From 126d616b95fb08468e3c5cc7a51f66cf92a951d5 Mon Sep 17 00:00:00 2001 From: Jawed khelil Date: Tue, 16 May 2023 16:04:00 +0200 Subject: [PATCH] deploy shipwright triggers via operator --- README.md | 2 + ...wright-operator.clusterserviceversion.yaml | 32 +++ config/rbac/role.yaml | 32 +++ controllers/shipwrightbuild_controller.go | 10 + .../shipwrightbuild_controller_test.go | 1 + controllers/shipwrightbuild_rbac.go | 4 + controllers/util.go | 5 + kodata/triggers.yaml | 214 ++++++++++++++++++ 8 files changed, 300 insertions(+) create mode 100644 kodata/triggers.yaml diff --git a/README.md b/README.md index 0f87413d..48563783 100644 --- a/README.md +++ b/README.md @@ -36,11 +36,13 @@ Refer to the [ShipwrightBuild documentation](docs/shipwrightbuild.md) for more i The operator handles differents environment variables to customize Shiprwright controller installation: KO_DATA_PATH : defines the shipwright controller manifest to install +INSTALL_TRIGGERS: if set to true the operator will install Shipwright Triggers IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD : defines the Shipwright Build Controller Image to use IMAGE_SHIPWRIGHT_GIT_CONTAINER_IMAGE: defines the Shipwright Git Container Image to use IMAGE_SHIPWRIGHT_MUTATE_IMAGE_CONTAINER_IMAGE: defines the Shipwright Mutate Image to use IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE: defines the Shipwright Bundle Image to use IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE: defines the Shipwright Waiter Image to use +IMAGE_SHIPWRIGHT_SHIPWRIGHT_TRIGGERS: defines the Shipwright Triggers Image to use ## Contributing diff --git a/bundle/manifests/shipwright-operator.clusterserviceversion.yaml b/bundle/manifests/shipwright-operator.clusterserviceversion.yaml index 1575751d..d95c25af 100644 --- a/bundle/manifests/shipwright-operator.clusterserviceversion.yaml +++ b/bundle/manifests/shipwright-operator.clusterserviceversion.yaml @@ -484,6 +484,38 @@ spec: - get - patch - update + - apiGroups: + - operator.tekton.dev + resources: + - customruns + verbs: + - get + - list + - watch + - apiGroups: + - operator.tekton.dev + resources: + - customruns/finalizers + verbs: + - patch + - update + - apiGroups: + - operator.tekton.dev + resources: + - customruns/status + verbs: + - patch + - update + - apiGroups: + - operator.tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - operator.tekton.dev resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 892e1820..cd9b303c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -109,6 +109,38 @@ rules: - get - patch - update +- apiGroups: + - operator.tekton.dev + resources: + - customruns + verbs: + - get + - list + - watch +- apiGroups: + - operator.tekton.dev + resources: + - customruns/finalizers + verbs: + - patch + - update +- apiGroups: + - operator.tekton.dev + resources: + - customruns/status + verbs: + - patch + - update +- apiGroups: + - operator.tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - operator.tekton.dev resources: diff --git a/controllers/shipwrightbuild_controller.go b/controllers/shipwrightbuild_controller.go index 98732c2f..dafc0bd5 100644 --- a/controllers/shipwrightbuild_controller.go +++ b/controllers/shipwrightbuild_controller.go @@ -219,6 +219,7 @@ func (r *ShipwrightBuildReconciler) setupManifestival(managerLogger logr.Logger) if err != nil { return err } + buildManifest := filepath.Join(dataPath, "release.yaml") r.Manifest, err = manifestival.NewManifest( @@ -226,6 +227,15 @@ func (r *ShipwrightBuildReconciler) setupManifestival(managerLogger logr.Logger) manifestival.UseClient(client), manifestival.UseLogger(logger), ) + + if withTriggers() { + triggersManifest := filepath.Join(dataPath, "triggers.yaml") + m, err := manifestival.ManifestFrom(manifestival.Recursive(triggersManifest)) + if err != nil { + return err + } + r.Manifest = r.Manifest.Append(m) + } return err } diff --git a/controllers/shipwrightbuild_controller_test.go b/controllers/shipwrightbuild_controller_test.go index 06c99484..95376375 100644 --- a/controllers/shipwrightbuild_controller_test.go +++ b/controllers/shipwrightbuild_controller_test.go @@ -146,6 +146,7 @@ func testShipwrightBuildReconcilerReconcile(t *testing.T, targetNamespace string {"IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE", "ghcr.io/shipwright-io/build/waiter:nightly-2023-05-05-1683263383"}, {"IMAGE_SHIPWRIGHT_MUTATE_IMAGE_CONTAINER_IMAGE", "ghcr.io/shipwright-io/build/mutate-image:nightly-2023-04-18-1681794585"}, {"IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE", "ghcr.io/shipwright-io/build/bundle:nightly-2023-05-05-1683263383"}, + {"IMAGE_SHIPWRIGHT_SHIPWRIGHT_TRIGGERS", "quay.io/jkhelil/openshift-builds-triggers"}, } t.Logf("Deploying Shipwright Controller against '%s' namespace", targetNamespace) diff --git a/controllers/shipwrightbuild_rbac.go b/controllers/shipwrightbuild_rbac.go index b0215530..e6980406 100644 --- a/controllers/shipwrightbuild_rbac.go +++ b/controllers/shipwrightbuild_rbac.go @@ -26,3 +26,7 @@ package controllers // +kubebuilder:rbac:groups=operator.shipwright.io,resources=shipwrightbuilds/finalizers,verbs=update // +kubebuilder:rbac:groups=operator.shipwright.io,resources=shipwrightbuilds/status,verbs=get;update;patch // +kubebuilder:rbac:groups=operator.tekton.dev,resources=tektonconfigs,verbs=get;list;create +// +kubebuilder:rbac:groups=operator.tekton.dev,resources=customruns,verbs=get;list;watch +// +kubebuilder:rbac:groups=operator.tekton.dev,resources=customruns/finalizers,verbs=patch;update +// +kubebuilder:rbac:groups=operator.tekton.dev,resources=customruns/status,verbs=patch;update +// +kubebuilder:rbac:groups=operator.tekton.dev,resources=pipelineruns,verbs=get;list;patch;update;watch diff --git a/controllers/util.go b/controllers/util.go index 8aee5d4e..95566d3b 100644 --- a/controllers/util.go +++ b/controllers/util.go @@ -15,6 +15,7 @@ import ( // koDataPathEnv ko data-path environment variable. const ( koDataPathEnv = "KO_DATA_PATH" + InstallTriggers = "INSTALL_TRIGGERS" ShipwrightImagePrefix = "IMAGE_SHIPWRIGHT_" ) @@ -117,3 +118,7 @@ func replaceContainersEnvImage(container corev1.Container, images map[string]str } } } + +func withTriggers() bool { + return os.Getenv(InstallTriggers) == "true" +} diff --git a/kodata/triggers.yaml b/kodata/triggers.yaml new file mode 100644 index 00000000..e9d6abca --- /dev/null +++ b/kodata/triggers.yaml @@ -0,0 +1,214 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: shipwright-build + name: shipwright-triggers + labels: + app.kubernetes.io/name: shipwright-triggers +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: shipwright-triggers + name: shipwright-triggers +rules: + - apiGroups: + - shipwright.io + resources: + - buildruns + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - shipwright.io + resources: + - builds + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - customruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - customruns/finalizers + verbs: + - patch + - update + - apiGroups: + - tekton.dev + resources: + - customruns/status + verbs: + - patch + - update + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - patch + - update + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: shipwright-triggers + labels: + app.kubernetes.io/name: shipwright-triggers +subjects: + - kind: ServiceAccount + namespace: shipwright-build + name: shipwright-triggers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: shipwright-triggers +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: shipwright-build + labels: + app.kubernetes.io/name: shipwright-triggers + name: shipwright-triggers +rules: + - apiGroups: + - shipwright.io + resources: + - buildruns + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - shipwright.io + resources: + - builds + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - customruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - customruns/finalizers + verbs: + - patch + - update + - apiGroups: + - tekton.dev + resources: + - customruns/status + verbs: + - patch + - update + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - patch + - update + - watch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: shipwright-build + name: shipwright-triggers + labels: + app.kubernetes.io/name: shipwright-triggers +subjects: + - kind: ServiceAccount + namespace: shipwright-build + name: shipwright-triggers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: shipwright-triggers +--- +apiVersion: v1 +kind: Service +metadata: + namespace: shipwright-build + name: shipwright-triggers + labels: + app.kubernetes.io/name: shipwright-triggers +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: shipwright-triggers +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: shipwright-build + name: shipwright-triggers + labels: + app.kubernetes.io/name: shipwright-triggers +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: shipwright-triggers + template: + metadata: + labels: + app.kubernetes.io/name: shipwright-triggers + spec: + serviceAccountName: shipwright-triggers + containers: + - name: shipwright-triggers + image: "quay.io/jkhelil/openshift-builds-triggers:latest" + args: + - --health-probe-bind-address + - ":8081" + imagePullPolicy: IfNotPresent + ports: + - name: webhook + containerPort: 80 + protocol: TCP + - name: probe + containerPort: 8081 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: probe + readinessProbe: + httpGet: + path: /readyz + port: probe