diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index b33aff1..e4d23f2 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -10,11 +10,12 @@ on: jobs: main: name: Validate PR title - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v3.4.6 + # from https://github.com/amannn/action-semantic-pull-request/commits/main + - uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -36,7 +37,7 @@ jobs: # The variables `subject` and `title` can be used within the message. subjectPatternError: | The subject "{subject}" found in the pull request title "{title}" - didn't match the configured pattern `^.+$/`. Please ensure that the subject + didn't match the configured pattern. Please ensure that the subject starts with an uppercase character. # For work-in-progress PRs you can typically use draft pull requests # from Github. However, private repositories on the free plan don't have @@ -52,4 +53,4 @@ jobs: validateSingleCommit: false # Related to `validateSingleCommit` you can opt-in to validate that the PR # title matches a single commit to avoid confusion. - validateSingleCommitMatchesPrTitle: false + validateSingleCommitMatchesPrTitle: false \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2dddfaa..8260ae2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,18 +16,8 @@ jobs: name: Release runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v2 + - name: Release action + id: release + uses: pagopa/eng-github-actions-iac-template/global/release-action@main # with: - persist-credentials: false - fetch-depth: 0 - - - name: Release - uses: cycjimmy/semantic-release-action@v2 - with: - semantic_version: 18.0.0 - extra_plugins: | - @semantic-release/release-notes-generator@10.0.3 - @semantic-release/git@10.0.1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 3f7df8e..bd7a85c 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # argocd-showcase + ArgoCD showcase and examples in pagopa diff --git a/argocd/broken-apps/broken-network.yaml b/argocd/broken-apps/broken-network.yaml new file mode 100644 index 0000000..af5bb69 --- /dev/null +++ b/argocd/broken-apps/broken-network.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: broken-network + # You'll usually want to add your resources to the argocd namespace. + namespace: argocd + # Add this finalizer ONLY if you want these to cascade delete. + finalizers: + # The default behaviour is foreground cascading deletion + - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background + # Add labels to your application object. + labels: + name: broken-network +spec: + project: terraform-argocd-project + source: + targetRevision: argocd-apps + repoURL: 'https://github.com/diegolagospagopa/argocd-showcase' + path: resources/broken-network + destination: + server: 'https://kubernetes.default.svc' + namespace: diego + syncPolicy: + automated: {} + revisionHistoryLimit: 10 diff --git a/argocd/broken-apps/broken-pod.yaml b/argocd/broken-apps/broken-pod.yaml new file mode 100644 index 0000000..8fd0a94 --- /dev/null +++ b/argocd/broken-apps/broken-pod.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: broken-pod + # You'll usually want to add your resources to the argocd namespace. + namespace: argocd + # Add this finalizer ONLY if you want these to cascade delete. + finalizers: + # The default behaviour is foreground cascading deletion + - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background + # Add labels to your application object. + labels: + name: broken-pod +spec: + project: terraform-argocd-project + source: + targetRevision: argocd-apps + repoURL: 'https://github.com/diegolagospagopa/argocd-showcase' + path: resources/broken-pod + destination: + server: 'https://kubernetes.default.svc' + namespace: diego + syncPolicy: + automated: {} + revisionHistoryLimit: 10 diff --git a/argocd/broken-apps/broken-rbac.yaml b/argocd/broken-apps/broken-rbac.yaml new file mode 100644 index 0000000..947462f --- /dev/null +++ b/argocd/broken-apps/broken-rbac.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: broken-rbac + # You'll usually want to add your resources to the argocd namespace. + namespace: argocd + # Add this finalizer ONLY if you want these to cascade delete. + finalizers: + # The default behaviour is foreground cascading deletion + - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background + # Add labels to your application object. + labels: + name: broken-rbac +spec: + project: terraform-argocd-project + source: + targetRevision: argocd-apps + repoURL: 'https://github.com/diegolagospagopa/argocd-showcase' + path: resources/broken-rbac + destination: + server: 'https://kubernetes.default.svc' + namespace: diego + syncPolicy: + automated: {} + revisionHistoryLimit: 10 diff --git a/argocd/ok-apps/another-app-ok.yaml b/argocd/ok-apps/another-app-ok.yaml new file mode 100644 index 0000000..1f2415a --- /dev/null +++ b/argocd/ok-apps/another-app-ok.yaml @@ -0,0 +1,37 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: another-app-ok + # You'll usually want to add your resources to the argocd namespace. + namespace: argocd + # Add this finalizer ONLY if you want these to cascade delete. + finalizers: + # The default behaviour is foreground cascading deletion + - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background + # Add labels to your application object. + labels: + name: another-app-ok +spec: + project: terraform-argocd-project + source: +# chart: microservice-chart +# targetRevision: 5.4.0 + repoURL: 'https://github.com/pagopa/devops-app-status' + path: helm/devopslab/diego + helm: + releaseName: another-app-ok + valueFiles: + - values-dev.yaml + valuesObject: + microservice-chart: + namespace: "diego" + ingress: + path: /another-app-ok/status(/|$)(.*) + destination: + server: 'https://kubernetes.default.svc' + namespace: diego + syncPolicy: + automated: {} + revisionHistoryLimit: 10 diff --git a/argocd/ok-apps/app-status-ok.yaml b/argocd/ok-apps/app-status-ok.yaml new file mode 100644 index 0000000..93ef270 --- /dev/null +++ b/argocd/ok-apps/app-status-ok.yaml @@ -0,0 +1,37 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: app-status-ok + # You'll usually want to add your resources to the argocd namespace. + namespace: argocd + # Add this finalizer ONLY if you want these to cascade delete. + finalizers: + # The default behaviour is foreground cascading deletion + - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background + # Add labels to your application object. + labels: + name: app-status-ok +spec: + project: terraform-argocd-project + source: +# chart: microservice-chart +# targetRevision: 5.4.0 + repoURL: 'https://github.com/pagopa/devops-app-status' + path: helm/devopslab/diego + helm: + releaseName: app-status-ok + valueFiles: + - values-dev.yaml + valuesObject: + microservice-chart: + namespace: "diego" + ingress: + path: /app-status-ok/status(/|$)(.*) + destination: + server: 'https://kubernetes.default.svc' + namespace: diego + syncPolicy: + automated: {} + revisionHistoryLimit: 10 diff --git a/argocd/ok-apps/simple-kube-files-ok.yaml b/argocd/ok-apps/simple-kube-files-ok.yaml new file mode 100644 index 0000000..eaddad5 --- /dev/null +++ b/argocd/ok-apps/simple-kube-files-ok.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: simple-kube-files-ok + # You'll usually want to add your resources to the argocd namespace. + namespace: argocd + # Add this finalizer ONLY if you want these to cascade delete. + finalizers: + # The default behaviour is foreground cascading deletion + - resources-finalizer.argocd.argoproj.io + # Alternatively, you can use background cascading deletion + # - resources-finalizer.argocd.argoproj.io/background + # Add labels to your application object. + labels: + name: simple-kube-files-ok +spec: + project: terraform-argocd-project + source: + targetRevision: argocd-apps + repoURL: 'https://github.com/diegolagospagopa/argocd-showcase' + path: resources/simple-kube-files + destination: + server: 'https://kubernetes.default.svc' + namespace: diego + syncPolicy: + automated: {} + revisionHistoryLimit: 10 diff --git a/resources/broken-network/deployment.yaml b/resources/broken-network/deployment.yaml new file mode 100644 index 0000000..e7035e2 --- /dev/null +++ b/resources/broken-network/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + reloader.stakater.com/auto: 'true' + labels: + app.kubernetes.io/instance: broken-network + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: microservice-chart + app.kubernetes.io/version: v1.5.0 + argocd.argoproj.io/instance: broken-network + canaryDelivery: 'false' + helm.sh/blueprint-version: 5.4.1 + helm.sh/chart: microservice-chart-v1.5.0 + name: broken-network-microservice-chart + namespace: diego +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: broken-network + app.kubernetes.io/name: microservice-chart + canaryDelivery: 'false' + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + aadpodidbinding: diego-pod-identity + app.kubernetes.io/instance: broken-network + app.kubernetes.io/name: microservice-chart + app.kubernetes.io/version: v1.5.0 + canaryDelivery: 'false' + spec: + automountServiceAccountToken: false + containers: + - image: 'ghcr.io/pagopa/devops-app-status:v1.5.0' + imagePullPolicy: Always + livenessProbe: + failureThreshold: 6 + httpGet: + path: /status + port: 8000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: microservice-chart + ports: + - containerPort: 8000 + name: app-port-8000 + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /status + port: 8000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 40m + memory: 128Mi + requests: + cpu: 40m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /tmp + name: tmp + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmp diff --git a/resources/broken-network/ingress.yaml b/resources/broken-network/ingress.yaml new file mode 100644 index 0000000..394db9a --- /dev/null +++ b/resources/broken-network/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' + nginx.ingress.kubernetes.io/proxy-body-size: 1m + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/satisfy: any + nginx.ingress.kubernetes.io/use-regex: 'true' + labels: + argocd.argoproj.io/instance: broken-network + name: broken-network-microservice-chart + namespace: diego +spec: + ingressClassName: nginx + rules: + - host: dev01.broken.internal.devopslab.pagopa.it + http: + paths: + - backend: + service: + # name: broken-network-microservice-chart + name: broken + port: + number: 8000 + path: /broken-network/status(/|$)(.*) + pathType: ImplementationSpecific + tls: + - hosts: + - dev01.broken.internal.devopslab.pagopa.it + secretName: dev01-broken-internal-devopslab-pagopa-it diff --git a/resources/broken-network/service.yaml b/resources/broken-network/service.yaml new file mode 100644 index 0000000..c80281f --- /dev/null +++ b/resources/broken-network/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app.kubernetes.io/instance: broken-network + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: microservice-chart + app.kubernetes.io/version: v1.5.0 + argocd.argoproj.io/instance: broken-network + canaryDelivery: 'false' + helm.sh/blueprint-version: 5.4.1 + helm.sh/chart: microservice-chart-v1.5.0 + name: broken-network-microservice-chart + namespace: diego +spec: + ports: + - name: app-port-8000-svc + port: 8000 + protocol: TCP + targetPort: 8000 + selector: + app.kubernetes.io/instance: broken-network + app.kubernetes.io/name: microservice-chart + canaryDelivery: 'false' + type: ClusterIP diff --git a/resources/broken-pod/deployment.yaml b/resources/broken-pod/deployment.yaml new file mode 100644 index 0000000..c8b2fd1 --- /dev/null +++ b/resources/broken-pod/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + reloader.stakater.com/auto: 'true' + labels: + app.kubernetes.io/instance: broken-pod + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: microservice-chart + app.kubernetes.io/version: v1.5.0 + argocd.argoproj.io/instance: broken-pod + canaryDelivery: 'false' + helm.sh/blueprint-version: 5.4.1 + helm.sh/chart: microservice-chart-v1.5.0 + name: broken-pod-microservice-chart + namespace: diego +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: broken-pod + app.kubernetes.io/name: microservice-chart + canaryDelivery: 'false' + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + aadpodidbinding: diego-pod-identity + app.kubernetes.io/instance: broken-pod + app.kubernetes.io/name: microservice-chart + app.kubernetes.io/version: v1.5.0 + canaryDelivery: 'false' + spec: + automountServiceAccountToken: false + containers: + - image: 'ghcr.io/pagopa/devops-app-status:v0.0.0' + imagePullPolicy: Always + livenessProbe: + failureThreshold: 6 + httpGet: + path: /status + port: 8000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: microservice-chart + ports: + - containerPort: 8000 + name: app-port-8000 + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /status + port: 8000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 40m + memory: 128Mi + requests: + cpu: 40m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /tmp + name: tmp + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmp diff --git a/resources/broken-rbac/namespace.yaml b/resources/broken-rbac/namespace.yaml new file mode 100644 index 0000000..733e059 --- /dev/null +++ b/resources/broken-rbac/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: not-allowed + labels: + name: not-allowed diff --git a/resources/broken-rbac/network-policy.yaml b/resources/broken-rbac/network-policy.yaml new file mode 100644 index 0000000..24db8f6 --- /dev/null +++ b/resources/broken-rbac/network-policy.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-all + namespace: diego +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress diff --git a/resources/simple-kube-files/configmap.yaml b/resources/simple-kube-files/configmap.yaml new file mode 100644 index 0000000..3261911 --- /dev/null +++ b/resources/simple-kube-files/configmap.yaml @@ -0,0 +1,9 @@ +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: busybox-config + namespace: diego +data: + mykey: myvalue diff --git a/resources/simple-kube-files/pod.yaml b/resources/simple-kube-files/pod.yaml new file mode 100644 index 0000000..86416a8 --- /dev/null +++ b/resources/simple-kube-files/pod.yaml @@ -0,0 +1,19 @@ +--- + +kind: Pod +apiVersion: v1 +metadata: + name: busybox-pod + namespace: diego +spec: + containers: + - name: busybox + image: busybox + command: ['sh', '-c', 'echo The app is running! && sleep 3600'] + volumeMounts: + - name: config-volume + mountPath: /etc/config + volumes: + - name: config-volume + configMap: + name: busybox-config