diff --git a/tekton/pipeline.yaml b/tekton/pipeline.yaml new file mode 100644 index 0000000..130fcb6 --- /dev/null +++ b/tekton/pipeline.yaml @@ -0,0 +1,145 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubernetes.io/metadata.name: os-builder + name: os-builder +spec: + finalizers: + - kubernetes +--- +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + labels: + app: ssh-client + name: ssh-client + namespace: os-builder +spec: + lookupPolicy: + local: false +--- +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + labels: + app: ssh-client + name: ubi9-minimal + namespace: os-builder +spec: + lookupPolicy: + local: false + tags: + - name: '9.3' + from: + kind: DockerImage + name: >- + registry.access.redhat.com/ubi9/ubi-minimal:9.3 + generation: 1 + importPolicy: + scheduled: true + importMode: Legacy + referencePolicy: + type: Source +--- +apiVersion: build.openshift.io/v1 +kind: BuildConfig +metadata: + labels: + app: ssh-client + name: ssh-client + namespace: os-builder +spec: + failedBuildsHistoryLimit: 5 + nodeSelector: null + output: + to: + kind: ImageStreamTag + name: ssh-client:latest + postCommit: {} + resources: {} + runPolicy: Serial + source: + dockerfile: |- + FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 + RUN microdnf install -y openssh-clients \ + && microdnf clean all \ + && useradd -m tekton + USER tekton + strategy: + dockerStrategy: + from: + kind: ImageStreamTag + name: ubi9-minimal:9.3 + namespace: os-builder + successfulBuildsHistoryLimit: 5 + triggers: + - type: ConfigChange + - imageChange: {} + type: ImageChange +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: ssh-client + namespace: os-builder +spec: + params: + - name: sshKey + type: string + default: ssh-privatekey + - name: sshUsername + type: string + - name: sshHostname + type: string + - name: sshCommand + type: string + volumes: + - name: ssh + secret: + secretName: os-builder-ssh-config + defaultMode: 0600 + steps: + - name: ssh + image: image-registry.openshift-image-registry.svc:5000/os-builder/ssh-client:latest + workingDir: /home/tekton + volumeMounts: + - name: ssh + mountPath: /home/tekton/.ssh + env: + - name: SSH_USERNAME + value: "$(params.sshUsername)" + - name: SSH_KEY + value: "$(params.sshKey)" + - name: SSH_HOSTNAME + value: "$(params.sshHostname)" + - name: SSH_COMMAND + value: "$(params.sshCommand)" + script: | + #!/bin/bash + set -Eeuo pipefail + + echo "=========================================================" + echo " Executing OS Builder on $SSH_HOSTNAME" + echo "=========================================================" + echo + + ssh -i "~/.ssh/$SSH_KEY" "$SSH_USERNAME@$SSH_HOSTNAME" "$SSH_COMMAND" +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: os-builder + namespace: os-builder +spec: + tasks: + - name: ssh-client + params: + - name: sshUsername + value: "john" + - name: sshHostname + value: "os-builder.acme.tld" + - name: sshCommand + value: "/home/john/build.sh" + taskRef: + name: ssh-client diff --git a/tekton/ssh-config.yaml b/tekton/ssh-config.yaml new file mode 100644 index 0000000..46618bc --- /dev/null +++ b/tekton/ssh-config.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: os-builder-ssh-config + namespace: os-builder +type: kubernetes.io/ssh-auth +stringData: + # Either specify StrictHostKeyChecking=no + config: | + Host * + StrictHostKeyChecking no + # Or provide a known_hosts file + known_hosts: | + os-builder.acme.tld ssh-ed25519 REDACTED + os-builder.acme.tld ssh-rsa REDACTED + os-builder.acme.tld ecdsa-sha2-nistp256 REDACTED + # Private key used to authenticate + ssh-privatekey: | + -----BEGIN OPENSSH PRIVATE KEY----- + REDACTED + -----END OPENSSH PRIVATE KEY-----