kubernetesDeploy¶
Deployment to Kubernetes test or production namespace within the specified Kubernetes cluster.
Description¶
Deployment to Kubernetes test or production namespace within the specified Kubernetes cluster.
Deployment supports multiple deployment tools
Currently the following are supported:
- Helm command line tool and Helm Charts.
- kubectl and
kubectl applycommand.
Helm¶
Following helm command will be executed by default:
helm upgrade <deploymentName> <chartPath> --install --force --namespace <namespace> --wait --timeout <helmDeployWaitSeconds> --set "image.repository=<yourRegistry>/<yourImageName>,image.tag=<yourImageTag>,secret.dockerconfigjson=<dockerSecret>,ingress.hosts[0]=<ingressHosts[0]>,,ingress.hosts[1]=<ingressHosts[1]>,...
yourRegistrywill be retrieved fromcontainerRegistryUrlyourImageName,yourImageTagwill be retrieved fromimagedockerSecretwill be calculated with a call tokubectl create secret generic <containerRegistrySecret> --from-file=.dockerconfigjson=<dockerConfigJson> --type=kubernetes.io/dockerconfigjson --insecure-skip-tls-verify=true --dry-run=client --output=json
Usage¶
We recommend to define values of step parameters via .pipeline/config.yml file.
In this case, calling the step is essentially reduced to defining the step name.
Calling the step can be done either in an orchestrator specific way (e.g. via a Jenkins library step) or on the command line.
library('piper-lib-os')
kubernetesDeploy script: this
piper kubernetesDeploy
Parameters¶
Overview - Step¶
Overview - Execution Environment¶
Orchestrator-specific only
These parameters are relevant for orchestrator usage and not considered when using the command line option.
| Name | Mandatory | Additional information |
|---|---|---|
| containerCommand | no |  |
| containerShell | no | |
| dockerEnvVars | no | |
| dockerImage | no | |
| dockerName | no | |
| dockerOptions | no | |
| dockerPullImage | no | |
| dockerVolumeBind | no | |
| dockerWorkspace | no | |
| stashContent | no | |
Details¶
additionalParameters¶
Defines additional parameters for "helm install" or "kubectl apply" command.
| Scope | Details |
|---|---|
| Aliases | helmDeploymentParameters |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_additionalParameters (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
apiServer¶
Defines the Url of the API Server of the Kubernetes cluster.
| Scope | Details |
|---|---|
| Aliases | k8sAPIServer |
| Type | string |
| Mandatory | no |
| Default | $PIPER_apiServer (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
appTemplate¶
There are two supported ways for the template rendering:
-
For a deployments using single image, you can use a placeholder
<image-name>, which will be replaced with the image GUN.apiVersion: apps/v1 kind: Deployment metadata: name: app labels: app: app spec: replicas: 3 selector: matchLabels: app: app template: metadata: labels: app: app spec: containers: - name: app image: <image-name> -
Helm styled templates, with the support for multi-image deployments.
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
labels:
app: app
spec:
replicas: 3
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
containers:
- name: app-1
image: "{{ .Values.image.repository}}:{{ .Values.image.tag }}"
- name: app-2
image: "{{ .Values.image.app_2.repository}}:{{ .Values.image.app_2.tag }}"
| Scope | Details |
|---|---|
| Aliases | k8sAppTemplate |
| Type | string |
| Mandatory | no |
| Default | $PIPER_appTemplate (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
chartPath¶
Defines the chart path for deployments using helm. It is a mandatory parameter when deployTool:helm or deployTool:helm3.
| Scope | Details |
|---|---|
| Aliases | helmChartPath |
| Type | string |
| Mandatory | no |
| Default | $PIPER_chartPath (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: custom/localHelmChartPath |
containerCommand¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Allows to specify start command for container created with dockerImage parameter to overwrite Piper default (/usr/bin/tail -f /dev/null).
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
containerImageName¶
Name of the container which will be built - will be used together with containerImageTag instead of parameter containerImage
| Scope | Details |
|---|---|
| Aliases | dockerImageName |
| Type | string |
| Mandatory | no |
| Default | $PIPER_containerImageName (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
containerImageTag¶
Tag of the container which will be built - will be used together with containerImageName instead of parameter containerImage
| Scope | Details |
|---|---|
| Aliases | artifactVersion |
| Type | string |
| Mandatory | no |
| Default | $PIPER_containerImageTag (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: artifactVersion |
containerRegistryPassword¶
Password for container registry access - typically provided by the CI/CD environment.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_containerRegistryPassword (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: dockerCredentialsIdreference to: passwordcommonPipelineEnvironment: reference to: container/repositoryPasswordcommonPipelineEnvironment: reference to: custom/repositoryPassword |
containerRegistrySecret¶
Name of the container registry secret used for pulling containers from the registry.
For deployTool: helm/helm3:
If containerRegistryUser and containerRegistryPassword are provided, a secret is created on the fly and the information is passed to the helm template.
For deployTool: kubectl:
If containerRegistryUser and containerRegistryPassword are provided, a secret with the given name will be created in the Kubernetes cluster.
If neither containerRegistryUser nor containerRegistryPassword are provided, it is expected that a secret with the configured name exists in the target Kubernetes cluster.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | regsecret |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
containerRegistryUrl¶
http(s) url of the Container registry where the image to deploy is located.
| Scope | Details |
|---|---|
| Aliases | dockerRegistryUrl |
| Type | string |
| Mandatory | yes |
| Default | $PIPER_containerRegistryUrl (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: container/registryUrl |
containerRegistryUser¶
Username for container registry access - typically provided by the CI/CD environment.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_containerRegistryUser (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: dockerCredentialsIdreference to: usernamecommonPipelineEnvironment: reference to: container/repositoryUsernamecommonPipelineEnvironment: reference to: custom/repositoryUsername |
containerShell¶
Jenkins-specific: Used for proper environment setup.
Allows to specify the shell to be executed for container with containerName.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
createDockerRegistrySecret¶
Only for deployTool:kubectl: Toggle to turn on containerRegistrySecret creation.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
deployCommand¶
Only for deployTool: kubectl: defines the command apply or replace. The default is apply.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | apply |
| Possible values | - apply- replace |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
deployTool¶
Defines the tool which should be used for deployment.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | kubectl |
| Possible values | - kubectl- helm- helm3 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
deploymentName¶
Defines the name of the deployment. It is a mandatory parameter when deployTool:helm or deployTool:helm3.
| Scope | Details |
|---|---|
| Aliases | helmDeploymentName |
| Type | string |
| Mandatory | no |
| Default | $PIPER_deploymentName (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerConfigJSON¶
Path to the file .docker/config.json - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the Docker documentation.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | .pipeline/docker/config.json |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: dockerConfigJsonCredentialsIdVault paths:
|
dockerEnvVars¶
Jenkins-specific: Used for proper environment setup.
Environment variables to set in the container, e.g. [http_proxy: "proxy:8080"].
| Scope | Details |
|---|---|
| Aliases | - |
| Type | map[string]string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerImage¶
Jenkins-specific: Used for proper environment setup.
Name of the docker image that should be used. If empty, Docker is not used and the command is executed directly on the Jenkins system.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | deployTool=helm3: dtzar/helm-kubectl:3deployTool= helm: dtzar/helm-kubectl:2.17.0deployTool= kubectl: dtzar/helm-kubectl:2.17.0 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerName¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Name of the container launching dockerImage. SideCar only: Name of the container in local network.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerOptions¶
Jenkins-specific: Used for proper environment setup.
Docker options to be set when starting the container.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | deployTool=helm3: [{-u 0}]deployTool= helm: [{-u 0}]deployTool= kubectl: [{-u 0}] |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerPullImage¶
Jenkins-specific: Used for proper environment setup.
Set this to 'false' to bypass a docker image pull. Useful during development process. Allows testing of images which are available in the local registry only.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | deployTool=helm3: truedeployTool= helm: truedeployTool= kubectl: true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerVolumeBind¶
Jenkins-specific: Used for proper environment setup.
Volumes that should be mounted into the docker container.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | map[string]string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerWorkspace¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | deployTool=helm3: /configdeployTool= helm: /configdeployTool= kubectl: /config |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
forceUpdates¶
Adds --force flag to a helm resource update command or to a kubectl replace command
| Scope | Details |
|---|---|
| Aliases | force |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
githubToken¶
GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
| Scope | Details |
|---|---|
| Aliases | access_token |
| Type | string |
| Mandatory | no |
| Default | $PIPER_githubToken (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: githubTokenCredentialsIdVault paths:
|
helmDeployWaitSeconds¶
Number of seconds before helm deploy returns.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 300 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
helmTestWaitSeconds¶
Number of seconds to wait for any individual Kubernetes operation (like Jobs for hooks). See https://helm.sh/docs/helm/helm_test/#options for further details
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 300 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
helmValues¶
List of helm values as YAML file reference or URL (as per helm parameter description for -f / --values)
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_helmValues (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
image¶
Full name of the image to be deployed.
| Scope | Details |
|---|---|
| Deprecated | This parameter is deprecated, please use containerImageName and containerImageTag |
| Aliases | deployImage |
| Type | string |
| Mandatory | no |
| Default | $PIPER_image (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: container/imageNameTag |
imageDigests¶
List of image digests of the images to be deployed, in the format sha256:<hash>. If provided, image digests will be appended to the image tag, e.g. <repository>/<name>:<tag>@<digest>
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_imageDigests (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: container/imageDigests |
imageNameTags¶
List of full names (registry and tag) of the images to be deployed.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_imageNameTags (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: container/imageNameTags |
imageNames¶
List of names of the images to be deployed.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_imageNames (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: container/imageNames |
ingressHosts¶
DEPRECATED
List of ingress hosts to be exposed via helm deployment.
Host names are passed to helm template via ingress configuration.
This requires a modification to the default helm template, thus it is not recommended.
Recommendation is to use custom values and pass them via parameter helmValues.
Since helm supports multiple files on top of the values.yaml, landscape-specific attributes can be passed via a specific file.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_ingressHosts (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
keepFailedDeployments¶
Defines whether a failed deployment will be purged
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
kubeConfig¶
Defines the path to the "kubeconfig" file.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_kubeConfig (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: kubeConfigFileCredentialsIdVault paths:
|
kubeContext¶
Defines the context to use from the "kubeconfig" file.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_kubeContext (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
kubeToken¶
Contains the id_token used by kubectl for authentication. Consider using kubeConfig parameter instead.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_kubeToken (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: kubeTokenCredentialsId |
namespace¶
Defines the target Kubernetes namespace for the deployment.
| Scope | Details |
|---|---|
| Aliases | - helmDeploymentNamespace- k8sDeploymentNamespace |
| Type | string |
| Mandatory | no |
| Default | default |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
renderSubchartNotes¶
If set, render subchart notes along with the parent.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
runHelmTests¶
Defines whether or not to run helm tests against the recently deployed release
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
script¶
Jenkins-specific: Used for proper environment setup.
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | Jenkins Script |
| Mandatory | yes |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
setupScript¶
For helm-based deploymens only!
HTTP location of setup script.
The script will be downloaded from a GitHub location using the githubToken and executed before the installation of the helm package.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_setupScript (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
showTestLogs¶
Defines whether to print the pod logs after running helm tests
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
stashContent¶
Jenkins-specific: Used for proper environment setup.
Specific stashes that should be considered for the step execution.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | - deployDescriptor- downloadedArtifact |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
teardownScript¶
For helm-based deploymens only!
HTTP location of setup script.
The script will be downloaded from a GitHub location using the githubToken and executed at the end of the step.
This can for example be used in order to remove a temporary namespace which was created for the test.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_teardownScript (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
tillerNamespace¶
Defines optional tiller namespace for deployments using helm.
| Scope | Details |
|---|---|
| Aliases | helmTillerNamespace |
| Type | string |
| Mandatory | no |
| Default | $PIPER_tillerNamespace (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
valuesMapping¶
Mapping of values provided by Piper onto custom paths in format [custom-path]: [piper-value]
Example:
valuesMapping:
subchart.image.tag: image.debug.tag
subchart.image.repository: image.debug.repository
subchart.image.pullsecret: secret.dockerconfigjson
| Scope | Details |
|---|---|
| Aliases | - |
| Type | map[string]interface{} |
| Mandatory | no |
| Default | $PIPER_valuesMapping (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
verbose¶
verbose output
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
verificationScript¶
For helm-based deploymens only!
HTTP location of verification script.
The script will be downloaded from a GitHub location using the githubToken and executed after installation of the helm package.
It can be used to verify if all required artifacts are ready before progressing with for example helmTest using the step option runHelmTests: true
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_verificationScript (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
kubeConfigFileCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret file' credentials ID containing kubeconfig file. Details can be found in the Kubernetes documentation.
| Scope | Details |
|---|---|
| Aliases | kubeCredentialsId (deprecated) |
| Type | string |
| Configuration scope |
|
kubeTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing token to authenticate to Kubernetes. This is an alternative way to using a kubeconfig file. Details can be found in the Kubernetes documentation.
| Scope | Details |
|---|---|
| Aliases | k8sTokenCredentialsId (deprecated) |
| Type | string |
| Configuration scope |
|
dockerCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Configuration scope |
|
dockerConfigJsonCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)).
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Configuration scope |
|
githubTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins credentials ID containing the github token.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Configuration scope |
|
Exceptions¶
None
Examples¶
kubernetesDeploy script: this
// Deploy a helm chart called "myChart" using Helm 3
kubernetesDeploy script: this, deployTool: 'helm3', chartPath: 'myChart', deploymentName: 'myRelease', image: 'nginx', containerRegistryUrl: 'https://docker.io'