154 lines
4.3 KiB
YAML
154 lines
4.3 KiB
YAML
|
# kubectl create secret generic gitea-update-webhook-token --dry-run=client -o yaml --from-literal=token=`uuid` | kubeseal -o yaml
|
||
|
---
|
||
|
apiVersion: bitnami.com/v1alpha1
|
||
|
kind: SealedSecret
|
||
|
metadata:
|
||
|
creationTimestamp: null
|
||
|
name: gitea-update-webhook-token
|
||
|
namespace: gitea
|
||
|
spec:
|
||
|
encryptedData:
|
||
|
token: AgAv2wu5eGwLjmj/yLUijCG1NacqONc2dK4URGGkXL6Iqe07u6PDLEovWyfdNmRdTRSXN4UpuA95+u4hk+EM0miEcAdfBqW3vzVq8S0oZxb4v00v1GPYYTXk47KKDi8AT1yHftWczU5ibM87T7w/sOWUoGgYxbO8z49c2UDt1Y665B05PyqK+SXQZfifRA2rBeOP8alL/lhzglh1RMYSe939gnhPbKL9j92zFwt5EtGe5qU56gmTG7ki/hydGusFNYt0K2GtoYJAdYIMwkAT+eRvA143+IhzG2RbjG5jXYkFUSTNtd+TtUczWUiFjnpBI0u6Ybd1maQVf+spFGx1lACHxXTkav5LfZoUi2BDzNWglH2sV6sGS/LcHy64BdyOwHQj3TjpkeP2/TLeJYotuEkp60Srh9P6WNxwLxc3X3I8nLu6Qb77msc5xh6BpdPHkTSMXPOAtRQuQaNufyGW8+oy2cJqWELzzE4cTWtx1ThOb29+mWYhjFFbU6WpuL2q4OiumC+9q03SVJh9DebuTMbqRj+Y55EXbRJQeMaHlBpWkAphWKh279dqZwrCLfzNFfNHiQrotRZnfMqwe6Xp2INwhaZsI4lPqZX47I5ISYpP4ZR5sG7op+dfRZzRvFIqtU9I4uAs9utGE5P86t3BsMKXwcr2zcZ/L3r/s1KHWByfdpbZ16lM+VvDGPUjCVILM+W0Fc1nt78wHDqUMMC5UHhTk+hNOUyGejYBmz6R1FVOT6pvzKw=
|
||
|
template:
|
||
|
metadata:
|
||
|
creationTimestamp: null
|
||
|
name: gitea-update-webhook-token
|
||
|
namespace: gitea
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Service
|
||
|
metadata:
|
||
|
name: gitea-update-webhook
|
||
|
namespace: gitea
|
||
|
spec:
|
||
|
internalTrafficPolicy: Cluster
|
||
|
ipFamilies:
|
||
|
- IPv4
|
||
|
ipFamilyPolicy: SingleStack
|
||
|
ports:
|
||
|
- port: 12000
|
||
|
protocol: TCP
|
||
|
targetPort: 12000
|
||
|
selector:
|
||
|
eventsource-name: gitea-update-webhook
|
||
|
sessionAffinity: None
|
||
|
type: ClusterIP
|
||
|
---
|
||
|
apiVersion: argoproj.io/v1alpha1
|
||
|
kind: EventBus
|
||
|
metadata:
|
||
|
name: default
|
||
|
namespace: gitea
|
||
|
spec:
|
||
|
jetstream:
|
||
|
version: latest
|
||
|
replicas: 3
|
||
|
persistence:
|
||
|
storageClassName: nvme
|
||
|
accessMode: ReadWriteOnce
|
||
|
volumeSize: 10Gi
|
||
|
streamConfig: |
|
||
|
maxAge: 24h
|
||
|
settings: |
|
||
|
max_file_store: 1GB # see default values in argo-events-controller-config
|
||
|
startArgs:
|
||
|
- "-D" # debug-level logs
|
||
|
---
|
||
|
apiVersion: argoproj.io/v1alpha1
|
||
|
kind: EventSource
|
||
|
metadata:
|
||
|
name: gitea-update-webhook
|
||
|
namespace: gitea
|
||
|
spec:
|
||
|
webhook:
|
||
|
gitea-update:
|
||
|
port: "12000"
|
||
|
endpoint: /gitea-update
|
||
|
method: POST
|
||
|
authSecret:
|
||
|
name: gitea-update-webhook-token
|
||
|
key: token
|
||
|
---
|
||
|
apiVersion: argoproj.io/v1alpha1
|
||
|
kind: Sensor
|
||
|
metadata:
|
||
|
name: gitea-update-webhook-sensor
|
||
|
namespace: gitea
|
||
|
spec:
|
||
|
template:
|
||
|
serviceAccountName: gitea-update-webhook-sensor-sa
|
||
|
dependencies:
|
||
|
- name: gitea-update-webhook-received
|
||
|
eventSourceName: gitea-update-webhook
|
||
|
eventName: gitea-update
|
||
|
triggers:
|
||
|
- template:
|
||
|
name: webhook-job-trigger
|
||
|
k8s:
|
||
|
operation: create
|
||
|
source:
|
||
|
resource:
|
||
|
apiVersion: batch/v1
|
||
|
kind: Job
|
||
|
metadata:
|
||
|
generateName: gitea-update-webhook-received-
|
||
|
spec:
|
||
|
ttlSecondsAfterFinished: 30
|
||
|
template:
|
||
|
spec:
|
||
|
containers:
|
||
|
- name: echo-contents
|
||
|
args:
|
||
|
- "nodatareceived"
|
||
|
command:
|
||
|
- echo
|
||
|
image: "bash:latest"
|
||
|
restartPolicy: OnFailure
|
||
|
backoffLimit: 2
|
||
|
parameters:
|
||
|
- src:
|
||
|
dependencyName: gitea-update-webhook-received
|
||
|
dest: spec.template.spec.containers.0.args.0
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: gitea-update-webhook-sensor-sa
|
||
|
namespace: gitea
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: Role
|
||
|
metadata:
|
||
|
namespace: gitea
|
||
|
name: gitea-update-webhook-sensor-k8s-resource-creator-role
|
||
|
rules:
|
||
|
- apiGroups: ["*"]
|
||
|
resources:
|
||
|
- "*"
|
||
|
verbs:
|
||
|
- "*"
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: RoleBinding
|
||
|
metadata:
|
||
|
creationTimestamp: null
|
||
|
name: gitea-update-webhook-sensor-resource-creator-rolebinding
|
||
|
namespace: gitea
|
||
|
roleRef:
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
kind: Role
|
||
|
name: gitea-update-webhook-sensor-k8s-resource-creator-role
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: gitea-update-webhook-sensor-sa
|
||
|
namespace: gitea
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: gitea-update-webhook-sensor-sa
|
||
|
namespace: gitea
|
||
|
annotations:
|
||
|
kubernetes.io/service-account.name: gitea-update-webhook-sensor-sa
|
||
|
type: kubernetes.io/service-account-token
|