mlamalle/mse-tekton
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Matthieu Lamalle 2024-01-25 09:01:48 +01:00
commit 3690d7bcad
24 changed files with 481 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
kustomization/base/tekton/secret/secret.yaml

46
Makefile Normal file
View File

@ -0,0 +1,46 @@
DESTDIR=./
REG_CRED=$(shell kubectl get secret -n tekton -l type=regcred -o jsonpath='{.items[0].metadata.name}')
SUBNET=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}')
BASEIP=$(shell docker network inspect kind --format '{{ (index .IPAM.Config 0).Subnet }}' | cut -d "/" -f 1)
.PHONY: help
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
.PHONY: deploy
create-cluster: ## Créer un cluster kubernetes avec Kind
kind create cluster --name tekton --config kind/kind-tekton.yaml
make setup-cluster
@echo "SubNet Docker :" $(SUBNET)
@echo -e " \x1b[32m✓\x1b[0m Cluster Kind déployé"
.PHONY: setup-cluster
setup-cluster:
kubectl apply -k kind/cluster --server-side
kubectl --namespace ingress-nginx rollout status --timeout 5m deployment/ingress-nginx-controller
kubectl --namespace metallb-system rollout status --timeout 5m deployment controller
sed -i "/mse.dev.local/ s/.*/ $(BASEIP)\tmse.dev.local/g" kind/cluster/coredns/custom-dns.yaml
kubectl apply -f kind/cluster/coredns/custom-dns.yaml
kubectl -n kube-system rollout restart deployment/coredns
kubectl -n kube-system rollout status --timeout 5m deployment/coredns
@yq -y -i ".spec.addresses = [\"$(SUBNET)\"]" kind/cluster/lb/resources/ipaddresspoool.yaml
kubectl apply -k kind/cluster/lb --server-side
ssh-secret:
cp kustomization/overlays/dev/resources/tekton/secret/secret.yaml.distkustomization/overlays/dev/resources/tekton/secret/secret.yaml
deploy-dev: ## Déploie le projet dans le cluster (nécessite la variable $HARBOR_USER_NAME)
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
delete-cluster: ## Supprime le cluster kubernetes Kind
kind delete clusters tekton
.mktools:
rm -rf .mktools
curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
-include .mktools/*.mk

15
README.md Normal file
View File

@ -0,0 +1,15 @@
# MSE Tekton
CI du projet MSE
[Documentation](doc/tekton.md)
### Lancement de l'environnement
```
make create-cluster
skaffold dev
```

21
doc/tekton.md Normal file
View File

@ -0,0 +1,21 @@
### Accès au Dashboard
[Doc Tekton](https://tekton.dev/docs/dashboard/install/)
On crée un port-forward pour accéder au dashboard
```
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
```
### Lancement du pipeline
```
kubectl create -f kustomization/base/tekton/pipeline/pipelinerun.yaml
```
### Lister et voir les logs des pipelines
```
tkn pipelinerun list
tkn pipelinerun logs clone-read-run-dqwcx -f
```

31
kind/cluster/coredns/custom-dns.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
hosts {
# Liste des noms de dommaine à résoudre dans le cluster.local
172.18.0.0 mse.dev.local
fallthrough
}
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system

13
kind/cluster/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop
- https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
- https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml

7
kind/cluster/lb/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metallb-system
resources:
- ./resources/ipaddresspoool.yaml
- ./resources/advertise.yaml

9
kind/cluster/lb/resources/advertise.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: l2-ip-pool-ad
namespace: metallb-system
spec:
ipAddressPools:
- main-pool

8
kind/cluster/lb/resources/ipaddresspoool.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: main-pool
namespace: metallb-system
spec:
addresses:
- 172.18.0.0/16

45
kind/kind-tekton.yaml Normal file
View File

@ -0,0 +1,45 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: tekton
nodes:
- role: control-plane
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 31000
hostPort: 31000
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
- containerPort: 80
hostPort: 8080
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
labels:
ingress-ready: true
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi

13
kind/scripts/init-kind.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
${ENGINE} create cluster --config kind/kind-mse.yaml
sleep 5
kubectl apply -k kind/cluster --server-side
sleep 5
docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r
echo "Si tout est ok :"
echo "kubectl apply -k kind/cluster/lb --server-side"
echo "skaffold dev -p dev --cleanup=false "

5
kustomization/base/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- tekton/

47
kustomization/base/tekton/configmap/configmap-php-cs-fixer.yaml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: config-php-cs-fixer
data:
.php-cs-fixer.dist.php: |
<?php
$finder = PhpCsFixer\Finder::create()
->in(__DIR__.'/src')
->name('*.php');
// TODO: Définir les règles de style communes
// spécifiques au projet
return (new PhpCsFixer\Config())
->setRules([
'@Symfony' => true,
'concat_space' => ['spacing' => 'none'],
'array_syntax' => ['syntax' => 'short'],
'combine_consecutive_issets' => true,
'explicit_indirect_variable' => true,
'no_useless_return' => true,
'ordered_imports' => true,
'no_unused_imports' => true,
'no_spaces_after_function_name' => true,
'no_spaces_inside_parenthesis' => true,
'ternary_operator_spaces' => true,
'class_definition' => ['single_line' => true],
'whitespace_after_comma_in_array' => true,
// phpdoc
'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
'phpdoc_order' => true,
'phpdoc_types_order' => [
'null_adjustment' => 'always_last',
'sort_algorithm' => 'alpha',
],
'phpdoc_no_empty_return' => false,
'phpdoc_summary' => false,
'general_phpdoc_annotation_remove' => [
'annotations' => [
'expectedExceptionMessageRegExp',
'expectedException',
'expectedExceptionMessage',
'author',
],
],
])
->setFinder($finder);

45
kustomization/base/tekton/file/.php-cs-fixer.dist.php Normal file
View File

@ -0,0 +1,45 @@
<?php
$finder = PhpCsFixer\Finder::create()
->in(__DIR__.'/src')
->name('*.php')
;
// TODO: Définir les règles de style communes
// spécifiques au projet
return (new PhpCsFixer\Config())
->setRules([
'@Symfony' => true,
'concat_space' => ['spacing' => 'none'],
'array_syntax' => ['syntax' => 'short'],
'combine_consecutive_issets' => true,
'explicit_indirect_variable' => true,
'no_useless_return' => true,
'ordered_imports' => true,
'no_unused_imports' => true,
'no_spaces_after_function_name' => true,
'no_spaces_inside_parenthesis' => true,
'ternary_operator_spaces' => true,
'class_definition' => ['single_line' => true],
'whitespace_after_comma_in_array' => true,
// phpdoc
'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
'phpdoc_order' => true,
'phpdoc_types_order' => [
'null_adjustment' => 'always_last',
'sort_algorithm' => 'alpha',
],
'phpdoc_no_empty_return' => false,
'phpdoc_summary' => false,
'general_phpdoc_annotation_remove' => [
'annotations' => [
'expectedExceptionMessageRegExp',
'expectedException',
'expectedExceptionMessage',
'author',
],
],
])
->setFinder($finder)
;

13
kustomization/base/tekton/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: tekton
resources:
- namespace/namespace.yaml
- configmap/configmap-php-cs-fixer.yaml
- pipeline/pipeline.yaml
- secret/secret.yaml
- serviceaccount/service-account.yaml
- https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.9/git-clone.yaml
- task/show-readme.yaml
- task/php-cs-fixer.yaml
- task/php-security-check.yaml

4
kustomization/base/tekton/namespace/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: tekton

50
kustomization/base/tekton/pipeline/pipeline.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: clone-read
spec:
description: |
This pipeline clones a git repo, then echoes the README file to the stout.
params:
- name: repo-url
type: string
description: The git repo URL to clone from.
workspaces:
- name: shared-data
description: |
This workspace contains the cloned repo files, so they can be read by the
next task.
tasks:
- name: fetch-source
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
params:
- name: url
value: $(params.repo-url)
- name: show-readme
runAfter: ["fetch-source"]
taskRef:
name: show-readme
workspaces:
- name: source
workspace: shared-data
- name: php-security-check
runAfter: ["fetch-source"]
taskRef:
name: php-security-check
workspaces:
- name: source
workspace: shared-data
- name: php-cs-fixer
runAfter: ["fetch-source"]
taskRef:
name: php-cs-fixer
workspaces:
- name: source
workspace: shared-data

24
kustomization/base/tekton/pipeline/pipelinerun.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: clone-read-run-
spec:
serviceAccountName: build-bot
pipelineRef:
name: clone-read
podTemplate:
securityContext:
fsGroup: 65532
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
params:
- name: repo-url
value: https://forge.cadoles.com/Cadoles/hydra-dispatcher.git

12
kustomization/base/tekton/secret/secret.yaml.dist Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: ssh-key
annotations:
tekton.dev/git-0: forge.cadoles.com # Described below
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: ""
# This is non-standard, but its use is encouraged to make this more secure.
# If it is not provided then the git server's public key will be requested
# when the repo is first fetched.

6
kustomization/base/tekton/serviceaccount/service-account.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-bot
secrets:
- name: basic-auth

22
kustomization/base/tekton/task/php-cs-fixer.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: php-cs-fixer
spec:
description: PHP-CS-Fixer on modified code
workspaces:
- name: source
steps:
- name: read
image: ghcr.io/php-cs-fixer/php-cs-fixer:3-php8.3
volumeMounts:
- name: config-php-cs-fixer
mountPath: "/conf/"
args:
- --dry-run
- fix
volumes:
- name: config-php-cs-fixer
configMap:
name: config-php-cs-fixer

19
kustomization/base/tekton/task/php-security-check.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: php-security-check
spec:
description: Check PHP security issues
workspaces:
- name: source
steps:
- name: check
image: alpine:latest
script: |
#!/bin/sh
export PHP_SECURITY_CHECKER_VERSION=1.0.0
export ARG JQ_VERSION=1.6
wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
&& chmod +x /usr/local/bin/local-php-security-checker
cd $(workspaces.source.path)
local-php-security-checker --format=markdown || true

14
kustomization/base/tekton/task/show-readme.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: show-readme
spec:
description: Read and display README file.
workspaces:
- name: source
steps:
- name: read
image: alpine:latest
script: |
#!/usr/bin/env sh
cat $(workspaces.source.path)/README.md

11
skaffold.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: skaffold/v3
kind: Config
metadata:
name: tekton
manifests:
kustomize:
paths:
- kustomization/base