Skip to content

Commit

Permalink
Add gateway deployment for Pipelines as Code
Browse files Browse the repository at this point in the history
Signed-off-by: Frederic Giloux <[email protected]>
  • Loading branch information
fgiloux committed Jun 27, 2022
1 parent b96308d commit 975371b
Show file tree
Hide file tree
Showing 13 changed files with 265 additions and 15 deletions.
47 changes: 47 additions & 0 deletions .github/workflows/gateway-deployment-image.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Build and Publish the Gateway Deployment Image

on:
push:
branches:
- main
paths:
- "images/gateway/**"
workflow_dispatch:

jobs:
build-push:

runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
sha_short: ${{ steps.vars.outputs.sha_short }}

steps:
- uses: actions/checkout@v3

- name: Get the short sha
id: vars
run: echo "::set-output name=sha_short::$(echo ${{ github.sha }} | cut -b -7)"

# Build and push a gateway-deployment image, tagged with latest and the commit SHA.
- name: Build gateway-deployment Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: gateway-deployment
context: ./images/gateway
tags: latest ${{ steps.vars.outputs.sha_short }} ${{ github.ref_name }}
containerfiles: |
./images/gateway-deployment/Dockerfile
- name: Push to ghcr.io
id: push-to-ghcr
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }} ${{ github.ref_name }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.actor }}
password: ${{ github.token }}
7 changes: 7 additions & 0 deletions docs/gateway.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,10 @@ here the backend is the service `httpecho` in the `trigger` namespace listening
**_NOTE:_** This is only needed for phase 1. This component will get removed when we move to phase 2 and have the event listeners provisioned through kcp.
---
## Limitations
- There is currently no controller watching EventListeners to configure the gateway dynamically. This means that the gateway would work for Pipelines as Code, which offers a stable entrypoint but not for pure Tekton Triggers.
- PipelineRuns are not visible in any kcp workspace.
- Ingress is currently broken with kcp 0.5 and may not get fixed before 0.7
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,18 @@ data:
timeout http-keep-alive 300s
timeout check 10s
frontend trigger_gateway-http
bind :80
frontend fe_el_pac_http
bind :8080
mode http
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
acl PATH_trigger path_beg -i /trigger
use_backend be_trigger if PATH_trigger
acl PATH_pac path_beg -i /pac/
use_backend be_el_pac if PATH_pac
backend be_trigger
backend be_el_pac
mode http
option redispatch
option forwardfor
timeout check 5000ms
server s1 httpecho.trigger.svc.cluster.local:80
server el-pac el-pipelines-as-code-interceptor.openshift-pipelines.svc.cluster.local:8080
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,14 @@ spec:
containers:
- name: gateway
image: docker.io/haproxytech/haproxy-debian@sha256:7086aaf61dfe7f07fa36eafd4bb567a60564f7dd6fcf7cdafdfbbab19c01f0ba
resources:
requests:
cpu: 100m
memory: 256Mi
ports:
- name: http-port
protocol: TCP
containerPort: 80
containerPort: 8080
volumeMounts:
- name: config
mountPath: /usr/local/etc/haproxy/haproxy.cfg
Expand All @@ -29,4 +33,4 @@ spec:
volumes:
- name: config
configMap:
name: haproxy-config
name: haproxy-config
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ metadata:
name: trigger
spec:
rules:
- host: trigger-gateway.kcp-apps.127.0.0.1.nip.io
http:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpecho
name: gateway
port:
number: 80
number: 80

Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ spec:
targetPort: http-port
protocol: TCP
selector:
app: gateway
app: gateway
5 changes: 5 additions & 0 deletions gitops/kcp/gateway/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resources:
- haproxy-cfg-cm.yaml
- haproxy-deployment.yaml
- haproxy-ingress.yaml
- haproxy-service.yaml
6 changes: 5 additions & 1 deletion gitops/pac/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,8 @@ KUBECONFIG="/pathto/kubeconfig" GITOPS_REPO="https://gitops.org.com/org/pipeline

## Pipelines

Pipelines for the registration of new clusters via ArgoCD and kcp are available.
Pipelines are available for:

- the registration of new workload clusters to kcp
- the installation of the Tekton components on the workload cluster leveraging Argo CD
- the deployment of the gateway through kcp
File renamed without changes.
61 changes: 61 additions & 0 deletions gitops/sre/.tekton/gateway-deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: gateway-deployment
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[main]"
pipelinesascode.tekton.dev/on-event: "[push]"
pipelinesascode.tekton.dev/task: "git-clone"
spec:
params:
- name: repo_url
value: "{{repo_url}}"
- name: revision
value: "{{revision}}"
pipelineSpec:
params:
- name: repo_url
- name: revision
workspaces:
- name: source
tasks:
- name: fetch-repository
taskRef:
name: git-clone
workspaces:
- name: output
workspace: source
params:
- name: depth
value: "500"
- name: url
value: $(params.repo_url)
- name: revision
value: $(params.revision)
- name: kcp-register
runAfter:
- fetch-repository
workspaces:
- name: source
workspace: source
taskSpec:
workspaces:
- name: source
steps:
- name: gateway-deployment
image: ghcr.io/openshift-pipelines/gateway-deployment:main
workingDir: $(workspaces.source.path)
env:
- name: DATA_DIR
value: $(workspaces.source.path)/gitops/sre
- name: KCP_ORG
value: "pipelines-service"
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi
13 changes: 13 additions & 0 deletions images/gateway/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6
WORKDIR /
RUN mkdir /workspace && chmod 777 /workspace && chown 65532:65532 /workspace
ENV HOME /tmp/home
RUN mkdir $HOME && chmod 777 $HOME && chown 65532:65532 $HOME
COPY ./install.sh /usr/local/bin/install.sh
RUN KUBE_VERSION=v1.24.0 && \
curl -L -o /usr/local/bin/kubectl "https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/amd64/kubectl" && \
chmod 755 /usr/local/bin/kubectl
USER 65532:65532
VOLUME /workspace
WORKDIR /workspace
ENTRYPOINT ["/usr/local/bin/install.sh"]
109 changes: 109 additions & 0 deletions images/gateway/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
#!/usr/bin/env bash

# Copyright 2022 The pipelines-service Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

usage() {

printf "Usage: KCP_ORG=root:pipelines-service KCP_WORKSPACE=infra DATA_DIR=/workspace ./install.sh\n\n"

# Parameters
printf "The following parameters need to be passed to the script:\n"
printf "KCP_ORG: the organistation for which the workload clusters need to be registered, i.e.: root:pipelines-service\n"
printf "KCP_WORKSPACE: the name of the workspace where the gateway gets deployed (created if it does not exist), i.e: infra. If the workspace differs from the one where the WorkloadCluster has been created an APIBinding will need to be added\n"
printf "DATA_DIR: the location of the cluster files\n"
}

prechecks () {
KCP_ORG="${KCP_ORG:-}"
if [[ -z "${KCP_ORG}" ]]; then
printf "KCP_ORG not set\n\n"
usage
exit 1
fi

KCP_WORKSPACE="${KCP_WORKSPACE:-}"
if [[ -z "${KCP_WORKSPACE}" ]]; then
printf "KCP_WORKSPACE not set\n\n"
usage
exit 1
fi

DATA_DIR="${DATA_DIR:-}"
if [[ -z "${DATA_DIR}" ]]; then
printf "DATA_DIR not set\n\n"
usage
exit 1
fi
}

# populate kcp_kcfg with the location of the kubeconfig for connecting to kcp
kcp_kubeconfig() {
if files=($(ls $DATA_DIR/credentials/kubeconfig/kcp/*.kubeconfig 2>/dev/null)); then
if [ ${#files[@]} -ne 1 ]; then
printf "A single kubeconfig file is expected at %s\n" "$DATA_DIR/credentials/kubeconfig/kcp"
usage
exit 1
fi
kcp_kcfg="${files[0]}"
else
printf "A single kubeconfig file is expected at %s\n" "$DATA_DIR/credentials/kubeconfig/kcp"
usage
exit 1
fi
}

switch_org() {
KUBECONFIG=${kcp_kcfg} kubectl kcp workspace use ${KCP_ORG}
if ! (KUBECONFIG=${kcp_kcfg} kubectl api-resources >> /dev/null 2>&1); then
printf "%s is not a valid organization, wrong kubectl context in use or connectivity issue\n" ${KCP_ORG}
usage
exit 1
fi
}

switch_ws() {
if (KUBECONFIG=${kcp_kcfg} kubectl get workspaces -o name | grep "${KCP_WORKSPACE}"); then
printf "use existing workspace\n"
KUBECONFIG=${kcp_kcfg} kubectl kcp workspace use "${KCP_WORKSPACE}"

else
printf "creating workspace %s\n" "${KCP_WORKSPACE}"
KUBECONFIG=${kcp_kcfg} kubectl kcp workspace create "${KCP_WORKSPACE}" --enter
fi
}

install_gateway () {
CONFIG_DIR="${DATA_DIR}/environment/kcp/gateway"
KUBECONFIG=${kcp_kcfg} kubectl apply -k "${CONFIG_DIR}"
}

main() {
prechecks
kcp_kubeconfig
printf "Switching to organization %s\n" "${KCP_ORG}"
switch_org
printf "Switching to workspace %s\n" "${KCP_WORKSPACE}"
switch_ws
printf "Installing gateway\n"
install_gateway
}

if [ "${BASH_SOURCE[0]}" == "$0" ]; then
main "$@"
fi
2 changes: 1 addition & 1 deletion images/kcp-registrar/register.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ prechecks () {
exit 1
fi

KCP_ORG=${KCP_WORKSPACE:-}
KCP_WORKSPACE=${KCP_WORKSPACE:-}
if [[ -z "${KCP_WORKSPACE}" ]]; then
printf "KCP_WORKSPACE not set\n\n"
usage
Expand Down

0 comments on commit 975371b

Please sign in to comment.