-
Notifications
You must be signed in to change notification settings - Fork 0
/
gitops-template.yaml
103 lines (99 loc) · 3.92 KB
/
gitops-template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# slack-notification-defaults: &SLACK_NOTIFICATION_DEFAULTS
# channel: '#cloud-platform-notify'
# silent: true
# slack-attachments-defaults: &SLACK_ATTACHMENTS_DEFAULTS
# fallback: 'Finished building $BUILD_TEAM_NAME/$BUILD_PIPELINE_NAME/$BUILD_JOB_NAME#$BUILD_NAME'
# title: '$BUILD_TEAM_NAME/$BUILD_PIPELINE_NAME/$BUILD_JOB_NAME#$BUILD_NAME'
# title_link: 'https://concourse.cloud-platform.service.justice.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME'
# footer: concourse.cloud-platform.service.justice.gov.uk
resources:
- name: ((namespace))-repo
type: git
source:
uri: ((repo-url))
branch: master
# git_crypt_key: ((repo-url))
- name: tools-image
type: docker-image
source:
repository: ministryofjustice/cloud-platform-tools
tag: 1.1
# - name: slack-alert
# type: slack-notification
# source:
# url: https://hooks.slack.com/services/((slack-hook-id))
- name: every-30m
type: time
source:
interval: 30m
resource_types:
# - name: slack-notification
# type: docker-image
# source:
# repository: cfcommunity/slack-notification-resource
# tag: latest
groups:
# - name: live-0
# jobs: [apply-live-0]
- name: template-gitops
jobs: [namespace-gitops]
jobs:
- name: namespace-gitops
serial: true
plan:
- aggregate:
- get: every-30m
trigger: true
- get: ((namespace))-repo
trigger: true
- get: tools-image
- task: apply-environments
image: tools-image
config:
platform: linux
inputs:
- name: ((namespace))-repo
params:
AWS_ACCESS_KEY_ID: ((aws-pk-test-9.access-key-id))
AWS_SECRET_ACCESS_KEY: ((aws-pk-test-9.secret-access-key))
TF_PLUGIN_CACHE_DIR: /tmp/terraform-plugin-cache
KUBECONFIG: /tmp/kubeconfig
# the variables prefixed with PIPELINE_ are used by the apply script
PIPELINE_CLUSTER: pk-test-9.cloud-platform.service.justice.gov.uk
KUBECONFIG: /tmp/kubeconfig
# PIPELINE_STATE_BUCKET: cloud-platform-terraform-state
# K8S_CLUSTER_CERT: ((service-ca-data))
# K8S_TOKEN: ((service-account-token))
# PIPELINE_STATE_KEY_PREFIX: "vijay-veeranki-moj/"
PIPELINE_STATE_REGION: "eu-west-1"
# PIPELINE_CLUSTER_STATE_BUCKET: cloud-platform-terraform-state
# PIPELINE_CLUSTER_STATE_KEY_PREFIX: "cloud-platform/"
NAMESPACE: ((namespace))
run:
path: /bin/sh
dir: ((namespace))-repo
args:
- -c
- |
mkdir -p "${TF_PLUGIN_CACHE_DIR}"
# echo -n ${K8S_CLUSTER_CERT} > ./ca.crt
# echo ${NAMESPACE}
# kubectl config set-cluster ${PIPELINE_CLUSTER} --certificate-authority=./ca.crt --server=https://api.${PIPELINE_CLUSTER}
# kubectl config set-credentials gitops-${NAMESPACE} --token=${K8S_TOKEN}
# kubectl config set-context ${PIPELINE_CLUSTER} --cluster=${PIPELINE_CLUSTER} --user=gitops-${NAMESPACE} --namespace=${NAMESPACE}
# kubectl config use-context ${PIPELINE_CLUSTER}
# kubectl config get-contexts ${PIPELINE_CLUSTER}
# kubectl config view --minify
aws s3 cp s3://cloud-platform-pk-test-9-kubecfg/kubeconfig-${NAMESPACE} /tmp/kubeconfig
export KUBECONFIG=${KUBECONFIG}
kubectl config use-context ${PIPELINE_CLUSTER}
kubectl get secrets -n ${NAMESPACE}
chmod +x ./gitops-deploy
./gitops-deploy
on_failure:
# put: slack-alert
# params:
# <<: *SLACK_NOTIFICATION_DEFAULTS
# attachments:
# - color: "danger"
# <<: *SLACK_ATTACHMENTS_DEFAULTS