adding oracle cli task #1306
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| Running OCI CLI Commands with Tekton Task | ||
| This guide explains how to use a Tekton Task and TaskRun to execute OCI (Oracle Cloud Infrastructure) CLI commands using the ghcr.io/oracle/oci-cli:latest Docker image. | ||
|
|
||
|
|
||
|
|
||
| Prerequisites | ||
| Before proceeding, ensure you have the following: | ||
|
|
||
| A Kubernetes cluster with Tekton Pipelines installed. | ||
| Access to OCI with: | ||
| Tenancy OCID: Found in the OCI Console under Administration > Tenancy Details. | ||
| User OCID: Found in Identity > Users. | ||
| API Key Fingerprint: Found in your API key details. | ||
| Private Key: The key you use for OCI API authentication. | ||
| Region: The OCI region identifier (e.g., us-ashburn-1). | ||
|
|
||
|
|
||
| Encode Your Private Key | ||
| The private key must be base64 encoded before use. | ||
|
|
||
| Run the following command to encode your private key: | ||
|
|
||
| cat ~/.oci/oci_api_key.pem | base64 | ||
|
|
||
|
|
||
| Save the output for use in the TaskRun | ||
|
|
||
|
|
||
| Apply the Tekton Task | ||
| Save the following Tekton Task YAML as oci-cli-task.yaml | ||
|
|
||
|
|
||
| Execute the Task with TaskRun | ||
| Save the following TaskRun YAML as oci-cli-taskrun.yaml | ||
|
|
||
| Replace placeholders in the TaskRun: | ||
|
|
||
| <YOUR_TENANCY_OCID>: Your Tenancy OCID. | ||
| <YOUR_USER_OCID>: Your User OCID. | ||
| <YOUR_FINGERPRINT>: Your API key fingerprint. | ||
| <BASE64_ENCODED_PRIVATE_KEY>: The base64-encoded private key content. | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| apiVersion: tekton.dev/v1 | ||
| kind: Task | ||
| metadata: | ||
| name: oci-cli-task | ||
| labels: | ||
| app.kubernetes.io/version: "0.1" | ||
| annotations: | ||
| tekton.dev/pipelines.minVersion: "0.54.0" | ||
| tekton.dev/categories: CLI | ||
| tekton.dev/tags: cli | ||
| tekton.dev/displayName: "oracle cli task" | ||
| tekton.dev/platforms: "linux/amd64" | ||
| spec: | ||
| params: | ||
| - name: tenancy_ocid | ||
| description: "The OCID of the tenancy" | ||
| - name: user_ocid | ||
| description: "The OCID of the user" | ||
| - name: fingerprint | ||
| description: "The fingerprint of the API key" | ||
| - name: private_key | ||
| description: "The private key content (base64 encoded)" | ||
|
There was a problem hiding this comment. should we mount these values via kubernetes secrets? There was a problem hiding this comment. @vinamra28 done i have added tag .. and passed sensitive data as secret There was a problem hiding this comment. @vinamra28 any update ? There was a problem hiding this comment. @vinamra28 is this project archived ?? no response for two weeks .. hence asking There was a problem hiding this comment. hi @arunvel1988, apologies for getting back late on this. I am not part of another project so didn't get time to review the PRs here. I'll try to be more active from now on. |
||
| - name: region | ||
| description: "The OCI region (e.g., us-ashburn-1)" | ||
| - name: command | ||
| description: "The OCI CLI command to execute" | ||
| steps: | ||
| - name: oci-cli | ||
| image: ghcr.io/oracle/oci-cli:latest | ||
|
There was a problem hiding this comment. will it be possible for you to use a specific tag? There was a problem hiding this comment. @vinamra28 done |
||
| script: | | ||
| #!/bin/bash | ||
| set -e | ||
| mkdir -p /root/.oci | ||
| # Decode and store the private key | ||
| echo "$PRIVATE_KEY" | base64 -d > /root/.oci/oci_api_key.pem | ||
| chmod 600 /root/.oci/oci_api_key.pem | ||
|
|
||
| # Create OCI configuration | ||
| mkdir -p /root/.oci | ||
| cat <<EOF > /root/.oci/config | ||
| [DEFAULT] | ||
| tenancy=${TENANCY_OCID} | ||
| user=${USER_OCID} | ||
| fingerprint=${FINGERPRINT} | ||
| key_file=/root/.oci/oci_api_key.pem | ||
| region=${REGION} | ||
| EOF | ||
|
|
||
| # Verify the configuration | ||
| echo "OCI CLI Configuration:" | ||
| cat /root/.oci/config | ||
|
|
||
| # Run the provided OCI CLI command | ||
| echo "Executing OCI CLI command: $COMMAND" | ||
| eval $COMMAND | ||
| env: | ||
| - name: TENANCY_OCID | ||
| value: "$(params.tenancy_ocid)" | ||
| - name: USER_OCID | ||
| value: "$(params.user_ocid)" | ||
| - name: FINGERPRINT | ||
| value: "$(params.fingerprint)" | ||
| - name: PRIVATE_KEY | ||
| value: "$(params.private_key)" | ||
| - name: REGION | ||
| value: "$(params.region)" | ||
| - name: COMMAND | ||
| value: "$(params.command)" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
|
There was a problem hiding this comment. should we bump the taskrun and other tekton resources as well? There was a problem hiding this comment. @vinamra28 done. can you please check |
||
| kind: TaskRun | ||
| metadata: | ||
| name: oci-cli-taskrun | ||
| namespace: default | ||
| spec: | ||
| taskRef: | ||
| name: oci-cli-task | ||
| params: | ||
| - name: tenancy_ocid | ||
| value: "<YOUR_TENANCY_OCID>" # Replace with your Tenancy OCID | ||
| - name: user_ocid | ||
| value: "<YOUR_USER_OCID>" # Replace with your User OCID | ||
| - name: fingerprint | ||
| value: "<YOUR_FINGERPRINT>" # Replace with your API key fingerprint | ||
| - name: private_key | ||
| value: "<BASE64_ENCODED_PRIVATE_KEY>" # Replace with base64-encoded private key | ||
| - name: region | ||
| value: "us-ashburn-1" # Replace with your OCI region | ||
| - name: command | ||
| value: "oci iam compartment list" # Replace with your OCI CLI command | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ahh, integration tests are failing because of this file name. Name of file should be
oci-cli.yaml. Can you please fix this?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vinamra28 can you please check