Migrate install Tekton release CD service to workspaces

Install Tekton release relies on the cluster PipelineResource to target deployments of resources. Migrate that to workspaces: a secret stored in the cluster bound through a workspace is used to target the deployment. Secrets have been preprovisioned on the cluster, their name is tektoncd-, their type is kubeconfig. See tektoncd#887 for more details. The change is implemented so that the template interface does not change and thus all existing cronjobs are still valid as well as the deployment script. Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
afrittoli · Jul 22, 2022 · 3205192 · 3205192
1 parent d366d52
commit 3205192
Show file tree

Hide file tree

Showing 4 changed files with 129 additions and 218 deletions.
diff --git a/tekton/resources/cd/helm-template.yaml b/tekton/resources/cd/helm-template.yaml
@@ -36,7 +36,7 @@ spec:
     default: ""
   - name: preDeployResources
     description: >-
-      Some charts require resources to be deployed firt, usually CRDs.
+      Some charts require resources to be deployed first, usually CRDs.
       When provided this should be the URL to a YAML file with resources.
     default: ""
   resourcetemplates:

diff --git a/tekton/resources/cd/tekton-template.yaml b/tekton/resources/cd/tekton-template.yaml
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: triggers.tekton.dev/v1alpha1
+apiVersion: triggers.tekton.dev/v1beta1
 kind: TriggerTemplate
 metadata:
   name: deploy-tekton-release
@@ -45,45 +45,40 @@ spec:
     description: Git revision of the repository that holds plumbing scripts
   resourcetemplates:
   - apiVersion: tekton.dev/v1beta1
-    kind: TaskRun
+    kind: PipelineRun
     metadata:
       generateName: deploy-$(tt.params.tektonProject)-release-$(tt.params.targetCluster)-
     spec:
-      taskRef:
+      pipelineRef:
         name: install-tekton-release
       params:
-      - name: projectName
-        value: $(tt.params.tektonProject)
-      - name: namespace
-        value: $(tt.params.namespace)
-      - name: version
-        value: $(tt.params.tektonVersion)
-      - name: environment
-        value: $(tt.params.targetCluster)
-      - name: release-file
-        value: $(tt.params.releaseFile)
-      - name: post-release-file
-        value: $(tt.params.postReleaseFile)
-      resources:
-        inputs:
-          - name: release-bucket
-            resourceSpec:
-              type: storage
-              params:
-              - name: type
-                value: gcs
-              - name: location
-                value: $(tt.params.releaseBucket)/$(tt.params.tektonProject)$(tt.params.releaseExtraPath)
-              - name: dir
-                value: "y"
-          - name: k8s-cluster
-            resourceRef:
-              name: $(tt.params.clusterResource)
-          - name: plumbing-library
-            resourceSpec:
-              type: git
-              params:
-              - name: revision
-                value: $(tt.params.plumbingRevision)
-              - name: url
-                value: https://$(tt.params.plumbingRepository)
+        - name: gitRepository
+          value: $(tt.params.plumbingRepository)
+        - name: gitRevision
+          value: $(tt.params.plumbingRevision)
+        - name: projectName
+          value: $(tt.params.tektonProject)
+        - name: namespace
+          value: $(tt.params.namespace)
+        - name: version
+          value: $(tt.params.tektonVersion)
+        - name: environment
+          value: $(tt.params.targetCluster)
+        - name: releaseFile
+          value: $(tt.params.releaseFile)
+        - name: postReleaseFile
+          value: $(tt.params.postReleaseFile)
+        - name: releaseBucket
+          value: $(tt.params.releaseBucket)/$(tt.params.tektonProject)$(tt.params.releaseExtraPath)
+      workspaces:
+        - name: resources
+          volumeClaimTemplate:
+            spec:
+              accessModes:
+                - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 1Gi
+        - name: targetCluster
+          secret:
+            secretName: tektoncd-$(tt.params.clusterResource)
diff --git a/tekton/resources/release/README.md b/tekton/resources/release/README.md
@@ -5,20 +5,7 @@ release management. These components are written so that they can be used by
 all the projects in the `tektoncd` GitHub org.
 The core release pipelines are still owned by the specific project.
 
-## Tasks
-
-### Verify Tekton Release
-
-The task `verify-tekton-release-github` compares the YAML of the release
-stored in the GitHub release assets, with the YAML of the release stored in the bucket.
-
-Inputs are:
-
-- Param `projectName`: the name of the project (pipeline, trigger,
-dashboard, experimental)
-- Param `version`: the version to be installed, e.g. "v0.7.0"
-- A storage resource, that should point to the release bucket. The release file
-is expected to be at `<bucket>/<projectName>/previous/<version>/release.yaml`
+## Tasks and Pipelines
 
 ### Install Tekton Release
 
@@ -30,48 +17,17 @@ Inputs are:
 - Param `projectName`: the name of the project (pipeline, trigger,
 dashboard, experimental)
 - Param `version`: the version to be installed, e.g. "v0.7.0"
-- A storage resource, that should point to the release bucket. The release file
-is expected to be at `<bucket>/<projectName>/previous/<version>/release.yaml`
-- A cluster resource, that points to the credentials for the target cluster
-
-An example using `tkn`:
-
-```
-export TEKTON_BUCKET_RESOURCE=tekton-bucket
-export TEKTON_CLUSTER_RESOURCE=k8s-cluster
-export TEKTON_PROJECT=pipeline
-export TEKTON_VERSION=v0.9.0
-
-tkn task start \
-  -i release-bucket=$TEKTON_BUCKET_RESOURCE \
-  -i k8s-cluser=$TEKTON_CLUSTER_RESOURCE \
-  -p projectName=$TEKTON_PROJECT \
-  -p version=$TEKTON_VERSION \
-  install-tekton-release
-```
+- Param `releaseBucket`. The release file
+is expected to be at `<releaseBucket>/<projectName>/previous/<version>/release.yaml`
+- Workspace `targetCluster` to be bound to a secret that holds the kubeconfig of the target cluster
 
 The release task can use a `kustomize` overlay if available. The name of the
 overlay folder is specified via the `environment` parameter.
 The overlay folder must contain a `kustomize.yaml` configuration file. It may
 also contain a `pre` folder. Any `*.sh` script found in the folder will be
 executed before the release is installed.
 
-```shell
-export TEKTON_BUCKET_RESOURCE=tekton-bucket
-export TEKTON_CLUSTER_RESOURCE=k8s-cluster
-export TEKTON_PROJECT=pipeline
-export TEKTON_VERSION=v0.9.0
-
-tkn task start \
-  -i release-bucket=$TEKTON_BUCKET_RESOURCE \
-  -i k8s-cluser=$TEKTON_CLUSTER_RESOURCE \
-  -p projectName=$TEKTON_PROJECT \
-  -p version=$TEKTON_VERSION \
-  -p environment=robocat \
-  install-tekton-release
-```
-
-## Save Release Logs
+### Save Release Logs
 
 The pipeline `save-release-logs` fetches the logs from a release pipelines
 and stores them in the release bucket along with the release YAML.
@@ -81,7 +37,7 @@ The `tekton-events` event listener receives the CloudEvent, and triggers
 the `save-release-logs` with the correct credentials to store the logs
 in the release bucket, either the main one or the nightly one.
 
-## Create Draft Release
+### Create Draft Release
 
 The pipeline `release-draft` calculates the list of PRs merged between the
 previous release and a specified revision. It also builds a list of authors and