From 9c994d8a6aebdb96573aba2a47c53245932e7f4d Mon Sep 17 00:00:00 2001 From: arunvel1988 Date: Tue, 19 Nov 2024 10:56:18 +0530 Subject: [PATCH 1/2] adding oracle cli task --- task/oci-cli/0.1/README.md | 43 ++++++++++++ task/oci-cli/0.1/oci-cli-task.yaml | 68 +++++++++++++++++++ task/oci-cli/0.1/samples/oci-cli-taskrun.yaml | 21 ++++++ 3 files changed, 132 insertions(+) create mode 100644 task/oci-cli/0.1/README.md create mode 100644 task/oci-cli/0.1/oci-cli-task.yaml create mode 100644 task/oci-cli/0.1/samples/oci-cli-taskrun.yaml diff --git a/task/oci-cli/0.1/README.md b/task/oci-cli/0.1/README.md new file mode 100644 index 0000000000..dcca87d5ab --- /dev/null +++ b/task/oci-cli/0.1/README.md @@ -0,0 +1,43 @@ +Running OCI CLI Commands with Tekton Task +This guide explains how to use a Tekton Task and TaskRun to execute OCI (Oracle Cloud Infrastructure) CLI commands using the ghcr.io/oracle/oci-cli:latest Docker image. + + + + Prerequisites +Before proceeding, ensure you have the following: + +A Kubernetes cluster with Tekton Pipelines installed. +Access to OCI with: +Tenancy OCID: Found in the OCI Console under Administration > Tenancy Details. +User OCID: Found in Identity > Users. +API Key Fingerprint: Found in your API key details. +Private Key: The key you use for OCI API authentication. +Region: The OCI region identifier (e.g., us-ashburn-1). + + + Encode Your Private Key +The private key must be base64 encoded before use. + +Run the following command to encode your private key: + +cat ~/.oci/oci_api_key.pem | base64 + + +Save the output for use in the TaskRun + + +Apply the Tekton Task +Save the following Tekton Task YAML as oci-cli-task.yaml + + +Execute the Task with TaskRun +Save the following TaskRun YAML as oci-cli-taskrun.yaml + +Replace placeholders in the TaskRun: + +: Your Tenancy OCID. +: Your User OCID. +: Your API key fingerprint. +: The base64-encoded private key content. + + diff --git a/task/oci-cli/0.1/oci-cli-task.yaml b/task/oci-cli/0.1/oci-cli-task.yaml new file mode 100644 index 0000000000..a73f51a3b8 --- /dev/null +++ b/task/oci-cli/0.1/oci-cli-task.yaml @@ -0,0 +1,68 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: oci-cli-task + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "oracle cli task" + tekton.dev/platforms: "linux/amd64" +spec: + params: + - name: tenancy_ocid + description: "The OCID of the tenancy" + - name: user_ocid + description: "The OCID of the user" + - name: fingerprint + description: "The fingerprint of the API key" + - name: private_key + description: "The private key content (base64 encoded)" + - name: region + description: "The OCI region (e.g., us-ashburn-1)" + - name: command + description: "The OCI CLI command to execute" + steps: + - name: oci-cli + image: ghcr.io/oracle/oci-cli:latest + script: | + #!/bin/bash + set -e + mkdir -p /root/.oci + # Decode and store the private key + echo "$PRIVATE_KEY" | base64 -d > /root/.oci/oci_api_key.pem + chmod 600 /root/.oci/oci_api_key.pem + + # Create OCI configuration + mkdir -p /root/.oci + cat < /root/.oci/config + [DEFAULT] + tenancy=${TENANCY_OCID} + user=${USER_OCID} + fingerprint=${FINGERPRINT} + key_file=/root/.oci/oci_api_key.pem + region=${REGION} + EOF + + # Verify the configuration + echo "OCI CLI Configuration:" + cat /root/.oci/config + + # Run the provided OCI CLI command + echo "Executing OCI CLI command: $COMMAND" + eval $COMMAND + env: + - name: TENANCY_OCID + value: "$(params.tenancy_ocid)" + - name: USER_OCID + value: "$(params.user_ocid)" + - name: FINGERPRINT + value: "$(params.fingerprint)" + - name: PRIVATE_KEY + value: "$(params.private_key)" + - name: REGION + value: "$(params.region)" + - name: COMMAND + value: "$(params.command)" diff --git a/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml b/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml new file mode 100644 index 0000000000..ed0c84a4e2 --- /dev/null +++ b/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml @@ -0,0 +1,21 @@ +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: oci-cli-taskrun + namespace: default +spec: + taskRef: + name: oci-cli-task + params: + - name: tenancy_ocid + value: "" # Replace with your Tenancy OCID + - name: user_ocid + value: "" # Replace with your User OCID + - name: fingerprint + value: "" # Replace with your API key fingerprint + - name: private_key + value: "" # Replace with base64-encoded private key + - name: region + value: "us-ashburn-1" # Replace with your OCI region + - name: command + value: "oci iam compartment list" # Replace with your OCI CLI command From 3c642e480a888febadb374cd0bf382cf591d6d28 Mon Sep 17 00:00:00 2001 From: arunvel1988 Date: Thu, 21 Nov 2024 10:33:31 +0530 Subject: [PATCH 2/2] Adding secret and image tag --- task/oci-cli/0.1/oci-cli-task.yaml | 43 ++++++++++++++-------------- task/oci-cli/0.1/samples/secret.yaml | 8 ++++++ 2 files changed, 30 insertions(+), 21 deletions(-) create mode 100644 task/oci-cli/0.1/samples/secret.yaml diff --git a/task/oci-cli/0.1/oci-cli-task.yaml b/task/oci-cli/0.1/oci-cli-task.yaml index a73f51a3b8..f87ce61960 100644 --- a/task/oci-cli/0.1/oci-cli-task.yaml +++ b/task/oci-cli/0.1/oci-cli-task.yaml @@ -16,27 +16,24 @@ spec: description: "The OCID of the tenancy" - name: user_ocid description: "The OCID of the user" - - name: fingerprint - description: "The fingerprint of the API key" - - name: private_key - description: "The private key content (base64 encoded)" - name: region description: "The OCI region (e.g., us-ashburn-1)" - name: command description: "The OCI CLI command to execute" steps: - name: oci-cli - image: ghcr.io/oracle/oci-cli:latest + image: ghcr.io/oracle/oci-cli:sha-5846bb2 script: | #!/bin/bash set -e mkdir -p /root/.oci - # Decode and store the private key - echo "$PRIVATE_KEY" | base64 -d > /root/.oci/oci_api_key.pem + + # Use the mounted secret + cp /secrets/oci/oci_api_key.pem /root/.oci/oci_api_key.pem chmod 600 /root/.oci/oci_api_key.pem + FINGERPRINT=$(cat /secrets/oci/fingerprint) # Create OCI configuration - mkdir -p /root/.oci cat < /root/.oci/config [DEFAULT] tenancy=${TENANCY_OCID} @@ -53,16 +50,20 @@ spec: # Run the provided OCI CLI command echo "Executing OCI CLI command: $COMMAND" eval $COMMAND - env: - - name: TENANCY_OCID - value: "$(params.tenancy_ocid)" - - name: USER_OCID - value: "$(params.user_ocid)" - - name: FINGERPRINT - value: "$(params.fingerprint)" - - name: PRIVATE_KEY - value: "$(params.private_key)" - - name: REGION - value: "$(params.region)" - - name: COMMAND - value: "$(params.command)" + env: + - name: TENANCY_OCID + value: "$(params.tenancy_ocid)" + - name: USER_OCID + value: "$(params.user_ocid)" + - name: REGION + value: "$(params.region)" + - name: COMMAND + value: "$(params.command)" + volumeMounts: + - name: oci-cli-secret + mountPath: /secrets/oci + readOnly: true + volumes: + - name: oci-cli-secret + secret: + secretName: oci-cli-secret diff --git a/task/oci-cli/0.1/samples/secret.yaml b/task/oci-cli/0.1/samples/secret.yaml new file mode 100644 index 0000000000..d911daa6c4 --- /dev/null +++ b/task/oci-cli/0.1/samples/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: oci-cli-secret +type: Opaque +data: + fingerprint: + oci_api_key.pem: