diff --git a/template/stacks/ci-sizer/gitlab-webhook.yaml b/template/stacks/ci-sizer/gitlab-webhook.yaml deleted file mode 100644 index c0b1bce..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: gitlab-sizer-webhook - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: ci-sizer - source: - repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}} - targetRevision: HEAD - path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/ci-sizer/gitlab-webhook" diff --git a/template/stacks/ci-sizer/gitlab-webhook/certificates.yaml b/template/stacks/ci-sizer/gitlab-webhook/certificates.yaml deleted file mode 100644 index ee1fece..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook/certificates.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Self-signed Issuer for webhook TLS. -# For production, replace with a ClusterIssuer backed by a real CA. -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} ---- -# cert-manager Certificate for the webhook TLS. -# The resulting Secret (gitlab-sizer-webhook-tls) is mounted into the webhook pod. -# cert-manager also injects the CA into the MutatingWebhookConfiguration via the -# cert-manager.io/inject-ca-from annotation. -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: gitlab-sizer-webhook-cert -spec: - secretName: gitlab-sizer-webhook-tls - issuerRef: - name: selfsigned-issuer - kind: Issuer - dnsNames: - - gitlab-sizer-webhook.ci-sizer.svc - - gitlab-sizer-webhook.ci-sizer.svc.cluster.local - duration: 8760h - renewBefore: 720h diff --git a/template/stacks/ci-sizer/gitlab-webhook/deployment.yaml b/template/stacks/ci-sizer/gitlab-webhook/deployment.yaml deleted file mode 100644 index 0b99859..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook/deployment.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitlab-sizer-webhook ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gitlab-sizer-webhook -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gitlab-sizer-webhook -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gitlab-sizer-webhook -subjects: - - kind: ServiceAccount - name: gitlab-sizer-webhook - namespace: ci-sizer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitlab-sizer-webhook - labels: - app: gitlab-sizer-webhook -spec: - replicas: 2 - selector: - matchLabels: - app: gitlab-sizer-webhook - template: - metadata: - labels: - app: gitlab-sizer-webhook - spec: - serviceAccountName: gitlab-sizer-webhook - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - seccompProfile: - type: RuntimeDefault - containers: - - name: webhook - image: edp.buildth.ing/devfw-cicd/gitlab-webhook-edge-connect:latest - imagePullPolicy: Always - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - ports: - - containerPort: 8443 - protocol: TCP - args: - - --listen-addr=:8443 - - --tls-cert-file=/etc/webhook/tls/tls.crt - - --tls-key-file=/etc/webhook/tls/tls.key - - --sizer-url=http://sizer-receiver.ci-sizer.svc:8080 - - --sizer-sidecar-image=edp.buildth.ing/devfw-cicd/ci-sizer-collector:latest - env: - - name: WEBHOOK_SIZER_READ_TOKEN - valueFrom: - secretKeyRef: - name: gitlab-sizer-webhook-tokens - key: sizer-read-token - - name: WEBHOOK_SIZER_PUSH_TOKEN - valueFrom: - secretKeyRef: - name: gitlab-sizer-webhook-tokens - key: sizer-push-token - - name: HTTP_PROXY - valueFrom: - configMapKeyRef: - name: gitlab-sizer-webhook-config - key: HTTP_PROXY - optional: true - - name: HTTPS_PROXY - valueFrom: - configMapKeyRef: - name: gitlab-sizer-webhook-config - key: HTTPS_PROXY - optional: true - - name: NO_PROXY - valueFrom: - configMapKeyRef: - name: gitlab-sizer-webhook-config - key: NO_PROXY - optional: true - volumeMounts: - - name: webhook-tls - mountPath: /etc/webhook/tls - readOnly: true - livenessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 200m - memory: 128Mi - volumes: - - name: webhook-tls - secret: - secretName: gitlab-sizer-webhook-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: gitlab-sizer-webhook - labels: - app: gitlab-sizer-webhook -spec: - selector: - app: gitlab-sizer-webhook - ports: - - port: 443 - targetPort: 8443 - protocol: TCP diff --git a/template/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml b/template/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml deleted file mode 100644 index 72aea4a..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: gitlab-sizer-webhook - annotations: - cert-manager.io/inject-ca-from: ci-sizer/gitlab-sizer-webhook-cert -webhooks: - - name: gitlab-sizer-webhook.ci-sizer.svc - admissionReviewVersions: ["v1"] - sideEffects: NoneOnDryRun - failurePolicy: Ignore - timeoutSeconds: 5 - reinvocationPolicy: Never - clientConfig: - service: - name: gitlab-sizer-webhook - namespace: ci-sizer - path: /mutate - rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - namespaceSelector: - matchLabels: - ci-sizer.devfw.io/watch: "true" - objectSelector: - matchExpressions: - - key: job.runner.gitlab.com/pod - operator: Exists diff --git a/template/stacks/ci-sizer/sizer-receiver/deployment.yaml b/template/stacks/ci-sizer/sizer-receiver/deployment.yaml index 3f38b2d..26174c9 100644 --- a/template/stacks/ci-sizer/sizer-receiver/deployment.yaml +++ b/template/stacks/ci-sizer/sizer-receiver/deployment.yaml @@ -39,17 +39,15 @@ spec: secretKeyRef: name: sizer-tokens key: hmac-key -{{{ if .Env.GARM_URL }}} - name: GARM_URL - value: "{{{ .Env.GARM_URL }}}" + value: "http://garm.garm.svc.cluster.local:80" - name: GARM_USER - value: "{{{ .Env.GARM_USER }}}" + value: "admin" - name: GARM_PASSWORD valueFrom: secretKeyRef: name: garm-fixed-credentials key: admin_password -{{{ end }}} - name: RECEIVER_OIDC_ISSUER value: "https://dex.{{{ .Env.DOMAIN }}}" - name: RECEIVER_OIDC_CLIENT_ID