diff --git a/.github/workflows/apply-silver-prod.yml b/.github/workflows/apply-silver-prod.yml new file mode 100644 index 0000000..0d0d809 --- /dev/null +++ b/.github/workflows/apply-silver-prod.yml @@ -0,0 +1,33 @@ +name: Apply Network Policies on Silver Prod + +on: + push: + branches: + - main + paths: + - .github/workflows/apply-silver-prod.yml + - network-policies/silver/prod/** + +env: + NAMESPACE: b5395d-prod + +jobs: + apply: + runs-on: ubuntu-22.04 + timeout-minutes: 5 + permissions: + contents: read + environment: + name: silver-prod + + steps: + - uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + - name: Apply Terraform + uses: ./.github/actions/apply-terraform + with: + context: network-policies/silver/prod + namespace: ${{ env.NAMESPACE }} + openshift-server-url: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/.github/workflows/apply-silver-test.yml b/.github/workflows/apply-silver-test.yml new file mode 100644 index 0000000..1019823 --- /dev/null +++ b/.github/workflows/apply-silver-test.yml @@ -0,0 +1,33 @@ +name: Apply Network Policies on Silver Test + +on: + push: + branches: + - main + paths: + - .github/workflows/apply-silver-test.yml + - network-policies/silver/test/** + +env: + NAMESPACE: b5395d-test + +jobs: + apply: + runs-on: ubuntu-22.04 + timeout-minutes: 5 + permissions: + contents: read + environment: + name: silver-test + + steps: + - uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + - name: Apply Terraform + uses: ./.github/actions/apply-terraform + with: + context: network-policies/silver/test + namespace: ${{ env.NAMESPACE }} + openshift-server-url: ${{ secrets.OPENSHIFT_SERVER }} + openshift-token: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/network-policies/silver/prod/.terraform.lock.hcl b/network-policies/silver/prod/.terraform.lock.hcl new file mode 100644 index 0000000..234067b --- /dev/null +++ b/network-policies/silver/prod/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.23.0" + constraints = "2.23.0" + hashes = [ + "h1:xyFc77aYkPoU4Xt1i5t0B1IaS8TbTtp9aCSuQKDayII=", + "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", + "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", + "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", + "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", + "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", + "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", + "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", + "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", + "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", + "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", + "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/network-policies/silver/prod/_main.tf b/network-policies/silver/prod/_main.tf new file mode 100644 index 0000000..85c2729 --- /dev/null +++ b/network-policies/silver/prod/_main.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.6.2" + + backend "kubernetes" { + namespace = "b5395d-prod" + secret_suffix = "network-policies" # pragma: allowlist secret + config_path = "~/.kube/config" + } + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "=2.23.0" + } + } +} + +provider "kubernetes" { + config_path = "~/.kube/config" +} diff --git a/network-policies/silver/prod/fdf5df.tf b/network-policies/silver/prod/fdf5df.tf new file mode 100644 index 0000000..61b82f5 --- /dev/null +++ b/network-policies/silver/prod/fdf5df.tf @@ -0,0 +1,4 @@ +module "fdf5df" { + source = "./network-policy" + license_plate = "fdf5df" +} diff --git a/network-policies/silver/prod/network-policy/.terraform.lock.hcl b/network-policies/silver/prod/network-policy/.terraform.lock.hcl new file mode 100644 index 0000000..234067b --- /dev/null +++ b/network-policies/silver/prod/network-policy/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.23.0" + constraints = "2.23.0" + hashes = [ + "h1:xyFc77aYkPoU4Xt1i5t0B1IaS8TbTtp9aCSuQKDayII=", + "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", + "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", + "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", + "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", + "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", + "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", + "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", + "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", + "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", + "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", + "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/network-policies/silver/prod/network-policy/config.tf b/network-policies/silver/prod/network-policy/config.tf new file mode 100644 index 0000000..bbfd503 --- /dev/null +++ b/network-policies/silver/prod/network-policy/config.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.6.2" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "=2.23.0" + } + } +} diff --git a/network-policies/silver/prod/network-policy/main.tf b/network-policies/silver/prod/network-policy/main.tf new file mode 100644 index 0000000..8252ead --- /dev/null +++ b/network-policies/silver/prod/network-policy/main.tf @@ -0,0 +1,7 @@ +module "network_policy" { + source = "../../../_modules/network-policy" + + license_plate = "b5395d" + environment = "prod" + target_license_plate = var.license_plate +} diff --git a/network-policies/silver/prod/network-policy/variables.tf b/network-policies/silver/prod/network-policy/variables.tf new file mode 100644 index 0000000..8cdd702 --- /dev/null +++ b/network-policies/silver/prod/network-policy/variables.tf @@ -0,0 +1,4 @@ +variable "license_plate" { + description = "The namespace's license plate that has access to ClamAV instances" + type = string +} diff --git a/network-policies/silver/test/.terraform.lock.hcl b/network-policies/silver/test/.terraform.lock.hcl new file mode 100644 index 0000000..234067b --- /dev/null +++ b/network-policies/silver/test/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.23.0" + constraints = "2.23.0" + hashes = [ + "h1:xyFc77aYkPoU4Xt1i5t0B1IaS8TbTtp9aCSuQKDayII=", + "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", + "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", + "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", + "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", + "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", + "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", + "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", + "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", + "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", + "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", + "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/network-policies/silver/test/_main.tf b/network-policies/silver/test/_main.tf new file mode 100644 index 0000000..7c4061e --- /dev/null +++ b/network-policies/silver/test/_main.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.6.2" + + backend "kubernetes" { + namespace = "b5395d-test" + secret_suffix = "network-policies" # pragma: allowlist secret + config_path = "~/.kube/config" + } + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "=2.23.0" + } + } +} + +provider "kubernetes" { + config_path = "~/.kube/config" +} diff --git a/network-policies/silver/test/fdf5df.tf b/network-policies/silver/test/fdf5df.tf new file mode 100644 index 0000000..61b82f5 --- /dev/null +++ b/network-policies/silver/test/fdf5df.tf @@ -0,0 +1,4 @@ +module "fdf5df" { + source = "./network-policy" + license_plate = "fdf5df" +} diff --git a/network-policies/silver/test/network-policy/.terraform.lock.hcl b/network-policies/silver/test/network-policy/.terraform.lock.hcl new file mode 100644 index 0000000..234067b --- /dev/null +++ b/network-policies/silver/test/network-policy/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.23.0" + constraints = "2.23.0" + hashes = [ + "h1:xyFc77aYkPoU4Xt1i5t0B1IaS8TbTtp9aCSuQKDayII=", + "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", + "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", + "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", + "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", + "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", + "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", + "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", + "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", + "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", + "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", + "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/network-policies/silver/test/network-policy/config.tf b/network-policies/silver/test/network-policy/config.tf new file mode 100644 index 0000000..bbfd503 --- /dev/null +++ b/network-policies/silver/test/network-policy/config.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.6.2" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "=2.23.0" + } + } +} diff --git a/network-policies/silver/test/network-policy/main.tf b/network-policies/silver/test/network-policy/main.tf new file mode 100644 index 0000000..4e7f303 --- /dev/null +++ b/network-policies/silver/test/network-policy/main.tf @@ -0,0 +1,7 @@ +module "network_policy" { + source = "../../../_modules/network-policy" + + license_plate = "b5395d" + environment = "test" + target_license_plate = var.license_plate +} diff --git a/network-policies/silver/test/network-policy/variables.tf b/network-policies/silver/test/network-policy/variables.tf new file mode 100644 index 0000000..8cdd702 --- /dev/null +++ b/network-policies/silver/test/network-policy/variables.tf @@ -0,0 +1,4 @@ +variable "license_plate" { + description = "The namespace's license plate that has access to ClamAV instances" + type = string +}