Change flux git user

.github/workflows/setup-cluster.yml

@@ -28,9 +28,9 @@ jobs:
       run: kubectl get pods -A -o wide
     - shell: bash
       env:
-        GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        TOKEN: ${{ secrets.GITEA_TOKEN }}
       run: |
-        ./run.sh
+        GITEA_TOKEN="$TOKEN" ./run.sh
     - name: kubectl
       run: |
         kubectl get pods -A -o wide && \

.gitignore

@@ -1,6 +1,6 @@
 bin/*
-flux_2.2.1_linux_amd64.tar.gz
+flux_*.tar.gz
 flux
 helm
-terraform_1.6.6_linux_amd64.zip
+terraform_*.zip
 terraform

clusters/dev/minio.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: minio
+  namespace: minio
+spec:
+  chart:
+    spec:
+      chart: minio-operator
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: minio
+      version: 4.3.7
+  interval: 1m0s

clusters/dev/source_minio.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: minio
+  namespace: minio
+spec:
+  interval: 1m0s
+  url: minio-operator

clusters/dev/source_spinnaker.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: armory
+  namespace: cicd
+spec:
+  interval: 1m0s
+  url: https://armory.jfrog.io/artifactory/charts/

clusters/dev/spinnaker.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: spinnaker
+  namespace: cicd
+spec:
+  chart:
+    spec:
+      chart: armory-spinnaker-operator
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: armory
+      version: 1.8.11
+  interval: 1m0s

deploy

@@ -5,7 +5,8 @@
 
 set -o pipefail
 
-FLUX_MANIFEST_PATH="clusters/minikube"
+# Namespaces
+FLUX_MANIFEST_PATH="clusters/dev"
 readonly FLUX_MANIFEST_PATH
 APP_NAMESPACE="app"
 readonly APP_NAMESPACE
@@ -13,6 +14,12 @@ SECSCAN_NAMESPACE="security-scan"
 readonly SECSCAN_NAMESPACE
 MONITORING_NAMESPACE="monitoring"
 readonly MONITORING_NAMESPACE
+SPINNAKER_NAMESPACE="cicd"
+readonly SPINNAKER_NAMESPACE
+MINIO_NAMESPACE="minio"
+readonly MINIO_NAMESPACE
+
+# Helm Chart versions
 PGSQLHA_CHART_VERSION="12.3.7"
 readonly PGSQLHA_CHART_VERSION
 PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha"
@@ -23,8 +30,12 @@ GTFSO_VBB_CHART_VERSION="0.1.0"
 readonly GTFSO_VBB_CHART_VERSION
 PROM_STACK_CHART_VERSION="55.7.0"
 readonly PROM_STACK_CHART_VERSION
+SPINNAKER_OPERATOR_CHART_VERSION="1.8.11"
+readonly SPINNAKER_OPERATOR_CHART_VERSION
 TRIVY_CHART_VERSION="0.18.4"
 readonly TRIVY_CHART_VERSION
+MINIO_CHART_VERSION="4.3.7"
+readonly MINIO_CHART_VERSION
 
 mkdir -p "${FLUX_MANIFEST_PATH}"
 
@@ -32,6 +43,8 @@ mkdir -p "${FLUX_MANIFEST_PATH}"
 kubectl create namespace "${APP_NAMESPACE}"
 kubectl create namespace "${MONITORING_NAMESPACE}"
 kubectl create namespace "${SECSCAN_NAMESPACE}"
+kubectl create namespace "${SPINNAKER_NAMESPACE}"
+kubectl create namespace "${MINIO_NAMESPACE}"
 
 # Add Deployments / Helm Charts via fluxcd
 # Add Helm Charts via Flux HelmRelease CRD
@@ -55,6 +68,7 @@ printf "Using flux to create Sources and HelmReleases\n"
     --source HelmRepository/bitnami \
     --namespace "${APP_NAMESPACE}" \
     --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"
+
 ./flux create helmrelease gtfso-import \
     --chart charts/gtfso-import \
     --namespace ${APP_NAMESPACE} \
@@ -78,6 +92,18 @@ printf "Using flux to create Sources and HelmReleases\n"
     --source=HelmRepository/prometheus-community \
     --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"
 
+# Spinnaker
+./flux create source helm armory \
+    --url https://armory.jfrog.io/artifactory/charts/ \
+    --namespace "${SPINNAKER_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml"
+./flux create helmrelease spinnaker \
+    --chart armory-spinnaker-operator \
+    --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \
+    --namespace "${SPINNAKER_NAMESPACE}" \
+    --source=HelmRepository/armory \
+    --export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml"
+
 # Vulnerability Scan
 ./flux create source helm aqua \
     --url https://aquasecurity.github.io/helm-charts/ \
@@ -89,3 +115,15 @@ printf "Using flux to create Sources and HelmReleases\n"
     --namespace "${SECSCAN_NAMESPACE}" \
     --source=HelmRepository/aqua \
     --export > "${FLUX_MANIFEST_PATH}/trivy.yaml"
+
+# MinIO Object Storage
+./flux create source helm minio \
+    --url minio-operator https://operator.min.io \
+    --namespace "${MINIO_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}/source_minio.yaml"
+./flux create helmrelease minio \
+    --chart minio-operator \
+    --chart-version "${MINIO_CHART_VERSION}" \
+    --namespace "${MINIO_NAMESPACE}" \
+    --source=HelmRepository/minio \
+    --export > "${FLUX_MANIFEST_PATH}/minio.yaml"

setup-cluster

@@ -6,47 +6,76 @@
 
 set -o pipefail
 
-PRJ="obch"
+PRJ="flux"
 readonly PRJ
 USE_TF=0
 readonly USE_TF
 GITEA_HOSTNAME="git.e2m.io"
 readonly GITEA_HOSTNAME
-GITEA_USER="obch-flux"
+GITEA_USER="flux-user"
 readonly GITEA_USER
 FLUX_VERSION="2.2.1"
 readonly FLUX_VERSION
 FLUX_CHECKSUM="466756ca6b3437d30a6a5fb58e60f3e5a82d8291f3869cfc55b6f041962601b5"
 readonly FLUX_CHECKSUM
-FLUX_ARCHIVE="flux_${FLUX_VERSION}_linux_amd64.tar.gz"
+FLUX_ARCHIVE_LINUX="flux_${FLUX_VERSION}_linux_amd64.tar.gz"
-readonly FLUX_ARCHIVE
+readonly FLUX_ARCHIVE_LINUX
-FLUX_URL="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE}"
+FLUX_ARCHIVE_MACOS="flux_${FLUX_VERSION}_darwin_arm64.tar.gz"
-readonly FLUX_URL
+readonly FLUX_ARCHIVE_MACOS
+FLUX_URL_LINUX="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE_LINUX}"
+readonly FLUX_URL_LINUX
+FLUX_URL_MACOS="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE_MACOS}"
+readonly FLUX_URL_MACOS
 FLUX_FORCE_LOCAL=1
 readonly FLUX_FORCE_LOCAL
 TF_VERSION="1.6.6"
 readonly TF_VERSION
-TF_ARCHIVE="terraform_${TF_VERSION}_linux_amd64.zip"
+TF_ARCHIVE_LINUX="terraform_${TF_VERSION}_linux_amd64.zip"
-readonly TF_ARCHIVE
+readonly TF_ARCHIVE_LINUX
+TF_ARCHIVE_MACOS="terraform_${TF_VERSION}_darwin_arm64.zip"
+readonly TF_ARCHIVE_MACOS
 TF_CHECKSUM=""
 readonly TF_CHECKSUM
-TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}"
-readonly TF_URL
 TF_FORCE_LOCAL=1
 readonly TF_FORCE_LOCAL
+OS="Linux"
 VERBOSE=0
 readonly VERBOSE
 
 minikube_driver="podman"
 
+if [[ $(uname) == "Darwin" ]]; then
+    OS="macos"
+elif [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
+    OS="ubuntu"
+fi
+
+printf "Running on ${OS}\n"
+
+if [[ "$OS" = "macos" ]]; then
+    FLUX_URL="${FLUX_URL_MACOS}"
+    FLUX_ARCHIVE="${FLUX_ARCHIVE_MACOS}"
+    TF_ARCHIVE="${TF_ARCHIVE_MACOS}"
+    TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}"
+else
+    FLUX_URL="${FLUX_URL_LINUX}"
+    FLUX_ARCHIVE="${FLUX_ARCHIVE_LINUX}"
+    TF_ARCHIVE="${TF_ARCHIVE_LINUX}"
+    TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}"
+fi
+
 # We prefer podman but Ubuntu's podman is too old
-if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
+if [[ ${OS} = "ubuntu" ]]; then
     minikube_driver="docker"
 fi
 
 # Start minikube
 if ! $(minikube status | grep Nonexistent\|Stopped); then
-    printf 'minikube is not running\nStarting minikube..'
+    printf 'minikube is not running\nStarting minikube..\n'
+    # Increase memory from default 2G
+    podman machine set --memory=4096
+    podman machine start
+    minikube config set memory 3800
     if [[ 0 == "${VERBOSE}" ]]; then
         minikube start --driver="${minikube_driver}"
     else
@@ -70,11 +99,15 @@ else
     printf 'k8s dashboard is already running\n'
 fi
 
-# Install flux if local version enforced
+# Install terraform if local version enforced
 if [[ "$TF_FORCE_LOCAL" = 1 ]]; then
-    printf "Fetching terraform archive..\n"
+    if [[ -e "$TF_ARCHIVE}" ]]; then
-    curl -LO "${TF_URL}"
+        printf "terraform binary exists\n"
-    unzip "${TF_ARCHIVE}"
+    else
+        printf "Fetching terraform archive..\n"
+        curl -LO "${TF_URL}"
+        unzip -n "${TF_ARCHIVE}"
+    fi
     TF_CMD="./terraform"
 else
     TF_CMD="terraform"
@@ -107,7 +140,7 @@ ${FLUX_CMD} bootstrap gitea \
   --owner="$GITEA_USER" \
   --repository="$PRJ"-deploy \
   --branch=main \
-  --path=clusters/minikube \
+  --path=clusters/dev \
   --personal \
   --read-write-key=true \
   --private=false