Personal blog original address

Use Tekton Trigger to implement automatic Trigger code building

In the first two articles, we need to manually Trigger the Tekton Task to build the code image. In this section, we use Tekton Trigger. When the code repository is modified, it automatically triggers the code construction and a series of subsequent processes.

Install Tekton Trigger

# Tekton Triggers + InterceptorsKubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/release.yaml kubectl apply - f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.13.0/interceptors.yaml# configuration of rbac
kubectl apply -f https://raw.githubusercontent.com/arthurk/tekton-triggers-example/master/01-rbac.yaml
Copy the code

EventListener

EventListener processes the incoming request and executes the Trigger. Create eventlistener.yaml, which defines a github-listener, contains a Github interceptors, and receives the event push (see the Github documentation for the event type and format). This secret contains a token, which is configured in the Github Webhook. When the request arrives, the interceptors will verify it. Finally, a set of binding and template are bound.

apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
  name: github-pr
spec:
  serviceAccountName: tekton-triggers-example-sa
  triggers:
    - name: github-listener
      interceptors:
        - ref:
            name: "github"
          params:
            - name: "secretRef"
              value:
                secretName: github-interceptor-secret
                secretKey: secretToken
            - name: "eventTypes"
              value: ["push"]
      bindings:
        - ref: github-pr-binding
      template:
        ref: github-pr-pipeline-template
Copy the code

Secret

After creating secret.yaml secretToken, you need to fill it in GitHub’s Webhooks. When the Webhooks request arrives, you need to check it.

apiVersion: v1
kind: Secret
metadata:
  name: github-interceptor-secret
type: Opaque
stringData:
  secretToken: "1234567"
Copy the code

TriggerBinding

When the EventListener receives and validates the request, the TriggerBinding extracts the parameters from the request for later use by PipeLine. Create triggerbinding. Yaml, where we just need the Commit ID from the Git push event as the tag for the image that follows.

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: github-pr-binding
spec:
  params:
    - name: gitcommitid
      value: $(body.commits[0].id)
Copy the code

These arguments are passed to TriggerTemplate.

TriggerTemplate

The TriggerTemplate is responsible for generating dynamic resources. Create triggerTemplate. Yaml, we create PipelineRun, and in PipelineRun we use the Pipeline we created earlier, buildpack-test-pipeline.

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: github-pr-pipeline-template
spec:
  params:
    - name: gitcommitid
      description: The git commit id
    - name: imageregistry
      default: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go-auto
    - name: gitrevision
      description: The git revision (SHA)
      default: master
    - name: gitrepositoryurl
      description: The git repository url ("https://github.com/foo/bar.git")
  resourcetemplates:
    - apiVersion: tekton.dev/v1beta1
      kind: PipelineRun
      metadata:
        generateName: github-pr-pipeline-run-
      spec:
        serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
        pipelineRef:
          name: buildpacks-test-pipeline
        workspaces:
        - name: shared-workspace
          persistentvolumeclaim:
            claimName: buildpacks-source-pvc
        resources:
        - name: build-image
          resourceRef:
            name: buildpacks-app-image
        podTemplate:
          volumes:
          - name: buildpacks-cache
            persistentVolumeClaim:
              claimName: buildpacks-cache-pvc
        params:
        - name: imageurl
          value: $(tt.params.imageregistry):$(tt.params.gitcommitid)
Copy the code

Ingress

Create ingress.yaml to open the EventListener service for GitHub webhooks to call.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-resource
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
    - http:
        paths:
          - path: /hooks
            pathType: Exact
            backend:
              service:
                name: el-github-pr
                port:
                  number: 8080
Copy the code

Add Webhooks to Github

Open Setiings->Webhooks for our GitHub project and click Add Webhooks. Then configure the following options:

  • Playload URL:external IPandpath.pathThat we just configured in the Ingress. Such ashttp://10.0.0.1/hooks
  • Content type: application/json
  • Secret: 1234567

test

With that done, we can start testing. We modify the source code of our project and push it to the GitHub repository. The PipelineRun task in our cluster will automatically create a task named github-pr-Pipeline-run-xxxx (the name defined in the TriggerTemplate). The task automatically pulls our latest code, builds it into a mirror, and uploads it to the SWR with the COMMIT ID as the mirror tag.

Reference links:

  • www.arthurkoziel.com/tutorial-te…