cat <<'EOF' > ootb-templates-ecr-repo-template.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: ootb-templates-ecr-repo-template
namespace: tap-install
type: Opaque
stringData:
ecr-repo-template.yaml: |
apiVersion: v1
kind: Namespace
metadata:
name: tekton-tasks
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: create-ecr-repo
namespace: tekton-tasks
spec:
params:
- name: namespace
type: string
- name: workload-name
type: string
steps:
- name: check
image: bitnami/aws-cli
script: |
#!/bin/bash
check_and_create_repository() {
local repository_name=$1
aws ecr describe-repositories --repository-names "$repository_name" > /dev/null 2>&1
if [ $? -eq 254 ]; then
echo "Repository '$repository_name' does not exist. Creating repository..."
aws ecr create-repository --repository-name "$repository_name"
else
echo "Repository '$repository_name' already exists."
fi
}
WORKLOAD_NAME="$(params.workload-name)"
NAMESPACE="$(params.namespace)"
check_and_create_repository tanzu-application-platform/${WORKLOAD_NAME}-${NAMESPACE}
check_and_create_repository tanzu-application-platform/${WORKLOAD_NAME}-${NAMESPACE}-bundle
securityContext:
runAsUser: 0
---
#@ load("@ytt:data", "data")
apiVersion: carto.run/v1alpha1
kind: ClusterSourceTemplate
metadata:
name: ecr-repo-template
spec:
params:
- name: serviceAccount
default: default
urlPath: .spec.params[?(@.name=="source-url")].value
revisionPath: .spec.params[?(@.name=="source-revision")].value
lifecycle: tekton
#@ label_exclusions = "[\"" + "\", \"".join(data.values.label_propagation_exclusions) + "\"]"
#@yaml/text-templated-strings
ytt: |
#@ load("@ytt:data", "data")
#@ def merge_labels(fixed_values):
#@ labels = {}
#@ if hasattr(data.values.workload.metadata, "labels"):
#@ exclusions = (@= label_exclusions @)
#@ for k,v in dict(data.values.workload.metadata.labels).items():
#@ if k not in exclusions:
#@ labels[k] = v
#@ end
#@ end
#@ end
#@ labels.update(fixed_values)
#@ return labels
#@ end
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: #@ data.values.workload.metadata.name + "-ecr-repo-"
labels: #@ merge_labels({ "app.kubernetes.io/component": "ecr-repo" })
spec:
serviceAccountName: #@ data.values.params.serviceAccount
taskRef:
resolver: cluster
params:
- name: kind
value: task
- name: namespace
value: tekton-tasks
- name: name
value: create-ecr-repo
params:
- name: namespace
value: #@ data.values.workload.metadata.namespace
- name: workload-name
value: #@ data.values.workload.metadata.name
- name: source-url
value: #@ data.values.source.url
- name: source-revision
value: #@ data.values.source.revision
---
EOF
kubectl apply -f ootb-templates-ecr-repo-template.yaml
cat <<'EOF' > ootb-supply-chain-add-ecr-repo-template.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: ootb-supply-chain-add-ecr-repo-template
namespace: tap-install
type: Opaque
stringData:
add-ecr-repo-template.yaml: |
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.and_op(overlay.subset({"kind": "ClusterSupplyChain"}), lambda i,left,right: left["metadata"]["name"].startswith("source-")), expects="1+"
---
spec:
resources:
#@overlay/match by=overlay.subset({"name": "source-tester"})
#@overlay/insert before=True
- name: ecr-repo
templateRef:
kind: ClusterSourceTemplate
name: ecr-repo-template
sources:
- resource: source-provider
name: source
#@overlay/match by="name"
- name: source-tester
sources:
#@overlay/match by="name"
- name: source
resource: ecr-repo
---
EOF
kubectl apply -f ootb-supply-chain-add-ecr-repo-template.yaml
package_overlays:
#! Multi Cluster構成の場合はBuild Clusterにて
- name: ootb-templates
secrets:
- name: ootb-templates-ecr-repo-template
- name: ootb-supply-chain-testing-scanning
secrets:
- name: ootb-supply-chain-add-ecr-repo-template
tanzu package installed update -n tap-install tap --values-file tap-values.yaml
$ kubectl get clustersourcetemplate
NAME AGE
delivery-source-template 157m
ecr-repo-template 40s
source-scanner-template 157m
source-template 157m
testing-pipeline 157m
$ kubectl get task -n tekton-tasks
NAME AGE
create-ecr-repo 38s
$ kubectl get clustersupplychain -oyaml | grep 'name: ecr-repo' -A 10 -B 10
resources:
- name: source-provider
params:
- default: default
name: serviceAccount
- default: go-git
name: gitImplementation
templateRef:
kind: ClusterSourceTemplate
name: source-template
- name: ecr-repo
sources:
- name: source
resource: source-provider
templateRef:
kind: ClusterSourceTemplate
name: ecr-repo-template
- name: source-tester
sources:
- name: source
resource: ecr-repo
templateRef:
kind: ClusterSourceTemplate
name: testing-pipeline
- name: image-provider
params:
- default: default
tanzu apps workload delete hello-nodejs -n demo -y
tanzu apps workload apply hello-nodejs \
--app hello-nodejs \
--git-repo https://github.com/making/hello-nodejs \
--git-branch master \
--type web \
--label apps.tanzu.vmware.com/has-tests=true \
-n demo \
-y
$ tanzu apps workload get hello-nodejs --namespace demo
📡 Overview
name: hello-nodejs
type: web
namespace: demo
💾 Source
type: git
url: https://github.com/making/hello-nodejs
branch: master
revision: master@sha1:76f84e92aa878f170b5b5010bf4cd7cabfbf7e53
📦 Supply Chain
name: source-test-scan-to-url
NAME READY HEALTHY UPDATED RESOURCE
source-provider True True 5m47s gitrepositories.source.toolkit.fluxcd.io/hello-nodejs
ecr-repo True True 5m34s taskruns.tekton.dev/hello-nodejs-ecr-repo-46rhz
source-tester True True 5m17s runnables.carto.run/hello-nodejs
image-provider True True 4m7s images.kpack.io/hello-nodejs
image-scanner True True 3m38s imagescans.scanning.apps.tanzu.vmware.com/hello-nodejs
config-provider True True 3m35s podintents.conventions.carto.run/hello-nodejs
app-config True True 3m35s configmaps/hello-nodejs
service-bindings True True 3m35s configmaps/hello-nodejs-with-claims
api-descriptors True True 3m35s configmaps/hello-nodejs-with-api-descriptors
config-writer True True 3m29s taskruns.tekton.dev/hello-nodejs-config-writer-l9grv
🚚 Delivery
name: delivery-basic
NAME READY HEALTHY UPDATED RESOURCE
source-provider True True 2m43s imagerepositories.source.apps.tanzu.vmware.com/hello-nodejs-delivery
deployer True True 2m29s apps.kappctrl.k14s.io/hello-nodejs
💬 Messages
No messages found.
🛶 Pods
NAME READY STATUS RESTARTS AGE
hello-nodejs-00001-deployment-7d8b56d559-x7shd 2/2 Terminating 0 70s
hello-nodejs-build-1-build-pod 0/1 Completed 0 5m16s
hello-nodejs-config-writer-l9grv-pod 0/1 Completed 0 3m35s
hello-nodejs-ecr-repo-46rhz-pod 0/1 Completed 0 5m47s
hello-nodejs-kqn25-test-pod 0/1 Completed 0 5m32s
scan-hello-nodejs-c6xh4-pod 0/6 Completed 0 4m6s
🚢 Knative Services
NAME READY URL
hello-nodejs Ready https://hello-nodejs.demo.tap.57.180.147.144.sslip.io
To see logs: "tanzu apps workload tail hello-nodejs --namespace demo --timestamp --since 1h"
$ kubectl logs -n demo hello-nodejs-ecr-repo-46rhz-pod
Defaulted container "step-check" out of: step-check, prepare (init), place-scripts (init)
Repository 'tanzu-application-platform/hello-nodejs-demo' already exists.
Repository 'tanzu-application-platform/hello-nodejs-demo-bundle' already exists.
tanzu apps workload apply hello-nodejs2 \
--app hello-nodejs2 \
--git-repo https://github.com/making/hello-nodejs \
--git-branch master \
--type web \
--label apps.tanzu.vmware.com/has-tests=true \
-n demo \
-y
$ tanzu apps workload get hello-nodejs2 --namespace demo
📡 Overview
name: hello-nodejs2
type: web
namespace: demo
💾 Source
type: git
url: https://github.com/making/hello-nodejs
branch: master
revision: master@sha1:76f84e92aa878f170b5b5010bf4cd7cabfbf7e53
📦 Supply Chain
name: source-test-scan-to-url
NAME READY HEALTHY UPDATED RESOURCE
source-provider True True 3m26s gitrepositories.source.toolkit.fluxcd.io/hello-nodejs2
ecr-repo True True 3m13s taskruns.tekton.dev/hello-nodejs2-ecr-repo-xqr9n
source-tester True True 2m47s runnables.carto.run/hello-nodejs2
image-provider True True 2m16s images.kpack.io/hello-nodejs2
image-scanner True True 109s imagescans.scanning.apps.tanzu.vmware.com/hello-nodejs2
config-provider True True 102s podintents.conventions.carto.run/hello-nodejs2
app-config True True 102s configmaps/hello-nodejs2
service-bindings True True 102s configmaps/hello-nodejs2-with-claims
api-descriptors True True 102s configmaps/hello-nodejs2-with-api-descriptors
config-writer True True 95s taskruns.tekton.dev/hello-nodejs2-config-writer-22gbh
🚚 Delivery
name: delivery-basic
NAME READY HEALTHY UPDATED RESOURCE
source-provider True True 82s imagerepositories.source.apps.tanzu.vmware.com/hello-nodejs2-delivery
deployer True True 47s apps.kappctrl.k14s.io/hello-nodejs2
💬 Messages
No messages found.
🛶 Pods
NAME READY STATUS RESTARTS AGE
hello-nodejs2-00001-deployment-8bbbfb579-czh7q 2/2 Terminating 0 82s
hello-nodejs2-build-1-build-pod 0/1 Completed 0 2m46s
hello-nodejs2-config-writer-22gbh-pod 0/1 Completed 0 105s
hello-nodejs2-ecr-repo-xqr9n-pod 0/1 Completed 0 3m26s
hello-nodejs2-ps6vp-test-pod 0/1 Completed 0 3m7s
scan-hello-nodejs2-njfvs-pod 0/6 Completed 0 2m16s
🚢 Knative Services
NAME READY URL
hello-nodejs2 Ready https://hello-nodejs2.demo.tap.57.180.147.144.sslip.io
To see logs: "tanzu apps workload tail hello-nodejs2 --namespace demo --timestamp --since 1h"
$ kubectl logs -n demo hello-nodejs2-ecr-repo-xqr9n-pod
Defaulted container "step-check" out of: step-check, prepare (init), place-scripts (init)
Repository 'tanzu-application-platform/hello-nodejs2-demo' does not exist. Creating repository...
{
"repository": {
"repositoryArn": "arn:aws:ecr:ap-northeast-1:532912407632:repository/tanzu-application-platform/hello-nodejs2-demo",
"registryId": "532912407632",
"repositoryName": "tanzu-application-platform/hello-nodejs2-demo",
"repositoryUri": "532912407632.dkr.ecr.ap-northeast-1.amazonaws.com/tanzu-application-platform/hello-nodejs2-demo",
"createdAt": "2023-12-18T09:14:57+00:00",
"imageTagMutability": "MUTABLE",
"imageScanningConfiguration": {
"scanOnPush": false
},
"encryptionConfiguration": {
"encryptionType": "AES256"
}
}
}
Repository 'tanzu-application-platform/hello-nodejs2-demo-bundle' does not exist. Creating repository...
{
"repository": {
"repositoryArn": "arn:aws:ecr:ap-northeast-1:532912407632:repository/tanzu-application-platform/hello-nodejs2-demo-bundle",
"registryId": "532912407632",
"repositoryName": "tanzu-application-platform/hello-nodejs2-demo-bundle",
"repositoryUri": "532912407632.dkr.ecr.ap-northeast-1.amazonaws.com/tanzu-application-platform/hello-nodejs2-demo-bundle",
"createdAt": "2023-12-18T09:14:59+00:00",
"imageTagMutability": "MUTABLE",
"imageScanningConfiguration": {
"scanOnPush": false
},
"encryptionConfiguration": {
"encryptionType": "AES256"
}
}
}