Purpose of this plugin is as an "Example" to show how harness can inject variables into Kustomize manifests . This particular example replaces the image in the manifest and makes a commit back to the orginal kustomize GIT versioned deployment manifest to maintain a record.
Ultimately you could use any available commands and utilities in the plugin framework to achieve the same outcome . For instance you could use go templating
I have used YQ and bash in this example to rapid prototype .
Here are some more examples in python from other folks https://github.com/Agilicus/kustomize-plugins/tree/master/agilicus/v1/imagetransformer
And plugin development documentation https://www.bookstack.cn/read/kubernetes-kubectl-en/746cbd49e2286776.md
- Working delegate and kubernetes cluster
- GIT installed on the delegate (this can be done by a delegate profile)
- YQ installed on the delegate (this can be done by a delegate profile)
If using GIT ssh , ssh public key should be available and working on the delegate home user (delegate profiles are good for this) If using HTTPS , you will need your GIT password url encoded and stored in a harness secret called "git_password_url_encoded"
NOTE : if you dont wish to use GIT you can just remove the script block marked as "GIT optional"
- deployment.yaml and service.yaml (example files for kustomization - nginx deploy)
- kustomization.yaml (standard kustomize file)
- HarnessKustomizePlugin.yaml (Plugin configuration)
- HarnessKustomizePluginScript-GIT-HTTPS (HTTPS Plugin script for addition to your workflow)
- HarnessKustomizePluginScript-GIT-SSH (SSH Plugin script for addition to your workflow)
- HarnessKustomizePluginScript (Minimal plugin without commit and push back to git)
Directory with the following path /root/K_PLUGINS/${app.name}/${service.name}/${env.name}/kustomize/plugin/version1/harnesskustomizeplugin will be created . It will also dynamically create a plugin script here called HarnessKustomizePlugin on every run of the workflow
-
Setup and test delegate pre-requsites (SSH key , YQ , GIT)
-
Setup your kustomize repo , test and deploy as per documentation https://docs.harness.io/article/zrz7nstjha-use-kustomize-for-kubernetes-deployments
-
Add the plugin config yaml to the root of your kustomize repo HarnessKustomizePlugin.yaml
-
Reference it in your kustomization.yaml (see kustomization.yaml example in this repo)
-
Configure the plugin directory as per documentation and delegate path above https://docs.harness.io/article/zrz7nstjha-use-kustomize-for-kubernetes-deployments
-
Add a shell script step in your workflow before the rollout step , name it Inject Harness Plugin , add the contents of HarnessKustomizePluginScript-GIT-HTTPS-AUTH or HarnessKustomizePluginScript-GIT-SSH-AUTH depending on your auth scheme .
Shell Script variable values required :
SSH Script
GIT_USER="joebloggs"
GIT_EMAIL="joebloggs@hotmail.com"
GIT_BRANCH="main"
#reference to harness image artifact variable
IMAGE=${artifact.metadata.image}
#repo URL suffix
GIT_REPOSITORY_NAME=HarnessKustomizePlugin
#generic repo path and auth
GIT_REPO_PATH=git@github.com:$GIT_USER/$GIT_REPOSITORY_NAME.git
HTTPS Script
GIT_USER="joebloggs"
GIT_EMAIL="joebloggs@hotmail.com"
#note HTTPS url requires URL encoding for special characters
GIT_PASSWORD_URLENCODED=${secrets.getValue("git_password_url_encoded")}
GIT_BRANCH="main"
#reference to harness image artifact variable
IMAGE=${artifact.metadata.image}
#repo URL suffix
REPOSITORY_NAME=HarnessKustomizePlugin
#generic repo path
REPO_PATH=https://github.com/gregkroon/HarnessKustomizePlugin
#build full auth string with URL encoded password for remote repo add and git push
REPO_AUTH_STRING=https://$GIT_USER:$GIT_PASSWORD_URLENCODED@github.com/$GIT_USER/$REPOSITORY_NAME.git
TODO: If your deployment.yaml and kustomize.yaml are in different paths from the root of the repo you will need to adjust the script , future versions will accomodate this .
-
If using SSH you will require your ssh key added and tested manually to the delegate , if using HTTPS you will need to create a secret with the GIT user password that is url encoded called "git_password_url_encoded"
-
Execute the workflow and verify no errors in the "Rollout Deployment step" -> "Intialize logs" and that there is a successfull git commit on the deployment.yaml