From 5ac5fa6c4e73c5abbb4e2c805defa3569b111289 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Thu, 24 Aug 2023 13:52:05 +0200 Subject: Enable webhook for building bashtard --- .../cicd-system/argo-events/helm-chart.yaml | 2 + .../tyilnet/cicd-system/argo-events/rbac.yaml | 97 ++++++++++++++++++++++ .../tyilnet/cicd-system/auth-proxy.yaml | 16 +--- .../manifests.d/tyilnet/cicd-system/ingress.yaml | 39 +++++++++ .../resources/event-sources/webhook.yaml | 4 +- .../resources/sensors/project-bashtard.yaml | 52 ++++++++++++ .../resources/workflow-templates/fetch-git.yaml | 2 +- .../workflow-templates/project-bashtard.yaml | 2 +- 8 files changed, 195 insertions(+), 19 deletions(-) create mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml create mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml create mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml index 65d7253..3acd2cd 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml @@ -11,4 +11,6 @@ spec: controller: rbac: namespaced: true + serviceAccount: + name: argo-events ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml new file mode 100644 index 0000000..a646f66 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-events-webhook + namespace: cicd-system +automountServiceAccountToken: true +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-events-webhook +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - create + - update + - patch + - watch +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-events-webhook + namespace: cicd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-events-webhook +subjects: +- kind: ServiceAccount + name: argo-events-webhook + namespace: cicd-system +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml index 3627b53..cd9aeb9 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml @@ -12,18 +12,4 @@ spec: envFrom: secretRef: - name: auth-proxy-ci - ingress: - enabled: true - ingressClassName: traefik - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-production" - traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd - tls: - - secretName: tls-nl.tyil.ci - hosts: - - ci.tyil.nl - hosts: - - host: ci.tyil.nl - paths: - - path: / - pathType: Prefix +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml new file mode 100644 index 0000000..b97af7c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ci + namespace: cicd-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: trigger-bashtard + app.kubernetes.io/part-of: cicd-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ci.tyil.nl + secretName: tls-nl.tyil.ci + rules: + - host: ci.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: auth-proxy-ci-oauth2-proxy + port: + number: 4180 + - path: /trigger + pathType: Prefix + backend: + service: + name: webhook-eventsource-svc + port: + number: 12000 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml index cc46d43..5796540 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml @@ -10,8 +10,8 @@ spec: - port: 12000 targetPort: 12000 webhook: - example: - endpoint: /example + project-bashtard: + endpoint: /trigger/project-bashtard method: POST port: "12000" url: https://ci.tyil.nl diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml new file mode 100644 index 0000000..4f83959 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: project-bashtard + namespace: cicd-system +spec: + template: + serviceAccountName: argo-events-webhook + dependencies: + - name: webhook + eventSourceName: webhook + eventName: project-bashtard + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: project-bashtard- + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: project-bashtard + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "master" + dest: spec.arguments.parameters.0.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml index 785028d..0742e79 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml @@ -42,5 +42,5 @@ spec: git init git remote add origin "{{inputs.parameters.repo}}" git fetch origin -a - git reset --hard "origin/{{inputs.parameters.ref}}" + git reset --hard "{{inputs.parameters.ref}}" ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml index e2b399d..b59e5b7 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml @@ -10,7 +10,7 @@ spec: arguments: parameters: - name: ref - value: master + value: origin/master templates: - name: main steps: -- cgit v1.1