├── .github └── workflows │ ├── plan-preview.yaml │ └── sync.yaml ├── .gitignore ├── .pipe ├── analysis-template.yaml ├── event-watcher-helm.yaml ├── event-watcher-k8s.yaml └── event-watcher-using-regex.yaml ├── CODEOWNERS ├── HEAD.txt ├── LICENSE ├── README.md ├── cloudrun ├── analysis │ ├── app.pipecd.yaml │ └── service.yaml ├── canary │ ├── app.pipecd.yaml │ └── service.yaml ├── secret-management │ ├── app.pipecd.yaml │ └── service.yaml ├── simple │ ├── app.pipecd.yaml │ └── service.yaml └── wait-approval │ ├── app.pipecd.yaml │ └── service.yaml ├── deployment-chain ├── chain-simple-cloudrun │ ├── app.pipecd.yaml │ └── service.yaml ├── chain-simple-lambda │ ├── app.pipecd.yaml │ └── function.yaml └── simple │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── ecs ├── attachment │ ├── app.pipecd.yaml │ ├── config.yaml │ ├── servicedef.yaml │ └── taskdef.yaml ├── bluegreen │ ├── app.pipecd.yaml │ ├── servicedef.yaml │ └── taskdef.yaml ├── canary │ ├── app.pipecd.yaml │ ├── servicedef.yaml │ └── taskdef.yaml ├── secret-management │ ├── app.pipecd.yaml │ ├── servicedef.yaml │ └── taskdef.yaml ├── servicediscovery │ ├── canary │ │ ├── app.pipecd.yaml │ │ ├── servicedef.yaml │ │ └── taskdef.yaml │ └── simple │ │ ├── app.pipecd.yaml │ │ ├── servicedef.yaml │ │ └── taskdef.yaml ├── simple │ ├── app.pipecd.yaml │ ├── servicedef.yaml │ └── taskdef.yaml ├── standalone-task │ └── launch-type │ │ ├── ec2 │ │ └── network-mode │ │ │ ├── awsvpc │ │ │ ├── app.pipecd.yaml │ │ │ └── taskdef.yaml │ │ │ └── bridge │ │ │ ├── app.pipecd.yaml │ │ │ └── taskdef.yaml │ │ └── fargate │ │ ├── app.pipecd.yaml │ │ └── taskdef.yaml └── wait-approval │ └── app.pipecd.yaml ├── kubernetes ├── analysis-by-http │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── analysis-by-log │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── analysis-by-metrics │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── analysis-with-baseline │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── bluegreen │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── canary-by-config-change │ ├── app.pipecd.yaml │ ├── configmap.yaml │ ├── deployment.yaml │ └── service.yaml ├── canary-patch │ ├── app.pipecd.yaml │ ├── configmap.yaml │ ├── deployment.yaml │ └── service.yaml ├── canary │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── helm-local-chart │ ├── app.pipecd.yaml │ └── values.yaml ├── helm-remote-chart │ ├── app.pipecd.yaml │ └── values.yaml ├── helm-remote-git-chart │ ├── app.pipecd.yaml │ └── values.yaml ├── kustomize-local-base │ ├── app.pipecd.yaml │ └── kustomization.yaml ├── kustomize-remote-base │ ├── app.pipecd.yaml │ └── kustomization.yaml ├── mesh-istio-bluegreen │ ├── app.pipecd.yaml │ ├── deployment.yaml │ ├── destination-rule.yaml │ ├── gateway.yaml │ ├── service.yaml │ └── virtual-service.yaml ├── mesh-istio-canary │ ├── app.pipecd.yaml │ ├── deployment.yaml │ ├── destination-rule.yaml │ ├── gateway.yaml │ ├── service.yaml │ └── virtual-service.yaml ├── mesh-smi-bluegreen │ └── app.pipecd.yaml ├── mesh-smi-canary │ └── app.pipecd.yaml ├── multi-steps-canary │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── script-run │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── secret-management │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── secret.yaml ├── simple │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml └── wait-approval │ ├── app.pipecd.yaml │ ├── deployment.yaml │ └── service.yaml ├── lambda ├── analysis │ ├── app.pipecd.yaml │ └── function.yaml ├── canary │ ├── app.pipecd.yaml │ └── function.yaml ├── custom-sync-sam │ ├── README.md │ └── app.pipecd.yaml ├── remote-git │ ├── app.pipecd.yaml │ └── function.yaml ├── secret-management │ ├── app.pipecd.yaml │ └── function.yaml ├── simple │ ├── app.pipecd.yaml │ └── function.yaml ├── wait-approval │ └── app.pipecd.yaml └── zip-packing-s3 │ ├── app.pipecd.yaml │ └── function.yaml ├── local-modules ├── helm-charts │ └── helloworld │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ │ └── values.yaml └── kustomize-bases │ └── helloworld │ ├── deployment.yaml │ ├── kustomization.yaml │ └── service.yaml └── terraform ├── autorollback ├── .credentials │ └── service-account.json ├── app.pipecd.yaml ├── main.tf └── terraform.tfvars ├── local-module ├── .credentials │ └── service-account.json └── app.pipecd.yaml ├── remote-module ├── .credentials │ └── service-account.json └── app.pipecd.yaml ├── secret-management ├── .credentials │ └── service-account.json ├── app.pipecd.yaml ├── main.tf └── terraform.tfvars ├── simple ├── .credentials │ └── service-account.json ├── app.pipecd.yaml ├── main.tf └── terraform.tfvars └── wait-approval ├── .credentials └── service-account.json ├── app.pipecd.yaml ├── main.tf └── terraform.tfvars /.github/workflows/plan-preview.yaml: -------------------------------------------------------------------------------- 1 | name: PipeCD 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - master 7 | types: [opened, synchronize, reopened] 8 | issue_comment: 9 | types: [created] 10 | 11 | jobs: 12 | plan-preview: 13 | name: Plan Preview 14 | runs-on: ubuntu-latest 15 | if: "github.event_name == 'pull_request'" 16 | steps: 17 | - uses: pipe-cd/actions-plan-preview@v1.7.7 18 | with: 19 | address: ${{ secrets.PIPECD_API_ADDRESS }} 20 | api-key: ${{ secrets.PIPECD_PLAN_PREVIEW_API_KEY }} 21 | token: ${{ secrets.GITHUB_TOKEN }} 22 | 23 | plan-preview-on-comment: 24 | name: Plan Preview 25 | runs-on: ubuntu-latest 26 | if: "github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/pipecd plan-preview')" 27 | steps: 28 | - uses: pipe-cd/actions-plan-preview@v1.7.7 29 | with: 30 | address: ${{ secrets.PIPECD_API_ADDRESS }} 31 | api-key: ${{ secrets.PIPECD_PLAN_PREVIEW_API_KEY }} 32 | token: ${{ secrets.GITHUB_TOKEN }} 33 | -------------------------------------------------------------------------------- /.github/workflows/sync.yaml: -------------------------------------------------------------------------------- 1 | name: sync 2 | 3 | on: 4 | schedule: 5 | - cron: '0 * * * *' 6 | 7 | jobs: 8 | examples: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/checkout@v3 12 | with: 13 | path: examples 14 | - uses: actions/checkout@v3 15 | with: 16 | repository: pipe-cd/pipecd 17 | path: pipecd 18 | - run: | 19 | git -C pipecd rev-parse HEAD > examples/HEAD.txt 20 | cd examples 21 | rm -rf cloudrun deployment-chain ecs kubernetes lambda local-modules terraform 22 | cp -rf ../pipecd/examples/cloudrun . 23 | cp -rf ../pipecd/examples/deployment-chain . 24 | cp -rf ../pipecd/examples/ecs . 25 | cp -rf ../pipecd/examples/kubernetes . 26 | cp -rf ../pipecd/examples/lambda . 27 | cp -rf ../pipecd/examples/local-modules . 28 | cp -rf ../pipecd/examples/terraform . 29 | cp -rf ../pipecd/examples/README.remote.md README.md 30 | if [[ -z `git status --porcelain` ]]; then 31 | exit 32 | fi 33 | git config user.name pipecd-bot 34 | git config user.email 62555040+pipecd-bot@users.noreply.github.com 35 | git add . 36 | git commit -m "Sync with pipe-cd/pipecd repository at $( 8 | 9 | ### Kubernetes Applications 10 | 11 | | Running on Play | Name | Description | 12 | |-----------------|-----------------------------------------------------------------------------|-------------| 13 | | [link](https://play.pipecd.dev/applications/558401f0-8a35-494a-a9ba-dd0afe79824e?project=play) | [simple](https://github.com/pipe-cd/examples/tree/master/kubernetes/simple) | Deploy plain-yaml manifests in application directory without using pipeline. | 14 | | -- | [helm-local-chart](https://github.com/pipe-cd/examples/tree/master/kubernetes/helm-local-chart) | Deploy a helm chart sourced from the same Git repository. | 15 | | [link](https://play.pipecd.dev/applications/36347720-8f03-417d-8465-094f7d4eb4b1?project=play) | [helm-remote-chart](https://github.com/pipe-cd/examples/tree/master/kubernetes/helm-remote-chart) | Deploy a helm chart sourced from a [Helm Chart Repository](https://helm.sh/docs/topics/chart_repository/). | 16 | | [link](https://play.pipecd.dev/applications/f7fc49cf-71e1-4932-8ba4-8863eeace077?project=play) | [helm-remote-git-chart](https://github.com/pipe-cd/examples/tree/master/kubernetes/helm-remote-git-chart) | Deploy a helm chart sourced from another Git repository. | 17 | | [link](https://play.pipecd.dev/applications/a01c3ebb-89d2-4569-bef7-d659412daa11?project=play) | [kustomize-local-base](https://github.com/pipe-cd/examples/tree/master/kubernetes/kustomize-local-base) | Deploy a kustomize package that just uses the local bases from the same Git repository. | 18 | | -- | [kustomize-remote-base](https://github.com/pipe-cd/examples/tree/master/kubernetes/kustomize-remote-base) | Deploy a kustomize package that uses remote bases from other Git repositories. | 19 | | [link](https://play.pipecd.dev/applications/374119cd-f3a8-47f2-93db-99f58855e5a4?project=play) | [canary](https://github.com/pipe-cd/examples/tree/master/kubernetes/canary) | Deloyment pipeline with canary strategy. | 20 | | -- | [canary-by-config-change](https://github.com/pipe-cd/examples/tree/master/kubernetes/canary-by-config-change) | Deployment pipeline with canary strategy when ConfigMap was changed. | 21 | | -- | [canary-patch](https://github.com/pipe-cd/examples/tree/master/kubernetes/canary-patch) | Demonstrate how to customize manifests for Canary variant using [patches](https://pipecd.dev/docs/user-guide/configuration-reference/#kubernetescanaryrolloutstageoptions) option. | 22 | | [link](https://play.pipecd.dev/applications/b8575010-9619-4141-bb0e-6d58ee5d09c9?project=play) | [bluegreen](https://github.com/pipe-cd/examples/tree/master/kubernetes/bluegreen) | Deployment pipeline with bluegreen strategy. This also contains a manual approval stage. | 23 | | -- | [mesh-istio-canary](https://github.com/pipe-cd/examples/tree/master/kubernetes/mesh-istio-canary) | Deployment pipeline with canary strategy by using Istio for traffic routing. | 24 | | -- | [mesh-istio-bluegreen](https://github.com/pipe-cd/examples/tree/master/kubernetes/mesh-istio-bluegreen) | Deployment pipeline with bluegreen strategy by using Istio for traffic routing. | 25 | | -- | [mesh-smi-canary](https://github.com/pipe-cd/examples/tree/master/kubernetes/mesh-smi-canary) | Deployment pipeline with canary strategy by using SMI for traffic routing. | 26 | | -- | [mesh-smi-bluegreen](https://github.com/pipe-cd/examples/tree/master/kubernetes/mesh-smi-bluegreen) | Deployment pipeline with bluegreen strategy by using SMI for traffic routing. | 27 | | [link](https://play.pipecd.dev/applications/72dbd53e-a90a-41b3-8503-44af2edeb507?project=play) | [wait-approval](https://github.com/pipe-cd/examples/tree/master/kubernetes/wait-approval) | Deployment pipeline that contains a manual approval stage. | 28 | | -- | [multi-steps-canary](https://github.com/pipe-cd/examples/tree/master/kubernetes/multi-steps-canary) | Deployment pipeline with multiple canary steps. | 29 | | [link](https://play.pipecd.dev/applications/913a0bde-1f38-41e3-9f56-75910b8988a9?project=play) | [analysis-by-metrics](https://github.com/pipe-cd/examples/tree/master/kubernetes/analysis-by-metrics) | Deployment pipeline with analysis stage by metrics. | 30 | | -- | [analysis-by-http](https://github.com/pipe-cd/examples/tree/master/kubernetes/analysis-by-http) | Deployment pipeline with analysis stage by running http requests. | 31 | | -- | [analysis-by-log](https://github.com/pipe-cd/examples/tree/master/kubernetes/analysis-by-log) | Deployment pipeline with analysis stage by checking logs. | 32 | | -- | [analysis-with-baseline](https://github.com/pipe-cd/examples/tree/master/kubernetes/analysis-with-baseline) | Deployment pipeline with analysis stage by comparing baseline and canary. | 33 | | -- | [secret-management](https://github.com/pipe-cd/examples/tree/master/kubernetes/secret-management) | Demonstrate how to manage sensitive data by using [Secret Management](https://pipecd.dev/docs/user-guide/secret-management/) feature. | 34 | 35 | ### Terraform Applications 36 | 37 | | Running on Play | Name | Description | 38 | |-----------------|-----------------------------------------------------------------------------|-------------| 39 | | [link](https://play.pipecd.dev/applications/ece10473-0cdb-4fec-96a1-a3df8f2e3c6e?project=play) | [simple](https://github.com/pipe-cd/examples/tree/master/terraform/simple) | Automatically applies when any changes were detected. | 40 | | -- | [local-module](https://github.com/pipe-cd/examples/tree/master/terraform/local-module) | Deploy application that using local terraform modules from the same Git repository. | 41 | | -- | [remote-module](https://github.com/pipe-cd/examples/tree/master/terraform/remote-module) | Deploy application that using remote terraform modules from other Git repositories. | 42 | | [link](https://play.pipecd.dev/applications/4726503e-68e0-40a0-b9cb-9761567f4745?project=play) | [wait-approval](https://github.com/pipe-cd/examples/tree/master/terraform/wait-approval) | Deployment pipeline that contains a manual approval stage. | 43 | | -- | [autorollback](https://github.com/pipe-cd/examples/tree/master/terraform/auto-rollback) | Automatically rollback the changes when deployment was failed. | 44 | | [link](https://play.pipecd.dev/applications/33b9b73b-acf2-4cd4-9e0c-ab2e9fad86d1?project=play) | [secret-management](https://github.com/pipe-cd/examples/tree/master/terraform/secret-management) | Demonstrate how to manage sensitive data by using [Secret Management](https://pipecd.dev/docs/user-guide/secret-management/) feature. | 45 | 46 | ### Cloud Run Applications 47 | 48 | | Running on Play | Name | Description | 49 | |-----------------|-----------------------------------------------------------------------------|-------------| 50 | | [link](https://play.pipecd.dev/applications/64eee87f-7fae-4760-81cc-c6e66f1b48c9?project=play) | [simple](https://github.com/pipe-cd/examples/tree/master/cloudrun/simple) | Quick sync by rolling out the new version and switching all traffic to it. | 51 | | [link](https://play.pipecd.dev/applications/845613b4-f997-4682-9529-98f089480394?project=play) | [canary](https://github.com/pipe-cd/examples/tree/master/cloudrun/canary) | Deployment pipeline with canary strategy. | 52 | | [link](https://play.pipecd.dev/applications/c1fcbca1-c3ed-41f6-b8d9-0a1ee28df5c3?project=play) | [wait-approval](https://github.com/pipe-cd/examples/tree/master/cloudrun/wait-approval) | Deployment pipeline that contains a manual approval stage. | 53 | | -- | [analysis](https://github.com/pipe-cd/examples/tree/master/cloudrun/analysis) | Deployment pipeline that contains an analysis stage. | 54 | | -- | [secret-management](https://github.com/pipe-cd/examples/tree/master/cloudrun/secret-management) | Demonstrate how to manage sensitive data by using [Secret Management](https://pipecd.dev/docs/user-guide/secret-management/) feature. | 55 | 56 | ### Lambda Applications 57 | 58 | | Running on Play | Name | Description | 59 | |-----------------|-----------------------------------------------------------------------------|-------------| 60 | | -- | [simple](https://github.com/pipe-cd/examples/tree/master/lambda/simple) | Quick sync by rolling out the new version and switching all traffic to it. | 61 | | -- | [canary](https://github.com/pipe-cd/examples/tree/master/lambda/canary) | Deployment pipeline with canary strategy. | 62 | | -- | [analysis](https://github.com/pipe-cd/examples/tree/master/lambda/analysis) | Deployment pipeline that contains an analysis stage. | 63 | | -- | [secret-management](https://github.com/pipe-cd/examples/tree/master/lambda/secret-management) | Demonstrate how to manage sensitive data by using [Secret Management](https://pipecd.dev/docs/user-guide/secret-management/) feature. | 64 | 65 | ### ECS Applications 66 | 67 | | Running on Play | Name | Description | 68 | |-----------------|-----------------------------------------------------------------------------|-------------| 69 | | -- | [simple](https://github.com/pipe-cd/examples/tree/master/ecs/simple) | Quick sync by rolling out the new version and switching all traffic to it. | 70 | | -- | [canary](https://github.com/pipe-cd/examples/tree/master/ecs/canary) | Deployment pipeline with canary strategy. | 71 | | -- | [bluegreen](https://github.com/pipe-cd/examples/tree/master/ecs/bluegreen) | Deployment pipeline with blue-green strategy. | 72 | | -- | [standalone-task](https://github.com/pipe-cd/examples/tree/master/ecs/standalone-task) | Deployment pipeline for an ECS standalone task (no service required). | 73 | | -- | [secret-management](https://github.com/pipe-cd/examples/tree/master/ecs/secret-management) | Demonstrate how to manage sensitive data by using [Secret Management](https://pipecd.dev/docs/user-guide/managing-application/secret-management/) feature. | 74 | | -- | [attachment](https://github.com/pipe-cd/examples/tree/master/ecs/attachment) | Demonstrate how to manage insensitive data and import it into application manifests while deployment using [Attachment](https://pipecd.dev/docs/user-guide/managing-application/manifest-attachment/) feature. | 75 | -------------------------------------------------------------------------------- /cloudrun/analysis/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: CloudRunApp 3 | spec: 4 | name: analysis 5 | labels: 6 | env: example 7 | team: abc 8 | pipeline: 9 | stages: 10 | # Promote new version to receive amount of traffic. 11 | - name: CLOUDRUN_PROMOTE 12 | with: 13 | percent: 10 14 | # Optional: We can also add an ANALYSIS stage to verify the new version. 15 | # If this stage finds any not good metrics of the new version, 16 | # a rollback process to the previous version will be executed. 17 | - name: ANALYSIS 18 | with: 19 | duration: 10m 20 | threshold: 2 21 | https: 22 | - url: https://canary-endpoint.pipecd.dev 23 | method: GET 24 | expected: 200 25 | interval: 1m 26 | # Promote new version to receive all traffic. 27 | - name: CLOUDRUN_PROMOTE 28 | with: 29 | percent: 100 30 | description: | 31 | This app demonstrates how to use ANALYSIS stage to analyze the deployment.\ 32 | After new version has been deployed to receive 10% of traffic, Piped periodically sends http requests to the endpoint of the new version to verify its responses.\ 33 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 34 | -------------------------------------------------------------------------------- /cloudrun/analysis/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: analysis 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/maxScale: '2' 10 | spec: 11 | containerConcurrency: 80 12 | containers: 13 | - args: 14 | - server 15 | image: gcr.io/pipecd/helloworld:v0.27.4 16 | ports: 17 | - containerPort: 9085 18 | resources: 19 | limits: 20 | cpu: 1000m 21 | memory: 128Mi 22 | -------------------------------------------------------------------------------- /cloudrun/canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: CloudRunApp 3 | spec: 4 | name: canary 5 | labels: 6 | env: example 7 | team: abc 8 | pipeline: 9 | stages: 10 | # Promote new version to receive amount of traffic. 11 | - name: CLOUDRUN_PROMOTE 12 | with: 13 | percent: 10 14 | - name: WAIT 15 | with: 16 | duration: 30s 17 | # Promote new version to receive amount of traffic. 18 | - name: CLOUDRUN_PROMOTE 19 | with: 20 | percent: 50 21 | - name: WAIT 22 | with: 23 | duration: 30s 24 | # Promote new version to receive all traffic. 25 | - name: CLOUDRUN_PROMOTE 26 | with: 27 | percent: 100 28 | description: | 29 | This app demonstrates how to deploy a Cloud Run application with Canary strategy.\ 30 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 31 | -------------------------------------------------------------------------------- /cloudrun/canary/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: canary 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/maxScale: '2' 10 | spec: 11 | containerConcurrency: 80 12 | containers: 13 | - args: 14 | - server 15 | image: gcr.io/pipecd/helloworld:v0.27.4 16 | ports: 17 | - containerPort: 9085 18 | resources: 19 | limits: 20 | cpu: 1000m 21 | memory: 128Mi 22 | -------------------------------------------------------------------------------- /cloudrun/secret-management/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: CloudRunApp 3 | spec: 4 | name: secret-management 5 | labels: 6 | env: example 7 | team: abc 8 | encryption: 9 | encryptedSecrets: 10 | # Encrypted via the web console. 11 | key: AQClmqFuXZ10F83HgWIKHzr92YL/x8HBQyc7RUbxyJexjaKvFJ2YeYJWnqcssxBt8EAC4Kie+iZr5ABWZ2yNEQaPRSaBTTBRLetsmsJfdtDZOr1VvXj7nPEBFBajxsIs1LhFLejsR8WMDmYk2Sy4h1pP8dhYL6oNaAxU17ehdQ5PMCqo0Lv8hN5/Qhz4+KW/yotxgqgJm5eFPUnWLlvkbO6P1iyEpg+xZZNcUjqKbZ8MyU7zf7yms4kuouo+p5yoSjqI9jEEy5DJ9TdJtn5S8ENKUoDLDunsERrBip2kSIv8nxNgBMOfqLskjyKrMgMGMyGqwXGJiKPqFiLDM/6TWo2B2f2cVIPRmCNUU9uVMadHfK5DFxr3NZG6 12 | decryptionTargets: 13 | - service.yaml 14 | description: | 15 | This app demonstrates how to use [Secret Management](https://pipecd.dev/docs/user-guide/managing-application/secret-management/) feature to store an encrypted credential in Git for use by Cloud Run service.\ 16 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 17 | -------------------------------------------------------------------------------- /cloudrun/secret-management/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: secret-management 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/maxScale: '2' 10 | spec: 11 | containerConcurrency: 80 12 | containers: 13 | - args: 14 | - server 15 | image: gcr.io/pipecd/helloworld:v0.27.4 16 | env: 17 | - name: KEY 18 | value: "{{ .encryptedSecrets.key }}" 19 | ports: 20 | - containerPort: 9085 21 | resources: 22 | limits: 23 | cpu: 1000m 24 | memory: 128Mi 25 | -------------------------------------------------------------------------------- /cloudrun/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: CloudRunApp 3 | spec: 4 | name: simple 5 | labels: 6 | env: example 7 | team: abc 8 | description: | 9 | This app demonstrates how to deploy a Cloud Run application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 10 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 11 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 12 | -------------------------------------------------------------------------------- /cloudrun/simple/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: simple 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/maxScale: '2' 10 | spec: 11 | containerConcurrency: 80 12 | containers: 13 | - args: 14 | - server 15 | image: gcr.io/pipecd/helloworld:v0.27.4 16 | ports: 17 | - containerPort: 9085 18 | resources: 19 | limits: 20 | cpu: 1000m 21 | memory: 128Mi 22 | -------------------------------------------------------------------------------- /cloudrun/wait-approval/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: CloudRunApp 3 | spec: 4 | name: wait-approval 5 | labels: 6 | env: example 7 | team: abc 8 | pipeline: 9 | stages: 10 | # Promote new version to receive amount of traffic. 11 | - name: CLOUDRUN_PROMOTE 12 | with: 13 | percent: 10 14 | - name: WAIT_APPROVAL 15 | # Promote new version to receive all traffic. 16 | - name: CLOUDRUN_PROMOTE 17 | with: 18 | percent: 100 19 | notification: 20 | mentions: 21 | - event: DEPLOYMENT_WAIT_APPROVAL 22 | slack: 23 | - slack-user-id-1 # slack-user-name-1 24 | - slack-user-id-2 # slack-user-name-2 25 | # Specifying "*" means mentioning the given users for all events. 26 | - event: "*" 27 | slack: 28 | - slack-user-id-3 # slack-user-name-3 29 | description: | 30 | This app demonstrates how to configure a Cloud Run app with a WAIT_APPROVAL stage.\ 31 | This ensures that all deployments of this app must be approved manually on the web console.\ 32 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 33 | -------------------------------------------------------------------------------- /cloudrun/wait-approval/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: wait-approval 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/maxScale: '2' 10 | spec: 11 | containerConcurrency: 80 12 | containers: 13 | - args: 14 | - server 15 | image: gcr.io/pipecd/helloworld:v0.27.4 16 | ports: 17 | - containerPort: 9085 18 | resources: 19 | limits: 20 | cpu: 1000m 21 | memory: 128Mi 22 | -------------------------------------------------------------------------------- /deployment-chain/chain-simple-cloudrun/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Quick sync by rolling out the new version and switching all traffic to it. 2 | apiVersion: pipecd.dev/v1beta1 3 | kind: CloudRunApp 4 | spec: 5 | name: chain-simple-cloudrun 6 | labels: 7 | env: example 8 | team: abc 9 | trigger: 10 | onChain: 11 | disabled: false 12 | -------------------------------------------------------------------------------- /deployment-chain/chain-simple-cloudrun/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: chain-simple-cloudrun 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/maxScale: '2' 10 | spec: 11 | containerConcurrency: 80 12 | containers: 13 | - args: 14 | - server 15 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 16 | ports: 17 | - containerPort: 9085 18 | resources: 19 | limits: 20 | cpu: 1000m 21 | memory: 128Mi 22 | -------------------------------------------------------------------------------- /deployment-chain/chain-simple-lambda/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Quick sync by rolling out the new version and switching all traffic to it. 2 | # https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html 3 | apiVersion: pipecd.dev/v1beta1 4 | kind: LambdaApp 5 | spec: 6 | name: chain-simple-lambda 7 | labels: 8 | env: example 9 | team: abc 10 | trigger: 11 | onChain: 12 | disabled: false 13 | -------------------------------------------------------------------------------- /deployment-chain/chain-simple-lambda/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: ChainSimpleFunction 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | image: ecr.ap-northeast-1.amazonaws.com/lambda-test:v0.0.1 7 | memory: 512 8 | timeout: 30 9 | environments: 10 | FOO: bar 11 | tags: 12 | app: simple 13 | -------------------------------------------------------------------------------- /deployment-chain/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: simple 5 | labels: 6 | env: example 7 | team: abc 8 | input: 9 | manifests: 10 | - deployment.yaml 11 | - service.yaml 12 | kubectlVersion: 1.32.2 13 | postSync: 14 | chain: 15 | applications: 16 | # The below will match application named `chain-simple-cloudrun` of kind `CLOUDRUN`. 17 | # which means the app that it's configuration is at 18 | # https://github.com/pipe-cd/examples/blob/master/deployment-chain/chain-simple-cloudrun 19 | - name: chain-simple-cloudrun 20 | kind: CLOUDRUN 21 | # The below will match application named `chain-simple-lambda` of kind `LAMBDA`. 22 | # which means the app that it's configuration is at 23 | # https://github.com/pipe-cd/examples/tree/master/deployment-chain/chain-simple-lambda 24 | - name: chain-simple-lambda 25 | kind: LAMBDA 26 | -------------------------------------------------------------------------------- /deployment-chain/simple/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: chain-simple 5 | labels: 6 | app: chain-simple 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: chain-simple 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: chain-simple 17 | pipecd.dev/variant: primary 18 | annotations: 19 | sidecar.istio.io/inject: "false" 20 | spec: 21 | containers: 22 | - name: helloworld 23 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 24 | args: 25 | - server 26 | ports: 27 | - containerPort: 9085 28 | -------------------------------------------------------------------------------- /deployment-chain/simple/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: chain-simple 5 | spec: 6 | selector: 7 | app: chain-simple 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /ecs/attachment/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: attachment 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | targetGroups: 12 | primary: 13 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-lb/YYYY 14 | containerName: web 15 | containerPort: 80 16 | encryption: 17 | encryptedSecrets: 18 | # Encrypted via the web console. 19 | foo: AQClmqFuXZ10F83HgWIKHzr92YL/x8HBQyc7RUbxyJexjaKvFJ2YeYJWnqcssxBt8EAC4Kie+iZr5ABWZ2yNEQaPRSaBTTBRLetsmsJfdtDZOr1VvXj7nPEBFBajxsIs1LhFLejsR8WMDmYk2Sy4h1pP8dhYL6oNaAxU17ehdQ5PMCqo0Lv8hN5/Qhz4+KW/yotxgqgJm5eFPUnWLlvkbO6P1iyEpg+xZZNcUjqKbZ8MyU7zf7yms4kuouo+p5yoSjqI9jEEy5DJ9TdJtn5S8ENKUoDLDunsERrBip2kSIv8nxNgBMOfqLskjyKrMgMGMyGqwXGJiKPqFiLDM/6TWo2B2f2cVIPRmCNUU9uVMadHfK5DFxr3NZG6 20 | decryptionTargets: 21 | - servicedef.yaml 22 | - config.yaml 23 | attachment: 24 | sources: 25 | config: config.yaml 26 | targets: 27 | - taskdef.yaml 28 | -------------------------------------------------------------------------------- /ecs/attachment/config.yaml: -------------------------------------------------------------------------------- 1 | mysql: 2 | rootPassword: "test" 3 | database: "{{ .encryptedSecrets.foo }}" 4 | -------------------------------------------------------------------------------- /ecs/attachment/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | tags: 24 | - key: FOO 25 | value: "{{ .encryptedSecrets.foo }}" 26 | -------------------------------------------------------------------------------- /ecs/attachment/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: "echo {{ .attachment.config }}" 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/bluegreen/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: bluegreen 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | targetGroups: 12 | # Primary target group is pointed by LB (ALB/NLB) live listener, the Primary task set 13 | # will be registered to this target group. 14 | primary: 15 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-tg-blue/YYYY 16 | containerName: web 17 | containerPort: 80 18 | # Canary target group can also be pointed by LB (ALB/NLB) live listener at 19 | # the beginning of deployment, the Canary task set will be registered to this target group. 20 | # CAUTION: To enable PipeCD performs bluegreen deployment strategy, this canary target group 21 | # is required. 22 | canary: 23 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-tg-green/ZZZZ 24 | containerName: web 25 | containerPort: 80 26 | pipeline: 27 | stages: 28 | # Rollout CANARY variant's workload. 29 | # scale represents the percentage of workload will be rolled out, 30 | # in this case 100% of the current PRIMARY variant's workload is set. 31 | # Note: Rolled out variant serves no traffic at this time. 32 | - name: ECS_CANARY_ROLLOUT 33 | with: 34 | scale: 100 35 | # Change the traffic routing state where 36 | # the CANARY workloads will receive the specified percentage of traffic. 37 | # In blue-green deployment strategy, 100% of traffic will be routed to 38 | # CANARY workloads. 39 | - name: ECS_TRAFFIC_ROUTING 40 | with: 41 | canary: 100 42 | # Hold the deployment process for 150 seconds. 43 | - name: WAIT 44 | with: 45 | duration: 150s 46 | # Update the workload of PRIMARY variant to the new version. 47 | - name: ECS_PRIMARY_ROLLOUT 48 | # Change the traffic routing state where 49 | # the PRIMARY workloads will receive 100% of the traffic. 50 | - name: ECS_TRAFFIC_ROUTING 51 | with: 52 | primary: 100 53 | # Destroy all workloads of CANARY variant. 54 | - name: ECS_CANARY_CLEAN 55 | -------------------------------------------------------------------------------- /ecs/bluegreen/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-bluegreen-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | -------------------------------------------------------------------------------- /ecs/bluegreen/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: canary 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | targetGroups: 12 | # Primary target group is pointed by LB (ALB/NLB) live listener, the Primary task set 13 | # will be registered to this target group. 14 | primary: 15 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-canary-blue/YYYY 16 | containerName: web 17 | containerPort: 80 18 | # Canary target group can also be pointed by LB (ALB/NLB) live listener at 19 | # the beginning of deployment, the Canary task set will be registered to this target group. 20 | # CAUTION: To enable PipeCD performs canary deployment strategy, this canary target group 21 | # is required. 22 | canary: 23 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-canary-green/ZZZZ 24 | containerName: web 25 | containerPort: 80 26 | pipeline: 27 | stages: 28 | # Rollout CANARY variant's workload. 29 | # scale represents the percentage of workload will be rolled out, 30 | # in this case 30% of the current PRIMARY variant's workload is set. 31 | # Note: Rolled out variant serves no traffic at this time. 32 | - name: ECS_CANARY_ROLLOUT 33 | with: 34 | scale: 30 35 | # Change the traffic routing state where 36 | # the CANARY workloads will receive the specified percentage of traffic 37 | # (20% in this case). This is known as multi-phase canary strategy. 38 | - name: ECS_TRAFFIC_ROUTING 39 | with: 40 | canary: 20 41 | # Hold the deployment process for 150 seconds. 42 | - name: WAIT 43 | with: 44 | duration: 150s 45 | # Update the workload of PRIMARY variant to the new version. 46 | - name: ECS_PRIMARY_ROLLOUT 47 | # Change the traffic routing state where 48 | # the PRIMARY workloads will receive 100% of the traffic. 49 | - name: ECS_TRAFFIC_ROUTING 50 | with: 51 | primary: 100 52 | # Destroy all workloads of CANARY variant. 53 | - name: ECS_CANARY_CLEAN 54 | -------------------------------------------------------------------------------- /ecs/canary/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-canary-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | -------------------------------------------------------------------------------- /ecs/canary/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/secret-management/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: secret-management 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | targetGroups: 12 | primary: 13 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-lb/YYYY 14 | containerName: web 15 | containerPort: 80 16 | encryption: 17 | encryptedSecrets: 18 | # Encrypted via the web console. 19 | foo: AQClmqFuXZ10F83HgWIKHzr92YL/x8HBQyc7RUbxyJexjaKvFJ2YeYJWnqcssxBt8EAC4Kie+iZr5ABWZ2yNEQaPRSaBTTBRLetsmsJfdtDZOr1VvXj7nPEBFBajxsIs1LhFLejsR8WMDmYk2Sy4h1pP8dhYL6oNaAxU17ehdQ5PMCqo0Lv8hN5/Qhz4+KW/yotxgqgJm5eFPUnWLlvkbO6P1iyEpg+xZZNcUjqKbZ8MyU7zf7yms4kuouo+p5yoSjqI9jEEy5DJ9TdJtn5S8ENKUoDLDunsERrBip2kSIv8nxNgBMOfqLskjyKrMgMGMyGqwXGJiKPqFiLDM/6TWo2B2f2cVIPRmCNUU9uVMadHfK5DFxr3NZG6 20 | decryptionTargets: 21 | - servicedef.yaml 22 | -------------------------------------------------------------------------------- /ecs/secret-management/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | tags: 24 | - key: FOO 25 | value: "{{ .encryptedSecrets.foo }}" 26 | -------------------------------------------------------------------------------- /ecs/secret-management/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/servicediscovery/canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: servicediscovery-canary 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | # When you use ECS Service Discovery for interservice networking, you must specify 'SERVICE_DISCOVERY' for 'accessType'. 12 | accessType: SERVICE_DISCOVERY 13 | # 'targetGroups' is not used in Service Discovery type. 14 | pipeline: 15 | stages: 16 | # Rollout CANARY variant's workload. 17 | # scale represents the percentage of workload will be rolled out, 18 | # in this case 100% of the current PRIMARY variant's workload is set. 19 | # Note: Rolled out variant DOES serve traffic at this time unlike the ELB type. 20 | - name: ECS_CANARY_ROLLOUT 21 | with: 22 | scale: 100 23 | # Hold the deployment process for 150 seconds. 24 | - name: WAIT 25 | with: 26 | duration: 150s 27 | # Update the workload of PRIMARY variant to the new version. 28 | # NOTE: The new PRIMARY variant will serve 100% of the traffic at this time. 29 | - name: ECS_PRIMARY_ROLLOUT 30 | # Destroy all workloads of CANARY variant. 31 | - name: ECS_CANARY_CLEAN -------------------------------------------------------------------------------- /ecs/servicediscovery/canary/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-canary-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | # Service Discovery Config. 24 | serviceRegistries: 25 | # You need to specify the service id of the service discovery namespace. 26 | - registryArn: arn:aws:servicediscovery:ap-northeast-1:XXXX:service/srv-XXXXX -------------------------------------------------------------------------------- /ecs/servicediscovery/canary/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] -------------------------------------------------------------------------------- /ecs/servicediscovery/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: servicediscovery-simple 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | # When you use ECS Service Discovery for interservice networking, you must specify 'SERVICE_DISCOVERY' for 'accessType'. 12 | accessType: SERVICE_DISCOVERY 13 | # 'targetGroups' is not used in Service Discovery type. 14 | description: | 15 | This app demonstrates how to deploy an ECS application using Service Discovery with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 16 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 17 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 18 | -------------------------------------------------------------------------------- /ecs/servicediscovery/simple/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-discovery-simple-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | # Service Discovery Config. 24 | serviceRegistries: 25 | # You need to specify the service id of the service discovery namespace. 26 | - registryArn: arn:aws:servicediscovery:ap-northeast-1:XXXX:service/srv-XXXXX 27 | -------------------------------------------------------------------------------- /ecs/servicediscovery/simple/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: public.ecr.aws/docker/library/httpd:2 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] -------------------------------------------------------------------------------- /ecs/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: simple 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | serviceDefinitionFile: servicedef.yaml 10 | taskDefinitionFile: taskdef.yaml 11 | targetGroups: 12 | primary: 13 | targetGroupArn: arn:aws:elasticloadbalancing:ap-northeast-1:XXXX:targetgroup/ecs-lb/YYYY 14 | containerName: web 15 | containerPort: 80 16 | description: | 17 | This app demonstrates how to deploy an ECS application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 18 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 19 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 20 | -------------------------------------------------------------------------------- /ecs/simple/servicedef.yaml: -------------------------------------------------------------------------------- 1 | cluster: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 2 | serviceName: nginx-service 3 | desiredCount: 2 4 | deploymentConfiguration: 5 | maximumPercent: 200 6 | minimumHealthyPercent: 0 7 | schedulingStrategy: REPLICA 8 | # CAUTION: To enable PipeCD controls the deployment 9 | # DeploymentController of type EXTERNAL is required. 10 | deploymentController: 11 | type: EXTERNAL 12 | enableECSManagedTags: true 13 | propagateTags: SERVICE 14 | launchType: FARGATE 15 | networkConfiguration: 16 | awsvpcConfiguration: 17 | assignPublicIp: ENABLED 18 | securityGroups: 19 | - sg-YYYY 20 | subnets: 21 | - subnet-YYYY 22 | - subnet-YYYY 23 | -------------------------------------------------------------------------------- /ecs/simple/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-service-fam 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/standalone-task/launch-type/ec2/network-mode/awsvpc/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: standalonetask-ec2-awsvpc 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | taskDefinitionFile: taskdef.yaml 10 | clusterArn: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 11 | launchType: EC2 12 | awsvpcConfiguration: 13 | subnets: 14 | - subnet-YYYY 15 | - subnet-YYYY 16 | description: | 17 | This app demonstrates how to deploy an ECS application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 18 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 19 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 20 | -------------------------------------------------------------------------------- /ecs/standalone-task/launch-type/ec2/network-mode/awsvpc/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-test-fam-ec2 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - EC2 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/standalone-task/launch-type/ec2/network-mode/bridge/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: standalonetask-ec2-bridge-1 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | taskDefinitionFile: taskdef.yaml 10 | launchType: EC2 11 | clusterArn: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 12 | description: | 13 | This app demonstrates how to deploy an ECS application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 14 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 15 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 16 | -------------------------------------------------------------------------------- /ecs/standalone-task/launch-type/ec2/network-mode/bridge/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-test-fam-ec2-bridge 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - EC2 14 | networkMode: bridge 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/standalone-task/launch-type/fargate/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: ECSApp 3 | spec: 4 | name: standalonetask-fargate 5 | labels: 6 | env: example 7 | team: xyz 8 | input: 9 | taskDefinitionFile: taskdef.yaml 10 | clusterArn: arn:aws:ecs:ap-northeast-1:XXXX:cluster/test-cluster 11 | awsvpcConfiguration: 12 | assignPublicIp: ENABLED 13 | subnets: 14 | - subnet-YYYY 15 | - subnet-YYYY 16 | securityGroups: 17 | - sg-YYYY 18 | description: | 19 | This app demonstrates how to deploy an ECS application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 20 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 21 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 22 | -------------------------------------------------------------------------------- /ecs/standalone-task/launch-type/fargate/taskdef.yaml: -------------------------------------------------------------------------------- 1 | family: nginx-test-fam-1 2 | executionRoleArn: arn:aws:iam::XXXX:role/ecsTaskExecutionRole 3 | containerDefinitions: 4 | - command: null 5 | cpu: 100 6 | image: XXXX.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:1 7 | memory: 100 8 | mountPoints: [] 9 | name: web 10 | portMappings: 11 | - containerPort: 80 12 | requiresCompatibilities: 13 | - FARGATE 14 | networkMode: awsvpc 15 | memory: 512 16 | cpu: 256 17 | pidMode: "" 18 | volumes: [] 19 | -------------------------------------------------------------------------------- /ecs/wait-approval/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deployment pipeline that contains a manual approval stage. 2 | apiVersion: pipecd.dev/v1beta1 3 | kind: ECSApp 4 | spec: 5 | name: wait-approval 6 | labels: 7 | env: example 8 | team: xyz 9 | pipeline: 10 | stages: 11 | # Rollout CANARY variant's workload. 12 | # scale represents the percentage of workload will be rolled out, 13 | # in this case 30% of the current PRIMARY variant's workload is set. 14 | # Note: Rolled out variant serves no traffic at this time. 15 | - name: ECS_CANARY_ROLLOUT 16 | with: 17 | scale: 30 18 | # Change the traffic routing state where 19 | # the CANARY workloads will receive the specified percentage of traffic 20 | # (20% in this case). This is known as multi-phase canary strategy. 21 | - name: ECS_TRAFFIC_ROUTING 22 | with: 23 | canary: 20 24 | - name: WAIT_APPROVAL 25 | # Update the workload of PRIMARY variant to the new version. 26 | - name: ECS_PRIMARY_ROLLOUT 27 | # Change the traffic routing state where 28 | # the PRIMARY workloads will receive 100% of the traffic. 29 | - name: ECS_TRAFFIC_ROUTING 30 | with: 31 | primary: 100 32 | # Destroy all workloads of CANARY variant. 33 | - name: ECS_CANARY_CLEAN 34 | notification: 35 | mentions: 36 | - event: DEPLOYMENT_WAIT_APPROVAL 37 | slack: 38 | - slack-user-id-1 # slack-user-name-1 39 | - slack-user-id-2 # slack-user-name-2 40 | # Specifying "*" means mentioning the given users for all events. 41 | - event: "*" 42 | slack: 43 | - slack-user-id-3 # slack-user-name-3 44 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-http/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: analysis-by-http 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | - name: K8S_CANARY_ROLLOUT 11 | with: 12 | replicas: 10% 13 | - name: ANALYSIS 14 | with: 15 | duration: 10m 16 | https: 17 | - url: https://canary-endpoint.pipecd.dev 18 | method: GET 19 | expectedCode: 200 20 | failureLimit: 1 21 | interval: 1m 22 | - name: K8S_PRIMARY_ROLLOUT 23 | - name: K8S_CANARY_CLEAN 24 | description: | 25 | This app demonstrates how to use ANALYSIS stage to analyze the deployment.\ 26 | After new version has been deployed to receive 10% of traffic, Piped periodically sends http requests to the endpoint of the new version to verify its responses.\ 27 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 28 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-http/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: analysis-by-http 5 | labels: 6 | app: analysis-by-http 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: analysis-by-http 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: analysis-by-http 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.32.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-http/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: analysis-by-http 5 | spec: 6 | selector: 7 | app: analysis-by-http 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-log/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: analysis-by-log 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | - name: K8S_CANARY_ROLLOUT 11 | with: 12 | replicas: 10% 13 | - name: ANALYSIS 14 | with: 15 | duration: 10m 16 | logs: 17 | - query: 'logName = "projects/demo/logs/error' 18 | interval: 1m 19 | provider: stackdriver-dev 20 | - name: K8S_PRIMARY_ROLLOUT 21 | - name: K8S_CANARY_CLEAN 22 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-log/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: analysis-by-log 5 | labels: 6 | app: analysis-by-log 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: analysis-by-log 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: analysis-by-log 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.32.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-log/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: analysis-by-log 5 | spec: 6 | selector: 7 | app: analysis-by-log 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-metrics/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: analysis-by-metrics 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | - name: K8S_CANARY_ROLLOUT 11 | with: 12 | replicas: 20% 13 | - name: ANALYSIS 14 | with: 15 | duration: 30m 16 | metrics: 17 | - strategy: THRESHOLD 18 | provider: my-prometheus 19 | interval: 5m 20 | expected: 21 | max: 0.01 22 | query: | 23 | sum by (job) (rate(http_requests_total{status=~"5.*", job="analysis"}[5m])) 24 | / 25 | sum by (job) (rate(http_requests_total{job="analysis"}[5m])) 26 | - name: K8S_PRIMARY_ROLLOUT 27 | - name: K8S_CANARY_CLEAN 28 | description: | 29 | This app demonstrates how to use ANALYSIS stage to analyze the deployment based on its metrics.\ 30 | After new version has been deployed to receive 20% of traffic, Piped periodically requests the specified query to analyze its metrics data.\ 31 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 32 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-metrics/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: analysis-by-metrics 5 | labels: 6 | app: analysis-by-metrics 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: analysis-by-metrics 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: analysis-by-metrics 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/analysis-by-metrics/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: analysis-by-metrics 5 | spec: 6 | selector: 7 | app: analysis-by-metrics 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/analysis-with-baseline/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: analysis-with-baseline 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | - name: K8S_CANARY_ROLLOUT 11 | with: 12 | replicas: 10% 13 | - name: K8S_BASELINE_ROLLOUT 14 | with: 15 | replicas: 10% 16 | - name: ANALYSIS 17 | with: 18 | duration: 10m 19 | threshold: 2 20 | - name: K8S_PRIMARY_ROLLOUT 21 | - name: K8S_CANARY_CLEAN 22 | - name: K8S_BASELINE_CLEAN 23 | -------------------------------------------------------------------------------- /kubernetes/analysis-with-baseline/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: analysis-with-baseline 5 | labels: 6 | app: analysis-with-baseline 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: analysis-with-baseline 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: analysis-with-baseline 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/analysis-with-baseline/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: analysis-with-baseline 5 | spec: 6 | selector: 7 | app: analysis-with-baseline 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/bluegreen/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: bluegreen 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | # Deploy the workloads of CANARY variant. In this case, the number of 11 | # workload replicas of CANARY variant is the same with PRIMARY variant. 12 | - name: K8S_CANARY_ROLLOUT 13 | with: 14 | replicas: 100% 15 | # The percentage of traffic each variant should receive. 16 | # In this case, CANARY variant will receive all of the traffic. 17 | - name: K8S_TRAFFIC_ROUTING 18 | with: 19 | canary: 100 20 | - name: WAIT_APPROVAL 21 | # Update the workload of PRIMARY variant to the new version. 22 | - name: K8S_PRIMARY_ROLLOUT 23 | # The percentage of traffic each variant should receive. 24 | # In this case, PRIMARY variant will receive all of the traffic. 25 | - name: K8S_TRAFFIC_ROUTING 26 | with: 27 | primary: 100 28 | # Destroy all workloads of CANARY variant. 29 | - name: K8S_CANARY_CLEAN 30 | description: | 31 | This app demonstrates how to deploy a Kubernetes app by BlueGreen strategy without requiring any mesh.\ 32 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 33 | -------------------------------------------------------------------------------- /kubernetes/bluegreen/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: bluegreen 5 | labels: 6 | app: bluegreen 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: bluegreen 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: bluegreen 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/bluegreen/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: bluegreen 5 | spec: 6 | selector: 7 | app: bluegreen 8 | pipecd.dev/variant: primary 9 | ports: 10 | - protocol: TCP 11 | port: 9085 12 | targetPort: 9085 13 | -------------------------------------------------------------------------------- /kubernetes/canary-by-config-change/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deploy progressively with canary strategy when ConfigMap was changed. 2 | apiVersion: pipecd.dev/v1beta1 3 | kind: KubernetesApp 4 | spec: 5 | name: canary-by-config-change 6 | labels: 7 | env: example 8 | team: product 9 | input: 10 | autoRollback: true 11 | pipeline: 12 | stages: 13 | # Deploy the workloads of CANARY variant. In this case, the number of 14 | # workload replicas of CANARY variant is 10% of the replicas number of PRIMARY variant. 15 | - name: K8S_CANARY_ROLLOUT 16 | with: 17 | replicas: 10% 18 | # Wait 1 minutes before going to the next stage. 19 | - name: WAIT 20 | with: 21 | duration: 1m 22 | # Update the workload of PRIMARY variant to the new version. 23 | - name: K8S_PRIMARY_ROLLOUT 24 | # Destroy all workloads of CANARY variant. 25 | - name: K8S_CANARY_CLEAN 26 | -------------------------------------------------------------------------------- /kubernetes/canary-by-config-change/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: canary-by-config-change 5 | labels: 6 | app: canary-by-config-change 7 | data: 8 | config.yaml: |- 9 | desc: Hi PipeCD 10 | -------------------------------------------------------------------------------- /kubernetes/canary-by-config-change/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: canary-by-config-change 5 | labels: 6 | app: canary-by-config-change 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: canary-by-config-change 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: canary-by-config-change 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | volumeMounts: 27 | - name: config 28 | mountPath: /etc/pipecd-config 29 | readOnly: true 30 | volumes: 31 | - name: config 32 | configMap: 33 | name: canary-by-config-change 34 | -------------------------------------------------------------------------------- /kubernetes/canary-by-config-change/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: canary-by-config-change 5 | spec: 6 | selector: 7 | app: canary-by-config-change 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/canary-patch/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: canary-patch 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | # Deploy the workloads of CANARY variant. In this case, the replicas number 11 | # of CANARY variant is around 30% of PRIMARY variant. 12 | # And the content of configmap used for CANARY variant is also changed. 13 | - name: K8S_CANARY_ROLLOUT 14 | with: 15 | replicas: 30% 16 | patches: 17 | - target: 18 | kind: ConfigMap 19 | name: canary-patch-envoy-config 20 | # Because '.' is a reserved character so we have to enclose the last path component in single quotes. 21 | documentRoot: $.data.'envoy-config.yaml' 22 | ops: 23 | - op: yaml-replace 24 | path: $.static_resources.listeners[0].filter_chains[0].filters[0].typed_config.route_config.virtual_hosts[0].routes[0].route.weighted_clusters.clusters[0].weight 25 | value: "90" 26 | - op: yaml-replace 27 | path: $.static_resources.listeners[0].filter_chains[0].filters[0].typed_config.route_config.virtual_hosts[0].routes[0].route.weighted_clusters.clusters[1].weight 28 | value: "10" 29 | 30 | # Wait until got an approval. 31 | - name: WAIT_APPROVAL 32 | 33 | # Update the workload of PRIMARY variant to the new version. 34 | - name: K8S_PRIMARY_ROLLOUT 35 | 36 | # Destroy all workloads of CANARY variant. 37 | - name: K8S_CANARY_CLEAN 38 | -------------------------------------------------------------------------------- /kubernetes/canary-patch/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: canary-patch-envoy-config 5 | data: 6 | envoy-config.yaml: |- 7 | admin: 8 | address: 9 | socket_address: 10 | address: 0.0.0.0 11 | port_value: 9090 12 | static_resources: 13 | listeners: 14 | - name: ingress 15 | address: 16 | socket_address: 17 | address: 0.0.0.0 18 | port_value: 9095 19 | filter_chains: 20 | - filters: 21 | - name: envoy.filters.network.http_connection_manager 22 | typed_config: 23 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 24 | codec_type: AUTO 25 | stat_prefix: ingress_http 26 | access_log: 27 | - name: envoy.access_loggers.stdout 28 | typed_config: 29 | "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog 30 | http_filters: 31 | - name: envoy.filters.http.router 32 | route_config: 33 | name: local_route 34 | virtual_hosts: 35 | - name: envoy 36 | domains: 37 | - '*' 38 | routes: 39 | - match: 40 | prefix: / 41 | route: 42 | weighted_clusters: 43 | clusters: 44 | - name: primary-cluster 45 | weight: 100 46 | - name: canary-cluster 47 | weight: 0 48 | clusters: 49 | - name: primary-cluster 50 | connect_timeout: 0.25s 51 | type: STRICT_DNS 52 | lb_policy: ROUND_ROBIN 53 | load_assignment: 54 | cluster_name: primary-cluster 55 | endpoints: 56 | - lb_endpoints: 57 | - endpoint: 58 | address: 59 | socket_address: 60 | address: canary-patch 61 | port_value: 9085 62 | track_cluster_stats: 63 | request_response_sizes: true 64 | - name: canary-cluster 65 | connect_timeout: 0.25s 66 | type: STRICT_DNS 67 | lb_policy: ROUND_ROBIN 68 | load_assignment: 69 | cluster_name: canary-cluster 70 | endpoints: 71 | - lb_endpoints: 72 | - endpoint: 73 | address: 74 | socket_address: 75 | address: canary-patch-canary 76 | port_value: 9085 77 | track_cluster_stats: 78 | request_response_sizes: true 79 | -------------------------------------------------------------------------------- /kubernetes/canary-patch/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: canary-patch 5 | labels: 6 | app: canary-patch 7 | spec: 8 | replicas: 2 9 | revisionHistoryLimit: 2 10 | selector: 11 | matchLabels: 12 | app: canary-patch 13 | pipecd.dev/variant: primary 14 | template: 15 | metadata: 16 | labels: 17 | app: canary-patch 18 | pipecd.dev/variant: primary 19 | spec: 20 | containers: 21 | - name: helloworld 22 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 23 | args: 24 | - server 25 | ports: 26 | - containerPort: 9085 27 | - name: envoy 28 | image: envoyproxy/envoy-alpine:v1.18.3 29 | imagePullPolicy: IfNotPresent 30 | command: 31 | - envoy 32 | args: 33 | - -c 34 | - /etc/envoy/envoy-config.yaml 35 | ports: 36 | - containerPort: 9090 37 | - containerPort: 9095 38 | volumeMounts: 39 | - name: config 40 | mountPath: /etc/envoy 41 | readOnly: true 42 | volumes: 43 | - name: config 44 | configMap: 45 | name: canary-patch-envoy-config 46 | -------------------------------------------------------------------------------- /kubernetes/canary-patch/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: canary-patch 5 | spec: 6 | selector: 7 | app: canary-patch 8 | ports: 9 | - name: ingress 10 | protocol: TCP 11 | port: 9095 12 | targetPort: 9095 13 | - name: http 14 | protocol: TCP 15 | port: 9085 16 | targetPort: 9085 17 | -------------------------------------------------------------------------------- /kubernetes/canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: canary 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | # Deploy the workloads of CANARY variant. In this case, the number of 11 | # workload replicas of CANARY variant is 10% of the replicas number of PRIMARY variant. 12 | - name: K8S_CANARY_ROLLOUT 13 | with: 14 | replicas: 10% 15 | # Wait 10 seconds before going to the next stage. 16 | - name: WAIT 17 | with: 18 | duration: 10s 19 | # Update the workload of PRIMARY variant to the new version. 20 | - name: K8S_PRIMARY_ROLLOUT 21 | # Destroy all workloads of CANARY variant. 22 | - name: K8S_CANARY_CLEAN 23 | description: | 24 | This app demonstrates how to deploy a Kubernetes app by Canary strategy without requering any mesh.\ 25 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 26 | -------------------------------------------------------------------------------- /kubernetes/canary/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: canary 5 | labels: 6 | app: canary 7 | spec: 8 | replicas: 2 9 | revisionHistoryLimit: 2 10 | selector: 11 | matchLabels: 12 | app: canary 13 | pipecd.dev/variant: primary 14 | template: 15 | metadata: 16 | labels: 17 | app: canary 18 | pipecd.dev/variant: primary 19 | spec: 20 | containers: 21 | - name: helloworld 22 | image: ghcr.io/pipe-cd/helloworld:v0.32.0 23 | args: 24 | - server 25 | ports: 26 | - containerPort: 9085 27 | -------------------------------------------------------------------------------- /kubernetes/canary/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: canary 5 | spec: 6 | selector: 7 | app: canary 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/helm-local-chart/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deploy a helm chart sourced from the same Git repository 2 | # without using pipeline. 3 | apiVersion: pipecd.dev/v1beta1 4 | kind: KubernetesApp 5 | spec: 6 | name: helm-local-chart 7 | labels: 8 | env: example 9 | team: product 10 | trigger: 11 | onCommit: 12 | paths: 13 | - local-modules/helm-charts/helloworld/* 14 | input: 15 | # Helm chart sourced from current Git repo. 16 | helmChart: 17 | path: ../../local-modules/helm-charts/helloworld 18 | helmOptions: 19 | releaseName: helm-local-chart 20 | valueFiles: 21 | - values.yaml 22 | helmVersion: 3.8.2 23 | description: | 24 | This app demonstrates how to deploy a Kubernetes app that uses a Helm chart sourced from the same Git repository.\ 25 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 26 | -------------------------------------------------------------------------------- /kubernetes/helm-local-chart/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | image: 4 | repository: gcr.io/pipecd/helloworld 5 | tag: v0.5.0 6 | 7 | fullnameOverride: helm-local-chart 8 | 9 | service: 10 | port: 9085 11 | -------------------------------------------------------------------------------- /kubernetes/helm-remote-chart/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deploy a helm chart sourced from a Helm Chart Repository without using pipeline. 2 | apiVersion: pipecd.dev/v1beta1 3 | kind: KubernetesApp 4 | spec: 5 | name: helm-remote-chart 6 | labels: 7 | env: example 8 | team: product 9 | input: 10 | # Helm chart sourced from a Helm Chart Repository. 11 | helmChart: 12 | repository: oci://ghcr.io/pipe-cd 13 | name: chart/helloworld 14 | version: v0.30.0 15 | helmOptions: 16 | valueFiles: 17 | - values.yaml 18 | releaseName: helm-remote-chart 19 | helmVersion: 3.8.2 20 | description: | 21 | This app demonstrates how to deploy a Kubernetes app that uses a Helm chart sourced from a remote HTTP Chart server.\ 22 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 23 | -------------------------------------------------------------------------------- /kubernetes/helm-remote-chart/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pipe-cd/examples/49fe2dc57abcd3999ae1c5542b6194fd19f121a0/kubernetes/helm-remote-chart/values.yaml -------------------------------------------------------------------------------- /kubernetes/helm-remote-git-chart/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: helm-remote-git-chart 5 | labels: 6 | env: example 7 | team: product 8 | input: 9 | # Helm chart sourced from another Git repository. 10 | helmChart: 11 | gitRemote: git@github.com:pipe-cd/manifests.git 12 | ref: v0.9.0 13 | path: manifests/helloworld 14 | helmOptions: 15 | valueFiles: 16 | - values.yaml 17 | releaseName: helm-remote-git-chart 18 | helmVersion: 3.8.2 19 | description: | 20 | This app demonstrates how to deploy a Kubernetes app that uses a Helm chart sourced from the same Git repository.\ 21 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 22 | -------------------------------------------------------------------------------- /kubernetes/helm-remote-git-chart/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pipe-cd/examples/49fe2dc57abcd3999ae1c5542b6194fd19f121a0/kubernetes/helm-remote-git-chart/values.yaml -------------------------------------------------------------------------------- /kubernetes/kustomize-local-base/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: kustomize-local-base 5 | labels: 6 | env: example 7 | team: product 8 | trigger: 9 | onCommit: 10 | paths: 11 | - local-modules/kustomize-bases/helloworld/* 12 | input: 13 | kustomizeVersion: 3.5.5 14 | description: | 15 | This app demonstrates how to deploy a Kubernetes app that uses a Kustomize package sourced from the same Git repository.\ 16 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 17 | -------------------------------------------------------------------------------- /kubernetes/kustomize-local-base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../local-modules/kustomize-bases/helloworld 3 | 4 | nameSuffix: -local-base 5 | 6 | commonLabels: 7 | app: kustomize-local-base 8 | 9 | images: 10 | - name: gcr.io/pipecd/helloworld 11 | newTag: v0.6.0 12 | -------------------------------------------------------------------------------- /kubernetes/kustomize-remote-base/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: kustomize-remote-base 5 | labels: 6 | env: example 7 | team: product 8 | input: 9 | kustomizeVersion: 3.5.5 10 | description: | 11 | This app demonstrates how to deploy a Kubernetes app that uses a Kustomize package sourced from another Git repository.\ 12 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 13 | -------------------------------------------------------------------------------- /kubernetes/kustomize-remote-base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - git@github.com:pipe-cd/manifests.git/kustomization/helloworld?ref=v0.1.2-15 3 | 4 | namePrefix: kustomize-remote-base- 5 | 6 | commonLabels: 7 | app: kustomize-remote-base-helloworld 8 | 9 | images: 10 | - name: gcr.io/pipecd/helloworld 11 | newTag: v0.10.0 12 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-bluegreen/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: mesh-istio-bluegreen 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | # Deploy the workloads of CANARY variant. In this case, the number of 11 | # workload replicas of CANARY variant is the same with PRIMARY variant. 12 | - name: K8S_CANARY_ROLLOUT 13 | with: 14 | replicas: 100% 15 | # The percentage of traffic each variant should receive. 16 | # In this case, CANARY variant will receive all of the traffic. 17 | - name: K8S_TRAFFIC_ROUTING 18 | with: 19 | all: canary 20 | - name: WAIT_APPROVAL 21 | # Update the workload of PRIMARY variant to the new version. 22 | - name: K8S_PRIMARY_ROLLOUT 23 | # The percentage of traffic each variant should receive. 24 | # In this case, PRIMARY variant will receive all of the traffic. 25 | - name: K8S_TRAFFIC_ROUTING 26 | with: 27 | all: primary 28 | # Destroy all workloads of CANARY variant. 29 | - name: K8S_CANARY_CLEAN 30 | trafficRouting: 31 | method: istio 32 | istio: 33 | host: mesh-istio-bluegreen 34 | description: | 35 | This app demonstrates how to deploy a Kubernetes app with BlueGreen strategy by using Istio mesh.\ 36 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 37 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-bluegreen/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: mesh-istio-bluegreen 5 | labels: 6 | app: mesh-istio-bluegreen 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: mesh-istio-bluegreen 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: mesh-istio-bluegreen 17 | pipecd.dev/variant: primary 18 | annotations: 19 | sidecar.istio.io/inject: "true" 20 | spec: 21 | containers: 22 | - name: helloworld 23 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 24 | args: 25 | - server 26 | ports: 27 | - containerPort: 9085 28 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-bluegreen/destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: DestinationRule 3 | metadata: 4 | name: mesh-istio-bluegreen 5 | spec: 6 | host: mesh-istio-bluegreen 7 | subsets: 8 | - name: primary 9 | labels: 10 | pipecd.dev/variant: primary 11 | - name: canary 12 | labels: 13 | pipecd.dev/variant: canary 14 | - name: baseline 15 | labels: 16 | pipecd.dev/variant: baseline 17 | trafficPolicy: 18 | tls: 19 | mode: ISTIO_MUTUAL 20 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-bluegreen/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: mesh-istio-bluegreen 5 | spec: 6 | selector: 7 | istio: ingressgateway # use Istio default gateway implementation 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "mesh-istio-bluegreen.pipecd.dev" 15 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-bluegreen/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: mesh-istio-bluegreen 5 | spec: 6 | selector: 7 | app: mesh-istio-bluegreen 8 | ports: 9 | - name: http-admin 10 | protocol: TCP 11 | port: 9085 12 | targetPort: 9085 13 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-bluegreen/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: VirtualService 3 | metadata: 4 | name: mesh-istio-bluegreen 5 | spec: 6 | hosts: 7 | - mesh-istio-bluegreen.pipecd.dev 8 | gateways: 9 | - mesh-istio-bluegreen 10 | http: 11 | - route: 12 | - destination: 13 | host: mesh-istio-bluegreen 14 | subset: primary 15 | weight: 100 16 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: mesh-istio-canary 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | # Deploy the workloads of CANARY variant. In this case, the number of 11 | # workload replicas of CANARY variant is 10% of the replicas number of PRIMARY variant. 12 | - name: K8S_CANARY_ROLLOUT 13 | with: 14 | replicas: 10% 15 | # The percentage of traffic each variant should receive. 16 | # In this case, CANARY variant will receive 10% of traffic, 17 | # while PRIMARY will receive 90% of traffic. 18 | - name: K8S_TRAFFIC_ROUTING 19 | with: 20 | primary: 90 21 | canary: 10 22 | - name: WAIT_APPROVAL 23 | # Update the workload of PRIMARY variant to the new version. 24 | - name: K8S_PRIMARY_ROLLOUT 25 | # The percentage of traffic each variant should receive. 26 | # In this case, PRIMARY variant will receive all of the traffic. 27 | - name: K8S_TRAFFIC_ROUTING 28 | with: 29 | primary: 100 30 | # Destroy all workloads of CANARY variant. 31 | - name: K8S_CANARY_CLEAN 32 | trafficRouting: 33 | method: istio 34 | istio: 35 | host: mesh-istio-canary.default.svc.cluster.local 36 | description: | 37 | This app demonstrates how to deploy a Kubernetes app with Canary strategy by using Istio mesh.\ 38 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 39 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-canary/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: mesh-istio-canary 5 | labels: 6 | app: mesh-istio-canary 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: mesh-istio-canary 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: mesh-istio-canary 17 | pipecd.dev/variant: primary 18 | annotations: 19 | sidecar.istio.io/inject: "true" 20 | spec: 21 | containers: 22 | - name: helloworld 23 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 24 | args: 25 | - server 26 | ports: 27 | - containerPort: 9085 28 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-canary/destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: DestinationRule 3 | metadata: 4 | name: mesh-istio-canary 5 | spec: 6 | host: mesh-istio-canary.default.svc.cluster.local 7 | subsets: 8 | - name: primary 9 | labels: 10 | pipecd.dev/variant: primary 11 | - name: canary 12 | labels: 13 | pipecd.dev/variant: canary 14 | - name: baseline 15 | labels: 16 | pipecd.dev/variant: baseline 17 | trafficPolicy: 18 | tls: 19 | mode: ISTIO_MUTUAL 20 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-canary/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: mesh-istio-canary 5 | spec: 6 | selector: 7 | istio: ingressgateway # use Istio default gateway implementation 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "mesh-istio-canary.pipecd.dev" 15 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-canary/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: mesh-istio-canary 5 | spec: 6 | selector: 7 | app: mesh-istio-canary 8 | ports: 9 | - name: http-admin 10 | protocol: TCP 11 | port: 9085 12 | targetPort: 9085 13 | -------------------------------------------------------------------------------- /kubernetes/mesh-istio-canary/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: VirtualService 3 | metadata: 4 | name: mesh-istio-canary 5 | spec: 6 | hosts: 7 | - mesh-istio-canary.pipecd.dev 8 | gateways: 9 | - mesh-istio-canary 10 | http: 11 | - route: 12 | - destination: 13 | host: mesh-istio-canary.default.svc.cluster.local 14 | subset: primary 15 | weight: 100 16 | -------------------------------------------------------------------------------- /kubernetes/mesh-smi-bluegreen/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: mesh-smi-bluegreen 5 | labels: 6 | env: example 7 | team: product 8 | -------------------------------------------------------------------------------- /kubernetes/mesh-smi-canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: mesh-smi-canary 5 | labels: 6 | env: example 7 | team: product 8 | -------------------------------------------------------------------------------- /kubernetes/multi-steps-canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Progressive delivery with canary strategy. 2 | # The canary process has multiple phases: from 10% then analysis 3 | # then up to 20% then analysis then 100%. 4 | apiVersion: pipecd.dev/v1beta1 5 | kind: KubernetesApp 6 | spec: 7 | name: multi-steps-canary 8 | labels: 9 | env: example 10 | team: product 11 | pipeline: 12 | stages: 13 | - name: K8S_CANARY_ROLLOUT 14 | with: 15 | replicas: 10% 16 | - name: ANALYSIS 17 | with: 18 | duration: 10m 19 | - name: K8S_CANARY_ROLLOUT 20 | with: 21 | replicas: 20% 22 | - name: ANALYSIS 23 | with: 24 | duration: 10m 25 | - name: K8S_PRIMARY_ROLLOUT 26 | - name: K8S_CANARY_CLEAN 27 | -------------------------------------------------------------------------------- /kubernetes/multi-steps-canary/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: multi-steps-canary 5 | labels: 6 | app: multi-steps-canary 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: multi-steps-canary 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: multi-steps-canary 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/multi-steps-canary/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: multi-steps-canary 5 | spec: 6 | selector: 7 | app: multi-steps-canary 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/script-run/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: script-run 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | - name: K8S_CANARY_ROLLOUT 11 | with: 12 | replicas: 10% 13 | - name: WAIT 14 | with: 15 | duration: 10s 16 | - name: SCRIPT_RUN 17 | with: 18 | env: 19 | MSG: "execute script1" 20 | R_MSG: "rollback script1" 21 | run: | 22 | echo $MSG 23 | sleep 10 24 | onRollback: | 25 | echo $R_MSG 26 | sleep 10 27 | - name: K8S_PRIMARY_ROLLOUT 28 | - name: K8S_CANARY_CLEAN 29 | -------------------------------------------------------------------------------- /kubernetes/script-run/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: script-run 5 | labels: 6 | app: script-run 7 | spec: 8 | replicas: 2 9 | revisionHistoryLimit: 2 10 | selector: 11 | matchLabels: 12 | app: script-run 13 | pipecd.dev/variant: primary 14 | template: 15 | metadata: 16 | labels: 17 | app: script-run 18 | pipecd.dev/variant: primary 19 | spec: 20 | containers: 21 | - name: helloworld 22 | image: gcr.io/pipecd/helloworld:v0.45.0 23 | args: 24 | - server 25 | ports: 26 | - containerPort: 9085 27 | -------------------------------------------------------------------------------- /kubernetes/script-run/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: script-run 5 | spec: 6 | selector: 7 | app: script-run 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/secret-management/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: secret-management 5 | labels: 6 | env: example 7 | team: product 8 | input: 9 | manifests: 10 | - deployment.yaml 11 | - secret.yaml 12 | encryption: 13 | encryptedSecrets: 14 | # Encrypted via the web console. 15 | password: AQClmqFuXZ10F83HgWIKHzr92YL/x8HBQyc7RUbxyJexjaKvFJ2YeYJWnqcssxBt8EAC4Kie+iZr5ABWZ2yNEQaPRSaBTTBRLetsmsJfdtDZOr1VvXj7nPEBFBajxsIs1LhFLejsR8WMDmYk2Sy4h1pP8dhYL6oNaAxU17ehdQ5PMCqo0Lv8hN5/Qhz4+KW/yotxgqgJm5eFPUnWLlvkbO6P1iyEpg+xZZNcUjqKbZ8MyU7zf7yms4kuouo+p5yoSjqI9jEEy5DJ9TdJtn5S8ENKUoDLDunsERrBip2kSIv8nxNgBMOfqLskjyKrMgMGMyGqwXGJiKPqFiLDM/6TWo2B2f2cVIPRmCNUU9uVMadHfK5DFxr3NZG6 16 | decryptionTargets: 17 | - secret.yaml 18 | description: | 19 | This app demonstrates how to use [Secret Management](https://pipecd.dev/docs/user-guide/managing-application/secret-management/) feature to store an encrypted credential in Git for embed in a Kubernetes manifest.\ 20 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 21 | -------------------------------------------------------------------------------- /kubernetes/secret-management/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: secret-management 5 | labels: 6 | app: secret-management 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: secret-management 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: secret-management 17 | pipecd.dev/variant: primary 18 | annotations: 19 | sidecar.istio.io/inject: "false" 20 | spec: 21 | containers: 22 | - name: helloworld 23 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 24 | args: 25 | - server 26 | ports: 27 | - containerPort: 9085 28 | -------------------------------------------------------------------------------- /kubernetes/secret-management/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: secret-management 5 | data: 6 | password: "{{ .encryptedSecrets.password }}" 7 | -------------------------------------------------------------------------------- /kubernetes/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: simple 5 | labels: 6 | env: example 7 | team: product 8 | input: 9 | manifests: 10 | - deployment.yaml 11 | - service.yaml 12 | kubectlVersion: 1.32.2 13 | description: | 14 | This app demonstrates how to deploy a Kubernetes application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 15 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 16 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 17 | -------------------------------------------------------------------------------- /kubernetes/simple/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: simple 5 | labels: 6 | app: simple 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: simple 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: simple 17 | pipecd.dev/variant: primary 18 | annotations: 19 | sidecar.istio.io/inject: "false" 20 | spec: 21 | containers: 22 | - name: helloworld 23 | image: ghcr.io/pipe-cd/helloworld:v0.32.0 24 | args: 25 | - server 26 | ports: 27 | - containerPort: 9085 28 | -------------------------------------------------------------------------------- /kubernetes/simple/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: simple 5 | spec: 6 | selector: 7 | app: simple 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /kubernetes/wait-approval/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: KubernetesApp 3 | spec: 4 | name: wait-approval 5 | labels: 6 | env: example 7 | team: product 8 | pipeline: 9 | stages: 10 | - name: K8S_CANARY_ROLLOUT 11 | with: 12 | replicas: 10% 13 | - name: WAIT_APPROVAL 14 | with: 15 | approvers: 16 | - nghialv 17 | - name: K8S_PRIMARY_ROLLOUT 18 | - name: K8S_CANARY_CLEAN 19 | notification: 20 | mentions: 21 | - event: DEPLOYMENT_WAIT_APPROVAL 22 | slack: 23 | - slack-user-id-1 # slack-user-name-1 24 | - slack-user-id-2 # slack-user-name-2 25 | # Specifying "*" means mentioning the given users for all events. 26 | - event: "*" 27 | slack: 28 | - slack-user-id-3 # slack-user-name-3 29 | description: | 30 | This app demonstrates how to configure a Kubernetes app with a WAIT_APPROVAL stage.\ 31 | This ensures that all deployments of this app must be approved manually on the web console.\ 32 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 33 | -------------------------------------------------------------------------------- /kubernetes/wait-approval/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: wait-approval 5 | labels: 6 | app: wait-approval 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: wait-approval 12 | pipecd.dev/variant: primary 13 | template: 14 | metadata: 15 | labels: 16 | app: wait-approval 17 | pipecd.dev/variant: primary 18 | spec: 19 | containers: 20 | - name: helloworld 21 | image: ghcr.io/pipe-cd/helloworld:v0.30.0 22 | args: 23 | - server 24 | ports: 25 | - containerPort: 9085 26 | -------------------------------------------------------------------------------- /kubernetes/wait-approval/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: wait-approval 5 | spec: 6 | selector: 7 | app: wait-approval 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /lambda/analysis/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deployment pipeline with bluegreen strategy. 2 | # Using version, alias, additional version to do canary, bluegreen. 3 | # https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html 4 | apiVersion: pipecd.dev/v1beta1 5 | kind: LambdaApp 6 | spec: 7 | name: analysis 8 | labels: 9 | env: example 10 | team: abc 11 | pipeline: 12 | stages: 13 | # Deploy workloads of the new version. 14 | # But this is still receiving no traffic. 15 | - name: LAMBDA_CANARY_ROLLOUT 16 | # Promote new version to receive amount of traffic. 17 | - name: LAMBDA_PROMOTE 18 | with: 19 | percent: 10 20 | # Optional: We can also add an ANALYSIS stage to verify the new version. 21 | # If this stage finds any not good metrics of the new version, 22 | # a rollback process to the previous version will be executed. 23 | - name: ANALYSIS 24 | with: 25 | duration: 10m 26 | # Promote new version to receive all traffic. 27 | - name: LAMBDA_PROMOTE 28 | with: 29 | percent: 100 30 | -------------------------------------------------------------------------------- /lambda/analysis/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: SimpleFunction 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | image: ecr.ap-northeast-1.amazonaws.com/lambda-test:v0.0.1 7 | memory: 512 8 | timeout: 30 9 | tags: 10 | app: simple 11 | -------------------------------------------------------------------------------- /lambda/canary/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deployment pipeline with canary strategy. 2 | # Using version, alias, additional version to do canary, bluegreen. 3 | # https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html 4 | apiVersion: pipecd.dev/v1beta1 5 | kind: LambdaApp 6 | spec: 7 | name: canary 8 | labels: 9 | env: example 10 | team: abc 11 | pipeline: 12 | stages: 13 | # Deploy workloads of the new version. 14 | # But this is still receiving no traffic. 15 | - name: LAMBDA_CANARY_ROLLOUT 16 | # Promote new version to receive amount of traffic. 17 | - name: LAMBDA_PROMOTE 18 | with: 19 | percent: 10 20 | - name: WAIT 21 | with: 22 | duration: 30s 23 | - name: LAMBDA_PROMOTE 24 | with: 25 | percent: 50 26 | - name: WAIT 27 | with: 28 | duration: 30s 29 | # Promote new version to receive all traffic. 30 | - name: LAMBDA_PROMOTE 31 | with: 32 | percent: 100 33 | -------------------------------------------------------------------------------- /lambda/canary/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: SimpleFunction 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | image: ecr.ap-northeast-1.amazonaws.com/lambda-test:v0.0.1 7 | memory: 512 8 | timeout: 30 9 | tags: 10 | app: simple 11 | -------------------------------------------------------------------------------- /lambda/custom-sync-sam/README.md: -------------------------------------------------------------------------------- 1 | # custom sync example using AWS Serverless Application Model(SAM) 2 | 3 | ## create sam project in this directory 4 | ``` 5 | sam init 6 | ``` -------------------------------------------------------------------------------- /lambda/custom-sync-sam/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaApp 3 | spec: 4 | name: sam-simple 5 | labels: 6 | env: example 7 | team: abc 8 | planner: 9 | alwaysUsePipeline: true 10 | pipeline: 11 | stages: 12 | - name: CUSTOM_SYNC 13 | with: 14 | env: 15 | AWS_PROFILE: "sample" 16 | run: | 17 | cd sam-app 18 | sam build 19 | echo y | sam deploy --profile $AWS_PROFILE 20 | -------------------------------------------------------------------------------- /lambda/remote-git/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Quick sync by rolling out the new version and switching all traffic to it. 2 | # https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html 3 | apiVersion: pipecd.dev/v1beta1 4 | kind: LambdaApp 5 | spec: 6 | name: remote-git 7 | labels: 8 | env: example 9 | team: abc 10 | -------------------------------------------------------------------------------- /lambda/remote-git/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: SimpleRemoteGitFunction 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | source: 7 | git: git@github.com:username/lambda-function-code.git 8 | ref: dede7cdea5bbd3fdbcc4674bfcd2b2f9e0579603 9 | path: hello-world 10 | handler: app.lambdaHandler 11 | runtime: nodejs14.x 12 | memory: 512 13 | timeout: 30 14 | environments: 15 | FOO: bar 16 | tags: 17 | app: simple-git 18 | -------------------------------------------------------------------------------- /lambda/secret-management/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaApp 3 | spec: 4 | name: secret-management 5 | labels: 6 | env: example 7 | team: abc 8 | encryption: 9 | encryptedSecrets: 10 | # Encrypted via the web console. 11 | key: AQClmqFuXZ10F83HgWIKHzr92YL/x8HBQyc7RUbxyJexjaKvFJ2YeYJWnqcssxBt8EAC4Kie+iZr5ABWZ2yNEQaPRSaBTTBRLetsmsJfdtDZOr1VvXj7nPEBFBajxsIs1LhFLejsR8WMDmYk2Sy4h1pP8dhYL6oNaAxU17ehdQ5PMCqo0Lv8hN5/Qhz4+KW/yotxgqgJm5eFPUnWLlvkbO6P1iyEpg+xZZNcUjqKbZ8MyU7zf7yms4kuouo+p5yoSjqI9jEEy5DJ9TdJtn5S8ENKUoDLDunsERrBip2kSIv8nxNgBMOfqLskjyKrMgMGMyGqwXGJiKPqFiLDM/6TWo2B2f2cVIPRmCNUU9uVMadHfK5DFxr3NZG6 12 | decryptionTargets: 13 | - function.yaml 14 | -------------------------------------------------------------------------------- /lambda/secret-management/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: SimpleFunction 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | image: ecr.ap-northeast-1.amazonaws.com/lambda-test:v0.0.1 7 | memory: 512 8 | timeout: 30 9 | environments: 10 | KEY: "{{ .encryptedSecrets.key }}" 11 | tags: 12 | app: simple 13 | -------------------------------------------------------------------------------- /lambda/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaApp 3 | spec: 4 | name: simple 5 | labels: 6 | env: example 7 | team: abc 8 | description: | 9 | This app demonstrates how to deploy a Lambda application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 10 | No pipeline is specified then in each deployment PipeCD will roll out the new version and switch all traffic to it immediately.\ 11 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 12 | -------------------------------------------------------------------------------- /lambda/simple/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: SimpleFunction 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | image: ecr.ap-northeast-1.amazonaws.com/lambda-test:v0.0.1 7 | memory: 512 8 | timeout: 30 9 | environments: 10 | FOO: bar 11 | tags: 12 | app: simple 13 | -------------------------------------------------------------------------------- /lambda/wait-approval/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deployment pipeline that contains a manual approval stage. 2 | apiVersion: pipecd.dev/v1beta1 3 | kind: LambdaApp 4 | spec: 5 | name: wait-approval 6 | labels: 7 | env: example 8 | team: abc 9 | pipeline: 10 | stages: 11 | # Deploy workloads of the new version. 12 | # But this is still receiving no traffic. 13 | - name: LAMBDA_CANARY_ROLLOUT 14 | # Promote new version to receive amount of traffic. 15 | - name: LAMBDA_PROMOTE 16 | with: 17 | percent: 10 18 | - name: WAIT_APPROVAL 19 | # Promote new version to receive all traffic. 20 | - name: LAMBDA_PROMOTE 21 | with: 22 | percent: 100 23 | notification: 24 | mentions: 25 | - event: DEPLOYMENT_WAIT_APPROVAL 26 | slack: 27 | - slack-user-id-1 # slack-user-name-1 28 | - slack-user-id-2 # slack-user-name-2 29 | # Specifying "*" means mentioning the given users for all events. 30 | - event: "*" 31 | slack: 32 | - slack-user-id-3 # slack-user-name-3 33 | -------------------------------------------------------------------------------- /lambda/zip-packing-s3/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Quick sync by rolling out the new version and switching all traffic to it. 2 | # https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html 3 | apiVersion: pipecd.dev/v1beta1 4 | kind: LambdaApp 5 | spec: 6 | name: zip-packing-s3 7 | labels: 8 | env: example 9 | team: abc 10 | -------------------------------------------------------------------------------- /lambda/zip-packing-s3/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: LambdaFunction 3 | spec: 4 | name: SimpleZipPackingS3Function 5 | role: arn:aws:iam::76xxxxxxx:role/lambda-role 6 | s3Bucket: pipecd-sample-lambda 7 | s3Key: pipecd-sample-src 8 | s3ObjectVersion: 1pTK9_v0Kd7I8Sk4n6abzCL 9 | handler: app.lambdaHandler 10 | runtime: nodejs14.x 11 | memory: 512 12 | timeout: 30 13 | environments: 14 | FOO: bar 15 | tags: 16 | app: simple-zip-s3 17 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: helloworld 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 1.16.0 22 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helloworld.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helloworld.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helloworld.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helloworld.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:9085 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9085:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "helloworld.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "helloworld.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "helloworld.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "helloworld.labels" -}} 38 | helm.sh/chart: {{ include "helloworld.chart" . }} 39 | {{ include "helloworld.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "helloworld.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "helloworld.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "helloworld.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "helloworld.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "helloworld.fullname" . }} 5 | labels: 6 | {{- include "helloworld.labels" . | nindent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | {{- include "helloworld.selectorLabels" . | nindent 6 }} 12 | template: 13 | metadata: 14 | labels: 15 | {{- include "helloworld.selectorLabels" . | nindent 8 }} 16 | spec: 17 | {{- with .Values.imagePullSecrets }} 18 | imagePullSecrets: 19 | {{- toYaml . | nindent 8 }} 20 | {{- end }} 21 | serviceAccountName: {{ include "helloworld.serviceAccountName" . }} 22 | securityContext: 23 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 24 | containers: 25 | - name: {{ .Chart.Name }} 26 | securityContext: 27 | {{- toYaml .Values.securityContext | nindent 12 }} 28 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 29 | imagePullPolicy: {{ .Values.image.pullPolicy }} 30 | args: 31 | - server 32 | ports: 33 | - name: http 34 | containerPort: 9085 35 | protocol: TCP 36 | livenessProbe: 37 | httpGet: 38 | path: /healthz 39 | port: http 40 | readinessProbe: 41 | httpGet: 42 | path: /healthz 43 | port: http 44 | resources: 45 | {{- toYaml .Values.resources | nindent 12 }} 46 | {{- with .Values.nodeSelector }} 47 | nodeSelector: 48 | {{- toYaml . | nindent 8 }} 49 | {{- end }} 50 | {{- with .Values.affinity }} 51 | affinity: 52 | {{- toYaml . | nindent 8 }} 53 | {{- end }} 54 | {{- with .Values.tolerations }} 55 | tolerations: 56 | {{- toYaml . | nindent 8 }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "helloworld.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "helloworld.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "helloworld.fullname" . }} 5 | labels: 6 | {{- include "helloworld.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "helloworld.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "helloworld.serviceAccountName" . }} 6 | labels: 7 | {{- include "helloworld.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "helloworld.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "helloworld.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "helloworld.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /local-modules/helm-charts/helloworld/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for helloworld. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: gcr.io/pipecd/helloworld 9 | pullPolicy: IfNotPresent 10 | 11 | imagePullSecrets: [] 12 | nameOverride: "" 13 | fullnameOverride: "" 14 | 15 | serviceAccount: 16 | # Specifies whether a service account should be created 17 | create: true 18 | # Annotations to add to the service account 19 | annotations: {} 20 | # The name of the service account to use. 21 | # If not set and create is true, a name is generated using the fullname template 22 | name: 23 | 24 | podSecurityContext: {} 25 | # fsGroup: 2000 26 | 27 | securityContext: {} 28 | # capabilities: 29 | # drop: 30 | # - ALL 31 | # readOnlyRootFilesystem: true 32 | # runAsNonRoot: true 33 | # runAsUser: 1000 34 | 35 | service: 36 | type: ClusterIP 37 | port: 80 38 | 39 | ingress: 40 | enabled: false 41 | annotations: {} 42 | # kubernetes.io/ingress.class: nginx 43 | # kubernetes.io/tls-acme: "true" 44 | hosts: 45 | - host: chart-example.local 46 | paths: [] 47 | tls: [] 48 | # - secretName: chart-example-tls 49 | # hosts: 50 | # - chart-example.local 51 | 52 | resources: {} 53 | # We usually recommend not to specify default resources and to leave this as a conscious 54 | # choice for the user. This also increases chances charts run on environments with little 55 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 56 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 57 | # limits: 58 | # cpu: 100m 59 | # memory: 128Mi 60 | # requests: 61 | # cpu: 100m 62 | # memory: 128Mi 63 | 64 | nodeSelector: {} 65 | 66 | tolerations: [] 67 | 68 | affinity: {} 69 | -------------------------------------------------------------------------------- /local-modules/kustomize-bases/helloworld/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: kustomize 5 | labels: 6 | app: kustomize 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: kustomize 12 | template: 13 | metadata: 14 | labels: 15 | app: kustomize 16 | spec: 17 | containers: 18 | - name: helloworld 19 | image: gcr.io/pipecd/helloworld 20 | args: 21 | - server 22 | ports: 23 | - containerPort: 9085 24 | -------------------------------------------------------------------------------- /local-modules/kustomize-bases/helloworld/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - deployment.yaml 3 | - service.yaml 4 | -------------------------------------------------------------------------------- /local-modules/kustomize-bases/helloworld/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kustomize 5 | spec: 6 | selector: 7 | app: kustomize 8 | ports: 9 | - protocol: TCP 10 | port: 9085 11 | targetPort: 9085 12 | -------------------------------------------------------------------------------- /terraform/autorollback/.credentials/service-account.json: -------------------------------------------------------------------------------- 1 | {{ .encryptedSecrets.serviceAccount }} -------------------------------------------------------------------------------- /terraform/autorollback/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: TerraformApp 3 | spec: 4 | name: autorollback 5 | labels: 6 | env: example 7 | team: infra 8 | input: 9 | autoRollback: true 10 | encryption: 11 | encryptedSecrets: 12 | serviceAccount: AQA78CU6SWocooBeD4xwF4K+QNJZiWqeRjr2GeCfkJOY3T+tn1FB+HdePuIcvwdsYZW84jY3alIvgTpSJ0fCl5UDIbj5obF0QGJvJZylEIrvxbH0yhfFQcVTkF+K9LIeAbPzn5LtximQwPheJfej8H7aPhGCFBpCXrJKcTxo8Fqbso3tugO/aaGLczE9YS37xYhUmmWKkIcd/2/0x2XcZskMsgM3Mxi8AGo4kAXHeZrdWqvifulxposHvgjcYpjlHn+iloe47wBZcn6cAp0sMgWUUu/u2stNiu2DS+75XCCR0t+g57dlpR1Au9QniLtOvlHC4SI4MHf67TpOSOC63ljWVeK7/a4iDfbT7wdNJ7WSm4xUg7k7dpG2QPy2jAdj70BvOIMqRQbRzB3YRWoXGpcRRStWeWQ8FcdCaG2Jic2SyZU3t++deUbXNsiwEvktyMsgKJa/bqSNaZptwDgz5g53gleRv0kFShDbV9wl+UvbvFVbVHsHdEIDPYEP+yKbmo57QtTO29icWvcX71zjMRUpc5EPkOsJs2ow4YB1zv//ybwC5IOE8T0A3BIXJOyxtaDPkownOXZ5OtP8sRaDkjk9lvOWxlu3nYosSTufhCJk7QgwL4LSwkXt5P5kNBEaTtKN/TjfmYbr2/C86wCGkY1cJqGFROneYinNCwWzu/bLgqvOXBhrT6JrL+p0qTkxswbOYM0aB9weP+XrvT8+xEJM+SQDCo28FavfufHWaDuNbnpg/UnRJcE2ZApjOdKM44gP8lFJSN2tffrmXzyGoVAa7qrRpZrjzX6TwOvlc2sS5s5gUxU2ZZaseeC8y9ubEb5UzuNyolklAIiwqNhyuVGtubxQGYZmgOT89qgZ+n6XFtaOimLeyALuv/YQRM9N4mCfH0nUvmaO0e9JvsiKOF9pvD5UnZjrz+5FzwhYbKCSix0yKV3vX8frasvWwxmEim+VWYiiV56MvfAV9GDuocsO6Zn9m+smS3PRkULs3tUJ++j75Ef162Llzw4k36wnKtH82aS1EZ+FQnee+iZvi7afwfbT9kyLgZSXauSkiCq61XC3wOc+tJgH1P8o6HvqOq26LN5FMl2GuDM5+no892ee0ODP+5BRCG6ULH2AYKJVGKTwVarA9DZ57MZIMFN+5qRtkOn52XBiVwFRxtZt87TCu6xKCWI/YOLhsUSe/L4E9aqLEWhFezjf5NoqvKJ1NsBw4IN8S18PRa7aLdj/OGE19drfHvKZG4JXrltZ1dVga4NDjqIXPC19D0GXzP7mfVVwrwQjTFfHwwBwryPkpEmilCVzCO46w1BWvWSZisAI1/annDJ4sk3pLfQdke4cLLE4PHSITcawk+mfzRuSw6UOhOGvGsfLvCV+QzTdIMVyFbY5G/2YeMXeiKrsRtlJosnOhyn7jh62Oxc/7RVqtunKoU3FPOsOgT1RDwyd5snXhJe1bNtbdb57ZqX69iMNX74Bxzoefw/aWf0lCo/SfPcc8+teFl9Rk9bDATqvBPrk3c3ICc7Yy/WQEFeIHVan1/cDLkZBaLD8/ThjslnnKgepztW7C67EInrNPfXjpvcBAJ36Dsj8qZX8rl5/NNsRBFyBAxVahjAuE6jf/A00TXuYHGjz7eMd9PYq8pEZiiGz1yw78KGaSQch1XB5dx8Bkr4Eq9GMkmSZiJH6JXj0AwaCkf+IQklF6NCjZk36ZVb+iHye7MmL/D7nHkY39JFxvzszCHZSWCQr+8KdFIR29ablvio4SqOVUcVpnv1dtx5iDC1unIr5p6ZYdiF0y/v9pMGY3+uvV+qrs5xUCTlBSZoXdBcwKepdvasE8C9aQxYY09FByj2/OdWTPno50BxkMypRHBZCFEhR6VnmgcJpEuhXg/nEmlxHDhwGCa4yrl4ihKnsAlplXruQL2WD00agncBlW2xONisS7LWCIPqugCdhoQPy1GsbBxBLR3ZTxulsyoK4VXJ0QyVz8bj4P5j72gl7PhpndEj7qupSdi9lYNArngugFEfP4LEAQ/Ucj/gRWry40J5ntvkmN1mvsE/mOBUwmMj1WQqGWc9eBBzFQJmqZ9oIm9aJ1ckpoUFLg2gt10dKdPb3yK61x9z/v9a8JX7mN1vBaY0L5Bbjf+jXN4SG+wZ68TtEfjtS9qD5c+5gRllBeEhgAuKX8x53071hkXE8DBieChniwmS4gJkyW3wvTNRBWGcvMNF9WKLfLNvBWkKmJlQVk0CuaqNRakvwxICPnuCOGdu57DyLd/NPcDosJ9Qv/8ZeLQEp6XBX127pRwB3asNDXgyL9devDXYeyJ5ODruh1qRxHaCTpMvK5byO5gzSxXnv6zw4BtEMwdFadiygD+szxlvrUYQ3jR32MyehkOIDZlHP5tnn1pxpNXyQEI/TH11xLwgpm4J1KCv96JhAkos/pd+d6KN6ppwXiWYiTbbvRAwMV4Vp4F8PE2WySPyaAIwb59RQ4h1aOBvS5/BqOWS6qt43YyPYUmhyQoubyMAxmqDGcIdGaTQb3HRpA3q0TWJzxmfehUljrFtod7qODPCp+Lv9Cq+7ekMZCpla97IHfSGqSDSfIOvwVoP7fx7KiNyzS9FSwF80vt2RkEfSm0BBVB0JynGsosBHFgd08fS7PiGqY/Y8B7RPQbxeN/Dy55JsAmXX7NlG7yQDwZgCoC0sYP2u5jrrAqgJacoyMpkyMjufxBv1oDGGlJmz7YyItecq6uDwsuMCrlP5W1peCXWIxzDjSQG1o2I/IheLVc4J66XbYK1cEK4/fKRO+jvz99nTOHA/O8ldF1AIGxG5scNZYR2DA1tp6i0iwml6tuV5MjL/gCkW4lD40QHzh7Rexx3UZ12rZhIGiMpBhlnaBH087f60YV3/HmdIi1oR0gQpUrPxKEDwri6UpvwGvMx4Sz7y8n4O65rn6He4W0OMWanAeKOVsmrP8MfvxaCamXuMKKGyqYRAmyjsPE/h+9LWagOlzYOn2RCJPCa/LVa3xYdLSONlIbBgK1o1Z966e7N6mUzQg8mnpGFjsToC8OVa/97wmh7dFmU3aJB80owSsoyLGJuRuPP56NJCbrBQHEdkZ9GN+uVG+gZ8p9KjxFU0E9N7tsSGQNipK+mjH9C2iG1f1dsiuAly0xjIV8v2UReWSlxFAJ64yFb59CQP35dmms4uLTtfInBTVBp26s477k3hL9ln8jN0sSftrC0JpJu+UYPgBg/sMoo6JhtP7QtAfh1RBs3YiU0RFcSGbTlhO37WgeYaqHx+vYKtHLz0Wq0IddyedDbnj1+6qIcmjAVeoX/aBXiY+TebF5nZyvu0NJPI8wSywkKL5F67eyAYJ0XQca7wBx9f3maAiVaGzGTzY+hGwCrnu4fozNh5iB3ku8685f8Dps2nBDEKGpO/KYQ18DI+3KFC9d9w8vXVsIfv8W+QiH/bICOfpkavUsmLlNiI1IbV0W26I5kiNEHLGaji0HRuZVfwyJEIfByBbEYVHKRF 13 | decryptionTargets: 14 | - .credentials/service-account.json 15 | description: | 16 | This app demonstrates how to enable auto-rollback feature for a Terraform application.\ 17 | Once `spec.input.autoRollback` is enabled application will be rolled back to previous version if any error occurs.\ 18 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 19 | -------------------------------------------------------------------------------- /terraform/autorollback/main.tf: -------------------------------------------------------------------------------- 1 | variable "project" {} 2 | 3 | provider "google" { 4 | project = var.project 5 | credentials = ".credentials/service-account.json" 6 | } 7 | 8 | terraform { 9 | backend "gcs" { 10 | bucket = "pipecd-terraform-examples" 11 | prefix = "tfstates/autorollback" 12 | credentials = ".credentials/service-account.json" 13 | } 14 | } 15 | 16 | variable "content" {} 17 | 18 | resource "google_storage_bucket_object" "object" { 19 | name = "examples/autorollback/${terraform.workspace}.txt" 20 | bucket = "pipecd-terraform-examples" 21 | content = var.content 22 | } 23 | -------------------------------------------------------------------------------- /terraform/autorollback/terraform.tfvars: -------------------------------------------------------------------------------- 1 | content = "hello-autorollback-example" 2 | -------------------------------------------------------------------------------- /terraform/local-module/.credentials/service-account.json: -------------------------------------------------------------------------------- 1 | {{ .encryptedSecrets.serviceAccount }} -------------------------------------------------------------------------------- /terraform/local-module/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | # Deploy applicaiton that using local terraform models from the same Git repository. 2 | apiVersion: pipecd.dev/v1beta1 3 | kind: TerraformApp 4 | spec: 5 | name: local-module 6 | labels: 7 | env: example 8 | team: infra 9 | description: | 10 | This app demonstrates how to use a local terraform module which is placed in the same Git repository.\ 11 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 12 | -------------------------------------------------------------------------------- /terraform/remote-module/.credentials/service-account.json: -------------------------------------------------------------------------------- 1 | {{ .encryptedSecrets.serviceAccount }} -------------------------------------------------------------------------------- /terraform/remote-module/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: TerraformApp 3 | spec: 4 | name: remote-module 5 | labels: 6 | env: example 7 | team: infra 8 | description: | 9 | This app demonstrates how to use a remote terraform module which can be fetched from another Git repository.\ 10 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 11 | -------------------------------------------------------------------------------- /terraform/secret-management/.credentials/service-account.json: -------------------------------------------------------------------------------- 1 | {{ .encryptedSecrets.serviceAccount }} -------------------------------------------------------------------------------- /terraform/secret-management/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: TerraformApp 3 | spec: 4 | name: secret-management 5 | labels: 6 | env: example 7 | team: infra 8 | encryption: 9 | encryptedSecrets: 10 | serviceAccount: AQA78CU6SWocooBeD4xwF4K+QNJZiWqeRjr2GeCfkJOY3T+tn1FB+HdePuIcvwdsYZW84jY3alIvgTpSJ0fCl5UDIbj5obF0QGJvJZylEIrvxbH0yhfFQcVTkF+K9LIeAbPzn5LtximQwPheJfej8H7aPhGCFBpCXrJKcTxo8Fqbso3tugO/aaGLczE9YS37xYhUmmWKkIcd/2/0x2XcZskMsgM3Mxi8AGo4kAXHeZrdWqvifulxposHvgjcYpjlHn+iloe47wBZcn6cAp0sMgWUUu/u2stNiu2DS+75XCCR0t+g57dlpR1Au9QniLtOvlHC4SI4MHf67TpOSOC63ljWVeK7/a4iDfbT7wdNJ7WSm4xUg7k7dpG2QPy2jAdj70BvOIMqRQbRzB3YRWoXGpcRRStWeWQ8FcdCaG2Jic2SyZU3t++deUbXNsiwEvktyMsgKJa/bqSNaZptwDgz5g53gleRv0kFShDbV9wl+UvbvFVbVHsHdEIDPYEP+yKbmo57QtTO29icWvcX71zjMRUpc5EPkOsJs2ow4YB1zv//ybwC5IOE8T0A3BIXJOyxtaDPkownOXZ5OtP8sRaDkjk9lvOWxlu3nYosSTufhCJk7QgwL4LSwkXt5P5kNBEaTtKN/TjfmYbr2/C86wCGkY1cJqGFROneYinNCwWzu/bLgqvOXBhrT6JrL+p0qTkxswbOYM0aB9weP+XrvT8+xEJM+SQDCo28FavfufHWaDuNbnpg/UnRJcE2ZApjOdKM44gP8lFJSN2tffrmXzyGoVAa7qrRpZrjzX6TwOvlc2sS5s5gUxU2ZZaseeC8y9ubEb5UzuNyolklAIiwqNhyuVGtubxQGYZmgOT89qgZ+n6XFtaOimLeyALuv/YQRM9N4mCfH0nUvmaO0e9JvsiKOF9pvD5UnZjrz+5FzwhYbKCSix0yKV3vX8frasvWwxmEim+VWYiiV56MvfAV9GDuocsO6Zn9m+smS3PRkULs3tUJ++j75Ef162Llzw4k36wnKtH82aS1EZ+FQnee+iZvi7afwfbT9kyLgZSXauSkiCq61XC3wOc+tJgH1P8o6HvqOq26LN5FMl2GuDM5+no892ee0ODP+5BRCG6ULH2AYKJVGKTwVarA9DZ57MZIMFN+5qRtkOn52XBiVwFRxtZt87TCu6xKCWI/YOLhsUSe/L4E9aqLEWhFezjf5NoqvKJ1NsBw4IN8S18PRa7aLdj/OGE19drfHvKZG4JXrltZ1dVga4NDjqIXPC19D0GXzP7mfVVwrwQjTFfHwwBwryPkpEmilCVzCO46w1BWvWSZisAI1/annDJ4sk3pLfQdke4cLLE4PHSITcawk+mfzRuSw6UOhOGvGsfLvCV+QzTdIMVyFbY5G/2YeMXeiKrsRtlJosnOhyn7jh62Oxc/7RVqtunKoU3FPOsOgT1RDwyd5snXhJe1bNtbdb57ZqX69iMNX74Bxzoefw/aWf0lCo/SfPcc8+teFl9Rk9bDATqvBPrk3c3ICc7Yy/WQEFeIHVan1/cDLkZBaLD8/ThjslnnKgepztW7C67EInrNPfXjpvcBAJ36Dsj8qZX8rl5/NNsRBFyBAxVahjAuE6jf/A00TXuYHGjz7eMd9PYq8pEZiiGz1yw78KGaSQch1XB5dx8Bkr4Eq9GMkmSZiJH6JXj0AwaCkf+IQklF6NCjZk36ZVb+iHye7MmL/D7nHkY39JFxvzszCHZSWCQr+8KdFIR29ablvio4SqOVUcVpnv1dtx5iDC1unIr5p6ZYdiF0y/v9pMGY3+uvV+qrs5xUCTlBSZoXdBcwKepdvasE8C9aQxYY09FByj2/OdWTPno50BxkMypRHBZCFEhR6VnmgcJpEuhXg/nEmlxHDhwGCa4yrl4ihKnsAlplXruQL2WD00agncBlW2xONisS7LWCIPqugCdhoQPy1GsbBxBLR3ZTxulsyoK4VXJ0QyVz8bj4P5j72gl7PhpndEj7qupSdi9lYNArngugFEfP4LEAQ/Ucj/gRWry40J5ntvkmN1mvsE/mOBUwmMj1WQqGWc9eBBzFQJmqZ9oIm9aJ1ckpoUFLg2gt10dKdPb3yK61x9z/v9a8JX7mN1vBaY0L5Bbjf+jXN4SG+wZ68TtEfjtS9qD5c+5gRllBeEhgAuKX8x53071hkXE8DBieChniwmS4gJkyW3wvTNRBWGcvMNF9WKLfLNvBWkKmJlQVk0CuaqNRakvwxICPnuCOGdu57DyLd/NPcDosJ9Qv/8ZeLQEp6XBX127pRwB3asNDXgyL9devDXYeyJ5ODruh1qRxHaCTpMvK5byO5gzSxXnv6zw4BtEMwdFadiygD+szxlvrUYQ3jR32MyehkOIDZlHP5tnn1pxpNXyQEI/TH11xLwgpm4J1KCv96JhAkos/pd+d6KN6ppwXiWYiTbbvRAwMV4Vp4F8PE2WySPyaAIwb59RQ4h1aOBvS5/BqOWS6qt43YyPYUmhyQoubyMAxmqDGcIdGaTQb3HRpA3q0TWJzxmfehUljrFtod7qODPCp+Lv9Cq+7ekMZCpla97IHfSGqSDSfIOvwVoP7fx7KiNyzS9FSwF80vt2RkEfSm0BBVB0JynGsosBHFgd08fS7PiGqY/Y8B7RPQbxeN/Dy55JsAmXX7NlG7yQDwZgCoC0sYP2u5jrrAqgJacoyMpkyMjufxBv1oDGGlJmz7YyItecq6uDwsuMCrlP5W1peCXWIxzDjSQG1o2I/IheLVc4J66XbYK1cEK4/fKRO+jvz99nTOHA/O8ldF1AIGxG5scNZYR2DA1tp6i0iwml6tuV5MjL/gCkW4lD40QHzh7Rexx3UZ12rZhIGiMpBhlnaBH087f60YV3/HmdIi1oR0gQpUrPxKEDwri6UpvwGvMx4Sz7y8n4O65rn6He4W0OMWanAeKOVsmrP8MfvxaCamXuMKKGyqYRAmyjsPE/h+9LWagOlzYOn2RCJPCa/LVa3xYdLSONlIbBgK1o1Z966e7N6mUzQg8mnpGFjsToC8OVa/97wmh7dFmU3aJB80owSsoyLGJuRuPP56NJCbrBQHEdkZ9GN+uVG+gZ8p9KjxFU0E9N7tsSGQNipK+mjH9C2iG1f1dsiuAly0xjIV8v2UReWSlxFAJ64yFb59CQP35dmms4uLTtfInBTVBp26s477k3hL9ln8jN0sSftrC0JpJu+UYPgBg/sMoo6JhtP7QtAfh1RBs3YiU0RFcSGbTlhO37WgeYaqHx+vYKtHLz0Wq0IddyedDbnj1+6qIcmjAVeoX/aBXiY+TebF5nZyvu0NJPI8wSywkKL5F67eyAYJ0XQca7wBx9f3maAiVaGzGTzY+hGwCrnu4fozNh5iB3ku8685f8Dps2nBDEKGpO/KYQ18DI+3KFC9d9w8vXVsIfv8W+QiH/bICOfpkavUsmLlNiI1IbV0W26I5kiNEHLGaji0HRuZVfwyJEIfByBbEYVHKRF 11 | decryptionTargets: 12 | - .credentials/service-account.json 13 | description: | 14 | This app demonstrates how to use [Secret Management](https://pipecd.dev/docs/user-guide/secret-management/) feature to store an encrypted credential in Git for use by Terraform code.\ 15 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 16 | -------------------------------------------------------------------------------- /terraform/secret-management/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "gcs" { 3 | bucket = "pipecd-play-terraform-examples-backend" 4 | prefix = "secret-management" 5 | credentials = ".credentials/service-account.json" 6 | } 7 | } 8 | 9 | variable "project" {} 10 | variable "content" {} 11 | 12 | provider "google" { 13 | project = var.project 14 | credentials = ".credentials/service-account.json" 15 | } 16 | 17 | resource "google_storage_bucket_object" "object" { 18 | name = "secret-management/${terraform.workspace}.txt" 19 | bucket = "pipecd-play-terraform-examples" 20 | content = var.content 21 | } 22 | -------------------------------------------------------------------------------- /terraform/secret-management/terraform.tfvars: -------------------------------------------------------------------------------- 1 | content = "hello-secret-management-example" 2 | -------------------------------------------------------------------------------- /terraform/simple/.credentials/service-account.json: -------------------------------------------------------------------------------- 1 | {{ .encryptedSecrets.serviceAccount }} -------------------------------------------------------------------------------- /terraform/simple/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: TerraformApp 3 | spec: 4 | name: simple 5 | labels: 6 | env: example 7 | team: infra 8 | input: 9 | terraformVersion: 1.1.6 10 | encryption: 11 | encryptedSecrets: 12 | serviceAccount: AQA78CU6SWocooBeD4xwF4K+QNJZiWqeRjr2GeCfkJOY3T+tn1FB+HdePuIcvwdsYZW84jY3alIvgTpSJ0fCl5UDIbj5obF0QGJvJZylEIrvxbH0yhfFQcVTkF+K9LIeAbPzn5LtximQwPheJfej8H7aPhGCFBpCXrJKcTxo8Fqbso3tugO/aaGLczE9YS37xYhUmmWKkIcd/2/0x2XcZskMsgM3Mxi8AGo4kAXHeZrdWqvifulxposHvgjcYpjlHn+iloe47wBZcn6cAp0sMgWUUu/u2stNiu2DS+75XCCR0t+g57dlpR1Au9QniLtOvlHC4SI4MHf67TpOSOC63ljWVeK7/a4iDfbT7wdNJ7WSm4xUg7k7dpG2QPy2jAdj70BvOIMqRQbRzB3YRWoXGpcRRStWeWQ8FcdCaG2Jic2SyZU3t++deUbXNsiwEvktyMsgKJa/bqSNaZptwDgz5g53gleRv0kFShDbV9wl+UvbvFVbVHsHdEIDPYEP+yKbmo57QtTO29icWvcX71zjMRUpc5EPkOsJs2ow4YB1zv//ybwC5IOE8T0A3BIXJOyxtaDPkownOXZ5OtP8sRaDkjk9lvOWxlu3nYosSTufhCJk7QgwL4LSwkXt5P5kNBEaTtKN/TjfmYbr2/C86wCGkY1cJqGFROneYinNCwWzu/bLgqvOXBhrT6JrL+p0qTkxswbOYM0aB9weP+XrvT8+xEJM+SQDCo28FavfufHWaDuNbnpg/UnRJcE2ZApjOdKM44gP8lFJSN2tffrmXzyGoVAa7qrRpZrjzX6TwOvlc2sS5s5gUxU2ZZaseeC8y9ubEb5UzuNyolklAIiwqNhyuVGtubxQGYZmgOT89qgZ+n6XFtaOimLeyALuv/YQRM9N4mCfH0nUvmaO0e9JvsiKOF9pvD5UnZjrz+5FzwhYbKCSix0yKV3vX8frasvWwxmEim+VWYiiV56MvfAV9GDuocsO6Zn9m+smS3PRkULs3tUJ++j75Ef162Llzw4k36wnKtH82aS1EZ+FQnee+iZvi7afwfbT9kyLgZSXauSkiCq61XC3wOc+tJgH1P8o6HvqOq26LN5FMl2GuDM5+no892ee0ODP+5BRCG6ULH2AYKJVGKTwVarA9DZ57MZIMFN+5qRtkOn52XBiVwFRxtZt87TCu6xKCWI/YOLhsUSe/L4E9aqLEWhFezjf5NoqvKJ1NsBw4IN8S18PRa7aLdj/OGE19drfHvKZG4JXrltZ1dVga4NDjqIXPC19D0GXzP7mfVVwrwQjTFfHwwBwryPkpEmilCVzCO46w1BWvWSZisAI1/annDJ4sk3pLfQdke4cLLE4PHSITcawk+mfzRuSw6UOhOGvGsfLvCV+QzTdIMVyFbY5G/2YeMXeiKrsRtlJosnOhyn7jh62Oxc/7RVqtunKoU3FPOsOgT1RDwyd5snXhJe1bNtbdb57ZqX69iMNX74Bxzoefw/aWf0lCo/SfPcc8+teFl9Rk9bDATqvBPrk3c3ICc7Yy/WQEFeIHVan1/cDLkZBaLD8/ThjslnnKgepztW7C67EInrNPfXjpvcBAJ36Dsj8qZX8rl5/NNsRBFyBAxVahjAuE6jf/A00TXuYHGjz7eMd9PYq8pEZiiGz1yw78KGaSQch1XB5dx8Bkr4Eq9GMkmSZiJH6JXj0AwaCkf+IQklF6NCjZk36ZVb+iHye7MmL/D7nHkY39JFxvzszCHZSWCQr+8KdFIR29ablvio4SqOVUcVpnv1dtx5iDC1unIr5p6ZYdiF0y/v9pMGY3+uvV+qrs5xUCTlBSZoXdBcwKepdvasE8C9aQxYY09FByj2/OdWTPno50BxkMypRHBZCFEhR6VnmgcJpEuhXg/nEmlxHDhwGCa4yrl4ihKnsAlplXruQL2WD00agncBlW2xONisS7LWCIPqugCdhoQPy1GsbBxBLR3ZTxulsyoK4VXJ0QyVz8bj4P5j72gl7PhpndEj7qupSdi9lYNArngugFEfP4LEAQ/Ucj/gRWry40J5ntvkmN1mvsE/mOBUwmMj1WQqGWc9eBBzFQJmqZ9oIm9aJ1ckpoUFLg2gt10dKdPb3yK61x9z/v9a8JX7mN1vBaY0L5Bbjf+jXN4SG+wZ68TtEfjtS9qD5c+5gRllBeEhgAuKX8x53071hkXE8DBieChniwmS4gJkyW3wvTNRBWGcvMNF9WKLfLNvBWkKmJlQVk0CuaqNRakvwxICPnuCOGdu57DyLd/NPcDosJ9Qv/8ZeLQEp6XBX127pRwB3asNDXgyL9devDXYeyJ5ODruh1qRxHaCTpMvK5byO5gzSxXnv6zw4BtEMwdFadiygD+szxlvrUYQ3jR32MyehkOIDZlHP5tnn1pxpNXyQEI/TH11xLwgpm4J1KCv96JhAkos/pd+d6KN6ppwXiWYiTbbvRAwMV4Vp4F8PE2WySPyaAIwb59RQ4h1aOBvS5/BqOWS6qt43YyPYUmhyQoubyMAxmqDGcIdGaTQb3HRpA3q0TWJzxmfehUljrFtod7qODPCp+Lv9Cq+7ekMZCpla97IHfSGqSDSfIOvwVoP7fx7KiNyzS9FSwF80vt2RkEfSm0BBVB0JynGsosBHFgd08fS7PiGqY/Y8B7RPQbxeN/Dy55JsAmXX7NlG7yQDwZgCoC0sYP2u5jrrAqgJacoyMpkyMjufxBv1oDGGlJmz7YyItecq6uDwsuMCrlP5W1peCXWIxzDjSQG1o2I/IheLVc4J66XbYK1cEK4/fKRO+jvz99nTOHA/O8ldF1AIGxG5scNZYR2DA1tp6i0iwml6tuV5MjL/gCkW4lD40QHzh7Rexx3UZ12rZhIGiMpBhlnaBH087f60YV3/HmdIi1oR0gQpUrPxKEDwri6UpvwGvMx4Sz7y8n4O65rn6He4W0OMWanAeKOVsmrP8MfvxaCamXuMKKGyqYRAmyjsPE/h+9LWagOlzYOn2RCJPCa/LVa3xYdLSONlIbBgK1o1Z966e7N6mUzQg8mnpGFjsToC8OVa/97wmh7dFmU3aJB80owSsoyLGJuRuPP56NJCbrBQHEdkZ9GN+uVG+gZ8p9KjxFU0E9N7tsSGQNipK+mjH9C2iG1f1dsiuAly0xjIV8v2UReWSlxFAJ64yFb59CQP35dmms4uLTtfInBTVBp26s477k3hL9ln8jN0sSftrC0JpJu+UYPgBg/sMoo6JhtP7QtAfh1RBs3YiU0RFcSGbTlhO37WgeYaqHx+vYKtHLz0Wq0IddyedDbnj1+6qIcmjAVeoX/aBXiY+TebF5nZyvu0NJPI8wSywkKL5F67eyAYJ0XQca7wBx9f3maAiVaGzGTzY+hGwCrnu4fozNh5iB3ku8685f8Dps2nBDEKGpO/KYQ18DI+3KFC9d9w8vXVsIfv8W+QiH/bICOfpkavUsmLlNiI1IbV0W26I5kiNEHLGaji0HRuZVfwyJEIfByBbEYVHKRF 13 | decryptionTargets: 14 | - .credentials/service-account.json 15 | description: | 16 | This app demonstrates how to deploy a Terraform application with [Quick Sync](https://pipecd.dev/docs/concepts/#sync-strategy) strategy.\ 17 | No pipeline is specified then in each deployment PipeCD does terraform plan and if there are any changes detected it applies those changes automatically.\ 18 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 19 | -------------------------------------------------------------------------------- /terraform/simple/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "gcs" { 3 | bucket = "pipecd-play-terraform-examples-backend" 4 | prefix = "simple" 5 | credentials = ".credentials/service-account.json" 6 | } 7 | } 8 | 9 | variable "project" {} 10 | variable "content" {} 11 | 12 | provider "google" { 13 | project = var.project 14 | credentials = ".credentials/service-account.json" 15 | } 16 | 17 | resource "google_storage_bucket_object" "object" { 18 | name = "simple/${terraform.workspace}.txt" 19 | bucket = "pipecd-play-terraform-examples" 20 | content = var.content 21 | } 22 | -------------------------------------------------------------------------------- /terraform/simple/terraform.tfvars: -------------------------------------------------------------------------------- 1 | content = "hello-simple-example" 2 | -------------------------------------------------------------------------------- /terraform/wait-approval/.credentials/service-account.json: -------------------------------------------------------------------------------- 1 | {{ .encryptedSecrets.serviceAccount }} -------------------------------------------------------------------------------- /terraform/wait-approval/app.pipecd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pipecd.dev/v1beta1 2 | kind: TerraformApp 3 | spec: 4 | name: wait-approval 5 | labels: 6 | env: example 7 | team: infra 8 | input: 9 | terraformVersion: 1.1.6 10 | pipeline: 11 | stages: 12 | - name: TERRAFORM_PLAN 13 | - name: WAIT_APPROVAL 14 | - name: TERRAFORM_APPLY 15 | encryption: 16 | encryptedSecrets: 17 | serviceAccount: AQA78CU6SWocooBeD4xwF4K+QNJZiWqeRjr2GeCfkJOY3T+tn1FB+HdePuIcvwdsYZW84jY3alIvgTpSJ0fCl5UDIbj5obF0QGJvJZylEIrvxbH0yhfFQcVTkF+K9LIeAbPzn5LtximQwPheJfej8H7aPhGCFBpCXrJKcTxo8Fqbso3tugO/aaGLczE9YS37xYhUmmWKkIcd/2/0x2XcZskMsgM3Mxi8AGo4kAXHeZrdWqvifulxposHvgjcYpjlHn+iloe47wBZcn6cAp0sMgWUUu/u2stNiu2DS+75XCCR0t+g57dlpR1Au9QniLtOvlHC4SI4MHf67TpOSOC63ljWVeK7/a4iDfbT7wdNJ7WSm4xUg7k7dpG2QPy2jAdj70BvOIMqRQbRzB3YRWoXGpcRRStWeWQ8FcdCaG2Jic2SyZU3t++deUbXNsiwEvktyMsgKJa/bqSNaZptwDgz5g53gleRv0kFShDbV9wl+UvbvFVbVHsHdEIDPYEP+yKbmo57QtTO29icWvcX71zjMRUpc5EPkOsJs2ow4YB1zv//ybwC5IOE8T0A3BIXJOyxtaDPkownOXZ5OtP8sRaDkjk9lvOWxlu3nYosSTufhCJk7QgwL4LSwkXt5P5kNBEaTtKN/TjfmYbr2/C86wCGkY1cJqGFROneYinNCwWzu/bLgqvOXBhrT6JrL+p0qTkxswbOYM0aB9weP+XrvT8+xEJM+SQDCo28FavfufHWaDuNbnpg/UnRJcE2ZApjOdKM44gP8lFJSN2tffrmXzyGoVAa7qrRpZrjzX6TwOvlc2sS5s5gUxU2ZZaseeC8y9ubEb5UzuNyolklAIiwqNhyuVGtubxQGYZmgOT89qgZ+n6XFtaOimLeyALuv/YQRM9N4mCfH0nUvmaO0e9JvsiKOF9pvD5UnZjrz+5FzwhYbKCSix0yKV3vX8frasvWwxmEim+VWYiiV56MvfAV9GDuocsO6Zn9m+smS3PRkULs3tUJ++j75Ef162Llzw4k36wnKtH82aS1EZ+FQnee+iZvi7afwfbT9kyLgZSXauSkiCq61XC3wOc+tJgH1P8o6HvqOq26LN5FMl2GuDM5+no892ee0ODP+5BRCG6ULH2AYKJVGKTwVarA9DZ57MZIMFN+5qRtkOn52XBiVwFRxtZt87TCu6xKCWI/YOLhsUSe/L4E9aqLEWhFezjf5NoqvKJ1NsBw4IN8S18PRa7aLdj/OGE19drfHvKZG4JXrltZ1dVga4NDjqIXPC19D0GXzP7mfVVwrwQjTFfHwwBwryPkpEmilCVzCO46w1BWvWSZisAI1/annDJ4sk3pLfQdke4cLLE4PHSITcawk+mfzRuSw6UOhOGvGsfLvCV+QzTdIMVyFbY5G/2YeMXeiKrsRtlJosnOhyn7jh62Oxc/7RVqtunKoU3FPOsOgT1RDwyd5snXhJe1bNtbdb57ZqX69iMNX74Bxzoefw/aWf0lCo/SfPcc8+teFl9Rk9bDATqvBPrk3c3ICc7Yy/WQEFeIHVan1/cDLkZBaLD8/ThjslnnKgepztW7C67EInrNPfXjpvcBAJ36Dsj8qZX8rl5/NNsRBFyBAxVahjAuE6jf/A00TXuYHGjz7eMd9PYq8pEZiiGz1yw78KGaSQch1XB5dx8Bkr4Eq9GMkmSZiJH6JXj0AwaCkf+IQklF6NCjZk36ZVb+iHye7MmL/D7nHkY39JFxvzszCHZSWCQr+8KdFIR29ablvio4SqOVUcVpnv1dtx5iDC1unIr5p6ZYdiF0y/v9pMGY3+uvV+qrs5xUCTlBSZoXdBcwKepdvasE8C9aQxYY09FByj2/OdWTPno50BxkMypRHBZCFEhR6VnmgcJpEuhXg/nEmlxHDhwGCa4yrl4ihKnsAlplXruQL2WD00agncBlW2xONisS7LWCIPqugCdhoQPy1GsbBxBLR3ZTxulsyoK4VXJ0QyVz8bj4P5j72gl7PhpndEj7qupSdi9lYNArngugFEfP4LEAQ/Ucj/gRWry40J5ntvkmN1mvsE/mOBUwmMj1WQqGWc9eBBzFQJmqZ9oIm9aJ1ckpoUFLg2gt10dKdPb3yK61x9z/v9a8JX7mN1vBaY0L5Bbjf+jXN4SG+wZ68TtEfjtS9qD5c+5gRllBeEhgAuKX8x53071hkXE8DBieChniwmS4gJkyW3wvTNRBWGcvMNF9WKLfLNvBWkKmJlQVk0CuaqNRakvwxICPnuCOGdu57DyLd/NPcDosJ9Qv/8ZeLQEp6XBX127pRwB3asNDXgyL9devDXYeyJ5ODruh1qRxHaCTpMvK5byO5gzSxXnv6zw4BtEMwdFadiygD+szxlvrUYQ3jR32MyehkOIDZlHP5tnn1pxpNXyQEI/TH11xLwgpm4J1KCv96JhAkos/pd+d6KN6ppwXiWYiTbbvRAwMV4Vp4F8PE2WySPyaAIwb59RQ4h1aOBvS5/BqOWS6qt43YyPYUmhyQoubyMAxmqDGcIdGaTQb3HRpA3q0TWJzxmfehUljrFtod7qODPCp+Lv9Cq+7ekMZCpla97IHfSGqSDSfIOvwVoP7fx7KiNyzS9FSwF80vt2RkEfSm0BBVB0JynGsosBHFgd08fS7PiGqY/Y8B7RPQbxeN/Dy55JsAmXX7NlG7yQDwZgCoC0sYP2u5jrrAqgJacoyMpkyMjufxBv1oDGGlJmz7YyItecq6uDwsuMCrlP5W1peCXWIxzDjSQG1o2I/IheLVc4J66XbYK1cEK4/fKRO+jvz99nTOHA/O8ldF1AIGxG5scNZYR2DA1tp6i0iwml6tuV5MjL/gCkW4lD40QHzh7Rexx3UZ12rZhIGiMpBhlnaBH087f60YV3/HmdIi1oR0gQpUrPxKEDwri6UpvwGvMx4Sz7y8n4O65rn6He4W0OMWanAeKOVsmrP8MfvxaCamXuMKKGyqYRAmyjsPE/h+9LWagOlzYOn2RCJPCa/LVa3xYdLSONlIbBgK1o1Z966e7N6mUzQg8mnpGFjsToC8OVa/97wmh7dFmU3aJB80owSsoyLGJuRuPP56NJCbrBQHEdkZ9GN+uVG+gZ8p9KjxFU0E9N7tsSGQNipK+mjH9C2iG1f1dsiuAly0xjIV8v2UReWSlxFAJ64yFb59CQP35dmms4uLTtfInBTVBp26s477k3hL9ln8jN0sSftrC0JpJu+UYPgBg/sMoo6JhtP7QtAfh1RBs3YiU0RFcSGbTlhO37WgeYaqHx+vYKtHLz0Wq0IddyedDbnj1+6qIcmjAVeoX/aBXiY+TebF5nZyvu0NJPI8wSywkKL5F67eyAYJ0XQca7wBx9f3maAiVaGzGTzY+hGwCrnu4fozNh5iB3ku8685f8Dps2nBDEKGpO/KYQ18DI+3KFC9d9w8vXVsIfv8W+QiH/bICOfpkavUsmLlNiI1IbV0W26I5kiNEHLGaji0HRuZVfwyJEIfByBbEYVHKRF 18 | decryptionTargets: 19 | - .credentials/service-account.json 20 | notification: 21 | mentions: 22 | - event: DEPLOYMENT_WAIT_APPROVAL 23 | slack: 24 | - slack-user-id-1 # slack-user-name-1 25 | - slack-user-id-2 # slack-user-name-2 26 | # Specifying "*" means mentioning the given users for all events. 27 | - event: "*" 28 | slack: 29 | - slack-user-id-3 # slack-user-name-3 30 | description: | 31 | This app demonstrates how to add use WAIT_APPROVAL stage to require a manual approval before applying.\ 32 | References: [adding a new app](https://pipecd.dev/docs/user-guide/managing-application/adding-an-application/), [app configuration](https://pipecd.dev/docs/user-guide/configuration-reference/) 33 | -------------------------------------------------------------------------------- /terraform/wait-approval/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "gcs" { 3 | bucket = "pipecd-play-terraform-examples-backend" 4 | prefix = "wait-approval" 5 | credentials = ".credentials/service-account.json" 6 | } 7 | } 8 | 9 | variable "project" {} 10 | variable "content" {} 11 | 12 | provider "google" { 13 | project = var.project 14 | credentials = ".credentials/service-account.json" 15 | } 16 | 17 | resource "google_storage_bucket_object" "object" { 18 | name = "wait-approval/example.txt" 19 | bucket = "pipecd-play-terraform-examples" 20 | content = var.content 21 | } 22 | -------------------------------------------------------------------------------- /terraform/wait-approval/terraform.tfvars: -------------------------------------------------------------------------------- 1 | content = "hello-waitapproval-example" 2 | --------------------------------------------------------------------------------