├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── chartmuseum-values.yaml ├── cloudformation ├── demo-code-bucket.yaml └── demo-infra.yaml ├── docker ├── cloner │ └── Dockerfile └── maven-builder │ └── Dockerfile ├── eks-cluster-iam-config.yaml ├── eks-cluster-template.yaml ├── helm-springboot ├── .helmignore ├── Chart.yaml ├── README.md ├── templates │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── ingress.yaml │ └── service.yaml └── values.yaml ├── install.sh ├── tekton-demo-app-build ├── .classpath ├── .project ├── .settings │ ├── org.eclipse.core.resources.prefs │ ├── org.eclipse.jdt.apt.core.prefs │ ├── org.eclipse.jdt.core.prefs │ └── org.eclipse.m2e.core.prefs ├── pom.xml └── src │ └── main │ ├── java │ └── com.amazon.tektondemo │ │ ├── GreetingController.java │ │ └── ServingWebContentApplication.java │ └── resources │ ├── application.properties │ ├── static │ ├── css │ │ └── styles.css │ └── img │ │ └── tekton-icon.png │ └── templates │ └── greeting.html ├── tekton-demo-app-deploy ├── .helmignore ├── Chart.yaml ├── README.md ├── requirements.yaml └── values.yaml ├── tekton-pipeline-demo-k8s-artifacts ├── .helmignore ├── Chart.yaml ├── templates │ ├── argocd │ │ ├── apps-ns.yaml │ │ ├── codecommit-creds.yaml │ │ ├── codecommit-repo.yaml │ │ ├── demo-app.yaml │ │ └── lb-config.yaml │ ├── chartmuseum │ │ └── ingress.yaml │ ├── tekton-dashboard │ │ └── ingress.yaml │ ├── tekton-pipelines │ │ ├── artifact-store.yaml │ │ ├── codecommit-creds.yaml │ │ ├── docker-config.yaml │ │ ├── image-instructions.yaml │ │ ├── mvn-settings.yaml │ │ ├── simple-maven-build.yaml │ │ ├── storage-class.yaml │ │ └── tekton-tasks │ │ │ ├── clone.yaml │ │ │ ├── deploy.yaml │ │ │ ├── img-build.yaml │ │ │ └── mvn-build.yaml │ └── tekton-triggers │ │ ├── binding.yaml │ │ ├── cluster-role-binding.yaml │ │ ├── cluster-role.yaml │ │ ├── event-listener.yaml │ │ ├── ingress.yaml │ │ ├── role-binding.yaml │ │ ├── role.yaml │ │ ├── sa.yaml │ │ └── template.yaml └── values.yaml ├── tekton-webhook-middleware ├── go.mod ├── go.sum └── main.go └── uninstall.sh /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Compiled source # 3 | ################### 4 | *.com 5 | *.class 6 | *.dll 7 | *.exe 8 | *.o 9 | *.so 10 | 11 | # Packages # 12 | ############ 13 | # it's better to unpack these files and commit the raw source 14 | # git has its own built in compression methods 15 | *.7z 16 | *.dmg 17 | *.gz 18 | *.iso 19 | *.jar 20 | *.rar 21 | *.tar 22 | *.zip 23 | 24 | # OS generated files # 25 | ###################### 26 | .DS_Store 27 | .DS_Store? 28 | ._* 29 | .Spotlight-V100 30 | .Trashes 31 | ehthumbs.db 32 | Thumbs.db -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | software and associated documentation files (the "Software"), to deal in the Software 5 | without restriction, including without limitation the rights to use, copy, modify, 6 | merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # aws-pipeline-demo-with-tekton 2 | 3 | This repository contains the demo resources discussed in the blog post [Cloud Native CI/CD with Tekton and ArgoCD on AWS](https://aws.amazon.com/blogs/containers/cloud-native-ci-cd-with-tekton-and-argocd-on-aws/). 4 | 5 | The code provided is for demo purposes only and not ready for production. 6 | 7 | ## Prerequisites 8 | This demo requires multiple tools to be installed on your machine. 9 | 10 | Please make sure that the following tools are installed and ready to use: 11 | 12 | - [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) 13 | - [eksctl](https://eksctl.io/introduction/#installation) 14 | - [kubectl](https://kubernetes.io/docs/tasks/tools/) 15 | - [Helm](https://helm.sh/docs/intro/install/) 16 | - [aws-iam-authenticator](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) 17 | - [jq](https://stedolan.github.io/jq/download/) 18 | - [Golang](https://go.dev/dl/) 19 | - [Docker](https://www.docker.com/products/docker-desktop) 20 | - [envsubst](https://formulae.brew.sh/formula/gettext) 21 | 22 | Further we suggest to use a dedicated AWS account. 23 | The install script should be executed with the credentials of an Admin user. 24 | 25 | The following articles provide guidance to setup an AWS Account and configure the required Admin user: 26 | 27 | - [Create an AWS Account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) 28 | - [Create an Admin User](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html) 29 | - [Setup your CLI credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html) 30 | 31 | Please note that the tests were made within the eu-central-1 (Frankfurt) region and a VPC that had subnets deployed into 3 availability zones. Further the installation took place from a computer with the MacOS operating system installed 32 | 33 | Next a Kubernetes cluster is required in order to deploy Tekton and other related resources. In order to work with the demo script please use the official eksctl command line tool to create the cluster. 34 | Please find below the required steps in order to create a cluster (cluster config file can be found in the root folder of the repository): 35 | 36 | ```console 37 | $ eksctl create cluster -f eks-cluster-config.yaml 38 | ``` 39 | 40 | Please wait until the cluster has been provisioned successfully and you obtained the kubeconfig file. 41 | You can test the successfull installation by running: 42 | 43 | ```console 44 | $ eksctl get clusters 45 | $ kubectl get nodes 46 | ``` 47 | 48 | If both of the above commands completed successfully please continue with the installation steps. 49 | 50 | ## Install demo environment 51 | 52 | Clone the repository and run the installation script: 53 | 54 | ```console 55 | $ git clone https://github.com/aws-samples/aws-pipeline-demo-with-tekton.git 56 | $ cd aws-pipeline-demo-with-tekton 57 | $ chmod u+x install.sh 58 | $ ./install.sh 59 | ``` 60 | Please note that the script requires your public ip address to continue. This ip address will be used to restrict the access to the resources deployed through the script. 61 | 62 | The script installs the environment and takes approximately 10 minutes to complete (depends on your internet connectivity). Please keep your Terminal open until everyhting is installed and the output section is displayed. 63 | 64 | ## Uninstall 65 | 66 | To uninstall all resources, please switch back into the root folder: 67 | 68 | ```console 69 | $ cd aws-tekton-pipeline-demo 70 | $ chmod u+x uninstall.sh 71 | $ ./uninstall.sh 72 | ``` 73 | 74 | Wait until all resources have been removed. We suggest to double check your AWS account for not cleaned up resources which needs to be removed manually. 75 | Especially the cluster needs to be removed manually. 76 | 77 | ## Security 78 | 79 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 80 | 81 | ## License 82 | 83 | This library is licensed under the MIT-0 License. See the LICENSE file. 84 | 85 | -------------------------------------------------------------------------------- /chartmuseum-values.yaml: -------------------------------------------------------------------------------- 1 | env: 2 | open: 3 | STORAGE: amazon 4 | STORAGE_AMAZON_BUCKET: $TEKTON_DEMO_CHARTMUSEUM_BUCKET 5 | STORAGE_AMAZON_PREFIX: 6 | STORAGE_AMAZON_REGION: $AWS_REGION 7 | AWS_SDK_LOAD_CONFIG: true 8 | DISABLE_API: false 9 | serviceAccount: 10 | create: false 11 | name: chartmuseum-sa 12 | securityContext: 13 | enabled: true 14 | fsGroup: 65534 15 | service: 16 | type: NodePort -------------------------------------------------------------------------------- /cloudformation/demo-code-bucket.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: "2010-09-09" 3 | Description: "This cloudformation template creates the buckets required for the Tekton pipeline demo" 4 | 5 | Resources: 6 | TektonDemoCodeBucket: 7 | Type: AWS::S3::Bucket 8 | Properties: 9 | Tags: 10 | - Key: project 11 | Value: tekton-pipeline-demo 12 | 13 | TektonDemoChartMuseumBucket: 14 | Type: AWS::S3::Bucket 15 | Properties: 16 | Tags: 17 | - Key: project 18 | Value: tekton-pipeline-demo 19 | 20 | TektonDemoServiceAccountChartPolicy: 21 | Type: AWS::IAM::ManagedPolicy 22 | Properties: 23 | PolicyDocument: 24 | Version: "2012-10-17" 25 | Statement: 26 | - Effect: Allow 27 | Action: 28 | - s3:ListBucket 29 | Resource: !Sub "${TektonDemoChartMuseumBucket.Arn}" 30 | - Effect: Allow 31 | Action: 32 | - s3:DeleteObject 33 | - s3:GetObject 34 | - s3:PutObject 35 | Resource: !Sub "${TektonDemoChartMuseumBucket.Arn}/*" 36 | 37 | Outputs: 38 | CodeBucket: 39 | Description: "" 40 | Value: !Ref TektonDemoCodeBucket 41 | ChartmuseumBucket: 42 | Description: "" 43 | Value: !Ref TektonDemoChartMuseumBucket 44 | PolicyArnForChartMuseumSa: 45 | Description: "" 46 | Value: !Ref TektonDemoServiceAccountChartPolicy -------------------------------------------------------------------------------- /cloudformation/demo-infra.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: "2010-09-09" 3 | Description: "This cloudformation template creates all resources required for the Tekton pipeline demo" 4 | 5 | Parameters: 6 | TektonDemoSourceBucket: 7 | Type: String 8 | Description: "Name of the bucket which contains the source code for the demo" 9 | TektonDemoClusterSubnets: 10 | Type: String 11 | Description: "EKS cluster private subnets identifiers" 12 | TektonDemoClusterVpc: 13 | Type: String 14 | Description: "EKS cluster vpc identifier" 15 | AllowedIpAddress: 16 | Type: String 17 | Description: "Client ip address" 18 | 19 | Resources: 20 | TektonDemoBuildRepo: 21 | Type: AWS::CodeCommit::Repository 22 | Properties: 23 | RepositoryName: "tekton-demo-app-build" 24 | Triggers: 25 | - Name: LambdaFunctionTrigger 26 | Events: 27 | - "all" 28 | Branches: 29 | - "master" 30 | CustomData: "tekton-demo-app-build" 31 | DestinationArn: !GetAtt TektonDemoWebhookFunction.Arn 32 | Code: 33 | BranchName: master 34 | S3: 35 | Bucket: !Ref TektonDemoSourceBucket 36 | Key: tekton-pipeline-demo-app-code.zip 37 | Tags: 38 | - Key: project 39 | Value: tekton-pipeline-demo 40 | 41 | TektonDemoDeployRepo: 42 | Type: AWS::CodeCommit::Repository 43 | Properties: 44 | RepositoryName: "tekton-demo-app-deploy" 45 | Code: 46 | BranchName: master 47 | S3: 48 | Bucket: !Ref TektonDemoSourceBucket 49 | Key: tekton-pipeline-demo-deploy-code.zip 50 | Tags: 51 | - Key: project 52 | Value: tekton-pipeline-demo 53 | 54 | TektonDemoArtifactDomain: 55 | Type: AWS::CodeArtifact::Domain 56 | Properties: 57 | DomainName: tekton-demo-domain 58 | Tags: 59 | - Key: project 60 | Value: tekton-pipeline-demo 61 | 62 | TektonDemoArtifactUpstream: 63 | Type: AWS::CodeArtifact::Repository 64 | Properties: 65 | DomainName: !GetAtt TektonDemoArtifactDomain.Name 66 | RepositoryName: maven-central-store 67 | ExternalConnections: 68 | - public:maven-central 69 | Tags: 70 | - Key: project 71 | Value: tekton-pipeline-demo 72 | 73 | TektonDemoArtifactRepo: 74 | Type: AWS::CodeArtifact::Repository 75 | Properties: 76 | DomainName: !GetAtt TektonDemoArtifactDomain.Name 77 | RepositoryName: tekton-demo-repository 78 | Upstreams: 79 | - !GetAtt TektonDemoArtifactUpstream.Name 80 | Tags: 81 | - Key: project 82 | Value: tekton-pipeline-demo 83 | 84 | TektonDemoImageRepo: 85 | Type: AWS::ECR::Repository 86 | Properties: 87 | RepositoryName: "tekton-demo-app" 88 | Tags: 89 | - Key: project 90 | Value: tekton-pipeline-demo 91 | 92 | TektonDemoImageClonerRepo: 93 | Type: AWS::ECR::Repository 94 | Properties: 95 | RepositoryName: "cloner" 96 | Tags: 97 | - Key: project 98 | Value: tekton-pipeline-demo 99 | 100 | TektonDemoImageMavenBuilderRepo: 101 | Type: AWS::ECR::Repository 102 | Properties: 103 | RepositoryName: "maven-builder" 104 | Tags: 105 | - Key: project 106 | Value: tekton-pipeline-demo 107 | 108 | TektonDemoWebhookRole: 109 | Type: AWS::IAM::Role 110 | Properties: 111 | AssumeRolePolicyDocument: 112 | Version: '2012-10-17' 113 | Statement: 114 | - Effect: Allow 115 | Principal: 116 | Service: 117 | - lambda.amazonaws.com 118 | Action: 119 | - 'sts:AssumeRole' 120 | Path: / 121 | ManagedPolicyArns: 122 | - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 123 | - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole 124 | 125 | TektonDemoWebhookPermission: 126 | Type: AWS::Lambda::Permission 127 | Properties: 128 | Action: lambda:InvokeFunction 129 | FunctionName: !Ref TektonDemoWebhookFunction 130 | Principal: codecommit.amazonaws.com 131 | SourceAccount: !Ref AWS::AccountId 132 | SourceArn: !GetAtt TektonDemoBuildRepo.Arn 133 | 134 | TektonDemoWebhookFunction: 135 | Type: AWS::Lambda::Function 136 | Properties: 137 | FunctionName: TektonPipelineDemoWebhook 138 | Code: 139 | S3Bucket: !Ref TektonDemoSourceBucket 140 | S3Key: tekton-pipeline-demo-webhook-code.zip 141 | Handler: tekton-webhook-middleware 142 | Runtime: go1.x 143 | Role: !GetAtt TektonDemoWebhookRole.Arn 144 | VpcConfig: 145 | SecurityGroupIds: 146 | - !GetAtt TektonDemoWebhookSecurityGroup.GroupId 147 | SubnetIds: 148 | - !Select [ 0, !Split [ ",", !Ref TektonDemoClusterSubnets ] ] 149 | - !Select [ 1, !Split [ ",", !Ref TektonDemoClusterSubnets ] ] 150 | - !Select [ 2, !Split [ ",", !Ref TektonDemoClusterSubnets ] ] 151 | Tags: 152 | - Key: project 153 | Value: tekton-pipeline-demo 154 | 155 | TektonDemoWebhookSecurityGroup: 156 | Type: AWS::EC2::SecurityGroup 157 | Properties: 158 | VpcId: !Ref TektonDemoClusterVpc 159 | GroupDescription: "sg" 160 | SecurityGroupIngress: 161 | - IpProtocol: tcp 162 | FromPort: 80 163 | ToPort: 80 164 | CidrIp: 192.168.0.0/16 165 | 166 | TektonDemoChartmuseumSecurityGroup: 167 | Type: AWS::EC2::SecurityGroup 168 | Properties: 169 | VpcId: !Ref TektonDemoClusterVpc 170 | GroupDescription: "sg" 171 | SecurityGroupIngress: 172 | - IpProtocol: tcp 173 | FromPort: 80 174 | ToPort: 80 175 | CidrIp: 192.168.0.0/16 176 | 177 | TektonDemoDashboardSecurityGroup: 178 | Type: AWS::EC2::SecurityGroup 179 | Properties: 180 | VpcId: !Ref TektonDemoClusterVpc 181 | GroupDescription: "sg" 182 | SecurityGroupIngress: 183 | - IpProtocol: tcp 184 | FromPort: 80 185 | ToPort: 80 186 | CidrIp: !Sub "${AllowedIpAddress}/32" 187 | 188 | TektonDemoAppSecurityGroup: 189 | Type: AWS::EC2::SecurityGroup 190 | Properties: 191 | VpcId: !Ref TektonDemoClusterVpc 192 | GroupDescription: "sg" 193 | SecurityGroupIngress: 194 | - IpProtocol: tcp 195 | FromPort: 80 196 | ToPort: 80 197 | CidrIp: !Sub "${AllowedIpAddress}/32" 198 | 199 | Outputs: 200 | AppSecurityGroup: 201 | Description: "" 202 | Value: !GetAtt TektonDemoAppSecurityGroup.GroupId 203 | WebhookSecurityGroup: 204 | Description: "" 205 | Value: !GetAtt TektonDemoWebhookSecurityGroup.GroupId 206 | DashboardSecurityGroup: 207 | Description: "" 208 | Value: !GetAtt TektonDemoDashboardSecurityGroup.GroupId 209 | ChartmuseumSecurityGroup: 210 | Description: "" 211 | Value: !GetAtt TektonDemoChartmuseumSecurityGroup.GroupId 212 | WebhookFunctionName: 213 | Description: "" 214 | Value: !Ref TektonDemoWebhookFunction 215 | -------------------------------------------------------------------------------- /docker/cloner/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:latest 2 | RUN apk add --update bash && apk add --update git && apk add --update maven -------------------------------------------------------------------------------- /docker/maven-builder/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3-jdk-8 2 | 3 | RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && ./aws/install 4 | -------------------------------------------------------------------------------- /eks-cluster-iam-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eksctl.io/v1alpha5 2 | kind: ClusterConfig 3 | 4 | metadata: 5 | name: $EKS_CLUSTER_NAME 6 | region: $AWS_REGION 7 | 8 | iam: 9 | withOIDC: true 10 | serviceAccounts: 11 | - metadata: 12 | name: pipeline-sa 13 | namespace: apps-build 14 | attachPolicyARNs: 15 | - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser" 16 | - "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess" 17 | - metadata: 18 | name: chartmuseum-sa 19 | namespace: support 20 | attachPolicyARNs: 21 | - $TEKTON_DEMO_CHARTMUSEUM_POLICY 22 | - metadata: 23 | name: aws-lb-controller-sa 24 | namespace: kube-system 25 | wellKnownPolicies: 26 | awsLoadBalancerController: true 27 | - metadata: 28 | name: ebs-csi-controller-sa 29 | namespace: kube-system 30 | wellKnownPolicies: 31 | ebsCSIController: true 32 | 33 | 34 | -------------------------------------------------------------------------------- /eks-cluster-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eksctl.io/v1alpha5 2 | kind: ClusterConfig 3 | 4 | metadata: 5 | name: tekton-pipeline-demo-cluster 6 | region: eu-central-1 7 | version: "1.18" 8 | tags: 9 | project: tekton-pipeline-demo 10 | 11 | availabilityZones: ["eu-central-1a", "eu-central-1b", "eu-central-1c"] 12 | 13 | managedNodeGroups: 14 | - name: worker-ng-1 15 | instanceType: m5.large 16 | desiredCapacity: 3 17 | volumeSize: 80 18 | labels: 19 | role: workers 20 | tags: 21 | project: tekton-pipeline-demo 22 | 23 | -------------------------------------------------------------------------------- /helm-springboot/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /helm-springboot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A helm chart for spring boot applications 4 | name: helm-springboot 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /helm-springboot/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-pipeline-demo-with-tekton/0b086ff03f247dc09f4e45ff25ee55e2f211c85b/helm-springboot/README.md -------------------------------------------------------------------------------- /helm-springboot/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "app.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "app.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 -}} 16 | {{- else -}} 17 | {{- printf "%s-%s" .Release.Name (include "app.name" .) | trunc 63 | trimSuffix "-" -}} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /helm-springboot/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ .Values.app.name }} 5 | namespace: {{ .Values.app.namespace }} 6 | labels: 7 | app: {{ .Values.app.name }} 8 | spec: 9 | replicas: {{ .Values.replicaCount }} 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: {{ .Values.app.name }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: {{ .Values.app.name }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | spec: 20 | containers: 21 | - name: {{ .Values.app.name }} 22 | image: {{ .Values.image.name }} 23 | imagePullPolicy: {{ .Values.image.pullPolicy }} 24 | securityContext: 25 | runAsUser: 999 26 | ports: 27 | - name: http 28 | containerPort: 8080 29 | protocol: TCP 30 | {{- with .Values.additionalVolumeMounts }} 31 | volumeMounts: 32 | {{- toYaml . | trim | nindent 12 }} 33 | {{- end }} 34 | volumes: 35 | - emptyDir: {} 36 | name: keystore-volume 37 | {{- with .Values.additionalVolumes }} 38 | {{- range . }} 39 | - name: {{ .name }} 40 | {{- if eq .type "pvc" }} 41 | persistentVolumeClaim: 42 | claimName: {{ .sourceName }} 43 | {{- else if eq .type "cm" }} 44 | configMap: 45 | name: {{ .sourceName }} 46 | {{- end }} 47 | {{- end }} 48 | {{- end }} -------------------------------------------------------------------------------- /helm-springboot/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | {{- $svcName := .Values.app.name }} 3 | {{- $svcPort := .Values.service.port }} 4 | {{- $sg := .Values.ingress.sg }} 5 | apiVersion: extensions/v1beta1 6 | kind: Ingress 7 | metadata: 8 | name: {{ .Values.app.name }} 9 | namespace: {{ .Release.Namespace }} 10 | annotations: 11 | kubernetes.io/ingress.class: alb 12 | alb.ingress.kubernetes.io/group.name: apps 13 | alb.ingress.kubernetes.io/scheme: internet-facing 14 | alb.ingress.kubernetes.io/tags: Project=tekton-pipeline-demo 15 | alb.ingress.kubernetes.io/security-groups: {{ $sg }} 16 | spec: 17 | rules: 18 | - http: 19 | paths: 20 | - path: /* 21 | backend: 22 | serviceName: {{ $svcName }} 23 | servicePort: {{ $svcPort }} 24 | {{- end}} 25 | -------------------------------------------------------------------------------- /helm-springboot/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.app.name }} 5 | namespace: {{ .Release.Namespace }} 6 | {{- if .Values.service.annotations }} 7 | annotations: 8 | {{ toYaml .Values.service.annotations | indent 4 }} 9 | {{- end }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: 8080 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app.kubernetes.io/name: {{ .Values.app.name }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} -------------------------------------------------------------------------------- /helm-springboot/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-pipeline-demo-with-tekton/0b086ff03f247dc09f4e45ff25ee55e2f211c85b/helm-springboot/values.yaml -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Define version for third party dependencies 5 | export TEKTON_PIPELINE_VERSION="v0.26.0" 6 | export TEKTON_TRIGGERS_VERSION="v0.14.2" 7 | export TEKTON_DASHBOARD_VERSION="v0.18.1" 8 | export CHARTMUSEUM_VERSION="3.1.0" 9 | export AWS_LB_CONTROLLER_VERSION="1.2.3" 10 | export AWS_EBS_CSI_DRIVER_VERSION="0.9.4" 11 | export ARGOCD_VERSION="v2.0.4" 12 | export EKS_VERSION="1.18" 13 | 14 | # Check for prerequisites 15 | for tool in aws kubectl eksctl aws-iam-authenticator kubectl helm jq envsubst base64 16 | do 17 | if ! [ -x "$(command -v $tool)" ]; then 18 | echo "[ERROR] $(date +"%T") $tool is not installed. Please install $tool before running the script again" >&2 19 | exit 1 20 | fi 21 | done 22 | 23 | export AWS_AUTHENTICATED_IDENTITY=$(aws sts get-caller-identity | jq -r .Arn | cut -d "/" -f2) 24 | export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account) 25 | export AWS_REGION=$(aws configure get region) 26 | export TMP_FILE=$(mktemp) 27 | export DOCKER_SCAN_SUGGEST=false 28 | 29 | while true; do 30 | read -p "Install resources as $AWS_AUTHENTICATED_IDENTITY within account $AWS_ACCOUNT_ID in region $AWS_REGION [Y/N] " yn 31 | case $yn in 32 | [Yy]* ) break;; 33 | [Nn]* ) exit 1;; 34 | * ) echo "[ERROR] $(date +"%T") Please answer yes [Y|y] or no [N|n]." >&2;; 35 | esac 36 | done 37 | 38 | while true; do 39 | read -p "Please enter your public ip address [XXX.XXX.XXX.XXX] " MY_IP_ADDRESS 40 | if [[ $MY_IP_ADDRESS =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 41 | export MY_IP_ADDRESS && break 42 | else 43 | echo "[ERROR] $(date +"%T") Please insert valid ip address [format: XXX.XXX.XXX.XXX]" >&2 44 | fi 45 | done 46 | 47 | while true; do 48 | read -p "Please enter the name of your EKS Cluster () " EKS_CLUSTER_NAME 49 | EKS_CLUSTER_STACK="eksctl-${EKS_CLUSTER_NAME}-cluster" 50 | if [[ $(aws cloudformation describe-stacks --stack-name="$EKS_CLUSTER_STACK" | jq -r '.Stacks[0].StackStatus') = "CREATE_COMPLETE" ]]; then 51 | export EKS_CLUSTER_STACK && export EKS_CLUSTER_NAME && break 52 | else 53 | echo "[ERROR] $(date +"%T") Invalid Cluster Name provided or cluster not yet ready" >&2 54 | fi 55 | done 56 | 57 | echo $EKS_CLUSTER_STACK 58 | echo $EKS_CLUSTER_NAME 59 | echo $AWS_REGION 60 | 61 | # Generate GIT Credentials for CodeCommit 62 | echo "[INFO] $(date +"%T") Create git credentials for user ${AWS_AUTHENTICATED_IDENTITY}..." 63 | export TEKTON_DEMO_GIT_PASSWORD_RAW=$(aws iam create-service-specific-credential --service-name codecommit.amazonaws.com --user-name $AWS_AUTHENTICATED_IDENTITY | jq -r .ServiceSpecificCredential.ServicePassword) 64 | export TEKTON_DEMO_GIT_PASSWORD=$(echo -n $TEKTON_DEMO_GIT_PASSWORD_RAW | jq -Rr @uri) 65 | export TEKTON_DEMO_GIT_USERNAME=$(aws iam list-service-specific-credentials --service-name codecommit.amazonaws.com --user-name ${AWS_AUTHENTICATED_IDENTITY} | jq -r '.ServiceSpecificCredentials[] | select(.ServiceName == "codecommit.amazonaws.com") | .ServiceUserName') 66 | 67 | # Create stack TetkonDemoBuckets 68 | echo "[INFO] $(date +"%T") Create <> Cloudformation Stack..." 69 | aws cloudformation create-stack --stack-name="TektonDemoBuckets" --template-body file://cloudformation/demo-code-bucket.yaml --capabilities "CAPABILITY_IAM" > /dev/null 70 | aws cloudformation wait stack-create-complete --stack-name="TektonDemoBuckets" 71 | 72 | # Fetch required stack output variables 73 | echo "[INFO] $(date +"%T") Fetch <> Cloudformation Stack output variables..." 74 | export TEKTON_DEMO_CHARTMUSEUM_BUCKET=$(aws cloudformation describe-stacks --stack-name TektonDemoBuckets | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "ChartmuseumBucket") | .OutputValue') 75 | export TEKTON_DEMO_CHARTMUSEUM_POLICY=$(aws cloudformation describe-stacks --stack-name TektonDemoBuckets | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "PolicyArnForChartMuseumSa") | .OutputValue') 76 | export TEKTON_DEMO_CODE_BUCKET=$(aws cloudformation describe-stacks --stack-name TektonDemoBuckets | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "CodeBucket") | .OutputValue') 77 | 78 | # Package and upload helm-springboot master helm chart 79 | echo "[INFO] $(date +"%T") Package helm master chart and upload to S3..." 80 | helm package helm-springboot > /dev/null 81 | aws s3 cp helm-springboot-0.1.0.tgz s3://${TEKTON_DEMO_CHARTMUSEUM_BUCKET}/ > /dev/null 82 | rm -f helm-springboot-0.1.0.tgz 83 | 84 | # Upload tekton-demo-app-build 85 | echo "[INFO] $(date +"%T") Upload source files to S3..." 86 | cat tekton-demo-app-build/pom.xml | envsubst | tee $TMP_FILE > /dev/null && mv $TMP_FILE tekton-demo-app-build/pom.xml 87 | cd tekton-demo-app-build 88 | zip -r tekton-pipeline-demo-app-code.zip . > /dev/null 89 | aws s3 cp tekton-pipeline-demo-app-code.zip s3://${TEKTON_DEMO_CODE_BUCKET}/ > /dev/null 90 | rm -f tekton-pipeline-demo-app-code.zip 91 | cd .. 92 | 93 | # Upload tekton-demo-app-deploy 94 | echo "[INFO] $(date +"%T") Upload deploy files to S3..." 95 | cd tekton-demo-app-deploy 96 | zip -r tekton-pipeline-demo-deploy-code.zip . > /dev/null 97 | aws s3 cp tekton-pipeline-demo-deploy-code.zip s3://${TEKTON_DEMO_CODE_BUCKET}/ > /dev/null 98 | rm -f tekton-pipeline-demo-deploy-code.zip 99 | cd .. 100 | 101 | # Build and upload tekton-webhook-middleware 102 | echo "[INFO] $(date +"%T") Compile webhook lambda and upload to S3..." 103 | cd tekton-webhook-middleware 104 | GOOS=linux GOARCH=amd64 go build -o tekton-webhook-middleware main.go > /dev/null 105 | zip tekton-pipeline-demo-webhook-code.zip tekton-webhook-middleware > /dev/null 106 | aws s3 cp tekton-pipeline-demo-webhook-code.zip s3://${TEKTON_DEMO_CODE_BUCKET}/ > /dev/null 107 | rm -f tekton-pipeline-demo-webhook-code.zip 108 | rm -f tekton-webhook-middleware 109 | cd .. 110 | 111 | # # Create the EKS Cluster 112 | echo "[INFO] $(date +"%T") Configure EKS Cluster..." 113 | cat eks-cluster-iam-config.yaml | envsubst | tee $TMP_FILE > /dev/null && mv $TMP_FILE eks-cluster-iam-config.yaml 114 | eksctl utils associate-iam-oidc-provider --cluster=$EKS_CLUSTER_NAME --approve 115 | eksctl create iamserviceaccount --config-file=eks-cluster-iam-config.yaml --approve 116 | export TEKTON_DEMO_CLUSTER_SUBNETS=$(aws cloudformation describe-stacks --stack-name $EKS_CLUSTER_STACK | jq '.Stacks[0].Outputs[] | select(.OutputKey == "SubnetsPrivate") | .OutputValue') 117 | export TEKTON_DEMO_CLUSTER_VPC=$(aws cloudformation describe-stacks --stack-name $EKS_CLUSTER_STACK | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "VPC") | .OutputValue') 118 | export TEKTON_DEMO_CLUSTER_NODE_SG=$(aws cloudformation describe-stacks --stack-name $EKS_CLUSTER_STACK | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "ClusterSecurityGroupId") | .OutputValue') 119 | 120 | # Create CF Stack "TektonDemoInfra" 121 | echo "[INFO] $(date +"%T") Create <> Cloudformation Stack..." 122 | aws cloudformation create-stack --stack-name="TektonDemoInfra" --template-body file://cloudformation/demo-infra.yaml --parameters ParameterKey=TektonDemoSourceBucket,ParameterValue="${TEKTON_DEMO_CODE_BUCKET}" ParameterKey=TektonDemoClusterSubnets,ParameterValue="${TEKTON_DEMO_CLUSTER_SUBNETS}" ParameterKey=TektonDemoClusterVpc,ParameterValue="${TEKTON_DEMO_CLUSTER_VPC}" ParameterKey=AllowedIpAddress,ParameterValue="${MY_IP_ADDRESS}" --capabilities "CAPABILITY_IAM" > /dev/null 123 | aws cloudformation wait stack-create-complete --stack-name="TektonDemoInfra" 124 | export TEKTON_DEMO_CHARTMUSEUM_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "ChartmuseumSecurityGroup") | .OutputValue') 125 | export TEKTON_DEMO_DASHBOARD_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "DashboardSecurityGroup") | .OutputValue') 126 | export TEKTON_DEMO_APP_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "AppSecurityGroup") | .OutputValue') 127 | export TEKTON_DEMO_WEBHOOK_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "WebhookSecurityGroup") | .OutputValue') 128 | 129 | # Update Security Group of Worker Nodes 130 | echo "[INFO] $(date +"%T") Update EKS worker node security groups..." 131 | aws ec2 authorize-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_DASHBOARD_SG}] 132 | aws ec2 authorize-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_APP_SG}] 133 | aws ec2 authorize-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_WEBHOOK_SG}] 134 | aws ec2 authorize-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_CHARTMUSEUM_SG}] 135 | 136 | # Build cloner image 137 | echo "[INFO] $(date +"%T") Build cloner container image and upload to ECR..." 138 | aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com > /dev/null 139 | docker build -t cloner ./docker/cloner > /dev/null 140 | docker tag cloner:latest ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/cloner:latest 141 | docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/cloner:latest > /dev/null 142 | 143 | # Build maven-builder image 144 | echo "[INFO] $(date +"%T") Build maven-build container image and upload to ECR..." 145 | docker build -t maven-builder ./docker/maven-builder > /dev/null 146 | docker tag maven-builder:latest ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/maven-builder:latest 147 | docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/maven-builder:latest > /dev/null 148 | 149 | # Install AWS EBS CSI Driver 150 | echo "[INFO] $(date +"%T") Deploy aws-ebs-csi-driver [${AWS_EBS_CSI_DRIVER_VERSION}]..." 151 | helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver > /dev/null 152 | helm install -n kube-system aws-ebs-csi-driver aws-ebs-csi-driver/aws-ebs-csi-driver --version $AWS_EBS_CSI_DRIVER_VERSION --set enableVolumeResizing=true --set enableVolumeSnapshot=true --set serviceAccount.snapshot.create=false --set serviceAccount.controller.create=false --set serviceAccount.controller.name=ebs-csi-controller-sa --set serviceAccount.snapshot.name=ebs-csi-controller-sa > /dev/null 153 | 154 | # Install AWS Load Balancer Controller 155 | echo "[INFO] $(date +"%T") Deploy aws-load-balancer-controller [${AWS_LB_CONTROLLER_VERSION}]..." 156 | helm repo add eks https://aws.github.io/eks-charts > /dev/null 157 | kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master" 158 | helm install -n kube-system aws-load-balancer-controller eks/aws-load-balancer-controller --version $AWS_LB_CONTROLLER_VERSION --set clusterName=tekton-pipeline-demo-cluster --set serviceAccount.create=false --set serviceAccount.name=aws-lb-controller-sa > /dev/null 159 | 160 | ########################### 161 | # Install Tekton components 162 | ########################### 163 | 164 | # Install Tekton Pipelines 165 | echo "[INFO] $(date +"%T") Deploy Tekton Pipelines [${TEKTON_PIPELINE_VERSION}]..." 166 | kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/${TEKTON_PIPELINE_VERSION}/release.yaml 167 | 168 | # Install Tekton Triggers 169 | echo "[INFO] $(date +"%T") Deploy Tekton Triggers [${TEKTON_TRIGGERS_VERSION}]..." 170 | kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/previous/${TEKTON_TRIGGERS_VERSION}/release.yaml 171 | 172 | # Install Tekton Dashboard 173 | echo "[INFO] $(date +"%T") Deploy Tekton Dashboard [${TEKTON_DASHBOARD_VERSION}]..." 174 | kubectl apply --filename https://github.com/tektoncd/dashboard/releases/download/${TEKTON_DASHBOARD_VERSION}/tekton-dashboard-release.yaml 175 | 176 | # Install Chartmuseum 177 | echo "[INFO] $(date +"%T") Deploy Chartmuseum [${CHARTMUSEUM_VERSION}]..." 178 | helm repo add chartmuseum https://chartmuseum.github.io/charts > /dev/null 179 | cat chartmuseum-values.yaml | envsubst | tee $TMP_FILE > /dev/null && mv $TMP_FILE chartmuseum-values.yaml 180 | helm install -n support chartmuseum chartmuseum/chartmuseum --version $CHARTMUSEUM_VERSION -f chartmuseum-values.yaml > /dev/null 181 | 182 | # Install ArgoCD 183 | echo "[INFO] $(date +"%T") Deploy ArgoCD [${ARGOCD_VERSION}]..." 184 | kubectl create namespace argocd 185 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/${ARGOCD_VERSION}/manifests/install.yaml 186 | 187 | # Patch K8S SVCs 188 | kubectl patch svc tekton-dashboard -n tekton-pipelines -p '{"spec": {"type": "NodePort"}}' 189 | kubectl patch svc chartmuseum -n support -p '{"spec": {"type": "NodePort"}}' 190 | 191 | kubectl -n argocd delete cm argocd-cm 192 | kubectl -n argocd delete svc argocd-server 193 | 194 | # INSTALL TEKTON DEMO 195 | echo "[INFO] $(date +"%T") Deploy resources related to the demo..." 196 | cat tekton-pipeline-demo-k8s-artifacts/values.yaml | envsubst | tee $TMP_FILE > /dev/null && mv $TMP_FILE tekton-pipeline-demo-k8s-artifacts/values.yaml 197 | helm install tekton-pipeline-demo-k8s-artifacts -f tekton-pipeline-demo-k8s-artifacts/values.yaml --generate-name > /dev/null 198 | sleep 30 199 | 200 | # Adjust Tekton Webhook 201 | echo "[INFO] $(date +"%T") Update webhook lambda function..." 202 | export TEKTON_DEMO_WEBHOOK_URL=$(aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | select(.DNSName | contains("webhook")) | .DNSName') 203 | aws lambda update-function-configuration --function-name=TektonPipelineDemoWebhook --environment Variables={TEKTON_WEBHOOK_URL=http://${TEKTON_DEMO_WEBHOOK_URL}} > /dev/null 204 | 205 | export TEKTON_DEMO_CHARTMUSEUM_URL=$(aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | select(.DNSName | contains("chartmuseum")) | .DNSName') 206 | 207 | echo "[INFO] $(date +"%T") Update manifest files within deploy repository..." 208 | mkdir git-clone 209 | cd git-clone 210 | git clone https://${TEKTON_DEMO_GIT_USERNAME}:${TEKTON_DEMO_GIT_PASSWORD}@git-codecommit.${AWS_REGION}.amazonaws.com/v1/repos/tekton-demo-app-deploy > /dev/null 211 | cd tekton-demo-app-deploy 212 | cat values.yaml | envsubst | tee $TMP_FILE > /dev/null && mv $TMP_FILE values.yaml 213 | cat requirements.yaml | envsubst | tee $TMP_FILE > /dev/null && mv $TMP_FILE requirements.yaml 214 | git add values.yaml 215 | git add requirements.yaml 216 | git commit -m "[AUTO_UPDATE]" > /dev/null 217 | git push > /dev/null 218 | cd ../.. 219 | rm -rf git-clone 220 | 221 | echo "[INFO] $(date +"%T") Trigger initial pipelinerun..." 222 | aws codecommit test-repository-triggers --repository-name tekton-demo-app-build --triggers name=LambdaFunctionTrigger,destinationArn=$(aws codecommit get-repository-triggers --repository-name tekton-demo-app-build | jq -r .triggers[0].destinationArn),events=all,branches=master,customData=tekton-demo-app-build > /dev/null 223 | 224 | TEKTON_DEMO_ARGOCD_PW=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) 225 | TEKTON_DEMO_ARGOCD_URL=$(kubectl -n argocd get svc argocd-server -o jsonpath='{.status.loadBalancer.ingress[*].hostname}') 226 | TEKTON_DEMO_DASHBOARD_URL=$(aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | select(.DNSName | contains("dashboard")) | .DNSName') 227 | TEKTON_DEMO_APP_URL=$(aws elbv2 describe-load-balancers | jq -r '.LoadBalancers[] | select(.DNSName | contains("apps")) | .DNSName') 228 | 229 | echo "[INFO] $(date +"%T") Display output values..." 230 | echo "[INFO] DEMO APP => http://${TEKTON_DEMO_APP_URL}" 231 | echo "[INFO] TEKTON DASHBOARD => http://${TEKTON_DEMO_DASHBOARD_URL}" 232 | echo "[INFO] ARGOCD => http://${TEKTON_DEMO_ARGOCD_URL}" 233 | echo "[INFO] SOURCE REPO => https://git-codecommit.${AWS_REGION}.amazonaws.com/v1/repos/tekton-demo-app-build" 234 | echo "[INFO] GIT USERNAME => ${TEKTON_DEMO_GIT_USERNAME}" 235 | echo "[INFO] GIT PASWORD => ${TEKTON_DEMO_GIT_PASSWORD}" 236 | echo "[INFO] ARGOCD USERNAME => admin" 237 | echo "[INFO] ARGOCD PASSWORD => ${TEKTON_DEMO_ARGOCD_PW}" 238 | 239 | echo "[INFO] $(date +"%T") Successfully installed demo environment!" -------------------------------------------------------------------------------- /tekton-demo-app-build/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /tekton-demo-app-build/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | tekton-demo 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | org.eclipse.m2e.core.maven2Builder 15 | 16 | 17 | 18 | 19 | 20 | org.eclipse.jdt.core.javanature 21 | org.eclipse.m2e.core.maven2Nature 22 | 23 | 24 | 25 | 1619960135966 26 | 27 | 30 28 | 29 | org.eclipse.core.resources.regexFilterMatcher 30 | node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__ 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /tekton-demo-app-build/.settings/org.eclipse.core.resources.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | encoding//src/main/java=UTF-8 3 | encoding//src/main/resources=UTF-8 4 | encoding/=UTF-8 5 | -------------------------------------------------------------------------------- /tekton-demo-app-build/.settings/org.eclipse.jdt.apt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.apt.aptEnabled=false 3 | -------------------------------------------------------------------------------- /tekton-demo-app-build/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.methodParameters=generate 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 4 | org.eclipse.jdt.core.compiler.compliance=1.8 5 | org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled 6 | org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning 7 | org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore 8 | org.eclipse.jdt.core.compiler.processAnnotations=disabled 9 | org.eclipse.jdt.core.compiler.release=disabled 10 | org.eclipse.jdt.core.compiler.source=1.8 11 | -------------------------------------------------------------------------------- /tekton-demo-app-build/.settings/org.eclipse.m2e.core.prefs: -------------------------------------------------------------------------------- 1 | activeProfiles= 2 | eclipse.preferences.version=1 3 | resolveWorkspaceProjects=true 4 | version=1 5 | -------------------------------------------------------------------------------- /tekton-demo-app-build/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.amazon 7 | tekton-demo 8 | 8.8.9 9 | 10 | 11 | 12 | tekton-demo-domain-tekton-demo-repository 13 | tekton-demo-domain-tekton-demo-repository 14 | https://tekton-demo-domain-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/maven/tekton-demo-repository/ 15 | 16 | 17 | 18 | 19 | org.springframework.boot 20 | spring-boot-starter-parent 21 | 2.4.5 22 | 23 | 24 | 25 | 26 | org.springframework.boot 27 | spring-boot-starter-web 28 | 29 | 30 | org.springframework.boot 31 | spring-boot-starter-thymeleaf 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-starter-test 36 | test 37 | 38 | 39 | org.springframework.boot 40 | spring-boot-devtools 41 | runtime 42 | true 43 | 44 | 45 | 46 | 47 | 48 | 49 | org.springframework.boot 50 | spring-boot-maven-plugin 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /tekton-demo-app-build/src/main/java/com.amazon.tektondemo/GreetingController.java: -------------------------------------------------------------------------------- 1 | package com.amazon.tektondemo; 2 | 3 | import org.springframework.stereotype.Controller; 4 | import org.springframework.ui.Model; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestParam; 7 | 8 | @Controller 9 | public class GreetingController { 10 | 11 | @GetMapping("/") 12 | public String greeting() { 13 | return "greeting"; 14 | } 15 | 16 | } -------------------------------------------------------------------------------- /tekton-demo-app-build/src/main/java/com.amazon.tektondemo/ServingWebContentApplication.java: -------------------------------------------------------------------------------- 1 | package com.amazon.tektondemo; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class ServingWebContentApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(ServingWebContentApplication.class, args); 11 | } 12 | 13 | } -------------------------------------------------------------------------------- /tekton-demo-app-build/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-pipeline-demo-with-tekton/0b086ff03f247dc09f4e45ff25ee55e2f211c85b/tekton-demo-app-build/src/main/resources/application.properties -------------------------------------------------------------------------------- /tekton-demo-app-build/src/main/resources/static/css/styles.css: -------------------------------------------------------------------------------- 1 | body { 2 | background-color: white; 3 | /* background-color: #1b1f23; */ 4 | } 5 | 6 | h1 { 7 | font-family: 'Montserrat', sans-serif; 8 | color: black; 9 | } 10 | .container { 11 | padding: 100px; 12 | display: flex; 13 | justify-content: center; 14 | align-items: center; 15 | } 16 | 17 | .tekton-img { 18 | width: 200px; 19 | height: 200px; 20 | } -------------------------------------------------------------------------------- /tekton-demo-app-build/src/main/resources/static/img/tekton-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-pipeline-demo-with-tekton/0b086ff03f247dc09f4e45ff25ee55e2f211c85b/tekton-demo-app-build/src/main/resources/static/img/tekton-icon.png -------------------------------------------------------------------------------- /tekton-demo-app-build/src/main/resources/templates/greeting.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Tekton Demo - Sample App 5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 |

Tekton Demo @ AWS

14 | 19 |
20 | 21 | -------------------------------------------------------------------------------- /tekton-demo-app-deploy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /tekton-demo-app-deploy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: "Tekton Demo App" 4 | name: tekton-demo-app 5 | version: 0.1.0 -------------------------------------------------------------------------------- /tekton-demo-app-deploy/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-pipeline-demo-with-tekton/0b086ff03f247dc09f4e45ff25ee55e2f211c85b/tekton-demo-app-deploy/README.md -------------------------------------------------------------------------------- /tekton-demo-app-deploy/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: helm-springboot 3 | version: 0.1.0 4 | repository: http://${TEKTON_DEMO_CHARTMUSEUM_URL} -------------------------------------------------------------------------------- /tekton-demo-app-deploy/values.yaml: -------------------------------------------------------------------------------- 1 | helm-springboot: 2 | stage: stage # either devl, test, acpt or prod 3 | replicaCount: 1 4 | app: 5 | name: tekton-demo-app 6 | namespace: apps # k8s namespace where the application runs 7 | image: 8 | name: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/tekton-demo-app:f264f3b 9 | pullPolicy: Always 10 | service: 11 | type: NodePort 12 | port: 8080 13 | env: 14 | - name: VARIABLE 15 | value: my-value 16 | ingress: 17 | enabled: true 18 | sg: ${TEKTON_DEMO_APP_SG} 19 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: tekton-pipeline-demo-k8s-artifacts 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/argocd/apps-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apps -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/argocd/codecommit-creds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: codecommit-credentials 5 | namespace: argocd 6 | type: Opaque 7 | stringData: 8 | username: {{ .Values.pipelines.codeRepo.username }} 9 | password: {{ .Values.pipelines.codeRepo.passwordRaw }} -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/argocd/codecommit-repo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: argocd-cm 5 | namespace: argocd 6 | labels: 7 | app.kubernetes.io/name: argocd-cm 8 | app.kubernetes.io/part-of: argocd 9 | data: 10 | repositories: | 11 | - url: https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/tekton-demo-app-deploy 12 | passwordSecret: 13 | name: codecommit-credentials 14 | key: password 15 | usernameSecret: 16 | name: codecommit-credentials 17 | key: username -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/argocd/demo-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: tekton-demo-app-deploy 5 | namespace: argocd 6 | spec: 7 | project: default 8 | source: 9 | repoURL: https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/tekton-demo-app-deploy 10 | targetRevision: master 11 | path: ./ 12 | helm: 13 | valueFiles: 14 | - ./values.yaml 15 | syncPolicy: 16 | automated: 17 | prune: true 18 | selfHeal: true 19 | destination: 20 | server: https://kubernetes.default.svc 21 | namespace: apps -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/argocd/lb-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: server 6 | app.kubernetes.io/name: argocd-server 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-server 9 | namespace: argocd 10 | spec: 11 | externalTrafficPolicy: Cluster 12 | ports: 13 | - name: http 14 | nodePort: 31186 15 | port: 80 16 | protocol: TCP 17 | targetPort: 8080 18 | - name: https 19 | nodePort: 31753 20 | port: 443 21 | protocol: TCP 22 | targetPort: 8080 23 | selector: 24 | app.kubernetes.io/name: argocd-server 25 | sessionAffinity: None 26 | type: LoadBalancer 27 | loadBalancerSourceRanges: 28 | - {{ .Values.allowedIpRange }} -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/chartmuseum/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | kubernetes.io/ingress.class: alb 6 | alb.ingress.kubernetes.io/group.name: chartmuseum 7 | alb.ingress.kubernetes.io/scheme: internal 8 | alb.ingress.kubernetes.io/tags: Project=tekton-pipeline-demo 9 | alb.ingress.kubernetes.io/security-groups: {{ .Values.chartmuseum.ingress.securityGroup }} 10 | name: chartmuseum 11 | namespace: support 12 | spec: 13 | rules: 14 | - http: 15 | paths: 16 | - backend: 17 | serviceName: chartmuseum 18 | servicePort: 8080 19 | path: /* 20 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-dashboard/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | kubernetes.io/ingress.class: alb 6 | alb.ingress.kubernetes.io/group.name: dashboard 7 | alb.ingress.kubernetes.io/scheme: internet-facing 8 | alb.ingress.kubernetes.io/tags: Project=tekton-pipeline-demo 9 | alb.ingress.kubernetes.io/security-groups: {{ .Values.dashboard.ingress.securityGroup }} 10 | name: tekton-dashboard 11 | namespace: tekton-pipelines 12 | spec: 13 | rules: 14 | - http: 15 | paths: 16 | - backend: 17 | serviceName: tekton-dashboard 18 | servicePort: 9097 19 | path: /* 20 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/artifact-store.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: artifact-store 5 | namespace: apps-build 6 | spec: 7 | resources: 8 | requests: 9 | storage: 20Gi 10 | volumeMode: Filesystem 11 | storageClassName: aws-ebs 12 | accessModes: 13 | - ReadWriteOnce -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/codecommit-creds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: codecommit-credentials 5 | namespace: apps-build 6 | type: Opaque 7 | stringData: 8 | username: {{ .Values.pipelines.codeRepo.username }} 9 | password: {{ .Values.pipelines.codeRepo.password }} -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/docker-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: docker-config 5 | namespace: apps-build 6 | data: 7 | config.json: | 8 | {"credsStore": "ecr-login"} -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/image-instructions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: dockerfile 5 | namespace: apps-build 6 | data: 7 | Dockerfile: | 8 | FROM openjdk:8-jre-alpine 9 | COPY target/tekton-demo-*.jar /opt/app.jar 10 | EXPOSE 8080 11 | ENTRYPOINT ["sh", "-c", "java -jar /opt/app.jar"] -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/mvn-settings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: maven-settings 5 | namespace: apps-build 6 | data: 7 | settings.xml: | 8 | 9 | 12 | 13 | 14 | tekton-demo-domain-tekton-demo-repository 15 | aws 16 | ${token} 17 | 18 | 19 | 20 | 21 | tekton-demo-domain-tekton-demo-repository 22 | tekton-demo-domain-tekton-demo-repository 23 | https://tekton-demo-domain-{{ .Values.accountId }}.d.codeartifact.{{ .Values.region }}.amazonaws.com/maven/tekton-demo-repository/ 24 | * 25 | 26 | 27 | 28 | 29 | tekton-demo-domain-tekton-demo-repository 30 | 31 | true 32 | 33 | 34 | 35 | tekton-demo-domain-tekton-demo-repository 36 | https://tekton-demo-domain-{{ .Values.accountId }}.d.codeartifact.{{ .Values.region }}.amazonaws.com/maven/tekton-demo-repository/ 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/simple-maven-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Pipeline 3 | metadata: 4 | name: simple-maven-build 5 | namespace: apps-build 6 | spec: 7 | workspaces: 8 | - name: artifact-store 9 | params: 10 | - name: branch 11 | type: string 12 | description: "Git url" 13 | - name: revision 14 | type: string 15 | description: "Git revision" 16 | - name: repositoryurl 17 | type: string 18 | description: "Name of the repository" 19 | tasks: 20 | - name: git-clone 21 | taskRef: 22 | name: git-clone 23 | workspaces: 24 | - name: source 25 | workspace: artifact-store 26 | params: 27 | - name: repositoryurl 28 | value: $(params.repositoryurl) 29 | - name: revision 30 | value: $(params.revision) 31 | - name: branch 32 | value: $(params.branch) 33 | - name: maven-build 34 | taskRef: 35 | name: maven-build 36 | runAfter: ["git-clone"] 37 | params: 38 | - name: GOALS 39 | value: "deploy" 40 | - name: version 41 | value: "$(tasks.git-clone.results.built-image-tag)" 42 | workspaces: 43 | - name: source 44 | workspace: artifact-store 45 | - name: docker-build 46 | taskRef: 47 | name: docker-build 48 | runAfter: ["git-clone", "maven-build"] 49 | params: 50 | - name: commitshashort 51 | value: "$(tasks.git-clone.results.built-image-tag)" 52 | workspaces: 53 | - name: source 54 | workspace: artifact-store 55 | - name: deploy 56 | taskRef: 57 | name: deploy 58 | runAfter: ["git-clone", "maven-build", "docker-build"] 59 | params: 60 | - name: imageurl 61 | value: {{ .Values.accountId }}.dkr.ecr.{{ .Values.region }}.amazonaws.com/tekton-demo-app:$(tasks.git-clone.results.built-image-tag) -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/storage-class.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: aws-ebs 5 | provisioner: ebs.csi.aws.com # Amazon EBS CSI driver 6 | parameters: 7 | type: gp2 8 | encrypted: 'true' # EBS volumes will always be encrypted by default 9 | volumeBindingMode: WaitForFirstConsumer # EBS volumes are AZ specific 10 | reclaimPolicy: Delete 11 | mountOptions: 12 | - debug -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/tekton-tasks/clone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: git-clone 5 | namespace: apps-build 6 | spec: 7 | workspaces: 8 | - name: source 9 | description: The git repo will be cloned into the volume backing this workspace 10 | readOnly: false 11 | params: 12 | - name: repositoryurl 13 | description: git url to clone 14 | type: string 15 | - name: revision 16 | description: git revision to checkout (branch, tag, sha, ref…) 17 | type: string 18 | default: master 19 | - name: branch 20 | description: git revision to checkout (branch, tag, sha, ref…) 21 | type: string 22 | default: master 23 | - name: submodules 24 | description: defines if the resource should initialize and fetch the submodules 25 | type: string 26 | default: "true" 27 | - name: depth 28 | description: performs a shallow clone where only the most recent commit(s) will be fetched 29 | type: string 30 | default: "1" 31 | - name: sslVerify 32 | description: defines if http.sslVerify should be set to true or false in the global git config 33 | type: string 34 | default: "false" 35 | - name: subdirectory 36 | description: subdirectory inside the "output" workspace to clone the git repo into 37 | type: string 38 | default: "src" 39 | - name: deleteExisting 40 | description: clean out the contents of the repo's destination directory (if it already exists) before trying to clone the repo there 41 | type: string 42 | default: "true" 43 | results: 44 | - name: commit 45 | description: The precise commit SHA that was fetched by this Task 46 | - name: commitshashort 47 | description: The short version of the commit SHA that was fetched by this Task 48 | - name: built-image-tag 49 | description: The built image tag 50 | steps: 51 | - name: clone 52 | image: {{ .Values.accountId }}.dkr.ecr.{{ .Values.region }}.amazonaws.com/cloner:latest 53 | env: 54 | - name: GIT_USERNAME 55 | valueFrom: 56 | secretKeyRef: 57 | name: codecommit-credentials 58 | key: username 59 | - name: GIT_PASSWORD 60 | valueFrom: 61 | secretKeyRef: 62 | name: codecommit-credentials 63 | key: password 64 | script: | 65 | CHECKOUT_DIR="$(workspaces.source.path)/" 66 | 67 | cleandir() { 68 | # Delete any existing contents of the repo directory if it exists. 69 | # 70 | # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/" 71 | # or the root of a mounted volume. 72 | if [[ -d "$CHECKOUT_DIR" ]] ; then 73 | # Delete non-hidden files and directories 74 | rm -rf "$CHECKOUT_DIR"/* 75 | # Delete files and directories starting with . but excluding .. 76 | rm -rf "$CHECKOUT_DIR"/.[!.]* 77 | # Delete files and directories starting with .. plus any other character 78 | rm -rf "$CHECKOUT_DIR"/..?* 79 | fi 80 | } 81 | 82 | if [[ "$(params.deleteExisting)" == "true" ]] ; then 83 | cleandir 84 | fi 85 | 86 | REVISION=$(echo $(params.branch)) 87 | REVISION_CLEAN="${REVISION#refs/heads/}" 88 | REVISION_CLEAN="${REVISION_CLEAN#refs/tags/}" 89 | 90 | git clone "https://${GIT_USERNAME}:${GIT_PASSWORD}@$(params.repositoryurl)" --recurse-submodules --depth 1 -b "$REVISION_CLEAN" "$CHECKOUT_DIR" 91 | 92 | cd "$CHECKOUT_DIR" 93 | RESULT_SHA="$(git rev-parse HEAD | tr -d '\n')" 94 | EXIT_CODE="$?" 95 | if [ "$EXIT_CODE" != 0 ] 96 | then 97 | exit $EXIT_CODE 98 | fi 99 | # Make sure we don't add a trailing newline to the result! 100 | echo -n "$RESULT_SHA" > $(results.commit.path) 101 | 102 | COMMIT_SHA_SHORT="$(git rev-parse --short HEAD | tr -d '\n')" 103 | echo -n "$COMMIT_SHA_SHORT" > $(results.commitshashort.path) 104 | 105 | BRANCH_NAME="$(echo $REVISION_CLEAN | sed 's/\//-/g')" 106 | 107 | # Compute image tag out of the branch 108 | # GIT_TAG=$(git tag --contains | head -1) 109 | 110 | if [ -z "${REVISION##*refs/tags/*}" ] 111 | then 112 | IMAGE_TAG=$(echo "$REVISION" | cut -d '/' -f 3) 113 | else 114 | IMAGE_TAG="${COMMIT_SHA_SHORT}" 115 | fi 116 | 117 | echo -n "$IMAGE_TAG" > $(results.built-image-tag.path) -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/tekton-tasks/deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: deploy 5 | namespace: apps-build 6 | spec: 7 | params: 8 | - name: repositoryurl 9 | description: "" 10 | type: string 11 | default: git-codecommit.{{ .Values.region }}.amazonaws.com/v1/repos/tekton-demo-app-deploy 12 | - name: imageurl 13 | description: Image url 14 | type: string 15 | steps: 16 | - name: auto-deploy-to-devl 17 | image: {{ .Values.accountId }}.dkr.ecr.{{ .Values.region }}.amazonaws.com/cloner:latest 18 | env: 19 | - name: GIT_USERNAME 20 | valueFrom: 21 | secretKeyRef: 22 | name: codecommit-credentials 23 | key: username 24 | - name: GIT_PASSWORD 25 | valueFrom: 26 | secretKeyRef: 27 | name: codecommit-credentials 28 | key: password 29 | script: | 30 | #!/usr/bin/env bash 31 | 32 | wget https://github.com/mikefarah/yq/releases/download/v4.2.0/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/bin/yq 33 | 34 | git config --global user.name "Tekton Bot" 35 | git config --global user.email "tekton@amazon.com" 36 | 37 | git clone "https://${GIT_USERNAME}:${GIT_PASSWORD}@$(params.repositoryurl)" deploy-repo && cd "$_" 38 | 39 | yq e '.helm-springboot.image.name = "$(params.imageurl)"' -i values.yaml 40 | 41 | git add values.yaml 42 | git commit -m "[AUTO-DEPLOY] Deploy image version $(params.imageurl)" 43 | git push 44 | 45 | if [[ $? -eq 0 ]] 46 | then 47 | echo "Auto deployment triggered" 48 | exit 0 49 | else 50 | echo "Auto deployment failed" 51 | exit 1 52 | fi -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/tekton-tasks/img-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: docker-build 5 | namespace: apps-build 6 | spec: 7 | workspaces: 8 | - name: source 9 | params: 10 | - name: commitshashort 11 | type: string 12 | description: Short version of the commit SHA from the last commit 13 | steps: 14 | - name: kaniko 15 | image: gcr.io/kaniko-project/executor:latest 16 | workingDir: $(workspaces.source.path) 17 | volumeMounts: 18 | - name: dockerfile 19 | mountPath: $(workspaces.source.path)/config 20 | - name: docker-config 21 | mountPath: /kaniko/.docker/ 22 | args: 23 | - --dockerfile=$(workspaces.source.path)/config/Dockerfile 24 | - --destination={{ .Values.accountId }}.dkr.ecr.{{ .Values.region }}.amazonaws.com/tekton-demo-app:$(params.commitshashort) 25 | - --context=$(workspaces.source.path) 26 | volumes: 27 | - name: dockerfile 28 | configMap: 29 | name: dockerfile 30 | - name: docker-config 31 | configMap: 32 | name: docker-config -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-pipelines/tekton-tasks/mvn-build.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: maven-build 5 | namespace: apps-build 6 | spec: 7 | workspaces: 8 | - name: source 9 | params: 10 | - name: GOALS 11 | description: maven goals to run 12 | type: string 13 | default: "deploy" 14 | - name: SKIPTESTS 15 | description: skip tests 16 | type: string 17 | default: "true" 18 | - name: version 19 | description: mvn version 20 | type: string 21 | steps: 22 | - name: fetch-auth-token 23 | workingDir: $(workspaces.source.path) 24 | image: {{ .Values.accountId }}.dkr.ecr.{{ .Values.region }}.amazonaws.com/maven-builder:latest 25 | script: | 26 | #!/bin/bash 27 | CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain tekton-demo-domain --domain-owner {{ .Values.accountId }} --query authorizationToken --output text) 28 | echo $CODEARTIFACT_AUTH_TOKEN > token.txt 29 | - name: mvn-build 30 | volumeMounts: 31 | - name: maven-settings 32 | mountPath: $(workspaces.source.path)/settings 33 | workingDir: $(workspaces.source.path) 34 | image: {{ .Values.accountId }}.dkr.ecr.{{ .Values.region }}.amazonaws.com/maven-builder:latest 35 | script: | 36 | #!/bin/bash 37 | CODE_ARTIFACT_TOKEN=$(cat token.txt) 38 | mvn versions:set -DnewVersion=$(params.version) 39 | mvn $(params.GOALS) -s settings/settings.xml -DskipTests=$(params.SKIPTESTS) -Dtoken=${CODE_ARTIFACT_TOKEN} 40 | volumes: 41 | - name: maven-settings 42 | configMap: 43 | name: maven-settings -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerBinding 3 | metadata: 4 | name: codecommit-trigger-binding 5 | namespace: apps-build 6 | spec: 7 | params: 8 | - name: gitrevision 9 | value: $(body.commit) 10 | - name: gitbranch 11 | value: $(body.branch) 12 | - name: gitrepositoryname 13 | value: $(body.repo-name) 14 | - name: gitrepositoryregion 15 | value: $(body.repo-region) 16 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: tekton-triggers-clusterbinding 5 | subjects: 6 | - kind: ServiceAccount 7 | name: tekton-triggers 8 | namespace: apps-build 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: tekton-triggers-clusterrole 13 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: tekton-triggers-clusterrole 5 | rules: 6 | # EventListeners need to be able to fetch any clustertriggerbindings 7 | - apiGroups: ["triggers.tekton.dev"] 8 | resources: ["clustertriggerbindings", "clusterinterceptors"] 9 | verbs: ["get", "list", "watch"] -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/event-listener.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: EventListener 3 | metadata: 4 | name: codecommit-listener-interceptor 5 | namespace: apps-build 6 | spec: 7 | serviceAccountName: tekton-triggers 8 | resources: 9 | kubernetesResource: 10 | serviceType: NodePort 11 | triggers: 12 | - name: codecommit-trigger 13 | bindings: 14 | - ref: codecommit-trigger-binding 15 | template: 16 | ref: simple-maven-build-template -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: tekton-webhook-listener 5 | namespace: apps-build 6 | annotations: 7 | kubernetes.io/ingress.class: alb 8 | alb.ingress.kubernetes.io/scheme: internal 9 | alb.ingress.kubernetes.io/tags: Project=tekton-pipeline-demo 10 | alb.ingress.kubernetes.io/group.name: webhook 11 | alb.ingress.kubernetes.io/security-groups: {{ .Values.triggers.ingress.securityGroup }} 12 | spec: 13 | rules: 14 | - http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: el-codecommit-listener-interceptor 19 | servicePort: 8080 20 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: tekton-triggers 5 | namespace: apps-build 6 | subjects: 7 | - kind: ServiceAccount 8 | name: tekton-triggers 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: tekton-triggers -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: tekton-triggers 5 | namespace: apps-build 6 | rules: 7 | # EventListeners need to be able to fetch all namespaced resources 8 | - apiGroups: ["triggers.tekton.dev"] 9 | resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] 10 | verbs: ["get", "list", "watch"] 11 | - apiGroups: [""] 12 | # secrets are only needed for GitHub/GitLab interceptors 13 | # configmaps is needed for updating logging config 14 | resources: ["configmaps", "secrets"] 15 | verbs: ["get", "list", "watch"] 16 | # Permissions to create resources in associated TriggerTemplates 17 | - apiGroups: ["tekton.dev"] 18 | resources: ["pipelineruns", "pipelineresources", "taskruns"] 19 | verbs: ["create"] 20 | - apiGroups: [""] 21 | resources: ["serviceaccounts"] 22 | verbs: ["impersonate"] -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: tekton-triggers 5 | namespace: apps-build -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/templates/tekton-triggers/template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: triggers.tekton.dev/v1alpha1 2 | kind: TriggerTemplate 3 | metadata: 4 | name: simple-maven-build-template 5 | namespace: apps-build 6 | spec: 7 | params: 8 | - name: gitrevision 9 | description: The git revision 10 | - name: gitbranch 11 | description: The git revision 12 | - name: gitrepositoryname 13 | description: The git repository name 14 | - name: gitrepositoryregion 15 | description: The region of the code commit repository 16 | resourcetemplates: 17 | - apiVersion: tekton.dev/v1beta1 18 | kind: PipelineRun 19 | metadata: 20 | generateName: simple-maven-build-run- 21 | spec: 22 | serviceAccountName: pipeline-sa 23 | pipelineRef: 24 | name: simple-maven-build 25 | params: 26 | - name: revision 27 | value: $(tt.params.gitrevision) 28 | - name: branch 29 | value: $(tt.params.gitbranch) 30 | - name: repositoryurl 31 | value: git-codecommit.$(tt.params.gitrepositoryregion).amazonaws.com/v1/repos/$(tt.params.gitrepositoryname) 32 | workspaces: 33 | - name: artifact-store 34 | persistentVolumeClaim: 35 | claimName: artifact-store 36 | 37 | -------------------------------------------------------------------------------- /tekton-pipeline-demo-k8s-artifacts/values.yaml: -------------------------------------------------------------------------------- 1 | region: "${AWS_REGION}" 2 | accountId: "${AWS_ACCOUNT_ID}" 3 | allowedIpRange: "${MY_IP_ADDRESS}/32" 4 | chartmuseum: 5 | ingress: 6 | securityGroup: "${TEKTON_DEMO_CHARTMUSEUM_SG}" 7 | dashboard: 8 | ingress: 9 | securityGroup: "${TEKTON_DEMO_DASHBOARD_SG}" 10 | pipelines: 11 | codeRepo: 12 | username: "${TEKTON_DEMO_GIT_USERNAME}" 13 | password: "${TEKTON_DEMO_GIT_PASSWORD}" 14 | passwordRaw: "${TEKTON_DEMO_GIT_PASSWORD_RAW}" 15 | triggers: 16 | ingress: 17 | securityGroup: "${TEKTON_DEMO_WEBHOOK_SG}" 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /tekton-webhook-middleware/go.mod: -------------------------------------------------------------------------------- 1 | require github.com/aws/aws-lambda-go v1.28.0 2 | 3 | module hello-world 4 | 5 | go 1.16 6 | -------------------------------------------------------------------------------- /tekton-webhook-middleware/go.sum: -------------------------------------------------------------------------------- 1 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 2 | github.com/aws/aws-lambda-go v1.28.0 h1:fZiik1PZqW2IyAN4rj+Y0UBaO1IDFlsNo9Zz/XnArK4= 3 | github.com/aws/aws-lambda-go v1.28.0/go.mod h1:jJmlefzPfGnckuHdXX7/80O3BvUUi12XOkbv4w9SGLU= 4 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= 5 | github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= 6 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 7 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 8 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 9 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 10 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 11 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 12 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= 13 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 14 | github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= 15 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 16 | github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ= 17 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 18 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 19 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 20 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= 21 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 22 | -------------------------------------------------------------------------------- /tekton-webhook-middleware/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "fmt" 7 | "io/ioutil" 8 | "net/http" 9 | "os" 10 | "time" 11 | 12 | "github.com/aws/aws-lambda-go/events" 13 | "github.com/aws/aws-lambda-go/lambda" 14 | ) 15 | 16 | type ExtractedWebhook struct { 17 | Commit string `json:"commit"` 18 | Branch string `json:"branch"` 19 | RepoName string `json:"repo-name"` 20 | RepoRegion string `json:"repo-region"` 21 | } 22 | 23 | func handler(event events.CodeCommitEvent) (string, error) { 24 | 25 | extractedWebhook := &ExtractedWebhook{ 26 | Commit: event.Records[0].CodeCommit.References[0].Commit, 27 | Branch: event.Records[0].CodeCommit.References[0].Ref, 28 | RepoName: event.Records[0].CustomData, 29 | RepoRegion: event.Records[0].AWSRegion, 30 | } 31 | 32 | webhookPayload, err := json.Marshal(extractedWebhook) 33 | if err != nil { 34 | return "Can't parse embeded webhook", err 35 | } 36 | 37 | httpClient := &http.Client{Timeout: 10 * time.Second} 38 | 39 | fmt.Println(os.Getenv("TEKTON_WEBHOOK_URL")) 40 | 41 | httpRequest, err := http.NewRequest(http.MethodPost, os.Getenv("TEKTON_WEBHOOK_URL"), bytes.NewBuffer(webhookPayload)) 42 | if err != nil { 43 | return "Can't construct request", err 44 | } 45 | 46 | httpRequest.Header.Set("Content-Type", "application/json") 47 | 48 | resp, err := httpClient.Do(httpRequest) 49 | if err != nil { 50 | return "Can't submit request", err 51 | } 52 | defer resp.Body.Close() 53 | 54 | fmt.Println("Status code:", resp.StatusCode) 55 | respData, err := ioutil.ReadAll(resp.Body) 56 | if err != nil { 57 | panic("error") 58 | } 59 | fmt.Println("Content", string(respData)) 60 | 61 | return "success", nil 62 | 63 | } 64 | 65 | func main() { 66 | lambda.Start(handler) 67 | } 68 | -------------------------------------------------------------------------------- /uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | for tool in aws kubectl jq 5 | do 6 | if ! [ -x "$(command -v $tool)" ]; then 7 | echo "[ERROR] $(date +"%T") $tool is not installed. Please install $tool before running the script again" >&2 8 | exit 1 9 | fi 10 | done 11 | 12 | export AWS_AUTHENTICATED_IDENTITY=$(aws sts get-caller-identity | jq -r .Arn | cut -d "/" -f2) 13 | export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account) 14 | export AWS_REGION=$(aws configure get region) 15 | 16 | while true; do 17 | read -p "Uninstall resources as $AWS_AUTHENTICATED_IDENTITY within account $AWS_ACCOUNT_ID in region $AWS_REGION [Y/N] " yn 18 | case $yn in 19 | [Yy]* ) break;; 20 | [Nn]* ) exit 1;; 21 | * ) echo "[ERROR] $(date +"%T") Please answer yes [Y|y] or no [N|n].";; 22 | esac 23 | done 24 | 25 | echo "[INFO] $(date +"%T") Remove namespaces..." 26 | kubectl -n argocd delete svc argocd-server 27 | kubectl -n apps-build delete ingress tekton-webhook-listener 28 | kubectl -n apps delete ingress tekton-demo-app 29 | kubectl -n support delete ingress chartmuseum 30 | kubectl -n tekton-pipelines delete ingress tekton-dashboard 31 | 32 | echo "[INFO] $(date +"%T") Remove container repositories..." 33 | aws ecr delete-repository --repository-name=cloner --force 34 | aws ecr delete-repository --repository-name=maven-builder --force 35 | aws ecr delete-repository --repository-name=tekton-demo-app --force 36 | 37 | echo "[INFO] $(date +"%T") Remove referenced security groups from cluster security group..." 38 | export TEKTON_DEMO_CLUSTER_NODE_SG=$(aws cloudformation describe-stacks --stack-name eksctl-tekton-pipeline-demo-cluster-cluster | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "ClusterSecurityGroupId") | .OutputValue') 39 | export TEKTON_DEMO_CHARTMUSEUM_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "ChartmuseumSecurityGroup") | .OutputValue') 40 | export TEKTON_DEMO_DASHBOARD_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "DashboardSecurityGroup") | .OutputValue') 41 | export TEKTON_DEMO_APP_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "AppSecurityGroup") | .OutputValue') 42 | export TEKTON_DEMO_WEBHOOK_SG=$(aws cloudformation describe-stacks --stack-name TektonDemoInfra | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "WebhookSecurityGroup") | .OutputValue') 43 | 44 | aws ec2 revoke-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_DASHBOARD_SG}] 45 | aws ec2 revoke-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_APP_SG}] 46 | aws ec2 revoke-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_WEBHOOK_SG}] 47 | aws ec2 revoke-security-group-ingress --group-id $TEKTON_DEMO_CLUSTER_NODE_SG --ip-permissions IpProtocol=tcp,FromPort=30000,ToPort=32767,UserIdGroupPairs=[{GroupId=$TEKTON_DEMO_CHARTMUSEUM_SG}] 48 | 49 | echo "[INFO] $(date +"%T") Delete <> Cloudformation stack..." 50 | aws cloudformation delete-stack --stack-name TektonDemoInfra 51 | aws cloudformation wait stack-delete-complete --stack-name TektonDemoInfra 52 | 53 | echo "[INFO] $(date +"%T") Delete EKS IAM Configuration..." 54 | eksctl delete iamserviceaccount --config-file=eks-cluster-iam-config.yaml --approve 55 | 56 | echo "[INFO] $(date +"%T") Empty buckets..." 57 | export TEKTON_DEMO_CHARTMUSEUM_BUCKET=$(aws cloudformation describe-stacks --stack-name TektonDemoBuckets | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "ChartmuseumBucket") | .OutputValue') 58 | aws s3 rm s3://${TEKTON_DEMO_CHARTMUSEUM_BUCKET} --recursive 59 | export TEKTON_DEMO_CODE_BUCKET=$(aws cloudformation describe-stacks --stack-name TektonDemoBuckets | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "CodeBucket") | .OutputValue') 60 | aws s3 rm s3://${TEKTON_DEMO_CODE_BUCKET} --recursive 61 | 62 | echo "[INFO] $(date +"%T") Delete <> Cloudformation stack..." 63 | aws cloudformation delete-stack --stack-name TektonDemoBuckets 64 | aws cloudformation wait stack-delete-complete --stack-name TektonDemoBuckets 65 | 66 | echo "[INFO] $(date +"%T") Delete Git credentials..." 67 | export AWS_AUTHENTICATED_IDENTITY=$(aws sts get-caller-identity | jq -r .Arn | cut -d "/" -f2) 68 | export AWS_GIT_CREDENTIAL_ID=$(aws iam list-service-specific-credentials --user-name $AWS_AUTHENTICATED_IDENTITY --service-name codecommit.amazonaws.com | jq -r .ServiceSpecificCredentials[0].ServiceSpecificCredentialId) 69 | aws iam delete-service-specific-credential --service-specific-credential-id $AWS_GIT_CREDENTIAL_ID 70 | 71 | echo "[INFO] $(date +"%T") Cleanup successfully completed..." --------------------------------------------------------------------------------