Initial upload

2025-05-21 15:56:16 +02:00 · 2025-05-21 15:56:16 +02:00 · 4b92302600
commit 4b92302600
parent 0c3f9a7072
51 changed files with 348 additions and 220 deletions
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/argo-workflows.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/argo-workflows.yaml
@ -10,9 +10,9 @@ metadata:
 spec:
  project: default
  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
    targetRevision: HEAD
-    path: "stl/factory.c-one-infra.de/stacks/ref-implementation/argo-workflows/manifests/dev"
+    path: "stacks/ref-implementation/argo-workflows/manifests/dev"
  destination:
    server: "https://kubernetes.default.svc"
    namespace: argo
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage-templates.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage-templates.yaml
@ -10,11 +10,11 @@ metadata:
 spec:
  project: default
  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
    targetRevision: HEAD
-    path: "stl/factory.c-one-infra.de/stacks/ref-implementation/backstage-templates/entities"
+    path: "stacks/ref-implementation/backstage-templates/entities"
    directory:
-      exclude: "catalog-info.yaml"
+      exclude: 'catalog-info.yaml'
  destination:
    server: "https://kubernetes.default.svc"
    namespace: backstage
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage.yaml
@ -10,9 +10,9 @@ metadata:
 spec:
  project: default
  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
    targetRevision: HEAD
-    path: "stl/factory.c-one-infra.de/stacks/ref-implementation/backstage/manifests"
+    path: "stacks/ref-implementation/backstage/manifests"
  destination:
    server: "https://kubernetes.default.svc"
    namespace: backstage
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage/manifests/install.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage/manifests/install.yaml
@ -167,7 +167,7 @@ data:
      locations:
        # Examples from a public GitHub repository.
        - type: url
-          target: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live:443/DevFW-CICD/stacks-instances/raw/branch/main/stl/factory.c-one-infra.de/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
+          target: https://gitea.factory.c-one-infra.de:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
          rules:
            - allow: [Component, System, API, Resource, Location, Template, User, Group]
    kubernetes:
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/external-secrets.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/external-secrets.yaml
@ -12,9 +12,9 @@ spec:
    namespace: external-secrets
    server: "https://kubernetes.default.svc"
  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
    targetRevision: HEAD
-    path: "stl/factory.c-one-infra.de/stacks/ref-implementation/external-secrets/manifests"
+    path: "stacks/ref-implementation/external-secrets/manifests"
  project: default
  syncPolicy:
    automated:
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/fibonacci-app.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/fibonacci-app.yaml
@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: fibonacci-app
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/ref-implementation/fibonacci-app"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: fibonacci-app
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
+    retry:
+      limit: -1
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/fibonacci-app/deployment.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/fibonacci-app/deployment.yaml
@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fibonacci-deployment
+  namespace: fibonacci-app  
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fibonacci-go
+  template:
+    metadata:
+      labels:
+        app: fibonacci-go
+    spec:
+      containers:
+      - name: fibonacci-go
+        image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/christopher.hase/fibonacci_http_go:1.0.0
+        ports:
+        - containerPort: 9090
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/fibonacci-app/service.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/fibonacci-app/service.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fibonacci-service
+  namespace: fibonacci-app
+spec:
+  selector:
+    app: fibonacci-go
+  ports:
+    - protocol: TCP
+      port: 9090
+      targetPort: 9090
+  type: ClusterIP
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/keycloak.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/keycloak.yaml
@ -12,9 +12,9 @@ spec:
    namespace: keycloak
    server: "https://kubernetes.default.svc"
  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
    targetRevision: HEAD
-    path: "stl/factory.c-one-infra.de/stacks/ref-implementation/keycloak/manifests"
+    path: "stacks/ref-implementation/keycloak/manifests"
  project: default
  syncPolicy:
    automated:
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/mailhog.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/mailhog.yaml
@ -10,9 +10,9 @@ metadata:
 spec:
  project: default
  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
    targetRevision: HEAD
-    path: "stl/factory.c-one-infra.de/stacks/ref-implementation/mailhog"
+    path: "stacks/ref-implementation/mailhog"
  destination:
    server: "https://kubernetes.default.svc"
    namespace: mailhog
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao.yaml
@ -11,7 +11,7 @@ spec:
  project: default
  syncPolicy:
    automated:
-      selfHeal: false
+     selfHeal: false
    syncOptions:
      - CreateNamespace=true
  destination:
@ -23,15 +23,12 @@ spec:
      targetRevision: HEAD
      helm:
        valueFiles:
-          - $values/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/values.yaml
-    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+          - $values/stacks/ref-implementation/openbao/values.yaml
+    - repoURL: https://gitea.factory.c-one-infra.de/giteaAdmin/edfbuilder
      targetRevision: HEAD
      ref: values
-    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
-      targetRevision: HEAD
-      path: "stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests"
  ignoreDifferences:
-    - group: admissionregistration.k8s.io
-      kind: MutatingWebhookConfiguration
-      jqPathExpressions:
-        - .webhooks[]?.clientConfig.caBundle
+  - group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    jqPathExpressions:
+    - .webhooks[]?.clientConfig.caBundle
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/role.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/role.yaml
@ -1,9 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: vault-token-role
-  namespace: openbao
-rules:
-  - apiGroups: [""] # "" indicates the core API group
-    resources: ["secrets"]
-    verbs: ["create"]
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/rolebinding.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/manifests/rolebinding.yaml
@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: vault-token-rolebinding
-  namespace: openbao
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: vault-token-role
-subjects:
-  - kind: ServiceAccount
-    name: openbao
-    namespace: openbao
--- a/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/values.yaml
+++ b/stl/factory.c-one-infra.de/stacks/ref-implementation/openbao/values.yaml
@ -3,8 +3,6 @@ server:
    - sh
    - -c
    - |
-      echo --- unseal workaround
-
      sleep 10
      bao operator init >> /tmp/init.txt
      cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
@ -15,20 +13,5 @@ server:
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      rm /tmp/init.txt
-      
-
-      echo --- provide OpenBAO secret to ESO
-
-      if [[ "$(uname -m)" == "x86_64" ]]; then
-        wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/amd64/kubectl" -O /tmp/kubectl_eso
-      else
-        wget "https://dl.k8s.io/release/$(wget https://dl.k8s.io/release/stable.txt -q -O -)/bin/linux/arm64/kubectl" -O /tmp/kubectl_eso
-      fi
-      chmod +x /tmp/kubectl_eso
-
-      /tmp/kubectl_eso create secret generic vault-token --from-literal=token="$(cat /openbao/data/initial_token.txt)" -n openbao
-
-      rm /tmp/kubectl_eso
-
 ui:
  enabled: true