tekton Tiggers使用案例
安装Tiggers
kubectl apply --filename \
https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename \
https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml会有一个报错不影响先忽略掉
[root@master ~]# kubectl get pods -n tekton-pipelines
NAME READY STATUS RESTARTS AGE
tekton-dashboard-868d46b9db-lgcmr 1/1 Running 1 (2m16s ago) 96m
tekton-pipelines-controller-d98cb8d45-z4xwp 1/1 Running 1 (2m ago) 96m
tekton-pipelines-webhook-76ffbff7bf-d5nbf 1/1 Running 1 (110s ago) 96m
tekton-triggers-controller-dbb46c886-qzdjr 1/1 Running 0 5m25s
tekton-triggers-core-interceptors-57dd764784-4x4hf 1/1 Running 1 (103s ago) 4m26s
tekton-triggers-webhook-587c7b599d-7tlrf 1/1 Running 0 5m23s创建tiggertemplate和tiggerbinding
[root@master 01-trigger-basics]# kubectl apply -f 01-triggertemplate-demo.yaml
triggertemplate.triggers.tekton.dev/pipeline-template-demo created
[root@master 01-trigger-basics]# kubectl apply -f 02-triggerbinding-demo.yaml
triggerbinding.triggers.tekton.dev/pipeline-binding-demo created
[root@master 01-trigger-basics]# cat 01-triggertemplate-demo.yaml
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: pipeline-template-demo
spec:
params:
- name: image-url
default: ikubernetes/spring-boot-helloworld
- name: git-revision
description: The git revision (SHA)
default: master
- name: git-url
description: The git repository url ("https://github.com/foo/bar.git")
- name: version
description: The version of application
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: pipeline-run-
spec:
pipelineRef:
name: source-to-image
params:
- name: git-url
value: $(tt.params.git-url)
- name: image-url
value: $(tt.params.image-url)
- name: version
value: $(tt.params.version)
workspaces:
- name: codebase
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: nfs-csi
- name: docker-config
secret:
secretName: docker-config
[root@master 01-trigger-basics]# cat 02-triggerbinding-demo.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: pipeline-binding-demo
spec:
params:
- name: git-url
value: $(body.head_commit.id)
- name: image-url
value: $(body.repository.url)
- name: version
value: $(header.Content-Type)
[root@master 01-trigger-basics]# kubectl get tt
NAME AGE
pipeline-template-demo 58s
[root@master 01-trigger-basics]# kubectl get tb
NAME AGE
pipeline-binding-demo 54s
对接Gitlab
[root@master 02-trigger-gitlab]# kubectl apply -f 01-gitlab-token-secret.yaml -f 02-gitlab-eventlistener-rbac.yaml -f 03-gitlab-push-binding.yaml -f 04-gitlab-trigger-template.yaml -f 05-gitlab-event-listener.yaml
secret/gitlab-webhook-token created
serviceaccount/tekton-triggers-gitlab-sa created
role.rbac.authorization.k8s.io/tekton-triggers-gitlab-minimal created
rolebinding.rbac.authorization.k8s.io/tekton-triggers-gitlab-binding created
clusterrole.rbac.authorization.k8s.io/tekton-triggers-gitlab-minimal created
clusterrolebinding.rbac.authorization.k8s.io/tekton-triggers-gitlab-binding created
triggerbinding.triggers.tekton.dev/gitlab-push-binding created
triggertemplate.triggers.tekton.dev/gitlab-trigger-template created
eventlistener.triggers.tekton.dev/gitlab-event-listener created
[root@master 02-trigger-gitlab]# cat 01-gitlab-token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: gitlab-webhook-token
type: Opaque
stringData:
# Generated by command "openssl rand -base64 12"
webhookToken: "DXeqvozMlTA67aQB"
[root@master 02-trigger-gitlab]# cat 02-gitlab-eventlistener-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-gitlab-sa
secrets:
- name: gitlab-webhook-token
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-gitlab-minimal
rules:
# Permissions for every EventListener deployment to function
- apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
verbs: ["get"]
- apiGroups: [""]
# secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
resources: ["configmaps", "secrets", "serviceaccounts"]
verbs: ["get", "list", "watch"]
# Permissions to create resources in associated TriggerTemplates
- apiGroups: ["tekton.dev"]
resources: ["pipelineruns", "pipelineresources", "taskruns"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-gitlab-binding
subjects:
- kind: ServiceAccount
name: tekton-triggers-gitlab-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-gitlab-minimal
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-gitlab-minimal
rules:
- apiGroups: ["triggers.tekton.dev"]
resources: ["clusterinterceptors"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-triggers-gitlab-binding
subjects:
- kind: ServiceAccount
name: tekton-triggers-gitlab-sa
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-gitlab-minimal
[root@master 02-trigger-gitlab]# cat 03-gitlab-push-binding.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitlab-push-binding
spec:
params:
- name: git-revision
value: $(body.checkout_sha)
- name: git-repo-url
value: $(body.repository.git_http_url)
[root@master 02-trigger-gitlab]# cat 04-gitlab-trigger-template.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: gitlab-trigger-template
spec:
params: # 定义参数
- name: git-revision
- name: git-repo-url
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: gitlab-trigger-run- # TaskRun 名称前缀
spec:
serviceAccountName: tekton-triggers-gitlab-sa
params:
- name: git-revision
value: $(tt.params.git-revision)
- name: git-repo-url
value: $(tt.params.git-repo-url)
workspaces:
- name: source
emptyDir: {}
taskSpec:
workspaces:
- name: source
params:
- name: git-revision
- name: git-repo-url
steps:
- name: fetch-from-git-repo
image: alpine/git:v2.36.1
script: |
git clone -v $(params.git-repo-url) $(workspaces.source.path)/source
cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision)
- name: list-files
image: alpine:3.16
script: ls -la $(workspaces.source.path)/source
[root@master 02-trigger-gitlab]# cat 05-gitlab-event-listener.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: gitlab-event-listener
spec:
serviceAccountName: tekton-triggers-gitlab-sa
triggers:
- name: gitlab-push-events-trigger
interceptors:
- ref:
name: "gitlab"
params:
- name: "secretRef"
value:
secretName: gitlab-webhook-token
secretKey: webhookToken
- name: "eventTypes"
value: ["Push Hook"]
bindings:
- ref: gitlab-push-binding
template:
ref: gitlab-trigger-template查看创建的资源
[root@master 02-trigger-gitlab]# kubectl get tt
NAME AGE
gitlab-trigger-template 2m32s
pipeline-template-demo 16h
[root@master 02-trigger-gitlab]# kubectl get tb
NAME AGE
gitlab-push-binding 2m38s
pipeline-binding-demo 16h
[root@master 02-trigger-gitlab]# kubectl get pods
NAME READY STATUS RESTARTS AGE
el-gitlab-event-listener-6d6877b4cd-7grzg 1/1 Running 0 2m30s配置gitlab 管理中心-设置-网络
设置出战请求保存
设置webhook
添加eventlistener地址喝secret令牌(01-gitlab-token-secret.yaml中的webhookToken)
添加webhook
测试push events是成功的
查看下Tekton dashboard的RaskRuns已经自动触发了一个
可以看到已经列出对应的仓库内容了
