build.yaml

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: golang-build
spec:
  inputs:
    params:
    - name: package
      description: base package to build in
    - name: packages
      description: "packages to build (default: ./cmd/...)"
      default: "./cmd/..."
    - name: version
      description: golang version to use for builds
      default: "1.12"
    - name: flags
      description: flags to use for the test command
      default: -v
    - name: GOOS
      description: "running program's operating system target"
      default: linux
    - name: GOARCH
      description: "running program's architecture target"
      default: amd64
    - name: GO111MODULE
      description: "value of module support"
      default: auto
    resources:
    - name: source
      type: git
      targetPath: src/$(inputs.params.package)
  steps:
  - name: build
    image: golang:$(inputs.params.version)
    workingdir: /workspace/src/$(inputs.params.package)
    command:
    - /bin/bash
    args:
    - -c
    - "go build $(inputs.params.flags) $(inputs.params.packages)"
    env:
    - name: GOPATH
      value: /workspace
    - name: GOOS
      value: "$(inputs.params.GOOS)"
    - name: GOARCH
      value: "$(inputs.params.GOARCH)"
    - name: GO111MODULE
      value: "$(inputs.params.GO111MODULE)"

demo-prepare.sh

oc apply -f ./talks/devfest-2019/tasks-and-co.yaml
oc apply -f ./talks/devfest-2019/triggers.yaml
oc expose service el-build-listener --name build
# curl --header "Content-Type: application/json" --request POST --data '{}' http://el-deploy.demo:8080/

demo-setup.sh

oc project demo
oc create serviceaccount pipeline || true
oc adm policy add-scc-to-user privileged -z pipeline
oc adm policy add-scc-to-user anyuid -z pipeline
oc adm policy add-role-to-user edit -z pipeline
oc adm policy add-role-to-user pipeline-deployer -z pipeline
oc create is helloworld
oc project dev
oc create is helloworld
oc project prod
oc create is helloworld
oc project demo

install-yamls.sh

oc apply -f ./talks/devfest-2019/operators.yaml
sleep 10
oc apply -f ./talks/devfest-2019/serverless.yaml
sleep 10
# watch instead of sleep
oc apply -f ./talks/devfest-2019/istio.yaml
sleep 300
# watch instead of sleep
oc apply -f ./talks/devfest-2019/knative-serving.yaml
sleep 10

istio.yaml

---
apiVersion: maistra.io/v1
kind: ServiceMeshControlPlane
metadata:
  name: basic-install
  namespace: istio-system
spec:
  istio:
    global:
      multitenant: true
      proxy:
        autoInject: disabled
      omitSidecarInjectorConfigMap: true
      disablePolicyChecks: false
      defaultPodDisruptionBudget:
        enabled: false
    istio_cni:
      enabled: true
    gateways:
      istio-ingressgateway:
        autoscaleEnabled: false
        type: LoadBalancer
      istio-egressgateway:
        enabled: false
      cluster-local-gateway:
        autoscaleEnabled: false
        enabled: true
        labels:
          app: cluster-local-gateway
          istio: cluster-local-gateway
        ports:
          - name: status-port
            port: 15020
          - name: http2
            port: 80
            targetPort: 8080
          - name: https
            port: 443
    mixer:
      enabled: false
      policy:
        enabled: false
      telemetry:
        enabled: false
    pilot:
      autoscaleEnabled: false
      sidecar: false
    kiali:
      enabled: false
    tracing:
      enabled: false
    prometheus:
      enabled: false
    grafana:
      enabled: false
    sidecarInjectorWebhook:
      enabled: false
---
apiVersion: maistra.io/v1
kind: ServiceMeshMemberRoll
metadata:
  name: default
  namespace: istio-system
spec:
  members:
  - knative-serving
  - dev
  - prod

knative-serving.yaml

---
apiVersion: serving.knative.dev/v1alpha1
kind: KnativeServing
metadata:
  name: knative-serving
  namespace: knative-serving
spec:
  config:
    autoscaler:
      container-concurrency-target-default: '100'
      container-concurrency-target-percentage: '1.0'
      enable-scale-to-zero: 'true'
      max-scale-up-rate: '10'
      panic-threshold-percentage: '200.0'
      panic-window: 6s
      panic-window-percentage: '10.0'
      scale-to-zero-grace-period: 30s
      stable-window: 60s
      tick-interval: 2s
    defaults:
      revision-cpu-limit: 1000m
      revision-cpu-request: 400m
      revision-memory-limit: 200M
      revision-memory-request: 100M
      revision-timeout-seconds: '300'
    deployment:
      registriesSkippingTagResolving: 'ko.local,dev.local'
    gc:
      stale-revision-create-delay: 24h
      stale-revision-lastpinned-debounce: 5h
      stale-revision-minimum-generations: '1'
      stale-revision-timeout: 15h
    logging:
      loglevel.activator: info
      loglevel.autoscaler: info
      loglevel.controller: info
      loglevel.queueproxy: info
      loglevel.webhook: info
    observability:
      logging.enable-var-log-collection: 'false'
      metrics.backend-destination: prometheus
    tracing:
      enable: 'false'
      sample-rate: '0.1'

lint.yaml

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: golangci-lint
spec:
  inputs:
    params:
    - name: package
      description: base package (and its children) under validation
    - name: flags
      description: flags to use for the test command
      default: --verbose
    - name: version
      default: golangci-lint version to use
      default: "v1.17.1"
    - name: GOOS
      description: "running operating system target"
      default: linux
    - name: GOARCH
      description: "running architecture target"
      default: amd64
    - name: GO111MODULE
      description: "value of module support"
      default: auto
    resources:
    - name: source
      type: git
      targetPath: src/$(inputs.params.package)
  steps:
  - name: lint
    image: golangci/golangci-lint:$(inputs.params.version)
    workingdir: /workspace/src/$(inputs.params.package)
    command:
    - /bin/bash
    args:
    - -c
    - "golangci-lint run $(inputs.params.flags)"
    env:
    - name: GOPATH
      value: /workspace
    - name: GOOS
      value: "$(inputs.params.GOOS)"
    - name: GOARCH
      value: "$(inputs.params.GOARCH)"
    - name: GO111MODULE
      value: "$(inputs.params.GO111MODULE)"

namespace-create.sh

oc create namespace istio-system
oc create namespace knative-serving
oc create namespace demo
oc create namespace dev
oc create namespace prod

operators.yaml

---
apiVersion: operators.coreos.com/v1
kind: CatalogSourceConfig
metadata:
  name: redhat-operators-packages
  namespace: openshift-marketplace
spec:
  targetNamespace: openshift-operators
  packages: serverless-operator,servicemeshoperator,kiali-ossm,jaeger-product,elasticsearch-operator
  source: redhat-operators

pipeline-start.sh

tkn pipeline start build-pipeline \
 --resource="appSource=git-source" \
 --resource="demoImage=knative-tutorial-greeter-image" \
 --resource="appImage=knative-tutorial-greeter-image-dev" \
 --serviceaccount='pipeline' \
 --task-serviceaccount='deploy-kn-service=kn-deployer-account'

rbac.yaml

---
# Define a ServiceAccount named kn-deployer-account that has permission to
# manage Knative services.
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kn-deployer-account
  namespace: demo
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: pipeline-deployer
rules:
  - apiGroups: ["image.openshift.io"]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: pipeline-deployer-binding
subjects:
- kind: ServiceAccount
  name: pipeline
  namespace: demo
roleRef:
  kind: ClusterRole
  name: pipeline-deployer
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kn-deployer
rules:
  - apiGroups: ["serving.knative.dev"]
    resources: ["services", "revisions", "routes"]
    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kn-deployer-binding
subjects:
- kind: ServiceAccount
  name: kn-deployer-account
  namespace: demo
roleRef:
  kind: ClusterRole
  name: kn-deployer
  apiGroup: rbac.authorization.k8s.io

serverless.yaml

---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: knative-serving
  namespace: openshift-operators
spec:
  channel: techpreview
  source: redhat-operators-packages
  name: serverless-operator
  sourceNamespace: openshift-operators
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: service-mesh
  namespace: openshift-operators
spec:
  channel: '1.0'
  source: redhat-operators-packages
  name: servicemeshoperator
  sourceNamespace: openshift-operator

tasks-and-co.yaml

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: build-app
spec:
  inputs:
   resources:
    - name: source
      type: git
   params:
   - name: contextDir
     description: the context dir within source
     default: .
   - name: mavenMirrorUrl
     description: the maven mirrror url
     default: http://repo1.maven.apache.org/maven2
   - name: destinationImage
     description: the fully qualified image name
     default: "$(outputs.resources.builtImage.url)"
   - name: dockerFile
     description: the docker file to used for building the application
     default: Dockerfile.jvm
  outputs:
   resources:
    - name: builtImage
      type: image
  stepTemplate:
    #resources:
      #limits:
      #  cpu: 4
      #  memory: 4Gi
      #requests:
      #  cpu: 2
      #  memory: 2Gi
    securityContext:
       allowPrivilegeEscalation: false
       privileged: false
       # the default underprivileged user to be used
       runAsUser: 10001
  steps:
   - name: build-sources
     image: quay.io/rhdevelopers/tutorial-tools:0.0.2
     workingDir: "/workspace/source/$(inputs.params.contextDir)"
     args:
      - mvn
      - -DskipTest
      - clean
      - package
     env:
     - name: MAVEN_MIRROR_URL
       value: "$(inputs.params.mavenMirrorUrl)"
   - name: build-image
     image: quay.io/buildah/stable
     workingDir: "/workspace/source/$(inputs.params.contextDir)"
     command: ['buildah', 'bud', '--tls-verify=false', '--layers','-f', '$(inputs.params.dockerFile)', '-t', '$(inputs.params.destinationImage)', '.']
     volumeMounts:
     - name: varlibc
       mountPath: /var/lib/containers
     # override security context as container image build need to run as root
     securityContext:
       allowPrivilegeEscalation: true
       runAsUser: 0
       privileged: true
   - name: build-push
     image: quay.io/buildah/stable
     workingDir: "/workspace/source/$(inputs.params.contextDir)"
     command: ["buildah","push", "--tls-verify=false","$(inputs.params.destinationImage)","docker://$(inputs.params.destinationImage)"]
     volumeMounts:
     - name: varlibc
       mountPath: /var/lib/containers
     # override security context as container image build need to run as root
     securityContext:
       allowPrivilegeEscalation: true
       runAsUser: 0
       privileged: true
  volumes:
  - name: varlibc
    emptyDir: {}
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: kn
spec:
  inputs:
    params:
    - name: kn-image
      description: kn CLI container image to run this task
      default: gcr.io/knative-releases/knative.dev/client/cmd/kn:v0.10.0
    - name: ARGS
      type: array
      description: kn CLI arguments to run
      default:
      - "help"
    resources:
    - name: image
      type: image
  steps:
  - name: kn
    image: "$(inputs.params.kn-image)"
    command: ["/ko-app/kn"]
    args: ["$(inputs.params.ARGS)"]
    # reference the container image resource in your taskrun/pipelinerun
    # parameters array as "--image=$(inputs.resources.image.url)"
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: openshift-client
spec:
  inputs:
    params:
      - name: ARGS
        description: The OpenShift CLI arguments to run
        type: array
        default:
        - "help"
  steps:
    - name: oc
      image: quay.io/openshift/origin-cli:latest
      command: ["/usr/bin/oc"]
      args:
        - "$(inputs.params.ARGS)"
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
  name: build-pipeline
spec:
  params:
  - name: mavenMirrorUrl
    description: the maven mirror
    default: http://repo1.maven.apache.org/maven2
  - name: build-namespace
    description: namespace to deploy
    default: demo
  - name: deploy-namespace
    description: namespace to deploy
    default: dev
  resources:
  - name: appSource
    type: git
  - name: demoImage
    type: image
  - name: appImage
    type: image
  tasks:
   - name: build-java-app
     taskRef:
       name: build-app
     params:
      - name: contextDir
        value: apps/greeter/java/quarkus
      - name: mavenMirrorUrl
        value: "$(params.mavenMirrorUrl)"
     resources:
      inputs:
        - name: source
          resource: appSource
      outputs:
        - name: builtImage
          resource: demoImage
   - name: promote-to-dev
     taskRef:
       name: openshift-client
     runAfter:
      - build-java-app
     params:
      - name: ARGS
        value:
        - "tag"
        - "$(params.build-namespace)/helloworld:latest"
        - "$(params.deploy-namespace)/helloworld:latest"
   - name: deploy-kn-service
     taskRef:
       name: kn
     runAfter:
      - promote-to-dev
     resources:
      inputs:
        - name: image
          resource: appImage
     params:
      - name: ARGS
        value:
        - "service"
        - "-n"
        - "$(params.deploy-namespace)"
        - "create"
        - "greeter"
        - "--force"
        - "--image=$(inputs.resources.image.url)"
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
  name: deploy-pipeline
spec:
  params:
  - name: from-namespace
    description: namespace to deploy from
    default: dev
  - name: to-namespace
    description: namespace to deploy to
    default: dev
  resources:
  - name: appImage
    type: image
  tasks:
   - name: promote-to-prod
     taskRef:
       name: openshift-client
     params:
      - name: ARGS
        value:
        - "tag"
        - "$(params.from-namespace)/helloworld:latest"
        - "$(params.to-namespace)/helloworld:latest"
   - name: deploy-kn-service
     taskRef:
       name: kn
     runAfter:
      - promote-to-prod
     resources:
      inputs:
        - name: image
          resource: appImage
     params:
      - name: ARGS
        value:
        - "service"
        - "-n"
        - "$(params.to-namespace)"
        - "create"
        - "greeter"
        - "--force"
        - "--image=$(inputs.resources.image.url)"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: cli-source
spec:
  type: git
  params:
  - name: url
    value: https://github.com/tektoncd/cli
  - name: revision
    value: master
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: pipeline-source
spec:
  type: git
  params:
  - name: url
    value: https://github.com/tektoncd/pipeline
  - name: revision
    value: master
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: git-source
spec:
  type: git
  params:
  - name: url
    value: https://github.com/vdemeester/knative-tutorial
  - name: revision
    value: master
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: knative-tutorial-greeter-image
spec:
  type: image
  params:
  - name: url
    value: "image-registry.openshift-image-registry.svc:5000/demo/helloworld:latest"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: knative-tutorial-greeter-image-dev
spec:
  type: image
  params:
  - name: url
    value: "image-registry.openshift-image-registry.svc:5000/dev/helloworld:latest"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: knative-tutorial-greeter-image-prod
spec:
  type: image
  params:
  - name: url
    value: "image-registry.openshift-image-registry.svc:5000/prod/helloworld:latest"
---
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
  name: cli-pipeline
spec:
  params:
  - name: package
    description: package to release
    default: github.com/tektoncd/cli
  resources:
  - name: source-repo
    type: git
  tasks:
    - name: lint
      taskRef:
        name: golangci-lint
      params:
        - name: package
          value: $(params.package)
        - name: flags
          value: -v
      resources:
        inputs:
          - name: source
            resource: source-repo
    - name: unit-tests
      runAfter: [lint]
      taskRef:
        name: golang-test
      params:
        - name: package
          value: $(params.package)
      resources:
        inputs:
          - name: source
            resource: source-repo
    - name: build
      runAfter: [lint]
      taskRef:
        name: golang-build
      params:
        - name: package
          value: $(params.package)
      resources:
        inputs:
          - name: source
            resource: source-repo

tests.yaml

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: golang-test
spec:
  inputs:
    params:
    - name: package
      description: package (and its children) under test
    - name: packages
      description: "packages to test (default: ./...)"
      default: "./..."
    - name: version
      description: golang version to use for tests
      default: "1.12"
    - name: flags
      description: flags to use for the test command
      default: -race -cover -v
    - name: GOOS
      description: "running program's operating system target"
      default: linux
    - name: GOARCH
      description: "running program's architecture target"
      default: amd64
    - name: GO111MODULE
      description: "value of module support"
      default: auto
    resources:
    - name: source
      type: git
      targetPath: src/$(inputs.params.package)
  steps:
  - name: unit-test
    image: golang:$(inputs.params.version)
    workingdir: /workspace/src/$(inputs.params.package)
    command:
    - /bin/bash
    args:
    - -c
    - "go test $(inputs.params.flags) $(inputs.params.packages)"
    env:
    - name: GOPATH
      value: /workspace
    - name: GOOS
      value: "$(inputs.params.GOOS)"
    - name: GOARCH
      value: "$(inputs.params.GOARCH)"
    - name: GO111MODULE
      value: "$(inputs.params.GO111MODULE)"

triggers-setup.sh

oc apply -f ./talks/devfest-2019/rbac.yaml
oc apply -f ./talks/devfest-2019/triggers-webhook.yaml

triggers-webhook.yaml

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-triggers-admin
  namespace: demo
rules:
- apiGroups:
  - tekton.dev
  resources:
  - eventlisteners
  - triggerbindings
  - triggertemplates
  - pipelineresources
  verbs:
  - get
- apiGroups:
  - tekton.dev
  resources:
  - pipelineruns
  - pipelineresources
  verbs:
  - create
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tekton-triggers-admin
  namespace: demo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tekton-triggers-admin-binding
  namespace: demo
subjects:
  - kind: ServiceAccount
    name: tekton-triggers-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tekton-triggers-admin
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-triggers-createwebhook
  namespace: demo
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - create
  - update
  - delete
- apiGroups:
  - tekton.dev
  resources:
  - eventlisteners
  verbs:
  - get
  - list
  - create
  - update
  - delete
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - create
  - get
  - list
  - delete
  - update
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tekton-triggers-createwebhook
  namespace: demo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tekton-triggers-createwebhook
  namespace: demo
subjects:
  - kind: ServiceAccount
    name: tekton-triggers-createwebhook
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tekton-triggers-createwebhook

triggers.yaml

apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: build-triggertemplate
  namespace: demo
spec:
  params:
    - name: gitrevision
      description: The git revision
      default: master
    - name: gitrepositoryurl
      description: The git repository url
    - name: namespace
      description: The namespace to create the resources
  resourcetemplates:
    - apiVersion: tekton.dev/v1alpha1
      kind: PipelineResource
      metadata:
        name: git-source-$(uid)
        namespace: $(params.namespace)
      spec:
        type: git
        params:
        - name: revision
          value: $(params.gitrevision)
        - name: url
          value: $(params.gitrepositoryurl)
    - apiVersion: tekton.dev/v1alpha1
      kind: PipelineRun
      metadata:
        name: build-pipeline-run-$(uid)
        namespace: $(params.namespace)
      spec:
        serviceAccount: pipeline
        serviceAccounts:
          - taskName: deploy-kn-service
            serviceAccount: kn-deployer-account
        pipelineRef:
          name: build-pipeline
        resources:
          - name: appSource
            resourceRef:
              name: git-source-$(uid)
          - name: demoImage
            resourceRef:
              name: knative-tutorial-greeter-image
          - name: appImage
            resourceRef:
              name: knative-tutorial-greeter-image-dev
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: build-pipelinebinding
  namespace: demo
spec:
  params:
    - name: gitrevision
      value: $(body.head_commit.id)
    - name: namespace
      value: demo
    - name: gitrepositoryurl
      value: "https://github.com/$(body.repository.full_name)"
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: deploy-triggertemplate
  namespace: demo
spec:
  params:
    - name: from
      description: namespace from
      default: dev
    - name: to
      description: namespace to
      default: prod
    - name: namespace
      description: The namespace to create the resources
  resourcetemplates:
    - apiVersion: tekton.dev/v1alpha1
      kind: PipelineRun
      metadata:
        name: deploy-pipeline-run-$(uid)
        namespace: $(params.namespace)
      spec:
        serviceAccount: pipeline
        serviceAccounts:
          - taskName: deploy-kn-service
            serviceAccount: kn-deployer-account
        pipelineRef:
          name: deploy-pipeline
        params:
          - name: from-namespace
            value: $(params.from)
          - name: to-namespace
            value: $(params.to)
        resources:
          - name: appImage
            resourceRef:
              name: knative-tutorial-greeter-image-prod
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: deploy-pipelinebinding
  namespace: demo
spec:
  params:
    - name: from
      value: $(body.from)
    - name: to
      value: $(body.to)
    - name: namespace
      value: demo
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
  name: build
  namespace: demo
spec:
  serviceAccountName: tekton-triggers-admin
  triggers:
    - binding:
        name: build-pipelinebinding
      template:
        name: build-triggertemplate
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
  name: deploy
  namespace: demo
spec:
  serviceAccountName: tekton-triggers-admin
  triggers:
    - binding:
        name: deploy-pipelinebinding
      template:
        name: deploy-triggertemplate