cd
/
k8s-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move a bunch of stuff to the j7s-ci flux setup.

This commit is contained in:
James Pace 2023-04-19 20:11:32 -04:00
parent 7ddbab2da6
commit 77be2bbe2e
10 changed files with 0 additions and 463 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
deployments/mosquitto.yaml
View File

@ -1,88 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mosquitto-deployment
labels:
app: mosquitto
spec:
replicas: 1
selector:
matchLabels:
app: mosquitto
template:
metadata:
labels:
app: mosquitto
spec:
containers:
- name: mosquitto
image: 192.168.1.149:8443/mosquitto:0.0.7
args: ["-v", "-c", "/opt/mqtt/mosquitto.conf"]
volumeMounts:
- mountPath: /opt/mqtt
name: mosquitto-conf
ports:
- containerPort: 9000
name: websockets-port
- containerPort: 9001
name: mqtt-port
volumes:
- name: mosquitto-conf
configMap:
name: mosquitto-conf
---
apiVersion: v1
kind: Service
metadata:
name: mosquitto-service
spec:
selector:
app: mosquitto
type: LoadBalancer
ports:
- protocol: TCP
port: 9000
name: websockets-port
- protocol: TCP
port: 9001
name: mqtt-port
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquitto-conf
data:
acl.yaml: |
default:
can_read: true
can_write: false
jimmy:
can_read: true
can_write: true
keys.yaml: |
default:
- /opt/mqtt/jpace121-key.pem
- /opt/mqtt/service-key.pem
mosquitto.conf: |
per_listener_settings false
allow_anonymous false
log_type all
auth_plugin /usr/lib/libj7s-plugin.so
auth_opt_key_file /opt/mqtt/keys.yaml
auth_opt_acl_file /opt/mqtt/acl.yaml
listener 9000
protocol websockets
listener 9001
protocol mqtt
service-key.pem: |
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DBwMe+eHkYLfq076sFq75gepyaL4LQtX8qVlGjJCtLxV308L2d8XGC35VBxrIbx8Bs5sKT4e5s9suzO8FhGMQ==
-----END PUBLIC KEY-----
jpace121-key.pem: |
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqdtuaoyDj8jCtgB9qfUMwDe//VLAF1HTXHTQ7OS8i/S3wjOC4YOHxRy9kYQ3LdE44r7kIX6DR8VLJ3srctQ0xw==
-----END PUBLIC KEY-----

42
deployments/squid.yaml
View File

@ -1,42 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: squid-deployment
labels:
app: squid
spec:
replicas: 1
selector:
matchLabels:
app: squid
template:
metadata:
labels:
app: squid
spec:
containers:
- name: squid
image: 192.168.1.149:8443/squid:0.3
volumeMounts:
- mountPath: /var/spool/squid
name: squid-volume
ports:
- containerPort: 3128
name: squid-port
volumes:
- name: squid-volume
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: squid-service
spec:
selector:
app: squid
ports:
- protocol: TCP
targetPort: 3128
port: 3128
name: squid-port

29
tasks/j7s-ansible-build.yaml
View File

@ -1,29 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-ansible-build
namespace: j7s-ci
spec:
workspaces:
- name: source
- name: ssh-directory
params:
- name: deploy
- name: ansible-file-path
steps:
- image: 192.168.1.149:8443/ansible-podman:latest
securityContext:
privileged: true
script: |
#!/usr/bin/env bash
set -ex
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
cd $(workspaces.source.path)
ansible-playbook -vvvv --skip-tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml
if [[ $(params.deploy) == "true" ]]; then
ansible-playbook -vvvv --tags deploy -i $(params.ansible-file-path)/inventory.yaml $(params.ansible-file-path)/build.yaml
fi

84
tasks/j7s-buildah.yaml
View File

@ -1,84 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-buildah
namespace: j7s-ci
spec:
description: Build and push a container image.
params:
- name: registry
description: Registry to push to.
- name: name
description: Name of the image.
- name: version
description: Version for the image.
- name: containerfile
description: Path of the Containerfile relative to source.
workspaces:
- name: source
- name: cosign-credentials
steps:
- name: build
image: 192.168.1.149:8443/buildah:latest
workingDir: $(workspaces.source.path)
script: |
set -x
# Login
buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry)
mkdir ~/.sigstore
cp $(workspaces.cosign-credentials.path)/* ~/.sigstore
cat <<EOF > ~/.sigstore/param-file.yaml
privateKeyFile: "$HOME/.sigstore/cosign.key"
privateKeyPassphraseFile: "$HOME/.sigstore/cosign.password"
EOF
mkdir -p /etc/containers/registries.d/
cat <<EOF > /etc/containers/registries.d/james-registry.yaml
docker:
$(params.registry):
use-sigstore-attachments: true
EOF
# Build
buildah --storage-driver=overlay bud --tls-verify=false --no-cache \
-f $(params.containerfile) -t $(params.name):$(params.version) .
# Push
skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \
containers-storage:localhost/$(params.name):$(params.version) \
docker://$(params.registry)/$(params.name):$(params.version)
skopeo copy --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \
containers-storage:localhost/$(params.name):$(params.version) \
docker://$(params.registry)/$(params.name):latest
# Indicate results.
HASH=`skopeo inspect containers-storage:localhost/$(params.name):$(params.version) --format={{.Digest}}`
cat <<EOF > $(results.image-ARTIFACT_OUTPUTS.path)
{
"uri": "$(params.registry)/$(params.name):$(params.version)",
"digest": "$HASH"
}
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: registry-login-secret
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: registry-login-secret
key: password
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
securityContext:
privileged: true
volumes:
- name: varlibcontainers
emptyDir: {}
results:
- name: image-ARTIFACT_OUTPUTS
type: object
properties:
uri:
type: string
digest:
type: string

23
tasks/j7s-git-clone-hash.yaml
View File

@ -1,23 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-git-clone-hash
namespace: j7s-ci
spec:
workspaces:
- name: output
- name: ssh-directory
params:
- name: url
- name: hash
steps:
- image: 192.168.1.149:8443/gitssh:latest
script: |
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git clone $(params.url) $(workspaces.output.path)
cd $(workspaces.output.path)
git checkout $(params.hash)

21
tasks/j7s-git-clone.yaml
View File

@ -1,21 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-git-clone
namespace: j7s-ci
spec:
workspaces:
- name: output
- name: ssh-directory
params:
- name: url
- name: branch
steps:
- image: 192.168.1.149:8443/gitssh:latest
script: |
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path)

53
tasks/j7s-os-buildah.yaml
View File

@ -1,53 +0,0 @@
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-os-buildah
namespace: j7s-ci
spec:
description: Build the deployment container image for j7s-os.
params:
- name: image
description: Reference of the image buildah will produce.
- name: commit
description: Repo directory to put inside the image.
- name: registry
description: Registry to push to.
- name: version
description: Version for the image.
workspaces:
- name: source
steps:
- name: build
image: quay.io/buildah/stable:v1.23.3
workingDir: $(workspaces.source.path)
script: |
set -x
# Login
buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry)
# Build
buildah --storage-driver=overlay bud --tls-verify=false --no-cache \
--build-arg commit=./$(params.commit) \
-f ./hosting/Dockerfile -t $(params.image):$(params.version) .
# Push
buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):$(params.version)
buildah --storage-driver=overlay push --tls-verify=false $(params.image) docker://$(params.registry)/$(params.image):latest
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: registry-login-secret
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: registry-login-secret
key: password
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
securityContext:
privileged: true
volumes:
- name: varlibcontainers
emptyDir: {}

22
tasks/j7s-os-image-build.yaml
View File

@ -1,22 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-os-image-build
namespace: j7s-ci
spec:
workspaces:
- name: source
params:
- name: image-name
results:
- name: version-string
steps:
- image: 192.168.1.149:8443/j7s-image-build:latest
securityContext:
privileged: true
script: |
set -x
sudo chown -R j7s:j7s $(workspaces.source.path)
cd $(workspaces.source.path)
make $(params.image-name)
echo -n `date +%Y%m%d%H%M`-`git describe --no-match --always --dirty` | tee $(results.version-string.path)

45
tasks/j7s-os-k8s-deploy.yaml
View File

@ -1,45 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-os-k8s-deploy
namespace: j7s-ci
spec:
params:
- name: image
description: The image to deploy.
- name: version
description: The version of the image to deploy.
workspaces:
- name: ssh-directory
steps:
- name: update-with-flux
image: 192.168.1.149:8443/gitssh:latest
script: |
#!/usr/bin/env bash
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git config --global user.name tekton
git config --global user.email tekton@internal.jpace121.net
git clone ssh://git.jpace121.net:2222/cd/flux-apps flux-apps
cd flux-apps
cat <<EOF > j7s-os-deploy/patch.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: j7s-os-app-deployment
spec:
template:
spec:
containers:
- name: j7s-os-app
image: $(params.image):$(params.version)
EOF
git add ./j7s-os-deploy
git commit -m "Update j7s-os-deploy to version $(params.version)"
git push origin master

56
tasks/j7s-ros-clone.yaml
View File

@ -1,56 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: j7s-ros-clone
namespace: j7s-ci
spec:
workspaces:
- name: output
- name: ssh-directory
params:
- name: url
- name: branch
- name: repos-file
results:
- name: workspace-git-commit-ARTIFACT_OUTPUTS
type: object
properties:
uri:
type: string
digest:
type: string
- name: vcs-exact-file-ARTIFACT_OUTPUTS
type: object
properties:
uri:
type: string
digest:
type: string
steps:
- image: 192.168.1.149:8443/vcs:latest
script: |
set -x
cp -r $(workspaces.ssh-directory.path) ~/.ssh
chmod 700 ~/.ssh
chmod -R 400 ~/.ssh/*
git clone --single-branch --branch $(params.branch) $(params.url) $(workspaces.output.path)
cd $(workspaces.output.path)
mkdir src
vcs import src < $(params.repos-file)
# Git hash is really sha1, rehashing to workaround Tekton bug.
GITHASH=`git rev-parse HEAD | sha256sum | cut -f 1 -d " "`
VCSEXACTHASH=`vcs export --exact ./src | sha256sum | cut -f 1 -d " "`
cat <<EOF > $(results.workspace-git-commit-ARTIFACT_OUTPUTS.path)
{
"uri": "$(params.url)",
"digest": "sha256:$GITHASH"
}
EOF
cat <<EOF > $(results.vcs-exact-file-ARTIFACT_OUTPUTS.path)
{
"uri": "vcs-exact-file",
"digest": "sha256:$VCSEXACTHASH"
}
EOF