c89d3965b7
PR to improve the Readme.md migrating the install task URL from master to v1beta1 Signed-off-by: ishani2412 <ishani.1613039@kiet.edu> |
||
---|---|---|
.. | ||
example | ||
build-push-gke-deploy.yaml | ||
gke-deploy.yaml | ||
README.md |
gke-deploy
Task
This Task deploys an application to a Google Kubernetes Engine cluster using gke-deploy
.
Install the Task
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/gke-deploy/gke-deploy.yaml
Parameters
-
ARGS: The arguments to pass to
gke-deploy
CLI.default:
["--help"]
See here for the arguments to
gke-deploy
.
Workspaces
- source: The Git source repository that contains your application's Kubernetes configs.
Usage
Authorizing gke-deploy
commands
See Authorizing gcloud
commands for authorizing the
gke-deploy
Task using a Google IAM Service Account (the instructions describe
authorizing gcloud
, but the steps are the same).
In order for the gke-deploy
Task to deploy to a GKE cluster in your project,
the service account that the Task runs as must have the
roles/container.developer
role, which can be achieved with the command below:
gcloud iam service-accounts [CLUSTER_PROJECT] add-iam-policy-binding \
--role roles/container.developer\
--member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"
Running the Task
You can invoke gke-deploy
to deploy manifests in a Git repository by
providing a TaskRun:
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: gke-deploy-repo
spec:
serviceAccountName: workload-identity-sa # <-- a SA configured with Workload Identity
taskRef:
name: gke-deploy
workspaces:
- name: source
persistentVolumeClaim:
claimName: my-source
params:
- name: ARGS
value:
- run
- --filename="$(inputs.resources.source-repo.path)/[PATH_TO_KUBERNETES_CONFIGS]"
- --cluster=[CLUSTER_NAME]
- --location=[CLUSTER_LOCATION]
- --project=[CLUSTER_PROJECT]
See here for more on how to use the Git Resource.
See here to learn how to access private Git repositories using Tekton.
build-push-gke-deploy
Pipeline
This Pipeline builds, pushes, and deploys your application to a Google Kubernetes Engine cluster using gke-deploy
.
Install the Pipeline
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/gke-deploy/build-push-gke-deploy.yaml
Workspaces
- source: The Git repository that contains your application's Dockerfile and Kubernetes configs.
Parameters
-
pathToContext: The path to the build context relative to your source repo's root. This is used by Kaniko.
default:
.
-
pathToDockerFile: The path to the dockerfile to build, relative to the context.
default:
Dockerfile
-
pathToYamlConfigs: The path to the Kubernetes configs to deploy, relative to your source repo's root.
-
imageUrl: URL of image repository.
-
imageTag: Tag to apply to the built image.
-
clusterName: Name of target GKE cluster to deploy to.
-
clusterLocation: Zone/region of target GKE cluster to deploy to.
-
clusterProject: Project of target GKE cluster to deploy to.
default:
""
If no value is provided, the target cluster is assumed to be in the same project as the cluster running this Pipeline.
Usage
Authorizing the Pipeline
See Authorizing gcloud
commands for authorizing the
build-push-gke-deploy
Pipeline using a Google IAM Service Account (the instructions will
describe authorizing gcloud
, but the steps are the same).
In order for the build-push-gke-deploy
Pipeline to push an image to your project, add the roles/storage.admin
role to the Google service account that the Pipeline runs as. This will allow the Pipeline to push an image to your project, as defined here.
gcloud iam service-accounts [IMAGE_REGISTRY_PROJECT] add-iam-policy-binding \
--role roles/storage.admin \
--member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"
In order for the build-push-gke-deploy
Pipeline to deploy to a GKE cluster in your project,
the service account that the Task runs as must have the
roles/container.developer
role.
gcloud iam service-accounts [DEPLOY_CLUSTER_PROJECT] add-iam-policy-binding \
--role roles/container.developer \
--member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"
Running the Pipeline
You can invoke build-push-gke-deploy
to build, push, and deploy your application in a Git repository to a GKE cluster by providing a PipelineRun:
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: build-push-gke-deploy-run
spec:
pipelineRef:
name: build-push-gke-deploy
serviceAccountName: workload-identity-sa # <-- a SA configured with Workload Identity
workspaces:
- name: source
persistentVolumeClaim:
claimName: my-source
params:
- name: pathToContext
value: [PATH_TO_CONTEXT]
- name: pathToKubernetesConfigs
value: [PATH_TO_KUBERNETES_CONFIGS]
- name: [IMAGE_URL]
value: gcr.io/cbd-test/test-app
- name: imageTag
value: [IMAGE_TAG]
- name: clusterName
value: [CLUSTER_NAME]
- name: clusterLocation
value: [CLUSTER_LOCATION]
- name: clusterProject
value: [CLUSTER_PROJECT]
See here for more on how to use the Git Resource.
See here to learn how to access private Git repositories in Tekton.
See here for a full example of using this Pipeline.