Set up the Review App for each Pull Request automatically.
KubeTempura is the Kubernetes operator for setting up a Review App in a Kubernetes cluster with flexibility.
- A domain name (e.g, kubetempura.example.com)
- To receive a event from GitHub
- Git
- Make
- Kubectl
- Kustomize
Setup a new Webhook like this image.
- Open the Settings tab on your repository or organization (if you want to setup it organization-wide).
- Open the Webhooks tab
- Click the "Add webhook" button
- Set the "Payload URL" with the value
https://YOURDOMAIN/webhooks
- Set the "Content type" with the value
application/json
- Generate a secret plain-text token and input it.
- Choose "Let me select individual events" for the webhook trigger.
- Enable the event "Pull requests".
- Finish creating the webhook.
Then, you also need to register that secret as a Kubernetes Secret resource.
$ kubectl create ns kubetempura-system
$ kubectl create secret generic -n kubetempura-system github-webhook --from-literal=secret=$YOUR_SECRET
$ git clone git@github.com:mercari/kubetempura.git
$ cd kubetempura
$ vi config/crd/default/manager_auth_proxy_patch.yaml
$ make install deploy
It heavily depends on your cluster. Typically you need to create a Service and a Ingress resources. See below example files:
Also you need to register a DNS record. Such as kubetempura.example.com
After the installation, you can create a ReviewApp resource in each namespace. ReviewApp is a template for resources, which you want to create for each PR.
the resouces
is an array which allows any kind of Kubernetes resources include CRDs.
apiVersion: kubetempura.mercari.com/v1
kind: ReviewApp
metadata:
name: reviewapp-sample
namespace: default
spec:
githubRepository: https://github.com/mercari/not-exists
resources:
- apiVersion: apps/v1
kind: Deployment
metadata:
name: reviewapp-sample-pr{{PR_NUMBER}}
namespace: default
spec:
selector:
matchLabels:
app: reviewapp-sample-pr{{PR_NUMBER}}
template:
metadata:
labels:
app: reviewapp-sample-pr{{PR_NUMBER}}
spec:
containers:
- name: sample
image: ghcr.io/stefanprodan/podinfo:pr{{PR_NUMBER}}-{{COMMIT_REF}}
...
- apiVersion: v1
kind: Service
metadata:
name: reviewapp-sample-pr{{PR_NUMBER}}
namespace: default
spec:
...
selector:
app: reviewapp-sample-pr{{PR_NUMBER}}
In a template, you can use several variables:
{{PR_NUMBER}}
: the number of a PR.{{COMMIT_REF}}
: the commit-ref of a latest (head) commit of a PR. It would be useful to specifying the image tag.{{COMMIT_REF_SHORT}}
: the short version of the commit ref for a compatibility.
- KubeTempura has a limited permission for create/update/delete a resource. If you want to create a resource without one of a kind
Deployment
,Service
,ConfigMap
, andSecrets
, you need to add that resouce in a ClusterRole for KubeTempura. - KubeTempura works only based on a GitHub Webhook. You need to close and re-open your PR to update a state explicitly when KubeTempura failed to receive a webhook for some reasons.
Please read the CLA carefully before submitting your contribution to Mercari. Under any circumstances, by submitting your contribution, you are deemed to accept and agree to be bound by the terms and conditions of the CLA.
Copyright 2022 Mercari, Inc.
Licensed under the Apache License.