Add ansible-runner v0.3

task/ansible-runner/0.3/README.md

@@ -0,0 +1,111 @@
+# Ansible Runner
+
+Ansible Runner Task allows running the Ansible Playbooks using the [ansible-runner](https://ansible-runner.readthedocs.io/) tool.
+
+The latest versions of ansible-runner requires [`community.general`](https://github.com/ansible-collections/community.general) to be installed from ansible-collections.
+
+## Creating the Task
+
+Create the Task and other resources:
+
+```shell
+kubectl apply --filename https://api.hub.tekton.dev/v1/resource/tekton/task/ansible-runner/0.3/raw
+```
+
+Verify the created tasks:
+
+```shell
+tkn task ls
+```
+
+## Parameters
+
+* **project-dir**: The ansible-runner private data dir
+* **args:**: The array of arguments to pass to the runner command (_default:_ --help)
+* **user-home**: Absolute path to the user's home directory. (_default:_ /tekton/home)
+* **workspaces_ssl_ca_file**: file name of ca bundle. (_default:_ ca-bundle.crt)
+
+## Workspaces
+
+* **runner-dir**: A [workspace](https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md) to hold the `private_data_dir` as described in https://ansible-runner.readthedocs.io/en/latest/intro.html#runner-input-directory-hierarchy[Runner Directory]
+* **ssl-ca-directory**: A optional [workspace](https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md) to hold the ca_certs for custom certificate authorities.
+
+## Platforms
+
+The Task can be run on `linux/amd64` platform.
+
+## Usage
+
+The TaskRun uses the repository https://github.com/vinamra28/tektoncd-ansible-runner-example, that houses some example playbooks.
+
+All the examples will be run in namespace called `funstuff`. Create the namespace and shift the context to it:
+
+```shell
+   kubectl create ns funstuff && \
+   kubectl config set-context --current --namespace=funstuff
+```
+
+### Create the PVC and clone example sources
+
+```shell
+kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/git-clone/0.5/raw \
+  -f  https://raw.githubusercontent.com/tektoncd/catalog/main/task/ansible-runner/0.3/support/playbooks-pvc.yaml
+```
+
+Do the git clone of the examples repository:
+
+```shell
+tkn task start git-clone \
+  --workspace=name=output,claimName=ansible-playbooks \
+  --param=url=https://github.com/vinamra28/tektoncd-ansible-runner-example \
+  --param=revision=master \
+  --param=deleteExisting=true \
+  --showlog
+```
+
+### Create the Service Account
+
+As we will do get, list and create on the namespace, lets use a service account that has right RBAC:
+
+```shell
+kubectl apply -f  https://raw.githubusercontent.com/tektoncd/catalog/main/task/ansible-runner/0.3/support/ansible-deployer.yaml
+```
+
+### Run Tasks
+
+List the pods of `kube-system` namespace:
+
+```shell
+ tkn task start ansible-runner \
+   --serviceaccount ansible-deployer-account \
+   --param=project-dir=kubernetes \
+   --param=args=-p,list-pods.yml \
+   --workspace=name=runner-dir,claimName=ansible-playbooks \
+   --showlog
+```
+
+### Create Deployment
+
+Create a deployment in  `funstuff` namespace:
+
+```shell
+ tkn task start ansible-runner \
+   --serviceaccount ansible-deployer-account \
+   --param=project-dir=kubernetes \
+   --param=args=-p,create-deployment.yml \
+   --workspace=name=runner-dir,claimName=ansible-playbooks \
+   --showlog
+```
+
+### Create Service
+
+Create a service in `funstuff` namespace:
+
+```shell
+ tkn task start ansible-runner \
+   --serviceaccount ansible-deployer-account \
+   --param=project-dir=kubernetes \
+   --param=args=-p,create-service.yml \
+   --workspace=name=runner-dir,claimName=ansible-playbooks \
+   --showlog
+```

task/ansible-runner/0.3/ansible-runner.yaml

@@ -0,0 +1,82 @@
+---
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: ansible-runner
+  labels:
+    app.kubernetes.io/version: '0.3'
+    app.kubernetes.io/ansible-version: '2.18.2'
+  annotations:
+    tekton.dev/deprecated: "false"
+    tekton.dev/pipelines.minVersion: '0.19.0'
+    tekton.dev/categories: CLI
+    tekton.dev/tags: cli
+    tekton.dev/displayName: 'Ansible Runner'
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: >-
+    Task to run Ansible playbooks using Ansible Runner
+
+  workspaces:
+    - name: runner-dir
+      description: The Ansibler runner directory
+    - name: ssl-ca-directory
+      optional: true
+      description: |
+        A Workspace containing CA certificates, this will be used by Ansible and pip to
+        verify the peer with when interacting with remote repositories using
+        HTTPS.
+  params:
+    - name: project-dir
+      description: The project directory under the workspace runner-dir
+      default: '.'
+    - name: args
+      description: The arguments to pass ansible-runner
+      type: array
+      default:
+        - --help
+    - name: user-home
+      description: Absolute path to the user's home directory.
+      default: /tekton/home
+    - name: image
+      description: Ansible runner image.
+      default: ghcr.io/ansible/community-ansible-dev-tools:v25.5.1 #tag: v25.5.1
+    - name: workspaces_ssl_ca_file
+      default: ""
+
+  stepTemplate:
+    env:
+      - name: HOME
+        value: $(params.user-home)
+      - name: SSL_CERT_FILE
+        value: "$(workspaces.ssl-ca-directory.path)$(params.workspaces_ssl_ca_file)"
+  steps:
+    - name: requirements
+      image: $(params.image)
+      script: |
+        #!/bin/bash
+        set -e
+
+        if [ -f requirements.txt ];
+        then
+          pip3 install --user \
+            -r requirements.txt
+        fi
+
+        if [ -f  requirements.yml ];
+        then
+          ansible-galaxy role install -vv \
+            -r requirements.yml
+          ansible-galaxy collection install -vv \
+            -r requirements.yml
+        fi
+      workingDir: '$(workspaces.runner-dir.path)/$(params.project-dir)'
+
+    - name: run-playbook
+      image: $(params.image)
+      command: ['ansible-runner']
+      args:
+        - run
+        - $(params.args)
+        - $(params.project-dir)
+      workingDir: '$(workspaces.runner-dir.path)'

task/ansible-runner/0.3/support/ansible-deployer.yaml

@@ -0,0 +1,37 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ansible-deployer-account
+  namespace: funstuff
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ansible-deployer
+rules:
+  # Core API
+  - apiGroups: ['']
+    resources: ['services', 'pods', 'deployments', 'configmaps', 'secrets']
+    verbs: ['get', 'list', 'create', 'update', 'delete', 'patch', 'watch']
+  # Apps API
+  - apiGroups: ['apps']
+    resources: ['deployments', 'daemonsets', 'jobs']
+    verbs: ['get', 'list', 'create', 'update', 'delete', 'patch', 'watch']
+  # Knative API
+  - apiGroups: ['serving.knative.dev']
+    resources: ['services', 'revisions', 'routes']
+    verbs: ['get', 'list', 'create', 'update', 'delete', 'patch', 'watch']
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: ansible-deployer-binding
+subjects:
+  - kind: ServiceAccount
+    name: ansible-deployer-account
+    namespace: funstuff
+roleRef:
+  kind: ClusterRole
+  name: ansible-deployer
+  apiGroup: rbac.authorization.k8s.io

task/ansible-runner/0.3/support/playbooks-pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ansible-playbooks
+  namespace: funstuff
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi

task/ansible-runner/0.3/tests/pre-apply-task-hook.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Add git-clone
+add_task git-clone latest

task/ansible-runner/0.3/tests/resources.yaml

@@ -0,0 +1,48 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ansible-playbooks-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ansible-deployer-account
+  namespace: ansible-runner-0-3
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ansible-deployer
+rules:
+  # Core API
+  - apiGroups: ['']
+    resources: ['services', 'pods', 'deployments', 'configmaps', 'secrets']
+    verbs: ['get', 'list', 'create', 'update', 'delete', 'patch', 'watch']
+  # Apps API
+  - apiGroups: ['apps']
+    resources: ['deployments', 'daemonsets', 'jobs']
+    verbs: ['get', 'list', 'create', 'update', 'delete', 'patch', 'watch']
+  # Knative API
+  - apiGroups: ['serving.knative.dev']
+    resources: ['services', 'revisions', 'routes']
+    verbs: ['get', 'list', 'create', 'update', 'delete', 'patch', 'watch']
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ansible-deployer-binding
+subjects:
+  - kind: ServiceAccount
+    name: ansible-deployer-account
+    namespace: ansible-runner-0-3
+roleRef:
+  kind: ClusterRole
+  name: ansible-deployer
+  apiGroup: rbac.authorization.k8s.io

task/ansible-runner/0.3/tests/run.yaml

@@ -0,0 +1,53 @@
+---
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: ansibler-runner-pipeline
+spec:
+  workspaces:
+    - name: runner-dir
+  tasks:
+    - name: fetch-repository
+      taskRef:
+        name: git-clone
+      workspaces:
+        - name: output
+          workspace: runner-dir
+      params:
+        - name: url
+          value: |
+            https://github.com/sveno1990/catalog/
+        - name: revision
+          value: 'feature/ansible-runner-v0.3'
+
+        - name: deleteExisting
+          value: 'true'
+    # ansible-runner
+    - name: ansible-runner-run
+      taskRef:
+        name: ansible-runner
+      runAfter:
+        - fetch-repository
+      workspaces:
+        - name: runner-dir
+          workspace: runner-dir
+      params:
+        - name: project-dir
+          value: 'task/ansible-runner/0.3/tests/tektoncd-ansible-runner-example/kubernetes'
+        - name: args
+          value: ['-p', 'list-pods.yml']
+
+---
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  name: ansibler-runner-pipeline-run
+spec:
+  taskRunTemplate:
+    serviceAccountName: ansible-deployer-account
+  pipelineRef:
+    name: ansibler-runner-pipeline
+  workspaces:
+    - name: runner-dir
+      persistentVolumeClaim:
+        claimName: ansible-playbooks-pvc