diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml deleted file mode 100644 index 908d3b8..0000000 --- a/.gitea/workflows/deploy.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Mosquitto CI/CD Pipeline - -on: - push: - branches: - - fix/* - - main - - master - pull_request: - schedule: - - cron: '0 15 * * 0' # every sunday 3 pm - -jobs: - deploy: - runs-on: ["casa-vlan-cicd", "kubectl", "helm", "deploy"] - env: - GITHUB_TEMP: ${{ runner.temp }} - - steps: - - - name: Checkout code - uses: actions/checkout@v3 - - - name: Fetch limbo public actions - env: - RUNNER_TEMP: "${{ runner.temp }}" - WORKSPACE: "${{ gitea.workspace }}" - run: | - curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1 - - - name: Setup kubectl - uses: ./.gitea/limbo_actions/kubectl-setup - with: - kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }} - kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }} - kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }} - - - name: Deploy Mosquitto - shell: bash - run: | - kubectl apply -f ./deploy/mosquitto-deploy.yaml - \ No newline at end of file diff --git a/deploy/app/kustomization.yaml b/deploy/app/kustomization.yaml new file mode 100644 index 0000000..211055a --- /dev/null +++ b/deploy/app/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mqtt +resources: + - statefulset.yaml + - pvc.yaml + - secret.yaml diff --git a/deploy/app/pvc.yaml b/deploy/app/pvc.yaml new file mode 100644 index 0000000..95d80cd --- /dev/null +++ b/deploy/app/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mosquitto-data + namespace: mqtt +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: local-path \ No newline at end of file diff --git a/deploy/app/secret.yaml b/deploy/app/secret.yaml new file mode 100644 index 0000000..497fba1 --- /dev/null +++ b/deploy/app/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mosquitto + namespace: mqtt +type: Opaque +stringData: + config: | + listener 1883 + allow_anonymous true \ No newline at end of file diff --git a/deploy/mosquitto-deploy.yaml b/deploy/app/statefulset.yaml similarity index 81% rename from deploy/mosquitto-deploy.yaml rename to deploy/app/statefulset.yaml index 3f4dc9b..60e9ba4 100644 --- a/deploy/mosquitto-deploy.yaml +++ b/deploy/app/statefulset.yaml @@ -1,32 +1,3 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mosquitto-data - namespace: mqtt -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: local-path - ---- - - -apiVersion: v1 -kind: Secret -metadata: - name: mosquitto - namespace: mqtt -type: Opaque -stringData: - config: | - listener 1883 - allow_anonymous true - ---- - apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/deploy/cicd-rbac.yaml b/deploy/cicd-rbac.yaml deleted file mode 100644 index 1631ec1..0000000 --- a/deploy/cicd-rbac.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: mqtt - name: ci-cd -rules: -- apiGroups: [""] - resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] -- apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] -- apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] -- apiGroups: ["traefik.io"] - resources: ["ingressroutes"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ci-cd - namespace: mqtt -subjects: -- kind: ServiceAccount - name: casa-ci-cd - namespace: home-assistant -roleRef: - kind: Role - name: ci-cd - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/flux/.env.d/.gitignore b/deploy/flux/.env.d/.gitignore new file mode 100644 index 0000000..d29675e --- /dev/null +++ b/deploy/flux/.env.d/.gitignore @@ -0,0 +1,2 @@ +** +!.gitignore \ No newline at end of file diff --git a/deploy/flux/app-sync.yaml b/deploy/flux/app-sync.yaml new file mode 100644 index 0000000..f0f2b46 --- /dev/null +++ b/deploy/flux/app-sync.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: app +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: lms + path: deploy/app + prune: true + \ No newline at end of file diff --git a/deploy/flux/git-repo.yaml b/deploy/flux/git-repo.yaml new file mode 100644 index 0000000..eac1513 --- /dev/null +++ b/deploy/flux/git-repo.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: mosquitto +spec: + interval: 1m0s + url: ssh://git@git.limbosolutions.com:2222/marcio.fernandes/mosquitto.git + ref: + branch: master + secretRef: + name: flux-repo-ssh-credentials \ No newline at end of file diff --git a/deploy/flux/kustomization.yaml b/deploy/flux/kustomization.yaml new file mode 100644 index 0000000..074efaf --- /dev/null +++ b/deploy/flux/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - git-repo.yaml + - app-sync.yaml +secretGenerator: + - name: flux-repo-ssh-credentials + namespace: lyrionmusicserver + files: + - "identity=./.env.d/flux-repo-ssh-key" + - "known_hosts=./.env.d/flux-repo-ssh-known_hosts" + - "pubkey=./.env.d/flux-repo-ssh-key.pub" + - name: flux-sops-age + namespace: lyrionmusicserver + files: + - "age.agekey=./.env.d/age.agekey" +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file