1
0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-21 05:55:35 +00:00
catalog/gke-deploy
ishani2412 c89d3965b7 Improve Readme.md
PR to improve the Readme.md migrating the install task URL from
master to v1beta1

Signed-off-by: ishani2412 <ishani.1613039@kiet.edu>
2020-06-02 09:03:51 +01:00
..
example Port gke-deploy to v1beta1 🦇 2020-03-06 07:49:46 -06:00
build-push-gke-deploy.yaml gke-deploy: use workspace instead of GitResource 🐐 2020-03-11 07:43:48 -05:00
gke-deploy.yaml gke-deploy: use workspace instead of GitResource 🐐 2020-03-11 07:43:48 -05:00
README.md Improve Readme.md 2020-06-02 09:03:51 +01:00

gke-deploy Task

This Task deploys an application to a Google Kubernetes Engine cluster using gke-deploy.

Install the Task

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/gke-deploy/gke-deploy.yaml

Parameters

  • ARGS: The arguments to pass to gke-deploy CLI.

    default: ["--help"]

    See here for the arguments to gke-deploy.

Workspaces

  • source: The Git source repository that contains your application's Kubernetes configs.

Usage

Authorizing gke-deploy commands

See Authorizing gcloud commands for authorizing the gke-deploy Task using a Google IAM Service Account (the instructions describe authorizing gcloud, but the steps are the same).

In order for the gke-deploy Task to deploy to a GKE cluster in your project, the service account that the Task runs as must have the roles/container.developer role, which can be achieved with the command below:

gcloud iam service-accounts [CLUSTER_PROJECT] add-iam-policy-binding \
  --role roles/container.developer\
  --member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"

Running the Task

You can invoke gke-deploy to deploy manifests in a Git repository by providing a TaskRun:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: gke-deploy-repo
spec:
  serviceAccountName: workload-identity-sa  # <-- a SA configured with Workload Identity
  taskRef:
    name: gke-deploy
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source
  params:
  - name: ARGS
    value:
    - run
    - --filename="$(inputs.resources.source-repo.path)/[PATH_TO_KUBERNETES_CONFIGS]"
    - --cluster=[CLUSTER_NAME]
    - --location=[CLUSTER_LOCATION]
    - --project=[CLUSTER_PROJECT]

See here for more on how to use the Git Resource.

See here to learn how to access private Git repositories using Tekton.

build-push-gke-deploy Pipeline

This Pipeline builds, pushes, and deploys your application to a Google Kubernetes Engine cluster using gke-deploy.

Install the Pipeline

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/gke-deploy/build-push-gke-deploy.yaml

Workspaces

  • source: The Git repository that contains your application's Dockerfile and Kubernetes configs.

Parameters

  • pathToContext: The path to the build context relative to your source repo's root. This is used by Kaniko.

    default: .

  • pathToDockerFile: The path to the dockerfile to build, relative to the context.

    default: Dockerfile

  • pathToYamlConfigs: The path to the Kubernetes configs to deploy, relative to your source repo's root.

  • imageUrl: URL of image repository.

  • imageTag: Tag to apply to the built image.

  • clusterName: Name of target GKE cluster to deploy to.

  • clusterLocation: Zone/region of target GKE cluster to deploy to.

  • clusterProject: Project of target GKE cluster to deploy to.

    default: ""

    If no value is provided, the target cluster is assumed to be in the same project as the cluster running this Pipeline.

Usage

Authorizing the Pipeline

See Authorizing gcloud commands for authorizing the build-push-gke-deploy Pipeline using a Google IAM Service Account (the instructions will describe authorizing gcloud, but the steps are the same).

In order for the build-push-gke-deploy Pipeline to push an image to your project, add the roles/storage.admin role to the Google service account that the Pipeline runs as. This will allow the Pipeline to push an image to your project, as defined here.

gcloud iam service-accounts [IMAGE_REGISTRY_PROJECT] add-iam-policy-binding \
  --role roles/storage.admin \
  --member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"

In order for the build-push-gke-deploy Pipeline to deploy to a GKE cluster in your project, the service account that the Task runs as must have the roles/container.developer role.

gcloud iam service-accounts [DEPLOY_CLUSTER_PROJECT] add-iam-policy-binding \
  --role roles/container.developer \
  --member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"

Running the Pipeline

You can invoke build-push-gke-deploy to build, push, and deploy your application in a Git repository to a GKE cluster by providing a PipelineRun:

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: build-push-gke-deploy-run
spec:
  pipelineRef:
    name: build-push-gke-deploy
  serviceAccountName: workload-identity-sa  # <-- a SA configured with Workload Identity
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source
  params:
  - name: pathToContext
    value: [PATH_TO_CONTEXT]
  - name: pathToKubernetesConfigs
    value: [PATH_TO_KUBERNETES_CONFIGS]
  - name: [IMAGE_URL]
    value: gcr.io/cbd-test/test-app
  - name: imageTag
    value: [IMAGE_TAG]
  - name: clusterName
    value: [CLUSTER_NAME]
  - name: clusterLocation
    value: [CLUSTER_LOCATION]
  - name: clusterProject
    value: [CLUSTER_PROJECT]

See here for more on how to use the Git Resource.

See here to learn how to access private Git repositories in Tekton.

See here for a full example of using this Pipeline.