You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/SDDs/pages/0032-compile-pipeline.adoc
+33-17Lines changed: 33 additions & 17 deletions
Original file line number
Diff line number
Diff line change
@@ -44,8 +44,7 @@ This will go hand-in-hand with the existing repository management features in Li
44
44
=== Requirements for Pipeline Configuration
45
45
46
46
Lieutenant imposes certain assumptions on the configuration of the pipeline:
47
-
Namely, the pipeline has to be set up on the tenant repository by way of adding (arbitrary) files to the repository,
48
-
and it is configured through setting CI/CD variables on the repository.
47
+
Namely, the pipeline has to be set up on the tenant repository by way of adding (arbitrary) files to the repository, and it is configured through setting CI/CD variables on the repository.
49
48
50
49
In particular, Lieutenant configures the following CI/CD variables:
51
50
@@ -57,10 +56,10 @@ In particular, Lieutenant configures the following CI/CD variables:
57
56
58
57
=== GitRepo CRD
59
58
60
-
We add two new fields to the `GitRepoTemplate` (and, by extension, the `GitRepo`) CRD, under the `.spec` key, called `accessTokenSecretRef` and `ciVariables`.
59
+
We add two new fields to the `GitRepoTemplate` (and, by extension, the `GitRepo`) CRD, under the `.spec` key, called `accessTokenSecretName` and `ciVariables`.
61
60
62
-
The `accessTokenSecretRef` field contains a reference to a secret.
63
-
If it is set, the Lieutenant operator will store an access token into this secret, which can be used to access the git repository.
61
+
The `accessTokenSecretName` field contains a reference to a secret.
62
+
If it is set, the Lieutenant operator will store an access token into this secret, which can be used to access the Git repository.
64
63
In the case of GitLab, this would be a Project Access Token with read-write access to the repository.
65
64
66
65
The `ciVariables` field contains a dictionary describing variable names and corresponding values.
@@ -73,10 +72,15 @@ kind: GitRepo
73
72
metadata:
74
73
name: my-repo
75
74
spec:
76
-
accessTokenSecretRef: my-repo-access-token
75
+
accessTokenSecretName: my-repo-access-token
77
76
ciVariables:
78
-
COMMODORE_API_URL: ...
79
-
COMMODORE_API_TOKEN: ...
77
+
- name: COMMODORE_API_URL
78
+
value: ...
79
+
- name: COMMODORE_API_TOKEN
80
+
valueFrom:
81
+
secretKeyRef:
82
+
name: api-token-secret
83
+
key: token
80
84
----
81
85
82
86
=== Cluster CRD
@@ -109,9 +113,6 @@ The `compilePipeline` field contains a dict with the following fields:
109
113
110
114
* `clusters`: List of cluster IDs of clusters for which the compile pipeline should be executed.
111
115
This field is managed by the operator.
112
-
* `pipelineFiles`: Dictionary containing file paths as keys, and file contents as values.
113
-
These files will be added to the tenant's `gitRepoTemplate.templateFiles` by the Lieutenant operator.
114
-
This field is optional; if absent, no new template files are added to the `gitRepoTemplate`.
115
116
116
117
[source,yaml]
117
118
----
@@ -123,7 +124,23 @@ spec:
123
124
compilePipeline:
124
125
clusters:
125
126
- c-my-cluster
126
-
pipelineFiles:
127
+
----
128
+
129
+
=== In-Repo CI/CD pipeline configuration
130
+
131
+
Configuring the CI pipeline usually happens through files committed to the corresponding repository.
132
+
For a Lieutenant-managed pipeline configuration, these files should be managed by Lieutenant.
133
+
To achieve this, we can leverage the existing mechanism to commit template files to git repositories:
134
+
135
+
[source,yaml]
136
+
----
137
+
apiVersion: syn.tools/v1alpha1
138
+
kind: Tenant
139
+
metadata:
140
+
name: t-my-tenant
141
+
spec:
142
+
gitRepoTemplate:
143
+
templateFiles:
127
144
.gitlab-ci.yml: |
128
145
include:
129
146
- project: syn/commodore-compile-pipeline
@@ -132,6 +149,7 @@ spec:
132
149
133
150
----
134
151
152
+
135
153
=== Operator
136
154
137
155
The Lieutenant Operator will be extended to automatically manage the compile pipeline for repositories where this is enabled (by way of configuring the `compilePipeline` field on the tenant and the `enableCompilePipeline` field on the cluster).
@@ -141,7 +159,7 @@ This way, it is possible to enable auto-compilation for some, but not all cluste
141
159
142
160
The operator will reconcile *GitRepos* as follows:
143
161
144
-
* When `spec.accessTokenSecretRef` is set, the operator generates an access token for the corresponding repository (via the repository host's API, using the API secret in `.spec.apiSecretRef`), and writes this token into a secret with the given name.
162
+
* When `spec.accessTokenSecretName` is set, the operator generates an access token for the corresponding repository (via the repository host's API, using the API secret in `.spec.apiSecretRef`), and writes this token into a secret with the given name.
145
163
In the case of GitLab, this is a Project Access Token.
146
164
The operator also runs a scheduled job which refreshes these tokens when they are close to expiring, or when they no longer exist on the repository host.
147
165
* The content of `.spec.ciVariables` is written to the repository's configuration on the git host.
@@ -158,13 +176,11 @@ The operator will reconcile *Tenants* as follows:
158
176
159
177
* When `.spec.compilePipeline` exists and isn't empty, the following entries are added to the tenant repository GitRepo's `.spec.ciVariables`:
160
178
** `COMMODORE_API_URL`, containing the URL at which the Lieutenant API can be accessed.
161
-
** `COMMODORE_API_TOKEN`, containing the tenant's access token for the Lieutenant API.
179
+
** `COMMODORE_API_TOKEN`, containing a reference to the secret which contains the tenant's access token for the Lieutenant API.
162
180
** `CLUSTERS`, containing a space-separated list of cluster IDs taken directly from `.spec.compilePipeline.clusters`.
163
-
* For each entry in `.spec.compilePipeline.pipelineFiles` whose value isn't `{remove}`, a new corresponding entry is added to the tenant's `.spec.gitRepoTemplate.templateFiles`.
164
-
* For each entry in `.spec.compilePipeline.pipelineFiles` whose value is `{remove}`, the corresponding entry is removed from the tenant's `.spec.gitRepoTemplate.templateFiles`.
165
181
* For each entry in `.spec.compilePipeline.clusters`, another entry is added to the tenant repository GitRepo's `spec.ciVariabes`.
166
182
The key is `ACCESS_TOKEN_CLUSTERNAME`, where `CLUSTERNAME` is the ID of a specific cluster, with `-` replaced by `_`.
167
-
The value is the access token to access that cluster's catalog repository, taken from the secret specified in the catalog GitRepo configuration under `.spec.accessTokenSecretRef`.
183
+
The value is a reference to the secret containing the access token to access that cluster's catalog repository, taken from the secret specified in the catalog GitRepo configuration under `.spec.accessTokenSecretName`.
0 commit comments