forked from tektoncd/plumbing
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
I am about to start adding some configuration to allow Prow to run Tekton Pipelines (tektoncd/pipeline#922) and before I do that I wanted to reorganize the docs a bit to make it easier to add a bit more detail and make the main README a bit less busy.
- Loading branch information
1 parent
342764d
commit 93a5463
Showing
5 changed files
with
149 additions
and
127 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Boskos | ||
|
|
||
| We use Boskos to manage GCP projects which end to end tests are run against. | ||
|
|
||
| - It runs [in the `prow` cluster of the `tekton-releases` project](../gcp.md), in | ||
| the namespace `test-pods` | ||
|
|
||
| _[Boskos docs](https://github.com/kubernetes/test-infra/tree/master/boskos)._ | ||
|
|
||
| ## Adding a project | ||
|
|
||
| Projects are created in GCP and added to the `boskos/boskos-config.yaml` file. | ||
|
|
||
| Make sure the IAM account: | ||
| `prow-account@tekton-releases.iam.gserviceaccount.com` has Editor permissions. | ||
|
|
||
| Also make sure the GKE API is enabled. | ||
| You can do this by browsing to the GKE tab in the Cloud Console. | ||
|
|
||
| After editing `boskos/boskos-config.yaml`, | ||
| [apply the updated ConfigMap](https://github.com/kubernetes/test-infra/tree/master/boskos#config-update) | ||
| to the `tekton-releases` `prow` cluster. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # GCP project | ||
|
|
||
| Automation for the `tektoncd` org runs in a GKE cluster which | ||
| [members of the governing board](https://github.com/tektoncd/community/blob/master/governance.md#permissions-and-access) | ||
| have access to. | ||
|
|
||
| - The GCP project the is used for GKE, storage, etc. is called | ||
| [`tekton-releases`](http://console.cloud.google.com/home/dashboard?project=tekton-releases) | ||
| - The GKE cluster that `Prow` (and `Tekton`) run in is called | ||
| [`prow`](https://console.cloud.google.com/kubernetes/clusters/details/us-central1-a/prow?project=tekton-releases) | ||
|
|
||
| This project and cluster are used for: | ||
|
|
||
| - [CI automation with Prow](prow.md) | ||
| - Release automation, e.g. | ||
| [Tekton Pipelines releases](https://github.com/tektoncd/pipeline/tree/master/tekton#release-pipeline) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # Gubernator | ||
|
|
||
| Gubernator is used to display logs and CI results. | ||
|
|
||
| - Gubernator is configured on App Engine in the project `tekton-releases`. | ||
| - It was deployed using `gcloud app deploy .` with no configuration changes. | ||
| - The configruation lives in [the gubernator dir](./gubernator). | ||
|
|
||
| _[Gubernator docs](https://github.com/kubernetes/test-infra/tree/master/gubernator)._ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| # Prow | ||
|
|
||
| `tektoncd` uses | ||
| [`Prow`](https://github.com/kubernetes/test-infra/tree/master/prow) | ||
| for CI automation. | ||
|
|
||
| - Prow runs in [the tektoncd GCP project](../gcp.md) | ||
| - [Ingress is configured to `prow.tekton.dev`](#ingress) | ||
| - Prow results are displayed via [gubernator](../gubernator/README.md) | ||
| - [Instructions for updating Prow](#updating-prow-itself) | ||
| - [Instructions for updating Prow configuration](#updating-prow-configuration) | ||
|
|
||
| _[Prow docs](https://github.com/kubernetes/test-infra/tree/master/prow)._ | ||
| _[See the community docs](../CONTRIBUTING.md#pull-request-process) for more on | ||
| Prow and the PR process._ | ||
|
|
||
| ### Secrets | ||
|
|
||
| - Prow uses the service account | ||
| `prow-account@tekton-releases.iam.gserviceaccount.com` | ||
| - Secrets for this account are configured in [Prow's config.yaml](config.yaml) via | ||
| `gcs_credentials_secret: "test-account"` | ||
|
|
||
| ## Ingress | ||
|
|
||
| - Ingress for prow is configured using | ||
| [cert-manager](https://github.com/jetstack/cert-manager/). | ||
| - `cert-manager` was installed via `Helm` using this | ||
| [guide](https://docs.cert-manager.io/en/latest/getting-started/) | ||
| - `prow.tekton.dev` is configured as a host on the prow `Ingress` resource. | ||
| - https://prow.tekton.dev is pointed at the Cluster ingress address. | ||
| - The configuration is in [ingress.yaml](./ingress.yaml) | ||
|
|
||
| ### Updating Prow itself | ||
|
|
||
| Prow has been installed by taking the | ||
| [starter.yaml](https://github.com/kubernetes/test-infra/blob/master/prow/cluster/starter.yaml) | ||
| and modifying it for our needs. | ||
|
|
||
| Updating (e.g. bumping the versions of the images being used) requires: | ||
|
|
||
| 0. If you are feeling cautious and motivated, manually backup the config values by hand | ||
| (see [prow.yaml](prow.yaml) to see what values will be changed). | ||
| 1. Manually updating the `image` values and applying any other config changes found in the | ||
| [starter.yaml](https://github.com/kubernetes/test-infra/blob/master/prow/cluster/starter.yaml) | ||
| to our [prow.yaml](prow.yaml). | ||
| 2. Updating the `utility_images` in our [config.yaml](config.yaml) if the version of | ||
| the `plank` component is changed. | ||
| 3. Applying the new configuration with: | ||
|
|
||
| ```yaml | ||
| # Step 1: Configure kubectl to use the cluster, doesn't have to be via gcloud but gcloud makes it easy | ||
| gcloud container clusters get-credentials prow --zone us-central1-a --project tekton-releases | ||
|
|
||
| # Step 2: Update Prow itself | ||
| kubectl apply -f prow/prow.yaml | ||
|
|
||
| # Step 2: Update the configuration used by Prow | ||
| kubectl create configmap config --from-file=config.yaml=prow/config.yaml --dry-run -o yaml | kubectl replace configmap config -f - | ||
|
|
||
| # Step 3: Remember to configure kubectl to connect to your regular cluster! | ||
| gcloud container clusters get-credentials ... | ||
| ``` | ||
| 4. Verify that the changes are working by opening a PR and **manually looking at the logs of each check**, | ||
| in case Prow has gotten into a state where failures are being reported as successes. | ||
|
|
||
| These values have been removed from the original | ||
| [starter.yaml](https://github.com/kubernetes/test-infra/blob/master/prow/cluster/starter.yaml): | ||
|
|
||
| - The `ConfigMap` values `plugins` and `config` because they are generated from | ||
| [config.yaml](config.yaml) and [plugins.yaml](plugins.yaml) | ||
| - The `Services` which were manually configured with a `ClusterIP` and other routing | ||
| information (`deck`, `tide`, `hook`) | ||
| - The `Ingress` `ing` - Configuration for this is in [ingress.yaml](ingress.yaml) | ||
| - The `statusreconciler` Deployment, etc. - Created #54 to investigate adding this. | ||
| - The `Role` values give `pod` permissions in the `default` namespace as well as `test-pods` - | ||
| The intention seems to be that `test-pods` be used to run the pods themselves, but we | ||
| don't currently have that configured in our [config.yaml](config.yaml). | ||
|
|
||
| ### Updating Prow configuration | ||
|
|
||
| TODO(#1) Apply config.yaml changes automatically | ||
|
|
||
| Changes to [config.yaml](./config.yaml) are not automatically reflected in | ||
| the Prow cluster and must be manually applied. | ||
|
|
||
| ```bash | ||
| # Step 1: Configure kubectl to use the cluster, doesn't have to be via gcloud but gcloud makes it easy | ||
| gcloud container clusters get-credentials prow --zone us-central1-a --project tekton-releases | ||
|
|
||
| # Step 2: Update the configuration used by Prow | ||
| kubectl create configmap config --from-file=config.yaml=prow/config.yaml --dry-run -o yaml | kubectl replace configmap config -f - | ||
|
|
||
| # Step 3: Remember to configure kubectl to connect to your regular cluster! | ||
| gcloud container clusters get-credentials ... | ||
| ``` |