beppe/cicdTest
1
0
Fork 0
mirror of https://github.com/bvanroll/cicdTest.git synced 2025-08-29 20:12:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

mss da dees nu werkt

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2020-03-15 19:33:32 +01:00
parent fef9e4f273
commit 37d63842e3
1 changed files with 177 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
manifests/github-webhook-setup.yaml
View File

@@ -88,156 +88,188 @@ spec:
- name: GitHubSecretStringKey - name: GitHubSecretStringKey
value: secret value: secret
- name: ExternalDomain - name: ExternalDomain
value: "ingress.llocal.host:31040" value: "ingress.llocal.host:31040/github"
timeout: 1000s timeout: 1000s
serviceAccountName: service-acc serviceAccountName: service-acc
--- ---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-ingress
#namespace: stage-tekton-pipeline
spec:
volumes:
- name: work
emptyDir: {}
inputs:
params:
- name: CreateCertificate
description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
default: "true"
- name: CertificateKeyPassphrase
description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
- name: CertificateSecretName
description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
- name: Service
description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
- name: ServicePort
description: "The service port that the ingress is being created on"
- name: ServiceUID
description: "The uid of the service. If set, this creates an owner reference on the service"
default: ""
steps:
- name: generate-certificate
image: frapsoft/openssl
volumeMounts:
- name: work
mountPath: /var/tmp/work
command:
- sh
args:
- -ce
- |
set -e
cat <<EOF | sh
#!/bin/sh
if [ $(inputs.params.CreateCertificate) = "false" ];then
exit 0
fi
mkdir /var/tmp/work/ingress
openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
EOF
- name: create-certificate-secret
image: lachlanevenson/k8s-kubectl:latest
volumeMounts:
- name: work
mountPath: /var/tmp/work
command:
- sh
args:
- -ce
- |
set -e
cat <<EOF | sh
#!/bin/sh
if [ $(inputs.params.CreateCertificate) = "false" ];then
exit 0
fi
kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
EOF
- name: create-ingress
image: lachlanevenson/k8s-kubectl:latest
command:
- sh
args:
- -ce
- |
set -e
if [ -n "$(inputs.params.ServiceUID)" ];then
cat <<EOF | kubectl create -f - || true
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: $(inputs.params.Service) name: github-ingress
#namespace: stage-tekton-pipeline spec:
ownerReferences: rules:
- name: $(inputs.params.Service) - http:
paths:
- path: /github
backend:
serviceName: manual-service
servicePort: 8080
---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
uid: $(inputs.params.ServiceUID)
spec:
tls:
- secretName: $(inputs.params.CertificateSecretName)
hosts:
- $(inputs.params.ExternalDomain)
rules:
- host: $(inputs.params.ExternalDomain)
http:
paths:
- backend:
serviceName: $(inputs.params.Service)
servicePort: $(inputs.params.ServicePort)
EOF
else
cat <<EOF | kubectl create -f - || true
apiVersion: extensions/v1beta1
kind: Ingress
metadata: metadata:
name: $(inputs.params.Service) name: manual-service
#namespace: stage-tekton-pipeline
spec: spec:
tls: ports:
- secretName: $(inputs.params.CertificateSecretName) - name: http-listener
hosts: port: 8080
- $(inputs.params.ExternalDomain) protocol: TCP
rules: targetPort: 8080
- host: $(inputs.params.ExternalDomain) nodePort: 30037
http: selector:
paths: app.kubernetes.io/managed-by: EventListener
- backend: app.kubernetes.io/part-of: Triggers
serviceName: $(inputs.params.Service) eventlistener: github-event-listener
servicePort: $(inputs.params.ServicePort) type: NodePort
EOF
fi
---
apiVersion: tekton.dev/v1alpha1 # ---
kind: TaskRun # apiVersion: tekton.dev/v1alpha1
metadata: # kind: Task
name: create-ingress-run # metadata:
#namespace: stage-tekton-pipeline # name: create-ingress
spec: # #namespace: stage-tekton-pipeline
taskRef: # spec:
name: create-ingress # volumes:
inputs: # - name: work
params: # emptyDir: {}
- name: CreateCertificate
value: "true" # inputs:
- name: CertificateKeyPassphrase # params:
value: asecretphrase # - name: CreateCertificate
- name: CertificateSecretName # description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
value: ingresssecret # default: "true"
- name: ExternalDomain # - name: CertificateKeyPassphrase
value: "ingress.llocal.host:31040" # description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
- name: Service # - name: CertificateSecretName
value: el-github-event-listener # description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
- name: ServicePort # - name: ExternalDomain
value: "8080" # description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
timeout: 1000s # - name: Service
serviceAccountName: service-acc # description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
# - name: ServicePort
# description: "The service port that the ingress is being created on"
# - name: ServiceUID
# description: "The uid of the service. If set, this creates an owner reference on the service"
# default: ""
# steps:
# - name: generate-certificate
# image: frapsoft/openssl
# volumeMounts:
# - name: work
# mountPath: /var/tmp/work
# command:
# - sh
# args:
# - -ce
# - |
# set -e
# cat <<EOF | sh
# #!/bin/sh
# if [ $(inputs.params.CreateCertificate) = "false" ];then
# exit 0
# fi
# mkdir /var/tmp/work/ingress
# openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
# openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
# openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
# EOF
# - name: create-certificate-secret
# image: lachlanevenson/k8s-kubectl:latest
# volumeMounts:
# - name: work
# mountPath: /var/tmp/work
# command:
# - sh
# args:
# - -ce
# - |
# set -e
# cat <<EOF | sh
# #!/bin/sh
# if [ $(inputs.params.CreateCertificate) = "false" ];then
# exit 0
# fi
# kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
# EOF
# - name: create-ingress
# image: lachlanevenson/k8s-kubectl:latest
# command:
# - sh
# args:
# - -ce
# - |
# set -e
# if [ -n "$(inputs.params.ServiceUID)" ];then
# cat <<EOF | kubectl create -f - || true
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
# name: $(inputs.params.Service)
# #namespace: stage-tekton-pipeline
# ownerReferences:
# - name: $(inputs.params.Service)
# apiVersion: v1
# kind: Service
# uid: $(inputs.params.ServiceUID)
# spec:
# tls:
# - secretName: $(inputs.params.CertificateSecretName)
# hosts:
# - $(inputs.params.ExternalDomain)
# rules:
# - host: $(inputs.params.ExternalDomain)
# http:
# paths:
# - backend:
# serviceName: $(inputs.params.Service)
# servicePort: $(inputs.params.ServicePort)
# EOF
# else
# cat <<EOF | kubectl create -f - || true
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
# name: $(inputs.params.Service)
# #namespace: stage-tekton-pipeline
# spec:
# tls:
# - secretName: $(inputs.params.CertificateSecretName)
# hosts:
# - $(inputs.params.ExternalDomain)
# rules:
# - host: $(inputs.params.ExternalDomain)
# http:
# paths:
# - backend:
# serviceName: $(inputs.params.Service)
# servicePort: $(inputs.params.ServicePort)
# EOF
# fi
# ---
# apiVersion: tekton.dev/v1alpha1
# kind: TaskRun
# metadata:
# name: create-ingress-run
# #namespace: stage-tekton-pipeline
# spec:
# taskRef:
# name: create-ingress
# inputs:
# params:
# - name: CreateCertificate
# value: "true"
# - name: CertificateKeyPassphrase
# value: asecretphrase
# - name: CertificateSecretName
# value: ingresssecret
# - name: ExternalDomain
# value: "ingress.llocal.host:31040"
# - name: Service
# value: el-github-event-listener
# - name: ServicePort
# value: "8080"
# timeout: 1000s
# serviceAccountName: service-acc