Tekton Triggers--02-trigger-gitlab
https://tekton.dev/docs/triggers/install/
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
root@master01:~/triggers# cat release.yaml |grep gcr image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.19.1@sha256:da6269e3784fda08220f87b45caf42d12ac5caf49d17df2524cec297201a3a93" args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.19.1@sha256:ba97a3ce4d193c7c3e37f02bd08b40755cee6abcc412b56480d88eac040787c5", "-el-port", "8080", "-el-security-context=true", "-el-events", "disable", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-el-httpclient-readtimeout", "30", "-el-httpclient-keep-alive", "30", "-el-httpclient-tlshandshaketimeout", "10", "-el-httpclient-responseheadertimeout", "10", "-el-httpclient-expectcontinuetimeout", "1", "-period-seconds", "10", "-failure-threshold", "1"] image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.19.1@sha256:ad1aace2254f70ca223f0b8db47468b2910abb672d1982c57b54662d0e8a95a8"
root@master01:~/triggers# cat release.yaml |grep chuan image: "gexuchuan123/tektoncd-triggers-cmd-controller:v0.19.1" args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gexuchuan123/tektoncd-triggers-cmd-eventlistenersink:v0.19.1", "-el-port", "8080", "-el-security-context=true", "-el-events", "disable", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-el-httpclient-readtimeout", "30", "-el-httpclient-keep-alive", "30", "-el-httpclient-tlshandshaketimeout", "10", "-el-httpclient-responseheadertimeout", "10", "-el-httpclient-expectcontinuetimeout", "1", "-period-seconds", "10", "-failure-threshold", "1"] image: "gexuchuan123/tektoncd-triggers-cmd-webhook:v0.19.1"
root@master01:~/triggers# cat interceptors.yaml |grep image image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.19.1@sha256:5ad55bed2a76e5946608cf99ae810977a574446f30d978b04251a4bbfb8445e0"
root@master01:~/triggers# cat interceptors.yaml |grep chuan image: "gexuchuan123/tektoncd-triggers-cmd-interceptors:v0.19.1"
验证
root@master01:~# kubectl get po -ntekton-pipelines tekton-pipelines tekton-triggers-controller-55497b6674-8krlb 1/1 Running 0 34s tekton-pipelines tekton-triggers-core-interceptors-df7d49dd8-g9hrh 1/1 Running 0 35s tekton-pipelines tekton-triggers-webhook-64655f988c-bpwll 1/1 Running 0 33s
root@master01:~# kubectl api-resources --api-group=triggers.tekton.dev NAME SHORTNAMES APIVERSION NAMESPACED KIND clusterinterceptors ci triggers.tekton.dev/v1alpha1 false ClusterInterceptor clustertriggerbindings ctb triggers.tekton.dev/v1beta1 false ClusterTriggerBinding eventlisteners el triggers.tekton.dev/v1beta1 true EventListener triggerbindings tb triggers.tekton.dev/v1beta1 true TriggerBinding triggers tri triggers.tekton.dev/v1beta1 true Trigger triggertemplates tt triggers.tekton.dev/v1beta1 true TriggerTemplate
root@master01:~/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# cat 01-gitlab-token-secret.yaml webhookToken: "DXeqvozMlTA67aQB"
gitlab外发权限打开
root@master01:~/triggers# ls
bak interceptors.yaml release.yaml
root@master01:~/triggers# kubectl apply -f .
没有下面出发不生效
root@master01:/opt/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# kubectl get ClusterInterceptor NAME AGE bitbucket 20s cel 20s github 20s gitlab 20s
root@master01:/opt/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# cat 01-gitlab-token-secret.yaml apiVersion: v1 kind: Secret metadata: name: gitlab-webhook-token type: Opaque stringData: # Generated by command "openssl rand -base64 12" webhookToken: "DXeqvozMlTA67aQB" root@master01:/opt/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# cat 02-gitlab-eventlistener-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: tekton-triggers-gitlab-sa secrets: - name: gitlab-webhook-token --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-triggers-gitlab-minimal rules: # Permissions for every EventListener deployment to function - apiGroups: ["triggers.tekton.dev"] resources: ["eventlisteners", "triggerbindings", "triggertemplates"] verbs: ["get"] - apiGroups: [""] # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization resources: ["configmaps", "secrets", "serviceaccounts"] verbs: ["get", "list", "watch"] # Permissions to create resources in associated TriggerTemplates - apiGroups: ["tekton.dev"] resources: ["pipelineruns", "pipelineresources", "taskruns"] verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-triggers-gitlab-binding subjects: - kind: ServiceAccount name: tekton-triggers-gitlab-sa roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tekton-triggers-gitlab-minimal --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-triggers-gitlab-minimal rules: - apiGroups: ["triggers.tekton.dev"] resources: ["clusterinterceptors"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-triggers-gitlab-binding subjects: - kind: ServiceAccount name: tekton-triggers-gitlab-sa namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tekton-triggers-gitlab-minimal root@master01:/opt/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# cat 03-gitlab-push-binding.yaml apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerBinding metadata: name: gitlab-push-binding spec: params: - name: git-revision value: $(body.checkout_sha) - name: git-repo-url value: $(body.repository.git_http_url) root@master01:/opt/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# cat 04-gitlab-trigger-template.yaml apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerTemplate metadata: name: gitlab-trigger-template spec: params: - name: git-revision - name: git-repo-url resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: generateName: gitlab-trigger-run- spec: serviceAccountName: tekton-triggers-gitlab-sa params: - name: git-revision value: $(tt.params.git-revision) - name: git-repo-url value: $(tt.params.git-repo-url) workspaces: - name: source emptyDir: {} taskSpec: workspaces: - name: source params: - name: git-revision - name: git-repo-url steps: - name: fetch-from-git-repo image: alpine/git:v2.32.0 script: | git clone -v $(params.git-repo-url) $(workspaces.source.path)/source cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision) - name: list-files image: alpine:3.15 script: ls -la $(workspaces.source.path)/source root@master01:/opt/tekton-and-argocd-in-practise/05-tekton-triggers/02-trigger-gitlab# cat 05-gitlab-event-listener.yaml apiVersion: triggers.tekton.dev/v1beta1 kind: EventListener metadata: name: gitlab-event-listener spec: serviceAccountName: tekton-triggers-gitlab-sa triggers: - name: gitlab-push-events-trigger interceptors: - ref: name: "gitlab" params: - name: "secretRef" value: secretName: gitlab-webhook-token secretKey: webhookToken - name: "eventTypes" value: ["Push Hook"] bindings: - ref: gitlab-push-binding template: ref: gitlab-trigger-template