airship/charts
Code Issues Proposed changes

WIP Build Standard Container for each CNF

Browse Source 
Change-Id: I31e7d7daa02bdddff527e772a9d8bee25cc71648
This commit is contained in:
Bartra, Rick (rb560u)
2021-04-14 15:41:33 -04:00
committed by Rick Bartra
parent ebd98ad600
commit 944cde2487
16 changed files with 219 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/gate/jarvis/650-temporary-setup.sh
View File

@@ -6,3 +6,5 @@ kubectl create ns development-pipeline || true
cd ./tools/gate/jarvis/standard-container
sudo docker build -t standard-container:1.0 .
sudo docker tag standard-container:1.0 harbor-core.jarvis.local/library/standard-container:1.0
sudo -E docker push harbor-core.jarvis.local/library/standard-container:1.0

17
tools/gate/jarvis/development-pipeline/templates/pipeline.yaml
View File

@@ -10,7 +10,18 @@ spec:
- name: k8s_cluster_data
- name: development_pipeline_data
tasks:
- name: microflow-build-standard-container
taskRef:
name: build-standard-container
workspaces:
- name: k8s_cluster_data
workspace: k8s_cluster_data
- name: development_pipeline_data
workspace: development_pipeline_data
- name: microflow-setup-cluster-config
runAfter:
- microflow-build-standard-container
taskRef:
name: setup-cluster-config
workspaces:
@@ -20,6 +31,8 @@ spec:
workspace: development_pipeline_data
- name: microflow-setup-image-config
runAfter:
- microflow-build-standard-container
taskRef:
name: setup-image-config
workspaces:
@@ -29,6 +42,8 @@ spec:
workspace: development_pipeline_data
- name: microflow-setup-chart-config
runAfter:
- microflow-build-standard-container
taskRef:
name: setup-chart-config
workspaces:
@@ -38,6 +53,8 @@ spec:
workspace: development_pipeline_data
- name: microflow-setup-cleanup-config
runAfter:
- microflow-build-standard-container
taskRef:
name: setup-cleanup-config
workspaces:

117
tools/gate/jarvis/development-pipeline/templates/task-build-standard-container.yaml Normal file
View File

@@ -0,0 +1,117 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-standard-container
namespace: {{ $.Release.Namespace }}
spec:
description: >-
This task sets configurations that will be used as overrides to the Ansible tasks.
workspaces:
- name: k8s_cluster_data
- name: development_pipeline_data
steps:
- name: build-standard-container
image: {{ $.Values.tasks.image.buildImage }}
volumeMounts:
- mountPath: /certs/client
name: dind-certs
- mountPath: /usr/local/share/ca-certificates/harbor-ca.crt
name: harbor-ca
subPath: harbor-ca
- mountPath: /tekton/home/.docker/config.json
name: image-push-creds
subPath: .dockerconfigjson
env:
# Connect to the sidecar over TCP, with TLS.
- name: DOCKER_HOST
value: tcp://localhost:2376
# Verify TLS.
- name: DOCKER_TLS_VERIFY
value: '1'
# Use the certs generated by the sidecar daemon.
- name: DOCKER_CERT_PATH
value: /certs/client
- name: "JARVIS_TASKRUN_NAMESPACE"
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: "JARVIS_TASKRUN_NAME"
valueFrom:
fieldRef:
fieldPath: metadata.labels['tekton.dev/taskRun']
script: |
/jarvis/build_standard_container.sh
sidecars:
- image: {{ $.Values.tasks.image.sidecarServer }}
name: server
script: |
# Alpine's update-ca-certificates does not support directories, so copy files
# Copy files instead of mounting to prevent overriding built-in certificates
if ls /internal-certs/*.crt ; then
cp /internal-certs/*.crt /usr/local/share/ca-certificates/
fi
update-ca-certificates
/usr/local/bin/dockerd-entrypoint.sh \
--storage-driver=overlay2 \
--userland-proxy=false \
--debug \
--insecure-registry={{ $.Values.tasks.image.insecureRegistry }}
##TODO: Get rid of privileged true
securityContext:
privileged: true
env:
# Write generated certs to the path shared with the client.
- name: DOCKER_TLS_CERTDIR
value: /certs
- name: http_proxy
value: {{ $.Values.proxy.http_proxy }}
- name: https_proxy
value: {{ $.Values.proxy.https_proxy }}
- name: no_proxy
value: {{ $.Values.proxy.no_proxy }}
- name: HTTP_PROXY
value: {{ $.Values.proxy.http_proxy }}
- name: HTTPS_PROXY
value: {{ $.Values.proxy.https_proxy }}
- name: NO_PROXY
value: {{ $.Values.proxy.no_proxy }}
volumeMounts:
- mountPath: /certs/client
name: dind-certs
- mountPath: /var/lib/docker
name: var-lib-docker
- mountPath: /usr/local/share/ca-certificates/harbor-ca.crt
name: harbor-ca
subPath: harbor-ca
{{ if .Values.proxy.internal_certs_dir }}
- mountPath: /internal-certs
name: internal-certs
{{ end }}
# Wait for the dind daemon to generate the certs it will share with the
# client.
readinessProbe:
periodSeconds: 1
exec:
command: ['ls', '/certs/client/ca.pem']
volumes:
- name: dind-certs
emptyDir: {}
- name: var-lib-docker
emptyDir: {}
- name: image-push-creds
secret:
secretName: harbor-docker-auth
- name: helm-publish-creds
secret:
secretName: harbor-basic-auth
- name: harbor-ca
secret:
secretName: harbor-ca
{{ if .Values.proxy.internal_certs_dir }}
- name: internal-certs
hostPath:
path: {{ .Values.proxy.internal_certs_dir }}
type: Directory
{{ end }}

24
tools/gate/jarvis/development-pipeline/templates/task-chart.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: clone
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: /usr/local/share/ca-certificates/harbor-ca.crt
name: harbor-ca
@@ -19,28 +20,33 @@ spec:
script: |
/jarvis/git_clone_chart_repo.sh
- name: set-chart-output
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/chart.json"
- name: lint-chart
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/lint_dryrun_chart.sh
- name: set-chart-output-after-lint-dryrun
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/chart.json"
- name: package-chart
# Mount all secrets we want to use for external repos to fetch charts
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/package_chart.sh
- name: set-chart-output-after-packaging
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/chart.json"
@@ -57,13 +63,15 @@ spec:
# Helm won't find any plugins installed during image build time
- name: HELM_DATA_HOME
value: /root/.local/share/helm
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
ls -ltr
/jarvis/publish_chart.sh
- name: set-chart-output-after-publish
image: {{ $.Values.tasks.chart.buildChartImage }}
image: {{ $.Values.tasks.chart.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/chart.json"

3
tools/gate/jarvis/development-pipeline/templates/task-cleanup.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: cleanup
image: {{ $.Values.tasks.cleanup.cleanupImage }}
image: {{ $.Values.tasks.cleanup.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: $(workspaces.development_pipeline_data.path)/config
name: kubeconfig

5
tools/gate/jarvis/development-pipeline/templates/task-deployment-manifests.yaml
View File

@@ -11,6 +11,7 @@ spec:
- name: development_pipeline_data
steps:
- name: example-validation-step
image: {{ $.Values.tasks.deploymentManifests.deploymentManifestsImage }}
image: {{ $.Values.tasks.deploymentManifests.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/deployment_manifests.sh
/jarvis/deployment_manifests.sh

8
tools/gate/jarvis/development-pipeline/templates/task-functional.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: deploy-helm-charts
image: {{ $.Values.tasks.functional.functionalDeployImage }}
image: {{ $.Values.tasks.functional.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: /usr/local/share/ca-certificates/harbor-ca.crt
name: harbor-ca
@@ -23,7 +24,8 @@ spec:
script: |
/jarvis/functional_deploy.sh
- name: run-helm-tests
image: {{ $.Values.tasks.functional.functionalTestImage }}
image: {{ $.Values.tasks.functional.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/functional_test.sh
volumeMounts:
@@ -38,4 +40,4 @@ spec:
secretName: harbor-ca
- name: kubeconfig
secret:
secretName: kubeconfig-secret
secretName: kubeconfig-secret

21
tools/gate/jarvis/development-pipeline/templates/task-image.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: clone
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: /certs/client
name: dind-certs
@@ -22,13 +23,15 @@ spec:
/jarvis/git_clone_image_repo.sh
- name: set-image-output
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/image.json"
- name: docker-build
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: /certs/client
name: dind-certs
@@ -48,13 +51,15 @@ spec:
/jarvis/build_docker_image.sh
- name: set-image-build-output-after-build
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/image.json"
- name: publish-and-scan-image
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: /certs/client
name: dind-certs
@@ -75,13 +80,15 @@ spec:
/jarvis/push_docker_image.sh
- name: set-image-output-after-publish-scan
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
#!/usr/bin/env sh
cat "$(workspaces.development_pipeline_data.path)/image.json"
- name: get-scan-results
image: {{ $.Values.tasks.image.buildImage }}
image: {{ $.Values.tasks.image.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
volumeMounts:
- mountPath: /certs/client
name: dind-certs

3
tools/gate/jarvis/development-pipeline/templates/task-k8s-cluster.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: get-kubeconfig
image: {{ $.Values.tasks.kubernetes.createClusterImage }}
image: {{ $.Values.tasks.kubernetes.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/get_kubeconfig.sh
volumeMounts:

3
tools/gate/jarvis/development-pipeline/templates/task-promote.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: promote-artifacts
image: {{ $.Values.tasks.promote.promoteImage }}
image: {{ $.Values.tasks.promote.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
env:
# Connect to the sidecar over TCP, with TLS.
- name: DOCKER_HOST

12
tools/gate/jarvis/development-pipeline/templates/task-setup-config.yaml
View File

@@ -11,7 +11,8 @@ spec:
- name: development_pipeline_data
steps:
- name: setup-cluster-config
image: {{ $.Values.tasks.setup.setupConfigImage }}
image: {{ $.Values.tasks.setup.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
ls -ltr /opt/
/jarvis/setup_cluster_config.sh
@@ -29,7 +30,8 @@ spec:
- name: development_pipeline_data
steps:
- name: setup-image-config
image: {{ $.Values.tasks.setup.setupConfigImage }}
image: {{ $.Values.tasks.setup.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/setup_image_config.sh $(context.taskRun.uid)
---
@@ -46,7 +48,8 @@ spec:
- name: development_pipeline_data
steps:
- name: setup-chart-config
image: {{ $.Values.tasks.setup.setupConfigImage }}
image: {{ $.Values.tasks.setup.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/setup_chart_config.sh $(context.taskRun.uid)
---
@@ -63,6 +66,7 @@ spec:
- name: development_pipeline_data
steps:
- name: setup-cleanup-config
image: {{ $.Values.tasks.setup.setupConfigImage }}
image: {{ $.Values.tasks.setup.changeSetImage }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
script: |
/jarvis/setup_cleanup_config.sh $(context.taskRun.uid)

20
tools/gate/jarvis/development-pipeline/values.yaml
View File

@@ -1,4 +1,5 @@
# Default values file for development-pipeline
---
pvc:
storageClass: standard
size: 1Gi
@@ -12,20 +13,35 @@ proxy:
tasks:
kubernetes:
createClusterImage: &base_image standard-container:1.0
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
setup:
setupConfigImage: *base_image
setupConfigImage: null
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
image:
buildImage: *base_image
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
insecureRegistry: harbor-core.jarvis.local
sidecarServer: docker:19-dind
chart:
buildChartImage: *base_image
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
deploymentManifests:
deploymentManifestsImage: *base_image
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
promote:
promoteImage: *base_image
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
functional:
functionalDeployImage: *base_image
functionalTestImage: *base_image
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
cleanup:
cleanupImage: *base_image
changeSetImage: harbor-core.jarvis.local/pcf-staging/standard-container:1.1
standard-container:
name: standard-container
tag: 1.1
image:
pullPolicy: Always
over_rides: {}

2
tools/gate/jarvis/standard-container/Dockerfile
View File

@@ -49,7 +49,7 @@ RUN apt-get update ;\
rm -rf /var/lib/apt/lists/*
COPY assets /opt/assets/
RUN cp -ravf /opt/assets/* / ;\
RUN cp -ravf /opt/assets/* / ;\
rm -rf /opt/assets
ENTRYPOINT /git_clone.sh

2
tools/gate/jarvis/standard-container/assets/jarvis/build_docker_image.sh
View File

@@ -5,4 +5,4 @@ set -ex
ansible-playbook -vvv /playbooks/images-microflow.yaml -i hosts \
-e '{"stage":"build"}' \
-e @"/workspace/development_pipeline_data/default.json" \
-e 'loop_source="/workspace/development_pipeline_data/image.json"'
-e 'loop_source="/workspace/development_pipeline_data/image.json"'

10
tools/gate/jarvis/standard-container/assets/jarvis/build_standard_container.sh Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
set -ex
docker images
cp /workspace/k8s_cluster_data/* /workspace/development_pipeline_data/
/jarvis/git_clone_image_repo.sh
REPO=$(cat /workspace/k8s_cluster_data/chart.json | jq -r .[0].repo)
docker build -t harbor-core.jarvis.local/${REPO}-staging/standard-container:1.1 /src/checkout/${REPO}/jarvis/standard-container
docker images
docker push harbor-core.jarvis.local/${REPO}-staging/standard-container:1.1

3
tools/gate/jarvis/standard-container/assets/jarvis/git_clone_image_repo.sh
View File

@@ -1,10 +1,9 @@
#!/bin/bash
set -ex
update-ca-certificates
ansible-playbook -vvv /playbooks/git-microflow.yaml -i hosts \
-e '{"stage":"clone"}' \
-e @"/workspace/development_pipeline_data/default.json" \
-e 'loop_source="/workspace/development_pipeline_data/image.json"'
-e 'loop_source="/workspace/development_pipeline_data/image.json"'