diff --git a/deploy/test/backend/robot/kustomization.yaml b/deploy/test/backend/robot/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1d06b77d4721c2989234db59753763eeb0b6f4c4 --- /dev/null +++ b/deploy/test/backend/robot/kustomization.yaml @@ -0,0 +1,15 @@ +resources: +- namespace.yaml +- sa.yaml +- secret.yaml +- robot-hook-dispatcher +- robot-universal-access +- robot-universal-hook-delivery +- robot-universal-welcome +- robot-universal-lifecycle +- robot-universal-review +- robot-universal-cla +- robot-universal-label +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/deploy/test/backend/robot/namespace.yaml b/deploy/test/backend/robot/namespace.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3dcbb9a8c18ebf647b41823add9a59d0a2e395df --- /dev/null +++ b/deploy/test/backend/robot/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: opengauss-backend-robot + name: opengauss-backend-robot \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-hook-dispatcher/deployment.yaml b/deploy/test/backend/robot/robot-hook-dispatcher/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..be9fe3e4a62a165ae4354b5856311cc936233c20 --- /dev/null +++ b/deploy/test/backend/robot/robot-hook-dispatcher/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-hook-dispatcher + namespace: opengauss-backend-robot + labels: + app: robot-hook-dispatcher +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-hook-dispatcher + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.dispatcherConfig }} + {{- end }} + labels: + app: robot-hook-dispatcher + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-hook-dispatcher + args: + - --port=8888 + - --config-file=/vault/secrets/config + - --enable_debug=true + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-hook-dispatcher:develop-v0-11d661 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-hook-dispatcher/kustomization.yaml b/deploy/test/backend/robot/robot-hook-dispatcher/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..98e6ababfefdfa27aac5568f7dd7609e9446b73e --- /dev/null +++ b/deploy/test/backend/robot/robot-hook-dispatcher/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-hook-dispatcher + newTag: develop-v0-11d661 \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-hook-dispatcher/service.yaml b/deploy/test/backend/robot/robot-hook-dispatcher/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..036be1de05ee597e42cb73932c419b7b6d0c1c60 --- /dev/null +++ b/deploy/test/backend/robot/robot-hook-dispatcher/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-hook-dispatcher-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-hook-dispatcher + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-access/deployment.yaml b/deploy/test/backend/robot/robot-universal-access/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9a7b0d40fbc4a0ebf93e100fbbe6db6fa4acd3fc --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-access/deployment.yaml @@ -0,0 +1,90 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-access + namespace: opengauss-backend-robot + labels: + app: robot-universal-access +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-access + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.accessConfig }} + {{- end }} + labels: + app: robot-universal-access + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-access + args: + - --port=8888 + - --handle-path=gitcode-hook + - --config-file=/vault/secrets/config + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-access:develop-v0-899d4d + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-access/kustomization.yaml b/deploy/test/backend/robot/robot-universal-access/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8b6431916670c54469d5ce6089b6b10eb6ca6fd7 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-access/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-access + newTag: develop-v0-899d4d \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-access/service.yaml b/deploy/test/backend/robot/robot-universal-access/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..281d1a141c98a278b6cac1307b0737302503032d --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-access/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-access-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-access + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-cla/deployment.yaml b/deploy/test/backend/robot/robot-universal-cla/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c2e8dd74722d5619c40fe7fd2cf1bef84494cd5c --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-cla/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-cla + namespace: opengauss-backend-robot + labels: + app: robot-universal-cla +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-cla + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-token: "0400" + vault.hashicorp.com/agent-inject-secret-token: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-token: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.token }} + {{- end }} + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.claConfig }} + {{- end }} + labels: + app: robot-universal-cla + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-cla + args: + - --port=8888 + - --config-file=/vault/secrets/config + - --handle-path=gitcode-hook + - --token-path=/vault/secrets/token + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-cla:develop-v0-8de490 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-cla/kustomization.yaml b/deploy/test/backend/robot/robot-universal-cla/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b0e3365d1f2d513f01fb645b00ec20fa055cafba --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-cla/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-cla + newTag: develop-v0-8de490 \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-cla/service.yaml b/deploy/test/backend/robot/robot-universal-cla/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9337f00796053445b00b04adb7f7c20c107b9ec1 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-cla/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-cla-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-cla + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-hook-delivery/deployment.yaml b/deploy/test/backend/robot/robot-universal-hook-delivery/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..655e5ebb13bd7a545bf1158facf6ac93fff8dcd0 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-hook-delivery/deployment.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-hook-delivery + namespace: opengauss-backend-robot + labels: + app: robot-universal-hook-delivery +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-hook-delivery + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-gitcode-secret: "0400" + vault.hashicorp.com/agent-inject-secret-gitcode-secret: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-gitcode-secret: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.deliverySecrets }} + {{- end }} + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.deliveryConfig }} + {{- end }} + labels: + app: robot-universal-hook-delivery + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-hook-delivery + args: + - --port=8888 + - --hmac-secret-file=/vault/secrets/gitcode-secret + - --config-file=/vault/secrets/config + - --enable_debug=true + - --handle-path=gitcode-hook + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-hook-delivery:develop-v0-e036b5 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-hook-delivery/ingress.yaml b/deploy/test/backend/robot/robot-universal-hook-delivery/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eb8447e11dade0a0c5b5b166a2135fbff9b5e4dc --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-hook-delivery/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: robot-universal-hook-delivery-ingress + namespace: opengauss-backend-robot +spec: + rules: + - host: hook-delivery-opengauss.test.osinfra.cn + http: + paths: + - path: /gitcode-hook + pathType: Prefix + backend: + service: + name: robot-universal-hook-delivery-service + port: + number: 8888 + ingressClassName: nginx + tls: + - hosts: + - hook-delivery-opengauss.test.osinfra.cn + secretName: test-osinfra-cn-tls \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-hook-delivery/kustomization.yaml b/deploy/test/backend/robot/robot-universal-hook-delivery/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3355c2f135331ef73e97f861afa425d0aa22fe8b --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-hook-delivery/kustomization.yaml @@ -0,0 +1,10 @@ +resources: +- deployment.yaml +- service.yaml +- ingress.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-hook-delivery + newTag: develop-v0-e036b5 \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-hook-delivery/service.yaml b/deploy/test/backend/robot/robot-universal-hook-delivery/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7982cea9429552a2754686869c0b457901e51561 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-hook-delivery/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-hook-delivery-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-hook-delivery + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-label/deployment.yaml b/deploy/test/backend/robot/robot-universal-label/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b5208d8ad52af302660732770450a2c1eef0d451 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-label/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-label + namespace: opengauss-backend-robot + labels: + app: robot-universal-label +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-label + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-token: "0400" + vault.hashicorp.com/agent-inject-secret-token: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-token: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.token }} + {{- end }} + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.labelConfig }} + {{- end }} + labels: + app: robot-universal-label + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-label + args: + - --port=8888 + - --config-file=/vault/secrets/config + - --handle-path=gitcode-hook + - --token-path=/vault/secrets/token + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-label:develop-v0-0fc1cd + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-label/kustomization.yaml b/deploy/test/backend/robot/robot-universal-label/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..013ff1c0b7b4e196a6f3ec87d07229469baf30cf --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-label/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-label + newTag: develop-v0-0fc1cd diff --git a/deploy/test/backend/robot/robot-universal-label/service.yaml b/deploy/test/backend/robot/robot-universal-label/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..49ad8678a54844134fdf9557c9865c9eb7e82b0b --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-label/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-label-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-label + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-lifecycle/deployment.yaml b/deploy/test/backend/robot/robot-universal-lifecycle/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4ead398abe5377bf6f7b793747d1778b60b785e6 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-lifecycle/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-lifecycle + namespace: opengauss-backend-robot + labels: + app: robot-universal-lifecycle +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-lifecycle + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-token: "0400" + vault.hashicorp.com/agent-inject-secret-token: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-token: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.token }} + {{- end }} + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.lifecycleConfig }} + {{- end }} + labels: + app: robot-universal-lifecycle + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-lifecycle + args: + - --port=8888 + - --config-file=/vault/secrets/config + - --handle-path=gitcode-hook + - --token-path=/vault/secrets/token + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-lifecycle:develop-v0-ced411 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-lifecycle/kustomization.yaml b/deploy/test/backend/robot/robot-universal-lifecycle/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4a7f3d2c79f63f7ac5a0fedbef83c0986801ca1e --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-lifecycle/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-lifecycle + newTag: develop-v0-ced411 diff --git a/deploy/test/backend/robot/robot-universal-lifecycle/service.yaml b/deploy/test/backend/robot/robot-universal-lifecycle/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2476198165864baebc3a2025ff4852d3153ea556 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-lifecycle/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-lifecycle-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-lifecycle + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-review/deployment.yaml b/deploy/test/backend/robot/robot-universal-review/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0475c20a9f20bccb9fb71f756f8b132719854eb9 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-review/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-review + namespace: opengauss-backend-robot + labels: + app: robot-universal-review +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-review + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-token: "0400" + vault.hashicorp.com/agent-inject-secret-token: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-token: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.token }} + {{- end }} + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.reviewConfig }} + {{- end }} + labels: + app: robot-universal-review + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-review + args: + - --port=8888 + - --config-file=/vault/secrets/config + - --handle-path=gitcode-hook + - --token-path=/vault/secrets/token + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-review:develop-v0-c97a70 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-review/kustomization.yaml b/deploy/test/backend/robot/robot-universal-review/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..31a24879017fbe3c173fd63300b669a08db1bb78 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-review/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-review + newTag: develop-v0-c97a70 diff --git a/deploy/test/backend/robot/robot-universal-review/service.yaml b/deploy/test/backend/robot/robot-universal-review/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a91fcbd4f2d73b6ec180cef0c60d607f0f9a09c0 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-review/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-review-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-review + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-welcome/deployment.yaml b/deploy/test/backend/robot/robot-universal-welcome/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1a42bb02cab52e031e14a42c6e27966a706980e2 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-welcome/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: robot-universal-welcome + namespace: opengauss-backend-robot + labels: + app: robot-universal-welcome +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: robot-universal-welcome + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/tls-skip-verify: "true" + vault.hashicorp.com/agent-init-first: "true" + vault.hashicorp.com/role: 'opengauss-backend-robot' + vault.hashicorp.com/agent-service-account-token-volume-name: "token-vol" + vault.hashicorp.com/agent-run-as-user: "1000" + vault.hashicorp.com/agent-run-as-group: "1000" + vault.hashicorp.com/agent-inject-perms-config: "0400" + vault.hashicorp.com/agent-inject-secret-config: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-config: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.welcomeConfig }} + {{- end }} + vault.hashicorp.com/agent-inject-perms-token: "0400" + vault.hashicorp.com/agent-inject-secret-token: 'internal/data/infra-test/opengauss-backend-robot' + vault.hashicorp.com/agent-inject-template-token: | + {{- with secret "internal/data/infra-test/opengauss-backend-robot" -}} + {{ .Data.data.token }} + {{- end }} + labels: + app: robot-universal-welcome + spec: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: infra-seccomp.json + automountServiceAccountToken: false + serviceAccountName: opengauss-backend-robot + imagePullSecrets: + - name: huawei-swr-image-pull-secret + containers: + - name: robot-universal-welcome + args: + - --config-file=/vault/secrets/config + - --token-path=/vault/secrets/token + - --handle-path=gitcode-hook + - --port=8888 + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-welcome:develop-v0-4ea0f8 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + httpGet: + scheme: HTTP + path: / + port: 8888 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + capabilities: + drop: + - ALL + volumes: + - name: token-vol + projected: + sources: + - serviceAccountToken: + audience: api + expirationSeconds: 600 + path: token \ No newline at end of file diff --git a/deploy/test/backend/robot/robot-universal-welcome/kustomization.yaml b/deploy/test/backend/robot/robot-universal-welcome/kustomization.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6d1bb3fa4baf85a3ee9fd94ce26fac08994dceea --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-welcome/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +namespace: opengauss-backend-robot +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/robot-universal-welcome + newTag: develop-v0-4ea0f8 diff --git a/deploy/test/backend/robot/robot-universal-welcome/service.yaml b/deploy/test/backend/robot/robot-universal-welcome/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..74fe95966a7a98c5181037b5487a5433c54deed8 --- /dev/null +++ b/deploy/test/backend/robot/robot-universal-welcome/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: robot-universal-welcome-service + namespace: opengauss-backend-robot +spec: + ports: + - name: http-port + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: robot-universal-welcome + type: ClusterIP \ No newline at end of file diff --git a/deploy/test/backend/robot/sa.yaml b/deploy/test/backend/robot/sa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5675ad37f7cd9c282288a7b755c158e4950272eb --- /dev/null +++ b/deploy/test/backend/robot/sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: opengauss-backend-robot + namespace: opengauss-backend-robot \ No newline at end of file diff --git a/deploy/test/backend/robot/secret.yaml b/deploy/test/backend/robot/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7141730521fdabb4f91ace7cba6550f6f750fdf5 --- /dev/null +++ b/deploy/test/backend/robot/secret.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: secrets-manager.tuenti.io/v1alpha1 +kind: SecretDefinition +metadata: + name: test-osinfra-cn-tls + namespace: opengauss-backend-robot +spec: + name: test-osinfra-cn-tls + keysMap: + ca.crt: + path: secrets/data/infra-test/domain-tls + key: tls.cert + tls.crt: + path: secrets/data/infra-test/domain-tls + key: tls.cert + tls.key: + path: secrets/data/infra-test/domain-tls + key: tls.key \ No newline at end of file