jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Code Issues Releases Activity
e727601ea4
sap-jenkins-library/resources/metadata/kubernetesDeploy.yaml
Oliver Nocon a76b9d563d
feat(kubernetesDeploy): consume credentials from environment (#3129) 
* feat(kubernetesDeploy): consume credentials from environment

* update vault

* update handling of docker config.json

* chore: remove comments
2021-12-02 12:18:21 +01:00

374 lines
13 KiB
YAML
Raw Blame History

metadata:
name: kubernetesDeploy
aliases:
- name: deployToKubernetes
deprecated: true
description: Deployment to Kubernetes test or production namespace within the specified Kubernetes cluster.
longDescription: |-
Deployment to Kubernetes test or production namespace within the specified Kubernetes cluster.
!!! note "Deployment supports multiple deployment tools"
Currently the following are supported:
* [Helm](https://helm.sh/) command line tool and [Helm Charts](https://docs.helm.sh/developing_charts/#charts).
* [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) and `kubectl apply` command.
## Helm
Following helm command will be executed by default:
```
helm upgrade <deploymentName> <chartPath> --install --force --namespace <namespace> --wait --timeout <helmDeployWaitSeconds> --set "image.repository=<yourRegistry>/<yourImageName>,image.tag=<yourImageTag>,secret.dockerconfigjson=<dockerSecret>,ingress.hosts[0]=<ingressHosts[0]>,,ingress.hosts[1]=<ingressHosts[1]>,...
```
* `yourRegistry` will be retrieved from `containerRegistryUrl`
* `yourImageName`, `yourImageTag` will be retrieved from `image`
* `dockerSecret` will be calculated with a call to `kubectl create secret docker-registry regsecret --docker-server=<yourRegistry> --docker-username=<containerRegistryUser> --docker-password=<containerRegistryPassword> --dry-run=true --output=json'`
spec:
inputs:
secrets:
- name: kubeConfigFileCredentialsId
description: Jenkins 'Secret file' credentials ID containing kubeconfig file. Details can be found in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/).
aliases:
- name: kubeCredentialsId
deprecated: true
type: jenkins
- name: kubeTokenCredentialsId
description: Jenkins 'Secret text' credentials ID containing token to authenticate to Kubernetes. This is an alternative way to using a kubeconfig file. Details can be found in the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/).
aliases:
- name: k8sTokenCredentialsId
deprecated: true
type: jenkins
- name: dockerCredentialsId
type: jenkins
- name: dockerConfigJsonCredentialsId
description: Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)).
type: jenkins
resources:
- name: deployDescriptor
type: stash
params:
- name: additionalParameters
aliases:
- name: helmDeploymentParameters
type: "[]string"
description: Defines additional parameters for "helm install" or "kubectl apply" command.
scope:
- PARAMETERS
- STAGES
- STEPS
- name: apiServer
aliases:
- name: k8sAPIServer
type: string
description: Defines the Url of the API Server of the Kubernetes cluster.
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name: appTemplate
aliases:
- name: k8sAppTemplate
type: string
description: 'Defines the filename for the kubernetes app template (e.g. k8s_apptemplate.yaml). Within this file `image` needs to be set as `image: <image-name>` for the image to be overwritten with other parameters.'
scope:
- PARAMETERS
- STAGES
- STEPS
- name: chartPath
aliases:
- name: helmChartPath
type: string
description: Defines the chart path for deployments using helm. It is a mandatory parameter when `deployTool:helm` or `deployTool:helm3`.
scope:
- PARAMETERS
- STAGES
- STEPS
- name: containerRegistryPassword
description: Password for container registry access - typically provided by the CI/CD environment.
type: string
scope:
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: dockerCredentialsId
type: secret
param: password
- name: commonPipelineEnvironment
param: custom/repositoryPassword
- name: containerImageName
aliases:
- name: dockerImageName
type: string
description: Name of the container which will be built - will be used together with `containerImageTag` instead of parameter `containerImage`
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name: containerImageTag
aliases:
- name: artifactVersion
type: string
description: Tag of the container which will be built - will be used together with `containerImageName` instead of parameter `containerImage`
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
resourceRef:
- name: commonPipelineEnvironment
param: artifactVersion
- name: containerRegistryUrl
aliases:
- name: dockerRegistryUrl
type: string
description: http(s) url of the Container registry where the image to deploy is located.
resourceRef:
- name: commonPipelineEnvironment
param: container/registryUrl
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
mandatory: true
- name: containerRegistryUser
description: Username for container registry access - typically provided by the CI/CD environment.
type: string
scope:
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: dockerCredentialsId
type: secret
param: username
- name: commonPipelineEnvironment
param: custom/repositoryUsername
- name: containerRegistrySecret
description: Name of the container registry secret used for pulling containers from the registry.
longDescription: |-
Name of the container registry secret used for pulling containers from the registry.
**For `deployTool: helm/helm3`:**<br />
If `containerRegistryUser` and `containerRegistryPassword` are provided, a secret is created on the fly and the information is passed to the helm template.<br />
If neither `containerRegistryUser` nor `containerRegistryPassword` are provided, it is expected that a secret with the configured name exists in the target Kubernetes cluster.<br />
**For `deployTool: kubectl`:**<br />
If `createDockerRegistrySecret: true` and `containerRegistryUser` and `containerRegistryPassword` are provided, a secret with the given name will be created in the Kubernetes cluster unless a secret with the name already exists.
type: string
scope:
- PARAMETERS
- STAGES
- STEPS
default: regsecret
- name: createDockerRegistrySecret
type: bool
description: "Only for `deployTool:kubectl`: Toggle to turn on `containerRegistrySecret` creation."
scope:
- PARAMETERS
- STAGES
- STEPS
default: false
- name: deploymentName
aliases:
- name: helmDeploymentName
type: string
description: Defines the name of the deployment. It is a mandatory parameter when `deployTool:helm` or `deployTool:helm3`.
scope:
- PARAMETERS
- STAGES
- STEPS
- name: deployTool
type: string
description: Defines the tool which should be used for deployment.
mandatory: true
scope:
- PARAMETERS
- STAGES
- STEPS
default: kubectl
possibleValues:
- kubectl
- helm
- helm3
- name: forceUpdates
aliases:
- name: force
type: bool
description: "Adds `--force` flag to a helm resource update command or to a kubectl replace command"
mandatory: false
scope:
- PARAMETERS
- STAGES
- STEPS
default: true
- name: helmDeployWaitSeconds
type: int
description: Number of seconds before helm deploy returns.
scope:
- PARAMETERS
- STAGES
- STEPS
default: 300
- name: helmValues
type: "[]string"
description: List of helm values as YAML file reference or URL (as per helm parameter description for `-f` / `--values`)
scope:
- PARAMETERS
- STAGES
- STEPS
- name: image
aliases:
- name: deployImage
type: string
description: Full name of the image to be deployed.
resourceRef:
- name: commonPipelineEnvironment
param: container/imageNameTag
mandatory: true
scope:
- PARAMETERS
- STAGES
- STEPS
- name: ingressHosts
type: "[]string"
description: (Deprecated) List of ingress hosts to be exposed via helm deployment.
longDescription: |-
**DEPRECATED**<br />
List of ingress hosts to be exposed via helm deployment.<br />
Host names are passed to helm template via ingress configuration.<br />
This requires a modification to the default helm template, thus it is not recommended.
Recommendation is to use custom values and pass them via parameter `helmValues`.<br />
Since helm supports multiple files on top of the `values.yaml`, landscape-specific attributes can be passed via a specific file.
scope:
- PARAMETERS
- STAGES
- STEPS
- name: keepFailedDeployments
type: bool
description: Defines whether a failed deployment will be purged
default: false
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name: kubeConfig
type: string
description: Defines the path to the "kubeconfig" file.
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: kubeConfigFileCredentialsId
type: secret
- type: vaultSecretFile
name: kubeConfigFileVaultSecretName
default: kube-config
- name: kubeContext
type: string
description: Defines the context to use from the "kubeconfig" file.
scope:
- PARAMETERS
- STAGES
- STEPS
- name: kubeToken
type: string
description: Contains the id_token used by kubectl for authentication. Consider using kubeConfig parameter instead.
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: kubeTokenCredentialsId
type: secret
- name: namespace
aliases:
- name: helmDeploymentNamespace
- name: k8sDeploymentNamespace
type: string
description: Defines the target Kubernetes namespace for the deployment.
scope:
- PARAMETERS
- STAGES
- STEPS
default: default
- name: tillerNamespace
aliases:
- name: helmTillerNamespace
type: string
description: Defines optional tiller namespace for deployments using helm.
scope:
- PARAMETERS
- STAGES
- STEPS
- name: dockerConfigJSON
type: string
description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
scope:
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: dockerConfigJsonCredentialsId
type: secret
- type: vaultSecretFile
name: dockerConfigFileVaultSecretName
default: docker-config
- name: deployCommand
type: string
description: "Only for `deployTool: kubectl`: defines the command `apply` or `replace`. The default is `apply`."
mandatory: false
scope:
- PARAMETERS
- STAGES
- STEPS
default: apply
possibleValues:
- apply
- replace
containers:
- image: dtzar/helm-kubectl:3.4.1
workingDir: /config
options:
- name: -u
value: "0"
conditions:
- conditionRef: strings-equal
params:
- name: deployTool
value: helm3
- image: dtzar/helm-kubectl:2.17.0
workingDir: /config
options:
- name: -u
value: "0"
conditions:
- conditionRef: strings-equal
params:
- name: deployTool
value: helm
- image: dtzar/helm-kubectl:2.17.0
workingDir: /config
options:
- name: -u
value: "0"
conditions:
- conditionRef: strings-equal
params:
- name: deployTool
value: kubectl
Reference in New Issue View Git Blame Copy Permalink