说明
我们使用Tekton是通过手动创建一个TaskRun或者一个PipelineRun对象来触发任务。但是在实际的工作中更多的是开发人员提交代码过后来触发任务,这个时候就需要用到Tekton里面的Triggers了。
Triggers 通过下面的几个CRD对象对 Tekton 进行了一些扩展:
-
TriggerTemplate: 创建资源的模板,比如用来创建 PipelineResource 和 PipelineRun; -
TriggerBinding: 校验事件并提取相关字段属性; -
ClusterTriggerBinding: 和TriggerBinding类似,只是是全局的; -
EventListener: 连接TriggerBinding和TriggerTemplate到事件接收器,使用从各个TriggerBinding中提取的参数来创建TriggerTemplate中指定的 resources,同样通过interceptor字段来指定外部服务对事件属性进行预处理;
系统信息
# k8s version
v1.17.9
安装控制器
# 获取源码
git clone https://github.com/hb-chen/tekton-practice.git
cd tekton-practice
# 版本可以根据情况选择最新版本
kubectl apply -f install/pipeline_v0.20.0.yaml
kubectl apply -f install/trigger_v0.10.2.yaml
kubectl apply -f install/dashboard_v0.15.0.yaml
说明:版本选择还要注意一点是三个组件间的兼容关系,可以参考tektoncd/dashboard的README文档。
# 查看pod
kubectl get pod -n tekton-pipelines
NAME READY STATUS RESTARTS AGE
tekton-dashboard-575f58df5c-b4qml 1/1 Running 0 178m
tekton-pipelines-controller-594d66959-jl68s 1/1 Running 0 179m
tekton-pipelines-webhook-7cf7d75b87-c8mqv 1/1 Running 0 179m
tekton-triggers-controller-6bb9db8ffb-h68zp 1/1 Running 0 178m
tekton-triggers-webhook-5689cfcb56-w7d54 1/1 Running 0 178m
# 查看service
kubectl get svc -n tekton-pipelines
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
tekton-dashboard ClusterIP 10.233.6.52 <none> 9097/TCP 179m
tekton-pipelines-controller ClusterIP 10.233.60.34 <none> 9090/TCP,8080/TCP 3h
tekton-pipelines-webhook ClusterIP 10.233.28.189 <none> 9090/TCP,8008/TCP,443/TCP,8080/TCP 3h
tekton-triggers-controller ClusterIP 10.233.45.100 <none> 9090/TCP 179m
tekton-triggers-core-interceptors ClusterIP 10.233.34.160 <none> 80/TCP 34m
tekton-triggers-webhook ClusterIP 10.233.4.20 <none> 443/TCP 179m
说明:
-
Dashboard 本身没有安全认证,如果是暴露在公网的服务可以使用
nginx ingress的basic-auth做一个简单的认证; -
我们这里使用
Traefik来将tekton-dashboard服务暴露出来;
服务暴露
我们使用上节讲解的kubernetes 部署 Traefik2.4.13将tekton-dashboard服务使用https暴露出来。
# cat tekton-dashboard-https.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tekton-dashboard-redirect-https
namespace: tekton-pipelines
spec:
redirectScheme:
scheme: https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tekton-dashboard-server-http
namespace: tekton-pipelines
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`tekton.k8s.local`)
priority: 10
middlewares:
- name: tekton-dashboard-redirect-https
services:
- name: tekton-dashboard
port: 9097
- kind: Rule
match: Host(`tekton.k8s.local`) && Headers(`Content-Type`, `application/grpc`)
priority: 11
middlewares:
- name: tekton-dashboard-redirect-https
services:
- name: tekton-dashboard
port: 9097
scheme: h2c
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tekton-dashboard-server
namespace: tekton-pipelines
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`tekton.k8s.local`)
priority: 10
services:
- name: tekton-dashboard
port: 9097
- kind: Rule
match: Host(`tekton.k8s.local`) && Headers(`Content-Type`, `application/grpc`)
priority: 11
services:
- name: tekton-dashboard
port: 9097
scheme: h2c
tls:
certResolver: default
options: {}
说明:tekton.k8s.local这里可以通过 DNS 服务器进行域名解析,也可以修改 hosts 文件将 Traefik 指定节点的 IP 和自定义 host 绑定。
# apply
kubectl apply -f tekton-dashboard-https.yaml
# 查看IngressRoute
kubectl get IngressRoute -n tekton-pipelines
NAME AGE
tekton-dashboard-server 172m
tekton-dashboard-server-http 172m
浏览器访问
https://tekton.k8s.local
