diff --git a/charts/notification/Chart.yaml b/charts/notification/Chart.yaml index 6cf0e49..f0d9c80 100644 --- a/charts/notification/Chart.yaml +++ b/charts/notification/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/notification/charts/common-0.1.0.tgz b/charts/notification/charts/common-0.1.0.tgz index affa62a..91cd36e 100644 Binary files a/charts/notification/charts/common-0.1.0.tgz and b/charts/notification/charts/common-0.1.0.tgz differ diff --git a/charts/notification/values.yaml b/charts/notification/values.yaml index 5d603b7..b080be9 100644 --- a/charts/notification/values.yaml +++ b/charts/notification/values.yaml @@ -5,7 +5,7 @@ nameOverride: "" fullnameOverride: "" -serviceAccount: pipeline +serviceAccount: tekton-pipeline storageClassName: nfs-client gitHostname: git.endofday.com quayHostname: quay01.ipa.endofday.com diff --git a/common/templates/_task-s2i-go.yaml b/common/templates/_task-s2i-go.yaml index d1b7448..3478eeb 100644 --- a/common/templates/_task-s2i-go.yaml +++ b/common/templates/_task-s2i-go.yaml @@ -74,6 +74,8 @@ spec: - mountPath: /env-vars name: env-vars workingDir: $(workspaces.source.path) + securityContext: + runAsUser: 0 - image: $(params.BUILDER_IMAGE) name: build-and-push script: | diff --git a/common/templates/_triggertemplate.yaml b/common/templates/_triggertemplate.yaml index 77d0d6e..f2bda35 100644 --- a/common/templates/_triggertemplate.yaml +++ b/common/templates/_triggertemplate.yaml @@ -80,7 +80,7 @@ spec: value: {{ .Values.quayHostname }} pipelineRef: name: {{ include "common.name" . }} - serviceAccountName: pipeline + serviceAccountName: tekton-pipeline workspaces: - name: source volumeClaimTemplate: diff --git a/custom-rbac.yaml b/custom-rbac.yaml new file mode 100644 index 0000000..ff0b817 --- /dev/null +++ b/custom-rbac.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: goghvideo-cicd-pipeline + name: tekton-pipeline-role +rules: +- apiGroups: ["triggers.tekton.dev"] + resources: ["triggertemplates", "interceptors", "triggerbindings", "eventlisteners", "triggers"] + verbs: ["list","get", "create", "update", "delete", "watch"] +- apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["list","get", "create", "update", "delete", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Name the role appropriately + # Adjust the name and namespace as needed + name: tekton-pipeline-role + namespace: tekton-pipelines +rules: + - apiGroups: + - triggers.tekton.dev + resources: [ "triggerbindings", "eventlisteners", "clustertriggerbindings", "interceptors", "triggers", "triggertemplates", "clusterinterceptors"] + verbs: ["list", "get", "create", "update", "delete", "watch"] + - apiGroups: + - tekton.dev + resources: ["pipelineruns"] + verbs: ["list", "get", "create", "update", "delete", "watch"] + + # Add any other resources you need access to (modify the apiGroups/resources as required) + diff --git a/secrets/argocd.yaml b/secrets/argocd.yaml new file mode 100644 index 0000000..f052cd4 --- /dev/null +++ b/secrets/argocd.yaml @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: Secret +metadata: + name: goghvideo + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository +stringData: + sshPrivateKey: ENC[AES256_GCM,data:t+/ZGVz1A4gEJMCFLAH7ATFER8C9EqLkPdT/n/NKBraBSwSOhbTxnu8SptGjqP71s2xVTpDTSiCzPZaZL76GlQtzm+oStmPMvVsvbu/ws0Z4eO5L6GtvVKfoKJ+D+xl9QMvPtiikdh9ilbOpfLWPLaJkzGKNFwFM+2pmjtiudF6cQ3YzPM0aBmOuwlHGthvmB0SNdFawcTSmRPdfgWu+Ia0qsGjQpEe09CFOWIau0ltL15hIPvnsbypLefeEThdZH3VWeiqii/cI9l+FjqXpWBcD4rxvAwp9BPCgUWd3/t9SRpbGo97n7fJ89Seql71vxWIJGtszm5JJdD3Taj1As5kgVXVPwWJ++paZ0/ybPyCqe1J/p6iOZpQakGGPyffb9LLubTD5KlgR1KdaE7ruhJ811/PQZSIVMsZscDdf8FsDJcNeUlq6vwmLbxTY/OL1/IHvtgjVP3PDWiA+sRmsBNo0q7+iSzWaDfPKav/RMJqGjEv36zrMyCQlv1CvwDFgAagdyoW2ATxZzPgeApgly/ktQkOELWWIHG1NcGCJPOWxEw5ql7z/bZ3AxdIUJB+eGAZnBw0Giwa7iMf5Oy45CPUAEP3+34CAcAz2QwPZdenQKBwRO9/n/OqEcWXjtMAUrjIyeuK2J0pqrTUgIy+dzS04yySBRy5XR2AoWGk/qQFSrdbZGO4X/n8oleQqT/7OyAGXGiuMAmebAX43Np6b5QvpXtvZtCVqwRHo5oKgj9508o5DycJS1T7e6/3Ygb6hyFZV/Gckzb+QTyHwdC8vvF761U5ekITtkAzLLWWYNZvJi/ad5ohxhap90OgEsP/plQ64snc/M+quJeE5/wWYTVxGFJdao0lJiyzrhc9Hhee+cD7aj854UEtgs4MHJjwMLQd1RZRpDVHyF9U0nnEYpxul15sF3fyDpkFlOFBACsj5bpFmt695Wwtmg0LMUFHhizotr2FFRbLx9EfJveKxeuR9NAxpb2z+gHwQNlWSXDIDrLrcpvwGwU3RYY9NHKszhwN6WB4J7O5Pn3n8QuPim2RpyAnyrWFR+J3ZO0wOCUpgj6XqjX1BBkt86CziGvDNlASxP0AmPKKe47SA6kry80YxZqXf72pFIZb6N8Qsc0JtNW6ULF5A6RnVejrjmJ9ZYAEj79anwB8v6o/KKcHEEjDWmmiN0m4N+aBYBxY751DHNIfWN6Avj/qyh5IQTloq6knWhZxzDOAPKNADKxiLLBdXPrC6GZwlTGg2ww4gCy2e8Y3SZrpfVnEcUkq8MHdNpCCD3ot4wWxOGCxu0AaedXKE2emybB7LO6dIKKzvUDwPtZNzyuRcGHf1L5nctpVyAvhheuZmtCEAuFyM1beSmp6iHAWsUVN/v2Q4wUAwE2Mjtx66UkF6TL1tatmsYMbk0KrNywJAn8WJ8QCVZK0y3YgmDpgAmTjyCctMT5e6D3skOWvg3yAaJasMkpt75GCcQLGD2Zr1FZOrmb13Unnp7VReth/SDHMf9QV6K7KyvytbKfVGioF1fuW/7KHc7d6HEaWjDWd6AdNE0MBDUWy6dbLZJJ373cb9phNSQ/boYMIHy0lPEJ9GG4xThZU/A1uRQA8i2axwfxIRaTIpqNrM8J1GIVM3ZDOvjUc/cBmyZegmcgAmccXakb1U8AntJKqOiwgMP+dJPtqfguQD/vcnfgBOMgUcUs2Zk1sv3Glzy3/gk+PtUqs23+qbuFbRPtYiMBFypXbzeK/t+RMyqMBNWbF1uj6zxPvGUqw2La7MYrO5v5l4TuqR7LfBMbD+E0OohKfwGEGOXzsGeDIOx0QhwS3EDFr7XmOyL3lT+chqUA0QiWES3+ZAJvOCa1xo2tJC1izCWC6zqjKXjOrcQvgFYTemIr3hvXMzxnTKzBoAGJlMpp4zvn0L5brAp+vpsKnoY27LGNgnpKg3C6ltXvKq/WGd8RzQpmoYj0K4YnOPAwlFGG7OPKDj0WVBcUPIh8bbPXUmmKcFBKRL47/bfsJgAdbI+derdzR0zHzocTxFojX/g9O2l88Is4wJTwBYddrx+jFyqhd5TNhmP8kgvIbC01eKt7n1doXRUp6sR7O2mUBWy2ohY05cS2zY5D8OEFqC+GmQ+D0VMEIcgCATpwyQ604Z2hrhIH8p6OrTNm8ovogY3eQBcX1Cyjm7+E/eRIG3QBoeim/CPi2VFh6lf5Fbz4Ny/ALCxSgBRZH7HSNFZkhAxJ4Z/Kf0iHRqn6C0QuJLM1Td4fRwFOk3+ltalB7920T+KIQGSB6EO4Oso8xUxYnuzgs3g3qagbuhV6y1mqtRTHc6bMlaJ1RO+PFjSGhsJzHYi2ZtGp4Bk6MnIqVQ4R6pR0ah78Jhe/nxZPpa/UZmclw5c7kz6dOwWpmzI3edPDbbJStW4Sg1s2JY2sev5JnboXHi9YsFwq2F0M4KeKsb6MZ61rxy05Z21Mb3FWj97pv4kdNEO8nSXQFKoSSt1ZWwwLPdjeTEHanmPXJ2jTgADZI2fWHxaaB6Um2W4qAH2H63wmnvNko1I63Ip7LEIU4Kn3DTpwiBb2bQ1x3SiXIvOsCdF9tim2XZrTTWZgAbXd7FcwgrGScGX4crHgoqQDflzjVPdKqInoeKMA1ieikXtpVqFJ09ZHXIHV0fBWRfw1TMU8Zau389CtIQEvrwa/ZPTFbye5Wd6vPYCsshJH99IRCPQLP/7C0V02aHzRbRx+vTD+pywD5KL5gPIyqeOJkHj3zrvoq7oF+57MIgiTWfn1LgkHYiICXOpUHcJdjvCZEqux7Yd0dT+pi8L0H9aUt57hOY95qBhC1X3unUnNNElCUs3gBAC91jBaGeVps95dZiKBw5M5XFuhlt6aso/Cj9YM61uIiq7Gr9fnW6qkHEg3WneACgSTlX8RHA7c1bsHwsgPjBjzgAUMoXQ58upS9Jp0MG5F/WWf+b30UaYp2gDPR9pKs0jc1cECu8YgWXqdNHmr6uzzHhPPZ+yLLb8w1PBzUwoqF7o8zc0rPGcjaAMhbSiuMLnQ/6KUE/oy3p+TmFcftnvIHH0n0DXzRien89phCI7QerrMeu8yRP2kYQSIBI8RtZjm/cbLOVJWxNOelE6gvKBePWTG52c2ABHBL4XKgea2cB18VcDMs6ARo9uRXdkmlw+A8TOqqPuRAwY01xNWmOQ3inC5pqRxaqF30MJTRspYauSOE3fK4k4Kt0LMG7832fB2kClsFEJgEnjiSb4ReEmLK+Iox5zrU3C8Ov2FG8PFU/+FBxSBgTcFhMyB0BNc397vIZu/ubJQmrlbXL8iD1560INAj8endsebz7UMPn1ch40jylFC/D+gD4qjyLYC9PLi9WZkJisNbmZLzyU2jwdxW6jcYEZmMUSjVJ4lYt/w7bjjvy7yVq8h0RlAp9ZmrtKhQziF5v16154axqrcIFK00GnOfbKFR4uunrOxjgIn1xSpHZM5HvAyAjcjZN03A/nblIGn3T+zPnL7KfcgEyGttPaA0igu9j,iv:qosecs5F5dkGoL40Kn4aJRXFtI5eMRXlA+141dYn9Zg=,tag:N41VGJtJ9bHF38b9+7c3tQ==,type:str] + url: ENC[AES256_GCM,data:CL9sY0IIvyva5YOEX+bBHlZkEFU8G6RDafWh3KOAHKzxhgjAjBUMz1KciA==,iv:4P+ur+H8juTe4JrJCVN/X56vFLPvsXm4pCHJpciI0T8=,tag:3Elbyp+yrevY8KWGFvV6gw==,type:str] + #ENC[AES256_GCM,data:FXxXsH52WQEC6JaoRksW7gea4liDzrkYQkoEJIKW2JjgtBYbQV2pXFwozh8ZYLL0FPB//4l4TlkVv2R7NMk+c2l8IOY=,iv:HSzSTRfz+gi3JtJVKfuD3rfNQsVsdfuUJM5PDgpHIRI=,tag:2a0leZG8nJ+AOjxbs4ZiXQ==,type:comment] + insecure: ENC[AES256_GCM,data:idAoEA==,iv:k/fy3fX1W+Je5IcU7DjV/npPyJOtzwtm4jg0dwNjOw4=,tag:Duv++CZYh6Ebd2WOP6Hcvg==,type:str] + #ENC[AES256_GCM,data:HswrfE+/HJ1xWXD3uGqgS0pavU+8I7Q2pagyAnXyyvk7nmQkxIA2CJGj8QI2w3HyzaR1VUx3NmY=,iv:pHggErEou3Nq5LGCwx9wblXaiZe4uuxWUzA0yUryLPE=,tag:1wNSwhI8zAHanSJcjLjqWw==,type:comment] + enableLfs: ENC[AES256_GCM,data:ucd+RA==,iv:i9um+863lDXzsQVKmZftvJLuJqm0pTLt8jviB55SRcM=,tag:Bv7W1ga1BIGzoUkuB55Ldg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-07-19T09:56:27Z" + mac: ENC[AES256_GCM,data:xSRQVpT6sSJ8y1M2RGpRVo6IrHdmSocvkp7sWpGTvjO5pZ/GilDXxfIibPe6aEzKUIFfrv0YDeQVyy16WWMlpkKdWsKoDYhPKrmS4xF/CbNF684kuLUmSBCfiI7vrxkFKJoOwhbFZLFk5faJ7FijmcvTFDkiXuWmjnv7GMHcnmk=,iv:4Psd2/8I+jN+N0LDblYGZmK4nPdIdFPOPZWALF1IZxQ=,tag:OuW2JSG7JmwcYci7IMMXDg==,type:str] + pgp: + - created_at: "2024-07-19T05:55:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcDMA0gtINCTAeZuAQv+OdqMPMxiZxFNxAnH2zPzKINKaFL50CPojFpNUqt8F7Mx + A3fGeW5VVohCgIHcMWcyEpv4lTu6whTlUZ+z4TiMewm6g+rcISL3TXJ7nvCD/BEI + LNqgs6Rzk032St6osZxywNA7BMEBQl5cuZu9HvTut8ORqhlZ2MgzFDcGDqJEypcC + XTc+XVO/bqedt2JPRupZMKJpK6QtJEAas7ujtGobEINOS53pvO9/N93xLjFSypMo + 2iAb2zuuBUW4J4aBMEhzybCL7w2lD7cUELuUn9kbkHB/aLU0GYoTM045gjQFQHVz + NuDPrAjn84aBIUYyKZduyt7Xa7ewQ00cZOW3x7oIWgBDK8nebUawy+RDpH8NYEcZ + SCWsCmdGoiO2p2f444vYQdgtO+TdHzbulHf4RYwqydVUeKcrseFsqeuFOIUIbTFg + vpq6SffMpwDKWROloh5Cqza60Blr2hCxbhBd7a7ebluNw763n4c7+lQ4+4jFL4dZ + p8VI8e2G4VZaJ1ozva8F0lEBbK3KOwKse4FAvG7yOK4ErXVCWkJqNOuZAd2d6Eov + 9aVi6L8VmU9LYG/n2cpv+dqUPymJrLnaiSuUanoTnOnTnxmfyRDLEVqnmxYN+W+p + RsM= + =lCg2 + -----END PGP MESSAGE----- + fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1 + encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$ + version: 3.7.3 +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: goghvideo + namespace: argocd +spec: + project: default + source: + helm: + valueFiles: + - goghvideo.yaml + path: applications + repoURL: git@git-ssh.ipa.endofday.com:goghvideo/helm.git + targetRevision: HEAD + destination: + namespace: goghvideo + server: https://kubernetes.default.svc + syncPolicy: + automated: + selfHeal: true + prune: true +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-07-19T09:56:27Z" + mac: ENC[AES256_GCM,data:xSRQVpT6sSJ8y1M2RGpRVo6IrHdmSocvkp7sWpGTvjO5pZ/GilDXxfIibPe6aEzKUIFfrv0YDeQVyy16WWMlpkKdWsKoDYhPKrmS4xF/CbNF684kuLUmSBCfiI7vrxkFKJoOwhbFZLFk5faJ7FijmcvTFDkiXuWmjnv7GMHcnmk=,iv:4Psd2/8I+jN+N0LDblYGZmK4nPdIdFPOPZWALF1IZxQ=,tag:OuW2JSG7JmwcYci7IMMXDg==,type:str] + pgp: + - created_at: "2024-07-19T05:55:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcDMA0gtINCTAeZuAQv+OdqMPMxiZxFNxAnH2zPzKINKaFL50CPojFpNUqt8F7Mx + A3fGeW5VVohCgIHcMWcyEpv4lTu6whTlUZ+z4TiMewm6g+rcISL3TXJ7nvCD/BEI + LNqgs6Rzk032St6osZxywNA7BMEBQl5cuZu9HvTut8ORqhlZ2MgzFDcGDqJEypcC + XTc+XVO/bqedt2JPRupZMKJpK6QtJEAas7ujtGobEINOS53pvO9/N93xLjFSypMo + 2iAb2zuuBUW4J4aBMEhzybCL7w2lD7cUELuUn9kbkHB/aLU0GYoTM045gjQFQHVz + NuDPrAjn84aBIUYyKZduyt7Xa7ewQ00cZOW3x7oIWgBDK8nebUawy+RDpH8NYEcZ + SCWsCmdGoiO2p2f444vYQdgtO+TdHzbulHf4RYwqydVUeKcrseFsqeuFOIUIbTFg + vpq6SffMpwDKWROloh5Cqza60Blr2hCxbhBd7a7ebluNw763n4c7+lQ4+4jFL4dZ + p8VI8e2G4VZaJ1ozva8F0lEBbK3KOwKse4FAvG7yOK4ErXVCWkJqNOuZAd2d6Eov + 9aVi6L8VmU9LYG/n2cpv+dqUPymJrLnaiSuUanoTnOnTnxmfyRDLEVqnmxYN+W+p + RsM= + =lCg2 + -----END PGP MESSAGE----- + fp: 72E72623346EA4589F9348C8DD8DF053BEDF14D1 + encrypted_regex: ^(user.*|pass.*|.*[Bb]earer.*|.*[Kk]ey|.*[Kk]eys|salt|sentry.*|.*[Tt]oken|data.*|stringData.*)$ + version: 3.7.3