From 3274fbdd9759ce525377b7eecd2f4de831f6b96c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 27 Sep 2023 06:26:54 +0200 Subject: [PATCH] Updated the tekton installation --- .../values/secrets.tekton-pipeline.yaml | 23 +++++ .../values/values.tekton-pipeline.yaml | 4 + manifests/debug/istio-stuff.yaml | 17 ---- manifests/debug/proxy-prot.yaml | 17 ---- manifests/debug/test.yaml | 83 ------------------- manifests/git_clone.yaml | 80 ++++++++++++++++++ .../{ => metallb}/badhouseplants-ip.yaml | 5 +- manifests/{ => metallb}/etersoft-ip.yaml | 5 +- manifests/tekton/cdh.yaml | 13 +++ releases.yaml | 3 + 10 files changed, 127 insertions(+), 123 deletions(-) create mode 100644 badhouseplants/values/secrets.tekton-pipeline.yaml create mode 100644 badhouseplants/values/values.tekton-pipeline.yaml delete mode 100644 manifests/debug/istio-stuff.yaml delete mode 100644 manifests/debug/proxy-prot.yaml delete mode 100644 manifests/debug/test.yaml create mode 100644 manifests/git_clone.yaml rename manifests/{ => metallb}/badhouseplants-ip.yaml (76%) rename manifests/{ => metallb}/etersoft-ip.yaml (77%) create mode 100644 manifests/tekton/cdh.yaml diff --git a/badhouseplants/values/secrets.tekton-pipeline.yaml b/badhouseplants/values/secrets.tekton-pipeline.yaml new file mode 100644 index 0000000..df4d009 --- /dev/null +++ b/badhouseplants/values/secrets.tekton-pipeline.yaml @@ -0,0 +1,23 @@ +auth: + git: + password: ENC[AES256_GCM,data:X1wVDcAeDP9IY/Kry+pP3BayBFJJ4o4NxA==,iv:qVG9R033GKeQxaVpCpN3hUV9d6dGULceEPt70U5psX0=,tag:jgmc/T42T9/JH3PgN6v2qA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdmJzcTFKd1M2dUZyTmxZ + Mnljc1FCRk9tQUFyWUk4U21kYWR0MVMzSms4CjdCNTFONTJGU1B4bDBOQnp3NEtW + UDZpTkU4bWFrYVhiV0tUbGRmaTlPTUEKLS0tIHJmTkhGbTZiQkQzR2VHckRoVFVF + eUtWMXpDWlBwVE1zM1FOMklQd3BhZk0KvJBAxTdAQCHGDd7W2qv/31OblHrX7o0X + 0GCL/z1dw+sG4GS0zwgxVu8jlGzWK8PCZjq5k8bMMzbbKtUNKiShuA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-27T04:26:20Z" + mac: ENC[AES256_GCM,data:Hknt7Td7Tyx/c98Xf7dbsaGRLKO1zzZR34ZarkZtFVyvTcB0kxb5VWeJv+O215UAXEjPE7LUB2gHvhAtgLsAnek55stjZ84ifz923gMKB2ul18TeX4s0oqXyKvKZyv7SKPsVduSA4EutbrOnxLiZCmL8b/u0Y6scUH5pOe7aydg=,iv:vXvdvPE4n6ZYb0CXZZppWuvFFOlDEM2dMiiUwVTTTvE=,tag:gfNWefDG3cC1QzNGwgs5mQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/badhouseplants/values/values.tekton-pipeline.yaml b/badhouseplants/values/values.tekton-pipeline.yaml new file mode 100644 index 0000000..6471734 --- /dev/null +++ b/badhouseplants/values/values.tekton-pipeline.yaml @@ -0,0 +1,4 @@ +auth: + git: + username: tekton + url: https://git.badhouseplants.net diff --git a/manifests/debug/istio-stuff.yaml b/manifests/debug/istio-stuff.yaml deleted file mode 100644 index 70c689e..0000000 --- a/manifests/debug/istio-stuff.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: proxy-protocol - namespace: istio-system -spec: - workloadSelector: - labels: - istio: ingressgateway - configPatches: - - applyTo: LISTENER - patch: - operation: MERGE - value: - listener_filters: - - name: envoy.listener.proxy_protocol - diff --git a/manifests/debug/proxy-prot.yaml b/manifests/debug/proxy-prot.yaml deleted file mode 100644 index 94e9946..0000000 --- a/manifests/debug/proxy-prot.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: proxy-protocol - namespace: istio-system -spec: - configPatches: - - applyTo: LISTENER - patch: - operation: MERGE - value: - listener_filters: - - name: envoy.listener.proxy_protocol - - name: envoy.listener.tls_inspector - workloadSelector: - labels: - istio: ingressgateway diff --git a/manifests/debug/test.yaml b/manifests/debug/test.yaml deleted file mode 100644 index 25636a6..0000000 --- a/manifests/debug/test.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: httpbin-gateway -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP2 - hosts: - - "test.badhouseplants.net" - - hosts: - - "test.badhouseplants.net" - port: - name: https - number: 443 - protocol: HTTPS - tls: - credentialName: badhouseplants-wildcard-tls - mode: SIMPLE ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: httpbin -spec: - hosts: - - "test.badhouseplants.net" - gateways: - - httpbin-gateway - http: - - route: - - destination: - host: httpbin - port: - number: 8000 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: httpbin ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - labels: - app: httpbin - service: httpbin -spec: - ports: - - name: http - port: 8000 - targetPort: 80 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - serviceAccountName: httpbin - containers: - - image: docker.io/kong/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - ports: - - containerPort: 80 diff --git a/manifests/git_clone.yaml b/manifests/git_clone.yaml new file mode 100644 index 0000000..869231b --- /dev/null +++ b/manifests/git_clone.yaml @@ -0,0 +1,80 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git-clone-repo + namespace: tekton-jobs +spec: + workspaces: + - name: src + mountPath: /src + params: + - name: url + + steps: + - name: Git Clone + image: alpine/git + script: | + #!/bin/bash + +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: write + namespace: tekton-jobs +spec: + workspaces: + - name: src + mountPath: /custom/path/relative/to/root + steps: + - name: goodbye + image: ubuntu + script: | + #!/bin/bash + cat $(workspaces.src.path)/check +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: hello-goodbye + namespace: tekton-jobs +spec: + tasks: + - name: read + taskRef: + name: read + workspaces: + - name: src + workspace: src + - name: write + runAfter: + - read + taskRef: + name: read + workspaces: + - name: src + workspace: src + workspaces: + - name: src +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: hello-goodbye-run + namespace: tekton-jobs +spec: + pipelineRef: + name: hello-goodbye + namespace: tekton-jobs + params: + - name: username + value: "Tekton" + workspaces: + - name: src + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce # access mode may affect how you can use this volume in parallel tasks + resources: + requests: + storage: 1Gi diff --git a/manifests/badhouseplants-ip.yaml b/manifests/metallb/badhouseplants-ip.yaml similarity index 76% rename from manifests/badhouseplants-ip.yaml rename to manifests/metallb/badhouseplants-ip.yaml index b98f76f..a660251 100644 --- a/manifests/badhouseplants-ip.yaml +++ b/manifests/metallb/badhouseplants-ip.yaml @@ -1,10 +1,9 @@ # addresspool.yaml ---- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: custom-addresspool namespace: metallb-system -spec: +spec: addresses: - - 195.201.250.50-195.201.250.50 + - 195.201.250.50-195.201.250.50 diff --git a/manifests/etersoft-ip.yaml b/manifests/metallb/etersoft-ip.yaml similarity index 77% rename from manifests/etersoft-ip.yaml rename to manifests/metallb/etersoft-ip.yaml index 7e8a401..efeb516 100644 --- a/manifests/etersoft-ip.yaml +++ b/manifests/metallb/etersoft-ip.yaml @@ -1,10 +1,9 @@ # addresspool.yaml ---- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: custom-addresspool namespace: metallb-system -spec: +spec: addresses: - - 91.232.225.63-91.232.225.63 + - 91.232.225.63-91.232.225.63 diff --git a/manifests/tekton/cdh.yaml b/manifests/tekton/cdh.yaml new file mode 100644 index 0000000..651cbeb --- /dev/null +++ b/manifests/tekton/cdh.yaml @@ -0,0 +1,13 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: check-da-helm + namespace: tekton-pipelines +spec: + params: + - name: environment + type: string + steps: + - name: check-da-helm + image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable + script: "cdh --kind helmfile -p helmfile.yaml --helmfile-environment \n" diff --git a/releases.yaml b/releases.yaml index df99795..8c16665 100644 --- a/releases.yaml +++ b/releases.yaml @@ -217,6 +217,9 @@ templates: name: tekton-pipeline chart: cdf/tekton-pipeline version: 1.0.2 + inherit: + - template: default-env-values + - template: default-env-secrets nrodionov: &nrodionov name: nrodionov