我的博客原文地址nginx

使用Tekton Trigger實現自動觸發代碼構建

前兩篇代碼構建鏡像須要本身手動觸發Tekton task，這節咱們使用Tekton Trigger，當代碼倉有修改時，自動觸發代碼的構建以及後續的一連串流程。git

安裝Tekton Trigger

# Tekton Triggers + Interceptors
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/interceptors.yaml

# 配置rbac
kubectl apply -f https://raw.githubusercontent.com/arthurk/tekton-triggers-example/master/01-rbac.yaml
複製代碼

EventListener

EventListener處理傳入的請求，並執行Trigger。建立eventlistener.yaml，裏面定義了一個叫github-listener的Trigger，包含一個叫github的interceptors，接收的事件爲push（事件的類型及格式能夠參見GitHub文檔），使用了一個叫github-interceptor-secret的secret，這個secret裏有一個token，這個token會配置在GitHub的webhook中，當請求到達時，interceptors會作驗證。最後綁定了一組binding和template。github

apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
  name: github-pr
spec:
  serviceAccountName: tekton-triggers-example-sa
  triggers:
    - name: github-listener
      interceptors:
        - ref:
            name: "github"
          params:
            - name: "secretRef"
              value:
                secretName: github-interceptor-secret
                secretKey: secretToken
            - name: "eventTypes"
              value: ["push"]
      bindings:
        - ref: github-pr-binding
      template:
        ref: github-pr-pipeline-template
複製代碼

Secret

建立secret.yaml secretToken後面須要填到GitHub的webhooks中，到webhooks請求到來時須要作校驗。web

apiVersion: v1
kind: Secret
metadata:
  name: github-interceptor-secret
type: Opaque
stringData:
  secretToken: "1234567"
複製代碼

TriggerBinding

當EventListener接收並驗證請求後，TriggerBinding會將請求中的參數提取出來供後面PipeLine使用。建立triggerbinding.yaml，這裏咱們只要git push事件中的commit id，做爲後面image的tag。json

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: github-pr-binding
spec:
  params:
    - name: gitcommitid
      value: $(body.commits[0].id)
複製代碼

這些參數會傳遞給TriggerTemplate。api

TriggerTemplate

TriggerTemplate負責生成動態資源。建立triggertemplate.yaml，這邊咱們生成PipelineRun，PipelineRun裏咱們會用到以前建立的Pipeline，buildpacks-test-pipeline。bash

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: github-pr-pipeline-template
spec:
  params:
    - name: gitcommitid
      description: The git commit id
    - name: imageregistry
      default: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go-auto
    - name: gitrevision
      description: The git revision (SHA)
      default: master
    - name: gitrepositoryurl
      description: The git repository url ("https://github.com/foo/bar.git")
  resourcetemplates:
    - apiVersion: tekton.dev/v1beta1
      kind: PipelineRun
      metadata:
        generateName: github-pr-pipeline-run-
      spec:
        serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
        pipelineRef:
          name: buildpacks-test-pipeline
        workspaces:
        - name: shared-workspace
          persistentvolumeclaim:
            claimName: buildpacks-source-pvc
        resources:
        - name: build-image
          resourceRef:
            name: buildpacks-app-image
        podTemplate:
          volumes:
          - name: buildpacks-cache
            persistentVolumeClaim:
              claimName: buildpacks-cache-pvc
        params:
        - name: imageurl
          value: $(tt.params.imageregistry):$(tt.params.gitcommitid)
複製代碼

Ingress

建立ingress.yaml 用來開放EventListener服務，供GitHub webhooks調用。markdown

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-resource
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
    - http:
        paths:
          - path: /hooks
            pathType: Exact
            backend:
              service:
                name: el-github-pr
                port:
                  number: 8080
複製代碼

在Github上增長webhook

打開咱們GitHub項目的Setiings->Webhooks，點擊Add Webhook。而後配置如下選項：app

Playload URL：external IP和path，path是咱們剛剛在Ingress中配置的。好比http://10.0.0.1/hooks
Content type: application/json
Secret: 1234567

測試

作完以上工做咱們就能夠開始測試了。咱們修改一下咱們項目的源碼，並push到GitHub倉庫，查看咱們集羣內的PipelineRun任務，會有一個自動建立的名爲github-pr-pipeline-run-xxxx的任務（名字由TriggerTemplate中定義），任務會自動拉取咱們最新的代碼，並將代碼構建成鏡像，用commit id做爲鏡像的tag上傳到SWR。oop

參考連接：

www.arthurkoziel.com/tutorial-te…

基於tekton和argocd的CICD實現（3/4）