From 21aed42edb0a33f9283713d3c0b53963ef1779a9 Mon Sep 17 00:00:00 2001
From: Max Jonas Werner <max@e13.dev>
Date: Mon, 25 Jul 2022 17:06:33 +0200
Subject: [PATCH] initial pipelines concept

---
 k8s-kustomizations/README.md                  | 23 +++++++++++++++++++
 k8s-kustomizations/apps/kustomization.yaml    |  4 ++++
 k8s-kustomizations/apps/nginx.yaml            | 19 +++++++++++++++
 .../nginx/dev/imagepolicy_nginx.yaml          | 12 ++++++++++
 .../nginx/dev/imagerepository_nginx.yaml      |  9 ++++++++
 .../nginx/dev/imageupdateautomation.yaml      | 23 +++++++++++++++++++
 .../pipelines/nginx/dev/kustomization.yaml    | 11 +++++++++
 .../pipelines/nginx/dev/nginx-tag.yaml        | 10 ++++++++
 .../pipelines/nginx/dev/sync.yaml             | 16 +++++++++++++
 .../pipelines/nginx/prod/kustomization.yaml   |  8 +++++++
 .../pipelines/nginx/prod/nginx-tag.yaml       | 10 ++++++++
 .../pipelines/nginx/prod/sync.yaml            | 16 +++++++++++++
 .../nginx/staging/kustomization.yaml          |  8 +++++++
 .../pipelines/nginx/staging/nginx-tag.yaml    | 10 ++++++++
 .../pipelines/nginx/staging/sync.yaml         | 16 +++++++++++++
 15 files changed, 195 insertions(+)
 create mode 100644 k8s-kustomizations/README.md
 create mode 100644 k8s-kustomizations/apps/kustomization.yaml
 create mode 100644 k8s-kustomizations/apps/nginx.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/dev/imagepolicy_nginx.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/dev/imagerepository_nginx.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/dev/imageupdateautomation.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/dev/kustomization.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/dev/nginx-tag.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/dev/sync.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/prod/kustomization.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/prod/nginx-tag.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/prod/sync.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/staging/kustomization.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/staging/nginx-tag.yaml
 create mode 100644 k8s-kustomizations/pipelines/nginx/staging/sync.yaml

diff --git a/k8s-kustomizations/README.md b/k8s-kustomizations/README.md
new file mode 100644
index 0000000..0179807
--- /dev/null
+++ b/k8s-kustomizations/README.md
@@ -0,0 +1,23 @@
+# Environment Promotion using `kustomize`
+
+* Applications are defined at a central location in the repository
+* Each pipeline is represented in Git by a directory under `pipelines/`
+* Each stage of a pipeline is represented as a directory under `pipelines/<NAME>` where `<NAME>` is the pipeline's name
+* Differences between stages are tracked as `kustomize` patches
+* Promotion happens by modifying the respective `kustomize` patch file for the specific stage
+* Stage 0 is automatically updated using Flux's image update automation
+
+## Generic DevX
+
+### Promotion
+
+1. Build and push application image
+1. Check that Flux updates the application on dev and the app gets healthy
+1. Manually promote the application version from dev to staging by creating a commit changing the `kustomize` patch
+1. Check that Flux updates the application on staging and the app gets healthy
+1. Manually promote the application version from staging to prod by creating a commit changing the `kustomize` patch
+1. Check that Flux updates the application on staging and the app gets healthy
+
+### Pipeline Introspection
+
+Each pipeline stage is represented on the cluster by a `Kustomization`. The pipeline name is reflected by the `pipelines.weave.works/name` label on the Kustomization and the order of stages is represented by ascending values of the `pipelines.wave.works/stage` label.
diff --git a/k8s-kustomizations/apps/kustomization.yaml b/k8s-kustomizations/apps/kustomization.yaml
new file mode 100644
index 0000000..db49641
--- /dev/null
+++ b/k8s-kustomizations/apps/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- nginx.yaml
diff --git a/k8s-kustomizations/apps/nginx.yaml b/k8s-kustomizations/apps/nginx.yaml
new file mode 100644
index 0000000..5821ae2
--- /dev/null
+++ b/k8s-kustomizations/apps/nginx.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: nginx
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: 'nginx:latest'
+        name: nginx
diff --git a/k8s-kustomizations/pipelines/nginx/dev/imagepolicy_nginx.yaml b/k8s-kustomizations/pipelines/nginx/dev/imagepolicy_nginx.yaml
new file mode 100644
index 0000000..5a11650
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/dev/imagepolicy_nginx.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: nginx-dev
+spec:
+  imageRepositoryRef:
+    name: nginx-repo
+  policy:
+    semver:
+      range: 1.x
+
diff --git a/k8s-kustomizations/pipelines/nginx/dev/imagerepository_nginx.yaml b/k8s-kustomizations/pipelines/nginx/dev/imagerepository_nginx.yaml
new file mode 100644
index 0000000..d316d1b
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/dev/imagerepository_nginx.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: nginx-repo
+spec:
+  image: nginx
+  interval: 1m0s
+
diff --git a/k8s-kustomizations/pipelines/nginx/dev/imageupdateautomation.yaml b/k8s-kustomizations/pipelines/nginx/dev/imageupdateautomation.yaml
new file mode 100644
index 0000000..53fa163
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/dev/imageupdateautomation.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageUpdateAutomation
+metadata:
+  name: dev
+spec:
+  git:
+    checkout:
+      ref:
+        branch: main
+    commit:
+      author:
+        email: flux@e13.dev
+        name: flux
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system
+  update:
+    path: ./pipelines/k8s-kustomizations/environments/dev
+    strategy: Setters
+
diff --git a/k8s-kustomizations/pipelines/nginx/dev/kustomization.yaml b/k8s-kustomizations/pipelines/nginx/dev/kustomization.yaml
new file mode 100644
index 0000000..e7356dd
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/dev/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: dev
+resources:
+- ../../../apps/
+- imagerepository_nginx.yaml
+- imagepolicy_nginx.yaml
+- imageupdateautomation.yaml
+- sync.yaml
+patchesStrategicMerge:
+- nginx-tag.yaml
diff --git a/k8s-kustomizations/pipelines/nginx/dev/nginx-tag.yaml b/k8s-kustomizations/pipelines/nginx/dev/nginx-tag.yaml
new file mode 100644
index 0000000..f2f9f4e
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/dev/nginx-tag.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.23.1 # {"$imagepolicy": "flux-system:nginx-dev"}
diff --git a/k8s-kustomizations/pipelines/nginx/dev/sync.yaml b/k8s-kustomizations/pipelines/nginx/dev/sync.yaml
new file mode 100644
index 0000000..431f8e8
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/dev/sync.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: nginx-dev
+  labels:
+    pipelines.weave.works/name: nginx
+    pipelines.weave.works/stage: "0"
+spec:
+  interval: 1m0s
+  path: ./pipelines/k8s-kustomizations/pipelines/nginx/dev
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system
diff --git a/k8s-kustomizations/pipelines/nginx/prod/kustomization.yaml b/k8s-kustomizations/pipelines/nginx/prod/kustomization.yaml
new file mode 100644
index 0000000..68a7039
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/prod/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prod
+resources:
+- ../../../apps/
+- sync.yaml
+patchesStrategicMerge:
+- nginx-tag.yaml
diff --git a/k8s-kustomizations/pipelines/nginx/prod/nginx-tag.yaml b/k8s-kustomizations/pipelines/nginx/prod/nginx-tag.yaml
new file mode 100644
index 0000000..6537ae3
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/prod/nginx-tag.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.21.6
diff --git a/k8s-kustomizations/pipelines/nginx/prod/sync.yaml b/k8s-kustomizations/pipelines/nginx/prod/sync.yaml
new file mode 100644
index 0000000..591727e
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/prod/sync.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: nginx-prod
+  labels:
+    pipelines.weave.works/name: nginx
+    pipelines.weave.works/stage: "2"
+spec:
+  interval: 1m0s
+  path: ./pipelines/k8s-kustomizations/pipelines/nginx/prod
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system
diff --git a/k8s-kustomizations/pipelines/nginx/staging/kustomization.yaml b/k8s-kustomizations/pipelines/nginx/staging/kustomization.yaml
new file mode 100644
index 0000000..a016844
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/staging/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: staging
+resources:
+- ../../../apps/
+- sync.yaml
+patchesStrategicMerge:
+- nginx-tag.yaml
diff --git a/k8s-kustomizations/pipelines/nginx/staging/nginx-tag.yaml b/k8s-kustomizations/pipelines/nginx/staging/nginx-tag.yaml
new file mode 100644
index 0000000..dad1f24
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/staging/nginx-tag.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  template:
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.22.0
diff --git a/k8s-kustomizations/pipelines/nginx/staging/sync.yaml b/k8s-kustomizations/pipelines/nginx/staging/sync.yaml
new file mode 100644
index 0000000..7de218c
--- /dev/null
+++ b/k8s-kustomizations/pipelines/nginx/staging/sync.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: nginx-staging
+  labels:
+    pipelines.weave.works/name: nginx
+    pipelines.weave.works/stage: "1"
+spec:
+  interval: 1m0s
+  path: ./pipelines/k8s-kustomizations/pipelines/nginx/staging
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: test
+    namespace: flux-system