beppe/cicdTest
1
0
Fork 0
mirror of https://github.com/bvanroll/cicdTest.git synced 2025-08-29 12:02:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

docker laten werken hiermee is zo moeilijk

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2020-02-20 10:31:39 +01:00
parent c435a2a18c
commit 93df0d9f48
10 changed files with 340 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1 +1,2 @@
config.json
config.json
manifests/triggers/webhook-secret.yaml

7
README.md
View File

@@ -40,3 +40,10 @@ install tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml
docker config is een configmap gemaakt van config.json wa base64 username:pass inhoud heeft erges
kubectl create clusterrole tutorial-role \
--verb=get,list,watch,create,update,patch,delete \
--resource=deployments,deployments.apps,services,pods
https://github.com/tektoncd/triggers/blob/master/docs/getting-started/README.md

23
manifests/triggers/create-ingress-run.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-ingress-run
spec:
taskRef:
name: create-ingress
inputs:
params:
- name: CreateCertificate
value: "true"
- name: CertificateKeyPassphrase
value: asecretphrase
- name: CertificateSecretName
value: ingresssecret
- name: ExternalDomain
value: 35.233.93.220
- name: Service
value: getting-started
- name: ServicePort
value: "443"
timeout: 1000s
serviceAccountName: tekton-triggers-createwebhook

120
manifests/triggers/create-ingress.yaml Normal file
View File

@@ -0,0 +1,120 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-ingress
spec:
volumes:
- name: work
emptyDir: {}
inputs:
params:
- name: CreateCertificate
description: "Enables/disables the creation of a self-signed certificate for $(inputs.params.ExternalDomain)"
default: "true"
- name: CertificateKeyPassphrase
description: "Phrase that protects private key. This must be provided when the self-signed certificate is created"
- name: CertificateSecretName
description: "Secret name for Ingress certificate. The Secret should not exist if the self-signed certificate creation is enabled"
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).PROXYIP.nip.io`"
- name: Service
description: "The name of the Service used in the Ingress. This will also be the name of the Ingress."
- name: ServicePort
description: "The service port that the ingress is being created on"
- name: ServiceUID
description: "The uid of the service. If set, this creates an owner reference on the service"
default: ""
steps:
- name: generate-certificate
image: frapsoft/openssl
volumeMounts:
- name: work
mountPath: /var/tmp/work
command:
- sh
args:
- -ce
- |
set -e
cat <<EOF | sh
#!/bin/sh
if [ $(inputs.params.CreateCertificate) = "false" ];then
exit 0
fi
mkdir /var/tmp/work/ingress
openssl genrsa -des3 -out /var/tmp/work/ingress/key.pem -passout pass:$(inputs.params.CertificateKeyPassphrase) 2048
openssl req -x509 -new -nodes -key /var/tmp/work/ingress/key.pem -sha256 -days 1825 -out /var/tmp/work/ingress/certificate.pem -passin pass:$(inputs.params.CertificateKeyPassphrase) -subj /CN=$(inputs.params.ExternalDomain)
openssl rsa -in /var/tmp/work/ingress/key.pem -out /var/tmp/work/ingress/key.pem -passin pass:$(inputs.params.CertificateKeyPassphrase)
EOF
- name: create-certificate-secret
image: lachlanevenson/k8s-kubectl:latest
volumeMounts:
- name: work
mountPath: /var/tmp/work
command:
- sh
args:
- -ce
- |
set -e
cat <<EOF | sh
#!/bin/sh
if [ $(inputs.params.CreateCertificate) = "false" ];then
exit 0
fi
kubectl create secret tls $(inputs.params.CertificateSecretName) --cert=/var/tmp/work/ingress/certificate.pem --key=/var/tmp/work/ingress/key.pem || true
EOF
- name: create-ingress
image: lachlanevenson/k8s-kubectl:latest
command:
- sh
args:
- -ce
- |
set -e
if [ -n "$(inputs.params.ServiceUID)" ];then
cat <<EOF | kubectl create -f - || true
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: $(inputs.params.Service)
ownerReferences:
- name: $(inputs.params.Service)
apiVersion: v1
kind: Service
uid: $(inputs.params.ServiceUID)
spec:
tls:
- secretName: $(inputs.params.CertificateSecretName)
hosts:
- $(inputs.params.ExternalDomain)
rules:
- host: $(inputs.params.ExternalDomain)
http:
paths:
- backend:
serviceName: $(inputs.params.Service)
servicePort: $(inputs.params.ServicePort)
EOF
else
cat <<EOF | kubectl create -f - || true
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: $(inputs.params.Service)
spec:
tls:
- secretName: $(inputs.params.CertificateSecretName)
hosts:
- $(inputs.params.ExternalDomain)
rules:
- host: $(inputs.params.ExternalDomain)
http:
paths:
- backend:
serviceName: $(inputs.params.Service)
servicePort: $(inputs.params.ServicePort)
EOF
fi

49
manifests/triggers/create-webhook.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: create-webhook
spec:
volumes:
- name: github-secret
secret:
secretName: $(inputs.params.GitHubSecretName)
inputs:
params:
- name: ExternalDomain
description: "The external domain for the EventListener e.g. `$(inputs.params.EventListenerName).<PROXYIP>.nip.io`"
- name: GitHubUser
description: "The GitHub user"
- name: GitHubRepo
description: "The GitHub repo where the webhook will be created"
- name: GitHubOrg
description: "The GitHub organization where the webhook will be created"
- name: GitHubSecretName
description: "The Secret name for GitHub access token. This is always mounted and must exist"
- name: GitHubAccessTokenKey
description: "The GitHub access token key name"
- name: GitHubSecretStringKey
description: "The GitHub secret string key name"
- name: GitHubDomain
description: "The GitHub domain. Override for GitHub Enterprise"
default: "github.com"
- name: WebhookEvents
description: "List of events the webhook will send notifications for"
default: '[\"push\",\"pull_request\"]'
steps:
- name: create-webhook
image: pstauffer/curl:latest
volumeMounts:
- name: github-secret
mountPath: /var/secret
command:
- sh
args:
- -ce
- |
set -e
echo "Create Webhook"
if [ $(inputs.params.GitHubDomain) = "github.com" ];then
curl -v -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://api.github.com/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
else
curl -d "{\"name\": \"web\",\"active\": true,\"events\": $(inputs.params.WebhookEvents),\"config\": {\"url\": \"https://$(inputs.params.ExternalDomain)/\",\"content_type\": \"json\",\"insecure_ssl\": \"1\" ,\"secret\": \"$(cat /var/secret/$(inputs.params.GitHubSecretStringKey))\"}}" -X POST -u $(inputs.params.GitHubUser):$(cat /var/secret/$(inputs.params.GitHubAccessTokenKey)) -L https://$(inputs.params.GitHubDomain)/api/v3/repos/$(inputs.params.GitHubOrg)/$(inputs.params.GitHubRepo)/hooks
fi

11
manifests/triggers/event-listener.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: tekton.dev/v1alpha1
kind: EventListener
metadata:
name: event-listener
spec:
serviceAccountName: tutorial-service
triggers:
- bindings:
- name: pipeline-binding
template:
name: trigger-template

52
manifests/triggers/service-account-triggers.yaml Normal file
View File

@@ -0,0 +1,52 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-triggers-createwebhook
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- tekton.dev
resources:
- eventlisteners
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- delete
- update
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-createwebhook
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-createwebhook
subjects:
- kind: ServiceAccount
name: tekton-triggers-createwebhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-triggers-createwebhook

10
manifests/triggers/trigger-binding.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: pipeline-binding
spec:
params:
- name: gitrevision
value: $(body.head_commit.id)
- name: gitrepositoryurl
value: "https://github.com/$(body.repository.full_name)"

41
manifests/triggers/trigger-template.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: trigger-template
spec:
params:
- name: gitrevision
description: The git revision
default: master
- name: gitrepositoryurl
description: The git repository url
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: application-pipeline-run
spec:
serviceAccountName: tutorial-service
pipelineRef:
name: application-pipeline
resources:
- name: git-source
resourceRef:
name: git
params:
- name: pathToYamlFile
value: "deploy.yaml"
- name: pathToContext
value: "."
- name: imageUrl-a
value: "server-a"
- name: imageTag-a
value: "latest"
- name: pathToContext-a
value: "./serverA"
- name: imageUrl-b
value: "server-b"
- name: imageTag-b
value: "latest"
- name: pathToContext-b
value: "./serverB"

25
manifests/triggers/webhook-run.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: create-webhook-run
spec:
taskRef:
name: create-webhook
inputs:
params:
- name: GitHubOrg
value: "github.com"
- name: GitHubUser
value: "beppevanrolleghem"
- name: GitHubRepo
value: "cicdTest"
- name: GitHubSecretName
value: webhook-secret
- name: GitHubAccessTokenKey
value: token
- name: GitHubSecretStringKey
value: secret
- name: ExternalDomain
value: 35.233.93.220
timeout: 1000s
serviceAccountName: tekton-triggers-createwebhook