d7bc188ee5
Some checks failed
Build and Push to Harbor / build-and-push (push) Has been cancelled
**Namespace Structure:** - neonvortex: Application deployment and webhook listener - flux-builds: Build jobs with automatic cleanup - flux-system: Flux CD control plane (unchanged) **Automatic Cleanup:** - Build jobs: 30-minute TTL after completion - Cleanup CronJob: Runs every 30 minutes - Keeps last 10 successful builds - Deletes failed jobs older than 1 hour - Removes all jobs older than 24 hours **Changes:** - Moved HelmRelease from default to neonvortex namespace - Moved build jobs from default to flux-builds namespace - Updated webhook listener to create jobs in flux-builds - Updated Flux alerts to monitor new namespace - Cleaned up all resources from default namespace - Added dedicated ServiceAccounts and RBAC per namespace **Benefits:** - Clean namespace separation for better organization - Automatic job cleanup prevents resource accumulation - Build history maintained (last 10 successful builds) - Improved monitoring and troubleshooting - Default namespace is now clean Comprehensive migration guide in NAMESPACE_MIGRATION_GUIDE.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
245 lines
6.7 KiB
YAML
245 lines
6.7 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: webhook-build-script
|
|
namespace: neonvortex
|
|
data:
|
|
trigger-build.sh: |
|
|
#!/bin/bash
|
|
set -e
|
|
|
|
echo "===== Git Push Detected - Triggering Build ====="
|
|
date
|
|
|
|
# Clone the repository
|
|
echo "Cloning repository..."
|
|
git clone http://192.168.1.49:13001/admin/neon-vortex.git /tmp/repo
|
|
cd /tmp/repo
|
|
|
|
# Get commit info
|
|
GIT_COMMIT=$(git rev-parse HEAD)
|
|
GIT_SHORT=$(git rev-parse --short HEAD)
|
|
GIT_MSG=$(git log -1 --pretty=%B | head -1)
|
|
GIT_AUTHOR=$(git log -1 --pretty=%an)
|
|
|
|
echo "Commit: $GIT_SHORT ($GIT_COMMIT)"
|
|
echo "Author: $GIT_AUTHOR"
|
|
echo "Message: $GIT_MSG"
|
|
|
|
# Generate unique job name
|
|
TIMESTAMP=$(date +%s)
|
|
JOB_NAME="build-${GIT_SHORT}-${TIMESTAMP}"
|
|
|
|
echo "Creating build job: $JOB_NAME"
|
|
|
|
# Send start notification
|
|
curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
|
|
-F "title=🔨 Neon Vortex Build Started" \
|
|
-F "message=Commit: ${GIT_SHORT} by ${GIT_AUTHOR} - ${GIT_MSG}" \
|
|
-F "priority=5" || echo "Notification failed"
|
|
|
|
# Create the build job in flux-builds namespace
|
|
kubectl apply -f - <<EOF
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: $JOB_NAME
|
|
namespace: flux-builds
|
|
labels:
|
|
app: neonvortex
|
|
build-trigger: webhook
|
|
git-commit: "$GIT_SHORT"
|
|
annotations:
|
|
git-commit-full: "$GIT_COMMIT"
|
|
git-message: "$GIT_MSG"
|
|
git-author: "$GIT_AUTHOR"
|
|
spec:
|
|
ttlSecondsAfterFinished: 1800
|
|
backoffLimit: 0
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: neonvortex
|
|
build-job: "true"
|
|
spec:
|
|
restartPolicy: Never
|
|
initContainers:
|
|
- name: git-clone
|
|
image: alpine/git:latest
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
echo "Cloning and checking out $GIT_COMMIT..."
|
|
git clone http://192.168.1.49:13001/admin/neon-vortex.git /workspace
|
|
cd /workspace
|
|
git checkout $GIT_COMMIT
|
|
echo "Repository ready for build"
|
|
env:
|
|
- name: GIT_COMMIT
|
|
value: "$GIT_COMMIT"
|
|
volumeMounts:
|
|
- name: workspace
|
|
mountPath: /workspace
|
|
containers:
|
|
- name: kaniko
|
|
image: gcr.io/kaniko-project/executor:latest
|
|
args:
|
|
- "--dockerfile=/workspace/htlm/Dockerfile"
|
|
- "--context=/workspace/htlm"
|
|
- "--destination=images.caffeinetux.com/apps/neon-vortex:latest"
|
|
- "--destination=images.caffeinetux.com/apps/neon-vortex:$GIT_SHORT"
|
|
- "--cache=true"
|
|
- "--cache-repo=images.caffeinetux.com/apps/neon-vortex/cache"
|
|
- "--label=git.commit=$GIT_COMMIT"
|
|
- "--label=git.short=$GIT_SHORT"
|
|
- "--label=git.message=$GIT_MSG"
|
|
- "--label=git.author=$GIT_AUTHOR"
|
|
volumeMounts:
|
|
- name: workspace
|
|
mountPath: /workspace
|
|
- name: docker-config
|
|
mountPath: /kaniko/.docker
|
|
- name: notify-completion
|
|
image: alpine:latest
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
apk add --no-cache curl
|
|
|
|
echo "Waiting for Kaniko to complete..."
|
|
sleep 10
|
|
|
|
# Send completion notification
|
|
curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
|
|
-F "title=✅ Neon Vortex Build Complete" \
|
|
-F "message=Image built successfully for commit ${GIT_SHORT}. Deployment will update automatically." \
|
|
-F "priority=5"
|
|
|
|
echo "Completion notification sent"
|
|
env:
|
|
- name: GIT_SHORT
|
|
value: "$GIT_SHORT"
|
|
volumes:
|
|
- name: workspace
|
|
emptyDir: {}
|
|
- name: docker-config
|
|
secret:
|
|
secretName: harbor-registry
|
|
items:
|
|
- key: .dockerconfigjson
|
|
path: config.json
|
|
EOF
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "✅ Build job $JOB_NAME created successfully"
|
|
else
|
|
echo "❌ Failed to create build job"
|
|
curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
|
|
-F "title=❌ Neon Vortex Build Failed" \
|
|
-F "message=Failed to create build job for commit ${GIT_SHORT}" \
|
|
-F "priority=8"
|
|
exit 1
|
|
fi
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: build-trigger-sa
|
|
namespace: neonvortex
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: build-trigger-role
|
|
namespace: flux-builds
|
|
rules:
|
|
- apiGroups: ["batch"]
|
|
resources: ["jobs"]
|
|
verbs: ["create", "get", "list", "watch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/log"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: build-trigger-binding
|
|
namespace: flux-builds
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: build-trigger-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: build-trigger-sa
|
|
namespace: neonvortex
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: webhook-build-listener
|
|
namespace: neonvortex
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: webhook-build-listener
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: webhook-build-listener
|
|
spec:
|
|
serviceAccountName: build-trigger-sa
|
|
containers:
|
|
- name: listener
|
|
image: alpine/k8s:1.28.13
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
apk add --no-cache socat bash git curl
|
|
|
|
echo "Starting webhook listener on port 8080..."
|
|
|
|
while true; do
|
|
echo "Waiting for webhook trigger..."
|
|
echo -e "HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK" | \
|
|
socat TCP-LISTEN:8080,reuseaddr,fork STDIO | \
|
|
while read line; do
|
|
if echo "$line" | grep -q "POST /webhook"; then
|
|
echo "Webhook received! Triggering build..."
|
|
bash /scripts/trigger-build.sh &
|
|
break
|
|
fi
|
|
done
|
|
sleep 2
|
|
done
|
|
volumeMounts:
|
|
- name: script
|
|
mountPath: /scripts
|
|
volumes:
|
|
- name: script
|
|
configMap:
|
|
name: webhook-build-script
|
|
defaultMode: 0755
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: webhook-build-listener
|
|
namespace: neonvortex
|
|
spec:
|
|
type: NodePort
|
|
selector:
|
|
app: webhook-build-listener
|
|
ports:
|
|
- port: 8080
|
|
targetPort: 8080
|
|
nodePort: 30091
|
|
name: webhook
|