initial commit

dev/tekton/examples/kaniko/README.md

@@ -0,0 +1,45 @@
+KANIKO voorbeeld:
+
+vergeet niet de juiste docker credentials in een secret te zetten:
+
+sysctl -w fs.inotify.max_user_instances=100000
+
+cat ~/.docker/config.json | base64 -w0
+
+Output editen in docker-credentials.yaml
+
+kubectl create -f docker-credentials.yaml	
+
+Dit voorbeeld werk niet op ARM!!!
+
+
+harbor.alldcs.nl toevoegen aan registries voor microk8s:
+========================================================
+
+MicroK8s 1.23 and newer versions use separate hosts.toml files for each image registry. For registry http://10.141.241.175:32000, this would be at /var/snap/microk8s/current/args/certs.d/10.141.241.175:32000/hosts.toml. First, create the directory if it does not exist:
+
+sudo mkdir -p /var/snap/microk8s/current/args/certs.d/harbor.alldcs.nl
+sudo touch /var/snap/microk8s/current/args/certs.d/harbor.alldcs/hosts.toml
+Then, edit the file we just created and make sure the contents are as follows:
+
+# /var/snap/microk8s/current/args/certs.d/harbor.alldcs.nl/hosts.toml
+server = "http://harbor.alldcs.nl"
+
+[host."http://10.141.241.175:32000"]
+capabilities = ["pull", "resolve"]
+
+#/var/snap/microk8s/current/args/containerd-template.toml
+
+[plugins."io.containerd.grpc.v1.cri".registry.configs."172.16.4.93:5000".tls]
+      insecure_skip_verify = true
+
+Restart MicroK8s to have the new configuration loaded:
+
+microk8s stop
+microk8s start
+
+===========
+
+Het voorbeeld werkt niet naar behoren omdat de site niet is gebouwd.
+Tevens in /etc/hosts toegevoegd : 80.60.8.14 harbor.alldcs.nl anders werkt 
+DNS-resolver niet goed.

dev/tekton/examples/kaniko/arm/pipeline-run.yaml

@@ -0,0 +1,30 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: clone-build-push-run
+spec:
+  pipelineRef:
+    name: clone-build-push
+  podTemplate:
+    securityContext:
+      fsGroup: 65532
+  workspaces:
+  - name: shared-data
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+  - name: kubeconfig-dir
+    configMap:
+      name: kubeconfig
+  - name: docker-credentials
+    secret:
+      secretName: docker-credentials
+  params:
+  - name: repo-url
+    value: https://github.com/kainlite/tr.git
+  - name: image-reference
+    value: allardkrings/tr:latest

dev/tekton/examples/kaniko/arm/pipeline.yaml

@@ -0,0 +1,46 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: clone-build-push
+spec:
+  description: | 
+    This pipeline clones a git repo, builds a Docker image with Kaniko and
+    pushes it to a registry
+  params:
+  - name: repo-url
+    type: string
+  - name: image-reference
+    type: string
+  workspaces:
+  - name: shared-data
+  - name: docker-credentials
+  tasks:
+  - name: fetch-source
+    taskRef:
+      name: git-clone
+    workspaces:
+    - name: output
+      workspace: shared-data
+    params:
+    - name: url
+      value: $(params.repo-url)
+  - name: build-push
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: kaniko
+    workspaces:
+    - name: source
+      workspace: shared-data
+    - name: dockerconfig
+      workspace: docker-credentials
+    params:
+    - name: IMAGE
+      value: $(params.image-reference)
+  - name: restart-deployment
+    runAfter: ["build-push"]
+    taskRef:
+      name: kubernetes-actions
+    params:
+    - name: script
+      value: |
+        kubectl -n tr rollout restart deployment/tr-deployment

dev/tekton/examples/kaniko/create-secret-docker-credentials.sh

@@ -0,0 +1,3 @@
+microk8s kubectl create secret generic harbor-credentials \
+    --from-file=.dockerconfigjson=/home/ubuntu/.docker/config.json \
+    --type=kubernetes.io/dockerconfigjson

dev/tekton/examples/kaniko/create-secret-harbor-credentials.sh

@@ -0,0 +1,3 @@
+microk8s kubectl create secret generic harbor-credentials \
+    --from-file=.dockerconfigjson=/home/ubuntu/.docker/config.json \
+    --type=kubernetes.io/dockerconfigjson

dev/tekton/examples/kaniko/docker-compose.yaml

@@ -0,0 +1,13 @@
+version: "3.3"
+
+services:
+
+  site:
+    image: docsy/docsy-example
+    build:
+      context: .
+    command: server
+    ports:
+      - "1313:1313"
+    volumes:
+      - .:/src

dev/tekton/examples/kaniko/docker-credentials.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-credentials
+data:
+  config.json: ewoJImF1dGhzIjogewoJCSJjb3JlLmhhcmJvci5hbGxkY3MubmwiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNREZBIgoJCX0sCgkJImNvcmUuaGFyYm9yLmRvbWFpbiI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1ERkEiCgkJfSwKCQkiaGFyYm9yLmFsbGRjcy5ubCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1ERkEiCgkJfSwKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewoJCQkiYXV0aCI6ICJZV3hzWVhKa2EzSnBibWR6T2t0MVltVnlibVYwWlhNd01VQT0iCgkJfQoJfQp9

dev/tekton/examples/kaniko/git-credentials.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-credentials
+data:
+  id_rsa: AS0tLS...
+  known_hosts: AG033S...

dev/tekton/examples/kaniko/harbor-credentials.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-credentials
+data:
+  config.json: ewoJImF1dGhzIjogewoJCSJjb3JlLmhhcmJvci5hbGxkY3MubmwiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNREZBIgoJCX0sCgkJImNvcmUuaGFyYm9yLmRvbWFpbiI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1ERkEiCgkJfSwKCQkiaGFyYm9yLmFsbGRjcy5ubCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1ERkEiCgkJfSwKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewoJCQkiYXV0aCI6ICJZV3hzWVhKa2EzSnBibWR6T2t0MVltVnlibVYwWlhNd01VQT0iCgkJfQoJfQp9

dev/tekton/examples/kaniko/kaniko-workspace-pv.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: kaniko-workspace-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.40.100
+    path: /mnt/nfs_share/tekton-kaniko
+    readOnly: false
+

dev/tekton/examples/kaniko/kaniko-workspace-pvc.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kaniko-workspace-pvc
+spec:
+  storageClassName: ""
+  volumeName: kaniko-workspace-pv
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi
+
+
+

dev/tekton/examples/kaniko/pipeline-run.yaml

@@ -0,0 +1,30 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: kaniko-clone-build-push-
+spec:
+  pipelineRef:
+    name: kaniko-clone-build-push
+#  podTemplate:
+#    securityContext:
+#      fsGroup: 65532
+  workspaces:
+  - name: shared-data
+    persistentVolumeClaim:
+      claimName: kaniko-workspace-pvc
+  - name: registry-credentials
+    secret:
+#      secretName: docker-credentials
+      secretName: harbor-credentials
+      items:
+        - key: .dockerconfigjson
+          path: config.json
+  params:
+  - name: repo-url
+    value: https://github.com/google/docsy-example.git
+  - name: image-reference
+#    value: allardkrings/tekton-example:1.0
+    value: harbor.alldcs.nl/allard/tekton-example:1.0
+#    value: harbor-registry/allard/tekton-example:1.0
+#    value: 80.60.8.14/allard/tekton-example:1.0
+#    value: 192.168.40.82/allard/tekton-example:1.0

dev/tekton/examples/kaniko/pipeline.yaml

@@ -0,0 +1,49 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: kaniko-clone-build-push
+spec:
+  description: |
+    This pipeline clones a git repo, builds a Docker image with Kaniko and
+    pushes it to a registry
+  params:
+  - name: repo-url
+    type: string
+  - name: image-reference
+    type: string
+  workspaces:
+  - name: shared-data
+  - name: registry-credentials
+  tasks:
+  - name: fetch-source
+    taskRef:
+      name: git-clone
+    workspaces:
+    - name: output
+      workspace: shared-data
+    params:
+    - name: url
+      value: $(params.repo-url)
+  - name: build-push
+    runAfter: ["fetch-source"]
+    taskRef:
+      name: kaniko
+    workspaces:
+    - name: source
+      workspace: shared-data
+    - name: dockerconfig
+      workspace: registry-credentials
+    params:
+    - name: IMAGE
+      value: $(params.image-reference)
+    - name: BUILDER_IMAGE
+      value: "bitnami/kaniko"
+    - name: EXTRA_ARGS
+      value: [
+    "--verbosity=debug",
+#    "--skip-tls-verify=true",
+#    "--skip-tls-verify-pull=true",
+#    "--skip-tls-verify-registry=harbor-registry",
+    "--insecure=true",
+    "--insecure-pull=true",
+    "--insecure-registry=harbor.alldcs.nl"]

dev/tekton/examples/kaniko/site-claim0-persistentvolumeclaim.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: site-claim0
+  name: site-claim0
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}

dev/tekton/examples/kaniko/site-deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert
+    kompose.version: 1.26.0 (40646f47)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: site
+  name: site
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: site
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert
+        kompose.version: 1.26.0 (40646f47)
+      creationTimestamp: null
+      labels:
+        io.kompose.service: site
+    spec:
+      containers:
+        - args:
+            - server
+          image: harbor.alldcs.nl/allard/tekton-example:1.0
+          name: site
+          ports:
+            - containerPort: 1313
+          resources: {}
+          volumeMounts:
+            - mountPath: /src
+              name: site-claim0
+      restartPolicy: Always
+      volumes:
+        - name: site-claim0
+          persistentVolumeClaim:
+            claimName: site-claim0
+status: {}

dev/tekton/examples/kaniko/site-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert
+    kompose.version: 1.26.0 (40646f47)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: site
+  name: site
+spec:
+  ports:
+    - name: "1313"
+      port: 1313
+      targetPort: 1313
+  selector:
+    io.kompose.service: site
+status:
+  loadBalancer: {}

dev/tekton/examples/kaniko/tekton-example.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tekton-example
+  labels:
+    app: tekton-example
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tekton-example
+  template:
+    metadata:
+      labels:
+        app: tekton-example
+    spec:
+      containers:
+      - name: tekton-example
+#        image: allardkrings/tekton-example:1.0
+        image: harbor.alldcs.nl/allard/tekton-example:1.0
+        ports:
+          - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tekton-example
+  labels:
+    name: tekton-example
+spec:
+  type: ClusterIP
+  selector:
+    app: tekton-example
+  ports:
+    - port: 80