AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dev/gitea/tekton-triggers/README.md Normal file
View File

@@ -0,0 +1,15 @@
#eventlistener voor gitea installeren:
serviceaccount tekton-robot aanmaken:
kubectl apply -f rbac.yaml
kubectl apply -f gitea-binding.yaml
kubectl apply -f gitea-listener.yaml
kubectl apply -f gitea-pipeline-template.yaml
webhook aanmaken in gitea:
http://el-gitea-listener.default:8080

13
dev/gitea/tekton-triggers/gitea-binding.yaml Executable file
View File

@@ -0,0 +1,13 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
spec:
params:
- name: repo-url
value: $(body.repository.clone_url)
- name: git-revision
# value: $(body.repository.description)
value: $(extensions.image-tag)
- name: image-reference
value: harbor-dev.allarddcs.nl/$(body.repository.full_name):$(extensions.image-tag)

34
dev/gitea/tekton-triggers/gitea-listener.yaml Executable file
View File

@@ -0,0 +1,34 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: gitea-listener
spec:
namespaceSelector: {}
resources: {}
serviceAccountName: tekton-robot
triggers:
- bindings:
- kind: TriggerBinding
ref: gitea-binding
interceptors:
- params:
- name: overlays
value:
# - key: image-tag
# expression: '''harbor-dev.alldcs.nl'''
- key: image-name
expression: '[''harbor-dev.allarddcs.nl'',body.repository.full_name].join(''/'')'
- key: registry
expression: body.repository.description.split('/')[0]
- key: repository
expression: body.repository.description.split('/')[1]
- key: version
expression: body.repository.description.split('/')[2]
- key: image-tag
expression: body.ref.split('/')[2]
ref:
kind: ClusterInterceptor
name: cel
name: gitea-trigger
template:
ref: gitea-pipeline-template

79
dev/gitea/tekton-triggers/gitea-pipeline-template.yaml Executable file
View File

@@ -0,0 +1,79 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: gitea-pipeline-template
spec:
params:
- name: git-revision
description: The git revision (SHA)
default: master
- description: The git repository url
name: repo-url
- name: sonar-project-key
default: olproperties
description: sonar project key
- name: source-to-scan
description: location of th source that sonarqube should scan
default: ./src
- name: image-reference
description: imagename
- name: deptrack-apiKey
description: key to upload sbom to dependency-track
default: odt_UPC8l0R9vzQILZIphSoK15J4u4Ns3HEy
- name: deptrack-projectName
description: projectname in dependency-track
default: olproperties
- name: deptrack-projectVersion
description: projectversion in dependency-track
default: "1.1"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: openliberty-pipeline-run-
spec:
params:
- name: repo-url
value: $(tt.params.repo-url)
- name: image-reference
value: $(tt.params.image-reference)
- name: git-revision
value: $(tt.params.git-revision)
- name: sonar-project-key
value: $(tt.params.sonar-project-key)
- name: source-to-scan
value: $(tt.params.source-to-scan)
- name: deptrack-apiKey
value: $(tt.params.deptrack-apiKey)
- name: deptrack-projectName
value: $(tt.params.deptrack-projectName)
- name: deptrack-projectVersion
value: $(tt.params.deptrack-projectVersion)
pipelineRef:
name: openliberty-pipeline
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: maven-settings
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- configmap:
name: sonar-properties
name: sonar-settings
- name: registry-credentials
secret:
items:
- key: .dockerconfigjson
path: config.json
secretName: registry-credentials

202
dev/gitea/tekton-triggers/gitea-trigger.yaml Normal file
View File

@@ -0,0 +1,202 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: gitea-listener
spec:
namespaceSelector: {}
resources: {}
serviceAccountName: tekton-robot
triggers:
- bindings:
- kind: TriggerBinding
ref: gitea-binding
interceptors:
- params:
- name: overlays
value:
- key: version
expression: body.ref.split('/')[2]
ref:
kind: ClusterInterceptor
name: cel
name: gitea-trigger
template:
ref: gitea-pipeline-template
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
spec:
params:
- name: repo-url
value: $(body.repository.clone_url)
- name: git-revision
value: $(extensions.version)
- name: image-reference
value: harbor-dev.allarddcs.nl/$(body.repository.full_name):$(extensions.version)
# value: harbor-dev.allarddcs.nl/$(body.repository.full_name)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: gitea-pipeline-template
spec:
params:
- name: git-revision
description: The git revision
#geen default waarde, komt uit trigger-binding.
- name: repo-url
description: The git repository url
#geen default waarde, komt uit trigger-binding.
- name: maven-mirror-url
description: url van de nexus-server die als proxy dient voor java-libraries
default: 'http://nexus.nexus.svc.cluster.local:8081/repository/maven-public/'
- name: sonar-host-url
description: url van de sonarqube-server
default: "https://sonarqube-dev.allarddcs.nl"
- name: sonar-organization
description: Organisatienaam in sonar waar vulnerabilities onder vallen
default: "allarddcs"
- name: sonar-token
description: authenticatiemiddel voor sonar (komt uit sonar)
default: sqp_214ee7c92e1b82b0d43dd9b1d9462eac8f50434c
- name: sonar-project-key
default: olproperties
description: sonar project key
- name: source-to-scan
description: location of the source that sonarqube should scan
default: ./src
#- name: image-reference
#description: imagename
#geen default waarde, komt uit trigger-binding.
- name: image
description: image
- name: registry
default: harbor-dev.allarddcs.nl
- name: project
default: allard
- name: image-name
default: olproperties
- name: cosign-image-url
default:
- name: tlsverify
description: wel of geen tls gebruiken bij push
default: "true"
- name: deptrack-url
description: url of deptrack api-server
default: https://deptracka-dev.allarddcs.nl
- name: deptrack-apiKey
description: key to upload sbom to dependency-track
default: odt_BRpq4el8T0XqdeunYMnefniaS0n8Yxd8
- name: deptrack-projectName
description: projectname in dependency-track
default: olproperties
- name: deptrack-projectVersion
description: projectversion in dependency-track
default: "1.1"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: openliberty-pipeline-run-
spec:
params:
- name: repo-url
value: $(tt.params.repo-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: maven-mirror-url
value: $(tt.params.maven-mirror-url)
- name: sonar-host-url
value: $(tt.params.sonar-host-url)
- name: sonar-organization
value: $(tt.params.sonar-organization)
- name: sonar-token
value: $(tt.params.sonar-token)
- name: sonar-project-key
value: $(tt.params.sonar-project-key)
- name: source-to-scan
value: $(tt.params.source-to-scan)
# - name: image-reference
# value: $(tt.params.image-reference)
# - name: image
# value: $(tt.params.registry)/$(tt.params.project)/$(tt.params.image-name):$(tt.params.git-revision)
- name: registry
value: $(tt.params.registry)
- name: project
value: $(tt.params.project)
- name: image-name
value: $(tt.params.image-name)
- name: cosign-image-url
value: $(tt.params.cosign-image-url)
- name: deptrack-url
value: $(tt.params.deptrack-url)
- name: tlsverify
value: $(tt.params.tlsverify)
- name: deptrack-apiKey
value: $(tt.params.deptrack-apiKey)
- name: deptrack-projectName
value: $(tt.params.deptrack-projectName)
- name: deptrack-projectVersion
value: $(tt.params.deptrack-projectVersion)
pipelineRef:
name: openliberty-pipeline
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: maven-settings
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- configmap:
name: sonar-properties
name: sonar-settings
- name: registry-credentials
secret:
items:
- key: .dockerconfigjson
path: config.json
secretName: registry-credentials
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-robot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: triggers-example-eventlistener-binding
subjects:
- kind: ServiceAccount
name: tekton-robot
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-roles
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: triggers-example-eventlistener-clusterbinding
subjects:
- kind: ServiceAccount
name: tekton-robot
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-clusterroles
---

29
dev/gitea/tekton-triggers/rbac.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-robot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: triggers-example-eventlistener-binding
subjects:
- kind: ServiceAccount
name: tekton-robot
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-roles
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: triggers-example-eventlistener-clusterbinding
subjects:
- kind: ServiceAccount
name: tekton-robot
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-clusterroles