From 90ef2626301d7896d3aba343ddb791b718b9e4b0 Mon Sep 17 00:00:00 2001 From: Kevin Pouget Date: Wed, 13 May 2026 10:28:59 +0200 Subject: [PATCH] fournos: gitops: add fournos gitops --- fournos/gitops/README.md | 97 +++++++++++++++ .../gitops/applications/forge-production.yaml | 36 ++++++ .../gitops/applications/forge-staging.yaml | 36 ++++++ .../gitops/applications/kustomization.yaml | 10 ++ fournos/gitops/base/images/imagestream.yaml | 21 ++++ fournos/gitops/base/images/kustomization.yaml | 10 ++ fournos/gitops/base/kustomization.yaml | 13 ++ .../gitops/base/workflows/kustomization.yaml | 14 +++ .../gitops/base/workflows/pipeline-full.yaml | 115 ++++++++++++++++++ .../base/workflows/pipeline-replot.yaml | 57 +++++++++ .../base/workflows/pipeline-test-only.yaml | 57 +++++++++ .../gitops/base/workflows/resolve-job.yaml | 84 +++++++++++++ .../base/workflows/task-forge-step.yaml | 106 ++++++++++++++++ fournos/gitops/kustomization.yaml | 12 ++ .../overlays/production/kustomization.yaml | 19 +++ .../overlays/staging/kustomization.yaml | 20 +++ 16 files changed, 707 insertions(+) create mode 100644 fournos/gitops/README.md create mode 100644 fournos/gitops/applications/forge-production.yaml create mode 100644 fournos/gitops/applications/forge-staging.yaml create mode 100644 fournos/gitops/applications/kustomization.yaml create mode 100644 fournos/gitops/base/images/imagestream.yaml create mode 100644 fournos/gitops/base/images/kustomization.yaml create mode 100644 fournos/gitops/base/kustomization.yaml create mode 100644 fournos/gitops/base/workflows/kustomization.yaml create mode 100644 fournos/gitops/base/workflows/pipeline-full.yaml create mode 100644 fournos/gitops/base/workflows/pipeline-replot.yaml create mode 100644 fournos/gitops/base/workflows/pipeline-test-only.yaml create mode 100644 fournos/gitops/base/workflows/resolve-job.yaml create mode 100644 fournos/gitops/base/workflows/task-forge-step.yaml create mode 100644 fournos/gitops/kustomization.yaml create mode 100644 fournos/gitops/overlays/production/kustomization.yaml create mode 100644 fournos/gitops/overlays/staging/kustomization.yaml diff --git a/fournos/gitops/README.md b/fournos/gitops/README.md new file mode 100644 index 00000000..5f1821b3 --- /dev/null +++ b/fournos/gitops/README.md @@ -0,0 +1,97 @@ +# Forge GitOps Configuration + +This directory contains the ArgoCD GitOps configuration for deploying FORGE components including images and pipelines. + +## Structure + +``` +gitops/ +├── applications/ # ArgoCD Application manifests +│ ├── forge-development.yaml +│ ├── forge-production.yaml +│ └── kustomization.yaml +├── base/ # Base Kubernetes manifests +│ ├── images/ # Image build configurations +│ │ ├── imagestream.yaml +│ │ ├── build.yaml +│ │ ├── buildrun.yaml +│ │ └── kustomization.yaml +│ ├── workflows/ # Tekton pipelines and tasks +│ │ ├── task-forge-step.yaml +│ │ ├── pipeline-full.yaml +│ │ ├── pipeline-test-only.yaml +│ │ ├── pipeline-replot.yaml +│ │ └── kustomization.yaml +│ └── kustomization.yaml +└── overlays/ # Environment-specific configurations + ├── development/ + │ └── kustomization.yaml + └── production/ + └── kustomization.yaml +``` + +## Components + +### Images +- **ImageStream**: Manages forge-core image tags and references +- **Build**: Shipwright build configuration for building forge image from source +- **BuildRun**: Triggers the build process + +### Workflows +- **Task**: `forge-step` - Reusable Tekton task for executing forge commands +- **Pipelines**: Multiple pipeline variants: + - `forge-full`: Complete pipeline with pre-cleanup, prepare, test, export-artifacts, and post-cleanup + - `pipeline-test-only`: Test execution only + - `pipeline-replot`: Replotting functionality + +## Environments + +### Development (`fournos-dev` namespace) +- Auto-sync enabled with prune and self-heal +- Deploys from main branch +- More aggressive sync policies for faster iteration + +### Production (`fournos-prod` namespace) +- Conservative sync policies (no auto-prune) +- Manual approval recommended for critical changes +- Extended revision history + +## Deployment + +### Option 1: Deploy Applications Directly +```bash +oc apply -k gitops/applications/ +``` + +### Option 2: Deploy to Specific Environment +```bash +# Development +oc apply -k gitops/overlays/development/ + +# Production +oc apply -k gitops/overlays/production/ +``` + +### Option 3: Manual Application Creation +```bash +oc apply -f gitops/applications/forge-development.yaml +oc apply -f gitops/applications/forge-production.yaml +``` + +## Integration with Fournos + +This GitOps configuration replaces the forge-specific manifests previously stored in the `fournos/config/forge/` directory. The manifests have been adapted to: + +1. Use dynamic namespace placeholders that get resolved by kustomize overlays +2. Follow GitOps best practices with environment-specific configurations +3. Include proper labeling and annotations for resource management +4. Support both automated and manual deployment workflows + +## Migration Notes + +The following changes were made from the original fournos configuration: +- Moved from `fournos/config/forge/` to `forge/gitops/` +- Added kustomization files for proper resource management +- Created environment-specific overlays for dev/prod deployments +- Updated image references to use dynamic namespace resolution +- Added ArgoCD Application manifests for automated GitOps deployment diff --git a/fournos/gitops/applications/forge-production.yaml b/fournos/gitops/applications/forge-production.yaml new file mode 100644 index 00000000..0c138e14 --- /dev/null +++ b/fournos/gitops/applications/forge-production.yaml @@ -0,0 +1,36 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forge-production + namespace: openshift-gitops + labels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/part-of: fournos + environment: production + annotations: + description: "FORGE production environment deployment via GitOps" +spec: + project: forge-on-fournos + source: + repoURL: https://github.com/openshift-psap/forge + targetRevision: main + path: fournos/gitops/overlays/production + destination: + server: https://kubernetes.default.svc + namespace: psap-automation + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=false + - PrunePropagationPolicy=foreground + - PruneLast=true + retry: + limit: 3 + backoff: + duration: 10s + factor: 2 + maxDuration: 5m + revisionHistoryLimit: 10 diff --git a/fournos/gitops/applications/forge-staging.yaml b/fournos/gitops/applications/forge-staging.yaml new file mode 100644 index 00000000..1c94162b --- /dev/null +++ b/fournos/gitops/applications/forge-staging.yaml @@ -0,0 +1,36 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forge-development + namespace: openshift-gitops + labels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/part-of: fournos + environment: staging + annotations: + description: "FORGE staging environment deployment via GitOps" +spec: + project: forge-on-fournos + source: + repoURL: https://github.com/openshift-psap/forge + targetRevision: main + path: fournos/gitops/overlays/staging + destination: + server: https://kubernetes.default.svc + namespace: psap-automation-staging + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=false + - PrunePropagationPolicy=foreground + - PruneLast=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 5 diff --git a/fournos/gitops/applications/kustomization.yaml b/fournos/gitops/applications/kustomization.yaml new file mode 100644 index 00000000..4faafafd --- /dev/null +++ b/fournos/gitops/applications/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - forge-development.yaml + - forge-production.yaml + +commonLabels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/part-of: fournos diff --git a/fournos/gitops/base/images/imagestream.yaml b/fournos/gitops/base/images/imagestream.yaml new file mode 100644 index 00000000..f0777a06 --- /dev/null +++ b/fournos/gitops/base/images/imagestream.yaml @@ -0,0 +1,21 @@ +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + name: forge-core + labels: + app: forge + component: image-build + annotations: + description: "FORGE core image for remote job execution" +spec: + lookupPolicy: + local: true + tags: + - name: latest + from: + kind: DockerImage + name: quay.io/rh_perfscale/forge:latest + importPolicy: + scheduled: true + referencePolicy: + type: Local diff --git a/fournos/gitops/base/images/kustomization.yaml b/fournos/gitops/base/images/kustomization.yaml new file mode 100644 index 00000000..beaf721c --- /dev/null +++ b/fournos/gitops/base/images/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - imagestream.yaml + +commonLabels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/component: images + app.kubernetes.io/part-of: fournos diff --git a/fournos/gitops/base/kustomization.yaml b/fournos/gitops/base/kustomization.yaml new file mode 100644 index 00000000..54b703c9 --- /dev/null +++ b/fournos/gitops/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +metadata: + name: forge-base + +resources: + - images + - workflows + +commonLabels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/part-of: fournos diff --git a/fournos/gitops/base/workflows/kustomization.yaml b/fournos/gitops/base/workflows/kustomization.yaml new file mode 100644 index 00000000..af70922b --- /dev/null +++ b/fournos/gitops/base/workflows/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - resolve-job.yaml + - task-forge-step.yaml + - pipeline-full.yaml + - pipeline-test-only.yaml + - pipeline-replot.yaml + +commonLabels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/component: workflows + app.kubernetes.io/part-of: fournos diff --git a/fournos/gitops/base/workflows/pipeline-full.yaml b/fournos/gitops/base/workflows/pipeline-full.yaml new file mode 100644 index 00000000..e16f6c57 --- /dev/null +++ b/fournos/gitops/base/workflows/pipeline-full.yaml @@ -0,0 +1,115 @@ +# Full pipeline: pre_cleanup -> prepare → test → export-artifacts + post-cleanup. +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: forge-full + annotations: + fournos.dev/resolve-image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/forge-core:latest +spec: + workspaces: + - name: artifacts + params: + - name: fjob-name + type: string + - name: fournos-workload-namespace + type: string + - name: kubeconfig-secret + type: string + + tasks: + - name: pre-cleanup + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: pre-cleanup + - name: job-step-name + value: 000__pre-cleanup + + - name: prepare + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: prepare + - name: job-step-name + value: 001__prepare + + - name: test + runAfter: [prepare] + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: test + - name: job-step-name + value: 002__test + + finally: + - name: export-artifacts + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: export-artifacts + - name: job-step-name + value: 003__export-artifacts + + - name: post-cleanup + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: pre-cleanup + - name: job-step-name + value: 004__post-cleanup diff --git a/fournos/gitops/base/workflows/pipeline-replot.yaml b/fournos/gitops/base/workflows/pipeline-replot.yaml new file mode 100644 index 00000000..1c979758 --- /dev/null +++ b/fournos/gitops/base/workflows/pipeline-replot.yaml @@ -0,0 +1,57 @@ +# Single-step pipeline: run only (no prepare, no cleanup). +# Use on pre-configured clusters where setup/teardown is handled externally. +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: forge-replot + annotations: + fournos.dev/resolve-image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/forge-core:latest +spec: + workspaces: + - name: artifacts + params: + - name: fjob-name + type: string + - name: fournos-workload-namespace + type: string + - name: kubeconfig-secret + type: string + tasks: + - name: replot + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: caliper_replot + - name: job-step-name + value: 000__replot + + finally: + - name: export-artifacts + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: export-artifacts + - name: job-step-name + value: 001__export-artifacts diff --git a/fournos/gitops/base/workflows/pipeline-test-only.yaml b/fournos/gitops/base/workflows/pipeline-test-only.yaml new file mode 100644 index 00000000..3b87f352 --- /dev/null +++ b/fournos/gitops/base/workflows/pipeline-test-only.yaml @@ -0,0 +1,57 @@ +# Single-step pipeline: run only (no prepare, no cleanup). +# Use on pre-configured clusters where setup/teardown is handled externally. +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: forge-test-only + annotations: + fournos.dev/resolve-image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/forge-core:latest +spec: + workspaces: + - name: artifacts + params: + - name: fjob-name + type: string + - name: fournos-workload-namespace + type: string + - name: kubeconfig-secret + type: string + tasks: + - name: test + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: test + - name: job-step-name + value: 000__test + + finally: + - name: export-artifacts + taskRef: + name: forge-step + kind: Task + workspaces: + - name: artifacts + workspace: artifacts + params: + - name: fjob-name + value: "$(params.fjob-name)" + - name: fournos-workload-namespace + value: "$(params.fournos-workload-namespace)" + - name: kubeconfig-secret + value: "$(params.kubeconfig-secret)" + - name: job-step + value: export-artifacts + - name: job-step-name + value: 001__export-artifacts diff --git a/fournos/gitops/base/workflows/resolve-job.yaml b/fournos/gitops/base/workflows/resolve-job.yaml new file mode 100644 index 00000000..9ce09175 --- /dev/null +++ b/fournos/gitops/base/workflows/resolve-job.yaml @@ -0,0 +1,84 @@ +# Template for the resolve K8s Job (currently Forge). +# +# The operator loads this at startup, deep-copies it per job, and injects +# dynamic values (metadata, image, env-var values, ownerReferences, deadline). +# +# The container setup mirrors task-forge-step.yaml so the same forge-core +# image runs through the identical bootstrap sequence. +# The only difference is that no kubeconfig volume is mounted — the resolve +# step runs on the hub cluster and does not need remote-cluster access. +apiVersion: batch/v1 +kind: Job +metadata: + name: forge-resolve-job-template + labels: + app: forge + component: resolve + annotations: + description: "Template for FORGE resolve jobs" +spec: + backoffLimit: 0 + template: + spec: + serviceAccountName: fournos + restartPolicy: Never + containers: + - name: resolve + image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/forge-core:latest + imagePullPolicy: Always + env: + - name: FJOB_NAME + - name: FOURNOS_WORKLOAD_NAMESPACE + - name: FOURNOS_STEP + value: resolve-fournos-config + - name: FOURNOS_CI + value: "true" + command: ["/bin/bash", "-c"] + args: + - | + set -o pipefail + set -o errexit + set -o nounset + set -o errtrace + + export ARTIFACT_DIR=/tmp/artifacts + mkdir -p "${ARTIFACT_DIR}" + + exec &> >(tee -a "$ARTIFACT_DIR/run.log") + + oc get "fjob/$FJOB_NAME" -n "$FOURNOS_WORKLOAD_NAMESPACE" -oyaml > $ARTIFACT_DIR/fournos_fjob.yaml + + PULL_BASE_SHA=$(cat "$ARTIFACT_DIR/fournos_fjob.yaml" | yq -r .spec.env.PULL_BASE_SHA) + if [[ "$PULL_BASE_SHA" != null ]]; then + export PULL_BASE_SHA + else + unset PULL_BASE_SHA + fi + + PULL_PULL_SHA=$(cat "$ARTIFACT_DIR/fournos_fjob.yaml" | yq -r .spec.env.PULL_PULL_SHA) + if [[ "$PULL_PULL_SHA" != null ]]; then + export PULL_PULL_SHA + else + unset PULL_PULL_SHA + fi + + if [[ "${PULL_PULL_SHA:-}" ]]; then + echo + echo "Updating to PULL_PULL_SHA=$PULL_PULL_SHA ..." + + git -C "$FORGE_HOME" fetch --quiet origin "$PULL_PULL_SHA" + git -C "$FORGE_HOME" reset --hard FETCH_HEAD + else + echo "No PULL_PULL_SHA, using the image commit" + fi + git show --quiet + + FORGE_PROJECT=$(cat "$ARTIFACT_DIR/fournos_fjob.yaml" | yq -r .spec.executionEngine.forge.project) + if [[ -z "$FORGE_PROJECT" || "$FORGE_PROJECT" == null ]]; then + echo "ERROR: invalid .spec.executionEngine.forge.project='$FORGE_PROJECT' in $FOURNOS_WORKLOAD_NAMESPACE/$FJOB_NAME" + exit 1 + fi + + export FOURNOS_CI=true + + exec bin/run_ci "$FORGE_PROJECT" ci "$FOURNOS_STEP" diff --git a/fournos/gitops/base/workflows/task-forge-step.yaml b/fournos/gitops/base/workflows/task-forge-step.yaml new file mode 100644 index 00000000..ab4010da --- /dev/null +++ b/fournos/gitops/base/workflows/task-forge-step.yaml @@ -0,0 +1,106 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: forge-step +spec: + workspaces: + - name: artifacts + description: Shared artifact storage across pipeline tasks. + params: + - name: fjob-name + type: string + - name: fournos-workload-namespace + type: string + - name: kubeconfig-secret + type: string + - name: job-step + type: string + - name: job-step-name + type: string + steps: + - name: forge + image: image-registry.openshift-image-registry.svc:5000/$(context.taskRun.namespace)/forge-core:latest + imagePullPolicy: Always + computeResources: {} + env: + - name: TARGET_KUBECONFIG + value: /var/run/secrets/fournos-kubeconfig/kubeconfig + - name: FJOB_NAME + value: "$(params.fjob-name)" + - name: FOURNOS_WORKLOAD_NAMESPACE + value: "$(params.fournos-workload-namespace)" + - name: FOURNOS_STEP + value: "$(params.job-step)" + - name: FOURNOS_STEP_NAME + value: "$(params.job-step-name)" + - name: FOURNOS_SECRETS + value: /var/run/secrets/fournos + - name: FOURNOS_CI + value: "true" + volumeMounts: + - name: kubeconfig + mountPath: /var/run/secrets/fournos-kubeconfig + readOnly: true + - name: vault-secrets + mountPath: /var/run/secrets/fournos + readOnly: true + script: | + #!/usr/bin/env bash + + set -o pipefail + set -o errexit + set -o nounset + set -o errtrace + + export ARTIFACT_BASE_DIR="$(workspaces.artifacts.path)" + export ARTIFACT_DIR="${ARTIFACT_BASE_DIR}/${FOURNOS_STEP_NAME}" + mkdir -p "${ARTIFACT_DIR}" + + exec &> >(tee -a "$ARTIFACT_DIR/run.log") + + # Fetch FournosJob from the hub cluster (in-cluster SA) before + # switching KUBECONFIG to the target cluster. + oc get "fjob/$FJOB_NAME" -n "$FOURNOS_WORKLOAD_NAMESPACE" -oyaml > $ARTIFACT_DIR/fournos_fjob.yaml + + export KUBECONFIG=$TARGET_KUBECONFIG + + PULL_BASE_SHA=$(cat "$ARTIFACT_DIR/fournos_fjob.yaml" | yq -r .spec.env.PULL_BASE_SHA) + if [[ "$PULL_BASE_SHA" != null ]]; then + export PULL_BASE_SHA + else + unset PULL_BASE_SHA + fi + + PULL_PULL_SHA=$(cat "$ARTIFACT_DIR/fournos_fjob.yaml" | yq -r .spec.env.PULL_PULL_SHA) + if [[ "$PULL_PULL_SHA" != null ]]; then + export PULL_PULL_SHA + else + unset PULL_PULL_SHA + fi + + if [[ "${PULL_PULL_SHA:-}" ]]; then + echo + echo "Updating to PULL_PULL_SHA=$PULL_PULL_SHA ..." + + git -C "$FORGE_HOME" fetch --quiet origin "$PULL_PULL_SHA" + git -C "$FORGE_HOME" reset --hard FETCH_HEAD + else + echo "No PULL_PULL_SHA, using the image commit" + fi + git show --quiet + + FORGE_PROJECT=$(cat "$ARTIFACT_DIR/fournos_fjob.yaml" | yq -r .spec.executionEngine.forge.project) + if [[ -z "$FORGE_PROJECT" || "$FORGE_PROJECT" == null ]]; then + echo "ERROR: invalid .spec.executionEngine.forge.project='$FORGE_PROJECT' in $FOURNOS_WORKLOAD_NAMESPACE/$FJOB_NAME" + exit 1 + fi + + exec bin/run_ci "$FORGE_PROJECT" ci "$FOURNOS_STEP" + + volumes: + - name: kubeconfig + secret: + secretName: $(params.kubeconfig-secret) + - name: vault-secrets + secret: + secretName: fournos-vault diff --git a/fournos/gitops/kustomization.yaml b/fournos/gitops/kustomization.yaml new file mode 100644 index 00000000..049771a2 --- /dev/null +++ b/fournos/gitops/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +metadata: + name: forge-gitops + +resources: + - applications + +commonLabels: + app.kubernetes.io/name: forge-on-fournos + app.kubernetes.io/part-of: fournos diff --git a/fournos/gitops/overlays/production/kustomization.yaml b/fournos/gitops/overlays/production/kustomization.yaml new file mode 100644 index 00000000..8beedfbd --- /dev/null +++ b/fournos/gitops/overlays/production/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: psap-automation + +resources: + - ../../base + +patches: + - target: + group: tekton.dev + version: v1 + kind: Pipeline + patch: |- + - op: replace + path: /metadata/annotations/fournos.dev~1resolve-image + value: "image-registry.openshift-image-registry.svc:5000/psap-automation/forge-core:latest" +commonLabels: + environment: production diff --git a/fournos/gitops/overlays/staging/kustomization.yaml b/fournos/gitops/overlays/staging/kustomization.yaml new file mode 100644 index 00000000..7ff8e059 --- /dev/null +++ b/fournos/gitops/overlays/staging/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: psap-automation-staging + +resources: + - ../../base + +patches: + - target: + group: tekton.dev + version: v1 + kind: Pipeline + patch: |- + - op: replace + path: /metadata/annotations/fournos.dev~1resolve-image + value: "image-registry.openshift-image-registry.svc:5000/psap-automation-staging/forge-core:latest" + +commonLabels: + environment: staging