housekeeping

manifests/Tekton/pipeline/pipeline.yaml

@@ -0,0 +1,120 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: application-pipeline
+  #namespace: stage-tekton-pipeline
+spec:
+  params:
+    - name: git-url
+      description: url of the github repository to clone
+    - name: branch
+      description: name of the master branch of the repository
+  workspaces:
+    - name: workspace-master
+    - name: workspace-experimental
+  tasks:
+    - name: clone-master
+      taskRef: 
+        name: git-clone
+      workspaces:
+        - name: output
+          workspace: workspace-master
+      params:
+        - name: url
+          value: $(inputs.params.git-url)
+        - name: revision
+          value: $(inputs.params.master-branch)
+    - name: build-and-push-a
+      taskRef:
+        name: build-and-push
+      runAfter:
+        - clone-master
+      workspaces:
+        - name: source
+          workspace: workspace-master
+      params:
+        - name: context
+          value: "server-a"
+        - name: image-name
+          value: "server-a"
+        - name: version
+          value: "$(inputs.params.master-branch)"
+    - name: build-and-push-b-stable
+      taskRef:
+        name: build-and-push
+      runAfter:
+        - clone-master
+      workspaces:
+        - name: source
+          workspace: workspace-master
+      params:
+        - name: context
+          value: "server-b"
+        - name: image-name
+          value: "server-b"
+        - name: version
+          value: "$(inputs.params.master-branch)"
+    - name: build-and-push-d
+      taskRef:
+        name: build-and-push
+      runAfter:
+        - clone-master
+      workspaces:
+        - name: source
+          workspace: workspace-master
+      params:
+        - name: context
+          value: "server-d"
+        - name: image-name
+          value: "server-d"
+        - name: version
+          value: "$(inputs.params.master-branch)"
+    - name: clone-experimental
+      taskRef: 
+        name: git-clone
+      workspaces:
+        - name: output
+          workspace: workspace-experimental
+      params:
+        - name: url
+          value: $(inputs.params.git-url)
+        - name: revision
+          value: $(inputs.params.experimental-branch)
+    - name: build-and-push-b-experimental
+      taskRef:
+        name: build-and-push
+      workspaces:
+        - name: source
+          workspace: workspace-experimental
+      runAfter:
+        - clone-experimental
+      params:
+        - name: context
+          value: "server-b"
+        - name: image-name
+          value: "server-b"
+        - name: version
+          value: "$(inputs.params.experimental-branch)"
+    - name: deploy-infra
+      taskRef:
+        name: execute-yaml
+      workspaces:
+        - name: source
+          workspace: workspace-master
+      runAfter:
+        - build-and-push-b-experimental
+        - build-and-push-d
+        - build-and-push-a
+        - build-and-push-b-stable
+      params:
+        - name: yaml-location
+          value: "infra.yaml"
+    - name: execute-yaml #@TODO make it so that the delete can be skipped if error
+      taskRef:
+        name: execute-yaml
+      workspaces:
+        - name: source
+          workspace: workspace-master
+      runAfter:
+        - deploy-infra

manifests/Tekton/resources/create-repo-webhook.yaml

@@ -0,0 +1,28 @@
+---
+# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  name: create-repo-webhook
+  namespace: tekton-pipeline-istio-project-1
+spec:
+  taskRef:
+    name: create-webhook
+  inputs:
+    params:
+    - name: GitHubOrg
+      value: "beppevanrolleghem"
+    - name: GitHubUser
+      value: "beppevanrolleghem"
+    - name: GitHubRepo
+      value: "cicdTest"
+    - name: GitHubSecretName
+      value: webhook-secret
+    - name: GitHubAccessTokenKey
+      value: token
+    - name: GitHubSecretStringKey
+      value: secret
+    - name: ExternalDomain
+      value: 35.233.93.220
+  timeout: 1000s
+  serviceAccount: tekton-triggers-createwebhook

manifests/Tekton/resources/create-webhook.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: create-webhook
+  namespace: tekton-pipeline-istio-project-1
+spec:
+  volumes:
+  - name: github-secret
+    secret:
+      secretName: $(inputs.params.GitHubSecretName)
+  inputs:
+    params:
+    - name: ExternalDomain
+      description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
+    - name: GitHubUser
+      description: "The GitHub user"
+    - name: GitHubRepo
+      description: "The GitHub repo where the webhook will be created"
+    - name: GitHubOrg
+      description: "The GitHub organization where the webhook will be created"
+    - name: GitHubSecretName
+      description: "The Secret name for GitHub access token. This is always mounted and must exist"
+    - name: GitHubAccessTokenKey
+      description: "The GitHub access token key name"
+    - name: GitHubSecretStringKey
+      description: "The GitHub secret string key name"
+    - name: GitHubDomain
+      description: "The GitHub domain. Override for GitHub Enterprise"
+      default: "github.com"
+    - name: WebhookEvents
+      description: "List of events the webhook will send notifications for"
+      default: '[\"push\",\"pull_request\"]'
+  steps:
+  - name: create-webhook
+    image: pstauffer/curl:latest
+    volumeMounts:
+    - name: github-secret
+      mountPath: /var/secret
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      echo "Create Webhook"
+      if [ $(inputs.params.GitHubDomain) = "github.com" ];then
+        curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      else
+        curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      fi

manifests/Tekton/resources/experimental-pvc.yaml

@@ -0,0 +1,12 @@
+
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: workspace-pvc-experimental
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi

manifests/Tekton/resources/master-pvc.yaml

@@ -0,0 +1,12 @@
+
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: master-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi

manifests/Tekton/resources/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tekton-pipeline-istio-project-1
+  labels:
+    istio-injection: enabled #zorgt voor auto sidecar injection

manifests/Tekton/resources/secrets.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github-secret
+  namespace: tekton-pipeline-istio-project-1
+stringData:
+  token: GITHUBSECRETTOKEN
+  secret: random-string-data

manifests/Tekton/runs/pipeline/pipelineRun.yaml

@@ -0,0 +1,16 @@
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineRun
+metadata:
+  name: application-pipeline-run
+  namespace: tekton-pipeline-istio-project-1
+spec:
+  serviceAccountName: service-acc
+  pipelineRef:
+    name: application-pipeline
+  resources:
+    - name: git-master
+      resourceRef:
+        name: git-master
+    - name: git-experimental
+      resourceRef:
+        name: git-experimental

manifests/Tekton/runs/task/create-repo-webhook.yaml

@@ -0,0 +1,28 @@
+---
+# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  name: create-repo-webhook
+  #namespace: stage-tekton-pipeline
+spec:
+  taskRef:
+    name: create-webhook
+  inputs:
+    params:
+    - name: GitHubOrg
+      value: "beppevanrolleghem"
+    - name: GitHubUser
+      value: "beppevanrolleghem"
+    - name: GitHubRepo
+      value: "cicdTest"
+    - name: GitHubSecretName
+      value: webhook-secret
+    - name: GitHubAccessTokenKey
+      value: token
+    - name: GitHubSecretStringKey
+      value: secret
+    - name: ExternalDomain
+      value: "ingress.llocal.host"
+  timeout: 1000s
+  serviceAccountName: service-acc

manifests/Tekton/service-accounts/cluster-role-binding.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: allow-creation-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: allow-creation
+subjects:
+  - kind: ServiceAccount
+    name: service-acc
+    namespace: default

manifests/Tekton/service-accounts/cluster-role.yaml

@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: allow-creation
+rules:
+  - apiGroups:
+      - ""
+      - "apps"
+      - "deploy"
+      - "rbac.authorization.k8s.io"
+      - "networking.k8s.io"
+      - "extensions"
+      - "tekton.dev"
+# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren.
+    resources:
+      - pods
+      - serviceaccounts
+      - namespaces
+      - services
+      - deployments
+      - deployments.apps
+      - clusterroles
+      - roles
+      - clusterrolebindings
+      - rolebindings
+      - ingresses
+      - eventlisteners
+      - triggerbindings
+      - triggertemplates
+      - configmaps
+      - secrets
+      - pipelineruns
+      - pipelineresources
+      - taskruns
+    verbs:
+      - list
+      - watch
+      - get
+      - create
+      - update
+      - patch
+      - delete

manifests/Tekton/service-accounts/service-account.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: service-acc
+secrets:
+  - name: regcred #docker registry credentials

manifests/Tekton/tasks/build-and-push.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: build-and-push
+spec:
+  params:
+  - name: context
+    description: The path to the build context, used by Kaniko - within the workspace
+    default: .
+    type: string
+  - name: image-name
+    description: dockerhub url
+    type: string
+  - name: version
+    description: image-version (for instance latest or beta)
+    type: string
+  workspaces:
+  - name: source
+    mountpath: /source
+  steps:
+    - name: build-and-push
+      image: gcr.io/kaniko-project/executor
+      env:
+        - name: "DOCKER_CONFIG"
+          value: "/tekton/home/.docker/"
+      command:
+        - /kaniko/executor
+      args:
+        - "--dockerfile=/source/$(params.context)/dockerfile"
+        - "--destination=beppev/$(params.image-name):$(params.version)"
+        - "--context=/source/$(params.context)/"

manifests/Tekton/tasks/create-webhook.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: create-webhook
+  #namespace: stage-tekton-pipeline
+spec:
+  volumes:
+  - name: github-secret
+    secret:
+      secretName: $(inputs.params.GitHubSecretName)
+  inputs:
+    params:
+    - name: ExternalDomain
+      description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
+    - name: GitHubUser
+      description: "The GitHub user"
+    - name: GitHubRepo
+      description: "The GitHub repo where the webhook will be created"
+    - name: GitHubOrg
+      description: "The GitHub organization where the webhook will be created"
+    - name: GitHubSecretName
+      description: "The Secret name for GitHub access token. This is always mounted and must exist"
+    - name: GitHubAccessTokenKey
+      description: "The GitHub access token key name"
+    - name: GitHubSecretStringKey
+      description: "The GitHub secret string key name"
+    - name: GitHubDomain
+      description: "The GitHub domain. Override for GitHub Enterprise"
+      default: "github.com"
+    - name: WebhookEvents
+      description: "List of events the webhook will send notifications for"
+      default: '[\"push\",\"pull_request\"]'
+  steps:
+  - name: create-webhook
+    image: pstauffer/curl:latest
+    volumeMounts:
+    - name: github-secret
+      mountPath: /var/secret
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      echo "Create Webhook"
+      if [ $(inputs.params.GitHubDomain) = "github.com" ];then
+        curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      else
+        curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      fi

manifests/Tekton/tasks/execute-yaml.yaml

@@ -0,0 +1,24 @@
+
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: execute-yaml
+  #namespace: stage-tekton-pipeline
+spec:
+  params:
+    - name: yaml-location
+      default: deploy.yaml
+    - name: command
+      default: apply
+  workspaces:
+    - name: source
+      mountpath: /source
+  steps:
+    - name: deploy-new-app
+      image: lachlanevenson/k8s-kubectl
+      command: ["kubectl"]
+      args:
+        - "$(params.command)"
+        - "-f"
+        - "/source/$(params.yaml-location)"

manifests/Tekton/tasks/git-clone.yaml

@@ -0,0 +1,72 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: git-clone
+spec:
+  workspaces:
+    - name: output
+      description: workspace the repo will be cloned into
+  params:
+    - name: url
+      description: git url to clone
+      type: string
+    - name: revision
+      description: git revision to checkout (branch, tag, sha, ref…)
+      type: string
+      default: master
+    - name: submodules
+      description: defines if the resource should initialize and fetch the submodules
+      type: string
+      default: "true"
+    - name: depth
+      description: performs a shallow clone where only the most recent commit(s) will be fetched
+      type: string
+      default: "1"
+    - name: sslVerify
+      description: defines if http.sslVerify should be set to true or false in the global git config
+      type: string
+      default: "true"
+    - name: subdirectory
+      description: subdirectory inside the "output" workspace to clone the git repo into
+      type: string
+      default: "src"
+    - name: deleteExisting
+      description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there
+      type: string
+      default: "true"
+  results:
+    - name: commit
+      description: The precise commit SHA that was fetched by this Task
+  steps:
+    - name: clone
+      image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest
+      script: |
+        CHECKOUT_DIR="$(workspaces.output.path)"
+        cleandir() {
+          if [[ -d "$CHECKOUT_DIR" ]] ; then
+            rm -rf "$CHECKOUT_DIR"/*
+            rm -rf "$CHECKOUT_DIR"/.[!.]*
+            rm -rf "$CHECKOUT_DIR"/..?*
+          fi
+        }
+        if [[ "$(inputs.params.deleteExisting)" == "true" ]] ; then
+          cleandir
+          ls -lah "$CHECKOUT_DIR"
+        fi
+        /ko-app/git-init \
+          -url "$(inputs.params.url)" \
+          -revision "$(inputs.params.revision)" \
+          -path "$CHECKOUT_DIR" \
+          -sslVerify "$(inputs.params.sslVerify)" \
+          -submodules "$(inputs.params.submodules)" \
+          -depth "$(inputs.params.depth)"
+        cd "$CHECKOUT_DIR"
+        RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')"
+        EXIT_CODE="$?"
+        if [ "$EXIT_CODE" != 0 ]
+        then
+          exit $EXIT_CODE
+        fi
+        # Make sure we don't add a trailing newline to the result!
+        echo -n "$RESULT_SHA" > $(results.commit.path)

manifests/Tekton/triggers/event-listener.yaml

@@ -0,0 +1,36 @@
+
+---
+apiVersion: tekton.dev/v1alpha1
+kind: EventListener
+metadata:
+  name: github-event-listener
+spec:
+  serviceAccountName: service-acc
+  triggers:
+    - name: github
+      # interceptors:
+      #   - github:
+      #       eventTypes:
+      #         - pull_request
+      #         - push
+      bindings:
+        - name: github-trigger-binding
+      template:
+        name: github-trigger-template
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: manual-service
+spec:
+  ports:
+  - name: http-listener
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app.kubernetes.io/managed-by: EventListener
+    app.kubernetes.io/part-of: Triggers
+    eventlistener: github-event-listener
+  type: LoadBalancer

manifests/Tekton/triggers/trigger-binding.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: TriggerBinding
+metadata:
+  name: github-trigger-binding
+  #namespace: stage-tekton-pipeline
+spec:
+  params:
+  - name: gitrevision
+    value: $(body.repository.default_branch)
+  - name: gitrepositoryurl
+    value: $(body.repository.clone_url)
+  # - name: prurl
+  #   value: $(body.pull_request.html_url)
+  # - name: repo
+  #   value: $(body.pull_request.base.repo.full_name)
+  # - name: source
+  #   value: github

manifests/Tekton/triggers/trigger-template.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+  name: github-trigger-template
+  #namespace: stage-tekton-pipeline
+spec:
+  params:
+    - name: gitrevision
+      description: The git revision
+      default: master
+    - name: gitrepositoryurl
+      description: The git repository url
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1alpha1
+      kind: PipelineRun
+      metadata:
+        name: application-pipeline-run
+        #namespace: stage-tekton-pipeline
+      spec:
+        serviceAccountName: service-acc
+        pipelineRef:
+          name: application-pipeline #gebruik dit om de pipeline aan te passen naar andere versies, zolang ze zich in dezelfde #namespace bevinden kunnen we deze pipeline hergebruiken om deployments op de cluster uit te voeren. service-mesh agnostisch. 
+        workspaces:
+        - name: workspace-master
+          persistentVolumeClaim:
+            claimName: workspace-pvc-master
+        - name: workspace-experimental
+          persistentVolumeClaim:
+            claimName: workspace-pvc-experimental
+        params:
+          - name: git-url
+            value: $(inputs.params.gitrepositoryurl)
+          - name: branch
+            value: $(inputs.params.gitrevision)