cgruver

cgruver

OpenShift Pipelines (Tekton) - Triggers with a cup of Gitea - Cluster Setup

Set Up The Cluster Resources

Before we create an application and CI/CD resources for it, we need to setup and configure some resources:

  1. Install a Gitea server

  2. Set up our OpenShift cluster to trust the TLS cert on Routes

  3. Configure Gitea organization and teams for this demo

  4. Install a Tekton Interceptor for Gitea

Install a Gitea server to be our SCM for this demo

In resources that you cloned I have provided a demo Deployment of Gitea for us to use. Check out Gitea here: https://gitea.io/en-us/

Let’s install that first. Note: This assumes that you are using Code Ready Containers. If you are not, then you will need to modify the PersistentVolumeClaim in this YAML file.

  1. Create a Namespace for the Gitea server:

    oc new-project gitea

  2. Create the Gitea server:

    oc apply -f ~/tekton-tutorial/gitea-demo/gitea-server.yaml -n gitea

  3. Create a edge terminated TLS route for Gitea

    oc create route edge gitea --service=gitea-http -n gitea

Trust the Cluster Cert on the Gitea Route

  1. Grab the self-signed certificate from the Gitea Route:

    ROUTE_CERT=$(openssl s_client -showcerts -connect $(oc get route gitea -o=jsonpath='{.spec.host}' -n gitea):443 </dev/null 2>/dev/null|openssl x509 -outform PEM | while read line; do echo "    $line"; done)

  2. Create a ConfigMap in the openshift-config namespace

    cat << EOF | oc apply -n openshift-config -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: demo-ca
data:
  ca-bundle.crt: |
    # CRC Route Cert
${ROUTE_CERT}

EOF

  3. Patch the default Proxy instance for the OpenShift cluster:

    Note: This will cause Code Ready Containers to stop. In a real cluster this would be a rolling restart of your nodes.

    oc patch proxy cluster --type=merge --patch '{"spec":{"trustedCA":{"name":"demo-ca"}}}'

  4. Wait for Code Ready Containers to shutdown:

    Run the following command:

    crc status

    Wait until it indicates that the CRC VM has stopped.

    CRC VM:          Stopped
OpenShift:       Stopped (v4.10.9)
Podman:          
Disk Usage:      0B of 0B (Inside the CRC VM)
Cache Usage:     17.6GB
Cache Directory: /Users/charrogruver/.crc/cache

  5. Restart Code Ready Containers:

    crc start

Configure Gitea

  1. Log into your Gitea server:

    Get the URL for the Gitea route:

    echo "https://$(oc get route gitea -o=jsonpath='{.spec.host}' -n gitea)"

    Copy that URL into your browser and log into the Gitea server.

    Note: The initial admin user credentials are:

    User Name: gitea
    Password: password

    You will be prompted to change the admin user’s password.

    Note: You also have a developer user, developer who’s initial password is also password.

  2. Select Site Administration from the drop down menu in the top right corner:

    Gitea Admin

  3. Select User Accounts:

    Gitea Users

  4. Create a Service Account for our demo:

    Service Account

  5. Update the service account by unchecking May Create Organizations

    Update Service Account

  6. Go back to Site Administration and select Organizations:

    Organizations

  7. Create an Organization for the demo code:

    Create Organization

  8. From the new Organization, select View Demo on the right hand side of the screen:

    demo team

  9. From the new Organization, select the Owners Team from the Teams menu on the right hand of the screen:

    Owners Team

  10. Add your developer account as a Team member:

    Add Dev User

  11. Go back to the demo Organization and this time select New Team from the right hand menu:

    Create a team as shown for the demo service account:

    Create Team - 1

  12. Go back to the demo Organization and select the new demo-sa Team from the right hand menu:

    Add User to Team

  13. Add the demo-sa user to the Team:

    Add User to Team

  14. Logout of Gitea.

Create Credentials For Your Gitea developer Account

  1. Log into the Gitea server with the userid developer and password password

    Gitea Devuser

  2. You will be prompted to create a new password:

    Gitea Devuser

Install the Gitea Tekton Interceptor:

  1. Note: You will need to be logged in as a cluster administrator for this step.

    If you are using CRC then do this:

    crc console --credentials

    Use the password in the output to log into the cluster:

    crc login -u kubeadmin https://api.crc.testing:6443

  2. Create the Interceptor:

    oc apply -f ~/tekton-tutorial/gitea-demo/gitea-interceptor.yaml -n openshift-pipelines

  3. Create a edge terminated TLS route for the Interceptor:

    oc create route edge gitea-interceptor --service=gitea-interceptor -n openshift-pipelines

Note: If you are curious, the code for the Interceptor is here: https://github.com/cgruver/gitea-interceptor

Install The Pipeline Resources

Note: You will need to be logged in as a cluster administrator for this step.

  1. Install the provided Templates into the openshift namespace:

    oc apply -f ~/tekton-tutorial/gitea-demo/pipeline-manifests/templates/

  2. Install the ClusterTasks:

    oc apply -f ~/tekton-tutorial/gitea-demo/pipeline-manifests/clusterTasks/

Now, let’s create a Quarkus application and deploy it!

OpenShift Pipelines (Tekton) - Triggers with a cup of Gitea - Quarkus Demo