Skip to content

Latest commit

 

History

History
65 lines (50 loc) · 2.92 KB

README.md

File metadata and controls

65 lines (50 loc) · 2.92 KB
Raw

Infrastructure Documentation

This folder contains our infrastructure documentation. These documents may be of interest for the team that maintain the Tekton own CI/CD setup as well as for anyone interested in using Tekton to run (part of) their own CI/CD infrastructure.

Clusters

The infra system relies on several different kubernetes clusters, three are static and the rest are dynamic (provisioned on demand).

  • prow: Prow, Boskos and Tekton run in this cluster. This cluster runs resources defined in the prow folder. CI Jobs that only require a container run in the test-pods namespace of this cluster.
  • dogfooding: Tekton runs in this cluster. This cluster is setup with resources from the tekton folder, plus a few secrets.
  • robocat: This cluster is our test bed for continuous deployment of services and resources. Everything that runs in this cluster is deployed automatically, which means it must be possible at any time to delete the cluster and recreate it from scratch.

GCP projects

Automation for the tektoncd org runs in a GKE cluster which members of the governing board have access to.

There are several GCP projects used by Tekton:

  • The GCP project that is used for GKE, storage, etc. is called tekton-releases. It has several GKE clusters:
    • The GKE cluster that is used for Prow, Tekton, and boskos is called prow
    • The GKE cluster that is used for nightly releases and other dogfooding is called dogfooding
  • The GCP project tekton-nightly is used to hold nightly release artifacts and the robocat cluster

Adjusting GCP permissions

The script adjustpermissions.py gives users access to these projects.

# Create and activate a python virtual environment
python3 -m venv .venv
. .venv/bin/activate

# Install required dependencies
pip3 install -r ./teps/tools/requirements.txt

# Add or remove permissions
python3 -m adjustpermissions --users "user1@example.com,user2@example.com"

DNS

DNS Names are managed via Netlify. Gardener External DNS Manager is deployed on the dogfooding and robocat clusters, and manages names via annotations on ingresses and services. Some of the names are defined manually in Netlify.