diff --git a/boskos-acquire/0.1/README.md b/boskos-acquire/0.1/README.md new file mode 100644 index 0000000000..d12ed3b825 --- /dev/null +++ b/boskos-acquire/0.1/README.md @@ -0,0 +1,39 @@ +# Boskos Acquire + +The `boskos-acquire` Task can be used to acquire cloud projects from a pool with +[Boskos](https://github.com/kubernetes-sigs/boskos#boskos), by invoking `boskosctl`. + +To release projects obtained with `boskos-acquire` can be released with +[`boskos-release`](../boskos-release). + +It is implemented using [`boskosctl`](https://github.com/kubernetes-sigs/boskos/tree/master/cmd/boskosctl). + +_The Task assumes already have Boskos up and running. To set it up yourself, you +can look at [this example deployment](https://github.com/kubernetes-sigs/boskos/tree/master/deployments/overlays/example). + +## ServiceAccount + +After acquiring a project, the Task will start a running `pod` in your cluster to send +heartbeat requests to Boskos (Boskos will automatically clean up abandoned clusters). +This means the Task must be run with a serviceAccount that has the ability to interact +with `pods` (see [service-account.yaml](samples/service-account.yaml) for an example). + +## Parameters + +* **server-url**: The URL of the running boskos server. (_default_: http://boskos.test-pods.svc.cluster.local) +* **type**: The type of resource to request. Resource types are specified in the resource + ConfigMap provided to the Boskos server. (_default_: gke-project) +* **owner-name**: A string that identifies the owner of the leased resource to request. (_required_) + +## Results + +* **leased-resource**: The name of the leased resource + +## Usage + +See [samples/pipelinerun.yaml](samples/pipelinerun.yaml) for an example of a Pipeline that obtains +a resource using Boskos, then waits (this is when you would do whatever you need to do with the resource), +and finally releases it with [`boskos-release`](../boskos-release). + +Boskos doesn't do anything to provide you with the credentials you need to interact with the resource you +have leased. Setting up and managing these credentials is outside the scope of Boskos's responsibilities. diff --git a/boskos-acquire/0.1/boskos-acquire.yaml b/boskos-acquire/0.1/boskos-acquire.yaml new file mode 100644 index 0000000000..cce1f76eb1 --- /dev/null +++ b/boskos-acquire/0.1/boskos-acquire.yaml @@ -0,0 +1,67 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: boskos-acquire + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: "boskos,test" +spec: + description: | + The boskos-acquire Task will request a resource of the specified type from the + server-url. If successful, it will start a pod that will run the boskosctl heartbeat + command. When you are done with the resource, release it with boskos-release. + params: + - name: server-url + description: The URL of the running boskos server + default: "http://boskos.test-pods.svc.cluster.local" + - name: type + description: | + The type of resource to request. Resource types are specified in the resource + ConfigMap provided to the Boskos server. + default: gke-project + - name: owner-name + description: A string that identifies the owner of the leased resource to request. + results: + - name: leased-resource + description: The name of the leased resource + steps: + - name: boskosctl-acquire + image: gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105 + script: | + RESOURCE=$(boskosctl acquire \ + --server-url=$(params.server-url) \ + --owner-name=$(params.owner-name) \ + --type=$(params.type) \ + --state=free \ + --target-state=busy) + echo $RESOURCE > /workspace/full-resource-output.json + echo $RESOURCE | jq -rj ".name" > /tekton/results/leased-resource + - name: create-heartbeat-pod-yaml + image: bash + script: | + FULL_RESOURCE_OUTPUT=$(cat /workspace/full-resource-output.json) + LEASED_RESOURCE=$(cat /tekton/results/leased-resource) + cat < /workspace/heartbeat.yaml + apiVersion: v1 + kind: Pod + metadata: + name: boskos-heartbeat-$LEASED_RESOURCE + spec: + containers: + - name: heatbeat + image: gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105 + args: + - heartbeat + - --server-url=$(params.server-url) + - --owner-name=$(params.owner-name) + - --resource=$FULL_RESOURCE_OUTPUT + - --period=5m + EOF + - name: start-boskosctl-heartbeat + image: lachlanevenson/k8s-kubectl + args: + - "apply" + - "-f" + - "/workspace/heartbeat.yaml" diff --git a/boskos-acquire/0.1/samples/pipelinerun.yaml b/boskos-acquire/0.1/samples/pipelinerun.yaml new file mode 100644 index 0000000000..58756119bc --- /dev/null +++ b/boskos-acquire/0.1/samples/pipelinerun.yaml @@ -0,0 +1,34 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: do-boskos- +spec: + serviceAccountName: boskos-heartbeat + pipelineSpec: + params: + - name: owner-name + default: trying-out-boskos + tasks: + - name: boskos-acquire + taskRef: + name: boskos-acquire + params: + - name: owner-name + value: $(params.owner-name) + - name: wait + runAfter: [boskos-acquire] + taskSpec: + steps: + - image: ubuntu + script: | + sleep 1m + - name: boskos-release + runAfter: [wait] + taskRef: + name: boskos-release + params: + - name: leased-resource + # TODO(pipeline#2557): This is a good candidate for a finally clause + value: $(tasks.boskos-acquire.results.leased-resource) + - name: owner-name + value: $(params.owner-name) \ No newline at end of file diff --git a/boskos-acquire/0.1/samples/service-account.yaml b/boskos-acquire/0.1/samples/service-account.yaml new file mode 100644 index 0000000000..cef7ad66bd --- /dev/null +++ b/boskos-acquire/0.1/samples/service-account.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: boskos-heartbeat + namespace: default +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pod-editor + namespace: default +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: boskos-heartbeat-pod-editor + namespace: default +subjects: + - kind: ServiceAccount + name: boskos-heartbeat + namespace: default +roleRef: + kind: Role + name: pod-editor + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/boskos-acquire/OWNERS b/boskos-acquire/OWNERS new file mode 100644 index 0000000000..b9600912f6 --- /dev/null +++ b/boskos-acquire/OWNERS @@ -0,0 +1,5 @@ +approvers: +- bobcatfish + +reviewers: +- bobcatfish diff --git a/boskos-release/0.1/README.md b/boskos-release/0.1/README.md new file mode 100644 index 0000000000..85bbd6b1ab --- /dev/null +++ b/boskos-release/0.1/README.md @@ -0,0 +1,31 @@ +# Boskos Release + +The `boskos-release` Task can be used to release cloud projects +which were obtained from a pool with [Boskos](https://github.com/kubernetes-sigs/boskos#boskos) +via [`boskos-acquire`](../boskos-acquire). + +It will mark the resource as `dirty` so that Boskos will clear any obtained resources. + +It is implemented using [`boskosctl`](https://github.com/kubernetes-sigs/boskos/tree/master/cmd/boskosctl). + +_The Task assumes already have Boskos up and running. To set it up yourself, your +best bet would be to find an example of it already configured, for example +[the boskos configuration used for Tekton itself](https://github.com/tektoncd/plumbing/tree/master/boskos)._ + +## ServiceAccount + +[`boskos-acquire`](../boskos-acquire) will start a `pod` in your cluster to maintain the lease +via a heartbeat. `boskos-release` will delete that pod, and so the Task must be run with a +serviceAccount that has the ability to delete `pods` (see [service-account.yaml](samples/service-account.yaml) for an example). + +## Parameters + +* **server-url**: The URL of the running boskos server. (_default_: http://boskos.test-pods.svc.cluster.local) +* **leased-resource**: The name of the leased resource. (_required_) +* **owner-name**: A string that identifies the owner of the leased resource to request. (_required_) + +## Usage + +See [samples/pipelinerun.yaml](samples/pipelinerun.yaml) for an example of a Pipeline that obtains +a resource using [`boskos-acquire`](../boskos-acquire), then waits (this is when you would do whatever +you need to do with the resource), and finally releases it with `boskos-release`. diff --git a/boskos-release/0.1/boskos-release.yaml b/boskos-release/0.1/boskos-release.yaml new file mode 100644 index 0000000000..de73f6ed4e --- /dev/null +++ b/boskos-release/0.1/boskos-release.yaml @@ -0,0 +1,39 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: boskos-release + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: "boskos,test" +spec: + description: | + The boskos-release Task will release the specified resource from the boskos instance + at server-url. It also assumes the resource was obtained via boskos-acquire and so + terminates the heartbeat pod that was created by that Task to keep the resource obtained. + It will mark the resource as dirty so that the boskos Janitor will clean it (by deleting + any state created). + params: + - name: server-url + description: The URL of the running boskos server + default: "http://boskos.test-pods.svc.cluster.local" + - name: leased-resource + description: A string that identifies the leased resource to release. + - name: owner-name + description: A string that identifies the owner of the leased resource to request. + steps: + - name: boskosctl-release + image: gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105 + args: + - "release" + - "--server-url=$(params.server-url)" + - "--owner-name=$(params.owner-name)" + - "--name=$(params.leased-resource)" + - "--target-state=dirty" + - name: stop-boskosctl-heartbeat + image: lachlanevenson/k8s-kubectl + args: + - "delete" + - "pod" + - "boskos-heartbeat-$(params.leased-resource)" diff --git a/boskos-release/0.1/samples/pipelinerun.yaml b/boskos-release/0.1/samples/pipelinerun.yaml new file mode 120000 index 0000000000..6d790e5b72 --- /dev/null +++ b/boskos-release/0.1/samples/pipelinerun.yaml @@ -0,0 +1 @@ +boskos-acquire/0.1/examples/pipelinerun.yaml \ No newline at end of file diff --git a/boskos-release/0.1/samples/service-account.yaml b/boskos-release/0.1/samples/service-account.yaml new file mode 120000 index 0000000000..0332df6229 --- /dev/null +++ b/boskos-release/0.1/samples/service-account.yaml @@ -0,0 +1 @@ +boskos-acquire/0.1/examples/service-account.yaml \ No newline at end of file diff --git a/boskos-release/OWNERS b/boskos-release/OWNERS new file mode 100644 index 0000000000..b9600912f6 --- /dev/null +++ b/boskos-release/OWNERS @@ -0,0 +1,5 @@ +approvers: +- bobcatfish + +reviewers: +- bobcatfish