上一篇为大家详细介绍了tekton - pipeline,由于里面涉及到的概念比较多,因此需要好好消化下。同样,今天在特别为大家分享下tekton - Trigger以及案例演示,希望可以给大家提供一种思路哈。
文章目录
- 1. Tekton Trigger
- 2. 工作流程
- 3. 安装trigger和interceptors
- 4. 案例
- 案例: gitlab跳代码触发tekton
- step1: 创建task - 拉取代码
- step2: 创建task - 构建代码
- step3: 创建task - 打包镜像
- step4: 创建pipeline
- step5: 创建pipelinerun
- step6: 创建事件监听器
- step7: 创建TriggerBinding文件
- step8: 创建TriggerTemplate模版文件
- step9: 创建sa
- step10: 创建gitlab webhook的信息
- step11: 创建RBAC
- step12: gitlab创建webhook
- 测试
1. Tekton Trigger
Trigger 组件就是用来解决这个触发问题的,它可以从各种来源的事件中检测并提取需要信息,然后根据这些信息来创建 TaskRun 和 PipelineRun,还可以将提取出来的信息传递给它们以满足不同的运行要求。
Tekton Trigger中有6类对象,分别是:
- EventListener:事件监听器,是外部事件的入口 ,通常需要通过HTTP方式暴露,以便于外部事件推送,比如配置Gitlab的Webhook。
- Trigger:指定当 EventListener 检测到事件发生时会发生什么,它会定义 TriggerBinding、TriggerTemplate 以及可选的 Interceptor。
- TriggerTemplate:用于模板化资源,根据传入的参数实例化 Tekton 对象资源,比如 TaskRun、PipelineRun等。
- TriggerBinding:用于捕获事件中的字段并将其存储为参数,然后会将参数传递给 TriggerTemplate。
- ClusterTriggerBinding:和 TriggerBinding 相似,用于提取事件字段,不过它是集群级别的对象。
- Interceptors:拦截器,在 TriggerBinding 之前运行,用于负载过滤、验证、转换等处理,只有通过拦截器的数据才会传递给TriggerBinding。
2. 工作流程
-
step1:EventListener 用于监听外部事件(具体触发方式为 http),外部事件产生后被 EventListener 捕获,然后进入处理过程。
-
step2:首先会由 Interceptors 来进行处理(如果有配置 interceptor 的话),对负载过滤、验证、转换等处理,类似与 http 中的 middleware。
-
step3:Interceptors 处理完成后无效的事件就会被直接丢弃,剩下的有效事件则交给 TriggerBinding 处理,
-
step4:TriggerBinding 实际上就是从事件内容中提取对应参数,然后将参数传递给 TriggerTemplate。
-
step5:TriggerTemplate 则根据预先定义的模版以及收到的参数创建 TaskRun 或者 PipelineRun 对象。
-
step6:TaskRun 或者 PipelineRun 对象创建之后就会触发对应 task 或者 pipeline 运行,整个流程就全自动了。
3. 安装trigger和interceptors
# install reigger
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
# install interceptors
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
# monitor
kubectl get pods --namespace tekton-pipelines --watch
4. 案例
案例: gitlab跳代码触发tekton
step1: 创建task - 拉取代码
同pipeline案例2
step2: 创建task - 构建代码
同pipeline案例2
step3: 创建task - 打包镜像
task-package.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: package-2
spec:workspaces:- name: source # 名称params:- name: image_desttype: stringdefault: "registry.ap-southeast-1.aliyuncs.com/my_image_repo"- name: shatype: stringdefault: "latest"- name: DockerfilePathtype: stringdefault: Dockerfile- name: Contexttype: stringdefault: .- name: project_nametype: stringdefault: "test"steps:- name: packageimage: docker:stableworkingDir: $(workspaces.source.path)script: |#/usr/bin/env shTag=$(params.sha)tag=${Tag:0:6}docker login registry.ap-southeast-1.aliyuncs.comdocker build -t $(params.image_dest)/$(params.project_name):${tag} -f $(params.DockerfilePath) $(params.Context)docker push $(params.image_dest)/$(params.project_name):${tag}volumeMounts:- name: dockersorckmountPath: /var/run/docker.sockvolumes:- name: dockersorckhostPath:path: /var/run/docker.sock
step4: 创建pipeline
pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: clone-build-push-2
spec:description: |This pipeline clones a git repo, builds a Docker image with Kaniko andpushes it to a registryparams:- name: repo-urltype: string- name: shatype: string- name: project_nametype: string- name: versiontype: stringworkspaces:- name: shared-datatasks:# 拉取代码- name: fetch-sourcetaskRef:name: git-cloneworkspaces:- name: outputworkspace: shared-dataparams:- name: urlvalue: $(params.repo-url)- name: revisionvalue: $(params.version)# 打包- name: build-codetaskRef:name: build-2workspaces:- name: sourceworkspace: shared-datarunAfter:- fetch-source# 构建并推送镜像- name: package-imagerunAfter: ["build-code"]taskRef:name: package-2workspaces:- name: sourceworkspace: shared-dataparams:- name: shavalue: $(params.sha)- name: project_namevalue: $(params.project_name)
step5: 创建pipelinerun
pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:generateName: clone-build-push-run-#name: clone-build-push-run
spec:serviceAccountName: gitlab-sapipelineRef:name: clone-build-push-2podTemplate:securityContext:fsGroup: 65532workspaces:- name: shared-datavolumeClaimTemplate:spec:accessModes:- ReadWriteOnceresources:requests:storage: 128Miparams:- name: repo-urlvalue: git@jihulab.com:cs-test-group1/kxwang/test.git #https://jihulab.com/cs-test-group1/kxwang/test.git- name: shavalue: bchdsvhj12312312312241421
# - name: image_tag
# value: v2- name: versionvalue: refs/heads/master- name: project_namevalue: wkx
step6: 创建事件监听器
EventListener.yaml
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:name: gitlab-listener # 该事件监听器会创建一个名为el-gitlab-listener的Service对象namespace: default
spec:resources:kubernetesResource:serviceType: NodePortserviceAccountName: gitlab-satriggers:- name: gitlab-push-events-triggerinterceptors:- ref:name: gitlabparams:- name: secretRef # 引用 gitlab-secret 的 Secret 对象中的 secretToken 的值value:secretName: gitlab-webhooksecretKey: secretToken- name: eventTypesvalue:- Push Hook # 只接收 GitLab Push 事件bindings:- ref: pipeline-bindingtemplate:ref: pipeline-template
step7: 创建TriggerBinding文件
TriggerBinding.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:name: pipeline-binding
spec:params:- name: repo-urlvalue: $(body.repository.git_ssh_url)- name: versionvalue: $(body.ref)- name: shavalue: $(body.checkout_sha)- name: project_namevalue: $(body.project.name)
step8: 创建TriggerTemplate模版文件
TriggerTemplate.yaml
apiVersion: v1
kind: Secret
metadata:name: gitlab-webhook
type: Opaque
stringData:secretToken: '123456789'
[root@VM-0-14-centos class-4]# cat TriggerTemplate.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:name: pipeline-template
spec:params:- name: sha- name: project_name- name: version- name: repo-urlresourcetemplates:- apiVersion: tekton.dev/v1beta1kind: PipelineRunmetadata:generateName: clone-build-push-run-spec:serviceAccountName: gitlab-sapipelineRef:name: clone-build-push-2params:- name: shavalue: $(tt.params.sha)- name: versionvalue: $(tt.params.version)- name: repo-urlvalue: $(tt.params.repo-url)- name: project_namevalue: $(tt.params.project_name)workspaces:- name: shared-datavolumeClaimTemplate:spec:accessModes:- ReadWriteOnceresources:requests:storage: 128Mi
step9: 创建sa
gitlab-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: gitlab-sa
secrets:
- name: gitlab-auth
- name: gitlab-ssh
- name: docker-credentials
- name: gitlab-webhook
step10: 创建gitlab webhook的信息
secret-gitlab-webhook.yaml
apiVersion: v1
kind: Secret
metadata:name: gitlab-webhook
type: Opaque
stringData:secretToken: '123456789'
step11: 创建RBAC
rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: gitlab-sa
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: triggers-gitlab-clusterrole
rules:# Permissions for every EventListener deployment to function- apiGroups: ["triggers.tekton.dev"]resources: ["eventlisteners", "triggerbindings", "triggertemplates","clustertriggerbindings", "clusterinterceptors","interceptors","triggers"]verbs: ["get","list","watch"]- apiGroups: [""]# secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorizationresources: ["configmaps", "secrets", "serviceaccounts"]verbs: ["get", "list", "watch"]# Permissions to create resources in associated TriggerTemplates- apiGroups: ["tekton.dev"]resources: ["pipelineruns", "pipelineresources", "taskruns"]verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: triggers-gitlab-clusterrolebinding
subjects:- kind: ServiceAccountname: gitlab-sanamespace: default
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: triggers-gitlab-clusterrolegitlab-sa.yaml
step12: gitlab创建webhook
测试
界面提交下code
创建issue,验证拦截器规则
