From f8898596f2c83fae7c63db3449f24426c68d4aa7 Mon Sep 17 00:00:00 2001 From: Beppe Vanrolleghem Date: Thu, 12 Mar 2020 07:25:45 +0100 Subject: [PATCH] HLEP --- deploy.yaml | 548 +++++++++++++-------------- manifests/full-pipeline.yaml | 19 +- manifests/github-event-listener.yaml | 62 +-- manifests/github-webhook-setup.yaml | 154 +++++++- testing-deploy.yaml | 274 ++++++++++++++ 5 files changed, 720 insertions(+), 337 deletions(-) create mode 100644 testing-deploy.yaml diff --git a/deploy.yaml b/deploy.yaml index c41f3be..a27edca 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -1,274 +1,274 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: istio-project-1 - labels: - istio-injection: enabled #zorgt voor auto sidecar injection ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: server-a - namespace: istio-project-1 -spec: - replicas: 1 - selector: - matchLabels: - server: "http" - app: "project-1" #app label bepaald groepering pods in kiali dashboard dus makkelijker te gebruiken - expose: "true" - template: - metadata: - labels: - server: "http" - app: "project-1" - expose: "true" - spec: - containers: - - name: front-end - image: beppev/server-a:master - imagePullPolicy: "Always" - ports: - - containerPort: 5000 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: server-b - namespace: istio-project-1 -spec: - replicas: 1 - selector: - matchLabels: - server: "http" - app: "project-1" - version: v1 - backend: "true" - template: - metadata: - labels: - server: "http" - app: "project-1" - version: v1 - backend: "true" - spec: - containers: - - name: front-end - image: beppev/server-b:master - imagePullPolicy: "Always" - ports: - - containerPort: 6000 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: server-b-test - namespace: istio-project-1 -spec: - replicas: 1 - selector: - matchLabels: - server: "http" - app: "project-1" - version: v2 - backend: "true" - template: - metadata: - labels: - server: "http" - app: "project-1" - version: v2 - backend: "true" - spec: - containers: - - name: front-end - image: beppev/server-b:experimental - imagePullPolicy: "Always" - ports: - - containerPort: 6000 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: server-d - namespace: istio-project-1 -spec: - replicas: 1 - selector: - matchLabels: - app: "project-1" - mirror: "true" - template: - metadata: - labels: - app: "project-1" - mirror: "true" - spec: - containers: - - name: front-end - image: beppev/server-d:master - ports: - - containerPort: 6000 ---- -apiVersion: v1 -kind: Service -metadata: - name: mirror-service - namespace: istio-project-1 - labels: - app: "project-1" -spec: - selector: - mirror: "true" - ports: - - name: http - protocol: TCP - port: 6000 ---- -apiVersion: v1 -kind: Service -metadata: - name: server-check - namespace: istio-project-1 - labels: - app: "project-1" -spec: - selector: - backend: "true" - ports: - - name: http - protocol: TCP - port: 6000 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: server-check-destination - namespace: istio-project-1 - labels: - app: "project-1" -spec: - host: server-check - subsets: - - name: v1 - labels: - version: v1 - - name: v2 - labels: - version: v2 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: expose-server-gateway - namespace: istio-project-1 - labels: - app: "project-1" -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" ---- -apiVersion: v1 -kind: Service -metadata: - name: expose-server-service - namespace: istio-project-1 - labels: - app: "project-1" -spec: - ports: - - name: http - port: 5000 - protocol: TCP - selector: - expose: "true" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: expose-server-vservice - namespace: istio-project-1 - labels: - app: "project-1" -spec: - hosts: - - "*" - gateways: - - expose-server-gateway - http: - - match: - - uri: - prefix: /server-a - route: - - destination: - port: - number: 5000 - host: expose-server-service - - match: - - uri: - prefix: /server-d - route: - - destination: - port: - number: 7000 - host: mirror-service ---- # TODO fix gateway zodat we ingress gateway kunnen gebruike ipv de fuken loadbalancer. -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: server-check-gateway - namespace: istio-project-1 - labels: - app: "project-1" -spec: - selector: - expose: "true" - servers: - - port: - number: 6000 - name: http - protocol: HTTP - hosts: - - "*" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: server-check-service - namespace: istio-project-1 - labels: - app: "project-1" -spec: - hosts: - - "*" - gateways: - - expose-server-gateway - tcp: - - match: - - port: 6000 - route: - - destination: - host: server-check - port: - number: 6000 - subset: v1 - weight: 50 - - destination: - host: server-check - port: - number: 6000 - subset: v2 - weight: 50 - mirror: - host: mirror-service - port: - number: 6000 - mirror_percent: 100 \ No newline at end of file +# --- +# apiVersion: v1 +# kind: Namespace +# metadata: +# name: istio-project-1 +# labels: +# istio-injection: enabled #zorgt voor auto sidecar injection +# --- +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: server-a +# namespace: istio-project-1 +# spec: +# replicas: 1 +# selector: +# matchLabels: +# server: "http" +# app: "project-1" #app label bepaald groepering pods in kiali dashboard dus makkelijker te gebruiken +# expose: "true" +# template: +# metadata: +# labels: +# server: "http" +# app: "project-1" +# expose: "true" +# spec: +# containers: +# - name: front-end +# image: beppev/server-a:master +# imagePullPolicy: "Always" +# ports: +# - containerPort: 5000 +# --- +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: server-b +# namespace: istio-project-1 +# spec: +# replicas: 1 +# selector: +# matchLabels: +# server: "http" +# app: "project-1" +# version: v1 +# backend: "true" +# template: +# metadata: +# labels: +# server: "http" +# app: "project-1" +# version: v1 +# backend: "true" +# spec: +# containers: +# - name: front-end +# image: beppev/server-b:master +# imagePullPolicy: "Always" +# ports: +# - containerPort: 6000 +# --- +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: server-b-test +# namespace: istio-project-1 +# spec: +# replicas: 1 +# selector: +# matchLabels: +# server: "http" +# app: "project-1" +# version: v2 +# backend: "true" +# template: +# metadata: +# labels: +# server: "http" +# app: "project-1" +# version: v2 +# backend: "true" +# spec: +# containers: +# - name: front-end +# image: beppev/server-b:experimental +# imagePullPolicy: "Always" +# ports: +# - containerPort: 6000 +# --- +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: server-d +# namespace: istio-project-1 +# spec: +# replicas: 1 +# selector: +# matchLabels: +# app: "project-1" +# mirror: "true" +# template: +# metadata: +# labels: +# app: "project-1" +# mirror: "true" +# spec: +# containers: +# - name: front-end +# image: beppev/server-d:master +# ports: +# - containerPort: 6000 +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: mirror-service +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# selector: +# mirror: "true" +# ports: +# - name: http +# protocol: TCP +# port: 6000 +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: server-check +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# selector: +# backend: "true" +# ports: +# - name: http +# protocol: TCP +# port: 6000 +# --- +# apiVersion: networking.istio.io/v1alpha3 +# kind: DestinationRule +# metadata: +# name: server-check-destination +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# host: server-check +# subsets: +# - name: v1 +# labels: +# version: v1 +# - name: v2 +# labels: +# version: v2 +# --- +# apiVersion: networking.istio.io/v1alpha3 +# kind: Gateway +# metadata: +# name: expose-server-gateway +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# selector: +# istio: ingressgateway +# servers: +# - port: +# number: 80 +# name: http +# protocol: HTTP +# hosts: +# - "*" +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: expose-server-service +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# ports: +# - name: http +# port: 5000 +# protocol: TCP +# selector: +# expose: "true" +# --- +# apiVersion: networking.istio.io/v1alpha3 +# kind: VirtualService +# metadata: +# name: expose-server-vservice +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# hosts: +# - "*" +# gateways: +# - expose-server-gateway +# http: +# - match: +# - uri: +# prefix: /server-a +# route: +# - destination: +# port: +# number: 5000 +# host: expose-server-service +# - match: +# - uri: +# prefix: /server-d +# route: +# - destination: +# port: +# number: 7000 +# host: mirror-service +# --- # TODO fix gateway zodat we ingress gateway kunnen gebruike ipv de fuken loadbalancer. +# apiVersion: networking.istio.io/v1alpha3 +# kind: Gateway +# metadata: +# name: server-check-gateway +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# selector: +# expose: "true" +# servers: +# - port: +# number: 6000 +# name: http +# protocol: HTTP +# hosts: +# - "*" +# --- +# apiVersion: networking.istio.io/v1alpha3 +# kind: VirtualService +# metadata: +# name: server-check-service +# namespace: istio-project-1 +# labels: +# app: "project-1" +# spec: +# hosts: +# - "*" +# gateways: +# - expose-server-gateway +# tcp: +# - match: +# - port: 6000 +# route: +# - destination: +# host: server-check +# port: +# number: 6000 +# subset: v1 +# weight: 50 +# - destination: +# host: server-check +# port: +# number: 6000 +# subset: v2 +# weight: 50 +# mirror: +# host: mirror-service +# port: +# number: 6000 +# mirror_percent: 100 \ No newline at end of file diff --git a/manifests/full-pipeline.yaml b/manifests/full-pipeline.yaml index c71f631..ebbcbd6 100644 --- a/manifests/full-pipeline.yaml +++ b/manifests/full-pipeline.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: tekton-pipeline-istio-project-1 + name: stage-tekton-pipeline labels: istio-injection: enabled #zorgt voor auto sidecar injection --- @@ -10,7 +10,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: service-acc - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline secrets: - name: regcred --- @@ -24,6 +24,7 @@ rules: - "apps" - "deploy" - "networking.istio.io" +# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren. resources: - pods - serviceaccounts @@ -54,13 +55,13 @@ roleRef: subjects: - kind: ServiceAccount name: service-acc - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline --- apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: name: git-master - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: type: git params: @@ -73,7 +74,7 @@ apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: name: git-experimental - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: type: git params: @@ -86,7 +87,7 @@ apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: build-and-push - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: inputs: resources: @@ -117,7 +118,7 @@ apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: destroy-application - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: inputs: resources: @@ -137,7 +138,7 @@ apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: deploy-application - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: inputs: resources: @@ -156,7 +157,7 @@ apiVersion: tekton.dev/v1alpha1 kind: Pipeline metadata: name: application-pipeline - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: resources: - name: git-master diff --git a/manifests/github-event-listener.yaml b/manifests/github-event-listener.yaml index 5d3a9af..0b71300 100644 --- a/manifests/github-event-listener.yaml +++ b/manifests/github-event-listener.yaml @@ -1,9 +1,11 @@ +# 1 trigger binding wordt geconfigureerd, en dan worden meerdere trigger templates aangemaakt +# voor de verschillende service mesh types. Op deze manier moet ik niet elke keer een aparte pipeline aanmaken per service mesh type. Het nadeel hieraan is dat dan elke keer elke pipeline gerunned wordt, maar uiteindelijk maakt dit niet veel uit zolang de deploy.yaml files leeg zijn wanneer de commits door gaan --- apiVersion: tekton.dev/v1alpha1 kind: TriggerBinding metadata: name: github-trigger-binding - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: params: - name: gitrevision @@ -21,7 +23,7 @@ apiVersion: tekton.dev/v1alpha1 kind: TriggerTemplate metadata: name: github-trigger-template - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: params: - name: gitrevision @@ -34,13 +36,13 @@ spec: kind: PipelineRun metadata: name: application-pipeline-run - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: serviceAccountName: service-acc pipelineRef: - name: application-pipeline + name: application-pipeline #gebruik dit om de pipeline aan te passen naar andere versies, zolang ze zich in dezelfde namespace bevinden kunnen we deze pipeline hergebruiken om deployments op de cluster uit te voeren. service-mesh agnostisch. resources: - - name: git-master + - name: git-master resourceRef: name: git-master - name: git-experimental @@ -51,7 +53,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-trigger-role - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline rules: # Permissions for every EventListener deployment to function - apiGroups: ["tekton.dev"] @@ -69,7 +71,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: tekton-trigger-role-binding - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -77,13 +79,13 @@ roleRef: subjects: - kind: ServiceAccount name: service-acc - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline --- apiVersion: tekton.dev/v1alpha1 kind: EventListener metadata: name: github-event-listener - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: serviceAccountName: service-acc triggers: @@ -92,45 +94,3 @@ spec: template: name: github-trigger-template --- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: expose-event-listener - namespace: tekton-pipeline-istio-project-1 -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 443 - name: http - protocol: HTTP - hosts: - - "*" - - port: - number: 80 - name: http2 - protocol: HTTP - hosts: - - "*" - - port: - number: 8080 - name: http3 - protocol: HTTP - hosts: - - "*" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: link-gateway-listener - namespace: tekton-pipeline-istio-project-1 -spec: - hosts: - - "*" - gateways: - - expose-event-listener - http: - - route: - - destination: - host: el-github-event-listener \ No newline at end of file diff --git a/manifests/github-webhook-setup.yaml b/manifests/github-webhook-setup.yaml index 6feed67..1e6ade3 100644 --- a/manifests/github-webhook-setup.yaml +++ b/manifests/github-webhook-setup.yaml @@ -8,7 +8,7 @@ # kind: Secret # metadata: # name: webhook-secret -# namespace: tekton-pipeline-istio-project-1 +# namespace: stage-tekton-pipeline # stringData: # token: GITHUBTOKEN # secret: random-string-data @@ -17,7 +17,7 @@ apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: create-webhook - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: volumes: - name: github-secret @@ -69,7 +69,7 @@ apiVersion: tekton.dev/v1alpha1 kind: TaskRun metadata: name: create-repo-webhook - namespace: tekton-pipeline-istio-project-1 + namespace: stage-tekton-pipeline spec: taskRef: name: create-webhook @@ -91,3 +91,151 @@ spec: value: 35.233.93.220 timeout: 1000s serviceAccountName: service-acc + +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: create-ingress + namespace: stage-tekton-pipeline +spec: + volumes: + - name: work + emptyDir: {} + + inputs: + params: + - name: CreateCertificate + description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)" + default: "true" + - name: CertificateKeyPassphrase + description: "Phrase that protects private key. This must be provided when the self-signed certificate is created" + - name: CertificateSecretName + description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled" + - name: ExternalDomain + description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`" + - name: Service + description: "The name of the Service used in the Ingress. This will also be the name of the Ingress." + - name: ServicePort + description: "The service port that the ingress is being created on" + - name: ServiceUID + description: "The uid of the service. If set, this creates an owner reference on the service" + default: "" + + steps: + - name: generate-certificate + image: frapsoft/openssl + volumeMounts: + - name: work + mountPath: /var/tmp/work + command: + - sh + args: + - -ce + - | + set -e + cat <