Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding oracle cli task #1306

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions task/oci-cli/0.1/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
Running OCI CLI Commands with Tekton Task
This guide explains how to use a Tekton Task and TaskRun to execute OCI (Oracle Cloud Infrastructure) CLI commands using the ghcr.io/oracle/oci-cli:latest Docker image.



Prerequisites
Before proceeding, ensure you have the following:

A Kubernetes cluster with Tekton Pipelines installed.
Access to OCI with:
Tenancy OCID: Found in the OCI Console under Administration > Tenancy Details.
User OCID: Found in Identity > Users.
API Key Fingerprint: Found in your API key details.
Private Key: The key you use for OCI API authentication.
Region: The OCI region identifier (e.g., us-ashburn-1).


Encode Your Private Key
The private key must be base64 encoded before use.

Run the following command to encode your private key:

cat ~/.oci/oci_api_key.pem | base64


Save the output for use in the TaskRun


Apply the Tekton Task
Save the following Tekton Task YAML as oci-cli-task.yaml


Execute the Task with TaskRun
Save the following TaskRun YAML as oci-cli-taskrun.yaml

Replace placeholders in the TaskRun:

<YOUR_TENANCY_OCID>: Your Tenancy OCID.
<YOUR_USER_OCID>: Your User OCID.
<YOUR_FINGERPRINT>: Your API key fingerprint.
<BASE64_ENCODED_PRIVATE_KEY>: The base64-encoded private key content.


69 changes: 69 additions & 0 deletions task/oci-cli/0.1/oci-cli-task.yaml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh, integration tests are failing because of this file name. Name of file should be oci-cli.yaml. Can you please fix this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 can you please check

Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: oci-cli-task
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.54.0"
tekton.dev/categories: CLI
tekton.dev/tags: cli
tekton.dev/displayName: "oracle cli task"
tekton.dev/platforms: "linux/amd64"
spec:
params:
- name: tenancy_ocid
description: "The OCID of the tenancy"
- name: user_ocid
description: "The OCID of the user"
- name: region
description: "The OCI region (e.g., us-ashburn-1)"
- name: command
description: "The OCI CLI command to execute"
steps:
- name: oci-cli
image: ghcr.io/oracle/oci-cli:sha-5846bb2
script: |
#!/bin/bash
set -e
mkdir -p /root/.oci

# Use the mounted secret
cp /secrets/oci/oci_api_key.pem /root/.oci/oci_api_key.pem
chmod 600 /root/.oci/oci_api_key.pem
FINGERPRINT=$(cat /secrets/oci/fingerprint)

# Create OCI configuration
cat <<EOF > /root/.oci/config
[DEFAULT]
tenancy=${TENANCY_OCID}
user=${USER_OCID}
fingerprint=${FINGERPRINT}
key_file=/root/.oci/oci_api_key.pem
region=${REGION}
EOF

# Verify the configuration
echo "OCI CLI Configuration:"
cat /root/.oci/config

# Run the provided OCI CLI command
echo "Executing OCI CLI command: $COMMAND"
eval $COMMAND
env:
- name: TENANCY_OCID
value: "$(params.tenancy_ocid)"
- name: USER_OCID
value: "$(params.user_ocid)"
- name: REGION
value: "$(params.region)"
- name: COMMAND
value: "$(params.command)"
volumeMounts:
- name: oci-cli-secret
mountPath: /secrets/oci
readOnly: true
volumes:
- name: oci-cli-secret
secret:
secretName: oci-cli-secret
21 changes: 21 additions & 0 deletions task/oci-cli/0.1/samples/oci-cli-taskrun.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: tekton.dev/v1beta1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we bump the taskrun and other tekton resources as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 done. can you please check

kind: TaskRun
metadata:
name: oci-cli-taskrun
namespace: default
spec:
taskRef:
name: oci-cli-task
params:
- name: tenancy_ocid
value: "<YOUR_TENANCY_OCID>" # Replace with your Tenancy OCID
- name: user_ocid
value: "<YOUR_USER_OCID>" # Replace with your User OCID
- name: fingerprint
value: "<YOUR_FINGERPRINT>" # Replace with your API key fingerprint
- name: private_key
value: "<BASE64_ENCODED_PRIVATE_KEY>" # Replace with base64-encoded private key
- name: region
value: "us-ashburn-1" # Replace with your OCI region
- name: command
value: "oci iam compartment list" # Replace with your OCI CLI command
8 changes: 8 additions & 0 deletions task/oci-cli/0.1/samples/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: oci-cli-secret
type: Opaque
data:
fingerprint: <base64_encoded_fingerprint>
oci_api_key.pem: <base64_encoded_private_key>