I assume you have completed the Tekton Tutorial at https://dn.dev/tekton-tutorial and that you have installed OpenShift Pipelines and OpenShift Serverless correctly into an OpenShift 4.5
-
create a project
-
create PVC to hold the sources/artifacts
-
git clone
-
maven
-
buildah
-
kn
kubectl apply -f pvc-workspace.yaml
OR
cat <<EOF | kubectl create -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: a-place-to-hold-stuff spec: accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 1Gi EOF
kubectl get pvc
it will say Pending until the actual git clone is executed
kubectl create -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.1/git-clone.yaml
tkn task ls NAME DESCRIPTION AGE git-clone These Tasks are Git... 17 seconds ago
cat <<EOF | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: git-clone- labels: tekton.dev/task: git-clone spec: taskRef: kind: Task name: git-clone params: - name: url value: https://github.com/burrsutter/tekton-spring-boot - name: revision value: master - name: deleteExisting value: 'true' workspaces: - name: output persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
(OR)
tkn task start git-clone \
--param=url=https://github.com/burrsutter/tekton-spring-boot \
--param=revision=master \
--workspace=name=output,claimName=a-place-to-hold-stuff \
--showlog
tkn tr ls NAME STARTED DURATION STATUS git-clone-d9jgl 4 seconds ago --- Running(Pending)
Wait for Status succeeded
tkn tr ls NAME STARTED DURATION STATUS git-clone-d9jgl 46 seconds ago 34 seconds Succeeded
tkn tr logs git-clone-d9jgl [clone] + CHECKOUT_DIR=/workspace/output/ [clone] + '[[' true '==' true ]] [clone] + cleandir [clone] + '[[' -d /workspace/output/ ]] [clone] + rm -rf '/workspace/output//*' [clone] + rm -rf /workspace/output//.git [clone] + rm -rf '/workspace/output//..?*' [clone] + test -z [clone] + test -z [clone] + test -z [clone] + /ko-app/git-init -url https://github.com/burrsutter/tekton-spring-boot -revision master -refspec -path /workspace/output/ '-sslVerify=true' '-submodules=true' -depth 1 [clone] {"level":"info","ts":1596485993.8097796,"caller":"git/git.go:139","msg":"Successfully cloned https://github.com/burrsutter/tekton-spring-boot @ c5a704d4145ad9cf0e15fb6514df27da1fe14470 (grafted, HEAD, origin/master) in path /workspace/output/"} [clone] {"level":"info","ts":1596485993.8418102,"caller":"git/git.go:180","msg":"Successfully initialized and updated submodules in path /workspace/output/"} [clone] + cd /workspace/output/ [clone] + git rev-parse HEAD [clone] + tr -d '\n' [clone] + RESULT_SHA=c5a704d4145ad9cf0e15fb6514df27da1fe14470 [clone] + EXIT_CODE=0 [clone] + '[' 0 '!=' 0 ] [clone] + echo -n c5a704d4145ad9cf0e15fb6514df27da1fe14470
Tip: if the tr listing grows to long and you wish to have a clean slate
kubectl delete tr --all
And if your list of Completed pods grows long
kubectl delete pods --field-selector=status.phase=Succeeded kubectl delete pods --field-selector=status.phase=Failed
Tip: a trick to always getting the last TR logs
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
kubectl create -f task-list-directory.yaml
tkn task ls NAME DESCRIPTION AGE git-clone These Tasks are Git... 1 minute ago list-directory Simple directory li... 3 seconds ago
cat <<EOF | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: list-directory- labels: tekton.dev/task: list-directory spec: taskRef: name: list-directory workspaces: - name: directory persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
tkn tr ls NAME STARTED DURATION STATUS list-directory-7wxjd 2 seconds ago --- Running(Pending) git-clone-d9jgl 1 minute ago 34 seconds Succeeded
tkn tr logs list-directory-7wxjd [list-directory] total 36 [list-directory] drwxrwsr-x 4 10006200 10006200 4096 Aug 3 15:57 src [list-directory] -rw-rw-r-- 1 10006200 10006200 461 Aug 3 15:57 readme.adoc [list-directory] -rw-rw-r-- 1 10006200 10006200 1846 Aug 3 15:57 pom.xml [list-directory] -rw-rw-r-- 1 10006200 10006200 6608 Aug 3 15:57 mvnw.cmd [list-directory] -rwxrwxr-x 1 10006200 10006200 10070 Aug 3 15:57 mvnw [list-directory] -rw-rw-r-- 1 10006200 10006200 111 Aug 3 15:57 Dockerfile
OR
tkn task start list-directory \ --showlog \ --workspace name=directory,claimName=a-place-to-hold-stuff
Deploy a Nexus Service to cache Maven artifacts
kubectl apply -f https://raw.githubusercontent.com/redhat-developer-demos/tekton-tutorial/master/install/utils/nexus.yaml
kubectl create cm maven-settings \ --from-file=settings.xml=maven-settings.xml
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/maven/0.1/maven.yaml
tkn task ls NAME DESCRIPTION AGE git-clone These Tasks are Git... 4 minutes ago list-directory Simple directory li... 2 minutes ago maven This Task can be us... 4 seconds ago
tkn task describe maven
cat <<EOF | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: maven-build- labels: tekton.dev/task: maven spec: taskRef: name: maven params: - name: GOALS value: - -B - -DskipTests - clean - package workspaces: - name: maven-settings configmap: name: maven-settings - name: source persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
OR
tkn task start maven \
--param=GOALS="-B,-DskipTests,clean,package" \
--workspace=name=source,claimName=a-place-to-hold-stuff \
--workspace=name=maven-settings,config=maven-settings \
--showlog
-
Its config not configmap
Monitor logs of the Maven TaskRun
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
Look for BUILD SUCCESS at the end
[mvn-goals] [INFO] Replacing main artifact with repackaged archive [mvn-goals] [INFO] ------------------------------------------------------------------------ [mvn-goals] [INFO] BUILD SUCCESS [mvn-goals] [INFO] ------------------------------------------------------------------------ [mvn-goals] [INFO] Total time: 01:07 min [mvn-goals] [INFO] Finished at: 2020-08-02T17:30:09Z [mvn-goals] [INFO] ------------------------------------------------------------------------
Looking for the fat jar with a TaskRun
cat <<EOF | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: list-directory- labels: tekton.dev/task: list-directory spec: taskRef: name: list-directory params: - name: sub-dirs value: - target workspaces: - name: directory persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
and follow the logs
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
expected output of the target directory listing
[list-directory] total 16164 [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 maven-status [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 generated-sources [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 test-classes [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 generated-test-sources [list-directory] drwxrwsr-x 3 10006200 10006200 4096 Aug 3 20:23 classes [list-directory] -rw-rw-r-- 1 10006200 10006200 4353 Aug 3 20:23 tekton-spring-boot-0.0.1-SNAPSHOT.jar.original [list-directory] drwxrwsr-x 2 10006200 10006200 4096 Aug 3 20:23 maven-archiver [list-directory] -rw-rw-r-- 1 10006200 10006200 16515300 Aug 3 20:23 tekton-spring-boot-0.0.1-SNAPSHOT.jar
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildah/0.1/buildah.yaml
tkn task ls NAME DESCRIPTION AGE buildah Buildah task builds... 4 seconds ago git-clone These Tasks are Git... 1 hour ago list-directory Simple directory li... 17 minutes ago maven This Task can be us... 1 hour ago
tkn task describe buildah
cat <<EOF | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: buildah-build- labels: tekton.dev/task: buildah-build spec: taskRef: name: buildah params: - name: IMAGE value: 'image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot' - name: TLSVERIFY value: 'false' workspaces: - name: source persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
Expected output
[push] Getting image source signatures [push] Copying blob sha256:90c2e42f948b524cf98005073e0b0aa2065160abf9e8b314976c064e270d92ac [push] Copying blob sha256:73ac5884e9391c51862edc7b13349576653cfefb8e1cc388992b407a9bbd9cb4 [push] Copying blob sha256:f9ddbcc4e7954a705b700c35c5e5beceabd86af121a6e561d86437a8512a6be6 [push] Copying blob sha256:7b08010864ba4c7ce9dfe1b90244b459b77c0387051659d37454783d10ab1113 [push] Copying config sha256:d139ef8f9299767cec7a21bc02be30155291fc4f0a9f87caf954b2b5b4bc66ef [push] Writing manifest to image destination [push] Copying config sha256:d139ef8f9299767cec7a21bc02be30155291fc4f0a9f87caf954b2b5b4bc66ef [push] Writing manifest to image destination [push] Storing signatures [digest-to-results] + cat /workspace/source/image-digest [digest-to-results] + tee /tekton/results/IMAGE_DIGEST [digest-to-results] sha256:ae34e15d257738c2b862efcbfe667dac20c2649cecaeb964c18778ae1e90221e
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/kn/0.1/kn.yaml
tkn task ls NAME DESCRIPTION AGE buildah Buildah task builds... 10 minutes ago git-clone These Tasks are Git... 29 minutes ago kn This Task performs ... 4 seconds ago list-directory Simple directory li... 16 minutes ago maven This Task can be us... 13 minutes ago
kn needs a ServiceAccount
Note: "apipes" is the namespace created with oc new-project
curl -sSL \ https://raw.githubusercontent.com/tektoncd/catalog/master/task/kn/0.1/kn-deployer.yaml \ | yq w - -d0 metadata.namespace apipes \ | yq w - -d2 subjects.[0].namespace apipes \ | kubectl apply -f -
Expected Results:
kubectl describe sa kn-deployer-account Name: kn-deployer-account Namespace: apipes Labels: <none> Annotations: Image pull secrets: kn-deployer-account-dockercfg-dt9xz Mountable secrets: kn-deployer-account-token-hqdsn kn-deployer-account-dockercfg-dt9xz Tokens: kn-deployer-account-token-hqdsn kn-deployer-account-token-vdsfk Events: <none>
kubectl describe clusterrole kn-deployer Name: kn-deployer Labels: <none> Annotations: PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- revisions.serving.knative.dev [] [] [get list create update delete patch watch] routes.serving.knative.dev [] [] [get list create update delete patch watch] services.serving.knative.dev [] [] [get list create update delete patch watch]
kubectl describe clusterrolebinding kn-deployer-binding Name: kn-deployer-binding Labels: <none> Annotations: Role: Kind: ClusterRole Name: kn-deployer Subjects: Kind Name Namespace ---- ---- --------- ServiceAccount kn-deployer-account apipes
cat <<EOF | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: kn-deployer- labels: tekton.dev/task: kn-deployer spec: serviceAccountName: kn-deployer-account taskRef: name: kn params: - name: ARGS value: - 'service' - 'create' - 'myservice' - '--force' - '--image=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot' EOF
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
Expected output
[kn] Creating service 'myservice' in namespace 'apipes': [kn] [kn] 0.236s The Route is still working to reflect the latest desired specification. [kn] 0.454s Configuration "myservice" is waiting for a Revision to become ready. [kn] 6.935s ... [kn] 7.044s Ingress has not yet been reconciled. [kn] 7.238s Ready to serve. [kn] [kn] Service 'myservice' created to latest revision 'myservice-yhlts-1' is available at URL: [kn] http://myservice-apipes.apps.dublin.burr-on-aws.com
Curl that endpoint
curl http://myservice-apipes.apps.dublin.burr-on-aws.com Hej from Spring Boot! 0 on myservice-yhlts-1-deployment-7dd4547f7c-qgkwv
Now that all the Tasks and TaskRuns are successful, time to wrap everything into a Pipeline
cat <<'EOF' | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: pipeline-git-mvn-buildah-kn spec: description: >- The Pipline to build and deploy the Java App as Knative Service. params: - name: image-name description: The fully qualified image name default: 'image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot' - name: kn-service-name description: The Knative Service name default: myservice - name: github-repo-url description: The GitHub Repo of the Java Application default: https://github.com/burrsutter/tekton-spring-boot - name: github-repo-revision description: The GitHub revision to use default: master workspaces: - name: source - name: maven-settings tasks: - name: git-clone taskRef: name: git-clone params: - name: url value: $(params.github-repo-url) - name: revision value: $(params.github-repo-revision) - name: deleteExisting value: 'true' workspaces: - name: output workspace: source - name: mvn-test taskRef: name: maven runAfter: - git-clone params: - name: GOALS value: ['-B', 'clean', 'test'] workspaces: - name: maven-settings workspace: maven-settings - name: source workspace: source - name: mvn-package taskRef: name: maven runAfter: - mvn-test params: - name: GOALS value: ['-B', '-DskipTests', 'clean', 'package'] workspaces: - name: maven-settings workspace: maven-settings - name: source workspace: source - name: buildah-image taskRef: name: buildah runAfter: - mvn-package params: - name: IMAGE value: '$(params.image-name)' - name: TLSVERIFY value: 'false' workspaces: - name: source workspace: source - name: deploy-kn-service taskRef: name: kn runAfter: - buildah-image params: - name: ARGS value: - 'service' - 'create' - '$(params.kn-service-name)' - '--force' - '--image=$(params.image-name)@$(tasks.buildah-image.results.IMAGE_DIGEST)' EOF
Note: For OpenShift, a couple of more tweaks to security settings to allow for the publish to the internal registry
oc adm policy add-cluster-role-to-user kn-deployer -z pipeline -n apipes oc adm policy who-can get services.serving.knative.dev
cat <<'EOF' | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: generateName: pipeline-run-git-mvn-buildah-kn- labels: tekton.dev/pipeline: pipeline-git-mvn-buildah-kn spec: serviceAccountName: pipeline pipelineRef: name: pipeline-git-mvn-buildah-kn workspaces: - name: maven-settings configmap: name: maven-settings - name: source persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
tkn pr logs -f -a $(tkn pr ls | awk 'NR==2{print $1}')
Note: this is not working as it needs
mvn compile jib:build -Dimage=quay.io/burrsutter/tekton-git-jib-kn:v1
For insecure registry the jib command is:
mvn compile -DskipTests,clean,compile,jib:build,-Djib.allowInsecureRegistries=true,-Dimage=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot
cat <<'EOF' | kubectl create -f - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: maven-jib- labels: tekton.dev/task: maven spec: taskRef: name: maven params: - name: GOALS value: - -B - -DskipTests - clean - compile - jib:build - -Djib.allowInsecureRegistries=true - -Dimage=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot workspaces: - name: maven-settings configmap: name: maven-settings - name: source persistentVolumeClaim: claimName: a-place-to-hold-stuff EOF
-
this is required if Jib wants to push to local registry
tkn tr logs -f -a $(tkn tr ls | awk 'NR==2{print $1}')
(OR)
tkn task start maven \
--param=GOALS='-DskipTests,clean,compile,jib:build,-Djib.allowInsecureRegistries=true,-Dimage=image-registry.openshift-image-registry.svc:5000/apipes/tekton-spring-boot' \
--workspace=name=maven-settings,config=maven-settings \
--workspace=name=source,claimName=a-place-to-hold-stuff \
--showlog
This is an attempt to make the combination of Java + Knative Service offer a new pipeline. On the Import from Git (Developer Console) you can see this new pipeline option
kubectl create -f pipeline-git-mvn-buildah-kn-clustertasks.yaml -n openshift kubectl -n openshift label pipeline pipeline-git-mvn-buildah-kn pipeline.openshift.io/runtime=java kubectl -n openshift label pipeline pipeline-git-mvn-buildah-kn pipeline.openshift.io/type=knative
kubectl get pipelines pipeline-git-mvn-buildah-kn -n openshift --show-labels NAME AGE LABELS pipeline-git-mvn-buildah-kn 3m31s pipeline.openshift.io/runtime=java,pipeline.openshift.io/type=knative
Setup the project with the correct "workspaces"
oc new-project bpipes kubectl apply -f pvc-workspace.yaml kubectl create cm maven-settings \ --from-file=settings.xml=maven-settings.xml