Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Tasks to install Tekton Pipelines itself 🤯 #473

Closed
wants to merge 1 commit into from

Conversation

bobcatfish
Copy link
Contributor

@bobcatfish bobcatfish commented Aug 5, 2020

Changes

As part of #373 I'm continuing to create Tasks that we can use to run
tests for items in the catalog.

The goal of the 2 Tasks in this commit is to install Tekton Pipelines into a
cluster that was created using the Task added in #436.

There are a couple of options different from what I did in this commit
which I'd like people's opinions on:

  1. I went to a lot of trouble to make it so that Pipelines can be
    installed with just a kubectl command, specifically creating a user
    with cluster admin priviledges. If instead I used a container with
    gcloud, I could use the same approach as other GKE specific Tasks,
    but I wanted to make the install Task not tied to GKE. I also had
    to give the prow-account more priviledges in all of our boskos
    projects for this to work 😬 . So my question is: is this worth
    it, or am I better off just creating a GKE specific Task for
    installing Tekton Pipelines that uses gcloud to auth?
  2. If we DO want a super generic Task, how useful is this Task that just
    applies a Tekton yaml? Would we be better off with a generic kubectl
    task that I could feed the exact arguments for installing Tekton
    Pipelines?

The other confusion I ran into here (which I am going to follow up with
@sbwsg about!) is around service accounts vs. secrets. The GKE Tasks
I've made so far rely on secrets provided via workspaces, but I feel
like it's not clear if it makes sense to go that route, or to rely on
service accounts. In the meantime this approach is at least consistent
with #436.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes docs (if user facing)
  • Commit messages follow commit message best practices
  • Yaml file complies with yamllint rules.
  • Complies with Catalog Orgainization TEP, see example. Note An issue has been filed to automate this validation
    • File path follows <kind>/<name>/<version>/name.yaml

    • Has README.md at <kind>/<name>/<version>/README.md

    • Has mandatory metadata.labels - app.kubernetes.io/version the same as the <version> of the resource

    • Has mandatory metadata.annotations tekton.dev/pipelines.minVersion

    • mandatory spec.description follows the convention

        ```
      
        spec:
          description: >-
            one line summary of the resource
      
            Paragraph(s) to describe the resource.
        ```
      

See the contribution guide
for more details.


As part of tektoncd#373 I'm continuing to create Tasks that we can use to run
tests for items in the catalog.

The goal of the 2 Tasks in this commit is to install Tekton Pipelines into a
cluster that was created using the Task added in tektoncd#436.

There are a couple of options different from what I did in this commit
which I'd like people's opinions on:
1. I went to a lot of trouble to make it so that Pipelines can be
   installed with just a kubectl command, specifically creating a user
   with cluster admin priviledges. If instead I used a container with
   gcloud, I could use the same approach as other GKE specific Tasks,
   but I wanted to make the install Task not tied to GKE. I also had
   to give the prow-account more priviledges in all of our boskos
   projects for this to work :grimace:. So my question is: is this worth
   it, or am I better off just creating a GKE specific Task for
   installing Tekton Pipelines that uses gcloud to auth?
2. If we DO want a super generic Task, how useful is this Task that just
   applies a Tekton yaml? Would we be better off with a generic kubectl
   task that I could feed the exact arguments for installing Tekton
   Pipelines?

The other confusion I ran into here (which I am going to follow up with
@sbwsg about!) is around service accounts vs. secrets. The GKE Tasks
I've made so far rely on secrets provided via workspaces, but I feel
like it's not clear if it makes sense to go that route, or to rely on
service accounts. In the meantime this approach is at least consistent
with tektoncd#436.
@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign bobcatfish
You can assign the PR to them by writing /assign @bobcatfish in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot requested review from chmouel and a user August 5, 2020 19:57
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 5, 2020
@bobcatfish
Copy link
Contributor Author

Interested in your thoughts on the 2 questions above @dlorenc @vdemeester @sbwsg @afrittoli ^^

@bobcatfish
Copy link
Contributor Author

+ echo 'FAILED: docker-build task has failed to comeback properly'
FAILED: docker-build task has failed to comeback properly

a flake maybe? 🤔

@bobcatfish
Copy link
Contributor Author

/test pull-tekton-catalog-integration-tests

@afrittoli
Copy link
Member

@bobcatfish I will look into this once I'm back. Just FYI - this is what we use today to install Tekton (pipeline, trigger and dashboard) to the robocat and dogfooding clusters today: https://github.com/tektoncd/plumbing/blob/master/tekton/resources/release/install_tekton_release.yaml - it uses the release yaml but it adds the ability to use kustomize overlays from a git repo on top. I find that would be useful for test purposes too, since one might want to test different configurations of the tekton services in E2E tests.

@bobcatfish
Copy link
Contributor Author

Thanks @afrittoli ! i probably wont get a change to make sweeping changes to this until next week but it looks like im better off using the Tasks youve already created

when you get a chance could you explain a bit more about the overlays you need? i'm also wondering how the Task is supplied with the credentials it needs, is that via the service account?

@bobcatfish
Copy link
Contributor Author

/hold

want to integrate in the Tasks @afrittoli has already created for this: https://github.com/tektoncd/plumbing/blob/master/tekton/resources/release/install_tekton_release.yaml

@tekton-robot tekton-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2020
@bobcatfish
Copy link
Contributor Author

I'll just close this for now actually to reduce the noise :D

@bobcatfish bobcatfish closed this Aug 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants