Tekton Pipelines - OpenShift Project Setup

Setting up Pipelines in an OpenShift project

In a later post, I’ll show you how to automate this setup across your whole cluster.

1. Select the Lab subdomain that you want to work with:

   labctx
   

2. Create an OpenShift project for our demonstration:

   oc login -u devuser https://api.okd4.${SUB_DOMAIN}.${LAB_DOMAIN}:6443
   oc new-project app-demo
   

3. Create a maven settings.xml file for your maven builds:

   Remember, our OpenShift cluster is on a disconnected network. This means that our Java builds will not be able to access Maven Central directly. So, we will leverage Nexus as a maven mirror. Nexus comes configured, out of the box, with a proxy for Maven Central already configured. We will leverage that.

   This ConfigMap will be mounted as a volume by our Tekton Task that builds Java applications.

   cat << EOF | oc apply -n app-demo -f -
   apiVersion: v1
   kind: ConfigMap
   metadata:
     name: maven-settings-xml
   data:
     settings.xml: |
       <?xml version="1.0" encoding="UTF-8"?>
       <settings>
         <mirrors>
           <mirror>
             <id>maven-public</id>
             <name>maven-public</name>
             <url>https://nexus.${LAB_DOMAIN}:8443/repository/maven-public/</url>
             <mirrorOf>*</mirrorOf>
           </mirror>
         </mirrors>
         <profiles>
           <profile>
             <id>maven-nexus-repo</id>
             <repositories>
               <repository>
                 <id>maven-public</id>
                 <name>maven-public</name>
                 <url>https://nexus.${LAB_DOMAIN}:8443/repository/maven-public/</url>
               </repository>
             </repositories>
           </profile>
         </profiles>
         <activeProfiles>
           <activeProfile>maven-nexus-repo</activeProfile>
         </activeProfiles>
       </settings>
   EOF
   

4. Install the pipelines resources:

   oc apply -f ${OKD_LAB_PATH}/okd-home-lab/pipelines/manifests/ -n app-demo
   

5. Create an authentication secret so that the pipeline service account can access gitea with the credentials we created above:

   Place the credentials into environment variables. We’re using the read shell command so that the username and password are not stored in the shell history.

   read GITEA_USER
   

   Type the service account user name that we created above and hit retrun:

   read GITEA_PASSWD
   

   Type the service account password that we created above and hit retrun:

   Now create a Kubernetes Secret with this information:

   cat << EOF | oc apply -n app-demo -f -
   apiVersion: v1
   kind: Secret
   metadata:
       name: gitea-secret
       annotations:
         tekton.dev/git-0: https://gitea.${LAB_DOMAIN}:3000
   type: kubernetes.io/basic-auth
   data:
     username: $(echo -n ${GITEA_USER} | base64)
     password: $(echo -n ${GITEA_PASSWD} | base64)
   EOF
   
   oc patch sa pipeline --type json --patch '[{"op": "add", "path": "/secrets/-", "value": {"name":"gitea-secret"}}]' -n app-demo
   

   Clear the environment variables:

   GITEA_USER=""
   GITEA_PASSWD=""
   

Finally, we are ready to write some code. So, let’s create a simple Quarkus application:

Quarkus Build & Deploy - Pipelines Demo