diff --git a/tkn/infra-azure-aks.yaml b/tkn/infra-azure-aks.yaml new file mode 100644 index 000000000..2a594d92d --- /dev/null +++ b/tkn/infra-azure-aks.yaml @@ -0,0 +1,146 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: infra-azure-aks + labels: + app.kubernetes.io/version: "0.7.0-dev" + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/categories: infrastructure + tekton.dev/tags: infrastructure, azure + tekton.dev/displayName: "azure manager" + tekton.dev/platforms: "linux/amd64" +spec: + description: | + This task will provision / decomission azure aks cluster + + The output will give required information to connect within the remote provisioned cluster + + workspaces: + - name: az-credentials + description: | + ocp secret holding the azure credentials. Secret should be accessible to this task. + + To be a valid secret it should contains the following fields: + * tenant_id + * subscription_id + * client_id + * client_secret + * storage_account (optional if we use remote az storage) + * storage_key (optional if we use remote az storage) + mountPath: /opt/credentials + + params: + # mapt params + - name: project-name + description: identifier for project. + - name: backed-url + description: external az storage (i.e azblob://existing-storage). + - name: operation + description: operation to execute within the infrastructure. Current values (create, destroy) + default: create + + # AKS params + - name: k8s-version + description: AKS K8s cluster version (default "1.30") + default: '1.30' + - name: only-system-pool + description: if we do not need bunch of resources we can run only the systempool. More info https://learn.microsoft.com/es-es/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools. (default false) + default: 'false' + - name: enable-app-routing + description: enable application routing add-on with NGINX. (default false) + default: 'false' + + # VM type params for pools + - name: spot + description: in case spot is set to true it 'ill check for best spot price and create the VM on the target region + default: 'true' + - name: spot-eviction-tolerance + description: 'if spot is enable we can define the minimum tolerance level of eviction. Allowed value are: lowest, low, medium, high or highest' + default: 'lowest' + + + # Metadata params + - name: tags + description: tags for the resources created on the providers + default: "''" + + # Control params + - name: remove-lock + description: in case a previous run fails the stack can be locked. This value allows to control if remove lock + default: 'true' + + results: + - name: kubeconfig + description: kubeconfig file + + steps: + - name: provisioner + image: quay.io/redhat-developer/mapt:v0.7.0-dev + imagePullPolicy: Always + script: | + #!/bin/sh + + # Added verbosity + set -xuo + + # Credentials + export ARM_TENANT_ID=$(cat /opt/credentials/tenant_id) + export ARM_SUBSCRIPTION_ID=$(cat /opt/credentials/subscription_id) + export ARM_CLIENT_ID=$(cat /opt/credentials/client_id) + export ARM_CLIENT_SECRET=$(cat /opt/credentials/client_secret) + if ! [ -f /opt/credentials/storage_account ]; then + export AZURE_STORAGE_ACCOUNT=$(cat /opt/credentials/storage_account) + fi + if ! [ -f /opt/credentials/storage_key ]; then + export AZURE_STORAGE_KEY=$(cat /opt/credentials/storage_key) + fi + + # Output folder + mkdir -p aks-kubeconfig + + # Remove lock + if [[ $(params.remove-lock) == "true" ]]; then + rm -rf ${workspace_path}/.pulumi/locks/* + fi + + # Run mapt + cmd="mapt azure aks $(params.operation) " + cmd="$cmd --project-name $(params.project-name) " + cmd="$cmd --backed-url $(params.backed-url) " + if [[ $(params.operation) == "create" ]]; then + cmd="$cmd --conn-details-output aks-kubeconfig " + cmd="$cmd --version $(params.k8s-version) " + if [[ $(params.only-system-pool) == "true" ]]; then + cmd="$cmd --only-system-pool " + fi + if [[ $(params.enable-app-routing) == "true" ]]; then + cmd="$cmd --enable-app-routing " + fi + if [[ $(params.spot) == "true" ]]; then + cmd="$cmd --spot " + cmd="$cmd --spot-eviction-tolerance $(params.spot-eviction-tolerance) " + fi + if [[ $(params.tags) != "" ]]; then + cmd="$cmd --tags $(params.tags) " + fi + fi + eval "${cmd}" + + create_exit_code=$? + + # set task results + cat "aks-kubeconfig/kubeconfig" | tee $(results.kubeconfig.path) + + if [[ ${create_exit_code} -ne 0 ]]; then + exit 1 + fi + + resources: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "600Mi" + cpu: "300m" diff --git a/tkn/template/infra-azure-aks.yaml b/tkn/template/infra-azure-aks.yaml new file mode 100644 index 000000000..a58c137a7 --- /dev/null +++ b/tkn/template/infra-azure-aks.yaml @@ -0,0 +1,146 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: infra-azure-aks + labels: + app.kubernetes.io/version: "" + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/categories: infrastructure + tekton.dev/tags: infrastructure, azure + tekton.dev/displayName: "azure manager" + tekton.dev/platforms: "linux/amd64" +spec: + description: | + This task will provision / decomission azure aks cluster + + The output will give required information to connect within the remote provisioned cluster + + workspaces: + - name: az-credentials + description: | + ocp secret holding the azure credentials. Secret should be accessible to this task. + + To be a valid secret it should contains the following fields: + * tenant_id + * subscription_id + * client_id + * client_secret + * storage_account (optional if we use remote az storage) + * storage_key (optional if we use remote az storage) + mountPath: /opt/credentials + + params: + # mapt params + - name: project-name + description: identifier for project. + - name: backed-url + description: external az storage (i.e azblob://existing-storage). + - name: operation + description: operation to execute within the infrastructure. Current values (create, destroy) + default: create + + # AKS params + - name: k8s-version + description: AKS K8s cluster version (default "1.30") + default: '1.30' + - name: only-system-pool + description: if we do not need bunch of resources we can run only the systempool. More info https://learn.microsoft.com/es-es/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools. (default false) + default: 'false' + - name: enable-app-routing + description: enable application routing add-on with NGINX. (default false) + default: 'false' + + # VM type params for pools + - name: spot + description: in case spot is set to true it 'ill check for best spot price and create the VM on the target region + default: 'true' + - name: spot-eviction-tolerance + description: 'if spot is enable we can define the minimum tolerance level of eviction. Allowed value are: lowest, low, medium, high or highest' + default: 'lowest' + + + # Metadata params + - name: tags + description: tags for the resources created on the providers + default: "''" + + # Control params + - name: remove-lock + description: in case a previous run fails the stack can be locked. This value allows to control if remove lock + default: 'true' + + results: + - name: kubeconfig + description: kubeconfig file + + steps: + - name: provisioner + image: + imagePullPolicy: Always + script: | + #!/bin/sh + + # Added verbosity + set -xuo + + # Credentials + export ARM_TENANT_ID=$(cat /opt/credentials/tenant_id) + export ARM_SUBSCRIPTION_ID=$(cat /opt/credentials/subscription_id) + export ARM_CLIENT_ID=$(cat /opt/credentials/client_id) + export ARM_CLIENT_SECRET=$(cat /opt/credentials/client_secret) + if ! [ -f /opt/credentials/storage_account ]; then + export AZURE_STORAGE_ACCOUNT=$(cat /opt/credentials/storage_account) + fi + if ! [ -f /opt/credentials/storage_key ]; then + export AZURE_STORAGE_KEY=$(cat /opt/credentials/storage_key) + fi + + # Output folder + mkdir -p aks-kubeconfig + + # Remove lock + if [[ $(params.remove-lock) == "true" ]]; then + rm -rf ${workspace_path}/.pulumi/locks/* + fi + + # Run mapt + cmd="mapt azure aks $(params.operation) " + cmd="$cmd --project-name $(params.project-name) " + cmd="$cmd --backed-url $(params.backed-url) " + if [[ $(params.operation) == "create" ]]; then + cmd="$cmd --conn-details-output aks-kubeconfig " + cmd="$cmd --version $(params.k8s-version) " + if [[ $(params.only-system-pool) == "true" ]]; then + cmd="$cmd --only-system-pool " + fi + if [[ $(params.enable-app-routing) == "true" ]]; then + cmd="$cmd --enable-app-routing " + fi + if [[ $(params.spot) == "true" ]]; then + cmd="$cmd --spot " + cmd="$cmd --spot-eviction-tolerance $(params.spot-eviction-tolerance) " + fi + if [[ $(params.tags) != "" ]]; then + cmd="$cmd --tags $(params.tags) " + fi + fi + eval "${cmd}" + + create_exit_code=$? + + # set task results + cat "aks-kubeconfig/kubeconfig" | tee $(results.kubeconfig.path) + + if [[ ${create_exit_code} -ne 0 ]]; then + exit 1 + fi + + resources: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "600Mi" + cpu: "300m"