From 1b1601962b344990e3f6c3d1ce5eede8907d07f5 Mon Sep 17 00:00:00 2001 From: Jason Madigan Date: Mon, 4 Mar 2024 13:17:49 +0000 Subject: [PATCH] CI/CD with Tekton --- doc/kuadrantctl-ci-cd.md | 152 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 152 insertions(+) create mode 100644 doc/kuadrantctl-ci-cd.md diff --git a/doc/kuadrantctl-ci-cd.md b/doc/kuadrantctl-ci-cd.md new file mode 100644 index 0000000..410aa28 --- /dev/null +++ b/doc/kuadrantctl-ci-cd.md @@ -0,0 +1,152 @@ +# kuadrantctl - CI/CD with Tekton and Argo CD + +This guide demonstrates setting up a CI/CD pipeline using Tekton to deploy Kubernetes Gateway API and Kuadrant resources generated by `kuadrantctl`, from an OpenAPI specification. In this example, these resources are applied directly to the cluster where Tekton is running. + +Prerequisites: + +- (Tekton Pipelines[https://tekton.dev/]) installed on your Kubernetes or OpenShift cluster. +- (`kubectl`[https://kubernetes.io/docs/reference/kubectl/]) configured to communicate with your cluster (i.e you have a kubectl config available with access to your cluster) +- (Tekton CLI `tkn`[https://tekton.dev/docs/cli/]) (optional) for easier interaction with Tekton resources. + +Setup: + +First, create a dedicated namespace: + +```bash +kubectl create namespace kuadrantctl-ci-example +``` + +Step 1: Create a Persistent Volume Claim + +To store Tekton build artifacts, create a PVC in the kuadrantctl-ci-example namespace: + +```bash +kubectl apply -n kuadrantctl-ci-example -f - < /dev/null + curl -s -L https://github.com/mikefarah/yq/releases/download/v4.6.1/yq_linux_arm64 -o /usr/bin/yq > /dev/null && chmod +x /usr/bin/yq + + cd $(workspaces.source.path) + mkdir -p generated-resources + ./kuadrantctl generate kuadrant authpolicy --oas openapi.yaml | yq eval -P | tee generated-resources/authpolicy.yaml + ./kuadrantctl generate kuadrant ratelimitpolicy --oas openapi.yaml | yq eval -P | tee generated-resources/ratelimitpolicy.yaml + ./kuadrantctl generate gatewayapi httproute --oas openapi.yaml | yq eval -P | tee generated-resources/httproute.yaml + - name: apply-resources + image: lachlanevenson/k8s-kubectl + script: | + cd $(workspaces.source.path) + kubectl apply -f ./generated-resources -n kuadrantctl-ci-example +EOF +``` + +We're using Tekton here with a kubectl to apply resources to a cluster. We would generally recommend looking at a tool such as (ArgoCD)[https://argo-cd.readthedocs.io/en/stable/] to implement continuous delivery via a GitOps approach. In this scenario, you would: + +- Use `kuadrantctl` to generate Kubernetes/Kuadrant resources as part a Tekton pipeline +- Commit these new resources in to a git respository +- Use ArgoCD to sync these changes via a Git respository to a Kubernetes or OpenShift cluster + +Step 3: Create a Kubeconfig Secret + +Provide Tekton access to your Kubernetes cluster by creating a secret with your kubeconfig in the `kuadrantctl-ci-example` namespace: + +```bash +kubectl create secret generic kubeconfig-secret --from-file=kubeconfig=~/.kube/config -n kuadrantctl-ci-example +``` + +Step 4: Trigger the TaskRun + +Execute the task within the `kuadrantctl-ci-example` namespace, referencing the kubeconfig secret for cluster access: + +In this example, we'll run this task with our Kuadrant Petstore app: https://github.com/kuadrant/api-petstore + +```bash +kubectl apply -n kuadrantctl-ci-example -f - <