beppe/cicdTest
1
0
Fork 0
mirror of https://github.com/bvanroll/cicdTest.git synced 2025-08-29 20:12:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

consul init

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2020-03-09 10:25:30 +01:00
parent e0d1d88279
commit 3ddc551e2a
32 changed files with 0 additions and 1175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
helm-hello/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

21
helm-hello/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: hello
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 1.16.0

21
helm-hello/templates.OLD/NOTES.txt
View File

@@ -1,21 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "hello.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "hello.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "hello.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "hello.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

63
helm-hello/templates.OLD/_helpers.tpl
View File

@@ -1,63 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "hello.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "hello.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "hello.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "hello.labels" -}}
helm.sh/chart: {{ include "hello.chart" . }}
{{ include "hello.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "hello.selectorLabels" -}}
app.kubernetes.io/name: {{ include "hello.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "hello.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "hello.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

55
helm-hello/templates.OLD/deployment.yaml
View File

@@ -1,55 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "hello.fullname" . }}
labels:
{{- include "hello.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "hello.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "hello.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "hello.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

41
helm-hello/templates.OLD/ingress.yaml
View File

@@ -1,41 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "hello.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "hello.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

15
helm-hello/templates.OLD/service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "hello.fullname" . }}
labels:
{{- include "hello.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "hello.selectorLabels" . | nindent 4 }}

12
helm-hello/templates.OLD/serviceaccount.yaml
View File

@@ -1,12 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "hello.serviceAccountName" . }}
labels:
{{- include "hello.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

15
helm-hello/templates.OLD/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "hello.fullname" . }}-test-connection"
labels:
{{- include "hello.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "hello.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

14
helm-hello/templates/pod-server-a.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: server-a
labels:
server: "http"
expose: "true"
spec:
containers:
- name: front-end
image: beppev/server-a:latest
ports:
- containerPort: 5000

12
helm-hello/templates/pod-server-b.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: server-b
labels:
server: "http"
spec:
containers:
- name: front-end
image: beppev/server-b:latest
ports:
- containerPort: 5000

14
helm-hello/templates/service-expose.yaml
View File

@@ -1,14 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: expose-server
spec:
type: NodePort
selector:
expose: "true"
ports:
- name: http
protocol: TCP
targetPort: 5000
port: 5000
nodePort: 30036

11
helm-hello/templates/service.yaml
View File

@@ -1,11 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: server-check
spec:
selector:
server: "http"
ports:
- name: http
protocol: TCP
port: 5000

68
helm-hello/values.yaml
View File

@@ -1,68 +0,0 @@
# Default values for hello.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

243
manifests/full-pipeline.yaml
View File

@@ -1,243 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: tekton-pipeline-istio-project-1
labels:
istio-injection: enabled #zorgt voor auto sidecar injection
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-acc
namespace: tekton-pipeline-istio-project-1
secrets:
- name: regcred
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-creation
rules:
- apiGroups:
- ""
- "apps"
- "deploy"
- "networking.istio.io"
resources:
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
- destinationrules
- gateways
- virtualservices
verbs:
- list
- watch
- get
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: allow-creation-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: allow-creation
subjects:
- kind: ServiceAccount
name: service-acc
namespace: tekton-pipeline-istio-project-1
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-master
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: master
- name: url
value: git://github.com/beppevanrolleghem/cicdTest
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-experimental
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: experimental
- name: url
value: git://github.com/beppevanrolleghem/cicdTest
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-and-push
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
params:
- name: context
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: image-name
description: dockerhub url
- name: version
description: image-version (for instance latest or beta)
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- "--dockerfile=$(inputs.resources.git-source.path)/$(inputs.params.context)/dockerfile"
- "--destination=beppev/$(inputs.params.image-name):$(inputs.params.version)"
- "--context=$(inputs.resources.git-source.path)/$(inputs.params.context)/"
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: destroy-application
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
steps:
- name: delete-old-deployment
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "delete"
- "--ignore-not-found"
- "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml"
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: deploy-application
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
steps:
- name: deploy-new-app
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "apply"
- "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml"
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: application-pipeline
namespace: tekton-pipeline-istio-project-1
spec:
resources:
- name: git-master
type: git
- name: git-experimental
type: git
tasks:
- name: destroy-application #@TODO make it so that the delete can be skipped if error
taskRef:
name: destroy-application
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-a
taskRef:
name: build-and-push
params:
- name: context
value: "serverA"
- name: image-name
value: "server-a"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-b-stable
taskRef:
name: build-and-push
params:
- name: context
value: "serverB"
- name: image-name
value: "server-b"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-b-experimental
taskRef:
name: build-and-push
params:
- name: context
value: "serverB"
- name: image-name
value: "server-b"
- name: version
value: "experimental"
resources:
inputs:
- name: git-source
resource: git-experimental
- name: build-and-push-d
taskRef:
name: build-and-push
params:
- name: context
value: "serverD"
- name: image-name
value: "server-d"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: deploy-application #@TODO make it so that the delete can be skipped if error
taskRef:
name: deploy-application
runAfter:
- build-and-push-d
- build-and-push-b-experimental
- build-and-push-a
- build-and-push-b-stable
- destroy-application
resources:
inputs:
- name: git-source
resource: git-master
# DO NOT FORGET TO SET REGCREDS FOR DOCKER

60
manifests/github-trigger-setup.yaml
View File

@@ -1,60 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-trigger-binding
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
value: $(body.pull_request.head.sha)
- name: gitrepositoryurl
value: $(body.pull_request.head.repo.clone_url)
- name: prurl
value: $(body.pull_request.html_url)
- name: repo
value: $(body.pull_request.base.repo.full_name)
- name: source
value: github
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-trigger-template
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-event-listener
spec:
serviceAccountName: service-acc
triggers:
- binding:
name: github-trigger-binding
template:
name: github-trigger-template

93
manifests/github-webhook-setup.yaml
View File

@@ -1,93 +0,0 @@
# MAKE SURE TO SET UP SECRETS.YAML BEFORE EXAMPLE:
#
# this sets up webhooks for github. you can also do this manually in web gui
#
#
#
# apiVersion: v1
# kind: Secret
# metadata:
# name: webhook-secret
# namespace: tekton-pipeline-istio-project-1
# stringData:
# token: GITHUBTOKEN
# secret: random-string-data
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-webhook
namespace: tekton-pipeline-istio-project-1
spec:
volumes:
- name: github-secret
secret:
secretName: $(inputs.params.GitHubSecretName)
inputs:
params:
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
- name: GitHubUser
description: "The GitHub user"
- name: GitHubRepo
description: "The GitHub repo where the webhook will be created"
- name: GitHubOrg
description: "The GitHub organization where the webhook will be created"
- name: GitHubSecretName
description: "The Secret name for GitHub access token. This is always mounted and must exist"
- name: GitHubAccessTokenKey
description: "The GitHub access token key name"
- name: GitHubSecretStringKey
description: "The GitHub secret string key name"
- name: GitHubDomain
description: "The GitHub domain. Override for GitHub Enterprise"
default: "github.com"
- name: WebhookEvents
description: "List of events the webhook will send notifications for"
default: '[\"push\",\"pull_request\"]'
steps:
- name: create-webhook
image: pstauffer/curl:latest
volumeMounts:
- name: github-secret
mountPath: /var/secret
command:
- sh
args:
- -ce
- |
set -e
echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-repo-webhook
namespace: tekton-pipeline-istio-project-1
spec:
taskRef:
name: create-webhook
inputs:
params:
- name: GitHubOrg
value: "beppevanrolleghem"
- name: GitHubUser
value: "beppevanrolleghem"
- name: GitHubRepo
value: "cicdTest"
- name: GitHubSecretName
value: webhook-secret
- name: GitHubAccessTokenKey
value: token
- name: GitHubSecretStringKey
value: secret
- name: ExternalDomain
value: 35.233.93.220
timeout: 1000s
serviceAccountName: service-acc

16
manifests/pipeline-run.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental

83
manifests/pipeline/pipeline.yaml
View File

@@ -1,83 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: application-pipeline
namespace: tekton-pipeline-istio-project-1
spec:
resources:
- name: git-master
type: git
- name: git-experimental
type: git
tasks:
- name: build-and-push-a
taskRef:
name: build-and-push
params:
- name: context
value: "serverA"
- name: image-name
value: "server-a"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-b-stable
taskRef:
name: build-and-push
runAfter:
- build-and-push-a
params:
- name: context
value: "serverB"
- name: image-name
value: "server-b"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-b-experimental
taskRef:
name: build-and-push
runAfter:
- build-and-push-b-stable
params:
- name: context
value: "serverB"
- name: image-name
value: "server-b"
- name: version
value: "experimental"
resources:
inputs:
- name: git-source
resource: git-experimental
- name: build-and-push-d
taskRef:
name: build-and-push
runAfter:
- build-and-push-b-experimental
params:
- name: context
value: "serverD"
- name: image-name
value: "server-d"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: deploy-application
taskRef:
name: deploy-application
runAfter:
- build-and-push-d
resources:
inputs:
- name: git-source
resource: git-master

16
manifests/pipeline/pipelineRun.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental

13
manifests/resources/cluster-role-binding.yaml
View File

@@ -1,13 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: allow-creation-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: allow-creation
subjects:
- kind: ServiceAccount
name: service-acc
namespace: tekton-pipeline-istio-project-1

29
manifests/resources/cluster-role.yaml
View File

@@ -1,29 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-creation
rules:
- apiGroups:
- ""
- "apps"
- "deploy"
- "networking.istio.io"
resources:
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
- destinationrules
- gateways
- virtualservices
verbs:
- list
- watch
- get
- create
- update
- patch
- delete

28
manifests/resources/create-repo-webhook.yaml
View File

@@ -1,28 +0,0 @@
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-repo-webhook
namespace: tekton-pipeline-istio-project-1
spec:
taskRef:
name: create-webhook
inputs:
params:
- name: GitHubOrg
value: "beppevanrolleghem"
- name: GitHubUser
value: "beppevanrolleghem"
- name: GitHubRepo
value: "cicdTest"
- name: GitHubSecretName
value: webhook-secret
- name: GitHubAccessTokenKey
value: token
- name: GitHubSecretStringKey
value: secret
- name: ExternalDomain
value: 35.233.93.220
timeout: 1000s
serviceAccount: tekton-triggers-createwebhook

51
manifests/resources/create-webhook.yaml
View File

@@ -1,51 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-webhook
namespace: tekton-pipeline-istio-project-1
spec:
volumes:
- name: github-secret
secret:
secretName: $(inputs.params.GitHubSecretName)
inputs:
params:
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
- name: GitHubUser
description: "The GitHub user"
- name: GitHubRepo
description: "The GitHub repo where the webhook will be created"
- name: GitHubOrg
description: "The GitHub organization where the webhook will be created"
- name: GitHubSecretName
description: "The Secret name for GitHub access token. This is always mounted and must exist"
- name: GitHubAccessTokenKey
description: "The GitHub access token key name"
- name: GitHubSecretStringKey
description: "The GitHub secret string key name"
- name: GitHubDomain
description: "The GitHub domain. Override for GitHub Enterprise"
default: "github.com"
- name: WebhookEvents
description: "List of events the webhook will send notifications for"
default: '[\"push\",\"pull_request\"]'
steps:
- name: create-webhook
image: pstauffer/curl:latest
volumeMounts:
- name: github-secret
mountPath: /var/secret
command:
- sh
args:
- -ce
- |
set -e
echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi

26
manifests/resources/git.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-master
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: master
- name: url
value: git://github.com/beppevanrolleghem/cicdTest
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-experimental
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: experimental
- name: url
value: git://github.com/beppevanrolleghem/cicdTest

7
manifests/resources/namespace.yaml
View File

@@ -1,7 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: tekton-pipeline-istio-project-1
labels:
istio-injection: enabled #zorgt voor auto sidecar injection

8
manifests/resources/service-account.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-acc
namespace: tekton-pipeline-istio-project-1
secrets:
- name: regcred

31
manifests/tasks/build-and-push.yaml
View File

@@ -1,31 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-and-push
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
params:
- name: context
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: image-name
description: dockerhub url
- name: version
description: image-version (for instance latest or beta)
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- "--dockerfile=$(inputs.resources.git-source.path)/$(inputs.params.context)/dockerfile"
- "--destination=beppev/$(inputs.params.image-name):$(inputs.params.version)"
- "--context=$(inputs.resources.git-source.path)/$(inputs.params.context)/"

26
manifests/tasks/deploy-application.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: deploy-application
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
steps:
- name: delete-old-deployment
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "delete"
- "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml"
- name: deploy-new-app
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "apply"
- "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml"

12
manifests/triggers/event-listener.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-event-listener
spec:
serviceAccountName: service-acc
triggers:
- binding:
name: github-trigger-binding
template:
name: github-trigger-template

18
manifests/triggers/trigger-binding.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-trigger-binding
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
value: $(body.pull_request.head.sha)
- name: gitrepositoryurl
value: $(body.pull_request.head.repo.clone_url)
- name: prurl
value: $(body.pull_request.html_url)
- name: repo
value: $(body.pull_request.base.repo.full_name)
- name: source
value: github

30
manifests/triggers/trigger-template.yaml
View File

@@ -1,30 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-trigger-template
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental