Skip to content

Commit

Permalink
Migrate the folder template CD service to workspaces
Browse files Browse the repository at this point in the history 
Folder template relies on the cluster PipelineResource to target
deployments of resources and git PipelineResource to clone the
git repository.

Migrate that to workspaces:
- the git-clone task from the catalog is used to clone the repo
- a secret stored in the cluster bound through a workspace is
  used to target the deployment

Secrets have been preprovisioned on the cluster, their name is
tektoncd-<pipeline-resource-name>, their type is kubeconfig.
See tektoncd#887 for more
details.

Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
  • Loading branch information
@afrittoli
afrittoli committed Jul 21, 2022
1 parent 14320ab commit 52e85e8
Showing 1 changed file with 152 additions and 83 deletions.
235 changes: 152 additions & 83 deletions tekton/resources/cd/folder-template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,138 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: deploy-from-folder
spec:
params:
- name: folderPath
description: folder within the workspace to deploy from
- name: namespace
description: target namespace
- name: deployMethod
description: One of "apply", "create" or "replace"
- name: isOverlay
description: Whether the folder is a kustomize overlay "true" or "false"
workspaces:
- name: resources
description: resources to deploy
- name: targetCluster
description: kubeconfig of the target Cluster/ServiceAccount
stepTemplate:
env:
- name: KUBECONFIG
value: $(workspaces.targetCluster.path)/kubeconfig
- name: RESOURCES_PATH
value: $(workspaces.resources.path)
- name: FOLDER_PATH
value: $(params.folderPath)
- name: NAMESPACE
value: $(params.namespace)
- name: DEPLOY_METHOD
value: $(params.deployMethod)
- name: IS_OVERLAY
value: $(params.isOverlay)
steps:
- name: deploy-from-folder
image: gcr.io/tekton-releases/dogfooding/kubectl
script: |
#!/bin/sh
set -ex
# Determine whether to enforce namespace across resources
NAMESPACE_PARAM="-n ${NAMESPACE}"
[[ "${NAMESPACE}" == "" ]] && NAMESPACE_PARAM=""
# Handle overlays
TARGET=${RESOURCES_PATH}/${FOLDER_PATH}
if [[ "${IS_OVERLAY}" == "true" ]]; then
TARGET=target.yaml
kustomize build \
${RESOURCES_PATH}/${FOLDER_PATH} > $TARGET
fi
# Check if there is any diff
DIFF=diff.txt
kubectl diff $NAMESPACE_PARAM -f $TARGET | tee $DIFF
# If there is no diff, we don't need to update
if [ ! -s ${DIFF?} ]; then
echo "No change detected, nothing to be done."
exit 0
fi
# When deploying with replace, we need to do a create first,
# to ensure new resources are created
CREATE_OUTPUT=create.txt
if [[ "${DEPLOY_METHOD}" == "replace" ]]; then
kubectl create $NAMESPACE_PARAM -f $TARGET 2> $CREATE_OUTPUT || true
# If there was some unexpected message in the error log, fail
if egrep -v '(already exists|^Warning)' $CREATE_OUTPUT; then
echo "Something went wrong when creating resources"
exit 1
fi
fi
# Run the actual deployment. If it fails, it will fail the step.
kubectl "${DEPLOY_METHOD}" $NAMESPACE_PARAM -f $TARGET
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: deploy-from-folder
spec:
params:
- name: gitRepository
description: URL of the repository that holds the folder
- name: gitRevision
description: Git revision
- name: folderPath
description: folder within the workspace to deploy from
- name: namespace
description: target namespace
- name: deployMethod
description: One of "apply", "create" or "replace"
- name: isOverlay
description: Whether the folder is a kustomize overlay "true" or "false"
workspaces:
- name: resources
description: resources to deploy
- name: targetCluster
description: kubeconfig of the target Cluster/ServiceAccount
tasks:
- name: git-clone
taskRef:
name: git-clone
bundle: gcr.io/tekton-releases/catalog/upstream/git-clone:0.7
params:
- name: url
value: $(params.gitRepository)
- name: revision
value: $(params.gitRevision)
workspaces:
- name: output
workspace: resources
- name: deploy
runAfter: ["git-clone"]
taskRef:
name: deploy-from-folder
params:
- name: folderPath
value: $(params.folderPath)
- name: namespace
value: $(params.namespace)
- name: deployMethod
value: $(params.deployMethod)
- name: isOverlay
value: $(params.isOverlay)
workspaces:
- name: resource
workspace: resources
- name: targetCluster
workspace: targetCluster
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
Expand All @@ -37,78 +169,16 @@ spec:
default: "false"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: TaskRun
kind: PipelineRun
metadata:
generateName: deploy-resources-$(tt.params.folderDescription)-
spec:
taskSpec:
params:
- name: folderPath
- name: namespace
- name: deployMethod
- name: isOverlay
resources:
inputs:
- name: source
type: git
- name: targetCluster
type: cluster
stepTemplate:
env:
- name: KUBECONFIG
value: /workspace/$(resources.inputs.targetCluster.name)/kubeconfig
- name: FOLDER_PATH
value: $(params.folderPath)
- name: NAMESPACE
value: $(params.namespace)
- name: DEPLOY_METHOD
value: $(params.deployMethod)
- name: IS_OVERLAY
value: $(params.isOverlay)
steps:
- name: deploy-from-folder
image: gcr.io/tekton-releases/dogfooding/kubectl
script: |
#!/bin/sh
set -ex
# Determine whether to enforce namespace across resources
NAMESPACE_PARAM="-n ${NAMESPACE}"
[[ "${NAMESPACE}" == "" ]] && NAMESPACE_PARAM=""
# Handle overlays
TARGET=$(resources.inputs.source.path)/${FOLDER_PATH}
if [[ "${IS_OVERLAY}" == "true" ]]; then
TARGET=target.yaml
kustomize build \
$(resources.inputs.source.path)/${FOLDER_PATH} > $TARGET
fi
# Check if there is any diff
DIFF=diff.txt
kubectl diff $NAMESPACE_PARAM -f $TARGET | tee $DIFF
# If there is no diff, we don't need to update
if [ ! -s ${DIFF?} ]; then
echo "No change detected, nothing to be done."
exit 0
fi
# When deploying with replace, we need to do a create first,
# to ensure new resources are created
CREATE_OUTPUT=create.txt
if [[ "${DEPLOY_METHOD}" == "replace" ]]; then
kubectl create $NAMESPACE_PARAM -f $TARGET 2> $CREATE_OUTPUT || true
# If there was some unexpected message in the error log, fail
if egrep -v '(already exists|^Warning)' $CREATE_OUTPUT; then
echo "Something went wrong when creating resources"
exit 1
fi
fi
# Run the actual deployment. If it fails, it will fail the step.
kubectl "${DEPLOY_METHOD}" $NAMESPACE_PARAM -f $TARGET
params:
pipelineRef:
name: deploy-from-folder
params:
- name: gitRepository
value: https://$(tt.params.gitRepository)
- name: gitRevision
value: $(tt.params.gitRevision)
- name: folderPath
value: $(tt.params.folderPath)
- name: namespace
Expand All @@ -117,16 +187,15 @@ spec:
value: $(tt.params.deployMethod)
- name: isOverlay
value: $(tt.params.isOverlay)
resources:
inputs:
- name: source
resourceSpec:
type: git
params:
- name: revision
value: $(tt.params.gitRevision)
- name: url
value: https://$(tt.params.gitRepository)
- name: targetCluster
resourceRef:
name: $(tt.params.clusterResource)
workspaces:
- name: resources
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: targetCluster
secret:
secretName: tektoncd-$(tt.params.clusterResource)

0 comments on commit 52e85e8

Please sign in to comment.