beppe/cicdTest
1
0
Fork 0
mirror of https://github.com/bvanroll/cicdTest.git synced 2025-08-28 19:42:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

housekeeping

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2020-03-16 11:14:14 +01:00
parent 1f3a134e52
commit 40c6faf21c
41 changed files with 496 additions and 1006 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

BIN
manifests/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
manifests/Tekton/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
manifests/Tekton/pipeline/.DS_Store vendored Normal file
View File

Binary file not shown.

120
manifests/Tekton/pipeline/pipeline.yaml Normal file
View File

@@ -0,0 +1,120 @@
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: application-pipeline
#namespace: stage-tekton-pipeline
spec:
params:
- name: git-url
description: url of the github repository to clone
- name: branch
description: name of the master branch of the repository
workspaces:
- name: workspace-master
- name: workspace-experimental
tasks:
- name: clone-master
taskRef:
name: git-clone
workspaces:
- name: output
workspace: workspace-master
params:
- name: url
value: $(inputs.params.git-url)
- name: revision
value: $(inputs.params.master-branch)
- name: build-and-push-a
taskRef:
name: build-and-push
runAfter:
- clone-master
workspaces:
- name: source
workspace: workspace-master
params:
- name: context
value: "server-a"
- name: image-name
value: "server-a"
- name: version
value: "$(inputs.params.master-branch)"
- name: build-and-push-b-stable
taskRef:
name: build-and-push
runAfter:
- clone-master
workspaces:
- name: source
workspace: workspace-master
params:
- name: context
value: "server-b"
- name: image-name
value: "server-b"
- name: version
value: "$(inputs.params.master-branch)"
- name: build-and-push-d
taskRef:
name: build-and-push
runAfter:
- clone-master
workspaces:
- name: source
workspace: workspace-master
params:
- name: context
value: "server-d"
- name: image-name
value: "server-d"
- name: version
value: "$(inputs.params.master-branch)"
- name: clone-experimental
taskRef:
name: git-clone
workspaces:
- name: output
workspace: workspace-experimental
params:
- name: url
value: $(inputs.params.git-url)
- name: revision
value: $(inputs.params.experimental-branch)
- name: build-and-push-b-experimental
taskRef:
name: build-and-push
workspaces:
- name: source
workspace: workspace-experimental
runAfter:
- clone-experimental
params:
- name: context
value: "server-b"
- name: image-name
value: "server-b"
- name: version
value: "$(inputs.params.experimental-branch)"
- name: deploy-infra
taskRef:
name: execute-yaml
workspaces:
- name: source
workspace: workspace-master
runAfter:
- build-and-push-b-experimental
- build-and-push-d
- build-and-push-a
- build-and-push-b-stable
params:
- name: yaml-location
value: "infra.yaml"
- name: execute-yaml #@TODO make it so that the delete can be skipped if error
taskRef:
name: execute-yaml
workspaces:
- name: source
workspace: workspace-master
runAfter:
- deploy-infra

BIN
manifests/Tekton/resources/.DS_Store vendored Normal file
View File

Binary file not shown.

0
manifests/resources/create-repo-webhook.yaml → manifests/Tekton/resources/create-repo-webhook.yaml
View File

0
manifests/resources/create-webhook.yaml → manifests/Tekton/resources/create-webhook.yaml
View File

12
manifests/Tekton/resources/experimental-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: workspace-pvc-experimental
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi

12
manifests/Tekton/resources/master-pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: master-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi

0
manifests/resources/namespace.yaml → manifests/Tekton/resources/namespace.yaml
View File

9
manifests/Tekton/resources/secrets.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Secret
metadata:
name: github-secret
namespace: tekton-pipeline-istio-project-1
stringData:
token: GITHUBSECRETTOKEN
secret: random-string-data

BIN
manifests/Tekton/runs/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
manifests/Tekton/runs/pipeline/.DS_Store vendored Normal file
View File

Binary file not shown.

0
manifests/pipeline/pipelineRun.yaml → manifests/Tekton/runs/pipeline/pipelineRun.yaml
View File

28
manifests/Tekton/runs/task/create-repo-webhook.yaml Normal file
View File

@@ -0,0 +1,28 @@
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-repo-webhook
#namespace: stage-tekton-pipeline
spec:
taskRef:
name: create-webhook
inputs:
params:
- name: GitHubOrg
value: "beppevanrolleghem"
- name: GitHubUser
value: "beppevanrolleghem"
- name: GitHubRepo
value: "cicdTest"
- name: GitHubSecretName
value: webhook-secret
- name: GitHubAccessTokenKey
value: token
- name: GitHubSecretStringKey
value: secret
- name: ExternalDomain
value: "ingress.llocal.host"
timeout: 1000s
serviceAccountName: service-acc

BIN
manifests/Tekton/service-accounts/.DS_Store vendored Normal file
View File

Binary file not shown.

2
manifests/resources/cluster-role-binding.yaml → manifests/Tekton/service-accounts/cluster-role-binding.yaml
View File

@@ -10,4 +10,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: service-acc
namespace: tekton-pipeline-istio-project-1
namespace: default

43
manifests/Tekton/service-accounts/cluster-role.yaml Normal file
View File

@@ -0,0 +1,43 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-creation
rules:
- apiGroups:
- ""
- "apps"
- "deploy"
- "rbac.authorization.k8s.io"
- "networking.k8s.io"
- "extensions"
- "tekton.dev"
# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren.
resources:
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
- clusterroles
- roles
- clusterrolebindings
- rolebindings
- ingresses
- eventlisteners
- triggerbindings
- triggertemplates
- configmaps
- secrets
- pipelineruns
- pipelineresources
- taskruns
verbs:
- list
- watch
- get
- create
- update
- patch
- delete

3
manifests/resources/service-account.yaml → manifests/Tekton/service-accounts/service-account.yaml
View File

@@ -3,6 +3,5 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: service-acc
namespace: tekton-pipeline-istio-project-1
secrets:
- name: regcred
- name: regcred #docker registry credentials

32
manifests/Tekton/tasks/build-and-push.yaml Normal file
View File

@@ -0,0 +1,32 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-and-push
spec:
params:
- name: context
description: The path to the build context, used by Kaniko - within the workspace
default: .
type: string
- name: image-name
description: dockerhub url
type: string
- name: version
description: image-version (for instance latest or beta)
type: string
workspaces:
- name: source
mountpath: /source
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- "--dockerfile=/source/$(params.context)/dockerfile"
- "--destination=beppev/$(params.image-name):$(params.version)"
- "--context=/source/$(params.context)/"

51
manifests/Tekton/tasks/create-webhook.yaml Normal file
View File

@@ -0,0 +1,51 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-webhook
#namespace: stage-tekton-pipeline
spec:
volumes:
- name: github-secret
secret:
secretName: $(inputs.params.GitHubSecretName)
inputs:
params:
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
- name: GitHubUser
description: "The GitHub user"
- name: GitHubRepo
description: "The GitHub repo where the webhook will be created"
- name: GitHubOrg
description: "The GitHub organization where the webhook will be created"
- name: GitHubSecretName
description: "The Secret name for GitHub access token. This is always mounted and must exist"
- name: GitHubAccessTokenKey
description: "The GitHub access token key name"
- name: GitHubSecretStringKey
description: "The GitHub secret string key name"
- name: GitHubDomain
description: "The GitHub domain. Override for GitHub Enterprise"
default: "github.com"
- name: WebhookEvents
description: "List of events the webhook will send notifications for"
default: '[\"push\",\"pull_request\"]'
steps:
- name: create-webhook
image: pstauffer/curl:latest
volumeMounts:
- name: github-secret
mountPath: /var/secret
command:
- sh
args:
- -ce
- |
set -e
echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi

24
manifests/Tekton/tasks/execute-yaml.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: execute-yaml
#namespace: stage-tekton-pipeline
spec:
params:
- name: yaml-location
default: deploy.yaml
- name: command
default: apply
workspaces:
- name: source
mountpath: /source
steps:
- name: deploy-new-app
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "$(params.command)"
- "-f"
- "/source/$(params.yaml-location)"

72
manifests/Tekton/tasks/git-clone.yaml Normal file
View File

@@ -0,0 +1,72 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: git-clone
spec:
workspaces:
- name: output
description: workspace the repo will be cloned into
params:
- name: url
description: git url to clone
type: string
- name: revision
description: git revision to checkout (branch, tag, sha, ref…)
type: string
default: master
- name: submodules
description: defines if the resource should initialize and fetch the submodules
type: string
default: "true"
- name: depth
description: performs a shallow clone where only the most recent commit(s) will be fetched
type: string
default: "1"
- name: sslVerify
description: defines if http.sslVerify should be set to true or false in the global git config
type: string
default: "true"
- name: subdirectory
description: subdirectory inside the "output" workspace to clone the git repo into
type: string
default: "src"
- name: deleteExisting
description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there
type: string
default: "true"
results:
- name: commit
description: The precise commit SHA that was fetched by this Task
steps:
- name: clone
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest
script: |
CHECKOUT_DIR="$(workspaces.output.path)"
cleandir() {
if [[ -d "$CHECKOUT_DIR" ]] ; then
rm -rf "$CHECKOUT_DIR"/*
rm -rf "$CHECKOUT_DIR"/.[!.]*
rm -rf "$CHECKOUT_DIR"/..?*
fi
}
if [[ "$(inputs.params.deleteExisting)" == "true" ]] ; then
cleandir
ls -lah "$CHECKOUT_DIR"
fi
/ko-app/git-init \
-url "$(inputs.params.url)" \
-revision "$(inputs.params.revision)" \
-path "$CHECKOUT_DIR" \
-sslVerify "$(inputs.params.sslVerify)" \
-submodules "$(inputs.params.submodules)" \
-depth "$(inputs.params.depth)"
cd "$CHECKOUT_DIR"
RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')"
EXIT_CODE="$?"
if [ "$EXIT_CODE" != 0 ]
then
exit $EXIT_CODE
fi
# Make sure we don't add a trailing newline to the result!
echo -n "$RESULT_SHA" > $(results.commit.path)

36
manifests/Tekton/triggers/event-listener.yaml Normal file
View File

@@ -0,0 +1,36 @@
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-event-listener
spec:
serviceAccountName: service-acc
triggers:
- name: github
# interceptors:
# - github:
# eventTypes:
# - pull_request
# - push
bindings:
- name: github-trigger-binding
template:
name: github-trigger-template
---
apiVersion: v1
kind: Service
metadata:
name: manual-service
spec:
ports:
- name: http-listener
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/managed-by: EventListener
app.kubernetes.io/part-of: Triggers
eventlistener: github-event-listener
type: LoadBalancer

18
manifests/Tekton/triggers/trigger-binding.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-trigger-binding
#namespace: stage-tekton-pipeline
spec:
params:
- name: gitrevision
value: $(body.repository.default_branch)
- name: gitrepositoryurl
value: $(body.repository.clone_url)
# - name: prurl
# value: $(body.pull_request.html_url)
# - name: repo
# value: $(body.pull_request.base.repo.full_name)
# - name: source
# value: github

35
manifests/Tekton/triggers/trigger-template.yaml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-trigger-template
#namespace: stage-tekton-pipeline
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
#namespace: stage-tekton-pipeline
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline #gebruik dit om de pipeline aan te passen naar andere versies, zolang ze zich in dezelfde #namespace bevinden kunnen we deze pipeline hergebruiken om deployments op de cluster uit te voeren. service-mesh agnostisch.
workspaces:
- name: workspace-master
persistentVolumeClaim:
claimName: workspace-pvc-master
- name: workspace-experimental
persistentVolumeClaim:
claimName: workspace-pvc-experimental
params:
- name: git-url
value: $(inputs.params.gitrepositoryurl)
- name: branch
value: $(inputs.params.gitrevision)

4
manifests/demo.yaml → manifests/Utilities/event-listener-debug.yaml
View File

@@ -18,8 +18,8 @@ spec:
eventlistener: github-event-listener
spec:
containers:
- name: nginx
image: nginx
- name: network-multitool
image: praqma/network-multitool
imagePullPolicy: "Always"
ports:
- containerPort: 8080

309
manifests/full-pipeline.yaml
View File

@@ -1,309 +0,0 @@
# ---
# apiVersion: v1
# kind: #namespace
# metadata:
# name: stage-tekton-pipeline
# labels:
# istio-injection: enabled #zorgt voor auto sidecar injection
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-acc
#namespace: stage-tekton-pipeline
secrets:
- name: regcred
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-creation
rules:
- apiGroups:
- ""
- "apps"
- "deploy"
# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren.
resources:
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
verbs:
- list
- watch
- get
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: allow-creation-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: allow-creation
subjects:
- kind: ServiceAccount
name: service-acc
namespace: default
---
# TODO add git clone task
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: git-clone
spec:
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this workspace
params:
- name: url
description: git url to clone
type: string
- name: revision
description: git revision to checkout (branch, tag, sha, ref…)
type: string
default: master
- name: submodules
description: defines if the resource should initialize and fetch the submodules
type: string
default: "true"
- name: depth
description: performs a shallow clone where only the most recent commit(s) will be fetched
type: string
default: "1"
- name: sslVerify
description: defines if http.sslVerify should be set to true or false in the global git config
type: string
default: "true"
- name: subdirectory
description: subdirectory inside the "output" workspace to clone the git repo into
type: string
default: "src"
- name: deleteExisting
description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there
type: string
default: "true"
results:
- name: commit
description: The precise commit SHA that was fetched by this Task
steps:
- name: clone
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest
script: |
CHECKOUT_DIR="$(workspaces.output.path)"
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/"
# or the root of a mounted volume.
if [[ -d "$CHECKOUT_DIR" ]] ; then
# Delete non-hidden files and directories
rm -rf "$CHECKOUT_DIR"/*
# Delete files and directories starting with . but excluding ..
rm -rf "$CHECKOUT_DIR"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "$CHECKOUT_DIR"/..?*
fi
}
if [[ "$(inputs.params.deleteExisting)" == "true" ]] ; then
cleandir
ls -lah "$CHECKOUT_DIR"
fi
/ko-app/git-init \
-url "$(inputs.params.url)" \
-revision "$(inputs.params.revision)" \
-path "$CHECKOUT_DIR" \
-sslVerify "$(inputs.params.sslVerify)" \
-submodules "$(inputs.params.submodules)" \
-depth "$(inputs.params.depth)"
cd "$CHECKOUT_DIR"
RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')"
EXIT_CODE="$?"
if [ "$EXIT_CODE" != 0 ]
then
exit $EXIT_CODE
fi
# Make sure we don't add a trailing newline to the result!
echo -n "$RESULT_SHA" > $(results.commit.path)
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-and-push
spec:
params:
- name: context
description: The path to the build context, used by Kaniko - within the workspace
default: .
type: string
- name: image-name
description: dockerhub url
type: string
- name: version
description: image-version (for instance latest or beta)
type: string
workspaces:
- name: source
mountpath: /source
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- "--dockerfile=/source/$(params.context)/dockerfile"
- "--destination=beppev/$(params.image-name):$(params.version)"
- "--context=/source/$(params.context)/"
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: execute-yaml
#namespace: stage-tekton-pipeline
spec:
params:
- name: yaml-location
default: deploy.yaml
- name: command
default: apply
workspaces:
- name: source
mountpath: /source
steps:
- name: deploy-new-app
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "$(params.command)"
- "-f"
- "/source/$(params.yaml-location)"
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: application-pipeline
#namespace: stage-tekton-pipeline
spec:
params:
- name: git-url
description: url of the github repository to clone
- name: branch
description: name of the master branch of the repository
workspaces:
- name: workspace-master
- name: workspace-experimental
tasks:
- name: clone-master
taskRef:
name: git-clone
workspaces:
- name: output
workspace: workspace-master
params:
- name: url
value: $(inputs.params.git-url)
- name: revision
value: $(inputs.params.master-branch)
- name: build-and-push-a
taskRef:
name: build-and-push
runAfter:
- clone-master
workspaces:
- name: source
workspace: workspace-master
params:
- name: context
value: "server-a"
- name: image-name
value: "server-a"
- name: version
value: "$(inputs.params.master-branch)"
- name: build-and-push-b-stable
taskRef:
name: build-and-push
runAfter:
- clone-master
workspaces:
- name: source
workspace: workspace-master
params:
- name: context
value: "server-b"
- name: image-name
value: "server-b"
- name: version
value: "$(inputs.params.master-branch)"
- name: build-and-push-d
taskRef:
name: build-and-push
runAfter:
- clone-master
workspaces:
- name: source
workspace: workspace-master
params:
- name: context
value: "server-d"
- name: image-name
value: "server-d"
- name: version
value: "$(inputs.params.master-branch)"
- name: clone-experimental
taskRef:
name: git-clone
workspaces:
- name: output
workspace: workspace-experimental
params:
- name: url
value: $(inputs.params.git-url)
- name: revision
value: $(inputs.params.experimental-branch)
- name: build-and-push-b-experimental
taskRef:
name: build-and-push
workspaces:
- name: source
workspace: workspace-experimental
runAfter:
- clone-experimental
params:
- name: context
value: "server-b"
- name: image-name
value: "server-b"
- name: version
value: "$(inputs.params.experimental-branch)"
- name: deploy-infra
taskRef:
name: execute-yaml
workspaces:
- name: source
workspace: workspace-master
runAfter:
- build-and-push-b-experimental
- build-and-push-d
- build-and-push-a
- build-and-push-b-stable
params:
- name: yaml-location
value: "infra.yaml"
- name: execute-yaml #@TODO make it so that the delete can be skipped if error
taskRef:
name: execute-yaml
workspaces:
- name: source
workspace: workspace-master
runAfter:
- deploy-infra

141
manifests/github-event-listener.yaml
View File

@@ -1,141 +0,0 @@
# 1 trigger binding wordt geconfigureerd, en dan worden meerdere trigger templates aangemaakt
# voor de verschillende service mesh types. Op deze manier moet ik niet elke keer een aparte pipeline aanmaken per service mesh type. Het nadeel hieraan is dat dan elke keer elke pipeline gerunned wordt, maar uiteindelijk maakt dit niet veel uit zolang de deploy.yaml files leeg zijn wanneer de commits door gaan
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-trigger-binding
#namespace: stage-tekton-pipeline
spec:
params:
- name: gitrevision
value: $(body.repository.default_branch)
- name: gitrepositoryurl
value: $(body.repository.clone_url)
# - name: prurl
# value: $(body.pull_request.html_url)
# - name: repo
# value: $(body.pull_request.base.repo.full_name)
# - name: source
# value: github
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: workspace-pvc-master
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: workspace-pvc-experimental
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-trigger-template
#namespace: stage-tekton-pipeline
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
#namespace: stage-tekton-pipeline
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline #gebruik dit om de pipeline aan te passen naar andere versies, zolang ze zich in dezelfde #namespace bevinden kunnen we deze pipeline hergebruiken om deployments op de cluster uit te voeren. service-mesh agnostisch.
workspaces:
- name: workspace-master
persistentVolumeClaim:
claimName: workspace-pvc-master
- name: workspace-experimental
persistentVolumeClaim:
claimName: workspace-pvc-experimental
params:
- name: git-url
value: $(inputs.params.gitrepositoryurl)
- name: branch
value: $(inputs.params.gitrevision)
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-trigger-role
rules:
- apiGroups:
- "extensions"
- "tekton.dev"
- ""
resources:
- ingresses
- eventlisteners
- triggerbindings
- triggertemplates
- configmaps
- secrets
- pipelineruns
- pipelineresources
- taskruns
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
verbs:
- create
- get
- list
- delete
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tekton-trigger-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-trigger-role
subjects:
- kind: ServiceAccount
name: service-acc
namespace: default
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-event-listener
spec:
serviceAccountName: service-acc
triggers:
- name: github
# interceptors:
# - github:
# eventTypes:
# - pull_request
# - push
bindings:
- name: github-trigger-binding
template:
name: github-trigger-template

261
manifests/github-webhook-setup.yaml
View File

@@ -1,261 +0,0 @@
# MAKE SURE TO SET UP SECRETS.YAML BEFORE EXAMPLE:
#
# this sets up webhooks for github. you can also do this manually in web gui
#
#
#
# apiVersion: v1
# kind: Secret
# metadata:
# name: webhook-secret
# #namespace: stage-tekton-pipeline
# stringData:
# token: GITHUBTOKEN
# secret: random-string-data
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-webhook
#namespace: stage-tekton-pipeline
spec:
volumes:
- name: github-secret
secret:
secretName: $(inputs.params.GitHubSecretName)
inputs:
params:
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
- name: GitHubUser
description: "The GitHub user"
- name: GitHubRepo
description: "The GitHub repo where the webhook will be created"
- name: GitHubOrg
description: "The GitHub organization where the webhook will be created"
- name: GitHubSecretName
description: "The Secret name for GitHub access token. This is always mounted and must exist"
- name: GitHubAccessTokenKey
description: "The GitHub access token key name"
- name: GitHubSecretStringKey
description: "The GitHub secret string key name"
- name: GitHubDomain
description: "The GitHub domain. Override for GitHub Enterprise"
default: "github.com"
- name: WebhookEvents
description: "List of events the webhook will send notifications for"
default: '[\"push\",\"pull_request\"]'
steps:
- name: create-webhook
image: pstauffer/curl:latest
volumeMounts:
- name: github-secret
mountPath: /var/secret
command:
- sh
args:
- -ce
- |
set -e
echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-repo-webhook
#namespace: stage-tekton-pipeline
spec:
taskRef:
name: create-webhook
inputs:
params:
- name: GitHubOrg
value: "beppevanrolleghem"
- name: GitHubUser
value: "beppevanrolleghem"
- name: GitHubRepo
value: "cicdTest"
- name: GitHubSecretName
value: webhook-secret
- name: GitHubAccessTokenKey
value: token
- name: GitHubSecretStringKey
value: secret
- name: ExternalDomain
value: "ingress.llocal.host"
timeout: 1000s
serviceAccountName: service-acc
---
apiVersion: v1
kind: Service
metadata:
name: manual-service
spec:
ports:
- name: http-listener
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/managed-by: EventListener
app.kubernetes.io/part-of: Triggers
eventlistener: github-event-listener
type: LoadBalancer
# ---
# apiVersion: tekton.dev/v1alpha1
# kind: Task
# metadata:
# name: create-ingress
# #namespace: stage-tekton-pipeline
# spec:
# volumes:
# - name: work
# emptyDir: {}
# inputs:
# params:
# - name: CreateCertificate
# description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
# default: "true"
# - name: CertificateKeyPassphrase
# description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
# - name: CertificateSecretName
# description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
# - name: ExternalDomain
# description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
# - name: Service
# description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
# - name: ServicePort
# description: "The service port that the ingress is being created on"
# - name: ServiceUID
# description: "The uid of the service. If set, this creates an owner reference on the service"
# default: ""
# steps:
# - name: generate-certificate
# image: frapsoft/openssl
# volumeMounts:
# - name: work
# mountPath: /var/tmp/work
# command:
# - sh
# args:
# - -ce
# - |
# set -e
# cat <<EOF | sh
# #!/bin/sh
# if [ $(inputs.params.CreateCertificate) = "false" ];then
# exit 0
# fi
# mkdir /var/tmp/work/ingress
# openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
# openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
# openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
# EOF
# - name: create-certificate-secret
# image: lachlanevenson/k8s-kubectl:latest
# volumeMounts:
# - name: work
# mountPath: /var/tmp/work
# command:
# - sh
# args:
# - -ce
# - |
# set -e
# cat <<EOF | sh
# #!/bin/sh
# if [ $(inputs.params.CreateCertificate) = "false" ];then
# exit 0
# fi
# kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
# EOF
# - name: create-ingress
# image: lachlanevenson/k8s-kubectl:latest
# command:
# - sh
# args:
# - -ce
# - |
# set -e
# if [ -n "$(inputs.params.ServiceUID)" ];then
# cat <<EOF | kubectl create -f - || true
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
# name: $(inputs.params.Service)
# #namespace: stage-tekton-pipeline
# ownerReferences:
# - name: $(inputs.params.Service)
# apiVersion: v1
# kind: Service
# uid: $(inputs.params.ServiceUID)
# spec:
# tls:
# - secretName: $(inputs.params.CertificateSecretName)
# hosts:
# - $(inputs.params.ExternalDomain)
# rules:
# - host: $(inputs.params.ExternalDomain)
# http:
# paths:
# - backend:
# serviceName: $(inputs.params.Service)
# servicePort: $(inputs.params.ServicePort)
# EOF
# else
# cat <<EOF | kubectl create -f - || true
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
# name: $(inputs.params.Service)
# #namespace: stage-tekton-pipeline
# spec:
# tls:
# - secretName: $(inputs.params.CertificateSecretName)
# hosts:
# - $(inputs.params.ExternalDomain)
# rules:
# - host: $(inputs.params.ExternalDomain)
# http:
# paths:
# - backend:
# serviceName: $(inputs.params.Service)
# servicePort: $(inputs.params.ServicePort)
# EOF
# fi
# ---
# apiVersion: tekton.dev/v1alpha1
# kind: TaskRun
# metadata:
# name: create-ingress-run
# #namespace: stage-tekton-pipeline
# spec:
# taskRef:
# name: create-ingress
# inputs:
# params:
# - name: CreateCertificate
# value: "true"
# - name: CertificateKeyPassphrase
# value: asecretphrase
# - name: CertificateSecretName
# value: ingresssecret
# - name: ExternalDomain
# value: "ingress.llocal.host:31040"
# - name: Service
# value: el-github-event-listener
# - name: ServicePort
# value: "8080"
# timeout: 1000s
# serviceAccountName: service-acc

16
manifests/pipeline-run.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental

83
manifests/pipeline/pipeline.yaml
View File

@@ -1,83 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: application-pipeline
namespace: tekton-pipeline-istio-project-1
spec:
resources:
- name: git-master
type: git
- name: git-experimental
type: git
tasks:
- name: build-and-push-a
taskRef:
name: build-and-push
params:
- name: context
value: "serverA"
- name: image-name
value: "server-a"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-b-stable
taskRef:
name: build-and-push
runAfter:
- build-and-push-a
params:
- name: context
value: "serverB"
- name: image-name
value: "server-b"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-b-experimental
taskRef:
name: build-and-push
runAfter:
- build-and-push-b-stable
params:
- name: context
value: "serverB"
- name: image-name
value: "server-b"
- name: version
value: "experimental"
resources:
inputs:
- name: git-source
resource: git-experimental
- name: build-and-push-d
taskRef:
name: build-and-push
runAfter:
- build-and-push-b-experimental
params:
- name: context
value: "serverD"
- name: image-name
value: "server-d"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: deploy-application
taskRef:
name: deploy-application
runAfter:
- build-and-push-d
resources:
inputs:
- name: git-source
resource: git-master

29
manifests/resources/cluster-role.yaml
View File

@@ -1,29 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-creation
rules:
- apiGroups:
- ""
- "apps"
- "deploy"
- "networking.istio.io"
resources:
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
- destinationrules
- gateways
- virtualservices
verbs:
- list
- watch
- get
- create
- update
- patch
- delete

26
manifests/resources/git.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-master
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: master
- name: url
value: git://github.com/beppevanrolleghem/cicdTest
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-experimental
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: experimental
- name: url
value: git://github.com/beppevanrolleghem/cicdTest

31
manifests/tasks/build-and-push.yaml
View File

@@ -1,31 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-and-push
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
params:
- name: context
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: image-name
description: dockerhub url
- name: version
description: image-version (for instance latest or beta)
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- "--dockerfile=$(inputs.resources.git-source.path)/$(inputs.params.context)/dockerfile"
- "--destination=beppev/$(inputs.params.image-name):$(inputs.params.version)"
- "--context=$(inputs.resources.git-source.path)/$(inputs.params.context)/"

26
manifests/tasks/deploy-application.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: deploy-application
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
steps:
- name: delete-old-deployment
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "delete"
- "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml"
- name: deploy-new-app
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "apply"
- "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml"

19
manifests/test.yaml
View File

@@ -1,19 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: getting-started
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: getting-started-listener
namespace: getting-started
spec:
serviceAccountName: tekton-triggers-admin
triggers:
- bindings:
- name: getting-started-pipelinebinding
template:
name: getting-started-triggertemplate

12
manifests/triggers/event-listener.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-event-listener
spec:
serviceAccountName: service-acc
triggers:
- binding:
name: github-trigger-binding
template:
name: github-trigger-template

18
manifests/triggers/trigger-binding.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-trigger-binding
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
value: $(body.pull_request.head.sha)
- name: gitrepositoryurl
value: $(body.pull_request.head.repo.clone_url)
- name: prurl
value: $(body.pull_request.html_url)
- name: repo
value: $(body.pull_request.base.repo.full_name)
- name: source
value: github

30
manifests/triggers/trigger-template.yaml
View File

@@ -1,30 +0,0 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-trigger-template
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental