docker laten werken hiermee is zo moeilijk

.gitignore

@@ -1 +1,2 @@
-config.json
+config.json
+manifests/triggers/webhook-secret.yaml

README.md

@@ -40,3 +40,10 @@ install tekton
 kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml
 
 docker config is een configmap gemaakt van config.json wa base64 username:pass inhoud heeft erges
+
+
+kubectl create clusterrole tutorial-role \
+               --verb=get,list,watch,create,update,patch,delete \
+               --resource=deployments,deployments.apps,services,pods
+               
+https://github.com/tektoncd/triggers/blob/master/docs/getting-started/README.md

manifests/triggers/create-ingress-run.yaml

@@ -0,0 +1,23 @@
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  name: create-ingress-run
+spec:
+  taskRef:
+    name: create-ingress
+  inputs:
+    params:
+    - name: CreateCertificate
+      value: "true"
+    - name: CertificateKeyPassphrase
+      value: asecretphrase
+    - name: CertificateSecretName
+      value: ingresssecret
+    - name: ExternalDomain
+      value: 35.233.93.220
+    - name: Service
+      value: getting-started
+    - name: ServicePort
+      value: "443"
+  timeout: 1000s
+  serviceAccountName: tekton-triggers-createwebhook

manifests/triggers/create-ingress.yaml

@@ -0,0 +1,120 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: create-ingress
+spec:
+  volumes:
+  - name: work
+    emptyDir: {}
+
+  inputs:
+    params:
+    - name: CreateCertificate
+      description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
+      default: "true"
+    - name: CertificateKeyPassphrase
+      description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
+    - name: CertificateSecretName
+      description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
+    - name: ExternalDomain
+      description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
+    - name: Service
+      description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
+    - name: ServicePort
+      description: "The service port that the ingress is being created on"
+    - name: ServiceUID
+      description: "The uid of the service. If set, this creates an owner reference on the service"
+      default: ""
+
+  steps:
+  - name: generate-certificate
+    image: frapsoft/openssl
+    volumeMounts:
+    - name: work
+      mountPath: /var/tmp/work
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      cat <<EOF | sh
+      #!/bin/sh
+      if [ $(inputs.params.CreateCertificate) = "false" ];then
+        exit 0
+      fi
+      mkdir /var/tmp/work/ingress
+      openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
+      openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
+      openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
+      EOF
+  - name: create-certificate-secret
+    image: lachlanevenson/k8s-kubectl:latest
+    volumeMounts:
+    - name: work
+      mountPath: /var/tmp/work
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      cat <<EOF | sh
+      #!/bin/sh
+      if [ $(inputs.params.CreateCertificate) = "false" ];then
+        exit 0
+      fi
+      kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
+      EOF
+  - name: create-ingress
+    image: lachlanevenson/k8s-kubectl:latest
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      if [ -n "$(inputs.params.ServiceUID)" ];then
+        cat <<EOF | kubectl create -f - || true
+        apiVersion: extensions/v1beta1
+        kind: Ingress
+        metadata:
+          name: $(inputs.params.Service)
+          ownerReferences:
+          - name: $(inputs.params.Service)
+            apiVersion: v1
+            kind: Service
+            uid: $(inputs.params.ServiceUID)
+        spec:
+          tls:
+          - secretName: $(inputs.params.CertificateSecretName)
+            hosts:
+            - $(inputs.params.ExternalDomain)
+          rules:
+          - host: $(inputs.params.ExternalDomain)
+            http:
+              paths:
+              - backend:
+                  serviceName: $(inputs.params.Service)
+                  servicePort: $(inputs.params.ServicePort)
+      EOF
+      else
+        cat <<EOF | kubectl create -f - || true
+        apiVersion: extensions/v1beta1
+        kind: Ingress
+        metadata:
+          name: $(inputs.params.Service)
+        spec:
+          tls:
+          - secretName: $(inputs.params.CertificateSecretName)
+            hosts:
+            - $(inputs.params.ExternalDomain)
+          rules:
+          - host: $(inputs.params.ExternalDomain)
+            http:
+              paths:
+              - backend:
+                  serviceName: $(inputs.params.Service)
+                  servicePort: $(inputs.params.ServicePort)
+      EOF
+      fi

manifests/triggers/create-webhook.yaml

@@ -0,0 +1,49 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: create-webhook
+spec:
+  volumes:
+  - name: github-secret
+    secret:
+      secretName: $(inputs.params.GitHubSecretName)
+  inputs:
+    params:
+    - name: ExternalDomain
+      description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
+    - name: GitHubUser
+      description: "The GitHub user"
+    - name: GitHubRepo
+      description: "The GitHub repo where the webhook will be created"
+    - name: GitHubOrg
+      description: "The GitHub organization where the webhook will be created"
+    - name: GitHubSecretName
+      description: "The Secret name for GitHub access token. This is always mounted and must exist"
+    - name: GitHubAccessTokenKey
+      description: "The GitHub access token key name"
+    - name: GitHubSecretStringKey
+      description: "The GitHub secret string key name"
+    - name: GitHubDomain
+      description: "The GitHub domain. Override for GitHub Enterprise"
+      default: "github.com"
+    - name: WebhookEvents
+      description: "List of events the webhook will send notifications for"
+      default: '[\"push\",\"pull_request\"]'
+  steps:
+  - name: create-webhook
+    image: pstauffer/curl:latest
+    volumeMounts:
+    - name: github-secret
+      mountPath: /var/secret
+    command:
+    - sh
+    args:
+    - -ce
+    - |
+      set -e
+      echo "Create Webhook"
+      if [ $(inputs.params.GitHubDomain) = "github.com" ];then
+        curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      else
+        curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
+      fi

manifests/triggers/event-listener.yaml

@@ -0,0 +1,11 @@
+apiVersion: tekton.dev/v1alpha1
+kind: EventListener
+metadata:
+  name: event-listener
+spec:
+  serviceAccountName: tutorial-service
+  triggers:
+    - bindings:
+      - name: pipeline-binding
+      template:
+        name: trigger-template

manifests/triggers/service-account-triggers.yaml

@@ -0,0 +1,52 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-createwebhook
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - tekton.dev
+  resources:
+  - eventlisteners
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - get
+  - list
+  - delete
+  - update
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-createwebhook
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-triggers-createwebhook
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-createwebhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tekton-triggers-createwebhook

manifests/triggers/trigger-binding.yaml

@@ -0,0 +1,10 @@
+apiVersion: tekton.dev/v1alpha1
+kind: TriggerBinding
+metadata:
+  name: pipeline-binding
+spec:
+  params:
+    - name: gitrevision
+      value: $(body.head_commit.id)
+    - name: gitrepositoryurl
+      value: "https://github.com/$(body.repository.full_name)"

manifests/triggers/trigger-template.yaml

@@ -0,0 +1,41 @@
+apiVersion: tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+  name: trigger-template
+spec:
+  params:
+    - name: gitrevision
+      description: The git revision
+      default: master
+    - name: gitrepositoryurl
+      description: The git repository url
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1alpha1
+      kind: PipelineRun
+      metadata:
+        name: application-pipeline-run
+      spec:
+        serviceAccountName: tutorial-service
+        pipelineRef:
+          name: application-pipeline
+        resources:
+          - name: git-source
+            resourceRef:
+              name: git
+        params:
+          - name: pathToYamlFile
+            value: "deploy.yaml"
+          - name: pathToContext
+            value: "."
+          - name: imageUrl-a
+            value: "server-a"
+          - name: imageTag-a
+            value: "latest"
+          - name: pathToContext-a
+            value: "./serverA"
+          - name: imageUrl-b
+            value: "server-b"
+          - name: imageTag-b
+            value: "latest"
+          - name: pathToContext-b
+            value: "./serverB"

manifests/triggers/webhook-run.yaml

@@ -0,0 +1,25 @@
+apiVersion: tekton.dev/v1alpha1
+kind: TaskRun
+metadata:
+  name: create-webhook-run
+spec:
+  taskRef:
+    name: create-webhook
+  inputs:
+    params:
+    - name: GitHubOrg
+      value: "github.com"
+    - name: GitHubUser
+      value: "beppevanrolleghem"
+    - name: GitHubRepo
+      value: "cicdTest"
+    - name: GitHubSecretName
+      value: webhook-secret
+    - name: GitHubAccessTokenKey
+      value: token
+    - name: GitHubSecretStringKey
+      value: secret
+    - name: ExternalDomain
+      value: 35.233.93.220
+  timeout: 1000s
+  serviceAccountName: tekton-triggers-createwebhook