chore: added tekton task for aks service

Signed-off-by: Adrian Riobo <ariobolo@redhat.com>

tkn/infra-azure-aks.yaml

@@ -0,0 +1,146 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: infra-azure-aks
+  labels:
+    app.kubernetes.io/version: "0.7.0-dev"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.44.x"
+    tekton.dev/categories: infrastructure
+    tekton.dev/tags: infrastructure, azure
+    tekton.dev/displayName: "azure manager"
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: |
+    This task will provision / decomission azure aks cluster
+
+    The output will give required information to connect within the remote provisioned cluster
+
+  workspaces:
+    - name: az-credentials
+      description: |
+        ocp secret holding the azure credentials. Secret should be accessible to this task.
+
+        To be a valid secret it should contains the following fields:
+        * tenant_id
+        * subscription_id
+        * client_id
+        * client_secret
+        * storage_account (optional if we use remote az storage)
+        * storage_key (optional if we use remote az storage)
+      mountPath: /opt/credentials
+
+  params:
+    # mapt params 
+    - name: project-name
+      description: identifier for project.
+    - name: backed-url
+      description: external az storage (i.e azblob://existing-storage). 
+    - name: operation
+      description: operation to execute within the infrastructure. Current values (create, destroy)
+      default: create
+
+    # AKS params
+    - name: k8s-version
+      description: AKS K8s cluster version (default "1.30")
+      default: '1.30'
+    - name: only-system-pool
+      description: if we do not need bunch of resources we can run only the systempool. More info https://learn.microsoft.com/es-es/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools. (default false)
+      default: 'false'
+    - name: enable-app-routing
+      description: enable application routing add-on with NGINX. (default false)
+      default: 'false'
+
+    # VM type params for pools
+    - name: spot
+      description: in case spot is set to true it 'ill check for best spot price and create the VM on the target region
+      default: 'true'
+    - name: spot-eviction-tolerance
+      description: 'if spot is enable we can define the minimum tolerance level of eviction. Allowed value are: lowest, low, medium, high or highest'
+      default: 'lowest'
+
+
+    # Metadata params
+    - name: tags
+      description: tags for the resources created on the providers
+      default: "''"
+
+    # Control params
+    - name: remove-lock
+      description: in case a previous run fails the stack can be locked. This value allows to control if remove lock
+      default: 'true'
+
+  results:
+    - name: kubeconfig
+      description: kubeconfig file
+
+  steps:
+    - name: provisioner
+      image: quay.io/redhat-developer/mapt:v0.7.0-dev
+      imagePullPolicy: Always
+      script: |
+        #!/bin/sh
+
+        # Added verbosity
+        set -xuo
+
+        # Credentials
+        export ARM_TENANT_ID=$(cat /opt/credentials/tenant_id)
+        export ARM_SUBSCRIPTION_ID=$(cat /opt/credentials/subscription_id)
+        export ARM_CLIENT_ID=$(cat /opt/credentials/client_id)
+        export ARM_CLIENT_SECRET=$(cat /opt/credentials/client_secret)
+        if ! [ -f /opt/credentials/storage_account ]; then
+          export AZURE_STORAGE_ACCOUNT=$(cat /opt/credentials/storage_account)
+        fi
+        if ! [ -f /opt/credentials/storage_key ]; then
+          export AZURE_STORAGE_KEY=$(cat /opt/credentials/storage_key)
+        fi
+
+        # Output folder
+        mkdir -p aks-kubeconfig
+
+        # Remove lock
+        if [[ $(params.remove-lock) == "true" ]]; then
+          rm -rf ${workspace_path}/.pulumi/locks/*
+        fi
+
+        # Run mapt
+        cmd="mapt azure aks $(params.operation) "
+        cmd="$cmd --project-name $(params.project-name) "
+        cmd="$cmd --backed-url $(params.backed-url) "
+        if [[ $(params.operation) == "create" ]]; then
+          cmd="$cmd --conn-details-output aks-kubeconfig "
+          cmd="$cmd --version $(params.k8s-version) "
+          if [[ $(params.only-system-pool) == "true" ]]; then
+            cmd="$cmd --only-system-pool "
+          fi
+          if [[ $(params.enable-app-routing) == "true" ]]; then
+            cmd="$cmd --enable-app-routing "
+          fi
+          if [[ $(params.spot) == "true" ]]; then
+            cmd="$cmd --spot "
+            cmd="$cmd --spot-eviction-tolerance $(params.spot-eviction-tolerance) "
+          fi
+          if [[ $(params.tags) != "" ]]; then
+            cmd="$cmd --tags $(params.tags) "
+          fi
+        fi
+        eval "${cmd}"
+
+        create_exit_code=$?
+
+        # set task results
+        cat "aks-kubeconfig/kubeconfig" | tee $(results.kubeconfig.path)
+
+        if [[ ${create_exit_code} -ne 0 ]]; then 
+          exit 1
+        fi
+
+      resources:
+        requests:
+          memory: "200Mi"
+          cpu: "100m"
+        limits:
+          memory: "600Mi"
+          cpu: "300m"

tkn/template/infra-azure-aks.yaml

@@ -0,0 +1,146 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: infra-azure-aks
+  labels:
+    app.kubernetes.io/version: "<VERSION>"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.44.x"
+    tekton.dev/categories: infrastructure
+    tekton.dev/tags: infrastructure, azure
+    tekton.dev/displayName: "azure manager"
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: |
+    This task will provision / decomission azure aks cluster
+
+    The output will give required information to connect within the remote provisioned cluster
+
+  workspaces:
+    - name: az-credentials
+      description: |
+        ocp secret holding the azure credentials. Secret should be accessible to this task.
+
+        To be a valid secret it should contains the following fields:
+        * tenant_id
+        * subscription_id
+        * client_id
+        * client_secret
+        * storage_account (optional if we use remote az storage)
+        * storage_key (optional if we use remote az storage)
+      mountPath: /opt/credentials
+
+  params:
+    # mapt params 
+    - name: project-name
+      description: identifier for project.
+    - name: backed-url
+      description: external az storage (i.e azblob://existing-storage). 
+    - name: operation
+      description: operation to execute within the infrastructure. Current values (create, destroy)
+      default: create
+
+    # AKS params
+    - name: k8s-version
+      description: AKS K8s cluster version (default "1.30")
+      default: '1.30'
+    - name: only-system-pool
+      description: if we do not need bunch of resources we can run only the systempool. More info https://learn.microsoft.com/es-es/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools. (default false)
+      default: 'false'
+    - name: enable-app-routing
+      description: enable application routing add-on with NGINX. (default false)
+      default: 'false'
+
+    # VM type params for pools
+    - name: spot
+      description: in case spot is set to true it 'ill check for best spot price and create the VM on the target region
+      default: 'true'
+    - name: spot-eviction-tolerance
+      description: 'if spot is enable we can define the minimum tolerance level of eviction. Allowed value are: lowest, low, medium, high or highest'
+      default: 'lowest'
+
+
+    # Metadata params
+    - name: tags
+      description: tags for the resources created on the providers
+      default: "''"
+
+    # Control params
+    - name: remove-lock
+      description: in case a previous run fails the stack can be locked. This value allows to control if remove lock
+      default: 'true'
+
+  results:
+    - name: kubeconfig
+      description: kubeconfig file
+
+  steps:
+    - name: provisioner
+      image: <IMAGE>
+      imagePullPolicy: Always
+      script: |
+        #!/bin/sh
+
+        # Added verbosity
+        set -xuo
+
+        # Credentials
+        export ARM_TENANT_ID=$(cat /opt/credentials/tenant_id)
+        export ARM_SUBSCRIPTION_ID=$(cat /opt/credentials/subscription_id)
+        export ARM_CLIENT_ID=$(cat /opt/credentials/client_id)
+        export ARM_CLIENT_SECRET=$(cat /opt/credentials/client_secret)
+        if ! [ -f /opt/credentials/storage_account ]; then
+          export AZURE_STORAGE_ACCOUNT=$(cat /opt/credentials/storage_account)
+        fi
+        if ! [ -f /opt/credentials/storage_key ]; then
+          export AZURE_STORAGE_KEY=$(cat /opt/credentials/storage_key)
+        fi
+
+        # Output folder
+        mkdir -p aks-kubeconfig
+
+        # Remove lock
+        if [[ $(params.remove-lock) == "true" ]]; then
+          rm -rf ${workspace_path}/.pulumi/locks/*
+        fi
+
+        # Run mapt
+        cmd="mapt azure aks $(params.operation) "
+        cmd="$cmd --project-name $(params.project-name) "
+        cmd="$cmd --backed-url $(params.backed-url) "
+        if [[ $(params.operation) == "create" ]]; then
+          cmd="$cmd --conn-details-output aks-kubeconfig "
+          cmd="$cmd --version $(params.k8s-version) "
+          if [[ $(params.only-system-pool) == "true" ]]; then
+            cmd="$cmd --only-system-pool "
+          fi
+          if [[ $(params.enable-app-routing) == "true" ]]; then
+            cmd="$cmd --enable-app-routing "
+          fi
+          if [[ $(params.spot) == "true" ]]; then
+            cmd="$cmd --spot "
+            cmd="$cmd --spot-eviction-tolerance $(params.spot-eviction-tolerance) "
+          fi
+          if [[ $(params.tags) != "" ]]; then
+            cmd="$cmd --tags $(params.tags) "
+          fi
+        fi
+        eval "${cmd}"
+
+        create_exit_code=$?
+
+        # set task results
+        cat "aks-kubeconfig/kubeconfig" | tee $(results.kubeconfig.path)
+
+        if [[ ${create_exit_code} -ne 0 ]]; then 
+          exit 1
+        fi
+
+      resources:
+        requests:
+          memory: "200Mi"
+          cpu: "100m"
+        limits:
+          memory: "600Mi"
+          cpu: "300m"