Add kubernetes actions task in kubectl

The task `kubectl-actions` is a generic task which can be used to perform k8s-actions. We take the whole script as a `params` whereas the existing task `kubectl-deploy` only works for deploying the pod and fulfills the specific criteria. Signed-off-by: vinamra28 <[email protected]>
tektoncd · Jul 5, 2020 · b54479d · b54479d
1 parent e680707
commit b54479d
Show file tree

Hide file tree

Showing 8 changed files with 209 additions and 49 deletions.
diff --git a/kubectl/README.md b/kubectl/README.md
@@ -1,53 +1,58 @@
 # Kubectl
 
+# `kubectl-deploy`
+
 This Task deploys (or delete) a Kubernates resource (pod). It uses
 [`kubectl`](https://kubernetes.io/zh/docs/reference/kubectl/kubectl/) for that.
 
-## Install the Task
+## Install ClusterRole
+
+**CAUTION:** The `clusterrole.yaml` is just a sample, should be modified based on real requirements to avoid potential security issues.
 
 ```
-kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/kubectl/kubectl-deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/kubectl/rbac/clusterrole.yaml
 ```
 
-## Install ClusterRole
-**CAUTION:** The `clusterrole.yaml` is just a sample, should be modified based on real requirements to avoid potential security issues.
+## Install ClusterRolebinding
 
 ```
-kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/kubectl/clusterrole.yaml
+kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/kubectl/rbac/clusterrolebinding.yaml
 ```
 
-## Install ClusterRolebinding
+## Install the Task
 
 ```
-kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/kubectl/clusterrolebinding.yaml
+kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/kubectl/kubectl-deploy.yaml
 ```
 
-## Inputs 
+## Inputs
 
 ### Parameters
 
-* **action**: The action to perform to the resource, support `get`, `create`, `apply`, `delete`, `replace`, `patch`.
-* **manifest**: The content of the resource to deploy.
-* **success-condition/failure-condition**: SuccessCondition and failureCondition are optional expressions which are evaluated upon every update of the resource. If failureCondition is ever evaluated to true, the step is considered failed. Likewise, if successCondition is ever evaluated to true the step is considered successful. It uses kubernetes label selection syntax and can be applied against any field of the resource (not just labels). Multiple AND conditions can be represented by comma delimited expressions. For more details, see:  https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/.
-* **merge-strategy**: The strategy used to merge a patch, defaults to `strategic`, supported `strategic`, `merge` and `json`.
-* **output**: Extracted from fields of the resource, only support jsonpath. Should define as a `yaml` array(array even if only one item):
-```
-  - name: output
-    value: |
-      - name: job-name
-        valueFrom: '{.metadata.name}'
-      - name: job-namespace
-        valueFrom: '{.metadata.namespace}' 
+- **action**: The action to perform to the resource, support `get`, `create`, `apply`, `delete`, `replace`, `patch`.
+- **manifest**: The content of the resource to deploy.
+- **success-condition/failure-condition**: SuccessCondition and failureCondition are optional expressions which are evaluated upon every update of the resource. If failureCondition is ever evaluated to true, the step is considered failed. Likewise, if successCondition is ever evaluated to true the step is considered successful. It uses kubernetes label selection syntax and can be applied against any field of the resource (not just labels). Multiple AND conditions can be represented by comma delimited expressions. For more details, see: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/.
+- **merge-strategy**: The strategy used to merge a patch, defaults to `strategic`, supported `strategic`, `merge` and `json`.
+- **output**: Extracted from fields of the resource, only support jsonpath. Should define as a `yaml` array(array even if only one item):
+
+```yaml
+- name: output
+  value: |
+    - name: job-name
+      valueFrom: '{.metadata.name}'
+    - name: job-namespace
+      valueFrom: '{.metadata.namespace}'
 ```
+
 The extracted value will be write to`/tekton/results/$(name)`.
-* **set-ownerreference**: Set the `ownerReferences` for the resource as pod of `step`, default to false.
 
+- **set-ownerreference**: Set the `ownerReferences` for the resource as pod of `step`, default to false.
 
 ## Usage
 
 This TaskRun runs the Task to deploy the given Kubernetes resource.
 
-```
+```yaml
 apiVersion: tekton.dev/v1beta1
 kind: TaskRun
 metadata:
@@ -56,31 +61,106 @@ spec:
   taskRef:
     name: kubectl-deploy-pod
   params:
-  - name: action
-    value: create
-  - name: success-condition
-    value: status.phase == Running
-  - name: failure-condition
-    value: status.phase in (Failed, Error)
-  - name: output
-    value: |
-      - name: job-name
-        valueFrom: '{.metadata.name}'
-      - name: job-namespace
-        valueFrom: '{.metadata.namespace}' 
-  - name: set-ownerreference
-    value: "true"
-  - name: manifest
-    value: |
-      apiVersion: v1
-      kind: Pod
-      metadata:
-        generateName: myapp-pod-
-        labels:
-          app: myapp
-      spec:
-        containers:
-        - name: myapp-container
-          image: docker
-          command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 30']
+    - name: action
+      value: create
+    - name: success-condition
+      value: status.phase == Running
+    - name: failure-condition
+      value: status.phase in (Failed, Error)
+    - name: output
+      value: |
+        - name: job-name
+          valueFrom: '{.metadata.name}'
+        - name: job-namespace
+          valueFrom: '{.metadata.namespace}'
+    - name: set-ownerreference
+      value: "true"
+    - name: manifest
+      value: |
+        apiVersion: v1
+        kind: Pod
+        metadata:
+          generateName: myapp-pod-
+          labels:
+            app: myapp
+        spec:
+          containers:
+          - name: myapp-container
+            image: docker
+            command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 30']
+```
+
+# `kubectl-actions`
+
+This is a generic task used to perform kubernetes actions such as `kubectl get deployment` or `kubectl create -f filename.yaml`. For more commands [see](https://kubernetes.io/docs/reference/kubectl/overview/).
+
+## Install the task
+
+```
+kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/kubectl/kubectl-actions.yaml
+```
+
+## Inputs
+
+### Parameters
+
+- **script**: script of `kubectl` commands to execute e.g. `kubectl get pod $1 -0 yaml`. This will take the first value of ARGS as pod name (_default_: `kubectl $@`)
+- **args**: args to execute which are appended to `kubectl` e.g. `start-build myapp` (_default_: `help`)
+- **image**: Default image being `gcr.io/cloud-builders/kubectl`. If somebody wants to use their own image then they can provide it as a part of params. For example an image avilable is `lachlanevenson/k8s-kubectl`
+
+### Workspaces
+
+- **kubeconfig-dir**: If you want to deploy you application to another cluster then you can mount your `kubeconfig` file via this `workspace`. (Default: _emptyDir:{}_ in case `kubeconfig` is not mounted)
+- **manifest-dir**: Manifest files can be provided via the workspaces.(Default: _emptyDir:{}_ in case no manifest is provided)
+
+## Usage
+
+In case no manifests are mounted
+
+```yaml
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: kubectl-run
+spec:
+  taskRef:
+    name: kubectl-actions
+  params:
+    - name: SCRIPT
+      value: |
+        kubectl get pods 
+        echo "-----------"
+        kubectl get deploy
+  workspaces:
+    - name: kubeconfig-dir
+      emptyDir: {}
+    - name: manifest-dir
+      emptyDir: {}
+```
+
+In case manifest is present on `GitHub` :
+
+```yaml
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: kubectl-run
+spec:
+  taskRef:
+    name: kubectl-actions
+  params:
+    - name: script
+      value: |
+        kubectl apply -f https://raw.githubusercontent.com/vinamra28/social-client/master/k8s/deployment.yaml
+        ----------
+        kubectl get deployment
+  workspaces:
+    - name: kubeconfig-dir
+      emptyDir: {}
+    - name: manifest-dir
+      emptyDir: {}
 ```
+
+## Kubectl Patch Deployment Image Example
+
+If you have existing deployment and after period of time image of the application is being updated. So to update the container image in the deployment, this task can be used as this task will patch the image with the new image in the existing deployment. The TaskRun for this scenario can be found [here](./examples/update-deployment-image-taskrun.yaml)
diff --git a/kubectl/examples/kubectl-actions-run.yaml b/kubectl/examples/kubectl-actions-run.yaml
@@ -0,0 +1,18 @@
+uapiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: kubectl-run
+spec:
+  taskRef:
+    name: kubectl-actions
+  params:
+    - name: script
+      value: |
+        kubectl get pods
+        echo "---------"
+        kubectl get deploy
+  workspaces:
+    - name: kubeconfig-dir
+      emptyDir: {}
+    - name: manifest-dir
+      emptyDir: {}
diff --git a/kubectl/taskrun-delete.yaml → kubectl/examples/taskrun-delete.yaml b/kubectl/taskrun-delete.yaml → kubectl/examples/taskrun-delete.yaml
diff --git a/kubectl/taskrun.yaml → kubectl/examples/taskrun.yaml b/kubectl/taskrun.yaml → kubectl/examples/taskrun.yaml
diff --git a/kubectl/examples/update-deployment-image-taskrun.yaml b/kubectl/examples/update-deployment-image-taskrun.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: update-deployment-image-taskrun
+spec:
+  taskRef:
+    name: kubectl-actions
+  workspaces:
+    - name: kubeconfig-dir
+      emptyDir: {}
+    - name: manifest-dir
+      emptyDir: {}
+  params:
+    - name: script
+      value: |
+        kubectl patch deployment $1 --patch='{"spec":{"template":{"spec":{
+          "containers":[{
+            "name": "$(params.DEPLOYMENT_NAME)",
+            "image":"$(params.REPLACEMENT_IMAGE)"
+          }]
+        }}}}'
+    - name: args
+      value:
+        - my-client-v1
+        - quay.io/vinamra2807/social-client:v2
diff --git a/kubectl/kubectl-actions.yaml b/kubectl/kubectl-actions.yaml
@@ -0,0 +1,36 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: kubectl-actions
+spec:
+  workspaces:
+    - name: manifest-dir
+    - name: kubeconfig-dir
+  params:
+    - name: script
+      description: The Kubernetes CLI script to run
+      type: string
+      default: "kubectl $@"
+    - name: args
+      description: The Kubernetes CLI arguments to run
+      type: array
+      default:
+        - "help"
+    - name: image
+      default: gcr.io/cloud-builders/kubectl #image is huge
+      description: Kubectl wrapper image
+  steps:
+    - name: kubectl
+      image: $(params.image)
+      workingDir: $(workspaces.manifest-dir.path)
+      script: |
+        #!/usr/bin/env bash
+
+        if [[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]]; then
+          export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
+        fi
+
+        $(params.script)
+
+      args:
+        - "$(params.args)"
diff --git a/kubectl/clusterrole.yaml → kubectl/rbac/clusterrole.yaml b/kubectl/clusterrole.yaml → kubectl/rbac/clusterrole.yaml
diff --git a/kubectl/clusterrolebinding.yaml → kubectl/rbac/clusterrolebinding.yaml b/kubectl/clusterrolebinding.yaml → kubectl/rbac/clusterrolebinding.yaml