From cdb14ceb880888dc7fea654be07d66ddc0af4c24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Sun, 21 Jan 2024 23:26:55 +0100 Subject: [PATCH 01/14] CI: Update action --- .github/workflows/setup-cluster.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/setup-cluster.yml b/.github/workflows/setup-cluster.yml index 86db511..482253d 100644 --- a/.github/workflows/setup-cluster.yml +++ b/.github/workflows/setup-cluster.yml @@ -28,9 +28,9 @@ jobs: run: kubectl get pods -A -o wide - shell: bash env: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + TOKEN: ${{ secrets.GITEA_TOKEN }} run: | - ./run.sh + GITEA_TOKEN="$TOKEN" ./run.sh - name: kubectl run: | kubectl get pods -A -o wide && \ From 3ecef05e5420cd606257453b1259165be11ea425 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Fri, 9 Feb 2024 23:53:26 +0100 Subject: [PATCH 02/14] Add spinnaker-operator deployment --- deploy | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/deploy b/deploy index 9a5dbe1..82b8dba 100755 --- a/deploy +++ b/deploy @@ -13,6 +13,8 @@ SECSCAN_NAMESPACE="security-scan" readonly SECSCAN_NAMESPACE MONITORING_NAMESPACE="monitoring" readonly MONITORING_NAMESPACE +SPINNAKER_NAMESPACE="cicd" +readonly SPINNAKER_NAMESPACE PGSQLHA_CHART_VERSION="12.3.7" readonly PGSQLHA_CHART_VERSION PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha" @@ -23,6 +25,8 @@ GTFSO_VBB_CHART_VERSION="0.1.0" readonly GTFSO_VBB_CHART_VERSION PROM_STACK_CHART_VERSION="55.7.0" readonly PROM_STACK_CHART_VERSION +SPINNAKER_OPERATOR_CHART_VERSION="1.8.11" +readonly SPINNAKER_OPERATOR_CHART_VERSION TRIVY_CHART_VERSION="0.18.4" readonly TRIVY_CHART_VERSION @@ -32,6 +36,7 @@ mkdir -p "${FLUX_MANIFEST_PATH}" kubectl create namespace "${APP_NAMESPACE}" kubectl create namespace "${MONITORING_NAMESPACE}" kubectl create namespace "${SECSCAN_NAMESPACE}" +kubectl create namespace "${SPINNAKER_NAMESPACE}" # Add Deployments / Helm Charts via fluxcd # Add Helm Charts via Flux HelmRelease CRD @@ -55,6 +60,7 @@ printf "Using flux to create Sources and HelmReleases\n" --source HelmRepository/bitnami \ --namespace "${APP_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml" + ./flux create helmrelease gtfso-import \ --chart charts/gtfso-import \ --namespace ${APP_NAMESPACE} \ @@ -78,6 +84,26 @@ printf "Using flux to create Sources and HelmReleases\n" --source=HelmRepository/prometheus-community \ --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml" +# Spinnaker +./flux create source helm armory \ + --url https://armory.jfrog.io/artifactory/charts/ \ + --namespace "${SPINNAKER_NAMESPACE}" +./flux create source helm armory \ + --url https://armory.jfrog.io/artifactory/charts/ \ + --namespace "${SPINNAKER_NAMESPACE}" \ + --export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml" +./flux create helmrelease spinnaker \ + --chart armory-spinnaker-operator \ + --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \ + --namespace "${SPINNAKER_NAMESPACE}" \ + --source=HelmRepository/armory +./flux create helmrelease spinnaker \ + --chart armory-spinnaker-operator \ + --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \ + --namespace "${SPINNAKER_NAMESPACE}" \ + --source=HelmRepository/armory \ + --export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml" + # Vulnerability Scan ./flux create source helm aqua \ --url https://aquasecurity.github.io/helm-charts/ \ From 445312f3561024d3c4a9c79f544ab97137acf241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 12 Feb 2024 14:16:13 +0100 Subject: [PATCH 03/14] Add spinnaker-operator manifests --- clusters/minikube/source_spinnaker.yaml | 9 +++++++++ clusters/minikube/spinnaker.yaml | 16 ++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 clusters/minikube/source_spinnaker.yaml create mode 100644 clusters/minikube/spinnaker.yaml diff --git a/clusters/minikube/source_spinnaker.yaml b/clusters/minikube/source_spinnaker.yaml new file mode 100644 index 0000000..a6b98f6 --- /dev/null +++ b/clusters/minikube/source_spinnaker.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: armory + namespace: cicd +spec: + interval: 1m0s + url: https://armory.jfrog.io/artifactory/charts/ diff --git a/clusters/minikube/spinnaker.yaml b/clusters/minikube/spinnaker.yaml new file mode 100644 index 0000000..7bd4715 --- /dev/null +++ b/clusters/minikube/spinnaker.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: spinnaker + namespace: cicd +spec: + chart: + spec: + chart: armory-spinnaker-operator + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: armory + version: 1.8.11 + interval: 1m0s From 79d7163178ff1f85b3976c54949a4a4d90b8efa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 12 Feb 2024 15:35:02 +0100 Subject: [PATCH 04/14] flux: Fetch different binary for Darwin --- setup-cluster | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/setup-cluster b/setup-cluster index 76f8447..425b894 100755 --- a/setup-cluster +++ b/setup-cluster @@ -18,10 +18,14 @@ FLUX_VERSION="2.2.1" readonly FLUX_VERSION FLUX_CHECKSUM="466756ca6b3437d30a6a5fb58e60f3e5a82d8291f3869cfc55b6f041962601b5" readonly FLUX_CHECKSUM -FLUX_ARCHIVE="flux_${FLUX_VERSION}_linux_amd64.tar.gz" -readonly FLUX_ARCHIVE -FLUX_URL="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE}" -readonly FLUX_URL +FLUX_ARCHIVE_LINUX="flux_${FLUX_VERSION}_linux_amd64.tar.gz" +readonly FLUX_ARCHIVE_LINUX +FLUX_ARCHIVE_MACOS="flux_${FLUX_VERSION}_darwin_arm64.tar.gz" +readonly FLUX_ARCHIVE_MACOS +FLUX_URL_LINUX="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE_LINUX}" +readonly FLUX_URL_LINUX +FLUX_URL_MACOS="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE_MACOS}" +readonly FLUX_URL_MACOS FLUX_FORCE_LOCAL=1 readonly FLUX_FORCE_LOCAL TF_VERSION="1.6.6" @@ -34,13 +38,30 @@ TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}" readonly TF_URL TF_FORCE_LOCAL=1 readonly TF_FORCE_LOCAL +OS="Linux" VERBOSE=0 readonly VERBOSE minikube_driver="podman" +if [[ $(uname) == "Darwin" ]]; then + OS="macos" +elif [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then + OS="ubuntu" +fi + +printf "Running on ${OS}\n" + +if [[ "$OS" = "macos" ]]; then + FLUX_URL="${FLUX_URL_MACOS}" + FLUX_ARCHIVE="${FLUX_ARCHIVE_MACOS}" +else + FLUX_URL="${FLUX_URL_LINUX}" + FLUX_ARCHIVE="${FLUX_ARCHIVE_MACOS}" +fi + # We prefer podman but Ubuntu's podman is too old -if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then +if [[ ${OS} = "ubuntu" ]]; then minikube_driver="docker" fi @@ -70,7 +91,7 @@ else printf 'k8s dashboard is already running\n' fi -# Install flux if local version enforced +# Install terraform if local version enforced if [[ "$TF_FORCE_LOCAL" = 1 ]]; then printf "Fetching terraform archive..\n" curl -LO "${TF_URL}" From bd23e60af15e11f6832b0391e041bd40e4f3a138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Fri, 12 Jan 2024 07:46:45 +0100 Subject: [PATCH 05/14] Update README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9b6499c..68bf76a 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ and the HA API deployment with the /success endpoint and a ReplicaSet of 2. - Database: PostgresqlHA - Import: gtfso-import - API: gtfso-vbb - Monitoring: kube-prometheus-stack - Vulnerability Scanning: Trivy +- Monitoring: kube-prometheus-stack +- Vulnerability Scanning: Trivy ## Clone repository ``` From af1d217b334cb6d0fc79e029e73f36e05b8db4bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 12 Feb 2024 17:45:27 +0100 Subject: [PATCH 06/14] Update gitignore --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6cc15eb..d8bc136 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ bin/* -flux_2.2.1_linux_amd64.tar.gz +flux_*.tar.gz flux helm -terraform_1.6.6_linux_amd64.zip +terraform_*.zip terraform From f9687c6773716707c0197d7d6e1593c627931baf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Thu, 15 Feb 2024 17:23:57 +0100 Subject: [PATCH 07/14] terraform: Download for Macos, increase mem --- clusters/minikube/spinnaker-config.yaml | 22 ++++++++++++++++++ setup-cluster | 30 +++++++++++++++++-------- 2 files changed, 43 insertions(+), 9 deletions(-) create mode 100644 clusters/minikube/spinnaker-config.yaml diff --git a/clusters/minikube/spinnaker-config.yaml b/clusters/minikube/spinnaker-config.yaml new file mode 100644 index 0000000..2e078be --- /dev/null +++ b/clusters/minikube/spinnaker-config.yaml @@ -0,0 +1,22 @@ +apiVersion: spinnaker.io/v1alpha2 +kind: SpinnakerService +metadata: + name: spinnaker +spec: + spinnakerConfig: + config: + version: 1.33.0 + persistentStorage: + persistentStoreType: s3 + # Spinnaker stores application and pipeline definitions here + # Create an S3 bucket and provide the name here + s3: + bucket: ob-spinnaker-artifacts-dev + rootFolder: front50 + # spec.expose - This section defines how Spinnaker should be publicly exposed + expose: + # Kubernetes LoadBalancer type (service/ingress) + # Only "service" is supported for now + type: service + service: + type: LoadBalancer diff --git a/setup-cluster b/setup-cluster index 425b894..6d12e0d 100755 --- a/setup-cluster +++ b/setup-cluster @@ -30,12 +30,12 @@ FLUX_FORCE_LOCAL=1 readonly FLUX_FORCE_LOCAL TF_VERSION="1.6.6" readonly TF_VERSION -TF_ARCHIVE="terraform_${TF_VERSION}_linux_amd64.zip" -readonly TF_ARCHIVE +TF_ARCHIVE_LINUX="terraform_${TF_VERSION}_linux_amd64.zip" +readonly TF_ARCHIVE_LINUX +TF_ARCHIVE_MACOS="terraform_${TF_VERSION}_darwin_arm64.zip" +readonly TF_ARCHIVE_MACOS TF_CHECKSUM="" readonly TF_CHECKSUM -TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}" -readonly TF_URL TF_FORCE_LOCAL=1 readonly TF_FORCE_LOCAL OS="Linux" @@ -55,9 +55,13 @@ printf "Running on ${OS}\n" if [[ "$OS" = "macos" ]]; then FLUX_URL="${FLUX_URL_MACOS}" FLUX_ARCHIVE="${FLUX_ARCHIVE_MACOS}" + TF_ARCHIVE="${TF_ARCHIVE_MACOS}" + TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}" else FLUX_URL="${FLUX_URL_LINUX}" - FLUX_ARCHIVE="${FLUX_ARCHIVE_MACOS}" + FLUX_ARCHIVE="${FLUX_ARCHIVE_LINUX}" + TF_ARCHIVE="${TF_ARCHIVE_LINUX}" + TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}" fi # We prefer podman but Ubuntu's podman is too old @@ -67,7 +71,11 @@ fi # Start minikube if ! $(minikube status | grep Nonexistent\|Stopped); then - printf 'minikube is not running\nStarting minikube..' + printf 'minikube is not running\nStarting minikube..\n' + # Increase memory from default 2G + podman machine set --memory=4096 + podman machine start + minikube config set memory 3800 if [[ 0 == "${VERBOSE}" ]]; then minikube start --driver="${minikube_driver}" else @@ -93,9 +101,13 @@ fi # Install terraform if local version enforced if [[ "$TF_FORCE_LOCAL" = 1 ]]; then - printf "Fetching terraform archive..\n" - curl -LO "${TF_URL}" - unzip "${TF_ARCHIVE}" + if [[ -e "$TF_ARCHIVE}" ]]; then + printf "terraform binary exists\n" + else + printf "Fetching terraform archive..\n" + curl -LO "${TF_URL}" + unzip -n "${TF_ARCHIVE}" + fi TF_CMD="./terraform" else TF_CMD="terraform" From de99a63feb654f9467e9a13c4024f93670428b38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 14:22:39 +0100 Subject: [PATCH 08/14] minio: Add namespace --- clusters/minikube/spinnaker-config.yaml | 22 ---------------------- deploy | 9 +-------- 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 clusters/minikube/spinnaker-config.yaml diff --git a/clusters/minikube/spinnaker-config.yaml b/clusters/minikube/spinnaker-config.yaml deleted file mode 100644 index 2e078be..0000000 --- a/clusters/minikube/spinnaker-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: spinnaker.io/v1alpha2 -kind: SpinnakerService -metadata: - name: spinnaker -spec: - spinnakerConfig: - config: - version: 1.33.0 - persistentStorage: - persistentStoreType: s3 - # Spinnaker stores application and pipeline definitions here - # Create an S3 bucket and provide the name here - s3: - bucket: ob-spinnaker-artifacts-dev - rootFolder: front50 - # spec.expose - This section defines how Spinnaker should be publicly exposed - expose: - # Kubernetes LoadBalancer type (service/ingress) - # Only "service" is supported for now - type: service - service: - type: LoadBalancer diff --git a/deploy b/deploy index 82b8dba..66dea37 100755 --- a/deploy +++ b/deploy @@ -37,6 +37,7 @@ kubectl create namespace "${APP_NAMESPACE}" kubectl create namespace "${MONITORING_NAMESPACE}" kubectl create namespace "${SECSCAN_NAMESPACE}" kubectl create namespace "${SPINNAKER_NAMESPACE}" +kubectl create namespace "${MINIO_NAMESPACE}" # Add Deployments / Helm Charts via fluxcd # Add Helm Charts via Flux HelmRelease CRD @@ -85,18 +86,10 @@ printf "Using flux to create Sources and HelmReleases\n" --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml" # Spinnaker -./flux create source helm armory \ - --url https://armory.jfrog.io/artifactory/charts/ \ - --namespace "${SPINNAKER_NAMESPACE}" ./flux create source helm armory \ --url https://armory.jfrog.io/artifactory/charts/ \ --namespace "${SPINNAKER_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml" -./flux create helmrelease spinnaker \ - --chart armory-spinnaker-operator \ - --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \ - --namespace "${SPINNAKER_NAMESPACE}" \ - --source=HelmRepository/armory ./flux create helmrelease spinnaker \ --chart armory-spinnaker-operator \ --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \ From 9db32d41b27db980099e4c6ecfbf9ec062f27ade Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 14:27:20 +0100 Subject: [PATCH 09/14] Rename dir --- clusters/{minikube => dev}/gtfso-import.yaml | 0 clusters/{minikube => dev}/gtfso-vbb.yaml | 0 clusters/{minikube => dev}/pgsql-ha.yaml | 0 clusters/{minikube => dev}/prometheus-stack.yaml | 0 clusters/{minikube => dev}/source_bitnami.yaml | 0 clusters/{minikube => dev}/source_e2m.yaml | 0 clusters/{minikube => dev}/source_prometheus.yaml | 0 clusters/{minikube => dev}/source_spinnaker.yaml | 0 clusters/{minikube => dev}/source_trivy.yaml | 0 clusters/{minikube => dev}/spinnaker.yaml | 0 clusters/{minikube => dev}/trivy.yaml | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename clusters/{minikube => dev}/gtfso-import.yaml (100%) rename clusters/{minikube => dev}/gtfso-vbb.yaml (100%) rename clusters/{minikube => dev}/pgsql-ha.yaml (100%) rename clusters/{minikube => dev}/prometheus-stack.yaml (100%) rename clusters/{minikube => dev}/source_bitnami.yaml (100%) rename clusters/{minikube => dev}/source_e2m.yaml (100%) rename clusters/{minikube => dev}/source_prometheus.yaml (100%) rename clusters/{minikube => dev}/source_spinnaker.yaml (100%) rename clusters/{minikube => dev}/source_trivy.yaml (100%) rename clusters/{minikube => dev}/spinnaker.yaml (100%) rename clusters/{minikube => dev}/trivy.yaml (100%) diff --git a/clusters/minikube/gtfso-import.yaml b/clusters/dev/gtfso-import.yaml similarity index 100% rename from clusters/minikube/gtfso-import.yaml rename to clusters/dev/gtfso-import.yaml diff --git a/clusters/minikube/gtfso-vbb.yaml b/clusters/dev/gtfso-vbb.yaml similarity index 100% rename from clusters/minikube/gtfso-vbb.yaml rename to clusters/dev/gtfso-vbb.yaml diff --git a/clusters/minikube/pgsql-ha.yaml b/clusters/dev/pgsql-ha.yaml similarity index 100% rename from clusters/minikube/pgsql-ha.yaml rename to clusters/dev/pgsql-ha.yaml diff --git a/clusters/minikube/prometheus-stack.yaml b/clusters/dev/prometheus-stack.yaml similarity index 100% rename from clusters/minikube/prometheus-stack.yaml rename to clusters/dev/prometheus-stack.yaml diff --git a/clusters/minikube/source_bitnami.yaml b/clusters/dev/source_bitnami.yaml similarity index 100% rename from clusters/minikube/source_bitnami.yaml rename to clusters/dev/source_bitnami.yaml diff --git a/clusters/minikube/source_e2m.yaml b/clusters/dev/source_e2m.yaml similarity index 100% rename from clusters/minikube/source_e2m.yaml rename to clusters/dev/source_e2m.yaml diff --git a/clusters/minikube/source_prometheus.yaml b/clusters/dev/source_prometheus.yaml similarity index 100% rename from clusters/minikube/source_prometheus.yaml rename to clusters/dev/source_prometheus.yaml diff --git a/clusters/minikube/source_spinnaker.yaml b/clusters/dev/source_spinnaker.yaml similarity index 100% rename from clusters/minikube/source_spinnaker.yaml rename to clusters/dev/source_spinnaker.yaml diff --git a/clusters/minikube/source_trivy.yaml b/clusters/dev/source_trivy.yaml similarity index 100% rename from clusters/minikube/source_trivy.yaml rename to clusters/dev/source_trivy.yaml diff --git a/clusters/minikube/spinnaker.yaml b/clusters/dev/spinnaker.yaml similarity index 100% rename from clusters/minikube/spinnaker.yaml rename to clusters/dev/spinnaker.yaml diff --git a/clusters/minikube/trivy.yaml b/clusters/dev/trivy.yaml similarity index 100% rename from clusters/minikube/trivy.yaml rename to clusters/dev/trivy.yaml From e16373d94de9e2db0004dd184554266166e7f7ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 14:34:26 +0100 Subject: [PATCH 10/14] Add MinIO manifests --- deploy | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/deploy b/deploy index 66dea37..7f23009 100755 --- a/deploy +++ b/deploy @@ -5,7 +5,8 @@ set -o pipefail -FLUX_MANIFEST_PATH="clusters/minikube" +# Namespaces +FLUX_MANIFEST_PATH="clusters/dev" readonly FLUX_MANIFEST_PATH APP_NAMESPACE="app" readonly APP_NAMESPACE @@ -15,6 +16,10 @@ MONITORING_NAMESPACE="monitoring" readonly MONITORING_NAMESPACE SPINNAKER_NAMESPACE="cicd" readonly SPINNAKER_NAMESPACE +MINIO_NAMESPACE="monitoring" +readonly MINIO_NAMESPACE + +# Helm Chart versions PGSQLHA_CHART_VERSION="12.3.7" readonly PGSQLHA_CHART_VERSION PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha" @@ -29,6 +34,8 @@ SPINNAKER_OPERATOR_CHART_VERSION="1.8.11" readonly SPINNAKER_OPERATOR_CHART_VERSION TRIVY_CHART_VERSION="0.18.4" readonly TRIVY_CHART_VERSION +MINIO_CHART_VERSION="4.3.7" +readonly MINIO_CHART_VERSION mkdir -p "${FLUX_MANIFEST_PATH}" @@ -108,3 +115,15 @@ printf "Using flux to create Sources and HelmReleases\n" --namespace "${SECSCAN_NAMESPACE}" \ --source=HelmRepository/aqua \ --export > "${FLUX_MANIFEST_PATH}/trivy.yaml" + +# MinIO Object Storage +./flux create source helm minio \ + --url minio-operator https://operator.min.io \ + --namespace "${MINIO_NAMESPACE}" \ + --export > "${FLUX_MANIFEST_PATH}/source_minio.yaml" +./flux create helmrelease minio \ + --chart minio-operator \ + --chart-version "${MINIO_CHART_VERSION}" \ + --namespace "${MINIO_NAMESPACE}" \ + --source=HelmRepository/ \ + --export > "${FLUX_MANIFEST_PATH}/minio.yaml" From 140f02055bcb4deb31c573b00aafe85a684e9d33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 14:37:06 +0100 Subject: [PATCH 11/14] minio: Use own namespace --- deploy | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy b/deploy index 7f23009..261bc91 100755 --- a/deploy +++ b/deploy @@ -16,7 +16,7 @@ MONITORING_NAMESPACE="monitoring" readonly MONITORING_NAMESPACE SPINNAKER_NAMESPACE="cicd" readonly SPINNAKER_NAMESPACE -MINIO_NAMESPACE="monitoring" +MINIO_NAMESPACE="minio" readonly MINIO_NAMESPACE # Helm Chart versions @@ -125,5 +125,5 @@ printf "Using flux to create Sources and HelmReleases\n" --chart minio-operator \ --chart-version "${MINIO_CHART_VERSION}" \ --namespace "${MINIO_NAMESPACE}" \ - --source=HelmRepository/ \ + --source=HelmRepository/minio \ --export > "${FLUX_MANIFEST_PATH}/minio.yaml" From f0c077b5a5914b407f2e09cc9ca762d0d2ffe4c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 16:03:51 +0100 Subject: [PATCH 12/14] minio: Add manifests --- clusters/dev/minio.yaml | 16 ++++++++++++++++ clusters/dev/source_minio.yaml | 9 +++++++++ 2 files changed, 25 insertions(+) create mode 100644 clusters/dev/minio.yaml create mode 100644 clusters/dev/source_minio.yaml diff --git a/clusters/dev/minio.yaml b/clusters/dev/minio.yaml new file mode 100644 index 0000000..505ef22 --- /dev/null +++ b/clusters/dev/minio.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: minio + namespace: minio +spec: + chart: + spec: + chart: minio-operator + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: minio + version: 4.3.7 + interval: 1m0s diff --git a/clusters/dev/source_minio.yaml b/clusters/dev/source_minio.yaml new file mode 100644 index 0000000..2263f77 --- /dev/null +++ b/clusters/dev/source_minio.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: minio + namespace: minio +spec: + interval: 1m0s + url: minio-operator From 01181a2a70569b36aace6b11c444b0555a3ede6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 17:10:55 +0100 Subject: [PATCH 13/14] Change PRJ and cluster name --- setup-cluster | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup-cluster b/setup-cluster index 6d12e0d..1be56e8 100755 --- a/setup-cluster +++ b/setup-cluster @@ -6,7 +6,7 @@ set -o pipefail -PRJ="obch" +PRJ="flux" readonly PRJ USE_TF=0 readonly USE_TF @@ -140,7 +140,7 @@ ${FLUX_CMD} bootstrap gitea \ --owner="$GITEA_USER" \ --repository="$PRJ"-deploy \ --branch=main \ - --path=clusters/minikube \ + --path=clusters/dev \ --personal \ --read-write-key=true \ --private=false From dec4fe14d07232cdb3b67f353f2e84dd22c25022 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Busse?= Date: Mon, 19 Feb 2024 17:38:40 +0100 Subject: [PATCH 14/14] Change flux git user --- setup-cluster | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-cluster b/setup-cluster index 1be56e8..bd9dc86 100755 --- a/setup-cluster +++ b/setup-cluster @@ -12,7 +12,7 @@ USE_TF=0 readonly USE_TF GITEA_HOSTNAME="git.e2m.io" readonly GITEA_HOSTNAME -GITEA_USER="obch-flux" +GITEA_USER="flux-user" readonly GITEA_USER FLUX_VERSION="2.2.1" readonly FLUX_VERSION