diff --git a/task/oci-cli/0.1/README.md b/task/oci-cli/0.1/README.md new file mode 100644 index 0000000000..dcca87d5ab --- /dev/null +++ b/task/oci-cli/0.1/README.md @@ -0,0 +1,43 @@ +Running OCI CLI Commands with Tekton Task +This guide explains how to use a Tekton Task and TaskRun to execute OCI (Oracle Cloud Infrastructure) CLI commands using the ghcr.io/oracle/oci-cli:latest Docker image. + + + + Prerequisites +Before proceeding, ensure you have the following: + +A Kubernetes cluster with Tekton Pipelines installed. +Access to OCI with: +Tenancy OCID: Found in the OCI Console under Administration > Tenancy Details. +User OCID: Found in Identity > Users. +API Key Fingerprint: Found in your API key details. +Private Key: The key you use for OCI API authentication. +Region: The OCI region identifier (e.g., us-ashburn-1). + + + Encode Your Private Key +The private key must be base64 encoded before use. + +Run the following command to encode your private key: + +cat ~/.oci/oci_api_key.pem | base64 + + +Save the output for use in the TaskRun + + +Apply the Tekton Task +Save the following Tekton Task YAML as oci-cli-task.yaml + + +Execute the Task with TaskRun +Save the following TaskRun YAML as oci-cli-taskrun.yaml + +Replace placeholders in the TaskRun: + +: Your Tenancy OCID. +: Your User OCID. +: Your API key fingerprint. +: The base64-encoded private key content. + + diff --git a/task/oci-cli/0.1/oci-cli-task.yaml b/task/oci-cli/0.1/oci-cli-task.yaml new file mode 100644 index 0000000000..f87ce61960 --- /dev/null +++ b/task/oci-cli/0.1/oci-cli-task.yaml @@ -0,0 +1,69 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: oci-cli-task + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.54.0" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/displayName: "oracle cli task" + tekton.dev/platforms: "linux/amd64" +spec: + params: + - name: tenancy_ocid + description: "The OCID of the tenancy" + - name: user_ocid + description: "The OCID of the user" + - name: region + description: "The OCI region (e.g., us-ashburn-1)" + - name: command + description: "The OCI CLI command to execute" + steps: + - name: oci-cli + image: ghcr.io/oracle/oci-cli:sha-5846bb2 + script: | + #!/bin/bash + set -e + mkdir -p /root/.oci + + # Use the mounted secret + cp /secrets/oci/oci_api_key.pem /root/.oci/oci_api_key.pem + chmod 600 /root/.oci/oci_api_key.pem + FINGERPRINT=$(cat /secrets/oci/fingerprint) + + # Create OCI configuration + cat < /root/.oci/config + [DEFAULT] + tenancy=${TENANCY_OCID} + user=${USER_OCID} + fingerprint=${FINGERPRINT} + key_file=/root/.oci/oci_api_key.pem + region=${REGION} + EOF + + # Verify the configuration + echo "OCI CLI Configuration:" + cat /root/.oci/config + + # Run the provided OCI CLI command + echo "Executing OCI CLI command: $COMMAND" + eval $COMMAND + env: + - name: TENANCY_OCID + value: "$(params.tenancy_ocid)" + - name: USER_OCID + value: "$(params.user_ocid)" + - name: REGION + value: "$(params.region)" + - name: COMMAND + value: "$(params.command)" + volumeMounts: + - name: oci-cli-secret + mountPath: /secrets/oci + readOnly: true + volumes: + - name: oci-cli-secret + secret: + secretName: oci-cli-secret diff --git a/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml b/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml new file mode 100644 index 0000000000..ed0c84a4e2 --- /dev/null +++ b/task/oci-cli/0.1/samples/oci-cli-taskrun.yaml @@ -0,0 +1,21 @@ +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: oci-cli-taskrun + namespace: default +spec: + taskRef: + name: oci-cli-task + params: + - name: tenancy_ocid + value: "" # Replace with your Tenancy OCID + - name: user_ocid + value: "" # Replace with your User OCID + - name: fingerprint + value: "" # Replace with your API key fingerprint + - name: private_key + value: "" # Replace with base64-encoded private key + - name: region + value: "us-ashburn-1" # Replace with your OCI region + - name: command + value: "oci iam compartment list" # Replace with your OCI CLI command diff --git a/task/oci-cli/0.1/samples/secret.yaml b/task/oci-cli/0.1/samples/secret.yaml new file mode 100644 index 0000000000..d911daa6c4 --- /dev/null +++ b/task/oci-cli/0.1/samples/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: oci-cli-secret +type: Opaque +data: + fingerprint: + oci_api_key.pem: