feat: add infra

Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
Kasper Juul Hermansen 2024-01-28 23:50:06 +01:00
parent aca5838d54
commit 81847f4c49
Signed by: kjuulh
GPG Key ID: 9AA7BC13CE474394
9 changed files with 254 additions and 2 deletions

View File

@ -0,0 +1,155 @@
kind: pipeline
name: default
type: docker
steps:
- name: load_secret
image: debian:buster-slim
volumes:
- name: ssh
path: /root/.ssh/
environment:
SSH_KEY:
from_secret: gitea_id_ed25519
commands:
- mkdir -p $HOME/.ssh/
- echo "$SSH_KEY" | base64 -d > $HOME/.ssh/id_ed25519
- chmod -R 600 ~/.ssh
- |
cat >$HOME/.ssh/config <<EOL
Host git.front.kjuulh.io
IdentityFile $HOME/.ssh/id_ed25519
IdentitiesOnly yes
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no
EOL
- chmod 700 ~/.ssh/config
- name: build pr
image: kasperhermansen/cuddle:latest
pull: always
volumes:
- name: ssh
path: /root/.ssh/
- name: ci
path: /mnt/ci
commands:
- eval `ssh-agent`
- ssh-add
- echo "$DOCKER_PASSWORD" | docker login --password-stdin --username="$DOCKER_USERNAME" docker.io
- apk add git
- $CI_PREFIX pr
environment:
DOCKER_BUILDKIT: 1
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
CUDDLE_SECRETS_PROVIDER: 1password
CUDDLE_ONE_PASSWORD_DOT_ENV: ".env.ci"
CUDDLE_SSH_AGENT: "true"
CI_PREFIX: "/mnt/ci/ci"
CUDDLE_PLEASE_TOKEN:
from_secret: cuddle_please_token
OP_SERVICE_ACCOUNT_TOKEN:
from_secret: op_service_account_token
when:
event:
- pull_request
exclude:
- main
- master
depends_on:
- "load_secret"
- name: build main
image: kasperhermansen/cuddle-infrastructure-plan:main-1706481826
pull: always
volumes:
- name: ssh
path: /root/.ssh/
commands:
- eval `ssh-agent`
- ssh-add
- echo "$DOCKER_PASSWORD" | docker login --password-stdin --username="$DOCKER_USERNAME" docker.io
- export CLUSTER=clank-prod
- export IMAGE_TAG=something
- cuddle-infrastructure-plan main
environment:
REGISTRY_CACHE_USERNAME:
from_secret: registry_cache_username
REGISTRY_CACHE_PASSWORD:
from_secret: registry_cache_password
REGISTRY_CACHE_TOKEN:
from_secret: registry_cache_token
REGISTRY_CACHE_url:
from_secret: registry_cache_url
DOCKER_BUILDKIT: 1
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
CUDDLE_SECRETS_PROVIDER: 1password
CUDDLE_ONE_PASSWORD_DOT_ENV: ".env.ci"
CUDDLE_SSH_AGENT: "true"
GIT_PASSWORD:
from_secret: git_password
CI_PREFIX: "/mnt/ci/ci"
DOCKER_HOST: "tcp://192.168.1.233:2376"
CUDDLE_PLEASE_TOKEN:
from_secret: cuddle_please_token
OP_SERVICE_ACCOUNT_TOKEN:
from_secret: op_service_account_token
when:
event:
- push
branch:
- main
- master
exclude:
- pull_request
depends_on:
- "load_secret"
- name: deploy release
image: kasperhermansen/cuddle:latest
pull: always
volumes:
- name: ssh
path: /root/.ssh/
- name: dockersock
path: /var/run
- name: ci
path: /mnt/ci
commands:
- eval `ssh-agent`
- ssh-add
- echo "$DOCKER_PASSWORD" | docker login --password-stdin --username="$DOCKER_USERNAME" docker.io
- apk add git
- cuddle x ci:release
environment:
DOCKER_BUILDKIT: 1
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
CUDDLE_SECRETS_PROVIDER: 1password
CUDDLE_ONE_PASSWORD_DOT_ENV: ".env.ci"
CUDDLE_SSH_AGENT: "true"
CI_PREFIX: "/mnt/ci/ci"
CUDDLE_PLEASE_TOKEN:
from_secret: cuddle_please_token
OP_SERVICE_ACCOUNT_TOKEN:
from_secret: op_service_account_token
when:
event:
- tag
ref:
include:
- refs/tags/v*
depends_on:
- "load_secret"
volumes:
- name: ssh
temp: {}

2
cuddle-infrastructure/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
target/
.cuddle/

View File

@ -0,0 +1,10 @@
{
"name": "cuddle-infrastructure",
"templating": "tera",
"delimiter": "[[]]",
"prompt": {
"name": {
"description": "Project name"
}
}
}

View File

@ -0,0 +1,20 @@
# yaml-language-server: $schema=https://git.front.kjuulh.io/kjuulh/cuddle/raw/branch/main/schemas/base.json
base: "git@git.front.kjuulh.io:kjuulh/cuddle-infrastructure-plan.git"
vars:
service: "%%name%%"
registry: kasperhermansen
clusters:
clank-prod:
replicas: "3"
namespace: prod
deployment:
registry: git@git.front.kjuulh.io:kjuulh/clank-clusters
env:
prod:
clusters:
- clank-prod

View File

@ -0,0 +1,3 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

View File

@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ service }}"
spec:
selector:
matchLabels:
app: "{{ service }}"
template:
spec:
containers:
- name: "{{ service }}"
image: "deployment:latest"
ports:
- containerPort: 3000
name: external_http
- containerPort: 3001
name: internal_http
- containerPort: 3002
name: internal_grpc

View File

@ -0,0 +1,24 @@
{% set_global cluster_vars = filter_by_prefix(prefix=["clusters", cluster]) %}
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
commonLabels:
app: "{{ service }}"
cluster: "{{ cluster }}"
namespace: "{{ cluster_vars.namespace }}"
replicas:
- name: "{{ service }}"
count: {{ cluster_vars.replicas }}
images:
- name: "deployment"
newName: "{{ service }}"
newTag: "{{ image_tag }}"

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ service }}"
spec:
type: LoadBalancer
ports:
- name: external_http
port: 3000
targetPort: 3000
- name: internal_http
port: 3001
targetPort: 3001
- name: internal_grpc
port: 3002
targetPort: 3002

View File

@ -4,6 +4,7 @@
"rust-cli", "rust-cli",
"rust-lib", "rust-lib",
"empty", "empty",
"deployment" "deployment",
"cuddle-infrastructure"
] ]
} }