working on OpenShift

README.md

@@ -17,3 +17,7 @@ view the running app.
 ## Build and run Nodejs app on Kubernetes using a cloud native Tekton Pipeline
 
 Follow the instructions in the [tekton/](tekton/README.md) directory.
+
+### OpenShift
+
+If you are using an OpenShift environment, then follow the instructions in the [openshift/tekton/](openshift/tekton/README.md) directory.

openshift/config/README.md

@@ -0,0 +1,26 @@
+# OpenShift YAML Files
+
+These files are used to deploy the Nodejs app to an OpenShift environment.
+
+The Deployment uses the local Image with tag `myapp:latest`. If the Nodejs app
+was not built locally with the tag `myapp:latest`, then the Deployment will
+fail.
+
+## Build and run the Nodejs app using OpenShift
+
+Follow the instructions in the [openshift/tekton/](openshift/tekton/README.md) directory to build
+and run the Nodejs app using a cloud native Tekton Pipeline.
+
+If you do not want to use a Tekton Pipeline to build and run the app, then
+execute the following in your cluster:
+
+```bash
+NAMESPACE=myapp
+buildah bud -t image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/myapp:latest .
+oc apply -f openshift/config/
+```
+
+Get the URL for your route with `oc get route myapp`, and open the route URL in your web browser.
+
+*If your Kubernetes environment does not support LoadBalancer services, then
+change the Service type in the [service.yaml](https://github.com/ncskier/myapp/blob/master/config/service.yaml#L9) file.*

openshift/config/deployment-openshift.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myapp
+  labels:
+    app: myapp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+        - name: myapp
+          # This image will be overwritten by the update-deployment Task
+          image: myapp:latest
+          ports:
+            - containerPort: 3000
+              protocol: TCP

openshift/config/route-openshift.yaml

@@ -0,0 +1,13 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  labels:
+    app: myapp
+  name: myapp
+spec:
+  port:
+    targetPort: http
+  to:
+    kind: Service
+    name: myapp
+    weight: 100

openshift/config/service-openshift.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: myapp
+  name: myapp
+spec:
+  # This Service is exposed by an OpenShift Route
+  type: NodePort
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000
+      protocol: TCP
+  selector:
+    app: myapp

openshift/tekton/README.md

@@ -0,0 +1,80 @@
+# Tekton CI/CD on OpenShift
+
+The [Tekton Pipelines](https://github.com/tektoncd/pipeline) project provides
+Kubernetes-style resources for declaring CI/CD-style pipelines.
+
+## Build and run Nodejs app on OpenShift using a cloud native Tekton Pipeline
+
+### Install Tekton Pipelines on your OpenShift environment
+
+```bash
+oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
+```
+
+If you would like more detailed install instructions, or if you are installing
+on OpenShift, then read [these instructions](https://github.com/tektoncd/pipeline/blob/master/docs/install.md#installing-tekton-pipelines) from the Tekton Pipelines documentation.
+
+### Install the Tekton resources on your OpenShift environment
+
+The Tekton resources are in this `openshift/tekton/` directory.
+
+```bash
+oc apply -f openshift/tekton/
+```
+
+#### (Optional) You might need to give your ServiceAccount the proper permissions
+
+```bash
+cat << EOF | oc apply -f -
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: default
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+EOF
+```
+
+### Run the Tekton Pipeline
+
+Run the Pipeline by creating a PipelineRun resource such as the following:
+
+```bash
+NAMESPACE=myapp
+cat << EOF | oc apply -f -
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineRun
+metadata:
+  name: myapp-openshift
+spec:
+  pipelineRef:
+    name: myapp-openshift
+  resources:
+    - name: source
+      resourceSpec:
+        type: git
+        params:
+          - name: revision
+            value: master
+          - name: url
+            value: https://github.com/ncskier/myapp
+    - name: image
+      resourceSpec:
+        type: image
+        params:
+          - name: url
+            value: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/myapp:latest
+EOF
+```
+
+### View the deployed Nodejs app
+
+Get the URL for your route with `oc get route myapp`, and open the route URL in your web browser.
+
+If you would like to view the PipelineRun logs, then read [these instructions](https://github.com/tektoncd/pipeline/blob/master/docs/logs.md) from the Tekton Pipelines
+documentation.

openshift/tekton/buildah.yaml

@@ -0,0 +1,55 @@
+# This Task is from the Tekton Catalog:
+# https://github.com/tektoncd/catalog/blob/master/buildah/buildah.yaml
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: buildah
+spec:
+  inputs:
+    params:
+    - name: BUILDER_IMAGE
+      description: The location of the buildah builder image.
+      default: quay.io/buildah/stable:v1.11.0
+    - name: DOCKERFILE
+      description: Path to the Dockerfile to build.
+      default: ./Dockerfile
+    - name: CONTEXT
+      description: Path to the directory to use as context.
+      default: .
+    - name: TLSVERIFY
+      description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
+      default: "true"
+
+    resources:
+    - name: source
+      type: git
+
+  outputs:
+    resources:
+    - name: image
+      type: image
+
+  steps:
+  - name: build
+    image: $(inputs.params.BUILDER_IMAGE)
+    workingDir: /workspace/source
+    command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '$(inputs.params.DOCKERFILE)', '-t', '$(outputs.resources.image.url)', '$(inputs.params.CONTEXT)']
+    volumeMounts:
+    - name: varlibcontainers
+      mountPath: /var/lib/containers
+    securityContext:
+      privileged: true
+
+  - name: push
+    image: $(inputs.params.BUILDER_IMAGE)
+    workingDir: /workspace/source
+    command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)']
+    volumeMounts:
+    - name: varlibcontainers
+      mountPath: /var/lib/containers
+    securityContext:
+      privileged: true
+
+  volumes:
+  - name: varlibcontainers
+    emptyDir: {}

openshift/tekton/deploy-task-openshift.yaml

@@ -0,0 +1,37 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: deploy-openshift
+spec:
+  inputs:
+    resources:
+    - name: source
+      type: git
+    - name: image
+      type: image
+    params:
+    - name: K8S_DIRECTORY_PATH
+      description: Path to the directory for kubectl apply -f
+      default: config/
+    - name: DEPLOYMENT
+      description: Name of the Deployment and the container name in the Deployment
+      default: myapp
+  steps:
+  - name: apply-config
+    image: quay.io/openshift/origin-cli:latest
+    workingDir: /workspace/source
+    command: ['/bin/bash', '-c']
+    args:
+    - |-
+      oc apply -f $(inputs.params.K8S_DIRECTORY_PATH)
+  - name: patch-deployment
+    image: quay.io/openshift/origin-cli:latest
+    command: ['/bin/bash', '-c']
+    args:
+    - |-
+      oc patch deployment $(inputs.params.DEPLOYMENT) --patch='{"spec":{"template":{"spec":{
+        "containers":[{
+          "name": "$(inputs.params.DEPLOYMENT)",
+          "image":"$(inputs.resources.image.url)"
+        }]
+      }}}}'

openshift/tekton/pipeline-openshift.yaml

@@ -0,0 +1,39 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+  name: myapp-openshift
+spec:
+  resources:
+    - name: source
+      type: git
+    - name: image
+      type: image
+  tasks:
+    - name: build
+      taskRef:
+        name: buildah
+      resources:
+        inputs:
+          - name: source
+            resource: source
+        outputs:
+          - name: image
+            resource: image
+      params:
+        - name: TLSVERIFY
+          value: 'false'
+    - name: deploy
+      runAfter: [build]
+      taskRef:
+        name: deploy-openshift
+      resources:
+        inputs:
+          - name: source
+            resource: source
+          - name: image
+            resource: image
+      params:
+        - name: K8S_DIRECTORY_PATH
+          value: openshift/config/
+        - name: DEPLOYMENT
+          value: myapp

tekton/build-task.yaml

@@ -20,14 +20,15 @@ spec:
   steps:
     - name: docker
       image: docker
+      workingDir: /workspace/source
       command: ["docker"]
       args:
         - build
         - -f
-        - /workspace/source/$(inputs.params.DOCKERFILE)
+        - $(inputs.params.DOCKERFILE)
         - -t
         - $(inputs.params.BUILDER_IMAGE)
-        - /workspace/source/$(inputs.params.CONTEXT)
+        - $(inputs.params.CONTEXT)
       volumeMounts:
         - name: docker-socket
           mountPath: /var/run/docker.sock

tekton/deploy-task.yaml

@@ -14,8 +14,9 @@ spec:
   steps:
   - name: apply-config
     image: lachlanevenson/k8s-kubectl
+    workingDir: /workspace/source
     command: ['kubectl']
     args:
     - apply
     - -f
-    - /workspace/source/$(inputs.params.K8S_DIRECTORY_PATH)
+    - $(inputs.params.K8S_DIRECTORY_PATH)