From 830b7229db6392acb5840be7cb89b0953b81974b Mon Sep 17 00:00:00 2001 From: Tellsanguis Date: Fri, 7 Nov 2025 10:21:55 +0100 Subject: [PATCH] =?UTF-8?q?fix(ci):=20Correction=20probl=C3=A8mes=20outils?= =?UTF-8?q?=20et=20erreurs=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .forgejo/workflows/ci.yml | 8 ++------ kubernetes/apps/example-nginx/deployment.yaml | 11 +++++++++++ terraform/pve1/main.tf | 18 +++++++++--------- terraform/pve2/main.tf | 18 +++++++++--------- terraform/pve3/main.tf | 18 +++++++++--------- 5 files changed, 40 insertions(+), 33 deletions(-) diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index e52061c..8d40d6f 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -73,7 +73,7 @@ jobs: - name: Ansible Lint run: | if ! command -v ansible-lint &> /dev/null; then - pip3 install ansible-lint + pip3 install --break-system-packages ansible-lint fi ansible-lint ansible/ || true continue-on-error: true @@ -81,7 +81,7 @@ jobs: - name: YAML Lint run: | if ! command -v yamllint &> /dev/null; then - pip3 install yamllint + pip3 install --break-system-packages yamllint fi yamllint ansible/ || true continue-on-error: true @@ -100,10 +100,6 @@ jobs: install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl fi - - name: Validate Kubernetes Manifests - run: | - kubectl apply --dry-run=client -f kubernetes/apps/ -R || true - kubectl apply --dry-run=client -f kubernetes/flux-system/ -R || true - name: Install kubeconform run: | diff --git a/kubernetes/apps/example-nginx/deployment.yaml b/kubernetes/apps/example-nginx/deployment.yaml index 248d173..1a993bd 100644 --- a/kubernetes/apps/example-nginx/deployment.yaml +++ b/kubernetes/apps/example-nginx/deployment.yaml @@ -25,12 +25,23 @@ spec: labels: app: nginx spec: + securityContext: + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 containers: - name: nginx image: nginx:1.25-alpine ports: - containerPort: 80 name: http + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL resources: requests: cpu: 100m diff --git a/terraform/pve1/main.tf b/terraform/pve1/main.tf index 2c8745c..b7a1527 100644 --- a/terraform/pve1/main.tf +++ b/terraform/pve1/main.tf @@ -7,7 +7,7 @@ terraform { version = "~> 3.0" } local = { - source = "hashicorp/local" + source = "hashicorp/local" version = "~> 2.1" } } @@ -31,9 +31,9 @@ resource "proxmox_vm_qemu" "k3s_server_1" { memory = var.k3s_server_1_config.memory agent = 1 - boot = "order=scsi0" - scsihw = "virtio-scsi-single" - onboot = true + boot = "order=scsi0" + scsihw = "virtio-scsi-single" + onboot = true network { model = "virtio" @@ -44,20 +44,20 @@ resource "proxmox_vm_qemu" "k3s_server_1" { scsi { scsi0 { disk { - size = var.k3s_server_1_config.disk_size - storage = var.storage_pool + size = var.k3s_server_1_config.disk_size + storage = var.storage_pool iothread = true } } } } - ipconfig0 = "ip=${var.k3s_server_1_config.ip},gw=${var.k3s_gateway}" - cicustom = "user=${var.snippets_storage}:snippets/cloud-init-k3s-server-1.yaml" + ipconfig0 = "ip=${var.k3s_server_1_config.ip},gw=${var.k3s_gateway}" + cicustom = "user=${var.snippets_storage}:snippets/cloud-init-k3s-server-1.yaml" nameserver = join(" ", var.k3s_dns) lifecycle { - ignore_changes = [ network ] + ignore_changes = [network] } depends_on = [local_file.k3s_server_cloud_init] diff --git a/terraform/pve2/main.tf b/terraform/pve2/main.tf index 1b82c3d..1be932d 100644 --- a/terraform/pve2/main.tf +++ b/terraform/pve2/main.tf @@ -7,7 +7,7 @@ terraform { version = "~> 3.0" } local = { - source = "hashicorp/local" + source = "hashicorp/local" version = "~> 2.1" } } @@ -31,9 +31,9 @@ resource "proxmox_vm_qemu" "k3s_server_2" { memory = var.k3s_server_2_config.memory agent = 1 - boot = "order=scsi0" - scsihw = "virtio-scsi-single" - onboot = true + boot = "order=scsi0" + scsihw = "virtio-scsi-single" + onboot = true network { model = "virtio" @@ -44,20 +44,20 @@ resource "proxmox_vm_qemu" "k3s_server_2" { scsi { scsi0 { disk { - size = var.k3s_server_2_config.disk_size - storage = var.storage_pool + size = var.k3s_server_2_config.disk_size + storage = var.storage_pool iothread = true } } } } - ipconfig0 = "ip=${var.k3s_server_2_config.ip},gw=${var.k3s_gateway}" - cicustom = "user=${var.snippets_storage}:snippets/cloud-init-k3s-server-2.yaml" + ipconfig0 = "ip=${var.k3s_server_2_config.ip},gw=${var.k3s_gateway}" + cicustom = "user=${var.snippets_storage}:snippets/cloud-init-k3s-server-2.yaml" nameserver = join(" ", var.k3s_dns) lifecycle { - ignore_changes = [ network ] + ignore_changes = [network] } depends_on = [local_file.k3s_server_cloud_init] diff --git a/terraform/pve3/main.tf b/terraform/pve3/main.tf index f247d33..ca8b147 100644 --- a/terraform/pve3/main.tf +++ b/terraform/pve3/main.tf @@ -7,7 +7,7 @@ terraform { version = "~> 3.0" } local = { - source = "hashicorp/local" + source = "hashicorp/local" version = "~> 2.1" } } @@ -31,9 +31,9 @@ resource "proxmox_vm_qemu" "etcd_witness" { memory = var.etcd_witness_config.memory agent = 1 - boot = "order=scsi0" - scsihw = "virtio-scsi-single" - onboot = true + boot = "order=scsi0" + scsihw = "virtio-scsi-single" + onboot = true network { model = "virtio" @@ -44,20 +44,20 @@ resource "proxmox_vm_qemu" "etcd_witness" { scsi { scsi0 { disk { - size = var.etcd_witness_config.disk_size - storage = var.storage_pool + size = var.etcd_witness_config.disk_size + storage = var.storage_pool iothread = true } } } } - ipconfig0 = "ip=${var.etcd_witness_config.ip},gw=${var.k3s_gateway}" - cicustom = "user=${var.snippets_storage}:snippets/cloud-init-etcd-witness.yaml" + ipconfig0 = "ip=${var.etcd_witness_config.ip},gw=${var.k3s_gateway}" + cicustom = "user=${var.snippets_storage}:snippets/cloud-init-etcd-witness.yaml" nameserver = join(" ", var.k3s_dns) lifecycle { - ignore_changes = [ network ] + ignore_changes = [network] } depends_on = [local_file.etcd_witness_cloud_init]