I assume you have completed the Tekton Tutorial at https://dn.dev/tekton-tutorial and that you have installed OpenShift Pipelines and OpenShift Serverless correctly into an OpenShift 4.5
-
create a project
-
create PVC to hold the sources/artifacts
-
git clone
-
maven
-
buildah
-
kn
kubectl apply -f pvc-workspace.yaml
OR
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: a-place-to-hold-stuff
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
EOF
kubectl get pvc
it will say Pending until the actual git clone is executed
kubectl create -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.1/git-clone.yaml
tkn task ls NAME DESCRIPTION AGE git-clone These Tasks are Git... 17 seconds ago
cat <<EOF | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: git-clone-
labels:
tekton.dev/task: git-clone
spec:
taskRef:
kind: Task
name: git-clone
params:
- name: url
value: https://github.com/burrsutter/tekton-spring-boot
- name: revision
value: master
- name: deleteExisting
value: 'true'
workspaces:
- name: output
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
(OR)
tkn task start git-clone \
--param=url=https://github.com/burrsutter/tekton-spring-boot \
--param=revision=master \
--workspace=name=output,claimName=a-place-to-hold-stuff \
--showlogtkn tr ls NAME STARTED DURATION STATUS git-clone-d9jgl 4 seconds ago --- Running(Pending)
Wait for Status succeeded
tkn tr ls NAME STARTED DURATION STATUS git-clone-d9jgl 46 seconds ago 34 seconds Succeeded
tkn tr logs git-clone-d9jgl
[clone] + CHECKOUT_DIR=/workspace/output/
[clone] + '[[' true '==' true ]]
[clone] + cleandir
[clone] + '[[' -d /workspace/output/ ]]
[clone] + rm -rf '/workspace/output//*'
[clone] + rm -rf /workspace/output//.git
[clone] + rm -rf '/workspace/output//..?*'
[clone] + test -z
[clone] + test -z
[clone] + test -z
[clone] + /ko-app/git-init -url https://github.com/burrsutter/tekton-spring-boot -revision master -refspec -path /workspace/output/ '-sslVerify=true' '-submodules=true' -depth 1
[clone] {"level":"info","ts":1596485993.8097796,"caller":"git/git.go:139","msg":"Successfully cloned https://github.com/burrsutter/tekton-spring-boot @ c5a704d4145ad9cf0e15fb6514df27da1fe14470 (grafted, HEAD, origin/master) in path /workspace/output/"}
[clone] {"level":"info","ts":1596485993.8418102,"caller":"git/git.go:180","msg":"Successfully initialized and updated submodules in path /workspace/output/"}
[clone] + cd /workspace/output/
[clone] + git rev-parse HEAD
[clone] + tr -d '\n'
[clone] + RESULT_SHA=c5a704d4145ad9cf0e15fb6514df27da1fe14470
[clone] + EXIT_CODE=0
[clone] + '[' 0 '!=' 0 ]
[clone] + echo -n c5a704d4145ad9cf0e15fb6514df27da1fe14470
Tip: if the tr listing grows to long and you wish to have a clean slate
kubectl delete tr --all
And if your list of Completed pods grows long
kubectl delete pods --field-selector=status.phase=Succeeded kubectl delete pods --field-selector=status.phase=Failed
Tip: a trick to always getting the last TR logs
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
kubectl create -f task-list-directory.yaml
tkn task ls NAME DESCRIPTION AGE git-clone These Tasks are Git... 1 minute ago list-directory Simple directory li... 3 seconds ago
cat <<EOF | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: list-directory-
labels:
tekton.dev/task: list-directory
spec:
taskRef:
name: list-directory
workspaces:
- name: directory
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
tkn tr ls NAME STARTED DURATION STATUS list-directory-7wxjd 2 seconds ago --- Running(Pending) git-clone-d9jgl 1 minute ago 34 seconds Succeeded
tkn tr logs list-directory-7wxjd [list-directory] total 36 [list-directory] drwxrwsr-x 4 10006200 10006200 4096 Aug 3 15:57 src [list-directory] -rw-rw-r-- 1 10006200 10006200 461 Aug 3 15:57 readme.adoc [list-directory] -rw-rw-r-- 1 10006200 10006200 1846 Aug 3 15:57 pom.xml [list-directory] -rw-rw-r-- 1 10006200 10006200 6608 Aug 3 15:57 mvnw.cmd [list-directory] -rwxrwxr-x 1 10006200 10006200 10070 Aug 3 15:57 mvnw [list-directory] -rw-rw-r-- 1 10006200 10006200 111 Aug 3 15:57 Dockerfile
OR
tkn task start list-directory \ --showlog \ --workspace name=directory,claimName=a-place-to-hold-stuff
Deploy a Nexus Service to cache Maven artifacts
kubectl apply -f https://raw.githubusercontent.com/redhat-developer-demos/tekton-tutorial/master/install/utils/nexus.yaml
kubectl create cm maven-settings \ --from-file=settings.xml=maven-settings.xml
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/maven/0.1/maven.yaml
tkn task ls NAME DESCRIPTION AGE git-clone These Tasks are Git... 4 minutes ago list-directory Simple directory li... 2 minutes ago maven This Task can be us... 4 seconds ago
tkn task describe maven
cat <<EOF | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: maven-build-
labels:
tekton.dev/task: maven
spec:
taskRef:
name: maven
params:
- name: GOALS
value:
- -B
- -DskipTests
- clean
- package
workspaces:
- name: maven-settings
configmap:
name: maven-settings
- name: source
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
OR
tkn task start maven \
--param=GOALS="-B,-DskipTests,clean,package" \
--workspace=name=source,claimName=a-place-to-hold-stuff \
--workspace=name=maven-settings,config=maven-settings \
--showlog-
Its config not configmap
Monitor logs of the Maven TaskRun
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
Look for BUILD SUCCESS at the end
[mvn-goals] [INFO] Replacing main artifact with repackaged archive [mvn-goals] [INFO] ------------------------------------------------------------------------ [mvn-goals] [INFO] BUILD SUCCESS [mvn-goals] [INFO] ------------------------------------------------------------------------ [mvn-goals] [INFO] Total time: 01:07 min [mvn-goals] [INFO] Finished at: 2020-08-02T17:30:09Z [mvn-goals] [INFO] ------------------------------------------------------------------------
Looking for the fat jar with a TaskRun
cat <<EOF | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: list-directory-
labels:
tekton.dev/task: list-directory
spec:
taskRef:
name: list-directory
params:
- name: sub-dirs
value:
- target
workspaces:
- name: directory
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
and follow the logs
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
expected output of the target directory listing
[list-directory] total 16164 [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 maven-status [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 generated-sources [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 test-classes [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 generated-test-sources [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 classes [list-directory] -rw-rw-r-- 1 10006200 10006200 4353 Aug 3 20:23 tekton-spring-boot-0.0.1-SNAPSHOT.jar.original [list-directory] drwxrwsr-x 2 10006200 10006200 4096 Aug 3 20:23 maven-archiver [list-directory] -rw-rw-r-- 1 10006200 10006200 16515300 Aug 3 20:23 tekton-spring-boot-0.0.1-SNAPSHOT.jar
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildah/0.1/buildah.yaml
tkn task ls NAME DESCRIPTION AGE buildah Buildah task builds... 4 seconds ago git-clone These Tasks are Git... 1 hour ago list-directory Simple directory li... 17 minutes ago maven This Task can be us... 1 hour ago
tkn task describe buildah
cat <<EOF | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: buildah-build-
labels:
tekton.dev/task: buildah-build
spec:
taskRef:
name: buildah
params:
- name: IMAGE
value: 'image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot'
- name: TLSVERIFY
value: 'false'
workspaces:
- name: source
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
Expected output
[push] Getting image source signatures [push] Copying blob sha256:90c2e42f948b524cf98005073e0b0aa2065160abf9e8b314976c064e270d92ac [push] Copying blob sha256:73ac5884e9391c51862edc7b13349576653cfefb8e1cc388992b407a9bbd9cb4 [push] Copying blob sha256:f9ddbcc4e7954a705b700c35c5e5beceabd86af121a6e561d86437a8512a6be6 [push] Copying blob sha256:7b08010864ba4c7ce9dfe1b90244b459b77c0387051659d37454783d10ab1113 [push] Copying config sha256:d139ef8f9299767cec7a21bc02be30155291fc4f0a9f87caf954b2b5b4bc66ef [push] Writing manifest to image destination [push] Copying config sha256:d139ef8f9299767cec7a21bc02be30155291fc4f0a9f87caf954b2b5b4bc66ef [push] Writing manifest to image destination [push] Storing signatures [digest-to-results] + cat /workspace/source/image-digest [digest-to-results] + tee /tekton/results/IMAGE_DIGEST [digest-to-results] sha256:ae34e15d257738c2b862efcbfe667dac20c2649cecaeb964c18778ae1e90221e
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/kn/0.1/kn.yaml
tkn task ls NAME DESCRIPTION AGE buildah Buildah task builds... 10 minutes ago git-clone These Tasks are Git... 29 minutes ago kn This Task performs ... 4 seconds ago list-directory Simple directory li... 16 minutes ago maven This Task can be us... 13 minutes ago
kn needs a ServiceAccount
Note: "apipes" is the namespace created with oc new-project
curl -sSL \ https://raw.githubusercontent.com/tektoncd/catalog/master/task/kn/0.1/kn-deployer.yaml \ | yq w - -d0 metadata.namespace apipes \ | yq w - -d2 subjects.[0].namespace apipes \ | kubectl apply -f -
Expected Results:
kubectl describe sa kn-deployer-account
Name: kn-deployer-account
Namespace: apipes
Labels: <none>
Annotations: Image pull secrets: kn-deployer-account-dockercfg-dt9xz
Mountable secrets: kn-deployer-account-token-hqdsn
kn-deployer-account-dockercfg-dt9xz
Tokens: kn-deployer-account-token-hqdsn
kn-deployer-account-token-vdsfk
Events: <none>
kubectl describe clusterrole kn-deployer Name: kn-deployer Labels: <none> Annotations: PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- revisions.serving.knative.dev [] [] [get list create update delete patch watch] routes.serving.knative.dev [] [] [get list create update delete patch watch] services.serving.knative.dev [] [] [get list create update delete patch watch]
kubectl describe clusterrolebinding kn-deployer-binding Name: kn-deployer-binding Labels: <none> Annotations: Role: Kind: ClusterRole Name: kn-deployer Subjects: Kind Name Namespace ---- ---- --------- ServiceAccount kn-deployer-account apipes
cat <<EOF | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: kn-deployer-
labels:
tekton.dev/task: kn-deployer
spec:
serviceAccountName: kn-deployer-account
taskRef:
name: kn
params:
- name: ARGS
value:
- 'service'
- 'create'
- 'myservice'
- '--force'
- '--image=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot'
EOF
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
Expected output
[kn] Creating service 'myservice' in namespace 'apipes': [kn] [kn] 0.236s The Route is still working to reflect the latest desired specification. [kn] 0.454s Configuration "myservice" is waiting for a Revision to become ready. [kn] 6.935s ... [kn] 7.044s Ingress has not yet been reconciled. [kn] 7.238s Ready to serve. [kn] [kn] Service 'myservice' created to latest revision 'myservice-yhlts-1' is available at URL: [kn] http://myservice-apipes.apps.dublin.burr-on-aws.com
Curl that endpoint
curl http://myservice-apipes.apps.dublin.burr-on-aws.com Hej from Spring Boot! 0 on myservice-yhlts-1-deployment-7dd4547f7c-qgkwv
Now that all the Tasks and TaskRuns are successful, time to wrap everything into a Pipeline
cat <<'EOF' | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: pipeline-git-mvn-buildah-kn
spec:
description: >-
The Pipline to build and deploy the Java App as Knative Service.
params:
- name: image-name
description: The fully qualified image name
default: 'image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot'
- name: kn-service-name
description: The Knative Service name
default: myservice
- name: github-repo-url
description: The GitHub Repo of the Java Application
default: https://github.com/burrsutter/tekton-spring-boot
- name: github-repo-revision
description: The GitHub revision to use
default: master
workspaces:
- name: source
- name: maven-settings
tasks:
- name: git-clone
taskRef:
name: git-clone
params:
- name: url
value: $(params.github-repo-url)
- name: revision
value: $(params.github-repo-revision)
- name: deleteExisting
value: 'true'
workspaces:
- name: output
workspace: source
- name: mvn-test
taskRef:
name: maven
runAfter:
- git-clone
params:
- name: GOALS
value: ['-B', 'clean', 'test']
workspaces:
- name: maven-settings
workspace: maven-settings
- name: source
workspace: source
- name: mvn-package
taskRef:
name: maven
runAfter:
- mvn-test
params:
- name: GOALS
value: ['-B', '-DskipTests', 'clean', 'package']
workspaces:
- name: maven-settings
workspace: maven-settings
- name: source
workspace: source
- name: buildah-image
taskRef:
name: buildah
runAfter:
- mvn-package
params:
- name: IMAGE
value: '$(params.image-name)'
- name: TLSVERIFY
value: 'false'
workspaces:
- name: source
workspace: source
- name: deploy-kn-service
taskRef:
name: kn
runAfter:
- buildah-image
params:
- name: ARGS
value:
- 'service'
- 'create'
- '$(params.kn-service-name)'
- '--force'
- '--image=$(params.image-name)@$(tasks.buildah-image.results.IMAGE_DIGEST)'
EOF
Note: For OpenShift, a couple of more tweaks to security settings to allow for the publish to the internal registry
oc adm policy add-cluster-role-to-user kn-deployer -z pipeline -n apipes oc adm policy who-can get services.serving.knative.dev
cat <<'EOF' | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: pipeline-run-git-mvn-buildah-kn-
labels:
tekton.dev/pipeline: pipeline-git-mvn-buildah-kn
spec:
serviceAccountName: pipeline
pipelineRef:
name: pipeline-git-mvn-buildah-kn
workspaces:
- name: maven-settings
configmap:
name: maven-settings
- name: source
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
tkn pr logs -f -a $(tkn pr ls | awk 'NR==2{print $1}')
Note: this is not working as it needs
mvn compile jib:build -Dimage=quay.io/burrsutter/tekton-git-jib-kn:v1For insecure registry the jib command is:
mvn compile -DskipTests,clean,compile,jib:build,-Djib.allowInsecureRegistries=true,-Dimage=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-bootcat <<'EOF' | kubectl create -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: maven-jib-
labels:
tekton.dev/task: maven
spec:
taskRef:
name: maven
params:
- name: GOALS
value:
- -B
- -DskipTests
- clean
- compile
- jib:build
- -Djib.allowInsecureRegistries=true
- -Dimage=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot
workspaces:
- name: maven-settings
configmap:
name: maven-settings
- name: source
persistentVolumeClaim:
claimName: a-place-to-hold-stuff
EOF
-
this is required if Jib wants to push to local registry
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
(OR)
tkn task start maven \
--param=GOALS='-DskipTests,clean,compile,jib:build,-Djib.allowInsecureRegistries=true,-Dimage=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot' \
--workspace=name=maven-settings,config=maven-settings \
--workspace=name=source,claimName=a-place-to-hold-stuff \
--showlogThis is an attempt to make the combination of Java + Knative Service offer a new pipeline. On the Import from Git (Developer Console) you can see this new pipeline option
kubectl create -f pipeline-git-mvn-buildah-kn-clustertasks.yaml -n openshift kubectl -n openshift label pipeline pipeline-git-mvn-buildah-kn pipeline.openshift.io/runtime=java kubectl -n openshift label pipeline pipeline-git-mvn-buildah-kn pipeline.openshift.io/type=knative
kubectl get pipelines pipeline-git-mvn-buildah-kn -n openshift --show-labels NAME AGE LABELS pipeline-git-mvn-buildah-kn 3m31s pipeline.openshift.io/runtime=java,pipeline.openshift.io/type=knative
Setup the project with the correct "workspaces"
oc new-project bpipes kubectl apply -f pvc-workspace.yaml kubectl create cm maven-settings \ --from-file=settings.xml=maven-settings.xml
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent