This is part 4 of a 5 part series. Links to the other parts are here:

Introduction

OpenShift Pipelines is a Continuous Integration / Continuous Delivery (CI/CD) solution based on the open source Tekton project. The previous articles in the series showed how to use Tekton to use the OpenShift source 2 image to build an application and how to use Tekton to create and store a runtime image. This article will cover the overall orchestration process of Tekton pipelines to bring together the tasks explained so far in the series into a single seamless process that executes all required steps. This also shows how parameters can feed into the process when the pipeline is executed.

Access to the source content

All assets required to create your own instance of the resources described in this article can be found in the GitHub repository here. In an attempt to save space and make the article more readable only the important aspects of Tekton resources are included within the text. Readers who want to see the context of a section of YAML should clone or download the Git repository and refer to the full version of the appropriate file.

Application Deployment

The application deployment from the new image uses a deployment template located in build/template/deploy-app-template.yaml. This allows placeholders to be put in the yaml content for the deployment, service and route which can be filled in at deployment time using parameter substitution performed by the ‘oc process’ command. A section of the deployment template is shown below:

apiVersion: v1
kind: Template
parameters:
- name: APP_NAME
  value:
- name: APP_GROUP
  value:
- name: APP_IMAGE
  value:
metadata:
name: app-template
objects:
- kind: Deployment
  apiVersion: apps/v1
  metadata:
    labels:
      app: ${APP_NAME}
      app.kubernetes.io/part-of: ${APP_GROUP}
    name: ${APP_NAME}
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: ${APP_NAME}

The deployment step shown below calls the ‘oc process’ command to provide parameters to the above template file such that the resources can be created. Note that the source code is referenced again in this task since the deployment template is located amongst the deployment assets in the Git repository.

Generation of deployment yaml file

The Tekton task for the deployment of the application is in the file build/tasks/ocProcessDeploymentTemplate.yaml.

The oc process command result is piped to a file called deployment-resources.yaml, such that it can be examined if necessary before being executed with the ‘oc create -f’ command.

- name: gen-oc-process-script
    command:
      - /bin/sh
      - '-c'
    args:
      - |-
        echo "oc process \
        -f \ /workspace/source/$(params.templateFileName) \
        -p APP_NAME=$(params.appName) \
        -p APP_GROUP=$(params.appGroup) \
        -p APP_IMAGE=$(resources.inputs.runtime-image.url) \
        > deployment-resources.yaml" > oc-process-cmd.sh
        echo "Generated oc process script command"         
        cat oc-process-cmd.sh
        chmod a+x oc-process-cmd.sh
        ./oc-process-cmd.sh
    image: [image registry url]:5000/openshift/cli:latest
    volumeMounts:
      - name: deployment-files
        mountPath: /deployment-files
    workingDir: /deployment-files

Creation of application resources

The application resources are created using the following step.

- name: oc-create-resources
    command:
      - oc
      - create
      - '-f'
      - deployment-resources.yaml
    image: [image registry url]:5000/openshift/cli:latest
    volumeMounts:
      - name: deployment-files
        mountPath: /deployment-files
    workingDir: /deployment-files

Pipeline orchestration

The pipeline resource is used to provide the overall orchestration of the process. The default behaviour of tasks referenced in the pipeline is that they will all run in parallel unless the runAfter directive is used to control the order of execution.The pipeline is used as an aggregator for the parameters and resources that are used by each task, and then the pipeline run resource is used to feed actual values into the parameters and and resource definitions.

Pipeline

Pipeline resources have a reference to the namespace (OpenShift project) in which they are to run so this needs to be updated, or parameterised, depending on requirements.

The pipeline file is located in build/pipelines/pipeline.yaml.

An example of the pipeline resource is shown below:

apiVersion: tekton.dev/v1beta1
kind: Pipeline
labels:
  app.kubernetes.io/instance: liberty-rest-app
name: liberty-rest-app
namespace: liberty-rest
spec:
resources:
- name: app-source
  type: git
- name: runtime-image
  type: image
params:
- name: templateFileName
  type: string
  default: build/template/deploy-app-template.yaml

The task section of the pipeline indicates which task should be executed and the parameters and resources that the task uses, as shown below. The parameters section indicates that the pipeline will receive an incoming parameter called templateFileName from the pipeline run and it will pass the value (under the same name) to the task called oc-process-deployment-template. This task will not start until the two tasks named at the end of the section have completed.

- name: deploy-application
  resources:
    inputs:
    - name: source
      resource: app-source
    - name: runtime-image
      resource: runtime-image
  params:
    - name: templateFileName
      value: $(params.templateFileName)
    - name: appName
      value: $(params.appName)
    - name: appGroup
      value: $(params.appGroup)
  taskRef:
    kind: Task
    name: oc-process-deployment-template
  runAfter:
    - create-runtime-image
    - clear-resources

Pipeline run

The pipeline run resource is used to begin the execution of the pipeline. Actual values for parameters and references for resources are stored in the pipeline run. Once a pipeline and tasks are defined the only place that users need to go in order to modify the behavior of the pipeline execution should be the pipeline run.

The pipeline run file is located in build/pipelineRun/pipelineRun.yaml.

The pipeline run resource has a reference to the pipeline that it should execute and it also may have a generated name. This name is a prefix to a name that is generated by OpenShift when the pipeline run is executed.

An example of the pipeline run is shown below, including references for resources and real values for the parameters.

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: liberty-rest-app-run-pr-
spec:
pipelineRef:
  name: liberty-rest-app
resources:
  - name: app-source
    resourceRef:
      name: liberty-rest-app-source-code
  - name: intermediate-image
    resourceRef:
      name: intermediate
  - name: runtime-image
    resourceRef:
      name: liberty-rest-app
params:
  - name: templateFileName
    value: build/template/deploy-app-template.yaml
  - name: appName
    value: liberty-rest
  - name: appGroup
    value: Liberty
  - name: quay-io-account
    value: "marrober"
  - name: quay-io-repository
    value: "liberty-rest"
  - name: quay-io-image-tag-name
    value: "latest"

The pipeline run is executed using the command:

‘oc create -f <pipeline-run-file.yaml>’

Summary

This article showed how to use Tekton pipelines to create and execute an overall orchestration process. Clearly there are opportunities to extend the pipeline to add further source code analysis, initial testing, image vulnerability scanning etc. as required by each team.

What’s next

The next article in this series shows how to use OpenShift to create the processes explained so far in the series.


Categories

How-tos, OpenShift 4, deployments, OpenShift Pipelines

< Back to the blog