update

2025-08-04 06:26:23 +00:00
parent 7dc67ca8ac
commit e6c919ec2f
13 changed files with 242 additions and 98 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+**03-secret-dockerconfig.yaml
--- a/index.html
+++ b/index.html
@ -1 +1,11 @@
-<p> test - 01 </p>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Tekton Demo</title>
+</head>
+<body>
+    <h1>✅ Hello Tekton CI/CD!</h1>
+    <p>This page is built automatically using Tekton Pipeline.</p>
+</body>
+</html>
+
--- a/k8s/tekton/task-build.yaml
+++ b/k8s/tekton/task-build.yaml
@ -1,34 +0,0 @@
-#task-build.yaml
-apiVersion: tekton.dev/v1
-kind: Task
-metadata:
-  name: build-and-push
-  namespace: tekton-demo
-spec:
-  params:
-    - name: IMAGE
-      type: string
-      description: "Target image"
-    - name: GIT_URL
-      type: string
-    - name: GIT_REVISION
-      type: string
-      default: "main"
-  steps:
-    - name: git-clone
-      image: alpine/git
-      script: |
-        #!/bin/sh
-        git clone $(params.GIT_URL) source
-        cd source
-        git checkout $(params.GIT_REVISION)
-
-    - name: build-image
-      image: gcr.io/kaniko-project/executor:latest
-      args:
-        - "--dockerfile=source/Dockerfile"
-        - "--context=source/"
-        - "--destination=$(params.IMAGE)"
-        - "--insecure"
-        - "--skip-tls-verify"
-
--- a/k8s/tekton/trigger.yaml
+++ b/k8s/tekton/trigger.yaml
@ -1,54 +0,0 @@
-# trigger.yaml
-apiVersion: triggers.tekton.dev/v1beta1
-kind: TriggerTemplate
-metadata:
-  name: nginx-build-template
-  namespace: tekton-demo
-spec:
-  params:
-    - name: git-repo-url
-    - name: git-revision
-  resourcetemplates:
-    - apiVersion: tekton.dev/v1
-      kind: PipelineRun
-      metadata:
-        generateName: nginx-build-run-
-      spec:
-        pipelineRef:
-          name: nginx-build-pipeline
-        params:
-          - name: GIT_URL
-            value: $(tt.params.git-repo-url)
-          - name: GIT_REVISION
-            value: $(tt.params.git-revision)
-          - name: IMAGE
-            value: harbor.icurfer.com/open/nginx-demo:latest
-
---
-apiVersion: triggers.tekton.dev/v1beta1
-kind: TriggerBinding
-metadata:
-  name: nginx-build-binding
-  namespace: tekton-demo
-spec:
-  params:
-    - name: git-repo-url
-      value: $(body.repository.clone_url)
-    - name: git-revision
-      value: $(body.ref)
-
---
-apiVersion: triggers.tekton.dev/v1beta1
-kind: EventListener
-metadata:
-  name: nginx-build-listener
-  namespace: tekton-demo
-spec:
-  serviceAccountName: tekton-triggers-sa
-  triggers:
-    - name: nginx-build-trigger
-      bindings:
-        - ref: nginx-build-binding
-      template:
-        ref: nginx-build-template
-
--- a/sample-build/01-serviceaccount.yaml
+++ b/sample-build/01-serviceaccount.yaml
@ -0,0 +1,64 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-triggers-sa
+  namespace: tekton-demo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tekton-build-role
+  namespace: tekton-demo
+rules:
+  - apiGroups: ["", "apps", "tekton.dev", "triggers.tekton.dev"]
+    resources: ["pods", "pipelineruns", "tasks", "events"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tekton-build-sa-binding
+  namespace: tekton-demo
+subjects:
+  - kind: ServiceAccount
+    name: tekton-build-sa
+roleRef:
+  kind: Role
+  name: tekton-build-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tekton-build-sa
+  namespace: tekton-demo
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tekton-triggers-role
+rules:
+- apiGroups: [""] # core API
+  resources: ["pods", "services", "endpoints", "configmaps", "secrets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["triggers.tekton.dev"]
+  resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-build-sa-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-build-sa
+    namespace: tekton-demo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+
--- a/sample-build/02-task-build.yaml
+++ b/sample-build/02-task-build.yaml
@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: build-image
+  namespace: tekton-demo
+spec:
+  params:
+    - name: IMAGE
+      type: string
+      description: Image name to build
+  steps:
+    - name: build-and-push
+      image: gcr.io/kaniko-project/executor:latest
+      args:
+        - "--dockerfile=/workspace/source/Dockerfile"
+        - "--context=/workspace/source/"
+        - "--destination=$(params.IMAGE)"
+      volumeMounts:
+        - name: docker-config
+          mountPath: /kaniko/.docker
+  workspaces:
+    - name: source
+  volumes:
+    - name: docker-config
+      secret:
+        secretName: harbor-dockerconfig
+
--- a/sample-build/03-secret-dockerconfig.yaml.sample
+++ b/sample-build/03-secret-dockerconfig.yaml.sample
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-dockerconfig
+  namespace: tekton-demo
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {base64}   # harbor 로그인 정보
+
+# cat config.json | base64 -w 0
--- a/sample-build/04-task-build.yaml
+++ b/sample-build/04-task-build.yaml
@ -0,0 +1,39 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: build-image
+  namespace: tekton-demo
+spec:
+  params:
+    - name: IMAGE
+      type: string
+      description: Image name to build
+    - name: GIT_URL
+      type: string
+    - name: GIT_REVISION
+      type: string
+      default: main
+  steps:
+    - name: clone
+      image: alpine/git
+      script: |
+        #!/bin/sh
+        git clone $(params.GIT_URL) /workspace/source
+        cd /workspace/source
+        git checkout $(params.GIT_REVISION)
+    - name: build-and-push
+      image: gcr.io/kaniko-project/executor:latest
+      args:
+        - "--dockerfile=/workspace/source/Dockerfile"
+        - "--context=/workspace/source/"
+        - "--destination=$(params.IMAGE)"
+      volumeMounts:
+        - name: docker-config
+          mountPath: /kaniko/.docker
+  workspaces:
+    - name: source
+  volumes:
+    - name: docker-config
+      secret:
+        secretName: harbor-dockerconfig
+
--- a/sample-build/05-pipeline-build.yaml
+++ b/sample-build/05-pipeline-build.yaml
@ -1,24 +1,31 @@
-# pipeline-build.yaml
-apiVersion: tekton.dev/v1
+apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
-  name: nginx-build-pipeline
+  name: pipeline-build
  namespace: tekton-demo
 spec:
  params:
-    - name: GIT_URL
-    - name: GIT_REVISION
-      default: "main"
    - name: IMAGE
+      type: string
+    - name: GIT_URL
+      type: string
+    - name: GIT_REVISION
+      type: string
+      default: main
+  workspaces:
+    - name: shared-data
  tasks:
    - name: build
      taskRef:
-        name: build-and-push
+        name: build-image
      params:
+        - name: IMAGE
+          value: $(params.IMAGE)
        - name: GIT_URL
          value: $(params.GIT_URL)
        - name: GIT_REVISION
          value: $(params.GIT_REVISION)
-        - name: IMAGE
-          value: $(params.IMAGE)
+      workspaces:
+        - name: source
+          workspace: shared-data

--- a/sample-build/06-trigger-binding.yaml
+++ b/sample-build/06-trigger-binding.yaml
@ -0,0 +1,12 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerBinding
+metadata:
+  name: gitea-trigger-binding
+  namespace: tekton-demo
+spec:
+  params:
+    - name: git-url
+      value: $(body.repository.clone_url)
+    - name: git-revision
+      value: $(body.ref)
+
--- a/sample-build/07-trigger-template.yaml
+++ b/sample-build/07-trigger-template.yaml
@ -0,0 +1,36 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: TriggerTemplate
+metadata:
+  name: gitea-trigger-template
+  namespace: tekton-demo
+spec:
+  params:
+    - name: git-url
+    - name: git-revision
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1beta1
+      kind: PipelineRun
+      metadata:
+        generateName: build-run-
+      spec:
+        serviceAccountName: tekton-build-sa
+        pipelineRef:
+          name: pipeline-build
+        params:
+          - name: IMAGE
+            value: harbor.icurfer.com/open/tekton-demo:latest
+          - name: GIT_URL
+            value: $(params.git-url)
+          - name: GIT_REVISION
+            value: $(params.git-revision)
+        workspaces:
+          - name: shared-data
+            volumeClaimTemplate:
+              metadata:
+                name: source-pvc
+              spec:
+                accessModes: ["ReadWriteOnce"]
+                resources:
+                  requests:
+                    storage: 1Gi
+
--- a/sample-build/08-event-listener.yaml
+++ b/sample-build/08-event-listener.yaml
@ -0,0 +1,14 @@
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: gitea-event-listener
+  namespace: tekton-demo
+spec:
+  serviceAccountName: tekton-build-sa
+  triggers:
+    - name: gitea-trigger
+      bindings:
+        - ref: gitea-trigger-binding
+      template:
+        ref: gitea-trigger-template
+
--- a/sample-build/09.ing-proxy.yaml
+++ b/sample-build/09.ing-proxy.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: el-tekton-demo-proxy
+  namespace: tekton-pipelines
+spec:
+  type: ExternalName
+  externalName: el-gitea-event-listener.tekton-demo.svc.cluster.local
+  ports:
+  - port: 8080
+    targetPort: 8080
+    protocol: TCP