diff --git a/task/oci-cli/0.1/README.md b/task/oci-cli/0.1/README.md new file mode 100644 index 0000000000..dcca87d5ab --- /dev/null +++ b/task/oci-cli/0.1/README.md @@ -0,0 +1,43 @@ +Running OCI CLI Commands with Tekton Task +This guide explains how to use a Tekton Task and TaskRun to execute OCI (Oracle Cloud Infrastructure) CLI commands using the ghcr.io/oracle/oci-cli:latest Docker image. + + + + Prerequisites +Before proceeding, ensure you have the following: + +A Kubernetes cluster with Tekton Pipelines installed. +Access to OCI with: +Tenancy OCID: Found in the OCI Console under Administration > Tenancy Details. +User OCID: Found in Identity > Users. +API Key Fingerprint: Found in your API key details. +Private Key: The key you use for OCI API authentication. +Region: The OCI region identifier (e.g., us-ashburn-1). + + + Encode Your Private Key +The private key must be base64 encoded before use. + +Run the following command to encode your private key: + +cat ~/.oci/oci_api_key.pem | base64 + + +Save the output for use in the TaskRun + + +Apply the Tekton Task +Save the following Tekton Task YAML as oci-cli-task.yaml + + +Execute the Task with TaskRun +Save the following TaskRun YAML as oci-cli-taskrun.yaml + +Replace placeholders in the TaskRun: + +: Your Tenancy OCID. +: Your User OCID. +: Your API key fingerprint. +: The base64-encoded private key content. + + diff --git a/task/oci-cli/0.1/oci-cli.yaml b/task/oci-cli/0.1/oci-cli.yaml new file mode 100644 index 0000000000..f87ce61960 --- /dev/null +++ b/task/oci-cli/0.1/oci-cli.yaml @@ -0,0 +1,69 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: oci-cli-task + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "oracle cli task" + tekton.dev/platforms: "linux/amd64" +spec: + params: + - name: tenancy_ocid + description: "The OCID of the tenancy" + - name: user_ocid + description: "The OCID of the user" + - name: region + description: "The OCI region (e.g., us-ashburn-1)" + - name: command + description: "The OCI CLI command to execute" + steps: + - name: oci-cli + image: ghcr.io/oracle/oci-cli:sha-5846bb2 + script: | + #!/bin/bash + set -e + mkdir -p /root/.oci + + # Use the mounted secret + cp /secrets/oci/oci_api_key.pem /root/.oci/oci_api_key.pem + chmod 600 /root/.oci/oci_api_key.pem + FINGERPRINT=$(cat /secrets/oci/fingerprint) + + # Create OCI configuration + cat < /root/.oci/config + [DEFAULT] + tenancy=${TENANCY_OCID} + user=${USER_OCID} + fingerprint=${FINGERPRINT} + key_file=/root/.oci/oci_api_key.pem + region=${REGION} + EOF + + # Verify the configuration + echo "OCI CLI Configuration:" + cat /root/.oci/config + + # Run the provided OCI CLI command + echo "Executing OCI CLI command: $COMMAND" + eval $COMMAND + env: + - name: TENANCY_OCID + value: "$(params.tenancy_ocid)" + - name: USER_OCID + value: "$(params.user_ocid)" + - name: REGION + value: "$(params.region)" + - name: COMMAND + value: "$(params.command)" + volumeMounts: + - name: oci-cli-secret + mountPath: /secrets/oci + readOnly: true + volumes: + - name: oci-cli-secret + secret: + secretName: oci-cli-secret diff --git a/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml b/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml new file mode 100644 index 0000000000..ed0c84a4e2 --- /dev/null +++ b/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml @@ -0,0 +1,21 @@ +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: oci-cli-taskrun + namespace: default +spec: + taskRef: + name: oci-cli-task + params: + - name: tenancy_ocid + value: "" # Replace with your Tenancy OCID + - name: user_ocid + value: "" # Replace with your User OCID + - name: fingerprint + value: "" # Replace with your API key fingerprint + - name: private_key + value: "" # Replace with base64-encoded private key + - name: region + value: "us-ashburn-1" # Replace with your OCI region + - name: command + value: "oci iam compartment list" # Replace with your OCI CLI command diff --git a/task/oci-cli/0.1/samples/secret.yaml b/task/oci-cli/0.1/samples/secret.yaml new file mode 100644 index 0000000000..d911daa6c4 --- /dev/null +++ b/task/oci-cli/0.1/samples/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: oci-cli-secret +type: Opaque +data: + fingerprint: + oci_api_key.pem: diff --git a/task/python-azure-sdk/0.1/README.md b/task/python-azure-sdk/0.1/README.md new file mode 100644 index 0000000000..b3e9a52c2e --- /dev/null +++ b/task/python-azure-sdk/0.1/README.md @@ -0,0 +1,161 @@ + +# **Python Azure SDK Task** + +This Tekton Task defines a reusable Task named `python-azure` for running Python scripts that use the Azure SDK to interact with Azure services. + +## **Parameters** + +The Task accepts the following parameters: + +- **`azure-region`** (optional, default: `eastus`): The Azure region to use for the Azure client. + +## **Volumes** + +The Task expects a ConfigMap named `python-script-configmap` to be mounted as a volume named `python-script`. This ConfigMap should contain the Python script to be executed, with the key `script.py`. + +## **Steps** + +The Task consists of a single step that runs the Python script using the `python:3.9` image. The step performs the following actions: + +1. Installs the `azure-identity` and `azure-mgmt` libraries using `pip`. +2. Sets the Azure credentials (`AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_CLIENT_SECRET`) as environment variables from a Kubernetes Secret named `azure-credentials`. +3. Sets the Azure region (`AZURE_REGION`) as an environment variable, using the value provided in the `azure-region` parameter. +4. Mounts the `python-script` volume containing the Python script at `/workspace/python-script`. +5. Executes the Python script located at `/workspace/python-script/script.py`. + +## **Usage** + +### 1. **Create Azure Credentials Secret** + +You'll need to create a Kubernetes Secret named `azure-credentials` that contains your Azure service principal credentials (client ID, client secret, and tenant ID). + +Here is an example of how to create the secret: + +```bash +kubectl create secret generic azure-credentials \ + --from-literal=client-id= \ + --from-literal=client-secret= \ + --from-literal=tenant-id= +``` + +### 2. **Create ConfigMap with Python Script** + +The Task expects a ConfigMap named `python-script-configmap` to contain the Python script (`script.py`). You can create this ConfigMap with the following command: + +```bash +kubectl create configmap python-script-configmap --from-file=script.py +``` + +The `script.py` can be any Python script that uses the Azure SDK to interact with Azure resources. Here’s an example `script.py` that lists all resource groups in your Azure subscription: + +#### Example Python Script (`script.py`): + +```python +from azure.identity import ClientSecretCredential +from azure.mgmt.resource import ResourceManagementClient + +# Azure credentials +tenant_id = "" +client_id = "" +client_secret = "" + +# Authenticate using the service principal +credential = ClientSecretCredential(tenant_id, client_id, client_secret) + +# Create a resource management client +resource_client = ResourceManagementClient(credential, "") + +# List all resource groups in the subscription +resource_groups = resource_client.resource_groups.list() + +# Print resource group names +for rg in resource_groups: + print(f"Resource Group: {rg.name}") +``` + +### 3. **Tekton Task** + +This Tekton Task will run the script using the provided credentials and region information. + +```yaml +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-azure + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/categories: sdk + tekton.dev/tags: CLI, azure, sdk + tekton.dev/displayName: "python azure sdk" + tekton.dev/platforms: "linux/amd64" +spec: + params: + - name: azure-region + type: string + default: "eastus" + description: Azure region + volumes: + - name: python-script + configMap: + name: python-script-configmap + steps: + - name: run-python-script + image: docker.io/library/python:3.9.19-alpine3.20@sha256:45cc18540209d878c2b24080cf8f64fc37603721b67d0ecc508799e2f9a9b21d + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: azure-credentials + key: client-id + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: azure-credentials + key: tenant-id + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: azure-credentials + key: client-secret + - name: AZURE_REGION + value: $(params.azure-region) + volumeMounts: + - name: python-script + mountPath: /workspace/python-script + script: | + pip install azure-identity azure-mgmt + python /workspace/python-script/script.py +``` + +### 4. **Tekton TaskRun** + +Now, you can create a TaskRun to trigger the execution of the task. Here's an example TaskRun: + +```yaml +apiVersion: tekton.dev/v1 +kind: TaskRun +metadata: + name: python-azure-taskrun +spec: + taskRef: + name: python-azure + params: + - name: azure-region + value: "eastus" + workspaces: + - name: python-script + configMap: + name: python-script-configmap +``` + +### Summary + +To summarize, you need to: + +1. **Create a Kubernetes Secret** (`azure-credentials`) with your Azure service principal details. +2. **Create a ConfigMap** (`python-script-configmap`) containing your Python script. +3. **Create and execute a Tekton TaskRun** to run the script using the Azure SDK. + +Let me know if you need further clarification or help setting this up! \ No newline at end of file diff --git a/task/python-azure-sdk/0.1/python-azure-sdk.yaml b/task/python-azure-sdk/0.1/python-azure-sdk.yaml new file mode 100644 index 0000000000..5edd2955b3 --- /dev/null +++ b/task/python-azure-sdk/0.1/python-azure-sdk.yaml @@ -0,0 +1,49 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-azure + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/categories: sdk + tekton.dev/tags: CLI, azure, sdk + tekton.dev/displayName: "python azure sdk" + tekton.dev/platforms: "linux/amd64" +spec: + params: + - name: azure-region + type: string + default: "eastus" + description: Azure Region + volumes: + - name: python-script + configMap: + name: python-script-configmap + steps: + - name: run-python-script + image: docker.io/library/python:3.9.19-alpine3.20@sha256:45cc18540209d878c2b24080cf8f64fc37603721b67d0ecc508799e2f9a9b21d + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: azure-credentials + key: client-id + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: azure-credentials + key: tenant-id + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: azure-credentials + key: client-secret + - name: AZURE_REGION + value: $(params.azure-region) + volumeMounts: + - name: python-script + mountPath: /workspace/python-script + script: | + pip install azure-identity azure-mgmt + python /workspace/python-script/script.py diff --git a/task/python-azure-sdk/0.1/samples/config-map.yaml b/task/python-azure-sdk/0.1/samples/config-map.yaml new file mode 100644 index 0000000000..ade78edb15 --- /dev/null +++ b/task/python-azure-sdk/0.1/samples/config-map.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: python-script-configmap +data: + script.py: | + from azure.identity import ClientSecretCredential + from azure.mgmt.resource import ResourceManagementClient + + # Set up Azure credentials using the client ID, tenant ID, and client secret + credential = ClientSecretCredential( + tenant_id="$(AZURE_TENANT_ID)", + client_id="$(AZURE_CLIENT_ID)", + client_secret="$(AZURE_CLIENT_SECRET)" + ) + + # Create a client to interact with Azure Resource Manager + resource_client = ResourceManagementClient(credential, "$(AZURE_SUBSCRIPTION_ID)") + + # List resource groups + resource_groups = resource_client.resource_groups.list() + + # Print resource group names + for rg in resource_groups: + print(f"Resource Group: {rg.name}") diff --git a/task/python-azure-sdk/0.1/samples/run.yaml b/task/python-azure-sdk/0.1/samples/run.yaml new file mode 100644 index 0000000000..914ad48001 --- /dev/null +++ b/task/python-azure-sdk/0.1/samples/run.yaml @@ -0,0 +1,10 @@ +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: python-azure-run +spec: + taskRef: + name: python-azure + params: + - name: azure-region + value: eastus diff --git a/task/python-azure-sdk/0.1/samples/secret.yaml b/task/python-azure-sdk/0.1/samples/secret.yaml new file mode 100644 index 0000000000..8adef0c4ab --- /dev/null +++ b/task/python-azure-sdk/0.1/samples/secret.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Secret +metadata: + name: azure-credentials +type: Opaque +stringData: + credentials: |- + [$(profile-name)] + client_id = $(client-id) + client_secret = $(client-secret) + tenant_id = $(tenant-id) + + [default] + client_id = $(client-id) + client_secret = $(client-secret) + tenant_id = $(tenant-id) + config: |- + [profile $(profile-name)] + region = eastus + subscription_id = $(subscription-id) + output = json + [default] + region = eastus + subscription_id = $(subscription-id)