From ac7139b2f01aeb88a25452f1313647fd2dfb186e Mon Sep 17 00:00:00 2001 From: Shoubhik Bose Date: Wed, 16 Feb 2022 11:23:56 -0500 Subject: [PATCH] Infra for PR checks / Add Pipelines As Code for internal use (#115) * install pac * add to kustomization.yaml * create sa * create sa * create sa * create sa * create sa * create sa * add auth memberships for devs to debug * add Repository CR for HAS * add Repository CR for HAS * reference to release yaml --- components/authentication/build-ci.yaml | 22 ++++++++++ components/authentication/kustomization.yaml | 1 + .../authentication/view-build-service.yaml | 15 +++++++ components/build/kustomization.yaml | 1 + .../allow-argocd-create-sa.yaml | 13 ++++++ .../openshift-pipelines/kustomization.yaml | 1 + .../build/pipelines-as-code/allow-argocd.yaml | 42 +++++++++++++++++++ .../pipelines-as-code/kustomization.yaml | 7 ++++ components/gitops/kustomization.yaml | 1 - components/has/.tekton/kustomization.yaml | 1 + components/has/.tekton/pipelines-as-code.yaml | 7 ++++ 11 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 components/authentication/build-ci.yaml create mode 100644 components/build/openshift-pipelines/allow-argocd-create-sa.yaml create mode 100644 components/build/pipelines-as-code/allow-argocd.yaml create mode 100644 components/build/pipelines-as-code/kustomization.yaml create mode 100644 components/has/.tekton/pipelines-as-code.yaml diff --git a/components/authentication/build-ci.yaml b/components/authentication/build-ci.yaml new file mode 100644 index 000000000..e184ff6c9 --- /dev/null +++ b/components/authentication/build-ci.yaml @@ -0,0 +1,22 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-maintainers + namespace: pipelines-as-code +subjects: + - kind: User + apiGroup: rbac.authorization.k8s.io + name: sbose78 + - kind: User + apiGroup: rbac.authorization.k8s.io + name: jduimovich + - kind: User + apiGroup: rbac.authorization.k8s.io + name: chmouel + - kind: User + apiGroup: rbac.authorization.k8s.io + name: Michkov +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-maintainer \ No newline at end of file diff --git a/components/authentication/kustomization.yaml b/components/authentication/kustomization.yaml index 15ec1934e..cbbce8b55 100644 --- a/components/authentication/kustomization.yaml +++ b/components/authentication/kustomization.yaml @@ -7,6 +7,7 @@ resources: - user-ci-maintainer.yaml - gitops-ci.yaml - has-ci.yaml +- build-ci.yaml - prune-has.yaml - argocd-permissions.yaml - tenants/ diff --git a/components/authentication/view-build-service.yaml b/components/authentication/view-build-service.yaml index 59c2c0a7c..4cc762120 100644 --- a/components/authentication/view-build-service.yaml +++ b/components/authentication/view-build-service.yaml @@ -23,6 +23,21 @@ subjects: name: jduimovich - kind: User name: sbose78 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: read-pac + namespace: pipelines-as-code +subjects: + - kind: User + name: chmouel + - kind: User + name: sbose78 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/components/build/kustomization.yaml b/components/build/kustomization.yaml index 32dcbabc0..0e302ecf4 100644 --- a/components/build/kustomization.yaml +++ b/components/build/kustomization.yaml @@ -1,6 +1,7 @@ resources: - openshift-pipelines/ - build-templates/ +- pipelines-as-code/ generatorOptions: disableNameSuffixHash: true diff --git a/components/build/openshift-pipelines/allow-argocd-create-sa.yaml b/components/build/openshift-pipelines/allow-argocd-create-sa.yaml new file mode 100644 index 000000000..7b98d8e8a --- /dev/null +++ b/components/build/openshift-pipelines/allow-argocd-create-sa.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: allow-argo-cd-sa + namespace: openshift-operators +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin +subjects: + - kind: ServiceAccount + name: openshift-gitops-argocd-application-controller + namespace: openshift-gitops diff --git a/components/build/openshift-pipelines/kustomization.yaml b/components/build/openshift-pipelines/kustomization.yaml index c1b73104c..7a1676173 100644 --- a/components/build/openshift-pipelines/kustomization.yaml +++ b/components/build/openshift-pipelines/kustomization.yaml @@ -5,6 +5,7 @@ resources: - patch-tekton-config-rb.yaml - patch-tekton-config-sa.yaml - pruner-configuration-job.yaml +- allow-argocd-create-sa.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/components/build/pipelines-as-code/allow-argocd.yaml b/components/build/pipelines-as-code/allow-argocd.yaml new file mode 100644 index 000000000..f47b600b8 --- /dev/null +++ b/components/build/pipelines-as-code/allow-argocd.yaml @@ -0,0 +1,42 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: allow-argo-cd-rolebinding + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin +subjects: + - kind: ServiceAccount + name: openshift-gitops-argocd-application-controller + namespace: openshift-gitops +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: crd-manager-for-build +rules: + - verbs: + - patch + - get + - list + - create + - get + apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: grant-argocd-crd-permissions-for-build +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-manager-for-build +subjects: +- kind: ServiceAccount + name: openshift-gitops-argocd-application-controller + namespace: openshift-gitops \ No newline at end of file diff --git a/components/build/pipelines-as-code/kustomization.yaml b/components/build/pipelines-as-code/kustomization.yaml new file mode 100644 index 000000000..e17c2750b --- /dev/null +++ b/components/build/pipelines-as-code/kustomization.yaml @@ -0,0 +1,7 @@ +resources: +- allow-argocd.yaml +- https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-0.5.2/release-0.5.2.yaml + + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization \ No newline at end of file diff --git a/components/gitops/kustomization.yaml b/components/gitops/kustomization.yaml index 117994786..faaea3ad2 100644 --- a/components/gitops/kustomization.yaml +++ b/components/gitops/kustomization.yaml @@ -2,7 +2,6 @@ resources: - backend/ - .tekton/ - apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/components/has/.tekton/kustomization.yaml b/components/has/.tekton/kustomization.yaml index 5f919c612..f6f12f020 100644 --- a/components/has/.tekton/kustomization.yaml +++ b/components/has/.tekton/kustomization.yaml @@ -3,6 +3,7 @@ resources: - event-listener.yaml - webhook-route.yaml - serviceaccount.yaml +- pipelines-as-code.yaml - pvc.yaml # Skip applying the Tekton operands while the Tekton operator is being installed. diff --git a/components/has/.tekton/pipelines-as-code.yaml b/components/has/.tekton/pipelines-as-code.yaml new file mode 100644 index 000000000..098db2dae --- /dev/null +++ b/components/has/.tekton/pipelines-as-code.yaml @@ -0,0 +1,7 @@ +apiVersion: pipelinesascode.tekton.dev/v1alpha1 +kind: Repository +metadata: + name: application-service-pac + namespace: application-service +spec: + url: "https://github.com/redhat-appstudio/application-service"