merging development branch to master

.github/linters/.shellcheckrc

@@ -0,0 +1 @@
+disable=SC2086

.github/workflows/workflow.yml

@@ -0,0 +1,203 @@
+name: Go
+
+on:
+  push:
+    branches: [ '*' ]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.14
+
+    - name: Check out code
+      uses: actions/checkout@v2
+
+    - name: Check Path
+      run: echo $PATH 
+
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v2
+    - name: Lint Code Base
+      uses: github/super-linter@v4
+      env:
+        DEFAULT_BRANCH: master
+        VALIDATE_KUBERNETES_KUBEVAL: false
+          #  VALIDATE_JSCPD: false
+        VALIDATE_MARKDOWN: false
+        VALIDATE_GO: false
+        GITHUB_TOKEN: ${{secrets.secret_token}}
+        SHELLCHECK_OPTS: "-e SC2086 -e SC2046"
+
+          # GOENV: "/home/runner/.config/go/env"
+          # GOROOT: "/opt/hostedtoolcache/go/1.16.7/x64"
+
+    # - name: lint
+    #   uses: golangci/golangci-lint-action@v2
+    #   with:
+    #     skip-go-installation: true
+    #     github-token: ${{secrets.secret_token}}
+    #     only-new-issues: false
+    #     skip-pkg-cache: true
+    #     skip-build-cache: true
+
+  push:
+    name: push-scan
+    runs-on: ubuntu-latest
+    needs: [build,lint]
+    steps:
+    # - name: Import Secrets
+    #   uses: hashicorp/[email protected]
+    #   with:
+    #     url: https://vault-cluster.vault.52a7c979-da4b-40f2-94d6-7d4c5ead3d3a.aws.hashicorp.cloud:8200
+    #     token: ${{ secrets.VAULT_TOKEN }}
+    #     #path: vmware-demo
+    #     secrets: |
+    #       secret/vmware-demo/docker-registry DOCKER_USERNAME | DOCKER_USERNAME ;
+    #       secret/vmware-demo/docker-registry DOCKER_PASSWORD | DOCKER_PASSWORD ;
+    #     tlsSkipVerify: true
+
+
+
+    - name: Check out code
+      uses: actions/checkout@v2 
+    - name: Install dependencies
+      uses: asdf-vm/actions/install@v1
+    - name: Import Docker registry creds from Vault
+      id: creds
+      env:
+        VAULT_ADDR: https://vault-cluster.vault.52a7c979-da4b-40f2-94d6-7d4c5ead3d3a.aws.hashicorp.cloud:8200
+        VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
+      run: |
+        echo ::set-output name=DOCKER_PASSWORD::$(curl -X 'GET' \
+        '${{env.VAULT_ADDR}}/v1/vmware-demo/docker-registry' \
+        -H 'accept: */*' \
+        -H 'X-Vault-Token: ${{env.VAULT_TOKEN}}' \
+        -H 'X-Vault-Namespace: admin' | jq -r .data.DOCKER_PASSWORD)
+        echo ::set-output name=DOCKER_USERNAME::$(curl -X 'GET' \
+        '${{env.VAULT_ADDR}}/v1/vmware-demo/docker-registry' \
+        -H 'accept: */*' \
+        -H 'X-Vault-Token: ${{env.VAULT_TOKEN}}' \
+        -H 'X-Vault-Namespace: admin'|jq -r .data.DOCKER_USERNAME)
+    - name: Get docker username
+      run: |
+        echo "docker username  is ${{steps.creds.outputs.DOCKER_USERNAME}}" 
+
+    - name: Build and push Docker image
+      uses: docker/[email protected]
+      with:
+        username: ${{ steps.creds.outputs.DOCKER_USERNAME }}
+        password: ${{ steps.creds.outputs.DOCKER_PASSWORD }}
+        repository: ${{ steps.creds.outputs.DOCKER_USERNAME }}/hello-gitops
+        tags: ${{ github.sha }}, latest
+    - name: Scan image
+      uses: azure/container-scan@v0
+      with:
+        image-name: ${{ steps.creds.outputs.DOCKER_USERNAME }}/hello-gitops:${{ github.sha }}
+  deploy:
+
+
+
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs: [build,lint,push]
+    if: ${{ github.ref != 'refs/heads/master' }}
+    steps:
+
+
+    - name: Check out code
+      uses: actions/checkout@v2
+
+    - name: Run Checkov scan
+      id: checkov
+      uses: bridgecrewio/checkov-action@master
+      with:
+        directory: kustomize/base
+        skip_check: CKV_K8S_21,CKV_K8S_31,CKV_K8S_43,CKV_K8S_14
+      if: ${{ github.ref != 'refs/heads/master' }}
+
+
+    - name: Setup Kustomize
+      uses: imranismail/setup-kustomize@v1
+      with:
+        kustomize-version: "3.6.1"
+
+    - name: Update Kubernetes resources
+      env:
+        DOCKER_USERNAME: pkatira7
+      run: |
+       echo $GITHUB_SHA
+       cd kustomize/base
+       kustomize edit set image hello-gitops=${{env.DOCKER_USERNAME}}/hello-gitops:$GITHUB_SHA
+       cat kustomization.yaml
+       sed -i "s/production/development/" kustomization.yaml
+       sed -i "s/hello-world-prod/hello-world-dev/" ../../argo-apps/hello-world.yaml
+       sed -i "s/master/development/" ../../argo-apps/hello-world.yaml
+
+
+
+    - name: Commit files
+      run: |
+        git config --local user.email "[email protected]"
+        git config --local user.name "GitHub Action"
+        git commit -am "Image version: $GITHUB_SHA "
+
+
+    - name: Push changes
+      uses: ad-m/github-push-action@master
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        branch: ${{ github.ref }}
+####If all the above steps complete deploy to main
+
+  deploy-prod:
+    name: Deploy to Production
+    runs-on: ubuntu-latest
+    needs: [lint,build,push]
+    if: ${{ github.ref == 'refs/heads/master' }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v2
+      - name: Run Checkov scan
+        id: checkov
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: kustomize/base
+          skip_check: CKV_K8S_21,CKV_K8S_31,CKV_K8S_43,CKV_K8S_14
+      - name: Update Kubernetes resources
+        env:
+          DOCKER_USERNAME: pkatira7
+        run: |
+            echo $GITHUB_SHA
+            cd kustomize/base
+            kustomize edit set image hello-gitops=${DOCKER_USERNAME}/hello-gitops:$GITHUB_SHA
+            cat kustomization.yaml
+
+            sed -i "s/development/production/" kustomization.yaml
+            sed -i "s/hello-world-dev/hello-world-prod/" ../../argo-apps/hello-world.yaml
+            sed -i "s/development/master/" ../../argo-apps/hello-world.yaml
+
+
+      - name: Commit files
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git commit -am "Image version: $GITHUB_SHA"
+
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+           github_token: ${{ secrets.GITHUB_TOKEN }}
+           branch: ${{ github.ref }}
+
+

.tool-versions

@@ -0,0 +1,2 @@
+vault 1.7.3
+jq 1.6

Dockerfile

@@ -3,8 +3,10 @@ WORKDIR /build
 COPY . .
 RUN CGO_ENABLED=0 go build -o hello-gitops cmd/main.go
 
-FROM alpine:3.12
+FROM alpine:3.14.2 
 EXPOSE 8080
 WORKDIR /app
 COPY --from=build /build/hello-gitops .
-CMD ["./hello-gitops"]
+CMD ["./hello-gitops"]
+
+#3.12 alpine image had following issues - CVE-2021-36159,CVE-2021-3711,CVE-2021-3711,

README.md

@@ -1,4 +1,4 @@
-# Workshop Hello GitOps
+#  Hello World GitOps Demo
 
 Example project to demonstrate GitOps using [Kustomize](https://github.com/kubernetes-sigs/kustomize), GitHub Actions and [ArgoCD](https://github.com/argoproj/argo-cd/)
 

argo-apps/hello-world.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: hello-world-dev
+  namespace: argocd
+spec:
+  project: default
+  source:
+    targetRevision: development
+    repoURL: https://github.com/piyush7/workshop-hello-gitops
+    path: kustomize/base
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    syncOptions:
+    - replace=true
+    - force=true

cert-mgr/stage-cert.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-staging
+ namespace: cert-manager
+spec:
+ acme:
+   # The ACME server URL
+   server: https://acme-staging-v02.api.letsencrypt.org/directory
+   # Email address used for ACME registration
+   email: [email protected]
+   # Name of a secret used to store the ACME account private key
+   privateKeySecretRef:
+     name: letsencrypt-staging
+   # Enable the HTTP-01 challenge provider
+   solvers:
+   - http01:
+       ingress:
+         class:  nginx
+

cmd/main.go

@@ -21,13 +21,13 @@ func startServer(handler func(http.ResponseWriter, *http.Request)){
 
 func handler(w http.ResponseWriter, r *http.Request){
 	log.Printf("received request from %s", r.Header.Get("User-Agent"))
-	host, err := os.Hostname()
+	_, err := os.Hostname()
 	if err != nil {
-		host = "unknown host"
+		log.Printf("unknown host")
 	}
-	resp := fmt.Sprintf("Hello from %s", host)
+	resp := fmt.Sprintf("Hello  to VMware tanzu folks from Piyush",)
 	_, err = w.Write([]byte(resp))
 	if err != nil {
 		log.Panicf("not able to write http output: %s", err)
 	}
-}
+}

cmd/main_test.go

@@ -21,7 +21,7 @@ func Test_handler(t *testing.T) {
 	}{
 		{
 			"status OK",
-			args{"/", http.StatusOK, fmt.Sprintf("Hello from %s", host)},
+			args{"/", http.StatusOK, fmt.Sprintf("Hello  %s", host)},
 		},
 	}
 

contour/ingress.yaml

@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hello-gitops
+  labels:
+    app: hello-gitops
+  namespace: development
+spec:
+  defaultBackend:
+    service:
+      name: development
+      port:
+        number: 8080

contour/production-httpproxy.yaml

@@ -0,0 +1,15 @@
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: prod-http-proxy
+  namespace: production
+spec:
+  virtualhost:
+    fqdn: prod.hello-gitops.com
+  routes:
+    - conditions:
+      - prefix: /
+      services:
+        - name: hello-gitops
+          port: 8080
+