From de3dbe8576bb06962b2d2c1e173d58e5fd565f81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=B3=80=EC=A0=95=ED=9B=88?= Date: Tue, 31 Jan 2023 04:04:17 +0000 Subject: [PATCH] Template Yaml Add --- template/template.yml | 480 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 480 insertions(+) create mode 100644 template/template.yml diff --git a/template/template.yml b/template/template.yml new file mode 100644 index 0000000..9733785 --- /dev/null +++ b/template/template.yml @@ -0,0 +1,480 @@ +apiVersion: tmax.io/v1 +kind: ClusterTemplate +metadata: + labels: + cicd-template-test: reviews + name: tmaxcloud-platofrmps-template +categories: + - reviews +imageUrl: >- + https://static.wixstatic.com/media/adcb2b_6acdb885bf744458bf152ab5854621cd~mv2.jpg/v1/fill/w_562,h_528,al_c,lg_1,q_80,enc_auto/adcb2b_6acdb885bf744458bf152ab5854621cd~mv2.jpg +longDescription: TmaxCloud CI/CD Test Sample +markdownDescription: reviews-test-template +objectKinds: + - PersistentVolumeClaim + - ConfigMap + - Secret + - Secret + - RoleBinding + - IntegrationConfig +objects: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: 'cicd-pvc-${APP_NAME}' + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: '${STORAGE_CLASS}' + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: 'build-pvc-${APP_NAME}' + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: '${STORAGE_CLASS}' + - apiVersion: v1 + kind: ConfigMap + metadata: + name: argocd-env-configmap + data: + ARGOCD_SERVER: '${ARGOCD_URL}' + - apiVersion: v1 + kind: Secret + metadata: + name: argocd-env-secret + data: + ARGOCD_PASSWORD: '${ARGOPASS}' + ARGOCD_USERNAME: '${ARGOUSER}' + - apiVersion: v1 + kind: Secret + metadata: + name: my-basic-auth-secret + stringData: + .git-credentials: | + https://${GITID}:${GITPWD}@${GIT_API_URL} + .gitconfig: | + [credential] + helper = store + [user] + name = Administrator + email = admin@example.com + [http] + sslVerify = true + type: Opaque + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: '${APP_NAME}-binding' + roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: cicd-example-role + subjects: + - kind: ServiceAccount + name: '${APP_NAME}-config-sa' + - apiVersion: cicd.tmax.io/v1 + kind: IntegrationConfig + metadata: + labels: + app: '${APP_NAME}' + name: '${APP_NAME}-config' + spec: + git: + apiUrl: 'https://${GIT_API_URL}' + repository: '${GIT_REPOSITORY}' + token: + valueFrom: + secretKeyRef: + key: token + name: '${GIT_TOKEN_SECRET}' + type: '${GIT_TYPE}' + jobs: + postSubmit: + - name: git-clone + tektonTask: + params: + - name: url + stringVal: 'https://${GIT_API_URL}/${GIT_REPOSITORY}' + - name: revision + stringVal: '${GIT_BRANCH}' + - name: deleteExisting + stringVal: 'false' + - name: sslVerify + stringVal: 'true' + taskRef: + local: + kind: ClusterTask + name: git-clone + workspaces: + - name: output + workspace: s2i + notification: + onSuccess: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료" + onFailure: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패" + - after: + - git-clone + name: sonarqube-scanner + tektonTask: + workspaces: + - name: source + workspace: s2i + params: + - name: SONAR_HOST_URL + stringVal: '${SONARURL}' + - name: SONAR_PROJECT_KEY + stringVal: '${PROJECTKEY}' + - name: PROJECT_VERSION + stringVal: '${PROJECTVERSION}' + - name: SOURCE_TO_SCAN + stringVal: '${SOURCEDIR}' + - name: SONAR_ORGANIZATION + stringVal: "master" + - name: SONAR_LOGIN_KEY + stringVal: "admin" + - name: SONAR_PASSWORD_KEY + stringVal: "tmax@23!!" + taskRef: + local: + kind: ClusterTask + name: sonarqube-scanner + notification: + onSuccess: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료" + onFailure: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패" + - after: + - sonarqube-scanner + name: podman-build + tektonTask: + params: + - name: url + stringVal: '${IMAGE_URL}' + - name: image + stringVal: '${IMAGE_NAME}' + - name: tag + stringVal: $(tasks.git-clone.results.commit) + - name: tls + stringVal: 'false' + taskRef: + local: + kind: ClusterTask + name: buildtask + workspaces: + - name: source + workspace: s2i + - name: build-pvc + workspace: build-pvc + notification: + onSuccess: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료" + onFailure: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패" + - after: + - podman-build + name: trivy-check + tektonTask: + params: + - name: ARGS + arrayVal: ["image"] + - name: IMAGE_PATH + stringVal: "${IMAGE_URL}/${IMAGE_NAME}:$(tasks.git-clone.results.commit)" + workspaces: + - name: manifest-dir + workspace: trivy-db + taskRef: + local: + kind: ClusterTask + name: trivy-scanner + notification: + onSuccess: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료" + onFailure: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패" + - after: + - podman-build + name: argo-upload + tektonTask: + params: + - name: GIT_USER_NAME + stringVal: Administrator + - name: GIT_USER_EMAIL + stringVal: admin@example.com + - name: GIT_SCRIPT + stringVal: > + + git config --global http.sslVerify false + + git clone https://${GIT_API_URL}/${APP_REPOSITORY} + + cd ./appyaml/yaml + + rm -rf app.yaml + + cp app.yaml.template app.yaml + + sed -i "s@{{URL}}@${IMAGE_URL}/${IMAGE_NAME}:$(tasks.git-clone.results.commit)@" app.yaml + + ls -l + + git add * + + git status + + git commit -m "Images & Version Changed" + + git push + + cd $(workspaces.source.path) + + ls -l + + rm -rf ./appyaml + + rm -rf ./reviews/reviews-application/build + rm -rf ./reviews/reviews-wlpcfg/servers/LibertyProjectServer/apps + taskRef: + local: + kind: ClusterTask + name: git-cli + workspaces: + - name: basic-auth + workspace: basic-auth + - name: source + workspace: s2i + notification: + onSuccess: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료" + onFailure: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패" + - after: + - trivy-check + name: send-mail + tektonTask: + params: + - name: server + stringVal: server-secret + - name: subject + stringVal: "trivy 이미지 스캐닝 완료" + - name: body + stringVal: | + CI/CD 테스크중 trivy를 통한 스캐닝이 끝났습니다. + HyperCloud로 돌아오셔서 스캐닝 결과를 확인해주세요! + - HyperCloud + - name: sender + stringVal: "" + - name: recipients + stringVal: "" + taskRef: + local: + kind: ClusterTask + name: sendmail + - after: + - argo-upload + name: argo-sync + tektonTask: + params: + - name: application-name + stringVal: appyaml + - name: flags + stringVal: '--insecure' + taskRef: + local: + kind: ClusterTask + name: argocd-task-sync-and-wait + notification: + onSuccess: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료" + onFailure: + slack: + url: https://hooks.slack.com/services/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 + message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패" + secrets: + - name: '${REGISTRY_SECRET_NAME}' + tlsConfig: + insecureSkipVerify: true + workspaces: + - name: basic-auth + secret: + secretName: my-basic-auth-secret + - name: s2i + persistentVolumeClaim: + claimName: 'cicd-pvc-${APP_NAME}' + - name: trivy-db + persistentVolumeClaim: + claimName: 'trivy-db' + - name: build-pvc + persistentVolumeClaim: + claimName: 'build-pvc-${APP_NAME}' +parameters: + - description: Application name + displayName: AppName + name: APP_NAME + required: true + value: testapp + valueType: string + - description: Git Type (gitlab or github) + displayName: GitType + name: GIT_TYPE + required: true + value: gitlab + valueType: string + - description: 'Git API URL (e.g., http://)' + displayName: GitApiUrl + name: GIT_API_URL + required: false + value: gitlab.jhcloud.kr + valueType: string + - description: 'Git Repo. (e.g., tmax-cloud/cicd-operator)' + displayName: GitRepository + name: GIT_REPOSITORY + required: true + value: root/bookinfo + valueType: string + - description: 'Git Repo. (e.g., tmax-cloud/cicd-operator)' + displayName: AppYaml + name: APP_REPOSITORY + required: true + value: root/appyaml + valueType: string + - description: 'Git Branch (e.g., master)' + displayName: GitBranch + name: GIT_BRANCH + required: false + value: master + valueType: string + - description: ARGOCD URL + displayName: ArgoURL + name: ARGOCD_URL + required: true + value: argocd.jhcloud.kr + valueType: string + - description: ARGOCD USER + displayName: ArgoUSER + name: ARGOUSER + required: true + value: YWRtaW4= + valueType: string + - description: ARGOCD PASSWORD + displayName: ArgoPASS + name: ARGOPASS + required: true + value: dG1heEAyM0A= + valueType: string + - description: Git Token Secret Name (with 'token' key) + displayName: GitTokenSecret + name: GIT_TOKEN_SECRET + required: true + value: gitlab + valueType: string + - description: Output Image URL + displayName: ImageURL + name: IMAGE_URL + required: true + value: 'harbor.jhcloud.kr' + valueType: string + - description: Output Image NAME + displayName: ImageNAME + name: IMAGE_NAME + required: true + value: 'reviews/reviews' + valueType: string + - description: Secret for accessing image registry + displayName: RegistrySecret + name: REGISTRY_SECRET_NAME + required: false + value: '' + valueType: string + - description: Storage class for ci workspace + displayName: StorageClass + name: STORAGE_CLASS + required: true + value: nfs + valueType: string + - description: REVIEWS Port + displayName: 포트 + name: REVIEWS_PORT + required: true + value: 9080 + valueType: number + - description: git-clone 단계에서 사용되는 git 아이디. + displayName: GitID + name: GITID + required: true + value: 'root' + valueType: string + - description: git-clone 단계에서 사용되는 git 패스워드. + displayName: GitPWD + name: GITPWD + required: true + value: 'ios2011a' + valueType: string + - description: 소스 코드 스캔을 수행할 sonarqube의 주소. + displayName: URL + name: SONARURL + required: true + value: 'http://sonarqube.jhcloud.kr/' + valueType: string + - description: 소스 코드 스캔을 수행할 Project의 Key. + displayName: ProjectKey + name: PROJECTKEY + required: true + value: 'cicd' + valueType: string + - description: 소스 코드 스캔을 수행할 Project의 Version. + displayName: ProjectVersion + name: PROJECTVERSION + required: true + value: '1.0' + valueType: string + - description: 스캔을 수행할 코드 경로 + displayName: SourceDIR + name: SOURCEDIR + required: true + value: './reviews/reviews-application/src/main/java/application/rest/' + valueType: string + - description: Deployment environment variable in JSON object form + displayName: DeployEnvJson + name: DEPLOY_ENV_JSON + required: false + value: '{}' + valueType: string +plans: + - bindable: false + description: CI/CD 테스트를 위한 템플릿입니다. reviews pod를 배포합니다. + name: reviews-test +provider: junghun_byeon +recommend: false +shortDescription: TmaxCloud CI/CD Test Sample +urlDescription: 'https://www.tmax.co.kr/tmaxcloud'