Red Hat SummitRed Hat blog
- Introduction to OpenShift Pipelines
- Using Source 2 Image Build in Tekton
- Manage a Runtime Image
- Application Deployment and Pipeline Orchestration
- Using the Examples in this Series
Introduction
OpenShift Pipelines is a Continuous Integration / Continuous Delivery (CI/CD) solution based on the open source Tekton project. The previous articles in the series showed how to use Tekton to use the OpenShift source 2 image to build an application and how to use Tekton to create and store a runtime image. This article will cover the overall orchestration process of Tekton pipelines to bring together the tasks explained so far in the series into a single seamless process that executes all required steps. This also shows how parameters can feed into the process when the pipeline is executed.
Access to the source content
All assets required to create your own instance of the resources described in this article can be found in the GitHub repository here. In an attempt to save space and make the article more readable only the important aspects of Tekton resources are included within the text. Readers who want to see the context of a section of YAML should clone or download the Git repository and refer to the full version of the appropriate file.
Application Deployment
The application deployment from the new image uses a deployment template located in build/template/deploy-app-template.yaml. This allows placeholders to be put in the yaml content for the deployment, service and route which can be filled in at deployment time using parameter substitution performed by the ‘oc process’ command. A section of the deployment template is shown below:
apiVersion: v1
kind: Template
parameters:
- name: APP_NAME
value:
- name: APP_GROUP
value:
- name: APP_IMAGE
value:
metadata:
name: app-template
objects:
- kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: ${APP_NAME}
app.kubernetes.io/part-of: ${APP_GROUP}
name: ${APP_NAME}
spec:
replicas: 1
selector:
matchLabels:
app: ${APP_NAME}
The deployment step shown below calls the ‘oc process’ command to provide parameters to the above template file such that the resources can be created. Note that the source code is referenced again in this task since the deployment template is located amongst the deployment assets in the Git repository.
Generation of deployment yaml file
The Tekton task for the deployment of the application is in the file build/tasks/ocProcessDeploymentTemplate.yaml.
The oc process command result is piped to a file called deployment-resources.yaml, such that it can be examined if necessary before being executed with the ‘oc create -f’ command.
- name: gen-oc-process-script
command:
- /bin/sh
- '-c'
args:
- |-
echo "oc process \
-f \ /workspace/source/$(params.templateFileName) \
-p APP_NAME=$(params.appName) \
-p APP_GROUP=$(params.appGroup) \
-p APP_IMAGE=$(resources.inputs.runtime-image.url) \
> deployment-resources.yaml" > oc-process-cmd.sh
echo "Generated oc process script command"
cat oc-process-cmd.sh
chmod a+x oc-process-cmd.sh
./oc-process-cmd.sh
image: [image registry url]:5000/openshift/cli:latest
volumeMounts:
- name: deployment-files
mountPath: /deployment-files
workingDir: /deployment-files
Creation of application resources
The application resources are created using the following step.
- name: oc-create-resources
command:
- oc
- create
- '-f'
- deployment-resources.yaml
image: [image registry url]:5000/openshift/cli:latest
volumeMounts:
- name: deployment-files
mountPath: /deployment-files
workingDir: /deployment-files
Pipeline orchestration
The pipeline resource is used to provide the overall orchestration of the process. The default behaviour of tasks referenced in the pipeline is that they will all run in parallel unless the runAfter directive is used to control the order of execution.The pipeline is used as an aggregator for the parameters and resources that are used by each task, and then the pipeline run resource is used to feed actual values into the parameters and and resource definitions.
Pipeline
Pipeline resources have a reference to the namespace (OpenShift project) in which they are to run so this needs to be updated, or parameterised, depending on requirements.
The pipeline file is located in build/pipelines/pipeline.yaml.
An example of the pipeline resource is shown below:
apiVersion: tekton.dev/v1beta1
kind: Pipeline
labels:
app.kubernetes.io/instance: liberty-rest-app
name: liberty-rest-app
namespace: liberty-rest
spec:
resources:
- name: app-source
type: git
- name: runtime-image
type: image
params:
- name: templateFileName
type: string
default: build/template/deploy-app-template.yaml
The task section of the pipeline indicates which task should be executed and the parameters and resources that the task uses, as shown below. The parameters section indicates that the pipeline will receive an incoming parameter called templateFileName from the pipeline run and it will pass the value (under the same name) to the task called oc-process-deployment-template. This task will not start until the two tasks named at the end of the section have completed.
- name: deploy-application
resources:
inputs:
- name: source
resource: app-source
- name: runtime-image
resource: runtime-image
params:
- name: templateFileName
value: $(params.templateFileName)
- name: appName
value: $(params.appName)
- name: appGroup
value: $(params.appGroup)
taskRef:
kind: Task
name: oc-process-deployment-template
runAfter:
- create-runtime-image
- clear-resources
Pipeline run
The pipeline run resource is used to begin the execution of the pipeline. Actual values for parameters and references for resources are stored in the pipeline run. Once a pipeline and tasks are defined the only place that users need to go in order to modify the behavior of the pipeline execution should be the pipeline run.
The pipeline run file is located in build/pipelineRun/pipelineRun.yaml.
The pipeline run resource has a reference to the pipeline that it should execute and it also may have a generated name. This name is a prefix to a name that is generated by OpenShift when the pipeline run is executed.
An example of the pipeline run is shown below, including references for resources and real values for the parameters.
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: liberty-rest-app-run-pr-
spec:
pipelineRef:
name: liberty-rest-app
resources:
- name: app-source
resourceRef:
name: liberty-rest-app-source-code
- name: intermediate-image
resourceRef:
name: intermediate
- name: runtime-image
resourceRef:
name: liberty-rest-app
params:
- name: templateFileName
value: build/template/deploy-app-template.yaml
- name: appName
value: liberty-rest
- name: appGroup
value: Liberty
- name: quay-io-account
value: "marrober"
- name: quay-io-repository
value: "liberty-rest"
- name: quay-io-image-tag-name
value: "latest"
The pipeline run is executed using the command:
‘oc create -f <pipeline-run-file.yaml>’
Summary
This article showed how to use Tekton pipelines to create and execute an overall orchestration process. Clearly there are opportunities to extend the pipeline to add further source code analysis, initial testing, image vulnerability scanning etc. as required by each team.
What’s next
The next article in this series shows how to use OpenShift to create the processes explained so far in the series.
