From 40c0ce21906ac3e44c3f368cc96a3246cde0d9a6 Mon Sep 17 00:00:00 2001 From: Alex Zgabur Date: Wed, 30 Oct 2024 13:08:25 +0100 Subject: [PATCH] Finish rudamentary helm update pipeline Signed-off-by: Alex Zgabur --- README.md | 6 ++ deploy/eventlistener.yaml | 42 ++++++++++++ deploy/kustomization.yaml | 13 ++++ deploy/pipeline-nightly-update.yaml | 71 +++++++++++++++++++ deploy/pipeline.yaml | 50 ++++++++------ deploy/trigger-nightly-update.yaml | 20 ++++++ nightly/trigger-nightly-cronjob.yaml | 1 + tasks/01-clone.yaml | 23 ------- tasks/02-helm.yaml | 47 ------------- tasks/03-helm-operands.yaml | 47 ------------- tasks/deploy/clone-task.yaml | 25 +++++++ tasks/deploy/helm-install-task.yaml | 83 +++++++++++++++++++++++ tasks/deploy/kustomization.yaml | 8 +++ tasks/deploy/nightly-image.yaml | 24 +++++++ tasks/deploy/uninstall-task.yaml | 73 ++++++++++++++++++++ tasks/kubectl-login-task-alt.yaml | 46 ------------- tasks/kustomization.yaml | 2 +- tasks/{ => login}/kubectl-login-task.yaml | 0 tasks/login/kustomization.yaml | 5 ++ 19 files changed, 400 insertions(+), 186 deletions(-) create mode 100644 deploy/eventlistener.yaml create mode 100644 deploy/kustomization.yaml create mode 100644 deploy/pipeline-nightly-update.yaml create mode 100644 deploy/trigger-nightly-update.yaml delete mode 100644 tasks/01-clone.yaml delete mode 100644 tasks/02-helm.yaml delete mode 100644 tasks/03-helm-operands.yaml create mode 100644 tasks/deploy/clone-task.yaml create mode 100644 tasks/deploy/helm-install-task.yaml create mode 100644 tasks/deploy/kustomization.yaml create mode 100644 tasks/deploy/nightly-image.yaml create mode 100644 tasks/deploy/uninstall-task.yaml delete mode 100644 tasks/kubectl-login-task-alt.yaml rename tasks/{ => login}/kubectl-login-task.yaml (100%) create mode 100644 tasks/login/kustomization.yaml diff --git a/README.md b/README.md index 54f2919..514a55f 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Deployment 2. Create required pipelines and their resources * Apply main pipeline `oc apply -k main/ -n ${PIPELINE_NAMESPACE}` * Apply nightly pipeline `oc apply -k nightly/ -n ${PIPELINE_NAMESPACE}` + * Apply helm-deploy pipelines `oc apply -k deploy/ -n ${PIPELINE_NAMESPACE}` Secrets --- @@ -31,6 +32,11 @@ kubectl create cm rp-ca-bundle --from-file=tls-ca-bundle.pem=./tls-ca-bundle.pem kubectl create cm pipeline-settings --from-file=settings.local.yaml=./settings.local.yaml -n ${PIPELINE_NAMESPACE} ``` +- Opaque Secret named values-additional-manifests containing secrets for testsuite run. Example: https://github.com/azgabur/kuadrant-helm-install/blob/main/example-additionalManifests.yaml +```shell +kubectl create -n ${PIPELINE_NAMESPACE} secret generic values-additional-manifests --from-file=additionalManifests.yaml=${ADDITIONAL_MANIFESTS.yaml} +``` + Pipeline execution --- 1. Through the OpenShift Web Console diff --git a/deploy/eventlistener.yaml b/deploy/eventlistener.yaml new file mode 100644 index 0000000..1895720 --- /dev/null +++ b/deploy/eventlistener.yaml @@ -0,0 +1,42 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: kuadrant-nightly-update-listener +spec: + serviceAccountName: pipeline + triggers: + - name: kuadrant-nightly-update-trigger + bindings: + - name: istio-provider + value: ossm3 + - name: kube-api + value: https://kubernetes.default + template: + spec: + params: + - name: kube-api + - name: istio-provider + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: nightly-update- + spec: + pipelineRef: + name: kuadrant-nightly-update-pipeline + timeouts: + pipeline: 30m0s + params: + - name: kube-api + value: $(tt.params.kube-api) + - name: istio-provider + value: $(tt.params.istio-provider) + workspaces: + - name: shared-workspace + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Mi diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml new file mode 100644 index 0000000..6639d10 --- /dev/null +++ b/deploy/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +commonLabels: + deployment: kuadrant-helm-deploy + +resources: + - ../tasks/deploy/ + - ../tasks/login/ + - pipeline.yaml + - pipeline-nightly-update.yaml + - eventlistener.yaml + - trigger-nightly-update.yaml diff --git a/deploy/pipeline-nightly-update.yaml b/deploy/pipeline-nightly-update.yaml new file mode 100644 index 0000000..edada78 --- /dev/null +++ b/deploy/pipeline-nightly-update.yaml @@ -0,0 +1,71 @@ +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: kuadrant-nightly-update-pipeline +spec: + params: + - description: API URL of the Openshift cluster + name: kube-api + type: string + - description: Istio deployment. Only these values 'sail', 'ossm', 'ossm3' + name: istio-provider + type: string + default: ossm3 + tasks: + - name: clone + taskRef: + kind: Task + name: clone + workspaces: + - name: shared-workspace + workspace: shared-workspace + - name: kubectl-login + params: + - name: kube-api + value: $(params.kube-api) + - name: testsuite-image + value: quay.io/rhn_support_azgabur/alpine/k8s:latest + taskRef: + kind: Task + name: kubectl-login + workspaces: + - name: shared-workspace + workspace: shared-workspace + - name: nightly-image-date + taskRef: + kind: Task + name: nightly-image-date + - name: helm-uninstall + params: + - name: kubeconfig-path + value: $(tasks.kubectl-login.results.kubeconfig-path) + runAfter: + - clone + - kubectl-login + taskRef: + kind: Task + name: helm-uninstall + workspaces: + - name: shared-workspace + workspace: shared-workspace + - name: helm-install-nightly + params: + - name: index-image + value: $(tasks.nightly-image-date.results.nightly-image) + - name: channel + value: preview + - name: istio-provider + value: $(params.istio-provider) + - name: kubeconfig-path + value: $(tasks.kubectl-login.results.kubeconfig-path) + runAfter: + - helm-uninstall + - nightly-image-date + taskRef: + kind: Task + name: helm-install + workspaces: + - name: shared-workspace + workspace: shared-workspace + workspaces: + - name: shared-workspace diff --git a/deploy/pipeline.yaml b/deploy/pipeline.yaml index 92bc321..b08bd47 100644 --- a/deploy/pipeline.yaml +++ b/deploy/pipeline.yaml @@ -7,15 +7,18 @@ spec: - description: API URL of the Openshift cluster name: kube-api type: string - default: https://kubernetes.default:443 - - description: Index image to use for deployment; if omitted uses community-operators - name: kuadrant-index-image + - description: Kuadrant image url + name: index-image type: string - default: "" - - description: OLM channel to use for deployment - name: kuadrant-channel + default: quay.io/kuadrant/kuadrant-operator-catalog:v0.11.0 + - description: Kuadrant image channel. Can be 'preview' for nightlies and 'stable' for releases + name: channel type: string default: stable + - description: Istio deployment. Only these values 'sail', 'ossm', 'ossm3' + name: istio-provider + type: string + default: ossm3 tasks: - name: clone taskRef: @@ -28,39 +31,42 @@ spec: params: - name: kube-api value: $(params.kube-api) - runAfter: - - clone + - name: testsuite-image + value: quay.io/rhn_support_azgabur/alpine/k8s:latest taskRef: kind: Task - name: kubectl-login-alt + name: kubectl-login workspaces: - name: shared-workspace workspace: shared-workspace - - name: helm + - name: helm-uninstall params: - - name: kuadrant-index-image - value: $(params.kuadrant-index-image) - - name: kuadrant-channel - value: $(params.kuadrant-channel) + - name: kubeconfig-path + value: $(tasks.kubectl-login.results.kubeconfig-path) runAfter: + - clone - kubectl-login taskRef: kind: Task - name: helm + name: helm-uninstall workspaces: - name: shared-workspace workspace: shared-workspace - - name: helm-operands + - name: helm-install params: - - name: kuadrant-index-image - value: $(params.kuadrant-index-image) - - name: kuadrant-channel - value: $(params.kuadrant-channel) + - name: index-image + value: $(params.index-image) + - name: channel + value: $(params.channel) + - name: istio-provider + value: $(params.istio-provider) + - name: kubeconfig-path + value: $(tasks.kubectl-login.results.kubeconfig-path) runAfter: - - helm + - helm-uninstall taskRef: kind: Task - name: helm-operands + name: helm-install workspaces: - name: shared-workspace workspace: shared-workspace diff --git a/deploy/trigger-nightly-update.yaml b/deploy/trigger-nightly-update.yaml new file mode 100644 index 0000000..503d330 --- /dev/null +++ b/deploy/trigger-nightly-update.yaml @@ -0,0 +1,20 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: kuadrant-nightly-update-cron +spec: + timeZone: "Europe/Prague" + schedule: "0 4 * * *" + concurrencyPolicy: Forbid + startingDeadlineSeconds: 300 + jobTemplate: + spec: + template: + spec: + serviceAccountName: pipeline + containers: + - name: kuadrant-nightly-update-trigger + image: quay.io/curl/curl:latest + command: ["/bin/sh", "-cx"] + args: ["curl -X POST --data {} el-kuadrant-nightly-update-listener.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local:8080"] + restartPolicy: Never diff --git a/nightly/trigger-nightly-cronjob.yaml b/nightly/trigger-nightly-cronjob.yaml index a2c7c45..d3f3d07 100644 --- a/nightly/trigger-nightly-cronjob.yaml +++ b/nightly/trigger-nightly-cronjob.yaml @@ -3,6 +3,7 @@ kind: CronJob metadata: name: trigger-nightly-pipeline spec: + timeZone: "Europe/Prague" schedule: "0 5 * * *" concurrencyPolicy: Forbid startingDeadlineSeconds: 300 diff --git a/tasks/01-clone.yaml b/tasks/01-clone.yaml deleted file mode 100644 index 8874d6b..0000000 --- a/tasks/01-clone.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: clone -spec: - steps: - - args: - - clone - - -b - - operators-operands-olm - - https://github.com/ficap/kuadrant-env-installation.git - - $(workspaces.shared-workspace.path)/kuadrant-env-installation - command: - - git - computeResources: - limits: - cpu: 250m - memory: 128Mi - image: quay.io/rh_integration/ci-toolbox:latest - imagePullPolicy: IfNotPresent - name: clone - workspaces: - - name: shared-workspace diff --git a/tasks/02-helm.yaml b/tasks/02-helm.yaml deleted file mode 100644 index 53c9bc8..0000000 --- a/tasks/02-helm.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: helm -spec: - params: - - description: Index image of kuadrant to use - name: kuadrant-index-image - type: string - - description: olm channel to use - name: kuadrant-channel - type: string - steps: - - args: - - install - - $(workspaces.shared-workspace.path)/kuadrant-env-installation/operators - - --values - - $(workspaces.shared-workspace.path)/kuadrant-env-installation/operators/values.yaml - - --values - - /mount/values-additional-manifests/values-additionalManifests.yaml - - --generate-name - - --wait - - --set - - kuadrant.indexImage=$(params.kuadrant-index-image) - - --set - - kuadrant.channel=$(params.kuadrant-channel) - command: - - /usr/local/bin/helm - computeResources: - limits: - cpu: 250m - memory: 128Mi - env: - - name: KUBECONFIG - value: $(workspaces.shared-workspace.path)/kubeconfig - image: quay.io/rh_integration/ci-toolbox:latest - imagePullPolicy: IfNotPresent - name: helm - volumeMounts: - - mountPath: /mount/values-additional-manifests - name: values-additional-manifests - volumes: - - secret: - secretName: values-additional-manifests - name: values-additional-manifests - workspaces: - - name: shared-workspace diff --git a/tasks/03-helm-operands.yaml b/tasks/03-helm-operands.yaml deleted file mode 100644 index 69af8fd..0000000 --- a/tasks/03-helm-operands.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: helm-operands -spec: - params: - - description: Index image of kuadrant to use - name: kuadrant-index-image - type: string - - description: kuadrant channel - name: kuadrant-channel - type: string - steps: - - args: - - install - - $(workspaces.shared-workspace.path)/kuadrant-env-installation/operands - - --values - - $(workspaces.shared-workspace.path)/kuadrant-env-installation/operators/values.yaml - - --values - - /mount/values-additional-manifests/values-additionalManifests.yaml - - --generate-name - - --wait - - --set - - kuadrant.indexImage=$(params.kuadrant-index-image) - - --set - - kuadrant.channel=$(params.kuadrant-channel) - command: - - /usr/local/bin/helm - computeResources: - limits: - cpu: 250m - memory: 128Mi - env: - - name: KUBECONFIG - value: $(workspaces.shared-workspace.path)/kubeconfig - image: quay.io/rh_integration/ci-toolbox:latest - imagePullPolicy: IfNotPresent - name: helm - volumeMounts: - - mountPath: /mount/values-additional-manifests - name: values-additional-manifests - volumes: - - secret: - secretName: values-additional-manifests - name: values-additional-manifests - workspaces: - - name: shared-workspace diff --git a/tasks/deploy/clone-task.yaml b/tasks/deploy/clone-task.yaml new file mode 100644 index 0000000..455bd3b --- /dev/null +++ b/tasks/deploy/clone-task.yaml @@ -0,0 +1,25 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: clone +spec: + steps: + - name: clone + args: + - >- + git clone + -b main + --depth '1' + https://github.com/azgabur/kuadrant-helm-install + $(workspaces.shared-workspace.path)/kuadrant-helm-install + command: + - /bin/bash + - -c + computeResources: + limits: + cpu: 250m + memory: 128Mi + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + workspaces: + - name: shared-workspace diff --git a/tasks/deploy/helm-install-task.yaml b/tasks/deploy/helm-install-task.yaml new file mode 100644 index 0000000..d9fdee6 --- /dev/null +++ b/tasks/deploy/helm-install-task.yaml @@ -0,0 +1,83 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: helm-install +spec: + params: + - description: Kuadrant image url + name: index-image + type: string + - description: Kuadrant image channel. Can be 'preview' for nightlies and 'stable' for releases + name: channel + type: string + - description: Istio deployment. Only these values 'sail', 'ossm', 'ossm3' + name: istio-provider + type: string + - description: Path to workspace kubeconfig + name: kubeconfig-path + type: string + steps: + - name: helm-install-operators + args: + - install + - -n=default + - --values=$(workspaces.shared-workspace.path)/kuadrant-helm-install/values.yaml + - --values=/mount/values-additional-manifests/additionalManifests.yaml + - --set=kuadrant.indexImage=$(params.index-image) + - --set=kuadrant.channel=$(params.channel) + - --set=istio.istioProvider=$(params.istio-provider) + - --set=tools.enabled=true + - --wait + - --debug + - kuadrant-operators + - $(workspaces.shared-workspace.path)/kuadrant-helm-install/operators/ + command: + - helm + volumeMounts: + - mountPath: /mount/values-additional-manifests + name: values-additional-manifests + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + - name: helm-install-instances + args: + - install + - -n=default + - --values=$(workspaces.shared-workspace.path)/kuadrant-helm-install/values.yaml + - --values=/mount/values-additional-manifests/additionalManifests.yaml + - --set=kuadrant.indexImage=$(params.index-image) + - --set=kuadrant.channel=$(params.channel) + - --set=istio.istioProvider=$(params.istio-provider) + - --set=tools.enabled=true + - --wait + - --debug + - kuadrant-instances + - $(workspaces.shared-workspace.path)/kuadrant-helm-install/instances/ + command: + - helm + volumeMounts: + - mountPath: /mount/values-additional-manifests + name: values-additional-manifests + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + - name: run-hack-sh + args: + - $(workspaces.shared-workspace.path)/kuadrant-helm-install/hack.sh + command: + - /bin/bash + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + volumes: + - secret: + secretName: values-additional-manifests + name: values-additional-manifests + workspaces: + - name: shared-workspace diff --git a/tasks/deploy/kustomization.yaml b/tasks/deploy/kustomization.yaml new file mode 100644 index 0000000..327771f --- /dev/null +++ b/tasks/deploy/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - clone-task.yaml + - uninstall-task.yaml + - helm-install-task.yaml + - nightly-image.yaml diff --git a/tasks/deploy/nightly-image.yaml b/tasks/deploy/nightly-image.yaml new file mode 100644 index 0000000..0f0be24 --- /dev/null +++ b/tasks/deploy/nightly-image.yaml @@ -0,0 +1,24 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: nightly-image-date +spec: + results: + - name: nightly-image + description: Nightly image url + steps: + - args: + - echo "quay.io/kuadrant/kuadrant-operator-catalog:nightly-$(date +%d-%m-%Y)" | tee $(results.nightly-image.path) + command: + - /bin/sh + - -c + resources: + limits: + cpu: '250m' + memory: 128Mi + env: + - name: TZ + value: "Europe/Prague" + image: quay.io/jitesoft/alpine:latest + imagePullPolicy: Always + name: generate-nightly-url diff --git a/tasks/deploy/uninstall-task.yaml b/tasks/deploy/uninstall-task.yaml new file mode 100644 index 0000000..81ba292 --- /dev/null +++ b/tasks/deploy/uninstall-task.yaml @@ -0,0 +1,73 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: helm-uninstall +spec: + params: + - description: Path to workspace kubeconfig + name: kubeconfig-path + type: string + steps: + - name: uninstall-instances + args: + - uninstall + - -n=default + - --ignore-not-found + - --wait + - kuadrant-instances + command: + - helm + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + - name: uninstall-operators + args: + - uninstall + - -n=default + - --ignore-not-found + - --wait + - kuadrant-operators + command: + - helm + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + - name: delete-cert-manager-namespace + args: + - kubectl delete --ignore-not-found ns/cert-manager + command: + - /bin/bash + - -c + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + - name: delete-kuadrant-crd + args: + - kubectl get crd -o name | grep "kuadrant" | xargs --no-run-if-empty kubectl delete + command: + - /bin/bash + - -c + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + - name: delete-istio-crd + args: + - kubectl get crd -o name | grep "istio.io" | xargs --no-run-if-empty kubectl delete + command: + - /bin/bash + - -c + env: + - name: KUBECONFIG + value: $(params.kubeconfig-path) + image: quay.io/rhn_support_azgabur/alpine/k8s:latest + imagePullPolicy: IfNotPresent + workspaces: + - name: shared-workspace diff --git a/tasks/kubectl-login-task-alt.yaml b/tasks/kubectl-login-task-alt.yaml deleted file mode 100644 index e519843..0000000 --- a/tasks/kubectl-login-task-alt.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: kubectl-login-alt -spec: - params: - - description: API URL of the Openshift cluster - name: kube-api - type: string - steps: - - args: - - export OAUTH_URL=$(echo $(params.kube-api) | sed -e 's/api/oauth-openshift.apps/' - -e 's/\(.*\):.*/\1/')/oauth/authorize && export TOKEN=$(curl -XPOST -kis --data - response_type=token --data client_id=openshift-challenging-client -u ${KUBE_USER}:${KUBE_PASSWORD} - ${OAUTH_URL} | grep "Location:" | sed 's/.*access_token=\([^&]*\).*/\1/') && - kubectl config set-cluster ctx --server $(params.kube-api) --insecure-skip-tls-verify=true - && kubectl config set-credentials user --token=${TOKEN} && kubectl config set-context - ctx --user=user --cluster=ctx && kubectl config use-context ctx - command: - - /bin/bash - - -cveo - - pipefail - computeResources: - limits: - cpu: 250m - memory: 128Mi - env: - - name: KUBECONFIG - value: $(workspaces.shared-workspace.path)/kubeconfig - - name: WORKSPACE - value: $(workspaces.shared-workspace.path) - - name: KUBE_USER - valueFrom: - secretKeyRef: - key: KUBE_USER - name: openshift-pipelines-credentials - - name: KUBE_PASSWORD - valueFrom: - secretKeyRef: - key: KUBE_PASSWORD - name: openshift-pipelines-credentials - image: quay.io/rh_integration/ci-toolbox:latest - imagePullPolicy: IfNotPresent - name: kubectl-login - workspaces: - - name: shared-workspace diff --git a/tasks/kustomization.yaml b/tasks/kustomization.yaml index 199a293..2c2d153 100644 --- a/tasks/kustomization.yaml +++ b/tasks/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - kubectl-login-task.yaml + - login/ - run-tests-task.yaml - upload-results-task.yaml diff --git a/tasks/kubectl-login-task.yaml b/tasks/login/kubectl-login-task.yaml similarity index 100% rename from tasks/kubectl-login-task.yaml rename to tasks/login/kubectl-login-task.yaml diff --git a/tasks/login/kustomization.yaml b/tasks/login/kustomization.yaml new file mode 100644 index 0000000..8a3512f --- /dev/null +++ b/tasks/login/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - kubectl-login-task.yaml