instana 2.0.0 → 2.1.0

data/.tekton/README.md

@@ -1,278 +0,0 @@
-# Tekton CI for Instana Ruby Tracer
-
-## Basic Tekton setup
-
-### Get a cluster
-
-What you will need:
-* Full administrator access
-* Enough RAM and CPU on a cluster node to run all the pods of a single Pipelinerun on a single node.
-  Multiple nodes increase the number of parallel `PipelineRun` instances.
-  Currently one `PipelineRun` instance is capable of saturating a 8vCPU - 16GB RAM worker node.
-
-### Setup Tekton on your cluster
-
-1. Install latest stable Tekton Pipeline release
-```bash
-   kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
-```
-
-2. Install Tekton Dashboard Full (the normal is read only, and doesn't allow for example to re-run).
-
-````bash
-   kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml
-````
-
-3. Access the dashboard
-
-```bash
-kubectl proxy
-```
-
-Once the proxy is active, navigate your browser to the [dashboard url](
-http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/)
-
-### Setup the ruby-tracer-ci-pipeline
-
-````bash
-   kubectl apply --filename task.yaml && kubectl apply --filename pipeline.yaml
-````
-
-### Run the pipeline manually
-
-#### From the Dashboard
-Navigate your browser to the [pipelineruns section of the dashboard](
-http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/#/pipelineruns)
-
-1. Click `Create`
-2. Select the `Namespace` (where the `Pipeline` resource is created by default it is `default`)
-3. Select the `Pipeline` created in the `pipeline.yaml` right now it is `ruby-tracer-ci-pipeline`
-4. Fill in `Params`. The `revision` should be `master` for the `master` branch
-4. Select the `ServiceAccount` set to `default`
-5. Optionally, enter a `PipelineRun name` for example `my-master-test-pipeline`,
-   but if you don't then the Dashboard will generate a unique one for you.
-6. As long as [the known issue with Tekton Dashboard Workspace binding](
-   https://github.com/tektoncd/dashboard/issues/1283), is not resolved.
-   You have to go to `YAML Mode` and insert the workspace definition at the end of the file,
-   with the exact same indentation:
-
-````yaml
-  workspaces:
-  - name: ruby-tracer-ci-pipeline-pvc-$(params.revision)
-    volumeClaimTemplate:
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 200Mi
-
-````
-7. Click `Create` at the bottom of the page
-
-
-#### From kubectl CLI
-As an alternative to using the Dashboard, you can manually edit `pipelinerun.yaml` and create it with:
-````bash
-   kubectl apply --filename pipelinerun.yaml
-````
-
-### Clanup PipelineRun and associated PV resources
-
-`PipelineRuns` and workspace `PersistentVolume` resources by default are kept indefinitely,
-and repeated runs might exhaust the available resources, therefore they need to be cleaned up either
-automatically or manually.
-
-#### Manully from the Dashboard
-
-Navigate to `PipelineRuns` and check the checkbox next to the pipelinerun
-and then click `Delete` in the upper right corner.
-
-#### Manually from the CLI
-
-You can use either `kubectl`
-````bash
-kubectl get pipelinerun
-kubectl delete pipelinerun <selected-pipelinerun-here>
-````
-
-or `tkn` cli
-````bash
-tkn pipelinerun list
-tkn pipelinerun delete <selected-pipelinerun-here>
-````
-
-#### Automatic cleanup with a cronjob
-
-Install and configure resources from https://github.com/3scale-ops/tekton-pipelinerun-cleaner
-
-
-## Integrate with GitHub
-
-### GitHub PR Trigger & PR Check API integration
-
-The GitHub integration requires further Tekton Triggers and Interceptors to be installed
-````bash
-kubectl apply --filename \
-https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
-kubectl apply --filename \
-https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
-````
-#### Create a ServiceAccount
-
-Our future GitHub PR Event listener needs a service account,
-`tekton-triggers-eventlistener-serviceaccount` which authorizes it to
-perform operations specified in eventlistener `Role` and `ClusteRole`.
-Create the service account with the needed role bindings:
-
-````bash
-   kubectl apply --filename tekton-triggers-eventlistener-serviceaccount.yaml
-````
-
-#### Create the Secret for the GitHub repository webhook
-
-In order to authorize the incoming webhooks into our cluster, we need to share
-a secret between our webhook listener, and the GitHub repo.
-Generate a long, strong and random generated token, put it into `github-interceptor-secret.yaml`.
-Create the secret resource:
-````bash
-   kubectl apply --filename github-interceptor-secret.yaml
-````
-
-#### Create the Task and token to report PR Check status to GitHub
-
-The GitHub PR specific Tekton pipeline will want to send data to report the `PR Check Status`.
-That [GitHub API](https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#create-a-commit-status
-) requires authentication, and therefore we need a token.
-The user which generates the token has to have `Write` access in the target repo,
-as part of the organisation. Check the repo access for this repo under
-https://github.com/instana/ruby-sensor/settings/access.
-
-With the proper user:
-1. Navigate to https://github.com/settings/tokens
-2. Click on `Generate new token` dropdown `Generate new token (classic)`.
-3. Fill in `Note` with for example `Tekton commit status`,
-4. Make sure if you set an expiration, than you remember to renew the token after expiry.
-5. Under `Select scopes` find `repo` and below that only select the checkbox next to `repo:status` - `Access commit status`.
- click `Generate token`
-6. Create the kubernetes secret with the token:
-
-````bash
-   kubectl create secret generic githubtoken --from-literal token="MY_TOKEN"
-````
-
-And we also make an HTTP POST with the status update data to GitHub.
-This is done in a `Task` called `github-set-status`, create it as such:
-````bash
-   kubectl apply -f github-set-status-task.yaml
-````
-
-#### Create the GitHub PR pipeline
-
-Create the new pipeline, which executes the previously created `ruby-tracer-ci-pipeline`,
-removes the currency report tasks and wraps the unittest jobs with GitHub Check status reporting tasks.
-As long as [Pipelines in Pipelines](
-https://tekton.dev/docs/pipelines/pipelines-in-pipelines/), remains an
-unimplemented `alpha` feature in Tekton,
-we will need the [yq](https://github.com/mikefarah/yq) (at least `4.0`)
-to pull the tasks from our previous `ruby-tracer-ci-pipeline` into the
-new pipeline `github-pr-ruby-tracer-ci-pipeline`.
-
-````bash
-   (cat github-pr-pipeline.yaml.part && yq '{"a": {"b": .spec.tasks}}' pipeline.yaml| tail --lines=+3| head --lines=-16) | kubectl apply -f -
-````
-
-#### Create the GitHub PR Event Listener, TriggerTemplate and TriggerBinding
-
-Once the new GitHub specific pipeline is created, we need a listener which starts
-a new `PipelineRun` based on GitHub events.
-For security reasons the listener will only trigger if the PR owner is a 
-repo owner. PRs from non-repo owners can be allowed in by owners after an initial review
-with a comment on the pull request that contains `/ok-to-test`.
-More abou this feature in the [tekton triggers documentsion](
-https://github.com/tektoncd/triggers/blob/main/docs/interceptors.md#owners-validation-for-pull-requests).
-
-````bash
-   kubectl apply --filename github-pr-eventlistener.yaml
-````
-
-After this ensure that there is a pod and a service created:
-
-````bash
-   kubectl get pod | grep -i el-github-pr-ruby-eventlistener
-   kubectl get svc | grep -i el-github-pr-ruby-eventlistener
-````
-
-Do not continue if any of these missing.
-
-#### Create the Ingress for the GitHub Webhook to come through
-
-You will need an ingress controller for this.
-On IKS you might want to read these resources:
-* [managed ingress](https://cloud.ibm.com/docs/containers?topic=containers-managed-ingress-about)
-* Or unmanaged [ingress controller howto](
-https://github.com/IBM-Cloud/iks-ingress-controller/blob/master/docs/installation.md
-).
-
-1. Check the available `ingressclass` resources on your cluster
-
-````bash
-   kubectl get ingressclass
-````
-
-* On `IKS` it will be `public-iks-k8s-nginx`.
-* On `EKS` with the `ALB` ingress controller, it might be just `alb`
-* On self hosted [nginx controller](https://kubernetes.github.io/ingress-nginx/deploy/)
-  this might just be `nginx`.
-
-Edit and save the value of `ingressClassName:` in `github-webhook-ingress.yaml`.
-
-2. Find out your Ingress domain or subdomain name.
-
-* On `IKS`, go to `Clusters` select your cluster and then click `Overview`.
-  The domain name is listed under `Ingress subdomain`.
-
-and create the resource:
-
-````bash
-   kubectl apply --filename github-webhook-ingress.yaml
-````
-
-Make sure that you can use the ingress with the `/hooks` path via `https`:
-````bash
-   curl https://<INGRESS_DOMAIN_NAME>/hooks
-````
-
-At this point this should respond this:
-```json
-  {
-   "eventListener":"github-pr-eventlistener",
-   "namespace":"default",
-   "eventListenerUID":"",
-   "errorMessage":"Invalid event body format : unexpected end of JSON input"
-   }
-```
-
-#### Setup the webhook on GitHub
-
-In the GitHub repo go to `Settings` -> `Webhooks` and click `Add Webhook`.
-The fields we need to set are:
-* `Payload URL`: `https://<INGRESS_DOMAIN_NAME>/hooks`
-* `Content type`: application/json
-* `Secret`: XXXXXXX (the secret token from github-interceptor-secret.yaml)
-
-Under `SSL verification` select the radio button for `Enable SSL verification`.
-Under `Which events would you like to trigger this webhook?` select
-the radio button for `Let me select individual events.` and thick the checkbox next to
-`Pull requests` and ensure that the rest are unthicked.
-
-Click `Add webhook`.
-
-If the webhook has been set up correctly, then GitHub sends a ping message.
-Ensure that the ping is received from GitHub, and that it is filtered out so
-a simple ping event does not trigger any `PipelineRun` unnecessarily.
-
-````bash
-eventlistener_pod=$(kubectl get pods -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep el-github-pr-ruby)
-kubectl logs "${eventlistener_pod}" | grep 'event type ping is not allowed'
-````

data/.tekton/github-interceptor-secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: github-interceptor-secret
-type: Opaque
-stringData:
-  # Always use a long, strong and random generated token
-  secretToken: "<--- TOKEN GOES HERE --->"

data/.tekton/github-pr-eventlistener.yaml

@@ -1,104 +0,0 @@
-apiVersion: triggers.tekton.dev/v1beta1
-kind: TriggerTemplate
-metadata:
-  name: github-pr-ruby-tracer-pipeline-template
-spec:
-  params:
-    - description: The git branch name
-      name: git-branch
-    - description: The git branch name shortened and converted to RFC 1123 subdomain names
-      name: git-branch-normalized
-    - description: The full sha of the git commit
-      name: git-commit-sha
-    - description: The short 7 digit sha of the git commit
-      name: git-commit-short-sha
-  resourcetemplates:
-    - apiVersion: tekton.dev/v1
-      kind: PipelineRun
-      metadata:
-        # After variable resolution, this has to be maximum 63 character long,
-        # lower case, RFC 1123 subdomain name. The regex used for validation is
-        # '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
-        name: ruby-tracer-pr-$(tt.params.git-branch-normalized)-$(tt.params.git-commit-short-sha)
-      spec:
-        timeouts:
-          pipeline: "2h"
-        params:
-        - name: revision
-          value: $(tt.params.git-branch)
-        - name: git-commit-sha
-          value: $(tt.params.git-commit-sha)
-        pipelineRef:
-          name: github-pr-ruby-tracer-ci-pipeline
-        workspaces:
-        - name: ruby-tracer-ci-pipeline-pvc
-          volumeClaimTemplate:
-            spec:
-              accessModes:
-                - ReadWriteOnce
-              resources:
-                requests:
-                  storage: 200Mi
----
-apiVersion: triggers.tekton.dev/v1beta1
-kind: TriggerBinding
-metadata:
-  name: github-pr-ruby-tracer-binding
-spec:
-  params:
-    - name: git-branch
-      value: $(body.pull_request.head.ref)
-    - name: git-branch-normalized
-      value: $(extensions.git_branch_normalized)
-    - name: git-commit-sha
-      value: $(body.pull_request.head.sha)
-    - name: git-commit-short-sha
-      value: $(extensions.truncated_sha)
----
-apiVersion: triggers.tekton.dev/v1beta1
-kind: EventListener
-metadata:
-  name: github-pr-ruby-eventlistener
-spec:
-  serviceAccountName: tekton-triggers-eventlistener-serviceaccount
-  triggers:
-    - name: github-pr-trigger
-      interceptors:
-        - name: receive-github-event
-          ref:
-            name: "github"
-          params:
-            - name: "secretRef"
-              value:
-                secretName: github-interceptor-secret
-                secretKey: secretToken
-            - name: "eventTypes"
-              value: ["pull_request"]
-        - name: filter-irrelevant-events
-          ref:
-            name: "cel"
-          params:
-            - name: "filter"
-              # We should not trigger on 'closed', 'assigned', 'unassigned', 'converted_to_draft'
-              value: "body.action in ['opened', 'synchronize', 'reopened']"
-        - name: add-truncated-sha
-          ref:
-            name: "cel"
-          params:
-            - name: "overlays"
-              value:
-              - key: truncated_sha
-                expression: "body.pull_request.head.sha.truncate(7)"
-        - name: add-normalized-branch-name
-          ref:
-            name: "cel"
-          params:
-            - name: "overlays"
-              value:
-              - key: git_branch_normalized
-                # The git branch name shortened and converted to RFC 1123 subdomain names
-                expression: 'body.pull_request.head.ref.truncate(38).lowerAscii().translate("_", "-")'
-      bindings:
-        - ref: github-pr-ruby-tracer-binding
-      template:
-        ref: github-pr-ruby-tracer-pipeline-template

data/.tekton/github-pr-pipeline.yaml.part

@@ -1,38 +0,0 @@
-apiVersion: tekton.dev/v1
-kind: Pipeline
-metadata:
-  name: github-pr-ruby-tracer-ci-pipeline
-spec:
-  params:
-  - name: revision
-    type: string
-  - name: git-commit-sha
-    type: string
-  workspaces:
-    - name: ruby-tracer-ci-pipeline-pvc
-  tasks:
-    - name: github-set-check-status-to-pending
-      taskRef:
-        kind: Task
-        name: github-set-status
-      params:
-      - name: SHA
-        value: $(params.git-commit-sha)
-      - name: STATE
-        value: pending
-      - name: REPO
-        value: instana/ruby-sensor
-    - name: github-set-check-status-to-success-or-failure
-      runAfter:
-      - github-set-check-status-to-pending
-      - unittest-rails-postgres
-      taskRef:
-        kind: Task
-        name: github-set-status
-      params:
-      - name: SHA
-        value: $(params.git-commit-sha)
-      - name: STATE
-        value: success
-      - name: REPO
-        value: instana/ruby-sensor

data/.tekton/github-set-status-task.yaml

@@ -1,43 +0,0 @@
----
-apiVersion: tekton.dev/v1
-kind: Task
-metadata:
-  name: github-set-status
-spec:
-  params:
-  - name: SHA
-  - name: STATE
-  - name: REPO
-  volumes:
-  - name: githubtoken
-    secret:
-      secretName: githubtoken
-  steps:
-    - name: set-status
-      # curlimages/curl:8.6.0
-      image: curlimages/curl@sha256:f2237028bed58de91f62aea74260bb2a299cf12fbcabc23cfaf125fef276c884
-      env:
-      - name: SHA
-        value: $(params.SHA)
-      - name: STATE
-        value: $(params.STATE)
-      - name: REPO
-        value: $(params.REPO)
-      volumeMounts:
-        - name: githubtoken
-          mountPath: /etc/github-set-status
-      script: |
-        #!/bin/sh
-        curl -L \
-             -X POST \
-             -H "Accept: application/vnd.github+json" \
-             -H "Authorization: Bearer $(cat /etc/github-set-status/token)" \
-             -H "Content-Type: application/json" \
-             -H "X-GitHub-Api-Version: 2022-11-28" \
-             "https://api.github.com/repos/${REPO}/statuses/${SHA}" \
-             -d '{
-                   "state":"'${STATE}'",
-                   "target_url":"http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/#/namespaces/default/pipelineruns/",
-                   "description":"Tekton build is in state: '${STATE}'",
-                   "context":"Tekton"
-                 }'

data/.tekton/github-webhook-ingress.yaml

@@ -1,20 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: github-pr-ruby-webhook-ingress
-spec:
-  ingressClassName: public-iks-k8s-nginx
-  tls:
-  - hosts:
-    - <ENTER_YOUR_DOMAIN_NAME_HERE>
-  rules:
-    - host: <ENTER_YOUR_DOMAIN_NAME_HERE>
-      http:
-        paths:
-          - path: /github-pr-ruby-hooks
-            pathType: Exact
-            backend:
-              service:
-                name: el-github-pr-ruby-eventlistener
-                port:
-                  number: 8080