Added permissive network policy for webhook

.woodpecker/build.yaml

@@ -1,45 +0,0 @@
-when:
-  - event: push
-    branch: woodpecker-deploy
-
-steps:
-  - name: 'Deploy user microservice'
-    image: marcin00.azurecr.io/azure-cli-kubectl:latest
-    environment:
-      CLIENT_ID: 'c302726f-fafb-4143-94c1-67a70975574a'
-      CLUSTER_NAME: 'build'
-      DEPLOY_FILES: 'namespace.yaml secret-store.yaml deploy.yaml ingress.yaml'
-      DEPLOYMENT: 'api'
-      HEALTHCHECK_URL: 'https://user-microservice.marcin00.pl/health'
-      NAMESPACE: 'user-microservice'
-      RESOURCE_GROUP: 'tst-aks-rg'
-    commands:
-      # Login to Azure & Get Kubeconfig
-      - az login --identity --client-id $CLIENT_ID
-      - az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --overwrite-existing
-      - kubelogin convert-kubeconfig -l azurecli
-
-      # Apply Kubernetes Resources
-      - |
-        for file in $DEPLOY_FILES; do
-          kubectl apply -f "$file"
-        done
-
-      # Verify Deployment (waiting until all pods reach "ready" status)
-      - echo "Waiting for deployment rollout..."
-      - kubectl rollout status deployment/$DEPLOYMENT -n $NAMESPACE --timeout=60s
-
-      # Health Check
-      - | 
-        echo "Checking app health $HEALTHCHECK_URL..."
-        for i in {1..120}; do
-          if curl -sf $HEALTHCHECK_URL; then
-            echo "Health check OK"
-            exit 0
-          else
-            echo "Health check failed. Retry \$i..."
-            sleep 5
-          fi
-        done
-        echo "Health check failed."
-        exit 1

apps/user-microservice/deploy.yaml

@@ -81,7 +81,7 @@ spec:
     spec:
       containers:
         - name: api
-          image: marcin00.azurecr.io/user-microservice:78613948f5698688723d49a3255f15102b047006
+          image: marcin00.azurecr.io/user-microservice:d855e795e2706e235b397a73ca5f0e068ee8eec4
           ports:
             - containerPort: 80
           env:

clusters/prod/flux-receiver.yaml

@@ -0,0 +1,17 @@
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: gitea-receiver
+  namespace: flux-system
+spec:
+  type: github
+  events:
+    - "ping"
+    - "push"
+  secretRef:
+    name: webhook-token
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1
+      kind: GitRepository
+      name: user-microservice-repo
+      namespace: flux-system

clusters/prod/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: user-microservice
+  namespace: flux-system
+spec:
+  interval: 1m
+  path: ./apps/user-microservice
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: user-microservice-repo
+  targetNamespace: user-microservice

clusters/prod/load-balancer.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: receiver
+  namespace: flux-system
+spec:
+  type: LoadBalancer
+  selector:
+    app: notification-controller
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 9292

clusters/prod/network-policy.yaml

@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-to-flux
+  namespace: flux-system
+spec:
+  podSelector: {}
+  ingress:
+    - {}
+  policyTypes:
+    - Ingress
+

clusters/prod/source.yaml

@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: user-microservice-repo
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://gitea.marcin00.pl/pikram/user-microservice-deploy.git
+  ref:
+    branch: fluxcd