-
Notifications
You must be signed in to change notification settings - Fork 112
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Migrate install Tekton release CD service to workspaces
Install Tekton release relies on the cluster PipelineResource to target deployments of resources. Migrate that to workspaces: a secret stored in the cluster bound through a workspace is used to target the deployment. Secrets have been preprovisioned on the cluster, their name is tektoncd-, their type is kubeconfig. See #887 for more details. The change is implemented so that the template interface does not change and thus all existing cronjobs are still valid as well as the deployment script. Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
- Loading branch information
Showing
8 changed files
with
252 additions
and
325 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,205 @@ | ||
| # Copyright 2019 The Tekton Authors | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: Task | ||
| metadata: | ||
| name: install-tekton-release | ||
| spec: | ||
| params: | ||
| - name: projectName | ||
| description: Name of the Tekton project to install e.g. pipeline, trigger, dashboard, experimental | ||
| default: pipeline | ||
| - name: namespace | ||
| description: The namespace specified in the release. This does not enforce a namespace, it's used to verify that all pods are running in the specified namespace | ||
| default: tekton-pipelines | ||
| - name: environment | ||
| description: Name of the target environment. Used to apply relevant overlays | ||
| default: dogfooding | ||
| - name: releaseFile | ||
| description: Name of the release file | ||
| default: release.yaml | ||
| - name: postReleaseFile | ||
| description: Name of the release file | ||
| default: "" | ||
| workspaces: | ||
| - name: resources | ||
| description: resources to deploy | ||
| - name: targetCluster | ||
| description: kubeconfig of the target Cluster/ServiceAccount | ||
| stepTemplate: | ||
| env: | ||
| - name: KUBECONFIG | ||
| value: $(workspaces.targetCluster.path)/kubeconfig | ||
| - name: PROJECT_NAME | ||
| value: $(params.projectName) | ||
| - name: NAMESPACE | ||
| value: $(params.namespace) | ||
| - name: ENVIRONMENT | ||
| value: $(params.environment) | ||
| - name: RELEASE_ROOT | ||
| value: $(workspaces.resources.path)/release | ||
| - name: RELEASE_FILE | ||
| value: $(params.releaseFile) | ||
| - name: POST_RELEASE_FILE | ||
| value: $(params.postReleaseFile) | ||
| - name: LIBRARY_PATH | ||
| value: $(workspaces.resources.path)/plumbing/tekton/cd | ||
| steps: | ||
| - name: deploy-tekton-project | ||
| image: gcr.io/tekton-releases/dogfooding/ko-gcloud:latest | ||
| script: | | ||
| #!/usr/bin/env bash | ||
| set -exo pipefail | ||
| # Export KUBECONFIG so that it's available to pre-scripts too | ||
| export KUBECONFIG | ||
| # Set up RELEASE_ROOT | ||
| # Handle Overlays | ||
| OVERLAY_FOLDER=${PROJECT_NAME}/overlays/${ENVIRONMENT} | ||
| APPLY_MODE="-k $OVERLAY_FOLDER" | ||
| cd ${LIBRARY_PATH} | ||
| if [ ! -d ${PROJECT_NAME} ]; then | ||
| # There are is not base or project for ${PROJECT_NAME} | ||
| # Apply the release as is | ||
| APPLY_MODE="--filename $RELEASE_ROOT/${RELEASE_FILE}" | ||
| else | ||
| # If the base exists, an overlay for the specified environment must exist | ||
| if [ ! -d "$OVERLAY_FOLDER" ]; then | ||
| echo "Environment ${ENVIRONMENT} not found for project ${PARAM.PROJECT_NAME}" | ||
| exit 1 | ||
| fi | ||
| cp $RELEASE_ROOT/${RELEASE_FILE} ${PROJECT_NAME}/base/release.yaml | ||
| find . | ||
| # Execute pre-deploy scripts if any | ||
| scripts=$(find ${OVERLAY_FOLDER}/pre -name '*.sh' 2> /dev/null || true) | ||
| for script in $scripts; do $script; done | ||
| fi | ||
| kubectl apply --kubeconfig $KUBECONFIG $APPLY_MODE | ||
| - name: wait-until-pods-and-crds | ||
| image: gcr.io/tekton-releases/dogfooding/ko-gcloud:latest | ||
| script: | | ||
| #!/usr/bin/env bash | ||
| set -exo pipefail | ||
| APPLICATION="tekton-${PROJECT_NAME}" | ||
| if [ "${PROJECT_NAME}" == "pipeline" ]; then | ||
| APPLICATION="${APPLICATION}s" | ||
| fi | ||
| # Wait for pods to be ready and CRDs to be established | ||
| kubectl wait --for condition=ready --timeout=120s pods -l app.kubernetes.io/part-of=$APPLICATION -n ${NAMESPACE} | ||
| kubectl wait --for condition=established --timeout=60s crd -l app.kubernetes.io/part-of=$APPLICATION | ||
| - name: deploy-extra-manifest | ||
| image: gcr.io/tekton-releases/dogfooding/ko-gcloud:latest | ||
| script: | | ||
| #!/usr/bin/env bash | ||
| set -exo pipefail | ||
| if [ "${POST_RELEASE_FILE}" != "" ]; then | ||
| kubectl apply --kubeconfig $KUBECONFIG -f ${RELEASE_ROOT}/${POST_RELEASE_FILE} | ||
| fi | ||
| --- | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: Pipeline | ||
| metadata: | ||
| name: install-tekton-release | ||
| spec: | ||
| params: | ||
| - name: gitRepository | ||
| description: URL of the repository that holds the folder | ||
| default: github.com/tektoncd/plumbing | ||
| - name: gitRevision | ||
| description: Git revision | ||
| default: main | ||
| - name: projectName | ||
| description: Name of the Tekton project to install e.g. pipeline, trigger, dashboard, experimental | ||
| default: pipeline | ||
| - name: namespace | ||
| description: The namespace specified in the release. This does not enforce a namespace, it's used to verify that all pods are running in the specified namespace | ||
| default: tekton-pipelines | ||
| - name: version | ||
| description: The vX.Y.Z version that we want to install (including `v`) | ||
| - name: environment | ||
| description: Name of the target environment. Used to apply relevant overlays | ||
| default: dogfooding | ||
| - name: releaseFile | ||
| description: Name of the release file | ||
| default: release.yaml | ||
| - name: postReleaseFile | ||
| description: Name of the release file | ||
| default: "" | ||
| - name: releaseBucket | ||
| description: Bucket were the release files are stored e.g. gs://tekton-releases/pipeline | ||
| workspaces: | ||
| - name: resources | ||
| description: resources to deploy | ||
| - name: targetCluster | ||
| description: kubeconfig of the target Cluster/ServiceAccount | ||
| - name: credentials | ||
| description: bucket credentials. If not needed, pass an emptyDir{} | ||
| tasks: | ||
| - name: git-clone | ||
| taskRef: | ||
| name: git-clone | ||
| bundle: gcr.io/tekton-releases/catalog/upstream/git-clone:0.7 | ||
| params: | ||
| - name: url | ||
| value: https://$(params.gitRepository) | ||
| - name: revision | ||
| value: $(params.gitRevision) | ||
| - name: subdirectory | ||
| value: plumbing | ||
| workspaces: | ||
| - name: output | ||
| workspace: resources | ||
| - name: fetch-release | ||
| runAfter: ['git-clone'] | ||
| taskRef: | ||
| name: gcs-download | ||
| bundle: gcr.io/tekton-releases/catalog/upstream/gcs-download:0.1 | ||
| params: | ||
| - name: path | ||
| value: release | ||
| - name: location | ||
| value: $(params.releaseBucket)/previous/$(params.version) | ||
| - name: typeDir | ||
| value: "true" | ||
| workspaces: | ||
| - name: output | ||
| workspace: resources | ||
| - name: credentials | ||
| workspace: credentials | ||
| - name: install-tekton-release | ||
| runAfter: ['fetch-release'] | ||
| taskRef: | ||
| name: install-tekton-release | ||
| params: | ||
| - name: projectName | ||
| value: $(params.projectName) | ||
| - name: namespace | ||
| value: $(params.namespace) | ||
| - name: environment | ||
| value: $(params.environment) | ||
| - name: releaseFile | ||
| value: $(params.releaseFile) | ||
| - name: postReleaseFile | ||
| value: $(params.postReleaseFile) | ||
| workspaces: | ||
| - name: resources | ||
| workspace: resources | ||
| - name: targetCluster | ||
| workspace: targetCluster |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.