Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding oracle cli task #1306

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

adding oracle cli task #1306

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9c994d8
adding oracle cli task
arunvel1988 Nov 19, 2024
3c642e4
Adding secret and image tag
arunvel1988 Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions task/oci-cli/0.1/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
Running OCI CLI Commands with Tekton Task
This guide explains how to use a Tekton Task and TaskRun to execute OCI (Oracle Cloud Infrastructure) CLI commands using the ghcr.io/oracle/oci-cli:latest Docker image.



Prerequisites
Before proceeding, ensure you have the following:

A Kubernetes cluster with Tekton Pipelines installed.
Access to OCI with:
Tenancy OCID: Found in the OCI Console under Administration > Tenancy Details.
User OCID: Found in Identity > Users.
API Key Fingerprint: Found in your API key details.
Private Key: The key you use for OCI API authentication.
Region: The OCI region identifier (e.g., us-ashburn-1).


Encode Your Private Key
The private key must be base64 encoded before use.

Run the following command to encode your private key:

cat ~/.oci/oci_api_key.pem | base64


Save the output for use in the TaskRun


Apply the Tekton Task
Save the following Tekton Task YAML as oci-cli-task.yaml


Execute the Task with TaskRun
Save the following TaskRun YAML as oci-cli-taskrun.yaml

Replace placeholders in the TaskRun:

<YOUR_TENANCY_OCID>: Your Tenancy OCID.
<YOUR_USER_OCID>: Your User OCID.
<YOUR_FINGERPRINT>: Your API key fingerprint.
<BASE64_ENCODED_PRIVATE_KEY>: The base64-encoded private key content.


68 changes: 68 additions & 0 deletions task/oci-cli/0.1/oci-cli-task.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: oci-cli-task
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.54.0"
tekton.dev/categories: CLI
tekton.dev/tags: cli
tekton.dev/displayName: "oracle cli task"
tekton.dev/platforms: "linux/amd64"
spec:
params:
- name: tenancy_ocid
description: "The OCID of the tenancy"
- name: user_ocid
description: "The OCID of the user"
- name: fingerprint
description: "The fingerprint of the API key"
- name: private_key
description: "The private key content (base64 encoded)"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we mount these values via kubernetes secrets?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 done i have added tag .. and passed sensitive data as secret

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 any update ?

- name: region
description: "The OCI region (e.g., us-ashburn-1)"
- name: command
description: "The OCI CLI command to execute"
steps:
- name: oci-cli
image: ghcr.io/oracle/oci-cli:latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will it be possible for you to use a specific tag?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 done

script: |
#!/bin/bash
set -e
mkdir -p /root/.oci
# Decode and store the private key
echo "$PRIVATE_KEY" | base64 -d > /root/.oci/oci_api_key.pem
chmod 600 /root/.oci/oci_api_key.pem

# Create OCI configuration
mkdir -p /root/.oci
cat <<EOF > /root/.oci/config
[DEFAULT]
tenancy=${TENANCY_OCID}
user=${USER_OCID}
fingerprint=${FINGERPRINT}
key_file=/root/.oci/oci_api_key.pem
region=${REGION}
EOF

# Verify the configuration
echo "OCI CLI Configuration:"
cat /root/.oci/config

# Run the provided OCI CLI command
echo "Executing OCI CLI command: $COMMAND"
eval $COMMAND
env:
- name: TENANCY_OCID
value: "$(params.tenancy_ocid)"
- name: USER_OCID
value: "$(params.user_ocid)"
- name: FINGERPRINT
value: "$(params.fingerprint)"
- name: PRIVATE_KEY
value: "$(params.private_key)"
- name: REGION
value: "$(params.region)"
- name: COMMAND
value: "$(params.command)"
21 changes: 21 additions & 0 deletions task/oci-cli/0.1/samples/oci-cli-taskrun.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: oci-cli-taskrun
namespace: default
spec:
taskRef:
name: oci-cli-task
params:
- name: tenancy_ocid
value: "<YOUR_TENANCY_OCID>" # Replace with your Tenancy OCID
- name: user_ocid
value: "<YOUR_USER_OCID>" # Replace with your User OCID
- name: fingerprint
value: "<YOUR_FINGERPRINT>" # Replace with your API key fingerprint
- name: private_key
value: "<BASE64_ENCODED_PRIVATE_KEY>" # Replace with base64-encoded private key
- name: region
value: "us-ashburn-1" # Replace with your OCI region
- name: command
value: "oci iam compartment list" # Replace with your OCI CLI command