wip

2 years ago · e0e2e1cd8d
7 changed files with 213 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,33 @@
 # Multi-architecture Tekton Pipeline
 ## Setup on AWS
 - [Install the AWS EFS CSI Driver Operator](https://docs.openshift.com/container-platform/4.15/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs)
 - Install the AWS EFS CSI Driver
 ```yaml
 apiVersion: operator.openshift.io/v1
 kind: ClusterCSIDriver
 metadata:
    name: efs.csi.aws.com
 spec:
  managementState: Managed
 ```
 - [Create an EFS volume](https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html)
 - Create the StorageClass
 ```yaml
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
  name: efs-csi
 provisioner: efs.csi.aws.com
 parameters:
  provisioningMode: efs-ap
  fileSystemId: fs-123456
  directoryPerms: "700"
  basePath: "/pv"
 ```
--- a/tekton/pipeline-build-multiarch.yaml
+++ b/tekton/pipeline-build-multiarch.yaml
@ -0,0 +1,76 @@
 apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
  name: build-multiarch
 spec:
  workspaces:
  - name: source-workspace
  - name: container-storage
  params:
  - name: git-url
    type: string
  - name: docker-image-name
    type: string
  - name: manifest-name
    type: string
    default: "tekton"
  tasks:
  - name: clone-repo
    taskRef:
      kind: ClusterTask
      name: git-clone
    params:
    - name: url
      value: $(params.git-url)
    - name: revision
      value: "main"
    workspaces:
    - name: output
      workspace: source-workspace
  - name: podman-build-amd64
    runAfter: ["clone-repo"]
    taskRef:
      name: podman-build
    params:
    - name: manifest-name
      value: $(params.manifest-name)
    - name: arch
      value: "amd64"
    workspaces:
    - name: source-workspace
      workspace: source-workspace
    - name: container-storage
      workspace: container-storage
  - name: podman-build-arm64
    runAfter: ["clone-repo"]
    taskRef:
      name: podman-build
    params:
    - name: manifest-name
      value: $(params.manifest-name)
    - name: arch
      value: "arm64"
    workspaces:
    - name: source-workspace
      workspace: source-workspace
    - name: container-storage
      workspace: container-storage
  - name: push-image
    runAfter: ["podman-build-amd64", "podman-build-arm64"]
    taskRef:
      name: buildah-push
    params:
    - name: image-name
      value: $(params.docker-image-name)
    - name: manifest-name
      value: $(params.manifest-name)
    workspaces:
    - name: container-storage
      workspace: container-storage
--- a/tekton/pipelinerun.yaml
+++ b/tekton/pipelinerun.yaml
@ -0,0 +1,42 @@
 apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
  generateName: build-multiarch-
 spec:
  pipelineRef:
    name: build-multiarch
  params:
  - name: git-url
    value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
  - name: docker-image-name
    value: quay.io/nmasse_itix/htop-multiarch
  workspaces:
  - name: container-storage
    volumeClaimTemplate:
      spec:
        storageClassName: efs-csi
        accessModes:
        - ReadWriteMany
        resources:
          requests:
            storage: 10Gi
  - name: source-workspace
    volumeClaimTemplate:
      spec:
        storageClassName: efs-csi
        accessModes:
        - ReadWriteMany
        resources:
          requests:
            storage: 1Gi
  taskRunTemplate:
    serviceAccountName: buildbot
  taskRunSpecs:
  - pipelineTaskName: podman-build-amd64
    podTemplate:
      nodeSelector:
        beta.kubernetes.io/arch: amd64
  - pipelineTaskName: podman-build-arm64
    podTemplate:
      nodeSelector:
        beta.kubernetes.io/arch: arm64
--- a/tekton/quay-authentication.yaml
+++ b/tekton/quay-authentication.yaml
@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: quay-authentication
 data:
    .dockerconfigjson: REDACTED
 type: kubernetes.io/dockerconfigjson
--- a/tekton/serviceaccount-buildbot.yaml
+++ b/tekton/serviceaccount-buildbot.yaml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: buildbot
 imagePullSecrets:
 - name: quay-authentication
--- a/tekton/task-podman-build.yaml
+++ b/tekton/task-podman-build.yaml
@ -0,0 +1,27 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: podman-build
 spec:
  params:
  - name: manifest-name
    type: string
  - name: context-dir
    type: string
    default: .
  - name: arch
    type: string
  workspaces:
  - name: source-workspace
    description: Workspace containing source code
  - name: container-storage
    description: Persistent volume to store container images
    mountPath: /var/lib/containers
  steps:
  - name: build
    image: quay.io/podman/stable
    script: |
      #!/bin/bash
      set -Eeuo pipefail
      export STORAGE_DRIVER=vfs
      podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
--- a/tekton/task-podman-push.yaml
+++ b/tekton/task-podman-push.yaml
@ -0,0 +1,22 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: buildah-push
 spec:
  params:
  - name: image-name
    type: string
  - name: manifest-name
    type: string
  workspaces:
  - name: container-storage
    description: Persistent volume to store container images
    mountPath: /var/lib/containers
  steps:
  - name: push
    image: quay.io/podman/stable
    script: |
      #!/bin/bash
      set -Eeuo pipefail
      export STORAGE_DRIVER=vfs
      buildah manifest push --all $(params.manifest-name) docker://$(params.image-name)