From a214445dea9e0013661919fe605b5097765a0efd Mon Sep 17 00:00:00 2001
From: Victor Timofei <victor@vtimothy.com>
Date: Thu, 30 Dec 2021 13:34:42 +0200
Subject: [PATCH] Initial commit

---
 kustomization.yaml                   |  18 ++++
 pipelines/build-deploy-pipeline.yaml |  35 +++++++
 resources/argocd-task-cm.yaml        |   9 ++
 resources/build-task-cm.yaml         |   9 ++
 resources/kustomization.yaml         |  25 +++++
 resources/namespace.yaml             |   5 +
 resources/pipeline-admin-role.yaml   |  32 +++++++
 resources/secrets.yaml               |  25 +++++
 resources/secrets/.gitignore         |   1 +
 resources/triggers-admin-role.yaml   |  49 ++++++++++
 tasks/argocd-task.yaml               |  23 +++++
 tasks/build-task.yaml                |  38 ++++++++
 triggers/build-deploy-trigger.yaml   | 131 +++++++++++++++++++++++++++
 13 files changed, 400 insertions(+)
 create mode 100644 kustomization.yaml
 create mode 100644 pipelines/build-deploy-pipeline.yaml
 create mode 100644 resources/argocd-task-cm.yaml
 create mode 100644 resources/build-task-cm.yaml
 create mode 100644 resources/kustomization.yaml
 create mode 100644 resources/namespace.yaml
 create mode 100644 resources/pipeline-admin-role.yaml
 create mode 100644 resources/secrets.yaml
 create mode 100644 resources/secrets/.gitignore
 create mode 100644 resources/triggers-admin-role.yaml
 create mode 100644 tasks/argocd-task.yaml
 create mode 100644 tasks/build-task.yaml
 create mode 100644 triggers/build-deploy-trigger.yaml

diff --git a/kustomization.yaml b/kustomization.yaml
new file mode 100644
index 0000000..84533d9
--- /dev/null
+++ b/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Kustomize will add the namespace and labels to all files being kustomized
+namespace: tekton-argocd-example
+commonLabels:
+  pipeline: tekton
+  deploy: argocd
+
+resources:
+- resources/pipeline-admin-role.yml
+- resources/triggers-admin-role.yml
+- resources/build-task-cm.yml
+- resources/argocd-task-cm.yml
+- tasks/build-task.yml
+- tasks/argocd-task.yml
+- pipelines/build-deploy-pipeline.yml
+- triggers/build-deploy-trigger.yml
diff --git a/pipelines/build-deploy-pipeline.yaml b/pipelines/build-deploy-pipeline.yaml
new file mode 100644
index 0000000..3b33c6b
--- /dev/null
+++ b/pipelines/build-deploy-pipeline.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+  name: tekton-argocd-example-build-deploy-pipeline
+spec:
+  resources:
+    - name: git-app-repo
+      type: git
+    - name: image-registry
+      type: image
+  tasks:
+    - name: build-docker-image
+      taskRef:
+        name: build-docker-image
+      params:
+        - name: pathToDockerFile
+          value: Dockerfile
+        - name: pathToContext
+          value: /workspace/git-app-repo
+      resources:
+        inputs:
+          - name: git-app-repo
+            resource: git-app-repo
+        outputs:
+          - name: image-registry
+            resource: image-registry
+    - name: sync-application
+      taskRef:
+        name: argocd-task-sync-and-wait
+      runAfter:
+        - build-docker-image
+      params:
+        - name: flags
+          value: --insecure # needed in this example only because the Argo CD server is locally hosted
diff --git a/resources/argocd-task-cm.yaml b/resources/argocd-task-cm.yaml
new file mode 100644
index 0000000..9820285
--- /dev/null
+++ b/resources/argocd-task-cm.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-env-configmap
+data:
+  ARGOCD_SERVER: https://argocd.k8s-argocd.tk
+  ARGOCD_APPLICATION_NAME: tekton-pipeline-app
+  ARGOCD_APPLICATION_REVISION: HEAD
+
diff --git a/resources/build-task-cm.yaml b/resources/build-task-cm.yaml
new file mode 100644
index 0000000..42653f8
--- /dev/null
+++ b/resources/build-task-cm.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: build-task-configmap
+data:
+  DOCKER_TAG: "1.0.0"
+  DOCKER_IMAGE_NAME: hello-app
+  DOCKER_NAMESPACE: tekton-demo
diff --git a/resources/kustomization.yaml b/resources/kustomization.yaml
new file mode 100644
index 0000000..a753407
--- /dev/null
+++ b/resources/kustomization.yaml
@@ -0,0 +1,25 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: tekton-argocd-example
+commonLabels:
+  pipeline: tekton
+  deploy: argocd
+
+resources:
+- namespace.yaml
+- secrets.yaml
+
+# Generate secrets from <name>_secrets.env, appending the Base64-encoded values to the Secrets definition at the time of kustomize build
+secretGenerator:
+- behavior: merge
+  name: basic-git-app-repo-user-pass
+  type: kubernetes.io/basic-auth
+  env: secrets/git_app_secrets.env
+- behavior: merge
+  name: basic-docker-user-pass
+  type: kubernetes.io/basic-auth
+  env: secrets/docker_secrets.env
+- behavior: merge
+  name: argocd-env-secret
+  env: secrets/argocd_secrets.env
diff --git a/resources/namespace.yaml b/resources/namespace.yaml
new file mode 100644
index 0000000..8ffd2bb
--- /dev/null
+++ b/resources/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tekton-argocd-example
diff --git a/resources/pipeline-admin-role.yaml b/resources/pipeline-admin-role.yaml
new file mode 100644
index 0000000..ab98871
--- /dev/null
+++ b/resources/pipeline-admin-role.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pipeline-sa
+secrets:
+  - name: basic-docker-user-pass
+  - name: basic-git-app-repo-user-pass
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: pipeline-role
+rules:
+- apiGroups: ["extensions", "apps", ""]
+  resources: ["services", "deployments", "pods"]
+  verbs: ["get", "create", "update", "patch", "list", "delete"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: pipeline-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pipeline-role
+subjects:
+- kind: ServiceAccount
+  name: pipeline-sa
+  namespace: tekton-argocd-example
diff --git a/resources/secrets.yaml b/resources/secrets.yaml
new file mode 100644
index 0000000..feeb4f4
--- /dev/null
+++ b/resources/secrets.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-git-app-repo-user-pass
+  annotations:
+    # Replace <git_repo_url> with your git repo URL (e.g. https://github.com/d0-labs/tekton-pipeline-example-app)
+    tekton.dev/git-0: https://github.com/victor-timofei/tekton-pipeline-example-app
+type: kubernetes.io/basic-auth
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-docker-user-pass
+  annotations:
+    # Replace <docker_registry_url> with your docker registry URL (e.g. https://my-acr.azurecr.io)
+    tekton.dev/docker-0: https://hub.docker.com/u/vtimofei
+type: kubernetes.io/basic-auth
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-env-secret
diff --git a/resources/secrets/.gitignore b/resources/secrets/.gitignore
new file mode 100644
index 0000000..a6ef706
--- /dev/null
+++ b/resources/secrets/.gitignore
@@ -0,0 +1 @@
+*_secrets.env
diff --git a/resources/triggers-admin-role.yaml b/resources/triggers-admin-role.yaml
new file mode 100644
index 0000000..972f9ae
--- /dev/null
+++ b/resources/triggers-admin-role.yaml
@@ -0,0 +1,49 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-admin
+rules:
+- apiGroups:
+  - triggers.tekton.dev
+  resources:
+  - eventlisteners
+  - triggerbindings
+  - triggertemplates
+  verbs:
+  - get
+- apiGroups:
+  - tekton.dev
+  resources:
+  - pipelineruns
+  - pipelineresources
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-admin
+  
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-triggers-admin-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-admin
+    namespace: tekton-argocd-example
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tekton-triggers-admin
diff --git a/tasks/argocd-task.yaml b/tasks/argocd-task.yaml
new file mode 100644
index 0000000..b4a05ec
--- /dev/null
+++ b/tasks/argocd-task.yaml
@@ -0,0 +1,23 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: argocd-task-sync-and-wait
+spec:
+  params:
+    - name: flags
+      default: --
+    - name: argocd-version
+      default: v1.7.6
+  stepTemplate:
+    envFrom:
+      - configMapRef:
+          name: argocd-env-configmap  # used for server address
+      - secretRef:
+          name: argocd-env-secret  # used for authentication (username/password or auth token)
+  steps:
+    - name: argocd-app-sync
+      image: argoproj/argocd:$(params.argocd-version)
+      script: |
+        argocd login $ARGOCD_SERVER --grpc-web-root-path /argo-cd --username $ARGOCD_USERNAME --password $ARGOCD_PASSWORD
+        argocd app sync $ARGOCD_APPLICATION_NAME $(params.flags) --grpc-web-root-path /argo-cd --server $ARGOCD_SERVER
+        argocd app wait $ARGOCD_APPLICATION_NAME --health $(params.flags) --grpc-web-root-path /argo-cd --server $ARGOCD_SERVER
diff --git a/tasks/build-task.yaml b/tasks/build-task.yaml
new file mode 100644
index 0000000..677affe
--- /dev/null
+++ b/tasks/build-task.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: build-docker-image
+spec:
+  resources:
+    inputs:
+      - name: git-app-repo
+        type: git
+    outputs:
+      - name: image-registry
+        type: image
+  params:
+    - name: pathToDockerFile
+      description: Path to Dockerfile
+      default: Dockerfile
+    - name: pathToContext
+      description: The build context used by Kaniko
+      default: /workspace/git-app-repo
+
+  # Get our Docker image details from the build-task-configmap configmap
+  stepTemplate:
+    envFrom:
+      - configMapRef:
+          name: build-task-configmap
+  steps:
+    - name: build-and-push
+      image: gcr.io/kaniko-project/executor:v0.10.0
+      env:
+        - name: "DOCKER_CONFIG"
+          value: "/builder/home/.docker/"
+      command:
+        - /kaniko/executor
+      args:
+        - --dockerfile=$(params.pathToContext)/$(params.pathToDockerFile)
+        - --destination=$(resources.outputs.image-registry.url)/$(DOCKER_NAMESPACE)/$(DOCKER_IMAGE_NAME):$(DOCKER_TAG)
+        - --context=$(params.pathToContext)
diff --git a/triggers/build-deploy-trigger.yaml b/triggers/build-deploy-trigger.yaml
new file mode 100644
index 0000000..cee1857
--- /dev/null
+++ b/triggers/build-deploy-trigger.yaml
@@ -0,0 +1,131 @@
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+  name: tekton-argocd-example-build-tt
+spec:
+  params: 
+  - name: git-app-repo-url
+  - name: git-app-repo-name
+  - name: git-app-repo-revision
+  resourcetemplates:
+  - apiVersion: tekton.dev/v1alpha1
+    kind: PipelineResource
+    metadata:
+      name: git-app-repo-$(uid)
+      namespace: tekton-argocd-example
+      labels:
+        pipeline: tekton
+        deploy: argocd
+    spec:
+      params:
+      - name: url
+        value: $(tt.params.git-app-repo-url)
+      - name: revision
+        value: $(tt.params.git-app-repo-revision)
+      - name: git-app-repo-name
+        value: $(tt.params.git-app-repo-name)
+      type: git
+  - apiVersion: tekton.dev/v1alpha1
+    kind: PipelineResource
+    metadata:
+      name: image-registry-$(uid)
+      namespace: tekton-argocd-example
+      labels:
+        pipeline: tekton
+        deploy: argocd
+    spec:
+      params:
+      - name: url
+        # Replace <docker_registry_name> with your docker registry name (e.g. my-acr.azurecr.io)
+        value: "https://hub.docker.com/u/vtimofei"
+      type: image
+  - apiVersion: tekton.dev/v1alpha1
+    kind: PipelineRun
+    metadata:
+      generateName: tekton-argocd-example-build-deploy-pipeline-run-
+      namespace: tekton-argocd-example
+      labels:
+        pipeline: tekton
+        deploy: argocd
+    spec:
+      serviceAccountName: pipeline-sa
+      pipelineRef:
+        name: tekton-argocd-example-build-deploy-pipeline
+      resources:
+      - name: git-app-repo
+        resourceRef:
+          name: git-app-repo-$(uid)
+      - name: image-registry
+        resourceRef:
+          name: image-registry-$(uid)
+
+--- 
+
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerBinding
+metadata:
+  name: tekton-argocd-example-build-git-tb
+spec:
+  params:
+  - name: git-app-repo-url
+    # Replace with path to the JSON resource you want, based on the Git provider that you're using (e.g. for AzureDevOps: resource.repository.remoteUrl)
+    value: $(body.repository.url)
+  - name: git-app-repo-revision
+    value: master
+
+---
+
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: EventListener
+metadata:
+  name: tekton-argocd-example-build-el
+spec:
+  serviceAccountName: tekton-triggers-admin
+  triggers:
+  - bindings:
+    - ref: tekton-argocd-example-build-git-tb
+    template:
+      name: tekton-argocd-example-build-tt
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-app
+  namespace: argocd
+spec:
+  dnsNames:
+    - k8s-argocd.tk
+  secretName: argocd-app-tls
+  issuerRef:
+    name: letsencrypt-cluster-issuer
+    kind: ClusterIssuer
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tekton-argocd-example-build-el-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  rules:
+  - host: k8s-argocd.tk
+    http:
+      paths:
+      - path: /tekton-argocd-example-build-mapping/
+        pathType: Prefix
+        backend:
+          service: 
+            name: el-tekton-argocd-example-build-el
+            port:
+              number: 8080
+  tls:
+  - hosts:
+    - k8s-argocd.tk
+    secretName: argocd-app-tls
+