Working with Keptn tasks

Learn how to work with Keptn tasks

Keptn tasks are defined in a KeptnTaskDefinition resource. A task definition includes a function that defines the action taken by that task. It can be configured in one of three different ways:

  • inline
  • referring to an HTTP script
  • referring to another KeptnTaskDefinition
  • referring to a ConfigMap resource that is populated with the function to execute

Context

A Kubernetes context is a set of access parameters that contains a Kubernetes cluster, a user, a namespace, the application name, workload name, and version. For more information, see Configure Access to Multiple Clusters.

You may need to include context information in the function code included in the YAML file that defines a KeptnTaskDefinition resource. For an example of how to do this, see the keptn-tasks.yaml file.

A context environment variable is available via Deno.env.get("CONTEXT"). It can be used like this:

let context = Deno.env.get("CONTEXT");
    
if (context.objectType == "Application") {
    let application_name = contextdata.appName;
    let application_version = contextdata.appVersion;
}       
        
if (context.objectType == "Workload") {
    let application_name = contextdata.appName;
    let workload_name = contextdata.workloadName;
    let workload_version = contextdata.workloadVersion;
}

Parameterized functions

KeptnTaskDefinitions can use input parameters. Simple parameters are passed as a single map of key values, while the secret parameters refer to a single Kubernetes secret.

Consider the following example:

apiVersion: lifecycle.keptn.sh/v1alpha2
kind: KeptnTaskDefinition
metadata:
  name: slack-notification-dev
spec:
  function:
    functionRef:
      name: slack-notification
    parameters:
      map:
        textMessage: "This is my configuration"
    secureParameters:
      secret: slack-token

Note the following about using parameters with functions:

  • The Lifecycle Toolkit passes the values defined inside the map field as a JSON object.
  • Multi-level maps are not currently supported.
  • The JSON object can be read through the environment variable DATA using Deno.env.get("DATA");.
  • Currently only one secret can be passed. The secret must have a key called SECURE_DATA. It can be accessed via the environment variable Deno.env.get("SECURE_DATA").

Create secret text

To create a secret to use in a KeptnTaskDefinition, execute this command:

kubectl create secret generic my-secret --from-literal=SECURE_DATA=foo

apiVersion: lifecycle.keptn.sh/v1alpha3
kind: KeptnTaskDefinition
metadata:
  name: dummy-task
  namespace: "default"
spec: 
  function: 
    secureParameters:
      secret: my-secret
    inline:
      code: |
        let secret_text = Deno.env.get("SECURE_DATA");
        // secret_text = "foo"

To pass multiple variables you can create a Kubernetes secret using a JSON string:

kubectl create secret generic my-secret \
--from-literal=SECURE_DATA="{\"foo\": \"bar\", \"foo2\": \"bar2\"}"

apiVersion: lifecycle.keptn.sh/v1alpha3
kind: KeptnTaskDefinition
metadata:
  name: dummy-task
  namespace: "default"
spec:
  function:
    secureParameters:
      secret: my-secret
    inline:
      code: |
        let secret_text = Deno.env.get("SECURE_DATA");
        let secret_text_obj = JSON.parse(secret_text);
        // secret_text_obj["foo"] = "bar"
        // secret_text_obj["foo2"] = "bar2"

Pass secrets to a function

In the previous example, you see that Kubernetes secrets can be passed to the function using the secureParameters field.

Here, the secret value is the name of the Kubernetes secret, which contains a field with the key SECURE_DATA.
The value of that field is then available to the function’s runtime via an environment variable called SECURE_DATA.

For example, if you have a task function that should make use of secret data, you must first ensure that the secret containing the SECURE_DATA key exists For example:

apiVersion: v1
kind: Secret
metadata:
  name: deno-demo-secret
  namespace: default
type: Opaque
data:
  SECURE_DATA: YmFyCg== # base64 encoded string, e.g. 'bar'

Then, you can make use of that secret as follows:

apiVersion: lifecycle.keptn.sh/v1alpha3
kind: KeptnTaskDefinition
metadata:
  name: deployment-hello
  namespace: "default"
spec:
  function:
    secureParameters:
      secret: deno-demo-secret
    inline:
      code: |
        console.log("Deployment Hello Task has been executed");

        let foo = Deno.env.get('SECURE_DATA');
        console.log(foo);
        Deno.exit(0);
Last modified 2023-06-21: releasing documentation v0.8.0 (24f0a46)