mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
240 lines
7.0 KiB
Plaintext
240 lines
7.0 KiB
Plaintext
// This module is included in the following assembly:
|
|
//
|
|
// *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="adding-triggers_{context}"]
|
|
= Adding triggers to a pipeline
|
|
|
|
Triggers enable pipelines to respond to external GitHub events, such as push events and pull requests. After you assemble and start a pipeline for the application, add the `TriggerBinding`, `TriggerTemplate`, `Trigger`, and `EventListener` resources to capture the GitHub events.
|
|
|
|
[discrete]
|
|
.Procedure
|
|
. Copy the content of the following sample `TriggerBinding` YAML file and save it:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: TriggerBinding
|
|
metadata:
|
|
name: vote-app
|
|
spec:
|
|
params:
|
|
- name: git-repo-url
|
|
value: $(body.repository.url)
|
|
- name: git-repo-name
|
|
value: $(body.repository.name)
|
|
- name: git-revision
|
|
value: $(body.head_commit.id)
|
|
----
|
|
|
|
. Create the `TriggerBinding` resource:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <triggerbinding-yaml-file-name.yaml>
|
|
----
|
|
+
|
|
Alternatively, you can create the `TriggerBinding` resource directly from the `pipelines-tutorial` Git repository:
|
|
+
|
|
[source,terminal,subs="attributes+"]
|
|
----
|
|
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/{pipelines-ver}/03_triggers/01_binding.yaml
|
|
----
|
|
|
|
. Copy the content of the following sample `TriggerTemplate` YAML file and save it:
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: TriggerTemplate
|
|
metadata:
|
|
name: vote-app
|
|
spec:
|
|
params:
|
|
- name: git-repo-url
|
|
description: The git repository url
|
|
- name: git-revision
|
|
description: The git revision
|
|
default: {pipelines-ver}
|
|
- name: git-repo-name
|
|
description: The name of the deployment to be created / patched
|
|
|
|
resourcetemplates:
|
|
- apiVersion: tekton.dev/v1beta1
|
|
kind: PipelineRun
|
|
metadata:
|
|
generateName: build-deploy-$(tt.params.git-repo-name)-
|
|
spec:
|
|
serviceAccountName: pipeline
|
|
pipelineRef:
|
|
name: build-and-deploy
|
|
params:
|
|
- name: deployment-name
|
|
value: $(tt.params.git-repo-name)
|
|
- name: git-url
|
|
value: $(tt.params.git-repo-url)
|
|
- name: git-revision
|
|
value: $(tt.params.git-revision)
|
|
- name: IMAGE
|
|
value: image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/$(tt.params.git-repo-name)
|
|
workspaces:
|
|
- name: shared-workspace
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 500Mi
|
|
----
|
|
+
|
|
The template specifies a volume claim template to create a persistent volume claim for defining the storage volume for the workspace. Therefore, you do not need to create a persistent volume claim to provide data storage.
|
|
|
|
. Create the `TriggerTemplate` resource:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <triggertemplate-yaml-file-name.yaml>
|
|
----
|
|
+
|
|
Alternatively, you can create the `TriggerTemplate` resource directly from the `pipelines-tutorial` Git repository:
|
|
+
|
|
[source,terminal,subs="attributes+"]
|
|
----
|
|
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/{pipelines-ver}/03_triggers/02_template.yaml
|
|
----
|
|
|
|
. Copy the contents of the following sample `Trigger` YAML file and save it:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: Trigger
|
|
metadata:
|
|
name: vote-trigger
|
|
spec:
|
|
serviceAccountName: pipeline
|
|
bindings:
|
|
- ref: vote-app
|
|
template:
|
|
ref: vote-app
|
|
----
|
|
|
|
. Create the `Trigger` resource:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <trigger-yaml-file-name.yaml>
|
|
----
|
|
+
|
|
Alternatively, you can create the `Trigger` resource directly from the `pipelines-tutorial` Git repository:
|
|
+
|
|
[source,terminal,subs="attributes+"]
|
|
----
|
|
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/{pipelines-ver}/03_triggers/03_trigger.yaml
|
|
----
|
|
|
|
. Copy the contents of the following sample `EventListener` YAML file and save it:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: EventListener
|
|
metadata:
|
|
name: vote-app
|
|
spec:
|
|
serviceAccountName: pipeline
|
|
triggers:
|
|
- triggerRef: vote-trigger
|
|
----
|
|
+
|
|
|
|
Alternatively, if you have not defined a trigger custom resource, add the binding and template spec to the `EventListener` YAML file, instead of referring to the name of the trigger:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: triggers.tekton.dev/v1beta1
|
|
kind: EventListener
|
|
metadata:
|
|
name: vote-app
|
|
spec:
|
|
serviceAccountName: pipeline
|
|
triggers:
|
|
- bindings:
|
|
- ref: vote-app
|
|
template:
|
|
ref: vote-app
|
|
----
|
|
|
|
. Create the `EventListener` resource by performing the following steps:
|
|
+
|
|
* To create an `EventListener` resource using a secure HTTPS connection:
|
|
+
|
|
.. Add a label to enable the secure HTTPS connection to the `Eventlistener` resource:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc label namespace <ns-name> operator.tekton.dev/enable-annotation=enabled
|
|
----
|
|
.. Create the `EventListener` resource:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <eventlistener-yaml-file-name.yaml>
|
|
----
|
|
+
|
|
Alternatively, you can create the `EvenListener` resource directly from the `pipelines-tutorial` Git repository:
|
|
+
|
|
[source,terminal,subs="attributes+"]
|
|
----
|
|
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/{pipelines-ver}/03_triggers/04_event_listener.yaml
|
|
----
|
|
.. Create a route with the re-encrypt TLS termination:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create route reencrypt --service=<svc-name> --cert=tls.crt --key=tls.key --ca-cert=ca.crt --hostname=<hostname>
|
|
----
|
|
+
|
|
Alternatively, you can create a re-encrypt TLS termination YAML file to create a secured route.
|
|
+
|
|
.Example Re-encrypt TLS Termination YAML of the Secured Route
|
|
[source,yaml]
|
|
----
|
|
apiVersion: route.openshift.io/v1
|
|
kind: Route
|
|
metadata:
|
|
name: route-passthrough-secured <1>
|
|
spec:
|
|
host: <hostname>
|
|
to:
|
|
kind: Service
|
|
name: frontend <1>
|
|
tls:
|
|
termination: reencrypt <2>
|
|
key: [as in edge termination]
|
|
certificate: [as in edge termination]
|
|
caCertificate: [as in edge termination]
|
|
destinationCACertificate: |- <3>
|
|
-----BEGIN CERTIFICATE-----
|
|
[...]
|
|
-----END CERTIFICATE-----
|
|
----
|
|
+
|
|
<1> The name of the object, which is limited to 63 characters.
|
|
<2> The `*termination*` field is set to `reencrypt`. This is the only required `tls` field.
|
|
<3> Required for re-encryption. `*destinationCACertificate*` specifies a CA certificate to validate the endpoint certificate, securing the connection from the router to the destination pods. If the service is using a service signing certificate, or the administrator has specified a default CA certificate for the router and the service has a certificate signed by that CA, this field can be omitted.
|
|
+
|
|
See `oc create route reencrypt --help` for more options.
|
|
+
|
|
* To create an `EventListener` resource using an insecure HTTP connection:
|
|
+
|
|
.. Create the `EventListener` resource.
|
|
.. Expose the `EventListener` service as an {product-title} route to make it publicly accessible:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc expose svc el-vote-app
|
|
----
|