Added permissive network policy for webhook

Jenkinsfile

@@ -1,34 +0,0 @@
-pipeline {
-    agent any
-    stages {
-        stage('Checkout') {
-            steps {
-                checkout scm
-            }
-        }
-        stage('Get credentials to Cluster') {
-            steps {
-                sh '''
-                az login --identity
-                az aks get-credentials --resource-group tst-aks-rg --name edu
-                kubelogin convert-kubeconfig -l azurecli
-                '''
-            }
-        }
-        stage('Apply to Cluster') {
-            steps {
-                sh '''
-                kubectl apply -f namespace.yaml
-                kubectl apply -f secret-store.yaml
-                kubectl apply -f deploy.yaml
-                kubectl apply -f ingress.yaml
-                '''
-            }
-        }
-    }
-    post {
-        cleanup {
-            sh 'rm -f ~/.kube/config || true'
-        }
-    }
-}

apps/user-microservice/deploy.yaml

@@ -81,7 +81,7 @@ spec:
     spec:
       containers:
         - name: api
-          image: marcin00.azurecr.io/user-microservice:76a351710fffe2be1ae10471bc1a2f511f481126
+          image: marcin00.azurecr.io/user-microservice:d855e795e2706e235b397a73ca5f0e068ee8eec4
           ports:
             - containerPort: 80
           env:

apps/user-microservice/rbac-role.yaml

@@ -4,7 +4,7 @@ metadata:
   name: deployer-binding
 subjects:
 - kind: User
-  name: daabce80-f745-413f-8377-00472517521c
+  name: f91aef65-7d2a-4df8-a884-e33b05d54a31
   apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: ClusterRole

apps/user-microservice/secret-store.yaml

@@ -24,8 +24,8 @@ spec:
   parameters:
     usePodIdentity: "false"
     useVMManagedIdentity: "true"
-    userAssignedIdentityID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd" # client_id of the user-assigned managed identity
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
-    clientID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd"               # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
     keyvaultName: "dev-aks"
     objects:  |
       array:

clusters/prod/flux-receiver.yaml

@@ -0,0 +1,17 @@
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: gitea-receiver
+  namespace: flux-system
+spec:
+  type: github
+  events:
+    - "ping"
+    - "push"
+  secretRef:
+    name: webhook-token
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1
+      kind: GitRepository
+      name: user-microservice-repo
+      namespace: flux-system

clusters/prod/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: user-microservice
+  namespace: flux-system
+spec:
+  interval: 1m
+  path: ./apps/user-microservice
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: user-microservice-repo
+  targetNamespace: user-microservice

clusters/prod/load-balancer.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: receiver
+  namespace: flux-system
+spec:
+  type: LoadBalancer
+  selector:
+    app: notification-controller
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 9292

clusters/prod/network-policy.yaml

@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-to-flux
+  namespace: flux-system
+spec:
+  podSelector: {}
+  ingress:
+    - {}
+  policyTypes:
+    - Ingress
+

clusters/prod/source.yaml

@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: user-microservice-repo
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://gitea.marcin00.pl/pikram/user-microservice-deploy.git
+  ref:
+    branch: fluxcd