ci/cd - staging improvements
This commit is contained in:
parent
9aba006738
commit
d6aa6a9b09
|
@ -24,10 +24,6 @@ on:
|
|||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
PRIVATE_REGISTRY:
|
||||
required: true
|
||||
PRIVATE_REGISTRY_TOKEN:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: false
|
||||
ARM_SSH_IP:
|
||||
|
@ -87,12 +83,12 @@ jobs:
|
|||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Build testing package image
|
||||
- name: Build package image
|
||||
if: inputs.RELEASE == 'testing'
|
||||
|
@ -103,8 +99,8 @@ jobs:
|
|||
file: src/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
|
||||
cache-from: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-testing
|
||||
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-testing,mode=min
|
||||
cache-from: type=gha,scope=${{ inputs.LINUX }}-testing
|
||||
cache-to: type=gha,scope=${{ inputs.LINUX }}-testing,mode=min
|
||||
# Build non-testing package image
|
||||
- name: Build package image
|
||||
if: inputs.RELEASE != 'testing'
|
||||
|
@ -136,6 +132,12 @@ jobs:
|
|||
name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
|
||||
path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
|
||||
# Build test image
|
||||
- name: Extract metadata
|
||||
if: inputs.TEST == true
|
||||
id: meta
|
||||
uses: docker/metadata-action@v4
|
||||
with:
|
||||
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
|
||||
- name: Build test image
|
||||
if: inputs.TEST == true
|
||||
uses: docker/build-push-action@v4
|
||||
|
@ -144,4 +146,5 @@ jobs:
|
|||
file: tests/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
|
|
@ -41,10 +41,18 @@ jobs:
|
|||
- run: ./tests/create.sh ${{ inputs.TYPE }}
|
||||
env:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
- run: tar -cvf terraform.tar /tmp/${{ inputs.TYPE }}
|
||||
REG_USER: ${{ github.actor }}
|
||||
REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: |
|
||||
tar -cvf terraform.tar /tmp/${{ inputs.TYPE }}
|
||||
echo "$SECRET_KEY" > /tmp/.secret_key
|
||||
openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -pass file:/tmp/.secret_key -out terraform.tar.enc
|
||||
rm -f /tmp/.secret_key
|
||||
if: always()
|
||||
env:
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
- uses: actions/upload-artifact@v3
|
||||
if: always()
|
||||
with:
|
||||
name: tf-${{ inputs.TYPE }}
|
||||
path: terraform.tar
|
||||
path: terraform.tar.enc
|
||||
|
|
|
@ -20,11 +20,18 @@ jobs:
|
|||
uses: actions/checkout@v3
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@v2
|
||||
|
||||
- uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: tf-${{ inputs.TYPE }}
|
||||
path: /tmp
|
||||
- run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
|
||||
- run: |
|
||||
echo "$SECRET_KEY" > /tmp/.secret_key
|
||||
openssl dec -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
|
||||
rm -f /tmp/.secret_key
|
||||
tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
|
||||
env:
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
- uses: azure/setup-kubectl@v3
|
||||
if: inputs.TYPE == 'k8s'
|
||||
# Remove infra
|
||||
|
|
|
@ -26,20 +26,17 @@ jobs:
|
|||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to private repository
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:testing local/bunkerweb-tests:latest
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing local/bunkerweb-tests:latest
|
||||
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:testing local/scheduler-tests:latest
|
||||
- run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing local/scheduler-tests:latest
|
||||
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
|
||||
- name: Pull Autoconf image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:testing local/autoconf-tests:latest
|
||||
- run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing local/autoconf-tests:latest
|
||||
if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE)
|
||||
- name: Push images to local repo
|
||||
run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
|
||||
|
@ -51,6 +48,14 @@ jobs:
|
|||
name: tf-k8s
|
||||
path: /tmp
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- run: |
|
||||
echo "$SECRET_KEY" > /tmp/.secret_key
|
||||
openssl dec -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
|
||||
rm -f /tmp/.secret_key
|
||||
tar xvf /tmp/terraform.tar -C /
|
||||
env:
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- run: tar xvf /tmp/terraform.tar -C /
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- uses: azure/setup-kubectl@v3
|
||||
|
@ -59,19 +64,16 @@ jobs:
|
|||
if: inputs.TYPE == 'k8s'
|
||||
- name: Pull BW linux ubuntu test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:testing local/ubuntu:latest
|
||||
run: docker pull ghcr.io/bunkerity/ubuntu-tests:testing && docker tag ghcr.io/bunkerity ubuntu-tests:testing local/ubuntu:latest
|
||||
- name: Pull BW linux debian test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:testing local/debian:latest
|
||||
# - name: Pull BW linux centos test image
|
||||
# if: inputs.TYPE == 'linux'
|
||||
# run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:testing local/centos:latest
|
||||
run: docker pull ghcr.io/bunkerity/debian-tests:testing && docker tag ghcr.io/bunkerity debian-tests:testing local/debian:latest
|
||||
- name: Pull BW linux fedora test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:testing local/fedora:latest
|
||||
run: docker pull ghcr.io/bunkerity/fedora-tests:testing && docker tag ghcr.io/bunkerity fedora-tests:testing local/fedora:latest
|
||||
- name: Pull BW linux rhel test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:testing local/rhel:latest
|
||||
run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity rhel-tests:testing local/rhel:latest
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'docker'
|
||||
|
@ -112,12 +114,6 @@ jobs:
|
|||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
# - name: Run Linux centos tests
|
||||
# if: inputs.TYPE == 'linux'
|
||||
# run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "centos"
|
||||
# env:
|
||||
# TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
# ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux fedora tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"
|
||||
|
|
|
@ -10,6 +10,9 @@ jobs:
|
|||
|
||||
# Build Docker images
|
||||
build-containers:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
|
@ -33,11 +36,12 @@ jobs:
|
|||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
|
@ -60,8 +64,6 @@ jobs:
|
|||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Code security
|
||||
code-security:
|
||||
|
@ -126,9 +128,6 @@ jobs:
|
|||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: testing
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
prepare-tests-core:
|
||||
needs: [create-infras]
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -151,9 +150,6 @@ jobs:
|
|||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: testing
|
||||
secrets:
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Delete infrastructures
|
||||
delete-infras:
|
||||
|
@ -172,26 +168,29 @@ jobs:
|
|||
push-images:
|
||||
needs: [staging-tests, tests-ui, tests-core]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Push BW image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing
|
||||
run: docker pull ghcr.io/bunkerweb-tests:testing && docker tag ghcr.io/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing && docker tag bunkerity/bunkerweb:testing ghcr.io/bunkerity/bunkerweb:testing && docker push ghcr.io/bunkerity/bunkerweb:testing
|
||||
- name: Push scheduler image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing
|
||||
run: docker pull ghcr.io/scheduler-tests:testing && docker tag ghcr.io/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing && docker tag bunkerity/bunkerweb-scheduler:testing ghcr.io/bunkerity/bunkerweb-scheduler:testing && docker push ghcr.io/bunkerity/bunkerweb-scheduler:testing
|
||||
- name: Push UI image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing
|
||||
run: docker pull ghcr.io/ui-tests:testing && docker tag ghcr.io/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing && docker tag bunkerity/bunkerweb-ui:testing ghcr.io/bunkerity/bunkerweb-ui:testing && docker push ghcr.io/bunkerity/bunkerweb-ui:testing
|
||||
- name: Push autoconf image
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:testing && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing
|
||||
run: docker pull ghcr.io/autoconf-tests:testing && docker tag ghcr.io/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing && docker tag bunkerity/bunkerweb-autoconf:testing ghcr.io/bunkerity/bunkerweb-autoconf:testing && docker push ghcr.io/bunkerity/bunkerweb-autoconf:testing
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
# drop and export secrets
|
||||
echo "${CICD_SECRETS}" > /opt/.env
|
||||
echo "export TF_VAR_k8s_reg_user=${REG_USER}" >> /opt/.env
|
||||
echo "export TF_VAR_k8s_reg_token=${REG_TOKEN}" >> /opt/.env
|
||||
chmod +x /opt/.env
|
||||
. /opt/.env
|
||||
|
||||
|
|
|
@ -2,10 +2,12 @@
|
|||
variable "autoconf_ip" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
variable "autoconf_ip_id" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
# Create cicd_bw_autoconf SSH key
|
||||
|
@ -25,7 +27,7 @@ resource "scaleway_instance_server" "instance" {
|
|||
|
||||
# Create Ansible inventory file
|
||||
resource "local_file" "ansible_inventory" {
|
||||
content = templatefile("templates/autoconf_inventory.tftpl", {
|
||||
sensitive_content = templatefile("templates/autoconf_inventory.tftpl", {
|
||||
public_ip = var.autoconf_ip
|
||||
})
|
||||
filename = "/tmp/autoconf_inventory"
|
||||
|
|
|
@ -2,10 +2,12 @@
|
|||
variable "docker_ip" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
variable "docker_ip_id" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
# Create cicd_bw_docker SSH key
|
||||
|
@ -25,7 +27,7 @@ resource "scaleway_instance_server" "instance" {
|
|||
|
||||
# Create Ansible inventory file
|
||||
resource "local_file" "ansible_inventory" {
|
||||
content = templatefile("templates/docker_inventory.tftpl", {
|
||||
sensitive_content = templatefile("templates/docker_inventory.tftpl", {
|
||||
public_ip = var.docker_ip
|
||||
})
|
||||
filename = "/tmp/docker_inventory"
|
||||
|
|
|
@ -2,10 +2,17 @@
|
|||
variable "k8s_ip" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
variable "k8s_dockerconfigjson" {
|
||||
variable "k8s_reg_user" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
variable "k8s_reg_token" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
# Create k8s cluster
|
||||
|
@ -28,7 +35,7 @@ resource "scaleway_k8s_pool" "pool" {
|
|||
# Get kubeconfig file
|
||||
resource "local_file" "kubeconfig" {
|
||||
depends_on = [scaleway_k8s_pool.pool]
|
||||
content = scaleway_k8s_cluster.cluster.kubeconfig[0].config_file
|
||||
sensitive_content = scaleway_k8s_cluster.cluster.kubeconfig[0].config_file
|
||||
filename = "/tmp/k8s/kubeconfig"
|
||||
}
|
||||
provider "kubectl" {
|
||||
|
@ -38,7 +45,7 @@ provider "kubectl" {
|
|||
# Setup LB
|
||||
resource "local_file" "lb_yml" {
|
||||
depends_on = [local_file.kubeconfig]
|
||||
content = templatefile("templates/lb.yml.tftpl", {
|
||||
sensitive_content = templatefile("templates/lb.yml.tftpl", {
|
||||
lb_ip = var.k8s_ip
|
||||
})
|
||||
filename = "/tmp/k8s/lb.yml"
|
||||
|
@ -49,14 +56,23 @@ resource "kubectl_manifest" "lb" {
|
|||
}
|
||||
|
||||
# Setup registry
|
||||
resource "local_file" "reg_yml" {
|
||||
depends_on = [local_file.kubeconfig]
|
||||
content = templatefile("templates/reg.yml.tftpl", {
|
||||
dockerconfigjson = var.k8s_dockerconfigjson
|
||||
})
|
||||
filename = "/tmp/k8s/reg.yml"
|
||||
provider "kubernetes" {
|
||||
config_path = "${local_file.kubeconfig.filename}"
|
||||
}
|
||||
resource "kubectl_manifest" "reg" {
|
||||
depends_on = [local_file.reg_yml]
|
||||
yaml_body = local_file.reg_yml.content
|
||||
resource "kubernetes_secret" "reg" {
|
||||
metadata = {
|
||||
name = "secret-registry"
|
||||
}
|
||||
type = "kubernetes.io/dockerconfigjson"
|
||||
data = {
|
||||
".dockerconfigjson" = jsonencode({
|
||||
auths = {
|
||||
"ghcr.io" = {
|
||||
"username" = var.k8s_reg_user
|
||||
"password" = var.k8s_reg_token
|
||||
"auth" = base64encode("${var.k8s_reg_user}:${var.k8s_reg_token}")
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
|
@ -2,10 +2,12 @@
|
|||
variable "linux_ip" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
variable "linux_ip_id" {
|
||||
type = string
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
# Create cicd_bw_linux SSH key
|
||||
|
@ -25,7 +27,7 @@ resource "scaleway_instance_server" "instance" {
|
|||
|
||||
# Create Ansible inventory file
|
||||
resource "local_file" "ansible_inventory" {
|
||||
content = templatefile("templates/linux_inventory.tftpl", {
|
||||
sensitive_content = templatefile("templates/linux_inventory.tftpl", {
|
||||
public_ip = var.linux_ip
|
||||
})
|
||||
filename = "/tmp/linux_inventory"
|
||||
|
|
|
@ -8,5 +8,9 @@ terraform {
|
|||
source = "gavinbunney/kubectl"
|
||||
version = "1.14.0"
|
||||
}
|
||||
kubernetes = {
|
||||
source = "hashicorp/kubernetes"
|
||||
version = "2.23.0"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -2,10 +2,12 @@
|
|||
variable "swarm_ips" {
|
||||
type = list(string)
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
variable "swarm_ips_id" {
|
||||
type = list(string)
|
||||
nullable = false
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
# Create cicd_bw_swarm SSH key
|
||||
|
@ -34,7 +36,7 @@ resource "scaleway_instance_server" "instances" {
|
|||
|
||||
# Create Ansible inventory file
|
||||
resource "local_file" "ansible_inventory" {
|
||||
content = templatefile("templates/swarm_inventory.tftpl", {
|
||||
sensitive_content = templatefile("templates/swarm_inventory.tftpl", {
|
||||
public_ips = var.swarm_ips
|
||||
})
|
||||
filename = "/tmp/swarm_inventory"
|
||||
|
|
Loading…
Reference in New Issue