diff --git a/kustomization/base/tekton/secret/secret.yaml.dist b/kustomization/base/tekton/secret/secret.yaml.dist new file mode 100644 index 0000000..6b711de --- /dev/null +++ b/kustomization/base/tekton/secret/secret.yaml.dist @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ssh-key + annotations: + tekton.dev/git-0: forge.cadoles.com # Described below +type: kubernetes.io/ssh-auth +stringData: + ssh-privatekey: "" + # This is non-standard, but its use is encouraged to make this more secure. + # If it is not provided then the git server's public key will be requested + # when the repo is first fetched. \ No newline at end of file diff --git a/kustomization/base/tekton/serviceaccount/service-account.yaml b/kustomization/base/tekton/serviceaccount/service-account.yaml new file mode 100644 index 0000000..6fb379d --- /dev/null +++ b/kustomization/base/tekton/serviceaccount/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: build-bot +secrets: + - name: basic-auth \ No newline at end of file diff --git a/kustomization/base/tekton/task/php-cs-fixer.yaml b/kustomization/base/tekton/task/php-cs-fixer.yaml new file mode 100644 index 0000000..7c4d42e --- /dev/null +++ b/kustomization/base/tekton/task/php-cs-fixer.yaml @@ -0,0 +1,22 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: php-cs-fixer +spec: + description: PHP-CS-Fixer on modified code + workspaces: + - name: source + steps: + - name: read + image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3 + volumeMounts: + - name: config-php-cs-fixer + mountPath: "/conf/" + args: + - --dry-run + - fix + + volumes: + - name: config-php-cs-fixer + configMap: + name: config-php-cs-fixer \ No newline at end of file diff --git a/kustomization/base/tekton/task/php-security-check.yaml b/kustomization/base/tekton/task/php-security-check.yaml new file mode 100644 index 0000000..ba6795b --- /dev/null +++ b/kustomization/base/tekton/task/php-security-check.yaml @@ -0,0 +1,19 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: php-security-check +spec: + description: Check PHP security issues + workspaces: + - name: source + steps: + - name: check + image: alpine:latest + script: | + #!/bin/sh + export PHP_SECURITY_CHECKER_VERSION=1.0.0 + export ARG JQ_VERSION=1.6 + wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \ + && chmod +x /usr/local/bin/local-php-security-checker + cd $(workspaces.source.path) + local-php-security-checker --format=markdown || true \ No newline at end of file diff --git a/kustomization/base/tekton/task/show-readme.yaml b/kustomization/base/tekton/task/show-readme.yaml new file mode 100644 index 0000000..f472773 --- /dev/null +++ b/kustomization/base/tekton/task/show-readme.yaml @@ -0,0 +1,14 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: show-readme +spec: + description: Read and display README file. + workspaces: + - name: source + steps: + - name: read + image: alpine:latest + script: | + #!/usr/bin/env sh + cat $(workspaces.source.path)/README.md \ No newline at end of file diff --git a/skaffold.yaml b/skaffold.yaml new file mode 100644 index 0000000..aff61bf --- /dev/null +++ b/skaffold.yaml @@ -0,0 +1,11 @@ +apiVersion: skaffold/v3 +kind: Config + +metadata: + name: tekton + +manifests: + kustomize: + paths: + - kustomization/base +