service-api | Main API Service | Microservice library

Changing the IngressRoutes .spec.routes[0].services[0].name is possible with Kustomize using a NameReference transformer (see docs here) - luckily I found inspiration in this issue. Therefore we need to include the configurations keyword in our kustomize.yaml:

In v0.14 Tekton introduced the so called finally Tasks, which run at the end of every Pipeline - regardless which Task failed or succeeded. As the docs state:

finally tasks are guaranteed to be executed in parallel after all PipelineTasks under tasks have completed regardless of success or error.

In general finally tasks look like this:

In Dockerfile

The problem is mentioned in Argo's useraccounts docs:

When you create local users, each of those users will need additional RBAC rules set up, otherwise they will fall back to the default policy specified by policy.default field of the argocd-rbac-cm ConfigMap.

But these additional RBAC rules could be setup the simplest using ArgoCD Projects. And with such a AppProject you don't even need to create a user like tekton in the ConfigMap argocd-cm. ArgoCD projects have the ability to define Project roles:

Projects include a feature called roles that enable automated access to a project's applications. These can be used to give a CI pipeline a restricted set of permissions. For example, a CI system may only be able to sync a single app (but not change its source or destination).

There are 2 solutions how to configure the AppProject, role & permissions incl. role token:

1. using argocd CLI
2. using a manifest YAML file

So let's get our hands dirty and create a ArgoCD AppProject using the argocd CLI called apps2deploy:

The problem seems to be related to the way how the Dockerfile of https://github.com/mikefarah/yq now handles file permissions (for example this fix among others). The 0.3 version of the Tekton yq Task uses the image https://hub.docker.com/layers/mikefarah/yq/4.16.2/images/sha256-c6ef1bc27dd9cee57fa635d9306ce43ca6805edcdab41b047905f7835c174005 which produces the error.

One work-around to the problem could be the usage of the yq Task version 0.2 which you can apply via:

The variable you want to replace contains slashes - and sed "s/{{DASHBOARD_HOST}}/$DASHBOARD_HOST/g" tells sed to use / as the delimiter. This produces the error. But as sed s command can use any character as a delimiter, we could optimize the solution using s# instead of s/ like this:

There's an easy way to accomplish caching using Tekto Hub's Maven Task. Instead of specifying an empty directory in the maven-settings workspace with emptyDir: {} you need to create a new subPath inside your already defined source-pvc PersistentVolumeClaim. Also link the persistentVolumeClaim the same way as you already linked it for the source-workspace. Your PipelineRun now somehow looks like this:

The OpenShift Pipelines documentation does not directly document it. But if you skim the docs especially in the Triggers section, you might recognize that there is no ServiceAccount created whatsoever. But one is used by every Trigger component. It's called pipeline. Simply run kubectl get serviceaccount to see it:

One possible but not the best approach can be the database solution that you suggested but with some additional data. When the user subscribes for the first time you can always save the subscription datetime in the DB and you know for how long the subscription is valid. Then you just have to play with datetime library to know wether the user is subscribed or not.

This will not be helpful if your skill is already running and is live, but if not then this can help.