Feature/external scmm

.curlrc

@@ -0,0 +1,2 @@
+# allow it to connect without ssl verification
+--insecure

README.md

@@ -139,7 +139,7 @@ gsutil iam ch \
 
 ##### Create cluster
 
-Before continuing with the terraform steps, you have to open the `values.tfvars` file
+Before continuing with the terraform steps, you have to open the `terraform.tfvars` file
 and edit the `gce_project` value to your specific ID.
 
 For local state `terraform init` suffices.
@@ -152,7 +152,7 @@ terraform init  \
 
 Apply infra:
 ```shell
-terraform apply -var-file values.tfvars
+terraform apply
 ```
 
 terraform apply already adds an entry to your local `kubeconfig` and activate the context. That is calling 
@@ -183,6 +183,7 @@ Use `./scripts/apply.sh --help` for more information.
 Important options:
 * `--remote` - deploy to remote cluster (not local k3s cluster), e.g. in GKE
 * `--password` - change admin passwords for SCM-Manager, Jenkins and ArgoCD. Should be set with `--remote` for security 
+* `--username` - change admin passwords for SCM-Manager, Jenkins. Note that argo CD user cannot be changed and always is `admin` 
   reasons. 
 * `--argocd` - deploy only argoCD GitOps operator 
 * `--fluxv1` - deploy only Flux v1 GitOps operator
@@ -228,6 +229,17 @@ Find scm-manager on http://localhost:9091
 
 Login with `admin/admin`
 
+#### External SCM-Manager
+
+You can set an external scm-manager server by providing the follow parameters:
+`scmm-url`, `scmm-username`, `scmm-password`
+
+The user on the scm has to have privileges to:
+* add / edit users
+* add / edit permissions
+* add / edit repositories
+* add / edit proxy
+
 ### ArgoCD UI
 
 Find the ArgoCD UI on http://localhost:9092 (redirects to https://localhost:9093)

applications/nginx/fluxv1/Jenkinsfile

@@ -2,24 +2,24 @@
 
 String getApplication() { "nginx" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryUrl() { "http://scmm-scm-manager/scm/repo/fluxv1/gitops" }
-String getConfigRepositoryPRBaseUrl() { 'http://scmm-scm-manager/scm' }
+String getConfigRepositoryUrl() { "${env.SCMM_URL}/repo/fluxv1/gitops" }
+String getConfigRepositoryPRBaseUrl() { "${env.SCMM_URL}" }
 String getConfigRepositoryPRRepo() { 'fluxv1/gitops' }
-String getCesBuildLibRepo() { 'https://github.com/cloudogu/ces-build-lib/' } // TODO change back to scmm repo
+String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/common/ces-build-lib/" }
 String getCesBuildLibVersion() { 'bugfix/location_for_prId' }
-String getGitOpsBuildLibRepo() { 'https://github.com/cloudogu/gitops-build-lib' } // TODO change to scmm repo?
-String getGitOpsBuildLibVersion() { '0.0.9' }
+String getGitOpsBuildLibRepo() { "${env.SCMM_URL}/repo/common/gitops-build-lib" }
+String getGitOpsBuildLibVersion() { '0.0.10' }
 String getHelmChartRepository() { "https://charts.bitnami.com/bitnami" }
 String getHelmChartName() { "nginx" }
 String getHelmChartVersion() { "8.0.0" }
 String getMainBranch() { 'main' }
 
 cesBuildLib = library(identifier: "ces-build-lib@${cesBuildLibVersion}",
-        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo])
+        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.ces.cesbuildlib
 
 gitOpsBuildLib = library(identifier: "gitops-build-lib@${gitOpsBuildLibVersion}",
-    retriever: modernSCM([$class: 'GitSCMSource', remote: gitOpsBuildLibRepo])
+    retriever: modernSCM([$class: 'GitSCMSource', remote: gitOpsBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.gitops.gitopsbuildlib
 
 properties([
@@ -49,6 +49,7 @@ node('docker') {
                         scmmPullRequestRepo: configRepositoryPRRepo,
                         cesBuildLibRepo: cesBuildLibRepo,
                         cesBuildLibVersion: cesBuildLibVersion,
+                        cesBuildLibCredentialsId: scmManagerCredentials,
                         application: application,
                         mainBranch: mainBranch,
                         deployments: [

applications/petclinic/argocd/plain-k8s/Jenkinsfile

@@ -3,18 +3,18 @@
 // "Constants"
 String getApplication() {"spring-petclinic-plain" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryUrl() { "http://scmm-scm-manager/scm/repo/argocd/gitops" }
-String getConfigRepositoryPRUrl() { 'http://scmm-scm-manager/scm/api/v2/pull-requests/argocd/gitops' }
+String getConfigRepositoryUrl() { "${env.SCMM_URL}/repo/argocd/gitops" }
+String getConfigRepositoryPRUrl() { "${env.SCMM_URL}/api/v2/pull-requests/argocd/gitops" }
 // The docker daemon cant use the k8s service name, because it is not running inside the cluster
 String getDockerRegistryBaseUrl() { "${env.REGISTRY_URL}" }
 String getDockerRegistryPath() { "${env.REGISTRY_PATH}" }
 String getDockerRegistryCredentials() { 'registry-user' }
 String getCesBuildLibVersion() { '1.44.3' }
-String getCesBuildLibRepo() { 'https://github.com/cloudogu/ces-build-lib/' }
+String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/common/ces-build-lib/" }
 String getMainBranch() { 'main' }
 
 cesBuildLib = library(identifier: "ces-build-lib@${cesBuildLibVersion}",
-        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo])
+        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.ces.cesbuildlib
 
 properties([

applications/petclinic/fluxv1/helm/Jenkinsfile

@@ -2,27 +2,27 @@
 
 String getApplication() { "spring-petclinic-helm" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryUrl() { "http://scmm-scm-manager/scm/repo/fluxv1/gitops" }
-String getConfigRepositoryPRBaseUrl() { 'http://scmm-scm-manager/scm' }
+String getConfigRepositoryUrl() { "${env.SCMM_URL}/repo/fluxv1/gitops" }
+String getConfigRepositoryPRBaseUrl() { "${env.SCMM_URL}" }
 String getConfigRepositoryPRRepo() { 'fluxv1/gitops' }
 // The docker daemon cant use the k8s service name, because it is not running inside the cluster
 String getDockerRegistryBaseUrl() { "${env.REGISTRY_URL}" }
 String getDockerRegistryPath() { "${env.REGISTRY_PATH}" }
 String getDockerRegistryCredentials() { 'registry-user' }
-String getCesBuildLibRepo() { 'http://scmm-scm-manager/scm/repo/common/ces-build-lib/' }
+String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/common/ces-build-lib/" }
 String getCesBuildLibVersion() { '1.45.1' }
-String getGitOpsBuildLibRepo() { 'http://scmm-scm-manager/scm/repo/common/gitops-build-lib' }
-String getGitOpsBuildLibVersion() { '0.0.9' }
-String getHelmChartRepository() { 'http://scmm-scm-manager.default.svc.cluster.local/scm/repo/common/spring-boot-helm-chart' }
+String getGitOpsBuildLibRepo() { "${env.SCMM_URL}/repo/common/gitops-build-lib" }
+String getGitOpsBuildLibVersion() { '0.0.10' }
+String getHelmChartRepository() { "${env.SCMM_URL}/repo/common/spring-boot-helm-chart" }
 String getHelmChartVersion() { "1.0.0" }
 String getMainBranch() { 'main' }
 
 cesBuildLib = library(identifier: "ces-build-lib@${cesBuildLibVersion}",
-        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo])
+        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.ces.cesbuildlib
 
 gitOpsBuildLib = library(identifier: "gitops-build-lib@${gitOpsBuildLibVersion}",
-    retriever: modernSCM([$class: 'GitSCMSource', remote: gitOpsBuildLibRepo])
+    retriever: modernSCM([$class: 'GitSCMSource', remote: gitOpsBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.gitops.gitopsbuildlib
 
 properties([
@@ -76,13 +76,14 @@ node {
                         scmmPullRequestRepo: configRepositoryPRRepo,
                         cesBuildLibRepo: cesBuildLibRepo,
                         cesBuildLibVersion: cesBuildLibVersion,
+                        cesBuildLibCredentialsId: scmManagerCredentials,
                         application: application,
                         mainBranch: mainBranch,
                         deployments: [
                             sourcePath: 'k8s',
                             helm : [
                                 repoType : 'GIT',
-                                credentialsId : 'creds',
+                                credentialsId : scmManagerCredentials,
                                 repoUrl  : helmChartRepository,
                                 version  : helmChartVersion,
                                 updateValues  : [[fieldPath: "image.name", newValue: imageName]]
@@ -94,7 +95,7 @@ node {
                                     ],
                                 'fluxv1-production': [:]
                         ],
-                        fileConfigmaps: [ 
+                        fileConfigmaps: [
                                 [
                                     name : "index-helm",
                                     sourceFilePath : "../index.html",

applications/petclinic/fluxv1/plain-k8s/Jenkinsfile

@@ -3,25 +3,25 @@
 // "Constants"
 String getApplication() {"spring-petclinic-plain" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryUrl() { "http://scmm-scm-manager/scm/repo/fluxv1/gitops" }
-String getConfigRepositoryPRBaseUrl() { 'http://scmm-scm-manager/scm' }
+String getConfigRepositoryUrl() { "${env.SCMM_URL}/repo/fluxv1/gitops" }
+String getConfigRepositoryPRBaseUrl() { "${env.SCMM_URL}" }
 String getConfigRepositoryPRRepo() { 'fluxv1/gitops' }
 // The docker daemon cant use the k8s service name, because it is not running inside the cluster
 String getDockerRegistryBaseUrl() { "${env.REGISTRY_URL}" }
 String getDockerRegistryPath() { "${env.REGISTRY_PATH}" }
 String getDockerRegistryCredentials() { 'registry-user' }
-String getCesBuildLibRepo() { 'http://scmm-scm-manager/scm/repo/common/ces-build-lib/' }
+String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/common/ces-build-lib/" }
 String getCesBuildLibVersion() { '1.45.1' }
-String getGitOpsBuildLibRepo() { 'http://scmm-scm-manager/scm/repo/common/gitops-build-lib' }
-String getGitOpsBuildLibVersion() { '0.0.9' }
+String getGitOpsBuildLibRepo() { "${env.SCMM_URL}/repo/common/gitops-build-lib" }
+String getGitOpsBuildLibVersion() { '0.0.10' }
 String getMainBranch() { 'main' } 
 
 cesBuildLib = library(identifier: "ces-build-lib@${cesBuildLibVersion}",
-        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo])
+        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.ces.cesbuildlib
 
 gitOpsBuildLib = library(identifier: "gitops-build-lib@${gitOpsBuildLibVersion}",
-    retriever: modernSCM([$class: 'GitSCMSource', remote: gitOpsBuildLibRepo])
+    retriever: modernSCM([$class: 'GitSCMSource', remote: gitOpsBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.gitops.gitopsbuildlib
 
 properties([
@@ -76,6 +76,7 @@ node {
                         scmmPullRequestRepo: configRepositoryPRRepo,
                         cesBuildLibRepo: cesBuildLibRepo,
                         cesBuildLibVersion: cesBuildLibVersion,
+                        cesBuildLibCredentialsId: scmManagerCredentials,
                         application: application,
                         mainBranch: mainBranch,
                         deployments: [

applications/petclinic/fluxv2/plain-k8s/Jenkinsfile

@@ -3,17 +3,17 @@
 // "Constants"
 String getApplication() {"spring-petclinic-plain" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryUrl() { "http://scmm-scm-manager/scm/repo/fluxv2/gitops" }
-String getConfigRepositoryPRUrl() { 'http://scmm-scm-manager/scm/api/v2/pull-requests/fluxv2/gitops' }
+String getConfigRepositoryUrl() { "${env.SCMM_URL}/repo/fluxv2/gitops" }
+String getConfigRepositoryPRUrl() { "${env.SCMM_URL}/api/v2/pull-requests/fluxv2/gitops" }
 // The docker daemon cant use the k8s service name, because it is not running inside the cluster
 String getDockerRegistryBaseUrl() { "${env.REGISTRY_URL}" }
 String getDockerRegistryPath() { "${env.REGISTRY_PATH}" }
 String getDockerRegistryCredentials() { 'registry-user' }
 String getCesBuildLibVersion() { '1.44.3' }
-String getCesBuildLibRepo() { 'https://github.com/cloudogu/ces-build-lib/' }
+String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/common/ces-build-lib/" }
 
 cesBuildLib = library(identifier: "ces-build-lib@${cesBuildLibVersion}",
-        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo])
+        retriever: modernSCM([$class: 'GitSCMSource', remote: cesBuildLibRepo, credentialsId: scmManagerCredentials])
 ).com.cloudogu.ces.cesbuildlib
 
 properties([

argocd/control-app/general/argocd-cm.yaml

@@ -9,20 +9,23 @@ metadata:
 data:
   repositories: |
     - url: http://scmm-scm-manager.default.svc.cluster.local/scm/repo/argocd/gitops
+      insecure: true
       passwordSecret:
         name: gitops-scmm
         key: PASSWORD
       usernameSecret:
         name: gitops-scmm
         key: USERNAME
     - url: http://scmm-scm-manager.default.svc.cluster.local/scm/repo/argocd/control-app
+      insecure: true
       passwordSecret:
         name: gitops-scmm
         key: PASSWORD
       usernameSecret:
         name: gitops-scmm
         key: USERNAME
     - url: http://scmm-scm-manager.default.svc.cluster.local/scm/repo/argocd/nginx-helm
+      insecure: true
       passwordSecret:
         name: gitops-scmm
         key: PASSWORD

argocd/values.yaml

@@ -13,6 +13,7 @@ server:
   config:
     repositories: |
       - url: http://scmm-scm-manager.default.svc.cluster.local/scm/repo/argocd/control-app
+        insecure: true
         passwordSecret:
           name: gitops-scmm
           key: PASSWORD