feat: refactor of kustomization.yml

15 files changed, 33 insertions, 292 deletions

diff --git a/manifests/base/auth_model.ini b/manifests/base/auth_model.ini
new file mode 100644
index 0000000..9ca4b92
--- /dev/null
+++ b/manifests/base/auth_model.ini
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
diff --git a/manifests/base/cm.yaml b/manifests/base/cm.yaml
deleted file mode 100644
index dcf1787..0000000
--- a/manifests/base/cm.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: v1
-data:
-  policy.csv: |
-    g, role:admin, role:maintainers
-    g, uid:admin, role:admin
-    g, uid:maintainer, role:maintainers
-    g, aid:bot+argo, role:bots
-    g, anon, role:anon
-  auth_model.ini: |
-    [request_definition]
-    r = sub, obj, act
-
-    [policy_definition]
-    p = sub, obj, act
-
-    [role_definition]
-    g = _, _
-
-    [policy_effect]
-    e = some(where (p.eft == allow))
-
-    [matchers]
-    m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
-kind: ConfigMap
-metadata:
-  name: go-git-server-policy
diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml
index 481c41d..96eec50 100644
--- a/manifests/base/kustomization.yaml
+++ b/manifests/base/kustomization.yaml
@@ -2,10 +2,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 metadata:
   name: go-git-server
+
 resources:
-- cm.yaml
 - svc.yaml
 - deploy.yaml
+
+configMapGenerator:
+- name: go-git-server-policy
+  files:
+  - auth_model.ini=auth_model.ini
+  - policies/public.csv=policies/public.csv
+
 labels:
 - includeSelectors: true
   pairs:
diff --git a/manifests/base/policies/public.csv b/manifests/base/policies/public.csv
new file mode 100644
index 0000000..63da3cf
--- /dev/null
+++ b/manifests/base/policies/public.csv
@@ -0,0 +1,2 @@
+g, anon, role:anon
+g, role:admin, role:maintainers
diff --git a/manifests/cgit/cgit-cm.yaml b/manifests/cgit/cgit-cm.yaml
deleted file mode 100644
index eb7f39e..0000000
--- a/manifests/cgit/cgit-cm.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: v1
-kind: ConfigMap 
-metadata:       
-  name: cgitrc  
-data:
-  cgitrc: |
-    # cgit config
-    # see cgitrc(5) for details
-    root-title=cgit.ofmax.li
-    root-desc=grumpy software
-    
-    readme=:README.md
-    
-    about-filter=/usr/lib/cgit/filters/about-formatting.sh
-    source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
-    head-include=/usr/lib/cgit/gruvbox_header.html
-    
-    enable-index-links=1
-    enable-log-filecount=1
-    enable-commit-graph=1
-    enable-index-owner=1
-    enable-http-clone=0
-    enable-git-config=1
-    enable-commit-graph=1
-    enable-follow-links=1
-    snapshots=tar.gz
-    css=/cgit.css
-    logo=/avatar.png
-    favicon=/avatar.ico
-    robots=nofollow
-    remove-suffix=1
-    virtual-root=/
-    
-    mimetype.html=text/html
-    mimetype.jpg=image/jpeg
-    mimetype.jpeg=image/jpeg
-    mimetype.pdf=application/pdf
-    mimetype.png=image/png
-    
-    strict-export=git-web-export-ok
-    scan-path=/opt/repos
diff --git a/manifests/cgit/cgit-deploy.yaml b/manifests/cgit/cgit-deploy.yaml
deleted file mode 100644
index b899709..0000000
--- a/manifests/cgit/cgit-deploy.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cgit
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: cgit
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: cgit
-    spec:
-      containers:
-      - env:
-        - name: CGIT_HOSTNAME
-          value: git.localhost
-        - name: CGIT_PORT
-          value: "8080"
-        - name: CGIT_CONFIG
-          value: /opt/etc/cgitrc
-        image: public.ecr.aws/s0f9o2k5/cgit:v0.0.8
-        securityContext:
-          runAsUser: 0
-          runAsGroup: 1000
-        imagePullPolicy: Always
-        name: cgit
-        ports:
-        - containerPort: 8080
-          name: http
-          protocol: TCP
-        volumeMounts:
-        - mountPath: /opt/repos
-          name: go-git-storage
-          readOnly: false
-        - mountPath: /opt/etc
-          name: cgitrc
-          readOnly: true
-      imagePullSecrets:
-      - name: regcred
-      serviceAccountName: cgit
-      volumes:
-      - name: go-git-storage
-        persistentVolumeClaim:
-          claimName: go-git-storage
-      - name: cgitrc
-        configMap:
-          defaultMode: 420
-          name: cgitrc
diff --git a/manifests/cgit/cgit-ing.yaml b/manifests/cgit/cgit-ing.yaml
deleted file mode 100644
index e331bfc..0000000
--- a/manifests/cgit/cgit-ing.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    certmanager.k8s.io/cluseterissuer: letsencrypt-prod
-    ingress.kubernetes.io/ssl-redirect: "true"
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-  name: cgit
-spec:
-  rules:
-  - host: git.ofmax.li
-    http:
-      paths:
-      - backend:
-          service:
-            name: cgit
-            port:
-              number: 8080
-        pathType: Prefix
-        path: /
-  tls:
-  - hosts:
-    - git.ofmax.li
-    secretName: git-ofmax-li-sec
diff --git a/manifests/cgit/cgit-sa.yaml b/manifests/cgit/cgit-sa.yaml
deleted file mode 100644
index 43f5e65..0000000
--- a/manifests/cgit/cgit-sa.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cgit
diff --git a/manifests/cgit/cgit-svc.yaml b/manifests/cgit/cgit-svc.yaml
deleted file mode 100644
index 9d3bdd1..0000000
--- a/manifests/cgit/cgit-svc.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: cgit
-spec:
-  ports:
-  - name: http
-    port: 8081
-    protocol: TCP
-    targetPort: http
-  selector:
-    app.kubernetes.io/name: cgit
-  type: ClusterIP
diff --git a/manifests/cgit/kustomization.yaml b/manifests/cgit/kustomization.yaml
deleted file mode 100644
index 4b6d8aa..0000000
--- a/manifests/cgit/kustomization.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Labels to add to all resources and selectors.
-
-# Images modify the tags for images without
-# creating patches.
-images:
-- name: registry.gitlab.com/grumps/grumpy-containers/cgit
-  newName: public.ecr.aws/s0f9o2k5/cgit
-  newTag: v0.0.6
-
-# List of resource files that kustomize reads, modifies
-# and emits as a YAML string
-resources:
-- cgit-deploy.yaml
-- cgit-sa.yaml
-- cgit-svc.yaml
-- cgit-cm.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-labels:
-- includeSelectors: true
-  pairs:
-    app.kubernetes.io/name: cgit
diff --git a/manifests/local/kustomization.yaml b/manifests/local/kustomization.yaml
deleted file mode 100644
index 7216ec4..0000000
--- a/manifests/local/kustomization.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-metadata:
-  name: go-git-server-local
-
-
-resources:
-- ../base
-- ../cgit
-- pvc.yaml
-
-images:
-- name: go-git-server
-  newName: go-git-registry:5000/go-git-server
-  newTag: 0.3.4-latest.198fb47.2
-
-labels:
-- includeSelectors: true
-  pairs:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/part-of: go-git-server
-
-patches:
-- patch: |
-    - op: add
-      path: "/spec/template/spec/containers/0/env"
-      value:
-      - name: GO_GIT_SERVER_LOG_LEVEL
-        value: "DEBUG"
-  target:
-    kind: Deployment
-    name: go-git-server
-    version: v1
diff --git a/manifests/local/pvc.yaml b/manifests/local/pvc.yaml
deleted file mode 100644
index 1a47dc5..0000000
--- a/manifests/local/pvc.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: go-git-storage
-  annotations:
-    volumeType: local
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  resources:
-    requests:
-      storage: 512Mi
-
diff --git a/manifests/std/kustomization.yaml b/manifests/overlays/prod/kustomization.yaml
index f120e4d..608e3b2 100644
--- a/manifests/std/kustomization.yaml
+++ b/manifests/overlays/prod/kustomization.yaml
@@ -1,8 +1,16 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 metadata:
-  name: go-git-server-std
+  name: go-git-server-prod
 
+resources:
+- ../../base
+- ../../base/components/cgit
+
+images:
+- name: go-git-server
+  newName: public.ecr.aws/x2w2w0z4/go-git-server
+  newTag: 1.0.2
 
 labels:
 - includeTemplates: true
@@ -12,14 +20,3 @@ labels:
   pairs:
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/part-of: go-git-server
-
-resources:
-- ../base
-- ../cgit
-- cert.yaml
-- ingress.yaml
-
-images:
-- name: go-git-server
-  newName: public.ecr.aws/x2w2w0z4/go-git-server
-  newTag: 1.0.2
diff --git a/manifests/std/cert.yaml b/manifests/std/cert.yaml
deleted file mode 100644
index 89ba063..0000000
--- a/manifests/std/cert.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: cert-manager.io/v1 
-kind: Certificate
-metadata:
-  name: git-ofmax-li
-  namespace: go-git-server
-spec:
-  secretName: git-ofmax-li-sec
-  issuerRef:
-    name: letsencrypt-prod
-    kind: ClusterIssuer
-  commonName: 'git.ofmax.li'
-  dnsNames:
-    - cgit.ofmax.li
-    - git.ofmax.li
diff --git a/manifests/std/ingress.yaml b/manifests/std/ingress.yaml
deleted file mode 100644
index f581a97..0000000
--- a/manifests/std/ingress.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    certmanager.k8s.io/cluseterissuer: letsencrypt-prod
-    ingress.kubernetes.io/ssl-redirect: "true"
-  name: go-git-ingress
-spec:
-  ingressClassName: haproxy
-  rules:
-  - host: cgit.ofmax.li
-    http:
-      paths:
-      - backend:
-          service:
-            name: cgit
-            port:
-              number: 8081
-        path: /
-        pathType: Prefix
-  - host: git.ofmax.li
-    http:
-      paths:
-      - backend:
-          service:
-            name: go-git-server
-            port:
-              number: 8080
-        path: /
-        pathType: Prefix
-  tls:
-  - hosts:
-    - git.ofmax.li
-    - cgit.ofmax.li
-    secretName: git-ofmax-li-sec