forked from tektoncd/catalog
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Tasks to acquire and release boskos resources 🐑
Boskos is a tool that allows one to create a pool of cloud projects (definitely GCP, I think it supports other providers as well), and manages acquiring, releasing, and cleaning them between leases. We use it for Tekton test infrastructure for our end to end tests and we'd like to use it for our catalog Tasks as well. This commit adds boskos acquire and release Tasks. The acquire Task also creates a pod in the running cluster to perform heartbeating so that boskos knows that the resource is still in use. The intention of the release Task is that it would be run in a Pipeline's `finally` clause, however today that would be difficult because finally Tasks can't yet use the results of other Tasks, but this functionality is on the way: tektoncd/pipeline#2557 This is part of the work in tektoncd#373 to create a Pipeline for the catalog.
- Loading branch information
1 parent
7a481c5
commit 3eff059
Showing
8 changed files
with
242 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Boskos Acquire | ||
|
|
||
| The `boskos-acquire` Task can be used to acquire cloud projects from a pool with | ||
| [Boskos](https://github.com/kubernetes-sigs/boskos#boskos), by invoking `boskosctl`. | ||
|
|
||
| To release projects obtained with `boskos-acquire` can be released with | ||
| [`boskos-release`](../boskos-release). | ||
|
|
||
| It is implemented using [`boskosctl`](https://github.com/kubernetes-sigs/boskos/tree/master/cmd/boskosctl). | ||
|
|
||
| _The Task assumes already have Boskos up and running. To set it up yourself, your | ||
| best bet would be to find an example of it already configured, for example | ||
| [the boskos configuration used for Tekton itself](https://github.com/tektoncd/plumbing/tree/master/boskos)._ | ||
|
|
||
| ## ServiceAccount | ||
|
|
||
| After acquiring a project, the Task will start a running `pod` in your cluster to send | ||
| heartbeat requests to Boskos (Boskos will automatically clean up abandoned clusters). | ||
| This means the Task must be run with a serviceAccount that has the ability to interact | ||
| with `pods` (see [service-account.yaml](examples/service-account.yaml) for an example). | ||
|
|
||
| ## Parameters | ||
|
|
||
| * **server-url**: The URL of the running boskos server. (_default_: http://boskos.test-pods.svc.cluster.local) | ||
| * **type**: The type of resource to request. Resource types are specified in the resource | ||
| ConfigMap provided to the Boskos server. (_default_: gke-project) | ||
| * **owner-name**: A string that identifies the owner of the leased resource to request. (_required_) | ||
|
|
||
| ## Results | ||
|
|
||
| * **leased-resource**: The name of the leased resource | ||
|
|
||
| ## Usage | ||
|
|
||
| See [examples/pipelinerun.yaml](examples/pipelinerun.yaml) for an example of a Pipeline that obtains | ||
| a resource using Boskos, then waits (this is when you would do whatever you need to do with the resource), | ||
| and finally releases it with [`boskos-release`](../boskos-release). | ||
|
|
||
| Boskos doesn't do anything to provide you with the credentials you need to interact with the resource you | ||
| have leased. Setting up and managing these credentials is outside the scope of Boskos's responsibilities. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: Task | ||
| metadata: | ||
| name: boskos-acquire | ||
| labels: | ||
| app.kubernetes.io/version: "0.1" | ||
| annotations: | ||
| tekton.dev/pipelines.minVersion: "0.12.1" | ||
| tekton.dev/tags: "boskos,test" | ||
| spec: | ||
| description: | | ||
| The boskos-acquire Task will request a resource of the specified type from the | ||
| server-url. If successful, it will start a pod that will run the boskosctl heartbeat | ||
| command. When you are done with the resource, release it with boskos-release. | ||
| params: | ||
| - name: server-url | ||
| description: The URL of the running boskos server | ||
| default: "http://boskos.test-pods.svc.cluster.local" | ||
| - name: type | ||
| description: | | ||
| The type of resource to request. Resource types are specified in the resource | ||
| ConfigMap provided to the Boskos server. | ||
| default: gke-project | ||
| - name: owner-name | ||
| description: A string that identifies the owner of the leased resource to request. | ||
| results: | ||
| - name: leased-resource | ||
| description: The name of the leased resource | ||
| steps: | ||
| - name: boskosctl-acquire | ||
| image: gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105 | ||
| script: | | ||
| RESOURCE=$(boskosctl acquire \ | ||
| --server-url=$(params.server-url) \ | ||
| --owner-name=$(params.owner-name) \ | ||
| --type=$(params.type) \ | ||
| --state=free \ | ||
| --target-state=busy) | ||
| echo $RESOURCE > /workspace/full-resource-output.json | ||
| echo $RESOURCE | jq -rj ".name" > /tekton/results/leased-resource | ||
| - name: create-boskosctl-heartbeat-pod | ||
| image: ubuntu | ||
| script : | | ||
| FULL_RESOURCE_OUTPUT=$(cat /workspace/full-resource-output.json) | ||
| LEASED_RESOURCE=$(cat /tekton/results/leased-resource) | ||
| cat <<EOF > /workspace/heartbeat.yaml | ||
| apiVersion: v1 | ||
| kind: Pod | ||
| metadata: | ||
| name: boskos-heartbeat-$LEASED_RESOURCE | ||
| spec: | ||
| containers: | ||
| - name: heatbeat | ||
| image: gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105 | ||
| args: | ||
| - heartbeat | ||
| - --server-url=$(params.server-url) | ||
| - --owner-name=$(params.owner-name) | ||
| - --resource=$FULL_RESOURCE_OUTPUT | ||
| - --period=10s | ||
| EOF | ||
| - name: start-boskosctl-heartbeat | ||
| image: lachlanevenson/k8s-kubectl | ||
| args: | ||
| - "apply" | ||
| - "-f" | ||
| - "/workspace/heartbeat.yaml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| generateName: do-boskos- | ||
| spec: | ||
| serviceAccountName: boskos-heartbeat | ||
| pipelineSpec: | ||
| params: | ||
| - name: owner-name | ||
| default: trying-out-boskos | ||
| tasks: | ||
| - name: boskos-acquire | ||
| taskRef: | ||
| name: boskos-acquire | ||
| params: | ||
| - name: owner-name | ||
| value: $(params.owner-name) | ||
| - name: wait | ||
| runAfter: [boskos-acquire] | ||
| taskSpec: | ||
| steps: | ||
| - image: ubuntu | ||
| script: | | ||
| sleep 1m | ||
| - name: boskos-release | ||
| runAfter: [wait] | ||
| taskRef: | ||
| name: boskos-release | ||
| params: | ||
| - name: leased-resource | ||
| # TODO(pipeline#2557): This is a good candidate for a finally clause | ||
| value: $(tasks.boskos-acquire.results.leased-resource) | ||
| - name: owner-name | ||
| value: $(params.owner-name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: boskos-heartbeat | ||
| namespace: default | ||
| --- | ||
| kind: Role | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: pod-editor | ||
| namespace: default | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["pods"] | ||
| verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
| kind: RoleBinding | ||
| metadata: | ||
| name: boskos-heartbeat-pod-editor | ||
| namespace: default | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: boskos-heartbeat | ||
| namespace: default | ||
| roleRef: | ||
| kind: Role | ||
| name: pod-editor | ||
| apiGroup: rbac.authorization.k8s.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # Boskos Release | ||
|
|
||
| The `boskos-release` Task can be used to release cloud projects | ||
| which were obtained from a pool with [Boskos](https://github.com/kubernetes-sigs/boskos#boskos) | ||
| via [`boskos-acquire`](../boskos-acquire). | ||
|
|
||
| It will mark the resource as `dirty` so that Boskos will clear any obtained resources. | ||
|
|
||
| It is implemented using [`boskosctl`](https://github.com/kubernetes-sigs/boskos/tree/master/cmd/boskosctl). | ||
|
|
||
| _The Task assumes already have Boskos up and running. To set it up yourself, your | ||
| best bet would be to find an example of it already configured, for example | ||
| [the boskos configuration used for Tekton itself](https://github.com/tektoncd/plumbing/tree/master/boskos)._ | ||
|
|
||
| ## ServiceAccount | ||
|
|
||
| [`boskos-acquire`](../boskos-acquire) will start a `pod` in your cluster to maintain the lease | ||
| via a heartbeat. `boskos-release` will delete that pod, and so the Task must be run with a | ||
| serviceAccount that has the ability to delete `pods` (see [service-account.yaml](examples/service-account.yaml) for an example). | ||
|
|
||
| ## Parameters | ||
|
|
||
| * **server-url**: The URL of the running boskos server. (_default_: http://boskos.test-pods.svc.cluster.local) | ||
| * **leased-resource**: The name of the leased resource. (_required_) | ||
| * **owner-name**: A string that identifies the owner of the leased resource to request. (_required_) | ||
|
|
||
| ## Usage | ||
|
|
||
| See [examples/pipelinerun.yaml](examples/pipelinerun.yaml) for an example of a Pipeline that obtains | ||
| a resource using [`boskos-acquire`](../boskos-acquire), then waits (this is when you would do whatever | ||
| you need to do with the resource), and finally releases it with `boskos-release`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: Task | ||
| metadata: | ||
| name: boskos-release | ||
| labels: | ||
| app.kubernetes.io/version: "0.1" | ||
| annotations: | ||
| tekton.dev/pipelines.minVersion: "0.12.1" | ||
| tekton.dev/tags: "boskos,test" | ||
| spec: | ||
| description: | | ||
| The boskos-release Task will release the specified resource from the boskos instance | ||
| at server-url. It also assumes the resource was obtained via boskos-acquire and so | ||
| terminates the heartbeat pod that was created by that Task to keep the resource obtained. | ||
| It will mark the resource as dirty so that the boskos Janitor will clean it (by deleting | ||
| any state created). | ||
| params: | ||
| - name: server-url | ||
| description: The URL of the running boskos server | ||
| default: "http://boskos.test-pods.svc.cluster.local" | ||
| - name: leased-resource | ||
| description: A string that identifies the leased resource to release. | ||
| - name: owner-name | ||
| description: A string that identifies the owner of the leased resource to request. | ||
| steps: | ||
| - name: boskosctl-release | ||
| image: gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105 | ||
| args: | ||
| - "release" | ||
| - "--server-url=$(params.server-url)" | ||
| - "--owner-name=$(params.owner-name)" | ||
| - "--name=$(params.leased-resource)" | ||
| - "--target-state=dirty" | ||
| - name: stop-boskosctl-heartbeat | ||
| image: lachlanevenson/k8s-kubectl | ||
| args: | ||
| - "delete" | ||
| - "pod" | ||
| - "boskos-heartbeat-$(params.leased-resource)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| boskos-acquire/0.1/examples/pipelinerun.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| boskos-acquire/0.1/examples/service-account.yaml |