基于tekton和argocd的CICD实现(3/4) 2021-08-01 CICD 暂无评论 3188 次阅读 # 使用Tekton Trigger实现自动触发代码构建 前两篇代码构建镜像需要自己手动触发Tekton task,这节我们使用Tekton Trigger,当代码仓有修改时,自动触发代码的构建以及后续的一连串流程。 ## 安装Tekton Trigger ```bash # Tekton Triggers + Interceptors kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/release.yaml kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/interceptors.yaml # 配置rbac kubectl apply -f https://raw.githubusercontent.com/arthurk/tekton-triggers-example/master/01-rbac.yaml ``` ## EventListener EventListener处理传入的请求,并执行Trigger。 创建eventlistener.yaml,里面定义了一个叫`github-listener`的Trigger,包含一个叫`github`的interceptors,接收的事件为`push`(事件的类型及格式可以参见[GitHub文档](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads)),使用了一个叫`github-interceptor-secret`的secret,这个secret里有一个token,这个token会配置在GitHub的webhook中,当请求到达时,interceptors会做验证。最后绑定了一组binding和template。 ```yaml apiVersion: triggers.tekton.dev/v1alpha1 kind: EventListener metadata: name: github-pr spec: serviceAccountName: tekton-triggers-example-sa triggers: - name: github-listener interceptors: - ref: name: "github" params: - name: "secretRef" value: secretName: github-interceptor-secret secretKey: secretToken - name: "eventTypes" value: ["push"] bindings: - ref: github-pr-binding template: ref: github-pr-pipeline-template ``` ## Secret 创建secret.yaml `secretToken`后面需要填到GitHub的webhooks中,到webhooks请求到来时需要做校验。 ```yaml apiVersion: v1 kind: Secret metadata: name: github-interceptor-secret type: Opaque stringData: secretToken: "1234567" ``` ## TriggerBinding 当EventListener接收并验证请求后,TriggerBinding会将请求中的参数提取出来供后面PipeLine使用。 创建triggerbinding.yaml,这里我们只要git push事件中的commit id,作为后面image的tag。 ```yaml apiVersion: triggers.tekton.dev/v1alpha1 kind: TriggerBinding metadata: name: github-pr-binding spec: params: - name: gitcommitid value: $(body.commits[0].id) ``` 这些参数会传递给TriggerTemplate。 ## TriggerTemplate TriggerTemplate负责生成动态资源。 创建triggertemplate.yaml,这边我们生成PipelineRun,PipelineRun里我们会用到之前创建的Pipeline,`buildpacks-test-pipeline`。 ```yaml apiVersion: triggers.tekton.dev/v1alpha1 kind: TriggerTemplate metadata: name: github-pr-pipeline-template spec: params: - name: gitcommitid description: The git commit id - name: imageregistry default: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go-auto - name: gitrevision description: The git revision (SHA) default: master - name: gitrepositoryurl description: The git repository url ("https://github.com/foo/bar.git") resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: generateName: github-pr-pipeline-run- spec: serviceAccountName: buildpacks-service-account # Only needed if you set up authorization pipelineRef: name: buildpacks-test-pipeline workspaces: - name: shared-workspace persistentvolumeclaim: claimName: buildpacks-source-pvc resources: - name: build-image resourceRef: name: buildpacks-app-image podTemplate: volumes: - name: buildpacks-cache persistentVolumeClaim: claimName: buildpacks-cache-pvc params: - name: imageurl value: $(tt.params.imageregistry):$(tt.params.gitcommitid) ``` ## Ingress 创建ingress.yaml 用来开放EventListener服务,供GitHub webhooks调用。 ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-resource annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - http: paths: - path: /hooks pathType: Exact backend: service: name: el-github-pr port: number: 8080 ``` ## 在Github上增加webhook 打开我们GitHub项目的`Setiings`->`Webhooks`,点击`Add Webhook`。 然后配置以下选项: - Playload URL:`external IP`和`path`,`path`是我们刚刚在Ingress中配置的。比如http://10.0.0.1/hooks - Content type: `application/json` - Secret: `1234567` ## 测试 做完以上工作我们就可以开始测试了。我们修改一下我们项目的源码,并push到GitHub仓库,查看我们集群内的PipelineRun任务,会有一个自动创建的名为`github-pr-pipeline-run-xxxx`的任务(名字由TriggerTemplate中定义),任务会自动拉取我们最新的代码,并将代码构建成镜像,用commit id作为镜像的tag上传到SWR。 参考链接: - https://www.arthurkoziel.com/tutorial-tekton-triggers-with-github-integration/ 打赏: 微信, 支付宝 标签: CICD 本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。本站myrat.top所有文章均为原创,转载请注明出处。
微信
支付宝