From 6219b311772a423fee81d0b93d23a3f4f455d3a4 Mon Sep 17 00:00:00 2001 From: Jason Madigan Date: Mon, 4 Mar 2024 13:17:49 +0000 Subject: [PATCH] CI/CD with Tekton --- doc/kuadrantctl-ci-cd.md | 185 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 doc/kuadrantctl-ci-cd.md diff --git a/doc/kuadrantctl-ci-cd.md b/doc/kuadrantctl-ci-cd.md new file mode 100644 index 0000000..383af2f --- /dev/null +++ b/doc/kuadrantctl-ci-cd.md @@ -0,0 +1,185 @@ +# kuadrantctl - CI/CD with Tekton and Argo CD + +This guide demonstrates setting up a CI/CD pipeline using Tekton to deploy Kubernetes Gateway API and Kuadrant resources generated by `kuadrantctl`, from an OpenAPI specification. In this example, these resources are applied directly to the cluster where Tekton is running. + +Prerequisites: + +- Kuadrant, and all of its pre-requisites, is installed onto a cluster +- (Tekton Pipelines[https://tekton.dev/]) installed on your Kubernetes or OpenShift cluster. +- (`kubectl`[https://kubernetes.io/docs/reference/kubectl/]) configured to communicate with your cluster (i.e you have a kubectl config available with access to your cluster) +- (Tekton CLI `tkn`[https://tekton.dev/docs/cli/]) (optional) for easier interaction with Tekton resources. + +Setup: + +First, create a dedicated namespace: + +```bash +kubectl create namespace petstore +``` + +Step 1: Create a Persistent Volume Claim + +To store Tekton build artifacts, create a PVC in the petstore namespace: + +```bash +kubectl apply -n petstore -f - < /dev/null + curl -s -L https://github.com/mikefarah/yq/releases/download/v4.6.1/yq_linux_arm64 -o /usr/bin/yq > /dev/null && chmod +x /usr/bin/yq + + cd $(workspaces.source.path) + mkdir -p generated-resources + ./kuadrantctl generate kuadrant authpolicy --oas openapi.yaml | yq eval -P | tee generated-resources/authpolicy.yaml + ./kuadrantctl generate kuadrant ratelimitpolicy --oas openapi.yaml | yq eval -P | tee generated-resources/ratelimitpolicy.yaml + ./kuadrantctl generate gatewayapi httproute --oas openapi.yaml | yq eval -P | tee generated-resources/httproute.yaml + - name: apply-resources + image: lachlanevenson/k8s-kubectl + script: | + apk add --no-cache gettext > /dev/null + cd $(workspaces.source.path) + export KUADRANT_ZONE_ROOT_DOMAIN=example.com # domain name used in the HTTPRoute for the petstore sample app + for file in ./generated-resources/*.yaml; do + envsubst < "$file" | kubectl apply -n petstore -f - + done +EOF +``` + +We're using Tekton here with a kubectl to apply resources to a cluster. We would generally recommend looking at a tool such as (ArgoCD)[https://argo-cd.readthedocs.io/en/stable/] to implement continuous delivery via a GitOps approach. In this scenario, you would: + +- Use `kuadrantctl` to generate Kubernetes/Kuadrant resources as part a Tekton pipeline +- Commit these new resources in to a git respository +- Use ArgoCD to sync these changes via a Git respository to a Kubernetes or OpenShift cluster + +Step 3: Create a Kubeconfig Secret + +Provide Tekton access to your Kubernetes cluster by creating a secret with your kubeconfig in the `petstore` namespace: + +```bash +kubectl create secret generic kubeconfig-secret --from-file=kubeconfig=/path/to/.kube/config -n petstore +``` + +Create an associated `ClusterRole` and `ClusterRoleBinding`: + +```bash +kubectl apply -n petstore -f - <