mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-04-22 17:20:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update pipelines to deploy temporary GKE clusters as internal clusters

Browse Source
This commit is contained in:
Ryan Richard
2025-06-26 12:33:34 -07:00
parent 86577ac403
commit 09ab99789f
4 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pipelines/main/pipeline.yml
View File

@@ -2711,7 +2711,7 @@ jobs:
- name: integration-test-gke-rapid
public: true # all logs are publicly visible
serial: true
serial: true # since we need to choose a subnet, we can't run this in parallel
plan:
- in_parallel:
- get: ci-build-image
@@ -2731,6 +2731,10 @@ jobs:
image: k8s-app-deployer-image
params:
GKE_CHANNEL: rapid
SHARED_VPC_PROJECT: ((shared-vpc-project))
SHARED_VPC_NAME: ((shared-vpc-name))
SUBNET_REGION: ((subnet-region))
SUBNET_NAME: ((gke-subnet-name-1)) # globally unique to this job
<<: *gke_account_params
- task: pre-warm-cluster
timeout: 10m
@@ -2778,7 +2782,7 @@ jobs:
- name: integration-test-gke-stable
public: true # all logs are publicly visible
serial: true
serial: true # since we need to choose a subnet, we can't run this in parallel
plan:
- in_parallel:
- get: ci-build-image
@@ -2798,6 +2802,10 @@ jobs:
image: k8s-app-deployer-image
params:
GKE_CHANNEL: stable
SHARED_VPC_PROJECT: ((shared-vpc-project))
SHARED_VPC_NAME: ((shared-vpc-name))
SUBNET_REGION: ((subnet-region))
SUBNET_NAME: ((gke-subnet-name-2)) # globally unique to this job
<<: *gke_account_params
- task: pre-warm-cluster
timeout: 10m

5
pipelines/pull-requests/pipeline.yml
View File

@@ -1824,6 +1824,7 @@ jobs:
on_error: { <<: *pr-status-on-error, params: { <<: *pr-status-on-error-params, context: integration-test-gke-rapid } }
on_abort: { <<: *pr-status-on-abort, params: { <<: *pr-status-on-abort-params, context: integration-test-gke-rapid } }
public: true # all logs are publicly visible
serial: true # since we need to choose a subnet, we can't run this in parallel anymore
plan:
- in_parallel:
- get: pinniped-pr
@@ -1846,6 +1847,10 @@ jobs:
image: k8s-app-deployer-image
params:
GKE_CHANNEL: rapid
SHARED_VPC_PROJECT: ((shared-vpc-project))
SHARED_VPC_NAME: ((shared-vpc-name))
SUBNET_REGION: ((subnet-region))
SUBNET_NAME: ((gke-subnet-name-3)) # globally unique to this job
<<: *gke_account_params
- task: pre-warm-cluster
timeout: 10m

15
pipelines/shared-tasks/deploy-gke-cluster/task.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
set -euo pipefail
@@ -54,7 +54,18 @@ gcloud container clusters create "$CLUSTER_NAME" \
--preemptible \
--issue-client-certificate \
--no-enable-basic-auth \
--enable-network-policy
--enable-network-policy \
--tags "gke-broadcom" \
--enable-master-authorized-networks \
--master-authorized-networks "10.0.0.0/8" \
--enable-private-nodes \
--enable-private-endpoint \
--enable-ip-alias \
--network "projects/${SHARED_VPC_PROJECT}/global/networks/${SHARED_VPC_NAME}" \
--subnetwork "projects/${SHARED_VPC_PROJECT}/regions/${SUBNET_REGION}/subnetworks/${SUBNET_NAME}" \
--cluster-secondary-range-name "services" \
--services-secondary-range-name "pods"
# TODO is this also needed? --default-max-pods-per-node "64"
# Get the cluster details back, including the admin certificate:
gcloud container clusters describe "$CLUSTER_NAME" --zone "$CLUSTER_ZONE" --format json \

6
pipelines/shared-tasks/deploy-gke-cluster/task.yml
View File

@@ -1,4 +1,4 @@
# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
---
@@ -14,5 +14,9 @@ params:
GCP_SERVICE_ACCOUNT:
GCP_JSON_KEY:
GKE_CHANNEL:
SHARED_VPC_PROJECT:
SHARED_VPC_NAME:
SUBNET_REGION:
SUBNET_NAME:
run:
path: pinniped-ci/pipelines/shared-tasks/deploy-gke-cluster/task.sh