网站开发工具.晴天娃娃,wordpress采集微信公众号,图片识别地点的软件,食品购物网站建设上一篇为大家详细介绍了tekton - pipeline#xff0c;由于里面涉及到的概念比较多#xff0c;因此需要好好消化下。同样#xff0c;今天在特别为大家分享下tekton - Trigger以及案例演示#xff0c;希望可以给大家提供一种思路哈。 文章目录 1. Tekton Trigger2. 工作流程3…上一篇为大家详细介绍了tekton - pipeline由于里面涉及到的概念比较多因此需要好好消化下。同样今天在特别为大家分享下tekton - Trigger以及案例演示希望可以给大家提供一种思路哈。 文章目录 1. Tekton Trigger2. 工作流程3. 安装trigger和interceptors4. 案例案例: gitlab跳代码触发tektonstep1: 创建task - 拉取代码step2: 创建task - 构建代码step3: 创建task - 打包镜像step4: 创建pipelinestep5: 创建pipelinerunstep6: 创建事件监听器step7: 创建TriggerBinding文件step8: 创建TriggerTemplate模版文件step9: 创建sastep10: 创建gitlab webhook的信息step11: 创建RBACstep12: gitlab创建webhook 测试 1. Tekton Trigger
Trigger 组件就是用来解决这个触发问题的它可以从各种来源的事件中检测并提取需要信息然后根据这些信息来创建 TaskRun 和 PipelineRun还可以将提取出来的信息传递给它们以满足不同的运行要求。
Tekton Trigger中有6类对象分别是
EventListener事件监听器是外部事件的入口 通常需要通过HTTP方式暴露以便于外部事件推送比如配置Gitlab的Webhook。Trigger指定当 EventListener 检测到事件发生时会发生什么它会定义 TriggerBinding、TriggerTemplate 以及可选的 Interceptor。TriggerTemplate用于模板化资源根据传入的参数实例化 Tekton 对象资源比如 TaskRun、PipelineRun等。TriggerBinding用于捕获事件中的字段并将其存储为参数然后会将参数传递给 TriggerTemplate。ClusterTriggerBinding和 TriggerBinding 相似用于提取事件字段不过它是集群级别的对象。Interceptors拦截器在 TriggerBinding 之前运行用于负载过滤、验证、转换等处理只有通过拦截器的数据才会传递给TriggerBinding。
2. 工作流程 step1EventListener 用于监听外部事件具体触发方式为 http外部事件产生后被 EventListener 捕获然后进入处理过程。 step2首先会由 Interceptors 来进行处理如果有配置 interceptor 的话对负载过滤、验证、转换等处理类似与 http 中的 middleware。 step3Interceptors 处理完成后无效的事件就会被直接丢弃剩下的有效事件则交给 TriggerBinding 处理 step4TriggerBinding 实际上就是从事件内容中提取对应参数然后将参数传递给 TriggerTemplate。 step5TriggerTemplate 则根据预先定义的模版以及收到的参数创建 TaskRun 或者 PipelineRun 对象。 step6TaskRun 或者 PipelineRun 对象创建之后就会触发对应 task 或者 pipeline 运行整个流程就全自动了。
3. 安装trigger和interceptors
# install reigger
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
# install interceptors
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml# monitor
kubectl get pods --namespace tekton-pipelines --watch4. 案例
案例: gitlab跳代码触发tekton
step1: 创建task - 拉取代码
同pipeline案例2
step2: 创建task - 构建代码
同pipeline案例2
step3: 创建task - 打包镜像
task-package.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: package-2
spec:workspaces:- name: source # 名称params:- name: image_desttype: stringdefault: registry.ap-southeast-1.aliyuncs.com/my_image_repo- name: shatype: stringdefault: latest- name: DockerfilePathtype: stringdefault: Dockerfile- name: Contexttype: stringdefault: .- name: project_nametype: stringdefault: teststeps:- name: packageimage: docker:stableworkingDir: $(workspaces.source.path)script: |#/usr/bin/env shTag$(params.sha)tag${Tag:0:6}docker login registry.ap-southeast-1.aliyuncs.comdocker build -t $(params.image_dest)/$(params.project_name):${tag} -f $(params.DockerfilePath) $(params.Context)docker push $(params.image_dest)/$(params.project_name):${tag}volumeMounts:- name: dockersorckmountPath: /var/run/docker.sockvolumes:- name: dockersorckhostPath:path: /var/run/docker.sockstep4: 创建pipeline
pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: clone-build-push-2
spec:description: |This pipeline clones a git repo, builds a Docker image with Kaniko andpushes it to a registryparams:- name: repo-urltype: string- name: shatype: string- name: project_nametype: string- name: versiontype: stringworkspaces:- name: shared-datatasks:# 拉取代码- name: fetch-sourcetaskRef:name: git-cloneworkspaces:- name: outputworkspace: shared-dataparams:- name: urlvalue: $(params.repo-url)- name: revisionvalue: $(params.version)# 打包- name: build-codetaskRef:name: build-2workspaces:- name: sourceworkspace: shared-datarunAfter:- fetch-source# 构建并推送镜像- name: package-imagerunAfter: [build-code]taskRef:name: package-2workspaces:- name: sourceworkspace: shared-dataparams:- name: shavalue: $(params.sha)- name: project_namevalue: $(params.project_name)step5: 创建pipelinerun
pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:generateName: clone-build-push-run-#name: clone-build-push-run
spec:serviceAccountName: gitlab-sapipelineRef:name: clone-build-push-2podTemplate:securityContext:fsGroup: 65532workspaces:- name: shared-datavolumeClaimTemplate:spec:accessModes:- ReadWriteOnceresources:requests:storage: 128Miparams:- name: repo-urlvalue: gitjihulab.com:cs-test-group1/kxwang/test.git #https://jihulab.com/cs-test-group1/kxwang/test.git- name: shavalue: bchdsvhj12312312312241421
# - name: image_tag
# value: v2- name: versionvalue: refs/heads/master- name: project_namevalue: wkxstep6: 创建事件监听器
EventListener.yaml
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:name: gitlab-listener # 该事件监听器会创建一个名为el-gitlab-listener的Service对象namespace: default
spec:resources:kubernetesResource:serviceType: NodePortserviceAccountName: gitlab-satriggers:- name: gitlab-push-events-triggerinterceptors:- ref:name: gitlabparams:- name: secretRef # 引用 gitlab-secret 的 Secret 对象中的 secretToken 的值value:secretName: gitlab-webhooksecretKey: secretToken- name: eventTypesvalue:- Push Hook # 只接收 GitLab Push 事件bindings:- ref: pipeline-bindingtemplate:ref: pipeline-templatestep7: 创建TriggerBinding文件
TriggerBinding.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:name: pipeline-binding
spec:params:- name: repo-urlvalue: $(body.repository.git_ssh_url)- name: versionvalue: $(body.ref)- name: shavalue: $(body.checkout_sha)- name: project_namevalue: $(body.project.name)step8: 创建TriggerTemplate模版文件
TriggerTemplate.yaml
apiVersion: v1
kind: Secret
metadata:name: gitlab-webhook
type: Opaque
stringData:secretToken: 123456789
[rootVM-0-14-centos class-4]# cat TriggerTemplate.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:name: pipeline-template
spec:params:- name: sha- name: project_name- name: version- name: repo-urlresourcetemplates:- apiVersion: tekton.dev/v1beta1kind: PipelineRunmetadata:generateName: clone-build-push-run-spec:serviceAccountName: gitlab-sapipelineRef:name: clone-build-push-2params:- name: shavalue: $(tt.params.sha)- name: versionvalue: $(tt.params.version)- name: repo-urlvalue: $(tt.params.repo-url)- name: project_namevalue: $(tt.params.project_name)workspaces:- name: shared-datavolumeClaimTemplate:spec:accessModes:- ReadWriteOnceresources:requests:storage: 128Mistep9: 创建sa
gitlab-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: gitlab-sa
secrets:
- name: gitlab-auth
- name: gitlab-ssh
- name: docker-credentials
- name: gitlab-webhookstep10: 创建gitlab webhook的信息
secret-gitlab-webhook.yaml
apiVersion: v1
kind: Secret
metadata:name: gitlab-webhook
type: Opaque
stringData:secretToken: 123456789step11: 创建RBAC
rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: gitlab-sa
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: triggers-gitlab-clusterrole
rules:# Permissions for every EventListener deployment to function- apiGroups: [triggers.tekton.dev]resources: [eventlisteners, triggerbindings, triggertemplates,clustertriggerbindings, clusterinterceptors,interceptors,triggers]verbs: [get,list,watch]- apiGroups: []# secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorizationresources: [configmaps, secrets, serviceaccounts]verbs: [get, list, watch]# Permissions to create resources in associated TriggerTemplates- apiGroups: [tekton.dev]resources: [pipelineruns, pipelineresources, taskruns]verbs: [create]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: triggers-gitlab-clusterrolebinding
subjects:- kind: ServiceAccountname: gitlab-sanamespace: default
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: triggers-gitlab-clusterrolegitlab-sa.yamlstep12: gitlab创建webhook 测试
界面提交下code 创建issue验证拦截器规则
