metadata: name: kubernetesDeploy aliases: - name: deployToKubernetes deprecated: true description: Deployment to Kubernetes test or production namespace within the specified Kubernetes cluster. longDescription: |- Deployment to Kubernetes test or production namespace within the specified Kubernetes cluster. !!! note "Deployment supports multiple deployment tools" Currently the following are supported: * [Helm](https://helm.sh/) command line tool and [Helm Charts](https://docs.helm.sh/developing_charts/#charts). * [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) and `kubectl apply` command. ## Helm Following helm command will be executed by default: ``` helm upgrade --install --force --namespace --wait --timeout --set "image.repository=/,image.tag=,secret.dockerconfigjson=,ingress.hosts[0]=,,ingress.hosts[1]=,... ``` * `yourRegistry` will be retrieved from `containerRegistryUrl` * `yourImageName`, `yourImageTag` will be retrieved from `image` * `dockerSecret` will be calculated with a call to `kubectl create secret generic --from-file=.dockerconfigjson= --type=kubernetes.io/dockerconfigjson --insecure-skip-tls-verify=true --dry-run=client --output=json` spec: inputs: secrets: - name: kubeConfigFileCredentialsId description: Jenkins 'Secret file' credentials ID containing kubeconfig file. Details can be found in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/). aliases: - name: kubeCredentialsId deprecated: true type: jenkins - name: kubeTokenCredentialsId description: Jenkins 'Secret text' credentials ID containing token to authenticate to Kubernetes. This is an alternative way to using a kubeconfig file. Details can be found in the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/). aliases: - name: k8sTokenCredentialsId deprecated: true type: jenkins - name: dockerCredentialsId type: jenkins - name: dockerConfigJsonCredentialsId description: Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). type: jenkins - name: githubTokenCredentialsId description: Jenkins credentials ID containing the github token. type: jenkins resources: - name: deployDescriptor type: stash - name: downloadedArtifact type: stash params: - name: additionalParameters aliases: - name: helmDeploymentParameters type: "[]string" description: Defines additional parameters for "helm install" or "kubectl apply" command. scope: - PARAMETERS - STAGES - STEPS - name: apiServer aliases: - name: k8sAPIServer type: string description: Defines the Url of the API Server of the Kubernetes cluster. scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: appTemplate aliases: - name: k8sAppTemplate type: string description: Defines the filename for the kubernetes app template (e.g. k8s_apptemplate.yaml). longDescription: | There are two supported ways for the template rendering: 1. For a deployments using single image, you can use a placeholder ``, which will be replaced with the image GUN. ``` apiVersion: apps/v1 kind: Deployment metadata: name: app labels: app: app spec: replicas: 3 selector: matchLabels: app: app template: metadata: labels: app: app spec: containers: - name: app image: ``` 2. Helm styled templates, with the support for multi-image deployments. ``` apiVersion: apps/v1 kind: Deployment metadata: name: app labels: app: app spec: replicas: 3 selector: matchLabels: app: app template: metadata: labels: app: app spec: containers: - name: app-1 image: "{{ .Values.image.repository}}:{{ .Values.image.tag }}" - name: app-2 image: "{{ .Values.image.app_2.repository}}:{{ .Values.image.app_2.tag }}" ``` scope: - PARAMETERS - STAGES - STEPS - name: chartPath aliases: - name: helmChartPath type: string description: Defines the chart path for deployments using helm. It is a mandatory parameter when `deployTool:helm` or `deployTool:helm3`. scope: - GENERAL - PARAMETERS - STAGES - STEPS resourceRef: - name: commonPipelineEnvironment param: custom/localHelmChartPath - name: containerRegistryPassword description: Password for container registry access - typically provided by the CI/CD environment. type: string scope: - PARAMETERS - STAGES - STEPS secret: true resourceRef: - name: dockerCredentialsId type: secret param: password - name: commonPipelineEnvironment param: container/repositoryPassword - name: commonPipelineEnvironment param: custom/repositoryPassword - name: containerImageName aliases: - name: dockerImageName type: string description: Name of the container which will be built - will be used together with `containerImageTag` instead of parameter `containerImage` scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: containerImageTag aliases: - name: artifactVersion type: string description: Tag of the container which will be built - will be used together with `containerImageName` instead of parameter `containerImage` scope: - GENERAL - PARAMETERS - STAGES - STEPS resourceRef: - name: commonPipelineEnvironment param: artifactVersion - name: containerRegistryUrl aliases: - name: dockerRegistryUrl type: string description: http(s) url of the Container registry where the image to deploy is located. resourceRef: - name: commonPipelineEnvironment param: container/registryUrl scope: - GENERAL - PARAMETERS - STAGES - STEPS mandatory: true - name: containerRegistryUser description: Username for container registry access - typically provided by the CI/CD environment. type: string scope: - PARAMETERS - STAGES - STEPS secret: true resourceRef: - name: dockerCredentialsId type: secret param: username - name: commonPipelineEnvironment param: container/repositoryUsername - name: commonPipelineEnvironment param: custom/repositoryUsername - name: containerRegistrySecret description: Name of the container registry secret used for pulling containers from the registry. longDescription: |- Name of the container registry secret used for pulling containers from the registry. **For `deployTool: helm/helm3`:**
If `containerRegistryUser` and `containerRegistryPassword` are provided, a secret is created on the fly and the information is passed to the helm template.
**For `deployTool: kubectl`:**
If `containerRegistryUser` and `containerRegistryPassword` are provided, a secret with the given name will be created in the Kubernetes cluster. If neither `containerRegistryUser` nor `containerRegistryPassword` are provided, it is expected that a secret with the configured name exists in the target Kubernetes cluster.
type: string scope: - PARAMETERS - STAGES - STEPS default: regsecret - name: createDockerRegistrySecret type: bool description: "Only for `deployTool:kubectl`: Toggle to turn on `containerRegistrySecret` creation." scope: - PARAMETERS - STAGES - STEPS default: false - name: deploymentName aliases: - name: helmDeploymentName type: string description: Defines the name of the deployment. It is a mandatory parameter when `deployTool:helm` or `deployTool:helm3`. scope: - PARAMETERS - STAGES - STEPS - name: deployTool type: string description: Defines the tool which should be used for deployment. mandatory: true scope: - PARAMETERS - STAGES - STEPS default: kubectl possibleValues: - kubectl - helm - helm3 - name: forceUpdates aliases: - name: force type: bool description: "Adds `--force` flag to a helm resource update command or to a kubectl replace command" mandatory: false scope: - PARAMETERS - STAGES - STEPS default: true - name: helmDeployWaitSeconds type: int description: Number of seconds before helm deploy returns. scope: - PARAMETERS - STAGES - STEPS default: 300 - name: helmTestWaitSeconds type: int description: Number of seconds to wait for any individual Kubernetes operation (like Jobs for hooks). See https://helm.sh/docs/helm/helm_test/#options for further details scope: - PARAMETERS - STAGES - STEPS default: 300 - name: helmValues type: "[]string" description: List of helm values as YAML file reference or URL (as per helm parameter description for `-f` / `--values`) scope: - PARAMETERS - STAGES - STEPS - name: valuesMapping type: "map[string]interface{}" longDescription: | Mapping of values provided by Piper onto custom paths in format `[custom-path]: [piper-value]` Example: ```yaml valuesMapping: subchart.image.tag: image.debug.tag subchart.image.repository: image.debug.repository subchart.image.pullsecret: secret.dockerconfigjson ``` scope: - PARAMETERS - STAGES - STEPS - name: renderSubchartNotes type: bool description: If set, render subchart notes along with the parent. default: true scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: githubToken description: "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line" scope: - GENERAL - PARAMETERS - STAGES - STEPS type: string secret: true aliases: - name: access_token resourceRef: - name: githubTokenCredentialsId type: secret - type: vaultSecret default: github name: githubVaultSecretName - name: image aliases: - name: deployImage type: string description: Full name of the image to be deployed. deprecationMessage: This parameter is deprecated, please use [containerImageName](#containerimagename) and [containerImageTag](#containerimagetag) resourceRef: - name: commonPipelineEnvironment param: container/imageNameTag scope: - PARAMETERS - STAGES - STEPS - name: imageNames type: "[]string" description: List of names of the images to be deployed. resourceRef: - name: commonPipelineEnvironment param: container/imageNames scope: - PARAMETERS - STAGES - STEPS - name: imageNameTags type: "[]string" description: List of full names (registry and tag) of the images to be deployed. resourceRef: - name: commonPipelineEnvironment param: container/imageNameTags scope: - PARAMETERS - STAGES - STEPS - name: imageDigests type: "[]string" description: List of image digests of the images to be deployed, in the format `sha256:`. If provided, image digests will be appended to the image tag, e.g. `/:@` resourceRef: - name: commonPipelineEnvironment param: container/imageDigests scope: - PARAMETERS - STAGES - STEPS - name: ingressHosts type: "[]string" description: (Deprecated) List of ingress hosts to be exposed via helm deployment. longDescription: |- **DEPRECATED**
List of ingress hosts to be exposed via helm deployment.
Host names are passed to helm template via ingress configuration.
This requires a modification to the default helm template, thus it is not recommended. Recommendation is to use custom values and pass them via parameter `helmValues`.
Since helm supports multiple files on top of the `values.yaml`, landscape-specific attributes can be passed via a specific file. scope: - PARAMETERS - STAGES - STEPS - name: keepFailedDeployments type: bool description: Defines whether a failed deployment will be purged default: false scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: runHelmTests type: bool description: Defines whether or not to run helm tests against the recently deployed release default: false scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: showTestLogs type: bool description: Defines whether to print the pod logs after running helm tests default: false scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: kubeConfig type: string description: Defines the path to the "kubeconfig" file. scope: - GENERAL - PARAMETERS - STAGES - STEPS secret: true resourceRef: - name: kubeConfigFileCredentialsId type: secret - type: vaultSecretFile name: kubeConfigFileVaultSecretName default: kube-config - name: kubeContext type: string description: Defines the context to use from the "kubeconfig" file. scope: - PARAMETERS - STAGES - STEPS - name: kubeToken type: string description: Contains the id_token used by kubectl for authentication. Consider using kubeConfig parameter instead. scope: - GENERAL - PARAMETERS - STAGES - STEPS secret: true resourceRef: - name: kubeTokenCredentialsId type: secret - name: namespace aliases: - name: helmDeploymentNamespace - name: k8sDeploymentNamespace type: string description: Defines the target Kubernetes namespace for the deployment. scope: - PARAMETERS - STAGES - STEPS default: default - name: tillerNamespace aliases: - name: helmTillerNamespace type: string description: Defines optional tiller namespace for deployments using helm. scope: - PARAMETERS - STAGES - STEPS - name: dockerConfigJSON type: string description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/). scope: - PARAMETERS - STAGES - STEPS secret: true default: '.pipeline/docker/config.json' resourceRef: - name: dockerConfigJsonCredentialsId type: secret - type: vaultSecretFile name: dockerConfigFileVaultSecretName default: docker-config - name: deployCommand type: string description: "Only for `deployTool: kubectl`: defines the command `apply` or `replace`. The default is `apply`." mandatory: false scope: - PARAMETERS - STAGES - STEPS default: apply possibleValues: - apply - replace - name: setupScript type: string description: HTTP location of setup script longDescription: | For helm-based deploymens only! HTTP location of setup script. The script will be downloaded from a GitHub location using the `githubToken` and executed before the installation of the helm package. scope: - PARAMETERS - STAGES - STEPS - name: verificationScript type: string description: HTTP location of verification script longDescription: | For helm-based deploymens only! HTTP location of verification script. The script will be downloaded from a GitHub location using the `githubToken` and executed after installation of the helm package. It can be used to verify if all required artifacts are ready before progressing with for example `helmTest` using the step option `runHelmTests: true` scope: - PARAMETERS - STAGES - STEPS - name: teardownScript type: string description: HTTP location of teardown script longDescription: | For helm-based deploymens only! HTTP location of setup script. The script will be downloaded from a GitHub location using the `githubToken` and executed at the end of the step. This can for example be used in order to remove a temporary namespace which was created for the test. scope: - PARAMETERS - STAGES - STEPS containers: - image: dtzar/helm-kubectl:3 workingDir: /config options: - name: -u value: "0" conditions: - conditionRef: strings-equal params: - name: deployTool value: helm3 - image: dtzar/helm-kubectl:2.17.0 workingDir: /config options: - name: -u value: "0" conditions: - conditionRef: strings-equal params: - name: deployTool value: helm - image: dtzar/helm-kubectl:2.17.0 workingDir: /config options: - name: -u value: "0" conditions: - conditionRef: strings-equal params: - name: deployTool value: kubectl