Preparing Environment for Pipeline as code
Prerequisites
- You should have SAAP Cluster Admin role on the cluster.
tekton-pipelines-sccSCC (Security Context Configurations) andtekton-pac-clusterClusterRole should already be deployed in the SAAP cluster.- Multi-Tenant Operator (MTO).
- You have a pre-configured infrastructure repository. If you haven't already configured it, follow this tutorial
Deploying Service Account and RoleBinding
We will use Multi-Tenant Operator's Templates and Template Group Instances to deploy a pipeline service account and a pipeline-rolebinding to the tenant's build namespaces.
- Navigate to the infrastructure repository that you've prepared earlier. If not done already, create the repository or use any other repository bootstrapped with ArgoCD.
- Inside the tenant-operator-config folder, create a new directory named pipeline-resources.
- Within the pipeline-resources directory, create a file named
tekton-pac-rbac.yamland add the following content:
apiVersion: tenantoperator.stakater.com/v1alpha1
kind: Template
metadata:
name: tekton-pac-rbac
resources:
manifests:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-pac-rolebinding
subjects:
- kind: ServiceAccount
name: pipeline
namespace: "${tenant}-build"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-pac-clusterrole
- apiVersion: v1
kind: ServiceAccount
metadata:
name: pipeline
labels:
multi-tenant-operator/ignore-resource-updates: ''
secrets:
- name: nexus-docker-config
- Now let's create a TemplateGroupInstance for this in the same folder. Create a file name
tekon-pac-tgi.yamland add the following content:
apiVersion: tenantoperator.stakater.com/v1alpha1
kind: TemplateGroupInstance
metadata:
name: tekton-pac-tgi
spec:
selector:
matchExpressions:
- {key: stakater.com/kind, operator: In, values: [build]}
sync: true
template: tekton-pac-rbac
- If you already have ArgoCD application watching these folders, you will see the resources syncing in ArgoCD.
