57ebef41f9
Changes include:
- moves the build-push-gke-deploy task to the task directory
- moves and modifies readme file from gke-deploy
to build-push-gke-deploy
- moves examples directory from gke-deploy
Issue : #386
Signed-off-by: Shiv Verma <shverma@redhat.com>
|
||
|---|---|---|
| .. | ||
| example | ||
| build-push-gke-deploy.yaml | ||
| README.md | ||
build-push-gke-deploy Pipeline
This Pipeline builds, pushes, and deploys your application to a Google Kubernetes Engine cluster using gke-deploy.
Install the Pipeline
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/build-push-gke-deploy/0.1/build-push-gke-deploy.yaml
Workspaces
- source: The Git repository that contains your application's Dockerfile and Kubernetes configs.
Parameters
-
pathToContext: The path to the build context relative to your source repo's root. This is used by Kaniko.
default:
. -
pathToDockerFile: The path to the dockerfile to build, relative to the context.
default:
Dockerfile -
pathToYamlConfigs: The path to the Kubernetes configs to deploy, relative to your source repo's root.
-
imageUrl: URL of image repository.
-
imageTag: Tag to apply to the built image.
-
clusterName: Name of target GKE cluster to deploy to.
-
clusterLocation: Zone/region of target GKE cluster to deploy to.
-
clusterProject: Project of target GKE cluster to deploy to.
default:
""If no value is provided, the target cluster is assumed to be in the same project as the cluster running this Pipeline.
Usage
Authorizing the Pipeline
See Authorizing gcloud
commands for authorizing the
build-push-gke-deploy Pipeline using a Google IAM Service Account (the instructions will
describe authorizing gcloud, but the steps are the same).
In order for the build-push-gke-deploy Pipeline to push an image to your project, add the roles/storage.admin role to the Google service account that the Pipeline runs as. This will allow the Pipeline to push an image to your project, as defined here.
gcloud iam service-accounts [IMAGE_REGISTRY_PROJECT] add-iam-policy-binding \
--role roles/storage.admin \
--member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"
In order for the build-push-gke-deploy Pipeline to deploy to a GKE cluster in your project,
the service account that the Task runs as must have the
roles/container.developer role.
gcloud iam service-accounts [DEPLOY_CLUSTER_PROJECT] add-iam-policy-binding \
--role roles/container.developer \
--member "serviceAccount:[SERVICE_ACCOUNT_EMAIL]"
Running the Pipeline
You can invoke build-push-gke-deploy to build, push, and deploy your application in a Git repository to a GKE cluster by providing a PipelineRun:
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: build-push-gke-deploy-run
spec:
pipelineRef:
name: build-push-gke-deploy
serviceAccountName: workload-identity-sa # <-- a SA configured with Workload Identity
workspaces:
- name: source
persistentVolumeClaim:
claimName: my-source
params:
- name: pathToContext
value: [PATH_TO_CONTEXT]
- name: pathToKubernetesConfigs
value: [PATH_TO_KUBERNETES_CONFIGS]
- name: [IMAGE_URL]
value: gcr.io/cbd-test/test-app
- name: imageTag
value: [IMAGE_TAG]
- name: clusterName
value: [CLUSTER_NAME]
- name: clusterLocation
value: [CLUSTER_LOCATION]
- name: clusterProject
value: [CLUSTER_PROJECT]
See here for more on how to use the Git Resource.
See here to learn how to access private Git repositories in Tekton.
See here for a full example of using this Pipeline.