我的博客原文地址nginx

使用Tekton Trigger实现自动触发代码构建

前两篇代码构建镜像须要本身手动触发Tekton task，这节咱们使用Tekton Trigger，当代码仓有修改时，自动触发代码的构建以及后续的一连串流程。git

安装Tekton Trigger

# Tekton Triggers + Interceptors
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/interceptors.yaml

# 配置rbac
kubectl apply -f https://raw.githubusercontent.com/arthurk/tekton-triggers-example/master/01-rbac.yaml
复制代码

EventListener

EventListener处理传入的请求，并执行Trigger。建立eventlistener.yaml，里面定义了一个叫github-listener的Trigger，包含一个叫github的interceptors，接收的事件为push（事件的类型及格式能够参见GitHub文档），使用了一个叫github-interceptor-secret的secret，这个secret里有一个token，这个token会配置在GitHub的webhook中，当请求到达时，interceptors会作验证。最后绑定了一组binding和template。github

apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
  name: github-pr
spec:
  serviceAccountName: tekton-triggers-example-sa
  triggers:
    - name: github-listener
      interceptors:
        - ref:
            name: "github"
          params:
            - name: "secretRef"
              value:
                secretName: github-interceptor-secret
                secretKey: secretToken
            - name: "eventTypes"
              value: ["push"]
      bindings:
        - ref: github-pr-binding
      template:
        ref: github-pr-pipeline-template
复制代码

Secret

建立secret.yaml secretToken后面须要填到GitHub的webhooks中，到webhooks请求到来时须要作校验。web

apiVersion: v1
kind: Secret
metadata:
  name: github-interceptor-secret
type: Opaque
stringData:
  secretToken: "1234567"
复制代码

TriggerBinding

当EventListener接收并验证请求后，TriggerBinding会将请求中的参数提取出来供后面PipeLine使用。建立triggerbinding.yaml，这里咱们只要git push事件中的commit id，做为后面image的tag。json

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: github-pr-binding
spec:
  params:
    - name: gitcommitid
      value: $(body.commits[0].id)
复制代码

这些参数会传递给TriggerTemplate。api

TriggerTemplate

TriggerTemplate负责生成动态资源。建立triggertemplate.yaml，这边咱们生成PipelineRun，PipelineRun里咱们会用到以前建立的Pipeline，buildpacks-test-pipeline。bash

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: github-pr-pipeline-template
spec:
  params:
    - name: gitcommitid
      description: The git commit id
    - name: imageregistry
      default: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go-auto
    - name: gitrevision
      description: The git revision (SHA)
      default: master
    - name: gitrepositoryurl
      description: The git repository url ("https://github.com/foo/bar.git")
  resourcetemplates:
    - apiVersion: tekton.dev/v1beta1
      kind: PipelineRun
      metadata:
        generateName: github-pr-pipeline-run-
      spec:
        serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
        pipelineRef:
          name: buildpacks-test-pipeline
        workspaces:
        - name: shared-workspace
          persistentvolumeclaim:
            claimName: buildpacks-source-pvc
        resources:
        - name: build-image
          resourceRef:
            name: buildpacks-app-image
        podTemplate:
          volumes:
          - name: buildpacks-cache
            persistentVolumeClaim:
              claimName: buildpacks-cache-pvc
        params:
        - name: imageurl
          value: $(tt.params.imageregistry):$(tt.params.gitcommitid)
复制代码

Ingress

建立ingress.yaml 用来开放EventListener服务，供GitHub webhooks调用。markdown

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-resource
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
    - http:
        paths:
          - path: /hooks
            pathType: Exact
            backend:
              service:
                name: el-github-pr
                port:
                  number: 8080
复制代码

在Github上增长webhook

打开咱们GitHub项目的Setiings->Webhooks，点击Add Webhook。而后配置如下选项：app

Playload URL：external IP和path，path是咱们刚刚在Ingress中配置的。好比http://10.0.0.1/hooks
Content type: application/json
Secret: 1234567

测试

作完以上工做咱们就能够开始测试了。咱们修改一下咱们项目的源码，并push到GitHub仓库，查看咱们集群内的PipelineRun任务，会有一个自动建立的名为github-pr-pipeline-run-xxxx的任务（名字由TriggerTemplate中定义），任务会自动拉取咱们最新的代码，并将代码构建成镜像，用commit id做为镜像的tag上传到SWR。oop

参考连接：

www.arthurkoziel.com/tutorial-te…

基于tekton和argocd的CICD实现（3/4）