使用Tekton Trigger实现自动触发代码构建
前两篇代码构建镜像需要自己手动触发Tekton task,这节我们使用Tekton Trigger,当代码仓有修改时,自动触发代码的构建以及后续的一连串流程。
安装Tekton Trigger
# Tekton Triggers + Interceptors
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/interceptors.yaml
# 配置rbac
kubectl apply -f https://raw.githubusercontent.com/arthurk/tekton-triggers-example/master/01-rbac.yaml
EventListener
EventListener处理传入的请求,并执行Trigger。
创建eventlistener.yaml,里面定义了一个叫github-listener的Trigger,包含一个叫github的interceptors,接收的事件为push(事件的类型及格式可以参见GitHub文档),使用了一个叫github-interceptor-secret的secret,这个secret里有一个token,这个token会配置在GitHub的webhook中,当请求到达时,interceptors会做验证。最后绑定了一组binding和template。
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-pr
spec:
serviceAccountName: tekton-triggers-example-sa
triggers:
- name: github-listener
interceptors:
- ref:
name: "github"
params:
- name: "secretRef"
value:
secretName: github-interceptor-secret
secretKey: secretToken
- name: "eventTypes"
value: ["push"]
bindings:
- ref: github-pr-binding
template:
ref: github-pr-pipeline-template
Secret
创建secret.yaml
secretToken后面需要填到GitHub的webhooks中,到webhooks请求到来时需要做校验。
apiVersion: v1
kind: Secret
metadata:
name: github-interceptor-secret
type: Opaque
stringData:
secretToken: "1234567"
TriggerBinding
当EventListener接收并验证请求后,TriggerBinding会将请求中的参数提取出来供后面PipeLine使用。 创建triggerbinding.yaml,这里我们只要git push事件中的commit id,作为后面image的tag。
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-pr-binding
spec:
params:
- name: gitcommitid
value: $(body.commits[0].id)
这些参数会传递给TriggerTemplate。
TriggerTemplate
TriggerTemplate负责生成动态资源。
创建triggertemplate.yaml,这边我们生成PipelineRun,PipelineRun里我们会用到之前创建的Pipeline,buildpacks-test-pipeline。
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-pr-pipeline-template
spec:
params:
- name: gitcommitid
description: The git commit id
- name: imageregistry
default: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go-auto
- name: gitrevision
description: The git revision (SHA)
default: master
- name: gitrepositoryurl
description: The git repository url ("https://github.com/foo/bar.git")
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: github-pr-pipeline-run-
spec:
serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
pipelineRef:
name: buildpacks-test-pipeline
workspaces:
- name: shared-workspace
persistentvolumeclaim:
claimName: buildpacks-source-pvc
resources:
- name: build-image
resourceRef:
name: buildpacks-app-image
podTemplate:
volumes:
- name: buildpacks-cache
persistentVolumeClaim:
claimName: buildpacks-cache-pvc
params:
- name: imageurl
value: $(tt.params.imageregistry):$(tt.params.gitcommitid)
Ingress
创建ingress.yaml 用来开放EventListener服务,供GitHub webhooks调用。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-resource
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /hooks
pathType: Exact
backend:
service:
name: el-github-pr
port:
number: 8080
在Github上增加webhook
打开我们GitHub项目的Setiings->Webhooks,点击Add Webhook。
然后配置以下选项:
- Playload URL:
external IP和path,path是我们刚刚在Ingress中配置的。比如http://10.0.0.1/hooks - Content type:
application/json - Secret:
1234567
测试
做完以上工作我们就可以开始测试了。我们修改一下我们项目的源码,并push到GitHub仓库,查看我们集群内的PipelineRun任务,会有一个自动创建的名为github-pr-pipeline-run-xxxx的任务(名字由TriggerTemplate中定义),任务会自动拉取我们最新的代码,并将代码构建成镜像,用commit id作为镜像的tag上传到SWR。
参考链接:
