beppe/cicdTest
1
0
Fork 0
mirror of https://github.com/bvanroll/cicdTest.git synced 2025-08-29 20:12:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

webhooks via webgui config, want dees is veel te ingewikkeld via yamls

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2020-03-05 14:15:31 +01:00
parent c6cdfba1be
commit 28f5fcb9e1
22 changed files with 360 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy.yaml
View File

@@ -107,7 +107,7 @@ spec:
spec: spec:
containers: containers:
- name: front-end - name: front-end
image: beppev/server-d:latest image: beppev/server-d:master
ports: ports:
- containerPort: 6000 - containerPort: 6000
--- ---

50
manifests/full-pipeline.yaml
View File

@@ -109,14 +109,15 @@ spec:
command: command:
- /kaniko/executor - /kaniko/executor
args: args:
- "--dockerfile=$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/dockerfile" - "--dockerfile=$(inputs.resources.git-source.path)/$(inputs.params.context)/dockerfile"
- "--destination=beppev/$(inputs.params.image-name):$(inputs.params.version)" - "--destination=beppev/$(inputs.params.image-name):$(inputs.params.version)"
- "--context=$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/" - "--context=$(inputs.resources.git-source.path)/$(inputs.params.context)/"
--- ---
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: Task kind: Task
metadata: metadata:
name: deploy-application name: destroy-application
namespace: tekton-pipeline-istio-project-1
spec: spec:
inputs: inputs:
resources: resources:
@@ -130,6 +131,18 @@ spec:
- "delete" - "delete"
- "-f" - "-f"
- "$(inputs.resources.git-source.path)/deploy.yaml" - "$(inputs.resources.git-source.path)/deploy.yaml"
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: deploy-application
namespace: tekton-pipeline-istio-project-1
spec:
inputs:
resources:
- name: git-source
type: git
steps:
- name: deploy-new-app - name: deploy-new-app
image: lachlanevenson/k8s-kubectl image: lachlanevenson/k8s-kubectl
command: ["kubectl"] command: ["kubectl"]
@@ -150,6 +163,13 @@ spec:
- name: git-experimental - name: git-experimental
type: git type: git
tasks: tasks:
- name: destroy-application #@TODO make it so that the delete can be skipped if error
taskRef:
name: destroy-application
resources:
inputs:
- name: git-source
resource: git-master
- name: build-and-push-a - name: build-and-push-a
taskRef: taskRef:
name: build-and-push name: build-and-push
@@ -167,8 +187,6 @@ spec:
- name: build-and-push-b-stable - name: build-and-push-b-stable
taskRef: taskRef:
name: build-and-push name: build-and-push
runAfter:
- build-and-push-a
params: params:
- name: context - name: context
value: "serverB" value: "serverB"
@@ -183,8 +201,6 @@ spec:
- name: build-and-push-b-experimental - name: build-and-push-b-experimental
taskRef: taskRef:
name: build-and-push name: build-and-push
runAfter:
- build-and-push-b
params: params:
- name: context - name: context
value: "serverB" value: "serverB"
@@ -199,28 +215,28 @@ spec:
- name: build-and-push-d - name: build-and-push-d
taskRef: taskRef:
name: build-and-push name: build-and-push
runAfter:
- build-and-push-b-experimental
params: params:
- name: pathToContext - name: context
value: "serverD" value: "serverD"
- name: imageUrl - name: image-name
value: "server-d" value: "server-d"
- name: version
value: "master"
resources: resources:
inputs: inputs:
- name: git-source - name: git-source
resource: git-master resource: git-master
- name: deploy-application - name: deploy-application #@TODO make it so that the delete can be skipped if error
taskRef: taskRef:
name: deploy-application name: deploy-application
runAfter: runAfter:
- build-and-push-d - build-and-push-d
params: - build-and-push-b-experimental
- name: pathToContext - build-and-push-a
value: "." - build-and-push-b-stable
- name: pathToYamlFile - destroy-application
value: "deploy.yaml"
resources: resources:
inputs: inputs:
- name: git-source - name: git-source
resource: git-master resource: git-master
# DO NOT FORGET TO SET REGCREDS FOR DOCKER

60
manifests/github-trigger-setup.yaml Normal file
View File

@@ -0,0 +1,60 @@
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: github-trigger-binding
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
value: $(body.pull_request.head.sha)
- name: gitrepositoryurl
value: $(body.pull_request.head.repo.clone_url)
- name: prurl
value: $(body.pull_request.html_url)
- name: repo
value: $(body.pull_request.base.repo.full_name)
- name: source
value: github
---
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: github-trigger-template
namespace: tekton-pipeline-istio-project-1
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec:
serviceAccountName: service-acc
pipelineRef:
name: application-pipeline
resources:
- name: git-master
resourceRef:
name: git-master
- name: git-experimental
resourceRef:
name: git-experimental
---
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: github-event-listener
spec:
serviceAccountName: service-acc
triggers:
- binding:
name: github-trigger-binding
template:
name: github-trigger-template

93
manifests/github-webhook-setup.yaml Normal file
View File

@@ -0,0 +1,93 @@
# MAKE SURE TO SET UP SECRETS.YAML BEFORE EXAMPLE:
#
# this sets up webhooks for github. you can also do this manually in web gui
#
#
#
# apiVersion: v1
# kind: Secret
# metadata:
# name: webhook-secret
# namespace: tekton-pipeline-istio-project-1
# stringData:
# token: GITHUBTOKEN
# secret: random-string-data
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-webhook
namespace: tekton-pipeline-istio-project-1
spec:
volumes:
- name: github-secret
secret:
secretName: $(inputs.params.GitHubSecretName)
inputs:
params:
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
- name: GitHubUser
description: "The GitHub user"
- name: GitHubRepo
description: "The GitHub repo where the webhook will be created"
- name: GitHubOrg
description: "The GitHub organization where the webhook will be created"
- name: GitHubSecretName
description: "The Secret name for GitHub access token. This is always mounted and must exist"
- name: GitHubAccessTokenKey
description: "The GitHub access token key name"
- name: GitHubSecretStringKey
description: "The GitHub secret string key name"
- name: GitHubDomain
description: "The GitHub domain. Override for GitHub Enterprise"
default: "github.com"
- name: WebhookEvents
description: "List of events the webhook will send notifications for"
default: '[\"push\",\"pull_request\"]'
steps:
- name: create-webhook
image: pstauffer/curl:latest
volumeMounts:
- name: github-secret
mountPath: /var/secret
command:
- sh
args:
- -ce
- |
set -e
echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-repo-webhook
namespace: tekton-pipeline-istio-project-1
spec:
taskRef:
name: create-webhook
inputs:
params:
- name: GitHubOrg
value: "beppevanrolleghem"
- name: GitHubUser
value: "beppevanrolleghem"
- name: GitHubRepo
value: "cicdTest"
- name: GitHubSecretName
value: webhook-secret
- name: GitHubAccessTokenKey
value: token
- name: GitHubSecretStringKey
value: secret
- name: ExternalDomain
value: 35.233.93.220
timeout: 1000s
serviceAccount: service-acc

8
manifests/pipeline-run.yaml
View File

@@ -8,7 +8,9 @@ spec:
pipelineRef: pipelineRef:
name: application-pipeline name: application-pipeline
resources: resources:
- name: git-source - name: git-master
resourceRef: resourceRef:
name: git name: git-master
- name: git-experimental
resourceRef:
name: git-experimental

121
manifests/pipeline/pipeline.yaml
View File

@@ -2,111 +2,82 @@ apiVersion: tekton.dev/v1alpha1
kind: Pipeline kind: Pipeline
metadata: metadata:
name: application-pipeline name: application-pipeline
namespace: tekton-pipeline-istio-project-1
spec: spec:
resources: resources:
- name: git-source - name: git-master
type: git
- name: git-experimental
type: git type: git
params:
- name: pathToYamlFile
description: path to deploy.yaml for final application deploy
default: config.yaml
- name: pathToContext
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: imageUrl-a
description: Url of image repository a
default: deploy_target
- name: imageTag-a
description: Tag to apply to the built image a
default: latest
- name: pathToContext-a
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: imageUrl-b
description: Url of image repository
default: deploy_target
- name: imageTag-b
description: Tag to apply to the built image
default: latest
- name: pathToContext-b
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: imageUrl-c
description: Url of image repository
default: deploy_target
- name: imageTag-c
description: Tag to apply to the built image
default: latest
- name: pathToContext-c
description: The path to the build context, used by Kaniko - within the workspace
default: .
tasks: tasks:
- name: build-and-push-a - name: build-and-push-a
taskRef: taskRef:
name: build-and-push name: build-and-push
params: params:
- name: pathToContext - name: context
value: "$(params.pathToContext-a)" value: "serverA"
- name: imageUrl - name: image-name
value: "$(params.imageUrl-a)" value: "server-a"
- name: imageTag - name: version
value: "$(params.imageTag-a)" value: "master"
resources: resources:
inputs: inputs:
- name: git-source - name: git-source
resource: git-source resource: git-master
- name: build-and-push-b - name: build-and-push-b-stable
taskRef: taskRef:
name: build-and-push name: build-and-push
runAfter: runAfter:
- build-and-push-a - build-and-push-a
params: params:
- name: pathToContext - name: context
value: "$(params.pathToContext-b)" value: "serverB"
- name: imageUrl - name: image-name
value: "$(params.imageUrl-b)" value: "server-b"
- name: imageTag - name: version
value: "$(params.imageTag-b)" value: "master"
resources: resources:
inputs: inputs:
- name: git-source - name: git-source
resource: git-source resource: git-master
- name: build-and-push-c - name: build-and-push-b-experimental
taskRef: taskRef:
name: build-and-push name: build-and-push
runAfter: runAfter:
- build-and-push-b - build-and-push-b-stable
params: params:
- name: pathToContext - name: context
value: "$(params.pathToContext-c)" value: "serverB"
- name: imageUrl - name: image-name
value: "$(params.imageUrl-c)" value: "server-b"
- name: imageTag - name: version
value: "$(params.imageTag-c)" value: "experimental"
resources: resources:
inputs: inputs:
- name: git-source - name: git-source
resource: git-source resource: git-experimental
- name: build-and-push-d
taskRef:
name: build-and-push
runAfter:
- build-and-push-b-experimental
params:
- name: context
value: "serverD"
- name: image-name
value: "server-d"
- name: version
value: "master"
resources:
inputs:
- name: git-source
resource: git-master
- name: deploy-application - name: deploy-application
taskRef: taskRef:
name: deploy-application name: deploy-application
runAfter: runAfter:
- build-and-push-c - build-and-push-d
params:
- name: pathToContext
value: "."
- name: pathToYamlFile
value: "deploy.yaml"
- name: imageUrl-a
value: "$(params.imageUrl-a)"
- name: imageTag-a
value: "$(params.imageTag-a)"
- name: imageUrl-b
value: "$(params.imageUrl-b)"
- name: imageTag-b
value: "$(params.imageTag-b)"
resources: resources:
inputs: inputs:
- name: git-source - name: git-source
resource: git-source resource: git-master

34
manifests/pipeline/pipelineRun.yaml
View File

@@ -2,35 +2,15 @@ apiVersion: tekton.dev/v1alpha1
kind: PipelineRun kind: PipelineRun
metadata: metadata:
name: application-pipeline-run name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec: spec:
serviceAccountName: tutorial-service serviceAccountName: service-acc
pipelineRef: pipelineRef:
name: application-pipeline name: application-pipeline
resources: resources:
- name: git-source - name: git-master
resourceRef: resourceRef:
name: git name: git-master
params: - name: git-experimental
- name: pathToYamlFile resourceRef:
value: "deploy.yaml" name: git-experimental
- name: pathToContext
value: "."
- name: imageUrl-a
value: "server-a"
- name: imageTag-a
value: "latest"
- name: pathToContext-a
value: "./serverA"
- name: imageUrl-b
value: "server-b"
- name: imageTag-b
value: "latest"
- name: pathToContext-b
value: "./serverB"
- name: imageUrl-c
value: "server-c"
- name: imageTag-c
value: "latest"
- name: pathToContext-c
value: "./serverC"

13
manifests/resources/cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: allow-creation-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: allow-creation
subjects:
- kind: ServiceAccount
name: service-acc
namespace: tekton-pipeline-istio-project-1

29
manifests/resources/cluster-role.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-creation
rules:
- apiGroups:
- ""
- "apps"
- "deploy"
- "networking.istio.io"
resources:
- pods
- serviceaccounts
- namespaces
- services
- deployments
- deployments.apps
- destinationrules
- gateways
- virtualservices
verbs:
- list
- watch
- get
- create
- update
- patch
- delete

7
manifests/triggers/webhook-run.yaml → manifests/resources/create-repo-webhook.yaml
View File

@@ -1,7 +1,10 @@
---
# https://medium.com/@nikhilthomas1/cloud-native-cicd-on-openshift-with-openshift-pipelines-tektoncd-pipelines-part-3-github-1db6dd8e8ca7
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: TaskRun kind: TaskRun
metadata: metadata:
name: create-webhook-run name: create-repo-webhook
namespace: tekton-pipeline-istio-project-1
spec: spec:
taskRef: taskRef:
name: create-webhook name: create-webhook
@@ -22,4 +25,4 @@ spec:
- name: ExternalDomain - name: ExternalDomain
value: 35.233.93.220 value: 35.233.93.220
timeout: 1000s timeout: 1000s
serviceAccountName: tekton-triggers-createwebhook serviceAccount: tekton-triggers-createwebhook

6
manifests/triggers/create-webhook.yaml → manifests/resources/create-webhook.yaml
View File

@@ -1,7 +1,9 @@
---
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: Task kind: Task
metadata: metadata:
name: create-webhook name: create-webhook
namespace: tekton-pipeline-istio-project-1
spec: spec:
volumes: volumes:
- name: github-secret - name: github-secret
@@ -43,7 +45,7 @@ spec:
set -e set -e
echo "Create Webhook" echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi fi

15
manifests/resources/git.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: PipelineResource kind: PipelineResource
metadata: metadata:
name: git name: git-master
namespace: tekton-pipeline-istio-project-1 namespace: tekton-pipeline-istio-project-1
spec: spec:
type: git type: git
@@ -11,3 +11,16 @@ spec:
value: master value: master
- name: url - name: url
value: git://github.com/beppevanrolleghem/cicdTest value: git://github.com/beppevanrolleghem/cicdTest
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-experimental
namespace: tekton-pipeline-istio-project-1
spec:
type: git
params:
- name: revision
value: experimental
- name: url
value: git://github.com/beppevanrolleghem/cicdTest

3
manifests/pipeline/serviceAcc.yaml → manifests/resources/service-account.yaml
View File

@@ -2,6 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: tutorial-service name: service-acc
namespace: tekton-pipeline-istio-project-1
secrets: secrets:
- name: regcred - name: regcred

20
manifests/tasks/build-and-push.yaml
View File

@@ -3,22 +3,20 @@ apiVersion: tekton.dev/v1alpha1
kind: Task kind: Task
metadata: metadata:
name: build-and-push name: build-and-push
namespace: tekton-pipeline-istio-project-1
spec: spec:
inputs: inputs:
resources: resources:
- name: git-source - name: git-source
type: git type: git
params: params:
- name: pathToContext - name: context
description: The path to the build context, used by Kaniko - within the workspace description: The path to the build context, used by Kaniko - within the workspace
default: . default: .
- name: pathToDockerfile - name: image-name
description: The path to the dockerfile to build description: dockerhub url
default: Dockerfile - name: version
- name: imageUrl description: image-version (for instance latest or beta)
description: value should be like - us.icr.io/test_namespace/builtImageApp
- name: imageTag
description: Tag to apply to the built image
steps: steps:
- name: build-and-push - name: build-and-push
image: gcr.io/kaniko-project/executor image: gcr.io/kaniko-project/executor
@@ -28,6 +26,6 @@ spec:
command: command:
- /kaniko/executor - /kaniko/executor
args: args:
- "--dockerfile=dockerfile" - "--dockerfile=$(inputs.resources.git-source.path)/$(inputs.params.context)/dockerfile"
- "--destination=beppev/$(inputs.params.imageUrl):$(inputs.params.imageTag)" - "--destination=beppev/$(inputs.params.image-name):$(inputs.params.version)"
- "--context=$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/" - "--context=$(inputs.resources.git-source.path)/$(inputs.params.context)/"

43
manifests/tasks/deploy-application.yaml
View File

@@ -3,48 +3,21 @@ apiVersion: tekton.dev/v1alpha1
kind: Task kind: Task
metadata: metadata:
name: deploy-application name: deploy-application
namespace: tekton-pipeline-istio-project-1
spec: spec:
inputs: inputs:
resources: resources:
- name: git-source - name: git-source
type: git type: git
params:
- name: pathToContext
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: pathToYamlFile
description: The path to the yaml file to deploy within the git source
default: deploy.yaml
- name: imageUrl-a
description: Url of image repository
default: url
- name: imageTag-a
description: Tag of the images to be used.
default: "latest"
- name: imageUrl-b
description: Url of image repository
default: url
- name: imageTag-b
description: Tag of the images to be used.
default: "latest"
steps: steps:
- name: replace-imagea - name: delete-old-deployment
image: alpine image: lachlanevenson/k8s-kubectl
command: ["sed"] command: ["kubectl"]
args: args:
- "-i" - "delete"
- "-e" - "-f"
- "s;IMAGE-A;$(inputs.params.imageUrl-a):$(inputs.params.imageTag-a);g" - "$(inputs.resources.git-source.path)/deploy.yaml"
- "$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/$(inputs.params.pathToYamlFile)" - name: deploy-new-app
- name: replace-imageb
image: alpine
command: ["sed"]
args:
- "-i"
- "-e"
- "s;IMAGE-b;$(inputs.params.imageUrl-b):$(inputs.params.imageTag-b);g"
- "$(inputs.resources.git-source.path)/$(inputs.params.pathToContext)/$(inputs.params.pathToYamlFile)"
- name: deploy-app
image: lachlanevenson/k8s-kubectl image: lachlanevenson/k8s-kubectl
command: ["kubectl"] command: ["kubectl"]
args: args:

20
manifests/tasks/test-run.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: test-run
spec:
serviceAccountName: tutorial-service
taskRef:
name: build-and-push
inputs:
resources:
- name: git-source
resourceRef:
name: git
params:
- name: pathToContext
value: /serverA/ #configure: may change according to your source
- name: imageUrl
value: "server-a"
- name: imageTag
value: "latest"

23
manifests/triggers/create-ingress-run.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-ingress-run
spec:
taskRef:
name: create-ingress
inputs:
params:
- name: CreateCertificate
value: "true"
- name: CertificateKeyPassphrase
value: asecretphrase
- name: CertificateSecretName
value: ingresssecret
- name: ExternalDomain
value: 35.233.93.220
- name: Service
value: getting-started
- name: ServicePort
value: "443"
timeout: 1000s
serviceAccountName: tekton-triggers-createwebhook

120
manifests/triggers/create-ingress.yaml
View File

@@ -1,120 +0,0 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-ingress
spec:
volumes:
- name: work
emptyDir: {}
inputs:
params:
- name: CreateCertificate
description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
default: "true"
- name: CertificateKeyPassphrase
description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
- name: CertificateSecretName
description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
- name: Service
description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
- name: ServicePort
description: "The service port that the ingress is being created on"
- name: ServiceUID
description: "The uid of the service. If set, this creates an owner reference on the service"
default: ""
steps:
- name: generate-certificate
image: frapsoft/openssl
volumeMounts:
- name: work
mountPath: /var/tmp/work
command:
- sh
args:
- -ce
- |
set -e
cat <<EOF | sh
#!/bin/sh
if [ $(inputs.params.CreateCertificate) = "false" ];then
exit 0
fi
mkdir /var/tmp/work/ingress
openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
EOF
- name: create-certificate-secret
image: lachlanevenson/k8s-kubectl:latest
volumeMounts:
- name: work
mountPath: /var/tmp/work
command:
- sh
args:
- -ce
- |
set -e
cat <<EOF | sh
#!/bin/sh
if [ $(inputs.params.CreateCertificate) = "false" ];then
exit 0
fi
kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
EOF
- name: create-ingress
image: lachlanevenson/k8s-kubectl:latest
command:
- sh
args:
- -ce
- |
set -e
if [ -n "$(inputs.params.ServiceUID)" ];then
cat <<EOF | kubectl create -f - || true
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: $(inputs.params.Service)
ownerReferences:
- name: $(inputs.params.Service)
apiVersion: v1
kind: Service
uid: $(inputs.params.ServiceUID)
spec:
tls:
- secretName: $(inputs.params.CertificateSecretName)
hosts:
- $(inputs.params.ExternalDomain)
rules:
- host: $(inputs.params.ExternalDomain)
http:
paths:
- backend:
serviceName: $(inputs.params.Service)
servicePort: $(inputs.params.ServicePort)
EOF
else
cat <<EOF | kubectl create -f - || true
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: $(inputs.params.Service)
spec:
tls:
- secretName: $(inputs.params.CertificateSecretName)
hosts:
- $(inputs.params.ExternalDomain)
rules:
- host: $(inputs.params.ExternalDomain)
http:
paths:
- backend:
serviceName: $(inputs.params.Service)
servicePort: $(inputs.params.ServicePort)
EOF
fi

13
manifests/triggers/event-listener.yaml
View File

@@ -1,11 +1,12 @@
---
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: EventListener kind: EventListener
metadata: metadata:
name: event-listener name: github-event-listener
spec: spec:
serviceAccountName: tutorial-service serviceAccountName: service-acc
triggers: triggers:
- bindings: - binding:
- name: pipeline-binding name: github-trigger-binding
template: template:
name: trigger-template name: github-trigger-template

52
manifests/triggers/service-account-triggers.yaml
View File

@@ -1,52 +0,0 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-createwebhook
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- tekton.dev
resources:
- eventlisteners
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- delete
- update
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-createwebhook
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-createwebhook
subjects:
- kind: ServiceAccount
name: tekton-triggers-createwebhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-createwebhook

18
manifests/triggers/trigger-binding.yaml
View File

@@ -1,10 +1,18 @@
---
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding kind: TriggerBinding
metadata: metadata:
name: pipeline-binding name: github-trigger-binding
namespace: tekton-pipeline-istio-project-1
spec: spec:
params: params:
- name: gitrevision - name: gitrevision
value: $(body.head_commit.id) value: $(body.pull_request.head.sha)
- name: gitrepositoryurl - name: gitrepositoryurl
value: "https://github.com/$(body.repository.full_name)" value: $(body.pull_request.head.repo.clone_url)
- name: prurl
value: $(body.pull_request.html_url)
- name: repo
value: $(body.pull_request.base.repo.full_name)
- name: source
value: github

37
manifests/triggers/trigger-template.yaml
View File

@@ -1,7 +1,9 @@
---
apiVersion: tekton.dev/v1alpha1 apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate kind: TriggerTemplate
metadata: metadata:
name: trigger-template name: github-trigger-template
namespace: tekton-pipeline-istio-project-1
spec: spec:
params: params:
- name: gitrevision - name: gitrevision
@@ -14,34 +16,15 @@ spec:
kind: PipelineRun kind: PipelineRun
metadata: metadata:
name: application-pipeline-run name: application-pipeline-run
namespace: tekton-pipeline-istio-project-1
spec: spec:
serviceAccountName: tutorial-service serviceAccountName: service-acc
pipelineRef: pipelineRef:
name: application-pipeline name: application-pipeline
resources: resources:
- name: git-source - name: git-master
resourceRef: resourceRef:
name: git name: git-master
params: - name: git-experimental
- name: pathToYamlFile resourceRef:
value: "deploy.yaml" name: git-experimental
- name: pathToContext
value: "."
- name: imageUrl-a
value: "server-a"
- name: imageTag-a
value: "latest"
- name: pathToContext-a
value: "./serverA"
- name: imageUrl-b
value: "server-b"
- name: imageTag-b
value: "latest"
- name: pathToContext-b
value: "./serverB"
- name: imageUrl-c
value: "server-c"
- name: imageTag-c
value: "latest"
- name: pathToContext-c
value: "./serverC"