diff --git a/.gitignore b/.gitignore index 0cffcb3..f73e4b6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -config.json \ No newline at end of file +config.json +manifests/triggers/webhook-secret.yaml \ No newline at end of file diff --git a/README.md b/README.md index 902cd01..2ab00fb 100644 --- a/README.md +++ b/README.md @@ -40,3 +40,10 @@ install tekton kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml docker config is een configmap gemaakt van config.json wa base64 username:pass inhoud heeft erges + + +kubectl create clusterrole tutorial-role \ + --verb=get,list,watch,create,update,patch,delete \ + --resource=deployments,deployments.apps,services,pods + +https://github.com/tektoncd/triggers/blob/master/docs/getting-started/README.md \ No newline at end of file diff --git a/manifests/triggers/create-ingress-run.yaml b/manifests/triggers/create-ingress-run.yaml new file mode 100644 index 0000000..df4df74 --- /dev/null +++ b/manifests/triggers/create-ingress-run.yaml @@ -0,0 +1,23 @@ +apiVersion: tekton.dev/v1alpha1 +kind: TaskRun +metadata: + name: create-ingress-run +spec: + taskRef: + name: create-ingress + inputs: + params: + - name: CreateCertificate + value: "true" + - name: CertificateKeyPassphrase + value: asecretphrase + - name: CertificateSecretName + value: ingresssecret + - name: ExternalDomain + value: 35.233.93.220 + - name: Service + value: getting-started + - name: ServicePort + value: "443" + timeout: 1000s + serviceAccountName: tekton-triggers-createwebhook \ No newline at end of file diff --git a/manifests/triggers/create-ingress.yaml b/manifests/triggers/create-ingress.yaml new file mode 100644 index 0000000..035bd6e --- /dev/null +++ b/manifests/triggers/create-ingress.yaml @@ -0,0 +1,120 @@ +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: create-ingress +spec: + volumes: + - name: work + emptyDir: {} + + inputs: + params: + - name: CreateCertificate + description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)" + default: "true" + - name: CertificateKeyPassphrase + description: "Phrase that protects private key. This must be provided when the self-signed certificate is created" + - name: CertificateSecretName + description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled" + - name: ExternalDomain + description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`" + - name: Service + description: "The name of the Service used in the Ingress. This will also be the name of the Ingress." + - name: ServicePort + description: "The service port that the ingress is being created on" + - name: ServiceUID + description: "The uid of the service. If set, this creates an owner reference on the service" + default: "" + + steps: + - name: generate-certificate + image: frapsoft/openssl + volumeMounts: + - name: work + mountPath: /var/tmp/work + command: + - sh + args: + - -ce + - | + set -e + cat <.nip.io`" + - name: GitHubUser + description: "The GitHub user" + - name: GitHubRepo + description: "The GitHub repo where the webhook will be created" + - name: GitHubOrg + description: "The GitHub organization where the webhook will be created" + - name: GitHubSecretName + description: "The Secret name for GitHub access token. This is always mounted and must exist" + - name: GitHubAccessTokenKey + description: "The GitHub access token key name" + - name: GitHubSecretStringKey + description: "The GitHub secret string key name" + - name: GitHubDomain + description: "The GitHub domain. Override for GitHub Enterprise" + default: "github.com" + - name: WebhookEvents + description: "List of events the webhook will send notifications for" + default: '[\"push\",\"pull_request\"]' + steps: + - name: create-webhook + image: pstauffer/curl:latest + volumeMounts: + - name: github-secret + mountPath: /var/secret + command: + - sh + args: + - -ce + - | + set -e + echo "Create Webhook" + if [ $(inputs.params.GitHubDomain) = "github.com" ];then + curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + else + curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks + fi \ No newline at end of file diff --git a/manifests/triggers/event-listener.yaml b/manifests/triggers/event-listener.yaml new file mode 100644 index 0000000..093d6ac --- /dev/null +++ b/manifests/triggers/event-listener.yaml @@ -0,0 +1,11 @@ +apiVersion: tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: event-listener +spec: + serviceAccountName: tutorial-service + triggers: + - bindings: + - name: pipeline-binding + template: + name: trigger-template \ No newline at end of file diff --git a/manifests/triggers/service-account-triggers.yaml b/manifests/triggers/service-account-triggers.yaml new file mode 100644 index 0000000..22a7083 --- /dev/null +++ b/manifests/triggers/service-account-triggers.yaml @@ -0,0 +1,52 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-triggers-createwebhook +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update + - delete +- apiGroups: + - tekton.dev + resources: + - eventlisteners + verbs: + - get + - list + - create + - update + - delete +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - delete + - update +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-createwebhook +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-createwebhook +subjects: + - kind: ServiceAccount + name: tekton-triggers-createwebhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-triggers-createwebhook \ No newline at end of file diff --git a/manifests/triggers/trigger-binding.yaml b/manifests/triggers/trigger-binding.yaml new file mode 100644 index 0000000..c112d27 --- /dev/null +++ b/manifests/triggers/trigger-binding.yaml @@ -0,0 +1,10 @@ +apiVersion: tekton.dev/v1alpha1 +kind: TriggerBinding +metadata: + name: pipeline-binding +spec: + params: + - name: gitrevision + value: $(body.head_commit.id) + - name: gitrepositoryurl + value: "https://github.com/$(body.repository.full_name)" \ No newline at end of file diff --git a/manifests/triggers/trigger-template.yaml b/manifests/triggers/trigger-template.yaml new file mode 100644 index 0000000..4a4e547 --- /dev/null +++ b/manifests/triggers/trigger-template.yaml @@ -0,0 +1,41 @@ +apiVersion: tekton.dev/v1alpha1 +kind: TriggerTemplate +metadata: + name: trigger-template +spec: + params: + - name: gitrevision + description: The git revision + default: master + - name: gitrepositoryurl + description: The git repository url + resourcetemplates: + - apiVersion: tekton.dev/v1alpha1 + kind: PipelineRun + metadata: + name: application-pipeline-run + spec: + serviceAccountName: tutorial-service + pipelineRef: + name: application-pipeline + resources: + - name: git-source + resourceRef: + name: git + params: + - name: pathToYamlFile + value: "deploy.yaml" + - name: pathToContext + value: "." + - name: imageUrl-a + value: "server-a" + - name: imageTag-a + value: "latest" + - name: pathToContext-a + value: "./serverA" + - name: imageUrl-b + value: "server-b" + - name: imageTag-b + value: "latest" + - name: pathToContext-b + value: "./serverB" \ No newline at end of file diff --git a/manifests/triggers/webhook-run.yaml b/manifests/triggers/webhook-run.yaml new file mode 100644 index 0000000..3078d1f --- /dev/null +++ b/manifests/triggers/webhook-run.yaml @@ -0,0 +1,25 @@ +apiVersion: tekton.dev/v1alpha1 +kind: TaskRun +metadata: + name: create-webhook-run +spec: + taskRef: + name: create-webhook + inputs: + params: + - name: GitHubOrg + value: "github.com" + - name: GitHubUser + value: "beppevanrolleghem" + - name: GitHubRepo + value: "cicdTest" + - name: GitHubSecretName + value: webhook-secret + - name: GitHubAccessTokenKey + value: token + - name: GitHubSecretStringKey + value: secret + - name: ExternalDomain + value: 35.233.93.220 + timeout: 1000s + serviceAccountName: tekton-triggers-createwebhook \ No newline at end of file