Merge pull request #50 from azgabur/deploy

Nightly update pipeline using Helm deploy

README.md

@@ -8,6 +8,7 @@ Deployment
 2. Create required pipelines and their resources
    * Apply main pipeline `oc apply -k main/ -n ${PIPELINE_NAMESPACE}`
    * Apply nightly pipeline `oc apply -k nightly/ -n ${PIPELINE_NAMESPACE}`
+   * Apply helm-deploy pipelines `oc apply -k deploy/ -n ${PIPELINE_NAMESPACE}`
 
 Secrets
 ---
@@ -31,6 +32,11 @@ kubectl create cm rp-ca-bundle --from-file=tls-ca-bundle.pem=./tls-ca-bundle.pem
 kubectl create cm pipeline-settings --from-file=settings.local.yaml=./settings.local.yaml -n ${PIPELINE_NAMESPACE}
 ```
 
+- Opaque Secret named values-additional-manifests containing secrets for testsuite run. Example: https://github.com/azgabur/kuadrant-helm-install/blob/main/example-additionalManifests.yaml
+```shell
+kubectl create -n ${PIPELINE_NAMESPACE} secret generic values-additional-manifests --from-file=additionalManifests.yaml=${ADDITIONAL_MANIFESTS.yaml}
+```
+
 Pipeline execution
 ---
 1. Through the OpenShift Web Console

deploy/eventlistener.yaml

@@ -0,0 +1,42 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: kuadrant-nightly-update-listener
+spec:
+  serviceAccountName: pipeline
+  triggers:
+    - name: kuadrant-nightly-update-trigger
+      bindings:
+        - name: istio-provider
+          value: ossm3
+        - name: kube-api
+          value: https://kubernetes.default
+      template:
+        spec:
+          params:
+            - name: kube-api
+            - name: istio-provider
+          resourcetemplates:
+            - apiVersion: tekton.dev/v1beta1
+              kind: PipelineRun
+              metadata:
+                generateName: nightly-update-
+              spec:
+                pipelineRef:
+                  name: kuadrant-nightly-update-pipeline
+                timeouts:
+                  pipeline: 30m0s
+                params:
+                  - name: kube-api
+                    value: $(tt.params.kube-api)
+                  - name: istio-provider
+                    value: $(tt.params.istio-provider)
+                workspaces:
+                  - name: shared-workspace
+                    volumeClaimTemplate:
+                      spec:
+                        accessModes:
+                          - ReadWriteOnce
+                        resources:
+                          requests:
+                            storage: 10Mi

deploy/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  deployment: kuadrant-helm-deploy
+
+resources:
+  - ../tasks/deploy/
+  - ../tasks/login/
+  - pipeline.yaml
+  - pipeline-nightly-update.yaml
+  - eventlistener.yaml
+  - trigger-nightly-update.yaml

deploy/pipeline-nightly-update.yaml

@@ -0,0 +1,80 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: kuadrant-nightly-update-pipeline
+spec:
+  params:
+  - description: API URL of the Openshift cluster
+    name: kube-api
+    type: string
+  - description: Istio deployment. Only these values 'sail', 'ossm', 'ossm3'
+    name: istio-provider
+    type: string
+    default: ossm3
+  tasks:
+  - name: clone
+    taskRef:
+      kind: Task
+      name: clone
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  - name: nightly-image-date
+    taskRef:
+      kind: Task
+      name: nightly-image-date
+  - name: check-image-existence
+    params:
+      - name: index-image
+        value: $(tasks.nightly-image-date.results.nightly-image)
+    taskRef:
+      kind: Task
+      name: check-image-existence
+    runAfter:
+      - nightly-image-date
+  - name: kubectl-login
+    params:
+    - name: kube-api
+      value: $(params.kube-api)
+    - name: testsuite-image
+      value: quay.io/rhn_support_azgabur/alpine/k8s:latest
+    taskRef:
+      kind: Task
+      name: kubectl-login
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  - name: helm-uninstall
+    params:
+      - name: kubeconfig-path
+        value: $(tasks.kubectl-login.results.kubeconfig-path)
+    runAfter:
+    - clone
+    - kubectl-login
+    - check-image-existence
+    taskRef:
+      kind: Task
+      name: helm-uninstall
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  - name: helm-install
+    params:
+      - name: index-image
+        value: $(tasks.nightly-image-date.results.nightly-image)
+      - name: channel
+        value: preview
+      - name: istio-provider
+        value: $(params.istio-provider)
+      - name: kubeconfig-path
+        value: $(tasks.kubectl-login.results.kubeconfig-path)
+    runAfter:
+    - helm-uninstall
+    taskRef:
+      kind: Task
+      name: helm-install
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  workspaces:
+  - name: shared-workspace

deploy/pipeline.yaml

@@ -0,0 +1,82 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: kuadrant-deploy-pipeline
+spec:
+  params:
+  - description: API URL of the Openshift cluster
+    name: kube-api
+    type: string
+  - description: Kuadrant image url
+    name: index-image
+    type: string
+    default: quay.io/kuadrant/kuadrant-operator-catalog:v0.11.0
+  - description: Kuadrant image channel. Can be 'preview' for nightlies and 'stable' for releases
+    name: channel
+    type: string
+    default: stable
+  - description: Istio deployment. Only these values 'sail', 'ossm', 'ossm3'
+    name: istio-provider
+    type: string
+    default: ossm3
+  tasks:
+  - name: clone
+    taskRef:
+      kind: Task
+      name: clone
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  - name: check-image-existence
+    params:
+      - name: index-image
+        value: $(params.index-image)
+    taskRef:
+      kind: Task
+      name: check-image-existence
+  - name: kubectl-login
+    params:
+    - name: kube-api
+      value: $(params.kube-api)
+    - name: testsuite-image
+      value: quay.io/rhn_support_azgabur/alpine/k8s:latest
+    taskRef:
+      kind: Task
+      name: kubectl-login
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  - name: helm-uninstall
+    params:
+      - name: kubeconfig-path
+        value: $(tasks.kubectl-login.results.kubeconfig-path)
+    runAfter:
+    - clone
+    - kubectl-login
+    - check-image-existence
+    taskRef:
+      kind: Task
+      name: helm-uninstall
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  - name: helm-install
+    params:
+      - name: index-image
+        value: $(params.index-image)
+      - name: channel
+        value: $(params.channel)
+      - name: istio-provider
+        value: $(params.istio-provider)
+      - name: kubeconfig-path
+        value: $(tasks.kubectl-login.results.kubeconfig-path)
+    runAfter:
+    - helm-uninstall
+    taskRef:
+      kind: Task
+      name: helm-install
+    workspaces:
+    - name: shared-workspace
+      workspace: shared-workspace
+  workspaces:
+  - name: shared-workspace

deploy/trigger-nightly-update.yaml

@@ -0,0 +1,20 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kuadrant-nightly-update-cron
+spec:
+  timeZone: "Europe/Prague"
+  schedule: "0 4 * * *"
+  concurrencyPolicy: Forbid
+  startingDeadlineSeconds: 300
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: pipeline
+          containers:
+            - name: kuadrant-nightly-update-trigger
+              image: quay.io/curl/curl:latest
+              command: ["/bin/sh", "-cx"]
+              args: ["curl -X POST --data {} el-kuadrant-nightly-update-listener.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local:8080"]
+          restartPolicy: Never

nightly/trigger-nightly-cronjob.yaml

@@ -3,6 +3,7 @@ kind: CronJob
 metadata:
   name: trigger-nightly-pipeline
 spec:
+  timeZone: "Europe/Prague"
   schedule: "0 5 * * *"
   concurrencyPolicy: Forbid
   startingDeadlineSeconds: 300

tasks/deploy/check-image-existence-task.yaml

@@ -0,0 +1,26 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: check-image-existence
+spec:
+  params:
+    - description: Kuadrant image url
+      name: index-image
+      type: string
+  steps:
+    - args:
+        - >-
+          export TAG=$(echo "$(params.index-image)" | sed -r 's/.*:(.*)/\1/') &&
+          export REPO=$(echo "$(params.index-image)" | sed -r 's/^[^\/]*\/(.*):.*/\1/') &&
+          export RESPONSE=$(curl -sL "https://quay.io/api/v1/repository/${REPO}/tag/?specificTag=${TAG}") &&
+          echo "$RESPONSE" | grep -Fv '{"tags": [], "page": 1, "has_additional": false}'
+      command:
+        - /bin/sh
+        - -cexv
+      computeResources:
+        limits:
+          cpu: '250m'
+          memory: 128Mi
+      image: quay.io/curl/curl:latest
+      imagePullPolicy: IfNotPresent
+      name: check-image-existence

tasks/deploy/clone-task.yaml

@@ -0,0 +1,26 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: clone
+spec:
+  steps:
+  - name: clone
+    args:
+      - >-
+        git
+        clone 
+        -b main 
+        --depth '1' 
+        https://github.com/azgabur/kuadrant-helm-install 
+        $(workspaces.shared-workspace.path)/kuadrant-helm-install
+    command:
+      - /bin/bash
+      - -c
+    computeResources:
+      limits:
+        cpu: 250m
+        memory: 128Mi
+    image: quay.io/rhn_support_azgabur/alpine/k8s:latest
+    imagePullPolicy: IfNotPresent
+  workspaces:
+  - name: shared-workspace