# --- # apiVersion: v1 # kind: #namespace # metadata: # name: stage-tekton-pipeline # labels: # istio-injection: enabled #zorgt voor auto sidecar injection --- apiVersion: v1 kind: ServiceAccount metadata: name: service-acc #namespace: stage-tekton-pipeline secrets: - name: regcred --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: allow-creation rules: - apiGroups: - "" - "apps" - "deploy" - "networking.istio.io" # deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren. resources: - pods - serviceaccounts - namespaces - services - deployments - deployments.apps - destinationrules - gateways - virtualservices verbs: - list - watch - get - create - update - patch - delete --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: allow-creation-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: allow-creation subjects: - kind: ServiceAccount name: service-acc namespace: default --- # TODO add git clone task apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: git-clone spec: workspaces: - name: output description: The git repo will be cloned onto the volume backing this workspace params: - name: url description: git url to clone type: string - name: revision description: git revision to checkout (branch, tag, sha, ref…) type: string default: master - name: submodules description: defines if the resource should initialize and fetch the submodules type: string default: "true" - name: depth description: performs a shallow clone where only the most recent commit(s) will be fetched type: string default: "1" - name: sslVerify description: defines if http.sslVerify should be set to true or false in the global git config type: string default: "true" - name: subdirectory description: subdirectory inside the "output" workspace to clone the git repo into type: string default: "src" - name: deleteExisting description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there type: string default: "true" results: - name: commit description: The precise commit SHA that was fetched by this Task steps: - name: clone image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest script: | CHECKOUT_DIR="$(workspaces.output.path)/$(inputs.params.subdirectory)" cleandir() { # Delete any existing contents of the repo directory if it exists. # # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/" # or the root of a mounted volume. if [[ -d "$CHECKOUT_DIR" ]] ; then # Delete non-hidden files and directories rm -rf "$CHECKOUT_DIR"/* # Delete files and directories starting with . but excluding .. rm -rf "$CHECKOUT_DIR"/.[!.]* # Delete files and directories starting with .. plus any other character rm -rf "$CHECKOUT_DIR"/..?* fi } if [[ "$(inputs.params.deleteExisting)" == "true" ]] ; then cleandir ls -lah "$CHECKOUT_DIR" fi /ko-app/git-init \ -url "$(inputs.params.url)" \ -revision "$(inputs.params.revision)" \ -path "$CHECKOUT_DIR" \ -sslVerify "$(inputs.params.sslVerify)" \ -submodules "$(inputs.params.submodules)" \ -depth "$(inputs.params.depth)" cd "$CHECKOUT_DIR" RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" EXIT_CODE="$?" if [ "$EXIT_CODE" != 0 ] then exit $EXIT_CODE fi # Make sure we don't add a trailing newline to the result! echo -n "$RESULT_SHA" > $(results.commit.path) --- apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: build-and-push spec: params: - name: context description: The path to the build context, used by Kaniko - within the workspace default: . type: string - name: image-name description: dockerhub url type: string - name: version description: image-version (for instance latest or beta) type: string workspaces: - name: source mountpath: /source steps: - name: build-and-push image: gcr.io/kaniko-project/executor env: - name: "DOCKER_CONFIG" value: "/tekton/home/.docker/" command: - /kaniko/executor args: - "--dockerfile=/source/$(params.context)/dockerfile" - "--destination=beppev/$(params.image-name):$(params.version)" - "--context=/source/$(params.context)/" --- apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: execute-yaml #namespace: stage-tekton-pipeline spec: params: - name: yaml-location default: deploy.yaml - name: command default: apply workspaces: - name: source mountpath: /source steps: - name: deploy-new-app image: lachlanevenson/k8s-kubectl command: ["kubectl"] args: - "$(params.command)" - "-f" - "/source/$(params.yaml-location)" --- apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: application-pipeline #namespace: stage-tekton-pipeline spec: params: - name: git-url description: url of the github repository to clone - name: branch description: name of the master branch of the repository workspaces: - name: workspace tasks: - name: clone-master taskRef: name: git-clone workspaces: - name: output workspace: workspace params: - name: url value: $(inputs.params.git-url) - name: revision value: $(inputs.params.master-branch) - name: build-and-push-a taskRef: name: build-and-push workspaces: - name: source workspace: workspace params: - name: context value: "server-a" - name: image-name value: "server-a" - name: version value: "$(inputs.params.master-branch)" - name: build-and-push-b-stable taskRef: name: build-and-push workspaces: - name: source workspace: workspace params: - name: context value: "server-b" - name: image-name value: "server-b" - name: version value: "$(inputs.params.master-branch)" - name: build-and-push-d taskRef: name: build-and-push workspaces: - name: source workspace: workspace params: - name: context value: "server-d" - name: image-name value: "server-d" - name: version value: "$(inputs.params.master-branch)" - name: clone-experimental-branch taskRef: name: git-clone workspaces: - name: output workspace: workspace runAfter: - build-and-push-a - build-and-push-b-stable - build-and-push-d params: - name: url value: $(inputs.params.git-url) - name: revision value: $(inputs.params.experimental-branch) - name: build-and-push-b-experimental taskRef: name: build-and-push workspaces: - name: source workspace: workspace runAfter: - clone-experimental-branch params: - name: context value: "server-b" - name: image-name value: "server-b" - name: version value: "$(inputs.params.experimental-branch)" - name: deploy-infra taskRef: name: execute-yaml workspaces: - name: source workspace: workspace runAfter: - build-and-push-b-experimental params: - name: yaml-location value: "infra.yaml" - name: execute-yaml #@TODO make it so that the delete can be skipped if error taskRef: name: execute-yaml workspaces: - name: source workspace: workspace runAfter: - deploy-infra