From 9bd773a055bcc98cfe78951276f573134f1d5e71 Mon Sep 17 00:00:00 2001 From: caggles Date: Fri, 8 Jan 2021 12:54:11 -0800 Subject: [PATCH 1/6] init --- apps/artifactory/pipeline/README.md | 7 + apps/artifactory/pipeline/install.yaml | 291 +++++++++++++++++++++++++ 2 files changed, 298 insertions(+) create mode 100644 apps/artifactory/pipeline/README.md create mode 100644 apps/artifactory/pipeline/install.yaml diff --git a/apps/artifactory/pipeline/README.md b/apps/artifactory/pipeline/README.md new file mode 100644 index 000000000..8c56dfc5a --- /dev/null +++ b/apps/artifactory/pipeline/README.md @@ -0,0 +1,7 @@ +## Installing Argo + +This assumes that the CRDs have already been created (they have been in KLAB and Silver). + +Argo Workflows should be installed on the namespace scale. Use the following command to set everything up: +`oc apply -n [namespace] -f install.yaml` + diff --git a/apps/artifactory/pipeline/install.yaml b/apps/artifactory/pipeline/install.yaml new file mode 100644 index 000000000..5ebfb0099 --- /dev/null +++ b/apps/artifactory/pipeline/install.yaml @@ -0,0 +1,291 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +#- apiGroups: +# - "" +# resources: +# - events +# verbs: +# - create +# - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-server-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +# - delete +- apiGroups: + - "" + resources: + - events + verbs: + - watch +# - create +# - patch +- apiGroups: + - "" + resources: + - secrets + - serviceaccounts + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows +# - workfloweventbindings + - workflowtemplates + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-server-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-server-role +subjects: +- kind: ServiceAccount + name: argo-server +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + config: | + ContainerRuntimeExecutor: k8sapi +--- +apiVersion: v1 +kind: Service +metadata: + name: argo-server +spec: + ports: + - name: web + port: 2746 + targetPort: 2746 + selector: + app: argo-server +--- +apiVersion: v1 +kind: Service +metadata: + name: workflow-controller-metrics +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: workflow-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + - --namespaced + image: argoproj/argocli:v2.11.8 + name: argo-server + ports: + - containerPort: 2746 + name: web + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 20 + volumeMounts: + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argo-server + volumes: + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller +spec: + selector: + matchLabels: + app: workflow-controller + template: + metadata: + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - argoproj/argoexec:v2.11.8 + - --namespaced + command: + - workflow-controller + image: argoproj/workflow-controller:v2.11.8 + name: workflow-controller + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argo \ No newline at end of file From 4032a846b52e19df4cfec58c7f62d997090c1500 Mon Sep 17 00:00:00 2001 From: Cailey Jones Date: Fri, 8 Jan 2021 17:28:55 -0800 Subject: [PATCH 2/6] basic working install --- apps/artifactory/pipeline/README.md | 52 +- apps/artifactory/pipeline/install.param | 2 + apps/artifactory/pipeline/install.yaml | 647 +++++++++++++----------- 3 files changed, 415 insertions(+), 286 deletions(-) create mode 100644 apps/artifactory/pipeline/install.param diff --git a/apps/artifactory/pipeline/README.md b/apps/artifactory/pipeline/README.md index 8c56dfc5a..d73fbc350 100644 --- a/apps/artifactory/pipeline/README.md +++ b/apps/artifactory/pipeline/README.md @@ -1,7 +1,53 @@ ## Installing Argo -This assumes that the CRDs have already been created (they have been in KLAB and Silver). +This assumes that the CRDs have already been created (they have been in KLAB and Silver). Argo Workflows should be installed on the namespace scale. -Argo Workflows should be installed on the namespace scale. Use the following command to set everything up: -`oc apply -n [namespace] -f install.yaml` +Start by updating the parameters in the `install.param` file. +Both parameters are used primarily to build the URL for the route to the argo UI, like this: `APP_NAME-argo.apps.CLUSTER.devops.gov.bc.ca`. +To that end, make sure your cluster is either `klab` or `silver` (or whatever additional clusters are available) and that your app-name is unique on that cluster (I recommend using your unique namespace name). +Do not include any periods, slashes, spaces or other characters inappropriate for a URL. +Perform the installion like this: +`oc process -f install.yaml --param-file=install.param | oc apply -n [NAMESPACE] -f -` + +## Using Argo + +The documentation here will be fairly limited, and is largely dedicated to documenting specific quirks of this particular installation. +You are expected to use Argo's documentation to learn how to use workflows, which can be found at https://argoproj.github.io/argo/workflow-concepts/. + +### serviceAccountName + +Typically, when the workflow doesn't specify a service account, Argo will just use default. +However, the default service account is not granted the required privileges when the above installation is used. +Instead, we create a new service account called `workflow-creator` which is then granted the appropriate privileges instead. +This means that you must specify `workflow.spec.serviceAccountName` as `workflow-creator` explicitly in your workflow. +The following is an example of how to do this: + +```json +{ + "metadata": { + "name": "wonderful-bear", + "namespace": "devops-artifactory" + }, + "spec": { + "serviceAccountName": "workflow-creator", + "entrypoint": "argosay", + "templates": [ + { + "name": "argosay", + "container": { + "name": "main", + "image": "argoproj/argosay:v2", + "command": [ + "/argosay" + ], + "args": [ + "echo", + "hello argo!" + ] + } + } + ] + } +} +``` diff --git a/apps/artifactory/pipeline/install.param b/apps/artifactory/pipeline/install.param new file mode 100644 index 000000000..07ebab221 --- /dev/null +++ b/apps/artifactory/pipeline/install.param @@ -0,0 +1,2 @@ +APP_NAME=artifactory +CLUSTER=klab diff --git a/apps/artifactory/pipeline/install.yaml b/apps/artifactory/pipeline/install.yaml index 5ebfb0099..155b6d39d 100644 --- a/apps/artifactory/pipeline/install.yaml +++ b/apps/artifactory/pipeline/install.yaml @@ -1,291 +1,372 @@ apiVersion: v1 -kind: ServiceAccount +kind: Template metadata: - name: argo ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete - - create -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - cronworkflows - - cronworkflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete -#- apiGroups: -# - "" -# resources: -# - events -# verbs: -# - create -# - patch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - get - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-server-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - verbs: - - get - - list - - watch -# - delete -- apiGroups: - - "" - resources: - - events - verbs: - - watch -# - create -# - patch -- apiGroups: - - "" - resources: - - secrets - - serviceaccounts - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows -# - workfloweventbindings - - workflowtemplates - - cronworkflows - - cronworkflows/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role -subjects: + name: argo-template + annotations: + description: "Basic namespaced installation of Argo Workflow, requiring admin privileges on the local namespace" + +labels: + app: argo-workflow + +objects: + +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: argo + +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: argo-server + - kind: ServiceAccount - name: argo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-server-binding -roleRef: - apiGroup: rbac.authorization.k8s.io + apiVersion: v1 + metadata: + name: workflow-creator + +- apiVersion: rbac.authorization.k8s.io/v1 kind: Role - name: argo-server-role -subjects: -- kind: ServiceAccount - name: argo-server ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: workflow-controller-configmap -data: - config: | - ContainerRuntimeExecutor: k8sapi ---- -apiVersion: v1 -kind: Service -metadata: - name: argo-server -spec: - ports: - - name: web - port: 2746 - targetPort: 2746 - selector: - app: argo-server ---- -apiVersion: v1 -kind: Service -metadata: - name: workflow-controller-metrics -spec: - ports: - - name: metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: workflow-controller ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argo-server -spec: - selector: - matchLabels: + metadata: + name: argo-role + rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create + - apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: argo-server-role + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - apiGroups: + - "" + resources: + - secrets + - serviceaccounts + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - workflows + - workflowtemplates + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: workflow-creator + rules: + - verbs: + - get + - list + - watch + apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - replicationcontrollers/scale + - secrets + - serviceaccounts + - services + - verbs: + - patch + apiGroups: + - "" + resources: + - pods + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: argo-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role + subjects: + - kind: ServiceAccount + name: argo + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: argo-server-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-server-role + subjects: + - kind: ServiceAccount + name: argo-server + +- kind: RoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: workflow-creator + subjects: + - kind: ServiceAccount + name: workflow-creator + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: workflow-creator + +- apiVersion: v1 + kind: ConfigMap + metadata: + name: workflow-controller-configmap + data: + containerRuntimeExecutor: k8sapi + +- apiVersion: v1 + kind: Service + metadata: + name: argo-server + spec: + ports: + - name: web + port: 2746 + targetPort: 2746 + selector: app: argo-server - template: - metadata: - labels: + +- apiVersion: v1 + kind: Service + metadata: + name: workflow-controller-metrics + spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: workflow-controller + +- apiVersion: apps/v1 + kind: Deployment + metadata: + name: argo-server + spec: + selector: + matchLabels: app: argo-server - spec: - containers: - - args: - - server - - --namespaced - image: argoproj/argocli:v2.11.8 - name: argo-server - ports: - - containerPort: 2746 - name: web - readinessProbe: - httpGet: - path: / - port: 2746 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 20 - volumeMounts: - - mountPath: /tmp + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + - --namespaced + image: argoproj/argocli:v2.10.0 + name: argo-server + ports: + - containerPort: 2746 + name: web + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 20 + volumeMounts: + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argo-server + volumes: + - emptyDir: {} name: tmp - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argo-server - volumes: - - emptyDir: {} - name: tmp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: workflow-controller -spec: - selector: - matchLabels: - app: workflow-controller - template: - metadata: - labels: + +- apiVersion: apps/v1 + kind: Deployment + metadata: + name: workflow-controller + spec: + selector: + matchLabels: app: workflow-controller - spec: - containers: - - args: - - --configmap - - workflow-controller-configmap - - --executor-image - - argoproj/argoexec:v2.11.8 - - --namespaced - command: - - workflow-controller - image: argoproj/workflow-controller:v2.11.8 - name: workflow-controller - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: argo \ No newline at end of file + template: + metadata: + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - argoproj/argoexec:v2.10.0 + - --namespaced + command: + - workflow-controller + image: argoproj/workflow-controller:v2.10.0 + name: workflow-controller + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argo + +- kind: Route + apiVersion: route.openshift.io/v1 + metadata: + name: argo-server + labels: + app: argo-server + spec: + host: ${APP_NAME}-argo.apps.${CLUSTER}.devops.gov.bc.ca + to: + kind: Service + name: argo-server + weight: 100 + port: + targetPort: web + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None + +parameters: + +- name: APP_NAME + required: true + +- name: CLUSTER + required: true + + From fbd404f5c6aab5a081c8da5320053fd3a6ef0863 Mon Sep 17 00:00:00 2001 From: Cailey Jones Date: Fri, 8 Jan 2021 17:39:44 -0800 Subject: [PATCH 3/6] weird /workflows url thing --- apps/artifactory/pipeline/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/artifactory/pipeline/README.md b/apps/artifactory/pipeline/README.md index d73fbc350..6941eac3a 100644 --- a/apps/artifactory/pipeline/README.md +++ b/apps/artifactory/pipeline/README.md @@ -10,6 +10,11 @@ Do not include any periods, slashes, spaces or other characters inappropriate fo Perform the installion like this: `oc process -f install.yaml --param-file=install.param | oc apply -n [NAMESPACE] -f -` +This will produce a number of new objects relating to argo in your namespace. +Of particular note is the route, which allows you to access the UI. +You may find that using the link directs you to a blank white page. If so, add `/workflows` to the end of the url and try again. +This should help you to successfully enter the UI so that you can start using Argo. + ## Using Argo The documentation here will be fairly limited, and is largely dedicated to documenting specific quirks of this particular installation. From 9e78ed25c0a6b8e16a30b5bb4592335e69ea6cc3 Mon Sep 17 00:00:00 2001 From: Cailey Jones Date: Mon, 11 Jan 2021 16:36:31 -0800 Subject: [PATCH 4/6] add imagestream template --- .../templates/artifactory-image-stream.yaml | 18 ++++++++++++++++++ .../pipeline/artifactory-pipeline.yaml | 0 2 files changed, 18 insertions(+) create mode 100644 apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml create mode 100644 apps/artifactory/pipeline/artifactory-pipeline.yaml diff --git a/apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml b/apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml new file mode 100644 index 000000000..c019abfd1 --- /dev/null +++ b/apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml @@ -0,0 +1,18 @@ +kind: ImageStream +apiVersion: image.openshift.io/v1 +metadata: + name: artifactory-pro + namespace: devops-artifactory +spec: + lookupPolicy: + local: false + tags: + - name: 7.7.3 + annotations: null + from: + kind: DockerImage + name: 'registry.connect.redhat.com/jfrog/artifactory-pro:7.7.3' + generation: 1 + importPolicy: {} + referencePolicy: + type: Source diff --git a/apps/artifactory/pipeline/artifactory-pipeline.yaml b/apps/artifactory/pipeline/artifactory-pipeline.yaml new file mode 100644 index 000000000..e69de29bb From 64cfc792f35d5977eb01a48ad905edff6ab2a9b9 Mon Sep 17 00:00:00 2001 From: Cailey Jones Date: Mon, 11 Jan 2021 16:58:33 -0800 Subject: [PATCH 5/6] add oc-push-image to operator folder --- .../artifactory-operator/oc-push-image.sh | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100755 apps/artifactory/artifactory-operator/oc-push-image.sh diff --git a/apps/artifactory/artifactory-operator/oc-push-image.sh b/apps/artifactory/artifactory-operator/oc-push-image.sh new file mode 100755 index 000000000..f8f15fe78 --- /dev/null +++ b/apps/artifactory/artifactory-operator/oc-push-image.sh @@ -0,0 +1,73 @@ +#!/bin/bash + +OCTOOLSBIN=$(dirname $0) + +# ================================================================================================================= +# Usage: +# ----------------------------------------------------------------------------------------------------------------- +usage() { + cat <<-EOF + A helper script to push images to an OpenShift docker registry. + + Usage: ${0} [ -h -x -r ] -i -n ] + + OPTIONS: + ======== + -i The name of the image to push. + -n The namespace of the OpenShift project. + For example devex-von-tools + -r Optional. The address of the OpenShift docker registry, + such as your local registry, for example 172.30.1.1:5000. + Defaults to docker-registry.lab.pathfinder.gov.bc.ca + -t The tag name for the image. + + -h prints the usage for the script + -x run the script in debug mode to see what's happening + +EOF +exit +} + +# ----------------------------------------------------------------------------------------------------------------- +# Initialization: +# ----------------------------------------------------------------------------------------------------------------- +while getopts i:n:r:t:hx FLAG; do + case $FLAG in + i ) export DOCKER_IMAGE=$OPTARG ;; + n ) export OPENSHIFT_NAMESPACE=$OPTARG ;; + r ) export OPENSHIFT_REGISTRY_ADDRESS=$OPTARG ;; + t ) export OPENSHIFT_IMAGE_TAG=$OPTARG ;; + x ) export DEBUG=1 ;; + h ) usage ;; + \? ) #unrecognized option - show help + echo -e \\n"Invalid script option: -${OPTARG}"\\n + usage + ;; + esac +done + +# Shift the parameters in case there any more to be used +shift $((OPTIND-1)) +# echo Remaining arguments: $@ + +if [ ! -z "${DEBUG}" ]; then + set -x +fi + +if [ -z "${DOCKER_IMAGE}" ] || [ -z "${OPENSHIFT_NAMESPACE}" ] || [ -z "${OPENSHIFT_IMAGE_TAG}" ]; then + echo -e \\n"Missing parameters - name of Docker Image, OpenShift Namespace, Image Tag"\\n + usage +fi + +if [ -z "${OPENSHIFT_REGISTRY_ADDRESS}" ]; then + OPENSHIFT_REGISTRY_ADDRESS=docker-registry.lab.pathfinder.gov.bc.ca +fi + +OPENSHIFT_IMAGE_SNIPPET=${DOCKER_IMAGE#*/} +OPENSHIFT_IMAGESTREAM_PATH=${OPENSHIFT_REGISTRY_ADDRESS}/${OPENSHIFT_NAMESPACE}/${OPENSHIFT_IMAGE_SNIPPET} +# ================================================================================================================= + +#docker tag ${DOCKER_IMAGE} ${OPENSHIFT_IMAGESTREAM_PATH} +docker login ${OPENSHIFT_REGISTRY_ADDRESS} -u $(oc whoami) -p $(oc whoami -t) +#docker push ${OPENSHIFT_IMAGESTREAM_PATH} +make docker-build docker-push IMG=${OPENSHIFT_IMAGESTREAM_PATH}:${OPENSHIFT_IMAGE_TAG} From 2bff9a7edf2885152e314921297d78a17a90af08 Mon Sep 17 00:00:00 2001 From: Cailey Jones Date: Thu, 21 Jan 2021 15:36:21 -0800 Subject: [PATCH 6/6] privilege update --- .../pipeline/artifactory-pipeline.yaml | 142 ++++++++++++++++++ apps/artifactory/pipeline/install.yaml | 15 ++ 2 files changed, 157 insertions(+) diff --git a/apps/artifactory/pipeline/artifactory-pipeline.yaml b/apps/artifactory/pipeline/artifactory-pipeline.yaml index e69de29bb..a8a0a2ede 100644 --- a/apps/artifactory/pipeline/artifactory-pipeline.yaml +++ b/apps/artifactory/pipeline/artifactory-pipeline.yaml @@ -0,0 +1,142 @@ +metadata: + generateName: artifactory-pipeline- + namespace: devops-artifactory +spec: + serviceAccountName: workflow-creator + entrypoint: main + container: + - resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + volumeClaimTemplates: + - metadata: + name: work + spec: + storageClassName: "netapp-block-standard" + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 64Mi + + templates: + + - name: main + steps: + - - name: clone + template: clone + arguments: + parameters: + - name: repo + value: "https://github.com/BCDevOps/developer-experience" + - name: branch + value: "cailey/artifactory/argo" + - - name: create-artifactory-is + template: create-artifactory-is + - - name: build-operator + template: build-operator + + - name: clone + inputs: + parameters: + - name: repo + - name: branch + container: + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - mountPath: /mnt/vol + name: work + image: alpine/git:v2.26.2 + workingDir: /mnt/vol + args: + - clone + - --depth + - "1" + - --branch + - "{{inputs.parameters.branch}}" + - --single-branch + - "{{inputs.parameters.repo}}" + - . + + - name: create-artifactory-is + container: + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + image: openshift/origin-cli:latest + command: [sh, -c] + args: ['oc apply -f /mnt/vol/apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml'] + volumeMounts: + - name: work + mountPath: /mnt/vol + + - name: build-operator + container: + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + volumeMounts: + - name: work + mountPath: /mnt/vol + image: docker:19.03.13 + command: [sh, -c] + args: ["until docker ps; do sleep 3; done; cd /mnt/vol/apps/artifactory/artifactory-operator/; ./oc-push-image.sh"] + env: + - name: DOCKER_HOST + value: localhost + sidecars: + - name: dind + image: docker:19.03.14-dind-rootless + env: + - name: DOCKER_TLS_CERTDIR + value: "" +# securityContext: +# privileged: true + mirrorVolumeMounts: true + + + + +# container: +# resources: +# limits: +# cpu: 100m +# memory: 512Mi +# requests: +# cpu: 50m +# memory: 256Mi +# image: docker:latest +# command: [sh, -c] +# args: ['bash /mnt/vol/apps/artifactory/artifactory-operator/oc-push-image.sh'] +## args: ['exec /mnt/vol/apps/artifactory/artifactory-operator/oc-push-image.sh -i artifactory-operator -n devops-artifactory -r image-registry.apps.klab.devops.gov.bc.ca -t v1-1.0.0-test'] +## command: ["/mnt/vol/apps/artifactory/artifactory-operator/oc-push-image.sh"] +## args: +## - -i +## - artifactory-operator +## - -n +## - devops-artifactory +## - -r +## - image-registry.apps.klab.devops.gov.bc.ca +## - -t +## - v1-1.0.0-test +# volumeMounts: +# - name: work +# mountPath: /mnt/vol + diff --git a/apps/artifactory/pipeline/install.yaml b/apps/artifactory/pipeline/install.yaml index 155b6d39d..12ce85dda 100644 --- a/apps/artifactory/pipeline/install.yaml +++ b/apps/artifactory/pipeline/install.yaml @@ -202,10 +202,25 @@ objects: - services - verbs: - patch + - create apiGroups: - "" resources: - pods + - services + - configmaps + - replicationcontrollers + - secrets + - verbs: + - get + - list + - watch + - patch + - create + apiGroups: + - image.openshift.io + resources: + - imagestreams - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding