-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #305 from projectsyn/docs/compile-pipeline
Add documentation for CI/CD setup and Commodore Compile Pipeline
- Loading branch information
Showing
5 changed files
with
137 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
= CI/CD Support | ||
|
||
Lieutenant can configure Git repositories to enable CI/CD for tenant repositories. | ||
This feature is designed to support the https://github.com/projectsyn/commodore-compile-pipelines[Commodore Compile Pipeline], but can be used independently. | ||
|
||
|
||
[NOTE] | ||
-- | ||
Currently, automatic configuration of CI/CD tooling is only supported on GitLab. | ||
|
||
To allow the Lieutenant Operator to connect to GitLab, refer to xref:how-tos/gitlab-connection.adoc[Connection to GitLab]. | ||
-- | ||
|
||
== CI/CD pipeline configuration | ||
Lieutenant configures the CI/CD pipeline by managing files in the tenant repository, such as the `.gitlab-ci.yml` file. | ||
These files are configured in the tenant's `spec.compilePipeline.pipelineFiles`, where arbitrary files can be defined that are added to the tenant repository if the compile pipeline is enabled. | ||
|
||
The system assumes that the CI/CD system (for example GitLab CI) can be fully configured using files in the repository. | ||
|
||
== CI/CD parameters | ||
Lieutenant ensures that the CI/CD pipeline can access the Lieutenant API as well as the necessary cluster catalog repositories. | ||
This is achieved by passing a number of parameters to the CI/CD pipeline. | ||
|
||
The mechanism by which these parameters are provided is specific to a Git host. | ||
Currently, only GitLab is supported, where this information is provided through CI/CD variables on the tenant repository. | ||
|
||
|
||
In particular, the following parameters are provided on a tenant where `spec.compilePipeline.enabled` is set to `true`: | ||
|
||
* `ACCESS_TOKEN_CLUSTERNAME`, where `CLUSTERNAME` is the name of a specific cluster, with `-` replaced by `_`. | ||
This contains an access token, which has read-write access the corresponding cluster's catalog repository. | ||
The access token is created automatically for each cluster where `spec.enableCompilePipeline` is set to `true` and `spec.gitRepoTemplate.accessToken` contains a valid secret reference. | ||
* `COMMODORE_API_URL`. This contains the URL at which the Lieutenant API can be accessed. | ||
* `COMMODORE_API_TOKEN`. This contains an access token for the Lieutenant API. | ||
* `CLUSTERS`. This contains a space-separated list of cluster IDs for which the CI/CD pipeline should run; that is, the list of clusters where `spec.enableCompilePipeline` is `true`. | ||
|
||
The CI/CD pipeline can use these parameters to compile cluster catalogs with Commodore, and push them to the corresponding catalog repositories. | ||
The https://github.com/projectsyn/commodore-compile-pipelines[Commodore Compile Pipeline] is a GitLab CI pipeline definition which accomplishes that. | ||
If the available CI pipeline definition isn't suitable for your use case, you can deploy an arbitrary valid `.gitlab-ci.yml` through the `pipelineFiles` mechanism. | ||
Please note that Lieutenant doesn't check the validity of the files provided in `pipelineFiles`. | ||
|
92 changes: 92 additions & 0 deletions
92
docs/modules/ROOT/pages/how-tos/compile-pipeline-setup.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
= Compile Pipeline Setup | ||
|
||
Lieutenant can automatically configure CI/CD tooling on your Git repositories. | ||
This page explains how to set up the https://github.com/projectsyn/commodore-compile-pipelines[Commodore Compile Pipeline]. | ||
|
||
[NOTE] | ||
-- | ||
Currently, automatic configuration of CI/CD tooling is only supported on GitLab. | ||
|
||
To allow the Lieutenant Operator to connect to GitLab, refer to xref:how-tos/gitlab-connection.adoc[Connection to GitLab]. | ||
-- | ||
|
||
== Enabling the Compile Pipeline for individual tenants and clusters | ||
|
||
The `compilePipelineSpec` field on a Tenant object governs how CI/CD tooling is managed. | ||
To enable the Commodore Compile Pipeline on a tenant, configure it as follows: | ||
|
||
[source,bash] | ||
.... | ||
kubectl patch tenant my-tenant --type merge -p ' | ||
spec: | ||
compilePipeline: | ||
enabled: true <1> | ||
pipelineFiles: | ||
.gitlab-ci.yml: | <2> | ||
include: | ||
- https://raw.githubusercontent.com/projectsyn/commodore-compile-pipelines/main/gitlab/commodore-pipeline.yml | ||
' | ||
.... | ||
<1> This field enables the compile pipeline for this tenant. | ||
If it is `false` or unset, no CI/CD tooling will be managed, regardless of other configuration options on the tenant or its clusters. | ||
<2> This example causes Lieutenant to create a file `.gitlab-ci.yml` in the tenant repository, which references the open-source https://github.com/projectsyn/commodore-compile-pipelines[Commodore Compile Pipeline]. | ||
It is possible to customize this file, or create different files. | ||
|
||
In addition, the Compile Pipeline must be enabled for each cluster where CI/CD is desired: | ||
[source,bash] | ||
.... | ||
kubectl patch cluster my-cluster --type merge -p ' | ||
spec: | ||
enableCompilePipeline: true <1> | ||
gitRepoTemplate: | ||
accessToken: | ||
secretRef: my-cluster-api-token <2> | ||
' | ||
.... | ||
<1> This field enables the compile pipeline for this cluster. | ||
If it is `false` or unset, the tenant's CI/CD configuration will disregard this cluster. | ||
<2> For the compile pipeline to work, an access token for the Git repository is required. | ||
Lieutenant creates this access token and will store it in the secret specified here. | ||
|
||
|
||
== Enabling the Compile Pipeline for all clusters of a tenant | ||
|
||
We can leverage templating to configure and enable the Compile Pipeline for all clusters on a tenant. | ||
For more information on templating, refer to xref:explanations/templating.adoc[Templating]. | ||
|
||
The following example configures a tenant such that its clusters automatically include the correct configuration for the Compile Pipeline: | ||
[source,bash] | ||
.... | ||
kubectl patch tenant my-tenant --type merge -p ' | ||
spec: | ||
clusterTemplate: | ||
enableCompilePipeline: true | ||
gitRepoTemplate: | ||
accessToken: | ||
secretRef: '{{ .Name }}-api-token' | ||
' | ||
.... | ||
|
||
|
||
== Enabling the Compile Pipeline for all tenants | ||
|
||
We can leverage tenant templating to configure and enable the Compile Pipeline for all clusters on a tenant. | ||
For more information on templating, refer to xref:how-tos/create-tenant.adoc#_tenant_templating[Tenant Templating]. | ||
|
||
[source,bash] | ||
.... | ||
kubectl patch tenanttemplate my-template --type merge -p ' | ||
spec: | ||
clusterTemplate: | ||
enableCompilePipeline: true | ||
gitRepoTemplate: | ||
accessToken: | ||
secretRef: '{{ .Name }}-api-token' | ||
compilePipeline: | ||
enabled: true | ||
pipelineFiles: | ||
.gitlab-ci.yml: | | ||
include: | ||
- https://raw.githubusercontent.com/projectsyn/commodore-compile-pipelines/main/gitlab/commodore-pipeline.yml | ||
' | ||
.... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters