Triggers由2部分配置组成：

• Trigger Template 定义pipelinerun模板
• Trigger Binding 提取webhook内容后定义pipelinerun模板params变量

Triggers

1. Template

需要定义信息如下：

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: cicd
spec:
  # 定义需要接收的变量信息
  params:
    - name: pathToDockerFile
    - name: appName
    - name: appTag
    - name: namespace
    - name: gitrepositoryurl
    - name: gitrevision
    - name: author
    - name: commit
    - name: email
  resourcetemplates:
    - apiVersion: tekton.dev/v1beta1
      kind: PipelineRun
      metadata:
        # 自动生成pipelinerun名
        generateName: $(params.appName)-
        namespace: $(params.namespace)
      spec:
        serviceAccountName: cicd-sa
        pipelineRef:
          name: cicd-v3
        params:
          - name: pathToDockerFile
            value: $(params.pathToDockerFile)
          - name: appName
            value: $(params.appName)
          - name: appTag
            value: $(params.appTag)
          - name: environment
            value: dev
          - name: author
            value: $(params.author)
          - name: commit
            value: $(params.commit)
          - name: email
            value: $(params.email)
        resources:
          - name: source-repo
            resourceSpec:
              type: git
              params:
                - name: url
                  value: $(params.gitrepositoryurl)
                - name: revision
                  value: $(params.gitrevision)

2. Binding

TriggerBinding使用$(body)取出Webhook内的值，然后传递给Template。

apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: cicd
spec:
  params:
    - name: appTag
      value: $(body.checkout_sha)
    - name: namespace
      value: pipelines
    - name: gitrepositoryurl
      value: $(body.project.git_ssh_url)
    - name: gitrevision
      value: $(body.checkout_sha)
    - name: author
      value: $(body.user_name)
    - name: commit
      value: $(body.commits[0].url)
    - name: email
      value: $(body.commits[0].author.email)

3. RBAC

因为Trigger会自动创建运行pipelinerun，所以需要一定的权限，需要的权限如下：

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: role
rules:
  # Permissions for every EventListener deployment to function
  - apiGroups: ["triggers.tekton.dev"]
    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
    verbs: ["get"]
  - apiGroups: [""]
    # secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
    resources: ["configmaps", "secrets", "serviceaccounts"]
    verbs: ["get", "list", "watch"]
  # Permissions to create resources in associated TriggerTemplates
  - apiGroups: ["tekton.dev"]
    resources: ["pipelineruns", "pipelineresources", "taskruns"]
    verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rb
subjects:
  - kind: ServiceAccount
    name: cicd-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: role

这样我们就完成了所有的流水线模板配置。