sa_8001/bookinfo-cicd-tmaxcloud-with-cicd-operator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39a0196c0532ae17caf9d05202b895c0d6afb8ec
bookinfo-cicd-tmaxcloud-wit…/template/template.yml
변정훈 39a0196c05 subpath 삭제
2023-03-07 06:24:01 +00:00

688 lines
25 KiB
YAML
Raw Blame History

apiVersion: tmax.io/v1
kind: ClusterTemplate
metadata:
labels:
cicd-template-test: reviews
name: tmaxcloud-platofrmps-template
categories:
- reviews
imageUrl: >-
https://static.wixstatic.com/media/adcb2b_6acdb885bf744458bf152ab5854621cd~mv2.jpg/v1/fill/w_562,h_528,al_c,lg_1,q_80,enc_auto/adcb2b_6acdb885bf744458bf152ab5854621cd~mv2.jpg
longDescription: TmaxCloud CI/CD Test Sample
markdownDescription: reviews-test-template
objectKinds:
- PersistentVolumeClaim
- ConfigMap
- Secret
- IntegrationConfig
objects:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: 'cicd-pvc-${APP_NAME}'
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: '${STORAGE_CLASS}'
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: 'build-pvc-${APP_NAME}'
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: '${STORAGE_CLASS}'
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: 'image-pvc-${APP_NAME}'
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: '${STORAGE_CLASS}'
- apiVersion: v1
kind: ConfigMap
metadata:
name: podmanconf
data:
storage.conf: |
# This file is is the configuration file for all tools
# that use the containers/storage library.
# See man 5 containers-storage.conf for more information
# The "container storage" table contains all of the server options.
[storage]
# Default Storage Driver, Must be set for proper operation.
driver = "overlay"
# Temporary storage location
runroot = "/run/containers/storage"
# Primary Read/Write location of container storage
graphroot = "/root/containers"
# Storage path for rootless users
#
# rootless_storage_path = "$HOME/.local/share/containers/storage"
[storage.options]
# Storage options to be passed to underlying storage drivers
# AdditionalImageStores is used to pass paths to additional Read/Only image stores
# Must be comma separated list.
additionalimagestores = [
]
# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
# a container, to the UIDs/GIDs as they should appear outside of the container,
# and the length of the range of UIDs/GIDs. Additional mapped sets can be
# listed and will be heeded by libraries, but there are limits to the number of
# mappings which the kernel will allow when you later attempt to run a
# container.
#
# remap-uids = 0:1668442479:65536
# remap-gids = 0:1668442479:65536
# Remap-User/Group is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting
# with an in-container ID of 0 and then a host-level ID taken from the lowest
# range that matches the specified name, and using the length of that range.
# Additional ranges are then assigned, using the ranges which specify the
# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
# until all of the entries have been used for maps.
#
# remap-user = "containers"
# remap-group = "containers"
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
# to containers configured to create automatically a user namespace. Containers
# configured to automatically create a user namespace can still overlap with containers
# having an explicit mapping set.
# This setting is ignored when running as rootless.
# root-auto-userns-user = "storage"
#
# Auto-userns-min-size is the minimum size for a user namespace created automatically.
# auto-userns-min-size=1024
#
# Auto-userns-max-size is the minimum size for a user namespace created automatically.
# auto-userns-max-size=65536
[storage.options.overlay]
# ignore_chown_errors can be set to allow a non privileged user running with
# a single UID within a user namespace to run containers. The user can pull
# and use any image even those with multiple uids. Note multiple UIDs will be
# squashed down to the default uid in the container. These images will have no
# separation between the users in the container. Only supported for the overlay
# and vfs drivers.
#ignore_chown_errors = "false"
# Inodes is used to set a maximum inodes of the container image.
# inodes = ""
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
#mount_program = "/usr/bin/fuse-overlayfs"
# mountopt specifies comma separated list of extra mount options
mountopt = "nodev,metacopy=on"
# Set to skip a PRIVATE bind mount on the storage home directory.
# skip_mount_home = "false"
# Size is used to set a maximum size of the container image.
# size = ""
# ForceMask specifies the permissions mask that is used for new files and
# directories.
#
# The values "shared" and "private" are accepted.
# Octal permission masks are also accepted.
#
# "": No value specified.
# All files/directories, get set with the permissions identified within the
# image.
# "private": it is equivalent to 0700.
# All files/directories get set with 0700 permissions. The owner has rwx
# access to the files. No other users on the system can access the files.
# This setting could be used with networked based homedirs.
# "shared": it is equivalent to 0755.
# The owner has rwx access to the files and everyone else can read, access
# and execute them. This setting is useful for sharing containers storage
# with other users. For instance have a storage owned by root but shared
# to rootless users as an additional store.
# NOTE: All files within the image are made readable and executable by any
# user on the system. Even /etc/shadow within your image is now readable by
# any user.
#
# OCTAL: Users can experiment with other OCTAL Permissions.
#
# Note: The force_mask Flag is an experimental feature, it could change in the
# future. When "force_mask" is set the original permission mask is stored in
# the "user.containers.override_stat" xattr and the "mount_program" option must
# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
# extended attribute permissions to processes within containers rather then the
# "force_mask" permissions.
#
# force_mask = ""
[storage.options.thinpool]
# Storage Options for thinpool
# autoextend_percent determines the amount by which pool needs to be
# grown. This is specified in terms of % of pool size. So a value of 20 means
# that when threshold is hit, pool will be grown by 20% of existing
# pool size.
# autoextend_percent = "20"
# autoextend_threshold determines the pool extension threshold in terms
# of percentage of pool size. For example, if threshold is 60, that means when
# pool is 60% full, threshold has been hit.
# autoextend_threshold = "80"
# basesize specifies the size to use when creating the base device, which
# limits the size of images and containers.
# basesize = "10G"
# blocksize specifies a custom blocksize to use for the thin pool.
# blocksize="64k"
# directlvm_device specifies a custom block storage device to use for the
# thin pool. Required if you setup devicemapper.
# directlvm_device = ""
# directlvm_device_force wipes device even if device already has a filesystem.
# directlvm_device_force = "True"
# fs specifies the filesystem type to use for the base device.
# fs="xfs"
# log_level sets the log level of devicemapper.
# 0: LogLevelSuppress 0 (Default)
# 2: LogLevelFatal
# 3: LogLevelErr
# 4: LogLevelWarn
# 5: LogLevelNotice
# 6: LogLevelInfo
# 7: LogLevelDebug
# log_level = "7"
# min_free_space specifies the min free space percent in a thin pool require for
# new device creation to succeed. Valid values are from 0% - 99%.
# Value 0% disables
# min_free_space = "10%"
# mkfsarg specifies extra mkfs arguments to be used when creating the base
# device.
# mkfsarg = ""
# metadata_size is used to set the `pvcreate --metadatasize` options when
# creating thin devices. Default is 128k
# metadata_size = ""
# Size is used to set a maximum size of the container image.
# size = ""
# use_deferred_removal marks devicemapper block device for deferred removal.
# If the thinpool is in use when the driver attempts to remove it, the driver
# tells the kernel to remove it as soon as possible. Note this does not free
# up the disk space, use deferred deletion to fully remove the thinpool.
# use_deferred_removal = "True"
# use_deferred_deletion marks thinpool device for deferred deletion.
# If the device is busy when the driver attempts to delete it, the driver
# will attempt to delete device every 30 seconds until successful.
# If the program using the driver exits, the driver will continue attempting
# to cleanup the next time the driver is used. Deferred deletion permanently
# deletes the device and all data stored in device will be lost.
# use_deferred_deletion = "True"
# xfs_nospace_max_retries specifies the maximum number of retries XFS should
# attempt to complete IO when ENOSPC (no space) error is returned by
# underlying storage device.
# xfs_nospace_max_retries = "0"
- apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-env-configmap
data:
ARGOCD_SERVER: '${ARGOCD_URL}'
- apiVersion: v1
kind: Secret
metadata:
name: argocd-env-secret
data:
ARGOCD_PASSWORD: '${ARGOPASS}'
ARGOCD_USERNAME: '${ARGOUSER}'
- apiVersion: v1
kind: Secret
metadata:
name: my-basic-auth-secret
stringData:
.git-credentials: |
https://${GITID}:${GITPWD}@${GIT_API_URL}
.gitconfig: |
[credential]
helper = store
[user]
name = Administrator
email = admin@example.com
[http]
sslVerify = true
type: Opaque
- apiVersion: cicd.tmax.io/v1
kind: IntegrationConfig
metadata:
labels:
app: '${APP_NAME}'
name: '${APP_NAME}-config'
spec:
git:
apiUrl: 'https://${GIT_API_URL}'
repository: '${GIT_REPOSITORY}'
token:
valueFrom:
secretKeyRef:
key: token
name: '${GIT_TOKEN_SECRET}'
type: '${GIT_TYPE}'
jobs:
postSubmit:
- name: git-clone
tektonTask:
params:
- name: url
stringVal: 'https://${GIT_API_URL}/${GIT_REPOSITORY}'
- name: revision
stringVal: '${GIT_BRANCH}'
- name: deleteExisting
stringVal: 'false'
- name: sslVerify
stringVal: 'true'
taskRef:
local:
kind: ClusterTask
name: git-clone
workspaces:
- name: output
workspace: s2i
notification:
onSuccess:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료"
onFailure:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패"
- after:
- git-clone
name: sonarqube-scanner
tektonTask:
workspaces:
- name: source
workspace: s2i
params:
- name: SONAR_HOST_URL
stringVal: '${SONARURL}'
- name: SONAR_PROJECT_KEY
stringVal: '${PROJECTKEY}'
- name: PROJECT_VERSION
stringVal: '${PROJECTVERSION}'
- name: SOURCE_TO_SCAN
stringVal: '${SOURCEDIR}'
- name: SONAR_ORGANIZATION
stringVal: "master"
- name: SONAR_LOGIN_KEY
stringVal: "admin"
- name: SONAR_PASSWORD_KEY
stringVal: "platformps"
taskRef:
local:
kind: ClusterTask
name: sonarqube-scanner
notification:
onSuccess:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료"
onFailure:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패"
- after:
- sonarqube-scanner
name: podman-build
tektonTask:
params:
- name: url
stringVal: '${IMAGE_URL}'
- name: image
stringVal: '${IMAGE_NAME}'
- name: tag
stringVal: $(tasks.git-clone.results.commit)
- name: tls
stringVal: 'false'
taskRef:
local:
kind: ClusterTask
name: buildtask
workspaces:
- name: source
workspace: s2i
- name: build-pvc
workspace: build-pvc
- name: image-pvc
workspace: image-pvc
- name: podmanconf
workspace: podmanconf
notification:
onSuccess:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료"
onFailure:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패"
- after:
- podman-build
name: trivy-check
tektonTask:
params:
- name: ARGS
arrayVal: ["image"]
- name: IMAGE_PATH
stringVal: "${IMAGE_URL}/${IMAGE_NAME}:$(tasks.git-clone.results.commit)"
workspaces:
- name: manifest-dir
workspace: trivy-db
taskRef:
local:
kind: ClusterTask
name: trivy-scanner
notification:
onSuccess:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료"
onFailure:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패"
- after:
- podman-build
name: argo-upload
tektonTask:
params:
- name: GIT_USER_NAME
stringVal: Administrator
- name: GIT_USER_EMAIL
stringVal: admin@example.com
- name: GIT_SCRIPT
stringVal: >
git config --global http.sslVerify true
git clone https://${GIT_API_URL}/${APP_REPOSITORY}
cd ./appyaml/
rm -rf app.yaml
cp app.yaml.template app.yaml
sed -i "s@{{URL}}@${IMAGE_URL}/${IMAGE_NAME}:$(tasks.git-clone.results.commit)@" app.yaml
ls -l
git add *
git status
git commit -m "Images & Version Changed"
git push
cd $(workspaces.source.path)
ls -l
rm -rf ./appyaml
rm -rf ./reviews/reviews-application/build
rm -rf ./reviews/reviews-wlpcfg/servers/LibertyProjectServer/apps
taskRef:
local:
kind: ClusterTask
name: git-cli
workspaces:
- name: basic-auth
workspace: basic-auth
- name: source
workspace: s2i
notification:
onSuccess:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료"
onFailure:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패"
- after:
- trivy-check
name: send-mail
tektonTask:
params:
- name: server
stringVal: server-secret
- name: subject
stringVal: "trivy 이미지 스캐닝 결과"
- name: body
stringVal: |
$(tasks.trivy-check.results.scan)
- name: sender
stringVal: "<junghun_byeon@tmax.co.kr>"
- name: recipients
stringVal: "<sa_8001@jhcloud.kr>"
taskRef:
local:
kind: ClusterTask
name: sendmail
- after:
- argo-upload
name: argo-sync
tektonTask:
params:
- name: application-name
stringVal: appyaml
- name: flags
stringVal: '--insecure'
taskRef:
local:
kind: ClusterTask
name: argocd-task-sync-and-wait
notification:
onSuccess:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 완료"
onFailure:
slack:
url: https://hooks.slack.com/services/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
message: "현재 진행중인 PipelineRun : ($INTEGRATION_JOB_NAME)\n현재 단계 : $JOB_NAME\n상태 : 실패"
secrets:
- name: '${REGISTRY_SECRET_NAME}'
tlsConfig:
insecureSkipVerify: true
workspaces:
- name: basic-auth
secret:
secretName: my-basic-auth-secret
- name: s2i
persistentVolumeClaim:
claimName: 'cicd-pvc-${APP_NAME}'
- name: trivy-db
persistentVolumeClaim:
claimName: 'trivy-db'
- name: build-pvc
persistentVolumeClaim:
claimName: 'build-pvc-${APP_NAME}'
- name: image-pvc
persistentVolumeClaim:
claimName: 'image-pvc-${APP_NAME}'
- name: podmanconf
configmap:
name: 'podmanconf'
parameters:
- description: Application name
displayName: AppName
name: APP_NAME
required: true
value: testapp
valueType: string
- description: Git Type (gitlab or github)
displayName: GitType
name: GIT_TYPE
required: true
value: gitlab
valueType: string
- description: 'Git API URL (e.g., http://)'
displayName: GitApiUrl
name: GIT_API_URL
required: false
value: gitlab.dev-cloudps.com
valueType: string
- description: 'Git Repo. (e.g., tmax-cloud/cicd-operator)'
displayName: GitRepository
name: GIT_REPOSITORY
required: true
value: root/Bookinfo
valueType: string
- description: 'Git Repo. (e.g., tmax-cloud/cicd-operator)'
displayName: AppYaml
name: APP_REPOSITORY
required: true
value: root/appyaml
valueType: string
- description: 'Git Branch (e.g., master)'
displayName: GitBranch
name: GIT_BRANCH
required: false
value: main
valueType: string
- description: ARGOCD URL
displayName: ArgoURL
name: ARGOCD_URL
required: true
value: argocd.dev-cloudps.com
valueType: string
- description: ARGOCD USER
displayName: ArgoUSER
name: ARGOUSER
required: true
value: YWRtaW4=
valueType: string
- description: ARGOCD PASSWORD
displayName: ArgoPASS
name: ARGOPASS
required: true
value: cGxhdGZvcm1wcw==
valueType: string
- description: Git Token Secret Name (with 'token' key)
displayName: GitTokenSecret
name: GIT_TOKEN_SECRET
required: true
value: gitlab
valueType: string
- description: Output Image URL
displayName: ImageURL
name: IMAGE_URL
required: true
value: 'harbor.dev-cloudps.com'
valueType: string
- description: Output Image NAME
displayName: ImageNAME
name: IMAGE_NAME
required: true
value: 'reviews/reviews'
valueType: string
- description: Secret for accessing image registry
displayName: RegistrySecret
name: REGISTRY_SECRET_NAME
required: false
value: ''
valueType: string
- description: Storage class for ci workspace
displayName: StorageClass
name: STORAGE_CLASS
required: true
value: nfs
valueType: string
- description: REVIEWS Port
displayName: 포트
name: REVIEWS_PORT
required: true
value: 9080
valueType: number
- description: git-clone 단계에서 사용되는 git 아이디.
displayName: GitID
name: GITID
required: true
value: 'root'
valueType: string
- description: git-clone 단계에서 사용되는 git 패스워드.
displayName: GitPWD
name: GITPWD
required: true
value: 'platformps'
valueType: string
- description: 소스 코드 스캔을 수행할 sonarqube의 주소.
displayName: URL
name: SONARURL
required: true
value: 'http://sonarqube.dev-cloudps.com/'
valueType: string
- description: 소스 코드 스캔을 수행할 Project의 Key.
displayName: ProjectKey
name: PROJECTKEY
required: true
value: 'cicd'
valueType: string
- description: 소스 코드 스캔을 수행할 Project의 Version.
displayName: ProjectVersion
name: PROJECTVERSION
required: true
value: '1.0'
valueType: string
- description: 스캔을 수행할 코드 경로
displayName: SourceDIR
name: SOURCEDIR
required: true
value: './reviews/reviews-application/src/main/java/application/rest/'
valueType: string
- description: Deployment environment variable in JSON object form
displayName: DeployEnvJson
name: DEPLOY_ENV_JSON
required: false
value: '{}'
valueType: string
plans:
- bindable: false
description: CI/CD 테스트를 위한 템플릿입니다. reviews pod를 배포합니다.
name: reviews-test
provider: junghun_byeon
recommend: false
shortDescription: TmaxCloud CI/CD Test Sample
urlDescription: 'https://www.tmax.co.kr/tmaxcloud'
Reference in New Issue View Git Blame Copy Permalink