Skip to content

Instantly share code, notes, and snippets.

@vdemeester

vdemeester/build.yaml

Last active November 18, 2019 21:35
Show Gist options
  • Save vdemeester/e053c70ba6f3cd7601ca086619bde35f to your computer and use it in GitHub Desktop.
Save vdemeester/e053c70ba6f3cd7601ca086619bde35f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
build.yaml
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: golang-build
spec:
inputs:
params:
- name: package
description: base package to build in
- name: packages
description: "packages to build (default: ./cmd/...)"
default: "./cmd/..."
- name: version
description: golang version to use for builds
default: "1.12"
- name: flags
description: flags to use for the test command
default: -v
- name: GOOS
description: "running program's operating system target"
default: linux
- name: GOARCH
description: "running program's architecture target"
default: amd64
- name: GO111MODULE
description: "value of module support"
default: auto
resources:
- name: source
type: git
targetPath: src/$(inputs.params.package)
steps:
- name: build
image: golang:$(inputs.params.version)
workingdir: /workspace/src/$(inputs.params.package)
command:
- /bin/bash
args:
- -c
- "go build $(inputs.params.flags) $(inputs.params.packages)"
env:
- name: GOPATH
value: /workspace
- name: GOOS
value: "$(inputs.params.GOOS)"
- name: GOARCH
value: "$(inputs.params.GOARCH)"
- name: GO111MODULE
value: "$(inputs.params.GO111MODULE)"
Raw
demo-prepare.sh
oc apply -f ./talks/devfest-2019/tasks-and-co.yaml
oc apply -f ./talks/devfest-2019/triggers.yaml
oc expose service el-build-listener --name build
# curl --header "Content-Type: application/json" --request POST --data '{}' http://el-deploy.demo:8080/
Raw
demo-setup.sh
oc project demo
oc create serviceaccount pipeline || true
oc adm policy add-scc-to-user privileged -z pipeline
oc adm policy add-scc-to-user anyuid -z pipeline
oc adm policy add-role-to-user edit -z pipeline
oc adm policy add-role-to-user pipeline-deployer -z pipeline
oc create is helloworld
oc project dev
oc create is helloworld
oc project prod
oc create is helloworld
oc project demo
Raw
install-yamls.sh
oc apply -f ./talks/devfest-2019/operators.yaml
sleep 10
oc apply -f ./talks/devfest-2019/serverless.yaml
sleep 10
# watch instead of sleep
oc apply -f ./talks/devfest-2019/istio.yaml
sleep 300
# watch instead of sleep
oc apply -f ./talks/devfest-2019/knative-serving.yaml
sleep 10
Raw
istio.yaml
---
apiVersion: maistra.io/v1
kind: ServiceMeshControlPlane
metadata:
name: basic-install
namespace: istio-system
spec:
istio:
global:
multitenant: true
proxy:
autoInject: disabled
omitSidecarInjectorConfigMap: true
disablePolicyChecks: false
defaultPodDisruptionBudget:
enabled: false
istio_cni:
enabled: true
gateways:
istio-ingressgateway:
autoscaleEnabled: false
type: LoadBalancer
istio-egressgateway:
enabled: false
cluster-local-gateway:
autoscaleEnabled: false
enabled: true
labels:
app: cluster-local-gateway
istio: cluster-local-gateway
ports:
- name: status-port
port: 15020
- name: http2
port: 80
targetPort: 8080
- name: https
port: 443
mixer:
enabled: false
policy:
enabled: false
telemetry:
enabled: false
pilot:
autoscaleEnabled: false
sidecar: false
kiali:
enabled: false
tracing:
enabled: false
prometheus:
enabled: false
grafana:
enabled: false
sidecarInjectorWebhook:
enabled: false
---
apiVersion: maistra.io/v1
kind: ServiceMeshMemberRoll
metadata:
name: default
namespace: istio-system
spec:
members:
- knative-serving
- dev
- prod
Raw
knative-serving.yaml
---
apiVersion: serving.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
config:
autoscaler:
container-concurrency-target-default: '100'
container-concurrency-target-percentage: '1.0'
enable-scale-to-zero: 'true'
max-scale-up-rate: '10'
panic-threshold-percentage: '200.0'
panic-window: 6s
panic-window-percentage: '10.0'
scale-to-zero-grace-period: 30s
stable-window: 60s
tick-interval: 2s
defaults:
revision-cpu-limit: 1000m
revision-cpu-request: 400m
revision-memory-limit: 200M
revision-memory-request: 100M
revision-timeout-seconds: '300'
deployment:
registriesSkippingTagResolving: 'ko.local,dev.local'
gc:
stale-revision-create-delay: 24h
stale-revision-lastpinned-debounce: 5h
stale-revision-minimum-generations: '1'
stale-revision-timeout: 15h
logging:
loglevel.activator: info
loglevel.autoscaler: info
loglevel.controller: info
loglevel.queueproxy: info
loglevel.webhook: info
observability:
logging.enable-var-log-collection: 'false'
metrics.backend-destination: prometheus
tracing:
enable: 'false'
sample-rate: '0.1'
Raw
lint.yaml
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: golangci-lint
spec:
inputs:
params:
- name: package
description: base package (and its children) under validation
- name: flags
description: flags to use for the test command
default: --verbose
- name: version
default: golangci-lint version to use
default: "v1.17.1"
- name: GOOS
description: "running operating system target"
default: linux
- name: GOARCH
description: "running architecture target"
default: amd64
- name: GO111MODULE
description: "value of module support"
default: auto
resources:
- name: source
type: git
targetPath: src/$(inputs.params.package)
steps:
- name: lint
image: golangci/golangci-lint:$(inputs.params.version)
workingdir: /workspace/src/$(inputs.params.package)
command:
- /bin/bash
args:
- -c
- "golangci-lint run $(inputs.params.flags)"
env:
- name: GOPATH
value: /workspace
- name: GOOS
value: "$(inputs.params.GOOS)"
- name: GOARCH
value: "$(inputs.params.GOARCH)"
- name: GO111MODULE
value: "$(inputs.params.GO111MODULE)"
Raw
namespace-create.sh
oc create namespace istio-system
oc create namespace knative-serving
oc create namespace demo
oc create namespace dev
oc create namespace prod
Raw
operators.yaml
---
apiVersion: operators.coreos.com/v1
kind: CatalogSourceConfig
metadata:
name: redhat-operators-packages
namespace: openshift-marketplace
spec:
targetNamespace: openshift-operators
packages: serverless-operator,servicemeshoperator,kiali-ossm,jaeger-product,elasticsearch-operator
source: redhat-operators
Raw
pipeline-start.sh
tkn pipeline start build-pipeline \
--resource="appSource=git-source" \
--resource="demoImage=knative-tutorial-greeter-image" \
--resource="appImage=knative-tutorial-greeter-image-dev" \
--serviceaccount='pipeline' \
--task-serviceaccount='deploy-kn-service=kn-deployer-account'
Raw
rbac.yaml
---
# Define a ServiceAccount named kn-deployer-account that has permission to
# manage Knative services.
apiVersion: v1
kind: ServiceAccount
metadata:
name: kn-deployer-account
namespace: demo
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pipeline-deployer
rules:
- apiGroups: ["image.openshift.io"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: pipeline-deployer-binding
subjects:
- kind: ServiceAccount
name: pipeline
namespace: demo
roleRef:
kind: ClusterRole
name: pipeline-deployer
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kn-deployer
rules:
- apiGroups: ["serving.knative.dev"]
resources: ["services", "revisions", "routes"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kn-deployer-binding
subjects:
- kind: ServiceAccount
name: kn-deployer-account
namespace: demo
roleRef:
kind: ClusterRole
name: kn-deployer
apiGroup: rbac.authorization.k8s.io
Raw
serverless.yaml
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: knative-serving
namespace: openshift-operators
spec:
channel: techpreview
source: redhat-operators-packages
name: serverless-operator
sourceNamespace: openshift-operators
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: service-mesh
namespace: openshift-operators
spec:
channel: '1.0'
source: redhat-operators-packages
name: servicemeshoperator
sourceNamespace: openshift-operator
Raw
tasks-and-co.yaml
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-app
spec:
inputs:
resources:
- name: source
type: git
params:
- name: contextDir
description: the context dir within source
default: .
- name: mavenMirrorUrl
description: the maven mirrror url
default: http://repo1.maven.apache.org/maven2
- name: destinationImage
description: the fully qualified image name
default: "$(outputs.resources.builtImage.url)"
- name: dockerFile
description: the docker file to used for building the application
default: Dockerfile.jvm
outputs:
resources:
- name: builtImage
type: image
stepTemplate:
#resources:
#limits:
# cpu: 4
# memory: 4Gi
#requests:
# cpu: 2
# memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
privileged: false
# the default underprivileged user to be used
runAsUser: 10001
steps:
- name: build-sources
image: quay.io/rhdevelopers/tutorial-tools:0.0.2
workingDir: "/workspace/source/$(inputs.params.contextDir)"
args:
- mvn
- -DskipTest
- clean
- package
env:
- name: MAVEN_MIRROR_URL
value: "$(inputs.params.mavenMirrorUrl)"
- name: build-image
image: quay.io/buildah/stable
workingDir: "/workspace/source/$(inputs.params.contextDir)"
command: ['buildah', 'bud', '--tls-verify=false', '--layers','-f', '$(inputs.params.dockerFile)', '-t', '$(inputs.params.destinationImage)', '.']
volumeMounts:
- name: varlibc
mountPath: /var/lib/containers
# override security context as container image build need to run as root
securityContext:
allowPrivilegeEscalation: true
runAsUser: 0
privileged: true
- name: build-push
image: quay.io/buildah/stable
workingDir: "/workspace/source/$(inputs.params.contextDir)"
command: ["buildah","push", "--tls-verify=false","$(inputs.params.destinationImage)","docker://$(inputs.params.destinationImage)"]
volumeMounts:
- name: varlibc
mountPath: /var/lib/containers
# override security context as container image build need to run as root
securityContext:
allowPrivilegeEscalation: true
runAsUser: 0
privileged: true
volumes:
- name: varlibc
emptyDir: {}
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: kn
spec:
inputs:
params:
- name: kn-image
description: kn CLI container image to run this task
default: gcr.io/knative-releases/knative.dev/client/cmd/kn:v0.10.0
- name: ARGS
type: array
description: kn CLI arguments to run
default:
- "help"
resources:
- name: image
type: image
steps:
- name: kn
image: "$(inputs.params.kn-image)"
command: ["/ko-app/kn"]
args: ["$(inputs.params.ARGS)"]
# reference the container image resource in your taskrun/pipelinerun
# parameters array as "--image=$(inputs.resources.image.url)"
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: openshift-client
spec:
inputs:
params:
- name: ARGS
description: The OpenShift CLI arguments to run
type: array
default:
- "help"
steps:
- name: oc
image: quay.io/openshift/origin-cli:latest
command: ["/usr/bin/oc"]
args:
- "$(inputs.params.ARGS)"
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: build-pipeline
spec:
params:
- name: mavenMirrorUrl
description: the maven mirror
default: http://repo1.maven.apache.org/maven2
- name: build-namespace
description: namespace to deploy
default: demo
- name: deploy-namespace
description: namespace to deploy
default: dev
resources:
- name: appSource
type: git
- name: demoImage
type: image
- name: appImage
type: image
tasks:
- name: build-java-app
taskRef:
name: build-app
params:
- name: contextDir
value: apps/greeter/java/quarkus
- name: mavenMirrorUrl
value: "$(params.mavenMirrorUrl)"
resources:
inputs:
- name: source
resource: appSource
outputs:
- name: builtImage
resource: demoImage
- name: promote-to-dev
taskRef:
name: openshift-client
runAfter:
- build-java-app
params:
- name: ARGS
value:
- "tag"
- "$(params.build-namespace)/helloworld:latest"
- "$(params.deploy-namespace)/helloworld:latest"
- name: deploy-kn-service
taskRef:
name: kn
runAfter:
- promote-to-dev
resources:
inputs:
- name: image
resource: appImage
params:
- name: ARGS
value:
- "service"
- "-n"
- "$(params.deploy-namespace)"
- "create"
- "greeter"
- "--force"
- "--image=$(inputs.resources.image.url)"
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: deploy-pipeline
spec:
params:
- name: from-namespace
description: namespace to deploy from
default: dev
- name: to-namespace
description: namespace to deploy to
default: dev
resources:
- name: appImage
type: image
tasks:
- name: promote-to-prod
taskRef:
name: openshift-client
params:
- name: ARGS
value:
- "tag"
- "$(params.from-namespace)/helloworld:latest"
- "$(params.to-namespace)/helloworld:latest"
- name: deploy-kn-service
taskRef:
name: kn
runAfter:
- promote-to-prod
resources:
inputs:
- name: image
resource: appImage
params:
- name: ARGS
value:
- "service"
- "-n"
- "$(params.to-namespace)"
- "create"
- "greeter"
- "--force"
- "--image=$(inputs.resources.image.url)"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: cli-source
spec:
type: git
params:
- name: url
value: https://github.com/tektoncd/cli
- name: revision
value: master
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: pipeline-source
spec:
type: git
params:
- name: url
value: https://github.com/tektoncd/pipeline
- name: revision
value: master
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-source
spec:
type: git
params:
- name: url
value: https://github.com/vdemeester/knative-tutorial
- name: revision
value: master
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: knative-tutorial-greeter-image
spec:
type: image
params:
- name: url
value: "image-registry.openshift-image-registry.svc:5000/demo/helloworld:latest"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: knative-tutorial-greeter-image-dev
spec:
type: image
params:
- name: url
value: "image-registry.openshift-image-registry.svc:5000/dev/helloworld:latest"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: knative-tutorial-greeter-image-prod
spec:
type: image
params:
- name: url
value: "image-registry.openshift-image-registry.svc:5000/prod/helloworld:latest"
---
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: cli-pipeline
spec:
params:
- name: package
description: package to release
default: github.com/tektoncd/cli
resources:
- name: source-repo
type: git
tasks:
- name: lint
taskRef:
name: golangci-lint
params:
- name: package
value: $(params.package)
- name: flags
value: -v
resources:
inputs:
- name: source
resource: source-repo
- name: unit-tests
runAfter: [lint]
taskRef:
name: golang-test
params:
- name: package
value: $(params.package)
resources:
inputs:
- name: source
resource: source-repo
- name: build
runAfter: [lint]
taskRef:
name: golang-build
params:
- name: package
value: $(params.package)
resources:
inputs:
- name: source
resource: source-repo
Raw
tests.yaml
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: golang-test
spec:
inputs:
params:
- name: package
description: package (and its children) under test
- name: packages
description: "packages to test (default: ./...)"
default: "./..."
- name: version
description: golang version to use for tests
default: "1.12"
- name: flags
description: flags to use for the test command
default: -race -cover -v
- name: GOOS
description: "running program's operating system target"
default: linux
- name: GOARCH
description: "running program's architecture target"
default: amd64
- name: GO111MODULE
description: "value of module support"
default: auto
resources:
- name: source
type: git
targetPath: src/$(inputs.params.package)
steps:
- name: unit-test
image: golang:$(inputs.params.version)
workingdir: /workspace/src/$(inputs.params.package)
command:
- /bin/bash
args:
- -c
- "go test $(inputs.params.flags) $(inputs.params.packages)"
env:
- name: GOPATH
value: /workspace
- name: GOOS
value: "$(inputs.params.GOOS)"
- name: GOARCH
value: "$(inputs.params.GOARCH)"
- name: GO111MODULE
value: "$(inputs.params.GO111MODULE)"
Raw
triggers-setup.sh
oc apply -f ./talks/devfest-2019/rbac.yaml
oc apply -f ./talks/devfest-2019/triggers-webhook.yaml
Raw
triggers-webhook.yaml
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-admin
namespace: demo
rules:
- apiGroups:
- tekton.dev
resources:
- eventlisteners
- triggerbindings
- triggertemplates
- pipelineresources
verbs:
- get
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- pipelineresources
verbs:
- create
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-admin
namespace: demo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-admin-binding
namespace: demo
subjects:
- kind: ServiceAccount
name: tekton-triggers-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-admin
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-createwebhook
namespace: demo
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- tekton.dev
resources:
- eventlisteners
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- delete
- update
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-createwebhook
namespace: demo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-createwebhook
namespace: demo
subjects:
- kind: ServiceAccount
name: tekton-triggers-createwebhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-createwebhook
Raw
triggers.yaml
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: build-triggertemplate
namespace: demo
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
- name: namespace
description: The namespace to create the resources
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-source-$(uid)
namespace: $(params.namespace)
spec:
type: git
params:
- name: revision
value: $(params.gitrevision)
- name: url
value: $(params.gitrepositoryurl)
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: build-pipeline-run-$(uid)
namespace: $(params.namespace)
spec:
serviceAccount: pipeline
serviceAccounts:
- taskName: deploy-kn-service
serviceAccount: kn-deployer-account
pipelineRef:
name: build-pipeline
resources:
- name: appSource
resourceRef:
name: git-source-$(uid)
- name: demoImage
resourceRef:
name: knative-tutorial-greeter-image
- name: appImage
resourceRef:
name: knative-tutorial-greeter-image-dev
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: build-pipelinebinding
namespace: demo
spec:
params:
- name: gitrevision
value: $(body.head_commit.id)
- name: namespace
value: demo
- name: gitrepositoryurl
value: "https://github.com/$(body.repository.full_name)"
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: deploy-triggertemplate
namespace: demo
spec:
params:
- name: from
description: namespace from
default: dev
- name: to
description: namespace to
default: prod
- name: namespace
description: The namespace to create the resources
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: deploy-pipeline-run-$(uid)
namespace: $(params.namespace)
spec:
serviceAccount: pipeline
serviceAccounts:
- taskName: deploy-kn-service
serviceAccount: kn-deployer-account
pipelineRef:
name: deploy-pipeline
params:
- name: from-namespace
value: $(params.from)
- name: to-namespace
value: $(params.to)
resources:
- name: appImage
resourceRef:
name: knative-tutorial-greeter-image-prod
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: deploy-pipelinebinding
namespace: demo
spec:
params:
- name: from
value: $(body.from)
- name: to
value: $(body.to)
- name: namespace
value: demo
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: build
namespace: demo
spec:
serviceAccountName: tekton-triggers-admin
triggers:
- binding:
name: build-pipelinebinding
template:
name: build-triggertemplate
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: deploy
namespace: demo
spec:
serviceAccountName: tekton-triggers-admin
triggers:
- binding:
name: deploy-pipelinebinding
template:
name: deploy-triggertemplate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment