Add new infra architecture 11

2026-01-20 22:05:10 +01:00
parent 0217ad83be
commit 2512de4173
42 changed files with 1056 additions and 874 deletions
--- a/infrastructure/cicd/tekton-helm/templates/NOTES.txt
+++ b/infrastructure/cicd/tekton-helm/templates/NOTES.txt
@@ -17,6 +17,6 @@ After Tekton is installed, this chart will deploy:
 - Tasks, Pipelines, and Triggers for CI/CD

 To check the status of deployed resources:
-  kubectl get all -n {{ .Values.namespace }}
+  kubectl get all -n {{ .Release.Namespace }}

 For more information about Tekton, visit: https://tekton.dev/
--- a/infrastructure/cicd/tekton-helm/templates/clusterroles.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/clusterroles.yaml
@@ -31,6 +31,10 @@ rules:
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
+  # Ability to list cluster-scoped trigger resources (needed for Tekton Triggers controller)
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["clustertriggerbindings", "clusterinterceptors"]
+    verbs: ["get", "list", "watch"]
 ---
 # ClusterRole for Pipeline execution (needed for git operations and deployments)
 apiVersion: rbac.authorization.k8s.io/v1
@@ -63,7 +67,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: tekton-triggers-eventlistener-role
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers
--- a/infrastructure/cicd/tekton-helm/templates/configmap.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/configmap.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: pipeline-config
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: config
--- a/infrastructure/cicd/tekton-helm/templates/event-listener.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/event-listener.yaml
@@ -5,7 +5,7 @@ apiVersion: triggers.tekton.dev/v1beta1
 kind: EventListener
 metadata:
  name: bakery-ia-event-listener
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers
--- a/infrastructure/cicd/tekton-helm/templates/pipeline-ci.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/pipeline-ci.yaml
@@ -7,7 +7,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
  name: bakery-ia-ci
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: pipeline
--- a/infrastructure/cicd/tekton-helm/templates/rolebindings.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/rolebindings.yaml
@@ -9,7 +9,7 @@ metadata:
 subjects:
  - kind: ServiceAccount
    name: {{ .Values.serviceAccounts.triggers.name }}
-    namespace: {{ .Values.namespace }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
  kind: ClusterRole
  name: tekton-triggers-role
@@ -26,7 +26,7 @@ metadata:
 subjects:
  - kind: ServiceAccount
    name: {{ .Values.serviceAccounts.pipeline.name }}
-    namespace: {{ .Values.namespace }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
  kind: ClusterRole
  name: tekton-pipeline-role
@@ -37,14 +37,14 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: tekton-triggers-eventlistener-binding
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers
 subjects:
  - kind: ServiceAccount
    name: {{ .Values.serviceAccounts.triggers.name }}
-    namespace: {{ .Values.namespace }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
  kind: Role
  name: tekton-triggers-eventlistener-role
--- a/infrastructure/cicd/tekton-helm/templates/secrets.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/secrets.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: gitea-webhook-secret
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers
@@ -17,11 +17,16 @@ stringData:
 # Secret for Gitea container registry credentials
 # Used by Kaniko to push images to Gitea registry
 # References the existing gitea-admin-secret for consistency
+{{- $giteaSecret := (lookup "v1" "Secret" "gitea" "gitea-admin-secret") }}
+{{- $giteaPassword := "" }}
+{{- if and $giteaSecret $giteaSecret.data (index $giteaSecret.data "password") }}
+{{- $giteaPassword = index $giteaSecret.data "password" | b64dec }}
+{{- end }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: gitea-registry-credentials
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: build
@@ -29,13 +34,14 @@ metadata:
    note: "Registry credentials for pushing images - references gitea-admin-secret"
 type: kubernetes.io/dockerconfigjson
 stringData:
+  {{- $registryPassword := .Values.secrets.registry.password | default $giteaPassword | default "PLACEHOLDER_PASSWORD" }}
  {{- if and .Values.secrets.registry.registryUrl .Values.secrets.registry.username }}
  .dockerconfigjson: |
    {
      "auths": {
        {{ .Values.secrets.registry.registryUrl | quote }}: {
          "username": {{ .Values.secrets.registry.username | quote }},
-          "password": {{ .Values.secrets.registry.password | default (lookup "v1" "Secret" "gitea" "gitea-admin-secret").data.password | b64dec | quote }}
+          "password": {{ $registryPassword | quote }}
        }
      }
    }
@@ -49,7 +55,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: gitea-git-credentials
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: gitops
@@ -57,8 +63,9 @@ metadata:
    note: "Git credentials for GitOps updates - references gitea-admin-secret"
 type: Opaque
 stringData:
+  {{- $gitPassword := .Values.secrets.git.password | default $giteaPassword | default "PLACEHOLDER_PASSWORD" }}
  username: {{ .Values.secrets.git.username | quote }}
-  password: {{ .Values.secrets.git.password | default (lookup "v1" "Secret" "gitea" "gitea-admin-secret").data.password | b64dec | quote }}
+  password: {{ $gitPassword | quote }}
 ---
 # Secret for Flux GitRepository access
 # Used by Flux to pull from Gitea repository
@@ -75,5 +82,6 @@ metadata:
    note: "Credentials for Flux GitRepository access - references gitea-admin-secret"
 type: Opaque
 stringData:
+  {{- $fluxPassword := .Values.secrets.git.password | default $giteaPassword | default "PLACEHOLDER_PASSWORD" }}
  username: {{ .Values.secrets.git.username | quote }}
-  password: {{ .Values.secrets.git.password | default (lookup "v1" "Secret" "gitea" "gitea-admin-secret").data.password | b64dec | quote }}
+  password: {{ $fluxPassword | quote }}
--- a/infrastructure/cicd/tekton-helm/templates/serviceaccounts.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/serviceaccounts.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ .Values.serviceAccounts.triggers.name }}
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers
@@ -13,7 +13,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ .Values.serviceAccounts.pipeline.name }}
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: pipeline
--- a/infrastructure/cicd/tekton-helm/templates/task-detect-changes.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-detect-changes.yaml
@@ -5,7 +5,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: detect-changed-services
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: detection
--- a/infrastructure/cicd/tekton-helm/templates/task-git-clone.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-git-clone.yaml
@@ -5,7 +5,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: git-clone
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: source
--- a/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml
@@ -6,7 +6,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: kaniko-build
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: build
@@ -29,11 +29,11 @@ spec:
    - name: base-registry
      type: string
      description: Base image registry URL (e.g., docker.io, ghcr.io/org)
-      default: "docker.io"
+      default: "gitea-http.gitea.svc.cluster.local:3000/bakery-admin"
    - name: python-image
      type: string
      description: Python base image name and tag
-      default: "python:3.11-slim"
+      default: "python_3.11-slim"
  results:
    - name: build-status
      description: Status of the build operation
--- a/infrastructure/cicd/tekton-helm/templates/task-pipeline-summary.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-pipeline-summary.yaml
@@ -5,7 +5,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: pipeline-summary
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: summary
--- a/infrastructure/cicd/tekton-helm/templates/task-run-tests.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-run-tests.yaml
@@ -5,7 +5,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: run-tests
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: test
@@ -23,7 +23,7 @@ spec:
      default: "false"
  steps:
    - name: run-unit-tests
-      image: python:3.11-slim
+      image: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/python_3.11-slim:latest
      workingDir: $(workspaces.source.path)
      script: |
        #!/bin/bash
@@ -57,7 +57,7 @@ spec:
          cpu: 200m
          memory: 512Mi
    - name: run-integration-tests
-      image: python:3.11-slim
+      image: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/python_3.11-slim:latest
      workingDir: $(workspaces.source.path)
      script: |
        #!/bin/bash
--- a/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml
@@ -5,7 +5,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: update-gitops
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: gitops
--- a/infrastructure/cicd/tekton-helm/templates/trigger-binding.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/trigger-binding.yaml
@@ -5,7 +5,7 @@ apiVersion: triggers.tekton.dev/v1beta1
 kind: TriggerBinding
 metadata:
  name: bakery-ia-trigger-binding
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers
--- a/infrastructure/cicd/tekton-helm/templates/trigger-template.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/trigger-template.yaml
@@ -5,7 +5,7 @@ apiVersion: triggers.tekton.dev/v1beta1
 kind: TriggerTemplate
 metadata:
  name: bakery-ia-trigger-template
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Values.labels.app.name }}
    app.kubernetes.io/component: triggers