Triggers由2部分配置组成:
需要定义信息如下:
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: cicd
spec:
# 定义需要接收的变量信息
params:
- name: pathToDockerFile
- name: appName
- name: appTag
- name: namespace
- name: gitrepositoryurl
- name: gitrevision
- name: author
- name: commit
- name: email
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
# 自动生成pipelinerun名
generateName: $(params.appName)-
namespace: $(params.namespace)
spec:
serviceAccountName: cicd-sa
pipelineRef:
name: cicd-v3
params:
- name: pathToDockerFile
value: $(params.pathToDockerFile)
- name: appName
value: $(params.appName)
- name: appTag
value: $(params.appTag)
- name: environment
value: dev
- name: author
value: $(params.author)
- name: commit
value: $(params.commit)
- name: email
value: $(params.email)
resources:
- name: source-repo
resourceSpec:
type: git
params:
- name: url
value: $(params.gitrepositoryurl)
- name: revision
value: $(params.gitrevision)
TriggerBinding使用$(body)取出Webhook内的值,然后传递给Template。
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: cicd
spec:
params:
- name: appTag
value: $(body.checkout_sha)
- name: namespace
value: pipelines
- name: gitrepositoryurl
value: $(body.project.git_ssh_url)
- name: gitrevision
value: $(body.checkout_sha)
- name: author
value: $(body.user_name)
- name: commit
value: $(body.commits[0].url)
- name: email
value: $(body.commits[0].author.email)
因为Trigger会自动创建运行pipelinerun,所以需要一定的权限,需要的权限如下:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: role
rules:
# Permissions for every EventListener deployment to function
- apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
verbs: ["get"]
- apiGroups: [""]
# secrets are only needed for Github/Gitlab interceptors, serviceaccounts only for per trigger authorization
resources: ["configmaps", "secrets", "serviceaccounts"]
verbs: ["get", "list", "watch"]
# Permissions to create resources in associated TriggerTemplates
- apiGroups: ["tekton.dev"]
resources: ["pipelineruns", "pipelineresources", "taskruns"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rb
subjects:
- kind: ServiceAccount
name: cicd-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: role
这样我们就完成了所有的流水线模板配置。