From 69bdcbbecd516440b18ddf5956f9a60fae9e2502 Mon Sep 17 00:00:00 2001 From: Luke Kingland Date: Mon, 30 Jun 2025 16:50:16 +0900 Subject: [PATCH] ci: install Tekton and PAC in cluster by default (#2896) * ci: install Tekton and PAC in cluster by default * add PAC and Tekton to hack script versions * fix tekton affinity workaround --- .github/workflows/ci.yaml | 2 - .../workflows/test-e2e-oncluster-runtime.yaml | 2 - .github/workflows/test-e2e-oncluster.yaml | 2 - .github/workflows/test-integration.yaml | 4 -- docs/building-functions/on_cluster_build.md | 6 +- hack/allocate.sh | 66 +++++++++++++++++++ hack/cmd/update-knative-components/main.go | 51 +++++++------- .../update-knative-components/main_test.go | 12 +++- hack/component-versions.json | 4 +- hack/component-versions.sh | 2 + hack/install-pac.sh | 66 ------------------- hack/install-tekton.sh | 50 -------------- test/README.md | 11 +--- 13 files changed, 114 insertions(+), 164 deletions(-) delete mode 100755 hack/install-pac.sh delete mode 100755 hack/install-tekton.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9ff9b2122..48fe7f99a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -171,8 +171,6 @@ jobs: echo "------------------ finished! attempt $attempt ------------------" - name: Setup testing images run: ./hack/setup-testing-images.sh - - name: Deploy Tekton - run: ./hack/install-tekton.sh - name: Deploy Test Git Server run: ./hack/install-git-server.sh - name: E2E On Cluster Test diff --git a/.github/workflows/test-e2e-oncluster-runtime.yaml b/.github/workflows/test-e2e-oncluster-runtime.yaml index f57099976..ca5ad0726 100644 --- a/.github/workflows/test-e2e-oncluster-runtime.yaml +++ b/.github/workflows/test-e2e-oncluster-runtime.yaml @@ -42,8 +42,6 @@ jobs: echo "------------------ finished! attempt $attempt ------------------" - name: Setup testing images run: ./hack/setup-testing-images.sh - - name: Deploy Tekton - run: ./hack/install-tekton.sh - name: Deploy Test Git Server run: ./hack/install-git-server.sh - name: E2E On Cluster Test (Runtimes) diff --git a/.github/workflows/test-e2e-oncluster.yaml b/.github/workflows/test-e2e-oncluster.yaml index 625879d25..cc2ea4aa4 100644 --- a/.github/workflows/test-e2e-oncluster.yaml +++ b/.github/workflows/test-e2e-oncluster.yaml @@ -40,8 +40,6 @@ jobs: echo "------------------ finished! attempt $attempt ------------------" - name: Setup testing images run: ./hack/setup-testing-images.sh - - name: Deploy Tekton - run: ./hack/install-tekton.sh - name: Deploy Test Git Server run: ./hack/install-git-server.sh - name: E2E On Cluster Test diff --git a/.github/workflows/test-integration.yaml b/.github/workflows/test-integration.yaml index 9a3952e6e..590ec28c5 100644 --- a/.github/workflows/test-integration.yaml +++ b/.github/workflows/test-integration.yaml @@ -52,10 +52,6 @@ jobs: run: ./hack/registry.sh - name: Setup testing images run: ./hack/setup-testing-images.sh - - name: Install Tekton - run: ./hack/install-tekton.sh - - name: Install Pipelines as Code - run: ./hack/install-pac.sh - name: Install Gitlab run: ./hack/install-gitlab.sh - name: Patch Hosts diff --git a/docs/building-functions/on_cluster_build.md b/docs/building-functions/on_cluster_build.md index 47e75d1c2..3a163cdba 100644 --- a/docs/building-functions/on_cluster_build.md +++ b/docs/building-functions/on_cluster_build.md @@ -3,7 +3,11 @@ This guide describes how you can build a Function on Cluster with Tekton Pipelines. The on cluster build is enabled by fetching Function source code from a remote Git repository. Buildpacks or S2I builder strategy can be used to build the Function image. ## Prerequisite -1. Install Tekton Pipelines on the cluster. Please refer to [Tekton Pipelines documentation](https://github.com/tektoncd/pipeline/blob/main/docs/install.md) or run the following command: +1. Install Tekton Pipelines on the cluster. + + **Note:** If you're using `./hack/allocate.sh` for development/testing, Tekton and PAC are automatically installed. + + For production environments, please refer to [Tekton Pipelines documentation](https://github.com/tektoncd/pipeline/blob/main/docs/install.md) or run the following command: ```bash kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml ``` diff --git a/hack/allocate.sh b/hack/allocate.sh index 3c901e7c3..b82f65258 100755 --- a/hack/allocate.sh +++ b/hack/allocate.sh @@ -37,12 +37,14 @@ main() { echo "evt: Eventing and Namespace" echo "reg: Local Registry" echo "dpr: Dapr Runtime" + echo "tkt: Tekton Pipelines" echo "" ( set -o pipefail; (serving && dns && networking) 2>&1 | sed -e 's/^/svr /')& ( set -o pipefail; (eventing && namespace) 2>&1 | sed -e 's/^/evt /')& ( set -o pipefail; registry 2>&1 | sed -e 's/^/reg /') & ( set -o pipefail; dapr_runtime 2>&1 | sed -e 's/^/dpr /')& + ( set -o pipefail; (tekton && pac) 2>&1 | sed -e 's/^/tkt /')& local job for job in $(jobs -p); do @@ -368,6 +370,70 @@ EOF echo "${green}✅ Dapr Runtime${reset}" } +tekton() { + echo "${blue}Installing Tekton ${tekton_version} ${reset}" + + tekton_release="previous/${tekton_version}" + namespace="${NAMESPACE:-default}" + + $KUBECTL apply -f "https://storage.googleapis.com/tekton-releases/pipeline/${tekton_release}/release.yaml" + sleep 10 + $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-controller" + $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-webhook" + sleep 10 + + $KUBECTL create clusterrolebinding "${namespace}:knative-serving-namespaced-admin" --clusterrole=knative-serving-namespaced-admin --serviceaccount="${namespace}:default" + + # TEMPORARY WORKAROUND: Disable affinity assistant to prevent pod scheduling issues + # This is a workaround for issues where affinity assistant pod names don't match + # what's expected by task pods, causing them to fail scheduling. + # Related issues: + # - https://github.com/tektoncd/pipeline/issues/6740 + # - https://github.com/tektoncd/pipeline/issues/7503 + # TODO: Remove this workaround once the underlying Tekton issue is resolved + echo "${blue}- Disabling affinity assistant (temporary workaround)${reset}" + $KUBECTL patch configmap feature-flags -n tekton-pipelines \ + -p '{"data":{"disable-affinity-assistant":"true"}}' \ + --type=merge + + echo "${green}✅ Tekton${reset}" +} + +pac() { + echo "${blue}Installing PAC (Pipelines-as-Code) ${pac_version} ${reset}" + + local -r pac_ctr_host="${PAC_CONTROLLER_HOSTNAME:-pac-ctr.127.0.0.1.sslip.io}" + + # Install Pipelines as Code + $KUBECTL apply -f "https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-${pac_version}/release.k8s.yaml" + sleep 5 + $KUBECTL wait pod --for=condition=Ready -l '!job-name' -n pipelines-as-code --timeout=5m + + # Install ingress for the PaC controller. This is used by VCS Webhooks. + $KUBECTL apply -f - << EOF +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pipelines-as-code + namespace: pipelines-as-code +spec: + ingressClassName: contour-external + rules: + - host: ${pac_ctr_host} + http: + paths: + - backend: + service: + name: pipelines-as-code-controller + port: + number: 8080 + pathType: Prefix + path: / +EOF + echo "the Pipeline as Code controller is available at: http://${pac_ctr_host}" + echo "${green}✅ PAC${reset}" +} + next_steps() { echo -e "" echo -e "${blue}Next Steps${reset}" diff --git a/hack/cmd/update-knative-components/main.go b/hack/cmd/update-knative-components/main.go index f1162e0e8..bd4ad77e0 100644 --- a/hack/cmd/update-knative-components/main.go +++ b/hack/cmd/update-knative-components/main.go @@ -1,3 +1,23 @@ +// Package main implements a tool for automatically updating component +// versions for use in the hack/* scripts. +// +// Files interacted with: +// 1. The source-of-truth file at hack/component-versions.json +// 2. Autogenerated script at hack/component-versions.sh +// +// Usage: +// +// Most of the time this file will be used in a workflow that will run +// on scheduled basis checking if a new latest version of corresponding +// components exists (check components in 'Versions' struct). Please note that +// KindNode is NOT being updated programmatically at this time. +// When new latest version is detected, the program will create a PR in +// knative/func repository with the latest changes allowing the CI/CD workflows +// to run automatically before using the latest in main branch. +// +// Alternative use: You can run this file from hack/ directory to locally +// regenerate 2 files mentioned above (if you made some changes etc.) - you can +// use the root Makefile for your convenience -- 'make regenerate-kn-components' package main import ( @@ -14,31 +34,6 @@ import ( github "github.com/google/go-github/v68/github" ) -// -------------------------------------------------------------------------- \\ -// ---------------------------- File description ---------------------------- \\ -// -// #update-knative-components/main.go -- This file takes care of updating -// knative components programatically. -// -// Files interacted with: -// 1) The source-of-truth file and its content can be found at -// root/hack/component-versions.json -// 2) autogenerated script in root/hack/component-versions.sh (2 directories up) -// -// How to use this file: -// Most of the time this file will be used in a workflow that will run -// on scheduled basis checking if a new latest version of corresponding -// components exists (check components in 'Versions' struct). Please note that -// KindNode is NOT being updated programatically at this time. -// When new latest version is detected, the program will create a PR in -// knative/func repository with the latest changes allowing the CI/CD workflows -// to run automatically before using the latest in main branch. -// Alternative use: You can run this file from hack/ directory to locally -// regenerate 2 files mentioned above (if you made some changes etc.) - you can -// use the root Makefile for your convenience -- 'make regenerate-kn-components' -// -// -------------------------------------------------------------------------- \\ - const ( fileScript string = "component-versions.sh" fileJson string = "component-versions.json" @@ -59,6 +54,8 @@ set_versions() { knative_serving_version="{{.Serving}}" knative_eventing_version="{{.Eventing}}" contour_version="{{.Contour}}" + tekton_version="{{.Tekton}}" + pac_version="{{.Pac}}" } ` ) @@ -69,6 +66,8 @@ type Versions struct { Serving string Eventing string Contour string + Tekton string + Pac string } func main() { @@ -367,7 +366,7 @@ func prExists(ctx context.Context, c *github.Client, title string) (bool, error) // -------------------------------------------------------------------------- \\ // -------------------------------------------------------------------------- \\ -// This is used when running this file with 1st argument "generate". +// This is used when running this file with 1st argument "local". // Regenerate written files (source (.json) & autogenerated .sh file) // Generally you wont use this, but in case you make local changes to the // files, you can simply regenerate them with this diff --git a/hack/cmd/update-knative-components/main_test.go b/hack/cmd/update-knative-components/main_test.go index 37eb57f45..b16901f6c 100644 --- a/hack/cmd/update-knative-components/main_test.go +++ b/hack/cmd/update-knative-components/main_test.go @@ -25,6 +25,8 @@ set_versions() { knative_serving_version="v1.2.3" knative_eventing_version="v1.4.5" contour_version="v1.4.6" + tekton_version="v0.56.4" + pac_version="v0.24.6" } ` @@ -32,7 +34,9 @@ const expectedJson string = `{ "KindNode": "v1.30", "Serving": "v1.2.3", "Eventing": "v1.4.5", - "Contour": "v1.4.6" + "Contour": "v1.4.6", + "Tekton": "v0.56.4", + "Pac": "v0.24.6" } ` @@ -44,7 +48,9 @@ func TestRead(t *testing.T) { "Serving": "v1.14", "Eventing": "v1.15", "Contour": "v1.61", - "KindNode": "1.3456" + "KindNode": "1.3456", + "Tekton": "v0.50.0", + "Pac": "v0.20.0" } ` tmpJson := path.Join(dir, "json.json") @@ -72,6 +78,8 @@ func TestWrite(t *testing.T) { Eventing: "v1.4.5", Contour: "v1.4.6", KindNode: "v1.30", + Tekton: "v0.56.4", + Pac: "v0.24.6", } // write to script (generate it) diff --git a/hack/component-versions.json b/hack/component-versions.json index f32bc0207..c6de6701e 100644 --- a/hack/component-versions.json +++ b/hack/component-versions.json @@ -2,5 +2,7 @@ "KindNode": "v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027", "Serving": "v1.18.1", "Eventing": "v1.18.1", - "Contour": "v1.18.0" + "Contour": "v1.18.0", + "Tekton": "v0.56.4", + "Pac": "v0.24.6" } diff --git a/hack/component-versions.sh b/hack/component-versions.sh index d52e2154a..f919a20c7 100644 --- a/hack/component-versions.sh +++ b/hack/component-versions.sh @@ -14,4 +14,6 @@ set_versions() { knative_serving_version="v1.18.1" knative_eventing_version="v1.18.1" contour_version="v1.18.0" + tekton_version="v0.56.4" + pac_version="v0.24.6" } diff --git a/hack/install-pac.sh b/hack/install-pac.sh deleted file mode 100755 index 81a83134e..000000000 --- a/hack/install-pac.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/env bash - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Installs the Pipelines-as-code controller -# - -source "$(dirname "$(realpath "$0")")/common.sh" - -function install_pac() { - echo "${blue}Installing the Pipelines-as-Code Controller${reset}" - - local -r pac_ctr_host="${PAC_CONTROLLER_HOSTNAME:-pac-ctr.127.0.0.1.sslip.io}" - local -r pac_version="v0.24.6" - - # Install Pipelines as Code - $KUBECTL apply -f "https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/release-${pac_version}/release.k8s.yaml" - sleep 5 - $KUBECTL wait pod --for=condition=Ready -l '!job-name' -n pipelines-as-code --timeout=5m - - # Install ingress for the PaC controller. This is used by VCS Webhooks. - $KUBECTL apply -f - << EOF -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: pipelines-as-code - namespace: pipelines-as-code -spec: - ingressClassName: contour-external - rules: - - host: ${pac_ctr_host} - http: - paths: - - backend: - service: - name: pipelines-as-code-controller - port: - number: 8080 - pathType: Prefix - path: / -EOF - echo "the Pipeline as Code controller is available at: http://${pac_ctr_host}" - echo "${green}✅ PAC${reset}" -} - -if [ "$0" = "${BASH_SOURCE[0]}" ]; then - set -o errexit - set -o nounset - set -o pipefail - - function main() { - install_pac - } - main "$@" -fi diff --git a/hack/install-tekton.sh b/hack/install-tekton.sh deleted file mode 100755 index 80ea72b52..000000000 --- a/hack/install-tekton.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env bash - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Install Tekton and required tasks in the cluster -# - -source "$(dirname "$(realpath "$0")")/common.sh" - -install_tekton() { - echo "${blue}Installing Tekton${reset}" - - tekton_release="previous/v0.56.4" - namespace="${NAMESPACE:-default}" - - $KUBECTL apply -f "https://storage.googleapis.com/tekton-releases/pipeline/${tekton_release}/release.yaml" - $KUBECTL patch cm/feature-flags -n tekton-pipelines --patch '{"data":{"disable-affinity-assistant":"true"}}' - sleep 10 - $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-controller" - $KUBECTL wait pod --for=condition=Ready --timeout=180s -n tekton-pipelines -l "app=tekton-pipelines-webhook" - sleep 10 - - $KUBECTL create clusterrolebinding "${namespace}:knative-serving-namespaced-admin" --clusterrole=knative-serving-namespaced-admin --serviceaccount="${namespace}:default" - - echo "${green}✅ Tekton${reset}" -} - -# Invoke only when run directly -# Be a library when sourced -if [ "$0" = "${BASH_SOURCE[0]}" ]; then - set -o errexit - set -o nounset - set -o pipefail - - function main() { - install_tekton - } - main "$@" -fi diff --git a/test/README.md b/test/README.md index 402c679d4..c634a7668 100644 --- a/test/README.md +++ b/test/README.md @@ -27,12 +27,8 @@ a Kubernetes Cluster with the following deployed: - Tekton Tasks listed [here](../docs/reference/on_cluster_build.md) - Embedded Git Server (`func-git`) used by tests -For your convenience you can run the following script to setup Tekton and required Tasks: -``` -$ ./hack/install-tekton.sh -``` - -To install the Git Server required by tests, run: +When using `./hack/allocate.sh` to create a test cluster, Tekton and PAC (Pipelines-as-Code) +are automatically installed. You only need to install the Git Server: ``` $ ./hack/install-git-server.sh ``` @@ -42,8 +38,7 @@ $ ./hack/install-git-server.sh The below instructions will run all the tests on KinD using an **ephemeral** container registry. ``` # Pre-Reqs -./hack/allocate.sh -./hack/install-tekton.sh +./hack/allocate.sh # This automatically installs Tekton and PAC ./hack/install-git-server.sh make build