├── Dockerfiles ├── Dockerfile-nettools ├── Dockerfile-yocto-builder └── pwclientrc ├── LICENSE ├── README.md ├── fedora_setup.md ├── kustomization.yaml ├── media ├── dashboard-1.gif ├── extended_demo.gif ├── k9s_1.gif ├── k9s_2.gif ├── meta-python-1.gif ├── meta-python-dashboard.gif └── poky-pipeline-1.gif ├── meta-python ├── README_registry.md ├── cronjob.yaml ├── eventlistener.yaml ├── kustomization.yaml ├── namespace.yaml ├── pipeline.yaml ├── registry.yaml ├── registry_service.yaml ├── scripts │ ├── gen_pr.sh │ ├── get-bitbake-list.sh │ ├── get-ptest-list.sh │ └── get-recipe-changes.sh ├── serviceaccount.yaml ├── tasks │ ├── build-packagegroup.yaml │ ├── build-patches.yaml │ ├── build-ptest-container.yaml │ ├── kustomization.yaml │ ├── run-ptest.yaml │ ├── setup-conf.yaml │ └── update-workspace.yaml └── trigger_template.yaml └── yddtalk └── 2020 ├── YP_DevDay_k8s_tekton.odp ├── YP_DevDay_k8s_tekton.pdf └── worklist.md /Dockerfiles/Dockerfile-nettools: -------------------------------------------------------------------------------- 1 | FROM ubuntu:latest 2 | 3 | RUN apt-get update 4 | RUN apt-get install -y \ 5 | dnsutils \ 6 | curl \ 7 | iftop \ 8 | vnstat \ 9 | hping3 \ 10 | nmap \ 11 | tcpdump \ 12 | wget 13 | RUN apt-get clean && rm -rf /var/lib/apt/lists 14 | -------------------------------------------------------------------------------- /Dockerfiles/Dockerfile-yocto-builder: -------------------------------------------------------------------------------- 1 | FROM fedora:36 2 | 3 | MAINTAINER Trevor Gamblin 4 | 5 | RUN \ 6 | useradd --home-dir /home/builder --uid 1000 --gid 100 --shell /bin/bash builder && \ 7 | echo "multilib_policy=best" >> /etc/dnf/dnf.conf && \ 8 | echo "deltarpm=0" >> /etc/dnf/dnf.conf && \ 9 | dnf -y --noplugins clean all && \ 10 | dnf -y --noplugins install \ 11 | SDL-devel \ 12 | bzip2 \ 13 | ccache \ 14 | chrpath \ 15 | cpio \ 16 | cpp \ 17 | curl \ 18 | diffstat \ 19 | diffutils \ 20 | expect \ 21 | file \ 22 | findutils \ 23 | gawk \ 24 | gcc \ 25 | gcc-c++ \ 26 | git \ 27 | glibc-devel.i686 \ 28 | glibc-devel.x86_64 \ 29 | glibc.i686 \ 30 | glibc-langpack-en.x86_64 \ 31 | gzip \ 32 | help2man \ 33 | hostname \ 34 | iproute \ 35 | iputils \ 36 | libgcc.i686 \ 37 | libgcc.x86_64 \ 38 | libnsl2-devel \ 39 | lz4 \ 40 | make \ 41 | mesa-libGL \ 42 | mesa-libGLU \ 43 | ncurses-libs.i686 \ 44 | openssh-server \ 45 | patch \ 46 | perl \ 47 | perl-Data-Dumper \ 48 | perl-Text-ParseWords \ 49 | perl-Thread-Queue \ 50 | perl-autodie \ 51 | perl-bignum \ 52 | perl-podlators \ 53 | procps-ng \ 54 | python2 \ 55 | python3 \ 56 | python3-pexpect \ 57 | python3-pip \ 58 | rpcgen \ 59 | socat \ 60 | screen \ 61 | subversion \ 62 | sudo \ 63 | tar \ 64 | texi2html \ 65 | texinfo \ 66 | time \ 67 | unzip \ 68 | wget \ 69 | which \ 70 | zstd \ 71 | xz && \ 72 | dnf --noplugins clean all && \ 73 | rm -rf /var/cache/dnf && \ 74 | rm -rf /usr/share/{man,doc,info,gnome/help} && \ 75 | rm -rf /usr/share/texlive/texmf-dist/{fonts,doc,tex} && \ 76 | pip install kas pwclient && \ 77 | cd /usr/libexec/git-core && \ 78 | find . -samefile git -name 'git-*' -exec ln -sf git {} \; && \ 79 | echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers 80 | 81 | COPY pwclientrc /home/builder/.pwclientrc 82 | 83 | USER builder 84 | 85 | CMD [ "tail", "-f", "/dev/null" ] 86 | -------------------------------------------------------------------------------- /Dockerfiles/pwclientrc: -------------------------------------------------------------------------------- 1 | 2 | # Sample .pwclientrc file for the oe project, 3 | # running on patchwork.openembedded.org. 4 | # 5 | # Just append this file to your existing ~/.pwclientrc 6 | # If you do not already have a ~/.pwclientrc, then copy this file to 7 | # ~/.pwclientrc, and uncomment the following two lines: 8 | [options] 9 | default=oe 10 | signoff=True 11 | 12 | [oe] 13 | url= https://patchwork.openembedded.org/xmlrpc/ 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Wind River Systems 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # yocto-tekton 2 | 3 | Table of Contents 4 | ================= 5 | 6 | * [yocto-tekton](#yocto-tekton) 7 | * [Table of Contents](#table-of-contents) 8 | * [Overview](#overview) 9 | * [Dockerfiles](#dockerfiles) 10 | * [Setup Instructions](#setup-instructions) 11 | * [The meta-python Pipeline](#the-meta-python-pipeline) 12 | * [Overview and Usage](#overview-and-usage) 13 | * [The nettools Pod](#the-nettools-pod) 14 | * [Notes/Lessons Learned](#noteslessons-learned) 15 | * [To-Do](#to-do) 16 | * [Credits](#credits) 17 | 18 | ## Overview 19 | 20 | This is a repository of configuration files meant for maintaining the 21 | layers of the [Yocto Project](https://www.yoctoproject.org/). It 22 | originated as a simple set of Tekton pipeline resources for Kubernetes 23 | that were (and are still) used to help maintain the [meta-python 24 | layer](https://layers.openembedded.org/layerindex/branch/master/layer/meta-python/), 25 | but it continues to evolve to support other layers and related 26 | processes, in addition to serving as a set of examples for building 27 | pipelines with Docker, k8s, and Tekton. 28 | 29 | See the instructions for configuring a k8s cluster in the coming sections 30 | to get started. 31 | 32 | ## Dockerfiles 33 | 34 | The [Dockerfiles](Dockerfiles) are used to handle the majority of the 35 | deployments and pipelines created through the rest of the repository's 36 | content. 37 | 38 | 1. Dockerfile-buildspace is the catch-all container for actual builds, 39 | which includes all of the tools necessary to successfully run bitbake 40 | for various recipes; 41 | 2. Dockerfile-nettools is a container that is best used as a debug pod 42 | when testing new deployments, pods, etc. and their configurations 43 | (e.g. if you want to make sure that an httpd deployment is exposed 44 | where you think it is) 45 | 46 | ## Setup Instructions 47 | 48 | See [fedora_setup.md](fedora_setup.md) 49 | 50 | ## The meta-python Pipeline 51 | 52 | ### Overview and Usage 53 | 54 | The meta-python pipelines are examples of how one might build a CI/CD pipeline 55 | that performs common Yocto layer maintainer tasks. There are two 56 | different pipelines: 57 | 58 | 1. patch-pipeline 59 | 2. container-pipeline 60 | 61 | Both of these share a common task, "update-workspace", which clones the poky, 62 | meta-openembedded, and yocto-tekton repositories into the hostPath specified in 63 | the pipelines (or updates these repositories to the latest master, master-next, 64 | and main commits, respectively, if the repos are already present). Each 65 | pipeline also comes with a distinct EventListener and CronJob that will 66 | automatically trigger them once per day. 67 | 68 | patch-pipeline does the following: 69 | 1. Identify any patches applied to the master-next branch of the 70 | meta-openembedded layer that are for meta-python recipes and adds the recipe 71 | names to a build list; 72 | 2. Triggers a build of all of those recipes with bitbake; 73 | 3. Outputs a short list of all of the identified and built recipes after 74 | completion (if the builds succeeded) 75 | 76 | container-pipeline: 77 | 1. Builds the meta-python-ptest-image target as a container filesystem; 78 | 2. Uses Kaniko to build a container image from the completed ptest image and 79 | pushes it to a local registry; 80 | 3. Pulls the image from that registry to run as the container for a test task, 81 | and executes the "ptest-runner" command 82 | 83 | Both of these pipelines make basic use of Kubernetes' built-in Kustomize 84 | functionality to simplify templating the individual pipelines, share 85 | resource templates (such as the aforementioned update-workspace task), 86 | and instantiate supporting services (such as the yt-registry deployment 87 | that container-pipeline uses to store its test images). For the 88 | end-user, this ultimately means that adding these pipelines to the 89 | single-node cluster can be as simple as running this command inside the 90 | container-pipeline and/or patch-pipeline directories: 91 | 92 | `kubectl apply -k .` 93 | 94 | **Note:** The TriggerTemplate spec in each pipeline has a hostPath value of 95 | /tekton/pipelines/meta-python, which is specific to the author's system. If 96 | you want the pipeline build artifacts to be created in a different location, 97 | you will need to edit this field, or create the /tekton/pipelines/meta-python 98 | path on the cluster node and ensure it that the correct permissions are set. 99 | 100 | ### The nettools Pod 101 | 102 | While both meta-python pipelines feature automatic runs thanks to their 103 | CronJob/EventListener combinations, it is possible to trigger them 104 | manually as required. To help in doing so, the author also created a 105 | "nettools" pod for the single-node cluster that can be used to (among 106 | other things) trigger the builds. 107 | 108 | The nettools pod is created by running: 109 | 110 | `kubectl run -i --tty --attach nettools --image=threexc/nettools` 111 | 112 | If it is instantiated but you are not currently attached, you can attach 113 | to it by running: 114 | 115 | `kubectl exec -it nettools -- /bin/bash` 116 | 117 | And then running the following (check the EventListener naming 118 | conventions for exact syntax): 119 | 120 | `curl -X POST http://el-meta-python-listener.tekton-pipelines.svc.cluster.local:8080` 121 | 122 | Finally, `tkn pipelinerun logs --last -f -n tekton-pipelines` or the 123 | Tekton Dashboard allow viewing of the in-progress or complete pipelines. 124 | 125 | ### Notes/Lessons Learned 126 | 127 | - Helm doesn't like "generateName" fields (making adding the Tekton 128 | parts to the chart difficult): 129 | https://github.com/helm/helm/issues/3348 130 | 131 | ## To-Do 132 | 133 | - Better patch queue/identification for meta-python and poky pipelines 134 | - Start using stuff from the [Tekton 135 | Catalog](https://github.com/tektoncd/catalog) 136 | - Get QEMU working in the testimage container 137 | - Do it with KVM and tap/tun 138 | 139 | ## Credits 140 | 141 | TOC generated with the help of 142 | [gh-md-toc](https://github.com/ekalinin/github-markdown-toc) 143 | 144 | GIFs generated with [peek](https://github.com/phw/peek) 145 | -------------------------------------------------------------------------------- /fedora_setup.md: -------------------------------------------------------------------------------- 1 | # Fedora 37 Setup Instructions 2 | 3 | These instructions are based on the ones at [zews.org](https://www.zews.org/k8s-1-19-on-fedora-33-with-kubeadm-and-a-gpu/), combined with the [kubeadm installation instructions](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/), but with some changes for a flannel-based single-node setup. 4 | 5 | 1. Enable kubernetes repos: 6 | ``` 7 | cat < /etc/yum.repos.d/kubernetes.repo 8 | [kubernetes] 9 | name=Kubernetes 10 | baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch 11 | enabled=1 12 | gpgcheck=1 13 | repo_gpgcheck=0 14 | gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 15 | exclude=kubelet kubeadm kubectl 16 | EOF 17 | ``` 18 | Note that repo\_gpgcheck is set to 0. There is a bug with the GPG check and their repo. See: https://github.com/kubernetes/kubernetes/issues/110667 19 | 2. Set SELinux to permissive: 20 | ` 21 | sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config 22 | ` 23 | 3. Install cri-o: `sudo dnf install -y cri-o` 24 | 4. Modify /etc/cni/net.d/100-crio-bridge.conf and change the first "subnet" to "10.244.0.0/16" 25 | 5. Install kubeadm, kubelet, kubectl: `sudo dnf install -y --disableexcludes=kubernetes kubelet kubeadm kubectl` 26 | 6. Enable containerd and kubelet: `sudo systemctl enable --now containerd && sudo systemctl enable kubelet` 27 | 7. Enable required modules on boot: 28 | 29 | ``` 30 | cat <- 15 | 'trigger_template' in body && 16 | body['trigger_template'] == 'nightly' 17 | -------------------------------------------------------------------------------- /meta-python/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - tasks 3 | 4 | resources: 5 | - cronjob.yaml 6 | - eventlistener.yaml 7 | - namespace.yaml 8 | - pipeline.yaml 9 | - registry.yaml 10 | - registry_service.yaml 11 | - serviceaccount.yaml 12 | - trigger_template.yaml 13 | 14 | namespace: meta-python 15 | -------------------------------------------------------------------------------- /meta-python/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: meta-python 6 | -------------------------------------------------------------------------------- /meta-python/pipeline.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Pipeline 3 | metadata: 4 | name: meta-python-nightly 5 | spec: 6 | tasks: 7 | - name: update-workspace 8 | taskRef: 9 | name: meta-python-update-workspace 10 | - name: setup-conf 11 | taskRef: 12 | name: meta-python-setup-conf 13 | runAfter: 14 | - update-workspace 15 | - name: build-patches 16 | taskRef: 17 | name: meta-python-build-patches 18 | runAfter: 19 | - setup-conf 20 | - name: build-packagegroup 21 | taskRef: 22 | name: meta-python-build-packagegroup 23 | runAfter: 24 | - build-patches 25 | - name: build-ptest-container 26 | taskRef: 27 | name: meta-python-build-ptest-container 28 | runAfter: 29 | - build-packagegroup 30 | - name: run-ptest 31 | taskRef: 32 | name: meta-python-run-ptest 33 | runAfter: 34 | - build-ptest-container 35 | -------------------------------------------------------------------------------- /meta-python/registry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: yt-registry 5 | labels: 6 | app: yt-registry 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: yt-registry 12 | template: 13 | metadata: 14 | labels: 15 | app: yt-registry 16 | spec: 17 | volumes: 18 | - name: certs-vol 19 | hostPath: 20 | path: /opt/certs 21 | type: Directory 22 | - name: registry-vol 23 | hostPath: 24 | path: /opt/registry 25 | type: Directory 26 | 27 | containers: 28 | - image: mirror.gcr.io/library/registry:2 29 | name: yt-registry 30 | imagePullPolicy: IfNotPresent 31 | env: 32 | - name: REGISTRY_HTTP_TLS_CERTIFICATE 33 | value: "/certs/registry.crt" 34 | - name: REGISTRY_HTTP_TLS_KEY 35 | value: "/certs/registry.key" 36 | ports: 37 | - containerPort: 5000 38 | volumeMounts: 39 | - name: certs-vol 40 | mountPath: /certs 41 | - name: registry-vol 42 | mountPath: /var/lib/registry 43 | -------------------------------------------------------------------------------- /meta-python/registry_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: yt-registry 6 | name: yt-registry 7 | spec: 8 | ports: 9 | - port: 5000 10 | nodePort: 31320 11 | protocol: TCP 12 | targetPort: 5000 13 | selector: 14 | app: yt-registry 15 | type: NodePort 16 | -------------------------------------------------------------------------------- /meta-python/scripts/gen_pr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | git fetch upstream 4 | git checkout master-next 5 | git branch -D meta-python-merge 6 | git push -u origin -d meta-python-merge 7 | git reset --hard upstream/master-next 8 | git push -u origin master-next --force 9 | git checkout master 10 | git reset --hard upstream/master 11 | git push -u origin master --force 12 | git checkout -b meta-python-merge 13 | git log --oneline master-next master..master-next | grep -E 'python3-|meta-python' | awk '{print $1}' | tac | xargs git cherry-pick -s 14 | git push -u origin meta-python-merge 15 | -------------------------------------------------------------------------------- /meta-python/scripts/get-bitbake-list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RECIPE_LIST="" 4 | # Read line-by-line from $COMMIT_LOG, and get the recipe filenames. Make sure to handle the case where 5 | # --diff-filter shows three words (e.g. when a version upgrade is made, it shows the diff-filter flag, 6 | # the old filename, and the new filename 7 | while read -r line 8 | do 9 | LINE_LENGTH=$(echo "$line" | wc -w) 10 | if [ "$LINE_LENGTH" = "3" ]; then 11 | RECIPE_NAME=$(echo "$line" | awk '{print $3}' | awk -F/ '{print $NF}' | sed 's/_.*//' | sed 's/\..*//') 12 | elif [ "$LINE_LENGTH" = "2" ]; then 13 | RECIPE_NAME=$(echo "$line" | awk '{print $2}' | awk -F/ '{print $NF}' | sed 's/_.*//' | sed 's/\..*//') 14 | else 15 | echo "Something went wrong with getting recipe names." 16 | exit 1 17 | fi 18 | 19 | # Handle the case where a .inc file was modified, and the "recipe" it reports is e.g. python-grpcio-tools 20 | # instead of python3-grpcio-tools. Do this by splitting the recipe string on the first hyphen and adding 21 | # at the end of the prefix, before re-combining 22 | if [ $? -eq 1 ]; then 23 | PREFIX=$(echo "$RECIPE_NAME" | cut -d'-' -f1) 24 | SUFFIX=$(echo "$RECIPE_NAME" | cut -d'-' -f2) 25 | RECIPE_NAME="${PREFIX}3-${SUFFIX}" 26 | fi 27 | 28 | 29 | # Make sure what we've parsed is actually a python recipe. 30 | # If (and only if) it is, then add it to RECIPE_LIST 31 | PYTHON_CHECK=$(echo "$RECIPE_NAME" | grep "python3") 32 | if [ "$?" -eq 0 ]; then 33 | RECIPE_LIST+="${RECIPE_NAME} " 34 | fi 35 | 36 | done < <(printf '%s\n' "$1") 37 | 38 | echo $RECIPE_LIST 39 | -------------------------------------------------------------------------------- /meta-python/scripts/get-ptest-list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | LAYERDIR="meta-openembedded" 4 | SUBGROUP="python" 5 | 6 | echo "Fetching list of ptests" 7 | PTEST_LIST="$(cd $LAYERDIR && grep -r "ptest" meta-${SUBGROUP} | awk -F'/' '{print $4}' | awk -F':' '{print $1}' | awk -F'_' '{print $1}' | grep -v ".bb" | grep -v ".inc" | uniq)" 8 | 9 | echo "$PTEST_LIST" 10 | -------------------------------------------------------------------------------- /meta-python/scripts/get-recipe-changes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | LAYERDIR="meta-openembedded" 4 | SUBGROUP="python" 5 | 6 | COMMIT_LOG="$(cd "$LAYERDIR" && git log --name-status --oneline --grep="$SUBGROUP" origin/master..origin/master-next --find-renames --diff-filter=ACMR | grep "^[A-Z]" | grep "$SUBGROUP" | grep -E '.bb|.inc')" 7 | 8 | echo "$COMMIT_LOG" 9 | -------------------------------------------------------------------------------- /meta-python/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: tekton-triggers-sa 6 | --- 7 | kind: Role 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | metadata: 10 | name: tekton-triggers-minimal 11 | rules: 12 | # Permissions for every EventListener deployment to function 13 | - apiGroups: ["triggers.tekton.dev"] 14 | resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] 15 | verbs: ["get", "list", "watch"] 16 | - apiGroups: [""] 17 | # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization 18 | resources: ["configmaps", "secrets", "serviceaccounts"] 19 | verbs: ["get", "list", "watch"] 20 | # Permissions to create resources in associated TriggerTemplates 21 | - apiGroups: ["tekton.dev"] 22 | resources: ["pipelineruns", "pipelineresources", "taskruns"] 23 | verbs: ["create"] 24 | - apiGroups: [""] 25 | resources: ["serviceaccounts"] 26 | verbs: ["impersonate"] 27 | - apiGroups: ["policy"] 28 | resources: ["podsecuritypolicies"] 29 | resourceNames: ["tekton-triggers"] 30 | verbs: ["use"] 31 | --- 32 | apiVersion: rbac.authorization.k8s.io/v1 33 | kind: RoleBinding 34 | metadata: 35 | name: tekton-triggers-rolebinding 36 | subjects: 37 | - kind: ServiceAccount 38 | name: tekton-triggers-sa 39 | roleRef: 40 | apiGroup: rbac.authorization.k8s.io 41 | kind: Role 42 | name: tekton-triggers-minimal 43 | --- 44 | kind: ClusterRole 45 | apiVersion: rbac.authorization.k8s.io/v1 46 | metadata: 47 | name: tekton-triggers-clusterrole 48 | rules: 49 | # EventListeners need to be able to fetch any clustertriggerbindings 50 | - apiGroups: ["triggers.tekton.dev"] 51 | resources: ["clustertriggerbindings", "clusterinterceptors"] 52 | verbs: ["get", "list", "watch"] 53 | --- 54 | apiVersion: rbac.authorization.k8s.io/v1 55 | kind: ClusterRoleBinding 56 | metadata: 57 | name: tekton-triggers-clusterbinding 58 | subjects: 59 | - kind: ServiceAccount 60 | name: tekton-triggers-sa 61 | namespace: default 62 | roleRef: 63 | apiGroup: rbac.authorization.k8s.io 64 | kind: ClusterRole 65 | name: tekton-triggers-clusterrole 66 | -------------------------------------------------------------------------------- /meta-python/tasks/build-packagegroup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: meta-python-build-packagegroup 6 | spec: 7 | steps: 8 | - name: build-packagegroup 9 | image: registry.hub.docker.com/threexc/yocto-builder:36 10 | workingDir: /workspace 11 | script: | 12 | #!/bin/bash -e 13 | # Add yocto-tekton repo to PATH 14 | export PATH="/workspace/yocto-tekton/meta-python/scripts:$PATH" 15 | 16 | # Move into poky directory, remove old conf, source build 17 | cd poky && source oe-init-build-env build 18 | export LANG=en_US.UTF-8 19 | 20 | bitbake packagegroup-meta-python 21 | volumeMounts: 22 | - name: build 23 | mountPath: /workspace 24 | -------------------------------------------------------------------------------- /meta-python/tasks/build-patches.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: meta-python-build-patches 6 | namespace: tekton-pipelines 7 | spec: 8 | steps: 9 | - name: build-patches 10 | image: registry.hub.docker.com/threexc/yocto-builder:36 11 | workingDir: /workspace 12 | script: | 13 | #!/bin/bash 14 | # Add yocto-tekton repo to PATH 15 | export PATH="/workspace/yocto-tekton/meta-python/scripts:$PATH" 16 | # Get the latest python recipe changes and bitbake them using --diff-filter for Added (A), Copied (C), 17 | # Modified (M), or Renamed (R) files. The filter character lines will always start with an upper-case 18 | # letter (commit hashes don't use them). Also ignore deleted files (D flag to --diff-filter) 19 | COMMIT_LOG="$(get-recipe-changes.sh)" 20 | 21 | echo "${COMMIT_LOG}" 22 | 23 | # Exit cleanly if there is no difference between master and master-next 24 | if [ -z "${COMMIT_LOG}" ]; then 25 | echo "No difference between master and master-next branches. Exiting..." 26 | exit 0 27 | fi 28 | 29 | RECIPE_NAME="" 30 | 31 | cd poky && source oe-init-build-env build 32 | export LANG=en_US.UTF-8 33 | 34 | RECIPE_LIST=$(get-bitbake-list.sh "${COMMIT_LOG}") 35 | 36 | echo ${RECIPE_LIST} | xargs bitbake 37 | echo "The following list was sent to bitbake: " 38 | for recipe in $RECIPE_LIST; do 39 | echo $recipe 40 | done 41 | volumeMounts: 42 | - name: build 43 | mountPath: /workspace 44 | -------------------------------------------------------------------------------- /meta-python/tasks/build-ptest-container.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: meta-python-build-ptest-container 6 | spec: 7 | steps: 8 | - name: build-ptest-image 9 | image: registry.hub.docker.com/threexc/yocto-builder:36 10 | workingDir: /workspace 11 | script: | 12 | #!/bin/bash -e 13 | # Add yocto-tekton repo to PATH 14 | export PATH="/workspace/yocto-tekton/meta-python/scripts:$PATH" 15 | 16 | # Move into poky directory, remove old conf, source build 17 | cd poky && source oe-init-build-env build 18 | export LANG=en_US.UTF-8 19 | 20 | bitbake meta-python-ptest-image 21 | echo "FROM scratch" > /workspace/poky/build/tmp/deploy/images/qemux86-64/Dockerfile 22 | echo "ADD meta-python-ptest-image-qemux86-64.tar.gz /" >> /workspace/poky/build/tmp/deploy/images/qemux86-64/Dockerfile 23 | volumeMounts: 24 | - name: build 25 | mountPath: /workspace 26 | - name: build-and-push-ptest-container 27 | image: gcr.io/kaniko-project/executor:latest 28 | command: 29 | - /kaniko/executor 30 | args: 31 | - --destination=megalith:31320/meta-python-ptest-image:latest 32 | - --context=dir:///workspace/poky/build/tmp/deploy/images/qemux86-64/ 33 | - --dockerfile=/workspace/poky/build/tmp/deploy/images/qemux86-64/Dockerfile 34 | - --skip-tls-verify 35 | volumeMounts: 36 | - name: build 37 | mountPath: /workspace 38 | -------------------------------------------------------------------------------- /meta-python/tasks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - update-workspace.yaml 3 | - setup-conf.yaml 4 | - build-patches.yaml 5 | - build-packagegroup.yaml 6 | - build-ptest-container.yaml 7 | - run-ptest.yaml 8 | -------------------------------------------------------------------------------- /meta-python/tasks/run-ptest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: meta-python-run-ptest 6 | spec: 7 | steps: 8 | - name: run-ptest 9 | image: yow-fedora-builder1:31320/meta-python-ptest-image:latest 10 | imagePullPolicy: Always 11 | command: 12 | - ptest-runner 13 | -------------------------------------------------------------------------------- /meta-python/tasks/setup-conf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: meta-python-setup-conf 6 | namespace: tekton-pipelines 7 | spec: 8 | steps: 9 | - name: setup-conf 10 | image: registry.hub.docker.com/threexc/yocto-builder:36 11 | workingDir: /workspace 12 | script: | 13 | #!/bin/bash 14 | if [ ! -d poky/build/conf/ ]; then 15 | cd poky && source oe-init-build-env build 16 | echo "BBLAYERS ?= \" \\ 17 | /workspace/poky/meta \\ 18 | /workspace/poky/meta-poky \\ 19 | /workspace/poky/meta-yocto-bsp \\ 20 | /workspace/meta-openembedded/meta-python \\ 21 | /workspace/meta-openembedded/meta-oe \\ 22 | /workspace/meta-openembedded/meta-networking \\ 23 | /workspace/meta-openembedded/meta-filesystems \\ 24 | /workspace/meta-openembedded/meta-webserver \\ 25 | \"" > conf/bblayers.conf 26 | # Add required elements to local.conf for ptest image build 27 | echo "INHERIT += \"testimage\"" >> conf/local.conf 28 | echo "TEST_SUITES = \"ping ssh rpm ptest\"" >> conf/local.conf 29 | echo "DISTRO_FEATURES:append = \" ptest\"" >> conf/local.conf 30 | echo "DISTRO_FEATURES:append = \" ptest systemd pam\"" >> conf/local.conf 31 | echo "FORTRAN:forcevariable = \",fortran\"" >> conf/local.conf 32 | echo "IMAGE_FSTYPES = \"tar.gz container\"" >> conf/local.conf 33 | echo "PREFERRED_PROVIDER_virtual/kernel = \"linux-dummy\"" >> conf/local.conf 34 | echo "BB_NUMBER_THREADS = \"8\"" >> conf/local.conf 35 | echo "PARALLEL_MAKE = \"-j 8\"" >> conf/local.conf 36 | fi 37 | volumeMounts: 38 | - name: build 39 | mountPath: /workspace 40 | -------------------------------------------------------------------------------- /meta-python/tasks/update-workspace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: Task 4 | metadata: 5 | name: meta-python-update-workspace 6 | namespace: tekton-pipelines 7 | spec: 8 | steps: 9 | - name: setup-workspace 10 | image: registry.hub.docker.com/threexc/yocto-builder:36 11 | workingDir: /workspace 12 | script: | 13 | #!/bin/bash -e 14 | 15 | if [ -d "poky/build/conf" ]; then 16 | echo "Clearing old build conf..." 17 | rm -rf poky/build/conf 18 | fi 19 | 20 | if [ -d "poky/build/tmp" ]; then 21 | echo "Clearing old build outputs..." 22 | rm -rf poky/build/tmp 23 | fi 24 | 25 | if [ ! -d "poky" ]; then 26 | echo "Cloning poky repo..." 27 | git clone https://git.yoctoproject.org/poky 28 | fi 29 | 30 | if [ ! -d "meta-openembedded" ]; then 31 | echo "Cloning meta-openembedded repo..." 32 | git clone https://git.openembedded.org/meta-openembedded 33 | fi 34 | 35 | if [ ! -d "yocto-tekton" ]; then 36 | echo "Cloning yocto-tekton repo..." 37 | git clone https://github.com/threexc/yocto-tekton.git 38 | fi 39 | volumeMounts: 40 | - name: build 41 | mountPath: /workspace 42 | 43 | - name: update-repos 44 | image: registry.hub.docker.com/threexc/yocto-builder:36 45 | workingDir: /workspace 46 | script: | 47 | #!/bin/bash -e 48 | echo "Rebasing poky to latest master..." 49 | (cd poky && git checkout master && git pull --rebase) 50 | 51 | echo "Rebasing meta-openembedded to latest master-next..." 52 | (cd meta-openembedded && git checkout master-next && git pull --rebase) 53 | 54 | echo "Rebasing yocto-tekton to latest master..." 55 | (cd yocto-tekton && git pull --rebase && git checkout main) 56 | volumeMounts: 57 | - name: build 58 | mountPath: /workspace 59 | -------------------------------------------------------------------------------- /meta-python/trigger_template.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: triggers.tekton.dev/v1alpha1 3 | kind: TriggerTemplate 4 | metadata: 5 | name: meta-python-nightly-template 6 | spec: 7 | resourcetemplates: 8 | - apiVersion: tekton.dev/v1beta1 9 | kind: PipelineRun 10 | metadata: 11 | generateName: meta-python-nightly- 12 | spec: 13 | pipelineRef: 14 | name: meta-python-nightly 15 | timeout: "3h" 16 | podTemplate: 17 | volumes: 18 | - name: build 19 | hostPath: 20 | path: /workspace/tekton/pipelines/meta-python 21 | -------------------------------------------------------------------------------- /yddtalk/2020/YP_DevDay_k8s_tekton.odp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/threexc/yocto-tekton/06b482eb2fa6eb256d848f387f41264ceb87c33f/yddtalk/2020/YP_DevDay_k8s_tekton.odp -------------------------------------------------------------------------------- /yddtalk/2020/YP_DevDay_k8s_tekton.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/threexc/yocto-tekton/06b482eb2fa6eb256d848f387f41264ceb87c33f/yddtalk/2020/YP_DevDay_k8s_tekton.pdf -------------------------------------------------------------------------------- /yddtalk/2020/worklist.md: -------------------------------------------------------------------------------- 1 | ## Yocto Dev Day/Summit Talk 2 | 3 | ### To Do 4 | 5 | 1. ~~General cleanup of yocto-tekton~~ - better, can continue as needed 6 | 2. ~~Helm chart for sstate deployment~~ - First iteration done 7 | - Helm chart for meta-python pipelines if possible 8 | 3. ~~Example using Tekton Triggers~~ - simple example including cronjob 9 | added 10 | 4. ~~Scheduler technique~~ - see #3 11 | - ~~Can be as simple as cron if other options too time-consuming to get 12 | ready~~ 13 | - ~~Current concept - deployment with pods running an image that 14 | contains a simple scheduler written in Go, takes queue requests 15 | (something based on [this](https://cloud.google.com/appengine/docs/standard/go111/taskqueue/push/example)?)~~ 16 | 5. Look into recording for slide content 17 | - Screenshots may be simpler for some cases? 18 | 6. Figure out QEMU with kvm in Docker, add to build pipeline and run meta-python-ptest-image 19 | 7. The presentation itself - LaTeX, PowerPoint, Google Slides? 20 | 21 | ### Presentation 22 | 23 | - Slide count? 24 | 25 | ### Topics 26 | 27 | 1. Welcome 28 | 2. - Names, roles, companies, etc. 29 | 3. Yocto CI/CD Intro 30 | - Autobuilder 31 | - Other solutions in use by maintainers, users, etc. 32 | 4. K8S Overview 33 | - Links to tutorials? 34 | - Advantages over bare metal 35 | 5. Tekton Overview 36 | - Compare with other tools 37 | 6. The Single-Machine Kubernetes Cluster With kubeadm 38 | - Hardware Specifications Used 39 | - Underlying OS 40 | - Setup Instructions - Quick Peek 41 | - Notes about variety of options 42 | - Mention Flannel, CoreDNS, CNI plugins fix 43 | 7. Tekton in Action 44 | - Fast-forwarded video of meta-python pipeline (or screenshots) 45 | 8. Application to meta-python maintenance 46 | - Mention limitations, e.g. problems with commit message syntax, 47 | need to set up QEMU in container to add to pipeline (if this has 48 | not been completed) 49 | - Show Dashboard Contents 50 | 9. Thoughts on Other Layers 51 | - poky as a whole should be easy 52 | - Figure out method for meta-oe, meta-networking if possible 53 | 10. Faster Builds - The Shared State Deployment 54 | - Performance on small/low power systems with a Full Shared State 55 | Cache 56 | - Explain PV, PVC 57 | 11. AWS Usage? 58 | 12. Useful Tools 59 | - k9s 60 | - Helm 61 | 13. Future Plans 62 | - Benchmark compilation like Openbenchmarking, KernelCI Dashboard, etc. 63 | 14. Where to Find Content 64 | - GitHub source 65 | 15. Questions? 66 | --------------------------------------------------------------------------------