nicolas
/
eShopOnWeb-gitops
mirror of https://github.com/nmasse-itix/eShopOnWeb-gitops.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 Commits
2 Branches
0 Tags
109 KiB
 
 
Tree: 82eeac7817
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '82eeac7817'
${ noResults }
eShopOnWeb-gitops/infrastructure/templates/eshop-dev.yaml

502 lines
14 KiB
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
annotations:
argocd.argoproj.io/sync-wave: "0"
openshift.io/description: ""
openshift.io/display-name: ""
labels:
kubernetes.io/metadata.name: eshop-dev
name: eshop-dev
spec:
finalizers:
- kubernetes
---
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: eshop-web
namespace: eshop-dev
spec:
lookupPolicy:
local: false
---
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: eshop-api
namespace: eshop-dev
spec:
lookupPolicy:
local: false
---
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: pipelinerun-templates
namespace: eshop-dev
data:
{{ (.Files.Glob "files/pipelinerun-templates/*").AsConfig | indent 2 }}
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: cosign-sign
namespace: eshop-dev
spec:
params:
- name: cosignKeyRef
type: string
- name: cosignKeyPassword
type: string
- name: image
type: string
steps:
- name: cosign
image: gcr.io/projectsigstore/cosign:v2.0.2
args:
- sign
- -y
- --tlog-upload=false
- --key=$(params.cosignKeyRef)
- $(params.image)
env:
- name: COSIGN_PASSWORD
value: "$(params.cosignKeyPassword)"
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: roxctl-image-check
namespace: eshop-dev
spec:
params:
- description: >-
Secret containing the StackRox API token with CI permissions and the
address:port tuple for StackRox Central (example: rox.stackrox.io:443)
name: roxctlSecret
type: string
- description: Bypass Central's cache for the image and force a new pull from the Scanner
name: forcePull
type: string
default: "false"
- description: Image name (registry hostname + port + path)
name: imageName
type: string
- description: Image digest
name: imageDigest
type: string
results:
- description: Output of `roxctl image check`
name: check_output
steps:
- env:
- name: FORCE_PULL
value: $(params.forcePull)
- name: DIGEST
value: $(params.imageDigest)
- name: NAME
value: $(params.imageName)
- name: FORCE_PULL
value: $(params.forcePull)
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
key: token
name: $(params.roxctlSecret)
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: $(params.roxctlSecret)
image: quay.io/skopeo/stable:v1.5.2
name: roxctl-image-check
resources: {}
script: |
#!/bin/bash
set -Eeuo pipefail
set -x
curl -s -k -L -H "Authorization: Bearer $ROX_API_TOKEN" "https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux" --output /tmp/roxctl > /dev/null
chmod +x /tmp/roxctl
extra_args=""
if [ "${FORCE_PULL:-}" == "true" ]; then
extra_args="$extra_args --force"
fi
/tmp/roxctl image check --insecure-skip-tls-verify -e "$ROX_CENTRAL_ENDPOINT" --image "$NAME@$DIGEST" --send-notifications $extra_args
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshop-ci
namespace: eshop-dev
spec:
params:
- default: 'https://github.com/eShopOnWeb-OpenShift/eShopOnWeb.git'
name: GIT_REPO
type: string
- default: main
name: GIT_REVISION
type: string
- name: IMAGE_NAME
type: string
- name: DOTNET_STARTUP_PROJECT
type: string
- name: COMPONENT_NAME
type: string
tasks:
- name: git-clone
params:
- name: url
value: $(params.GIT_REPO)
- name: revision
value: $(params.GIT_REVISION)
- name: subdirectory
value: ''
- name: deleteExisting
value: 'true'
taskRef:
kind: ClusterTask
name: git-clone
workspaces:
- name: output
workspace: workspace
- name: build
params:
- name: IMAGE
value: $(params.IMAGE_NAME)
- name: TLSVERIFY
value: 'false'
- name: PATH_CONTEXT
value: .
- name: VERSION
value: 7.0-ubi8
- name: ENV_VARS
value:
- DOTNET_STARTUP_PROJECT=$(params.DOTNET_STARTUP_PROJECT)
runAfter:
- git-clone
taskRef:
kind: ClusterTask
name: s2i-dotnet
workspaces:
- name: source
workspace: workspace
- name: roxctl-image-check
taskRef:
name: roxctl-image-check
runAfter:
- build
params:
- name: roxctlSecret
value: stackrox-cicd-token
- name: imageName
value: $(params.IMAGE_NAME)
- name: imageDigest
value: $(tasks.build.results.IMAGE_DIGEST)
- name: cosign-sign
params:
- name: cosignKeyRef
value: k8s://eshop-dev/code-signature
- name: cosignKeyPassword
value: dummy
- name: image
value: $(params.IMAGE_NAME)@$(tasks.build.results.IMAGE_DIGEST)
runAfter:
- roxctl-image-check
taskRef:
kind: Task
name: cosign-sign
- name: trigger-deploy
params:
- name: SCRIPT
value: |
set -Eeuo pipefail
export IMAGESTREAM_NAME="eshop-$(params.COMPONENT_NAME)"
export NAME="$(params.COMPONENT_NAME)"
export APPLICATION_NAME="eshop-$(params.COMPONENT_NAME)"
export IMAGE_DIGEST="$(tasks.build.results.IMAGE_DIGEST)"
# Since envsubst is not available in the openshift-cli container image,
# I'm using a poor man's substitute...
cp pipelinerun.yaml /tmp/pipelinerun.yaml
while read -r var; do
[ -z "${!var}" ] && { echo "${var} is empty or not set."; exit 1; }
value="${!var}"
sed -i -E "s/\\$\\{$var}/$value/g" /tmp/pipelinerun.yaml
done << EOF
IMAGESTREAM_NAME
NAME
APPLICATION_NAME
IMAGE_DIGEST
EOF
oc create -f /tmp/pipelinerun.yaml
runAfter:
- cosign-sign
taskRef:
kind: ClusterTask
name: openshift-client
workspaces:
- name: manifest-dir
workspace: pipelinerun-templates
workspaces:
- name: workspace
- name: pipelinerun-templates
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshop-cd
namespace: eshop-dev
spec:
params:
- name: IMAGESTREAM_NAME
type: string
- name: DEV_NAMESPACE
type: string
default: eshop-dev
- name: TEST_NAMESPACE
type: string
default: eshop-test
- name: PROD_NAMESPACE
type: string
default: eshop-prod
- name: APPLICATION_NAME
type: string
- name: IMAGE_DIGEST
type: string
tasks:
- name: roxctl-image-check
taskRef:
name: roxctl-image-check
params:
- name: roxctlSecret
value: stackrox-cicd-token
- name: imageName
value: image-registry.openshift-image-registry.svc:5000/$(params.DEV_NAMESPACE)/$(params.IMAGESTREAM_NAME)
- name: imageDigest
value: $(params.IMAGE_DIGEST)
- name: forcePull
value: "true"
- name: deploy-in-test
params:
- name: SCRIPT
value: |
oc tag $(params.DEV_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST) $(params.TEST_NAMESPACE)/$(params.IMAGESTREAM_NAME):latest
oc set image deploy/$(params.APPLICATION_NAME) -n $(params.TEST_NAMESPACE) $(params.APPLICATION_NAME)=image-registry.openshift-image-registry.svc:5000/$(params.TEST_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST)
runAfter:
- roxctl-image-check
taskRef:
kind: ClusterTask
name: openshift-client
- name: deploy-in-prod
params:
- name: SCRIPT
value: |
oc tag $(params.DEV_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST) $(params.PROD_NAMESPACE)/$(params.IMAGESTREAM_NAME):latest
oc set image deploy/$(params.APPLICATION_NAME) -n $(params.PROD_NAMESPACE) $(params.APPLICATION_NAME)=image-registry.openshift-image-registry.svc:5000/$(params.PROD_NAMESPACE)/$(params.IMAGESTREAM_NAME)@$(params.IMAGE_DIGEST)
runAfter:
- deploy-in-test
taskRef:
kind: ClusterTask
name: openshift-client
---
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshoponweb
namespace: eshop-dev
spec:
serviceAccountName: pipeline
triggers:
- triggerRef: eshop-web
- triggerRef: eshop-api
---
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshop-web
namespace: eshop-dev
spec:
serviceAccountName: pipeline
interceptors:
- name: GitHub push events
ref:
name: "github"
params:
- name: "secretRef"
value:
secretName: github-webbook-secret
secretKey: secretToken
- name: "eventTypes"
value: ["push"]
- name: Filter on repository name
ref:
name: "cel"
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: filter
value: body.repository.full_name == 'eShopOnWeb-OpenShift/eShopOnWeb'
bindings:
- name: COMPONENT_NAME
value: web
- name: GIT_REPO
value: $(body.repository.clone_url)
- name: GIT_REVISION
value: $(body.head_commit.id)
- name: IMAGE_NAME
value: image-registry.openshift-image-registry.svc:5000/eshop-dev/eshop-web
- name: DOTNET_STARTUP_PROJECT
value: src/Web/Web.csproj
template:
ref: eshoponweb
---
apiVersion: triggers.tekton.dev/v1beta1
kind: Trigger
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshop-api
namespace: eshop-dev
spec:
serviceAccountName: pipeline
interceptors:
- name: GitHub push events
ref:
name: "github"
params:
- name: "secretRef"
value:
secretName: github-webbook-secret
secretKey: secretToken
- name: "eventTypes"
value: ["push"]
- name: Filter on repository name
ref:
name: "cel"
kind: ClusterInterceptor
apiVersion: triggers.tekton.dev
params:
- name: filter
value: body.repository.full_name == 'eShopOnWeb-OpenShift/eShopOnWeb'
bindings:
- name: COMPONENT_NAME
value: api
- name: GIT_REPO
value: $(body.repository.clone_url)
- name: GIT_REVISION
value: $(body.head_commit.id)
- name: IMAGE_NAME
value: image-registry.openshift-image-registry.svc:5000/eshop-dev/eshop-api
- name: DOTNET_STARTUP_PROJECT
value: src/PublicApi/PublicApi.csproj
template:
ref: eshoponweb
---
apiVersion: v1
kind: Secret
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: github-webbook-secret
namespace: eshop-dev
type: Opaque
data:
secretToken: {{ include "github-tekton-webhook-secret" . | b64enc | quote }}
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: eshoponweb
namespace: eshop-dev
spec:
params:
- name: COMPONENT_NAME
- name: GIT_REPO
- name: GIT_REVISION
- name: IMAGE_NAME
- name: DOTNET_STARTUP_PROJECT
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
generateName: eshop-ci-$(tt.params.COMPONENT_NAME)-
spec:
serviceAccountName: pipeline
pipelineRef:
name: eshop-ci
params:
- name: COMPONENT_NAME
value: $(tt.params.COMPONENT_NAME)
- name: GIT_REPO
value: $(tt.params.GIT_REPO)
- name: GIT_REVISION
value: $(tt.params.GIT_REVISION)
- name: IMAGE_NAME
value: $(tt.params.IMAGE_NAME)
- name: DOTNET_STARTUP_PROJECT
value: $(tt.params.DOTNET_STARTUP_PROJECT)
workspaces:
- name: workspace
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- name: pipelinerun-templates
configmap:
name: pipelinerun-templates
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
annotations:
argocd.argoproj.io/sync-wave: "20"
name: el-eshoponweb
namespace: eshop-dev
labels:
app.kubernetes.io/managed-by: EventListener
app.kubernetes.io/part-of: Triggers
eventlistener: eshoponweb
spec:
to:
kind: Service
name: el-eshoponweb
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
port:
targetPort: http-listener