From e6c919ec2fb9bbb5e76a2ba600dc158f6b6850fe Mon Sep 17 00:00:00 2001 From: icurfer Date: Mon, 4 Aug 2025 06:26:23 +0000 Subject: [PATCH] update --- .gitignore | 1 + index.html | 12 +++- k8s/tekton/task-build.yaml | 34 ---------- k8s/tekton/trigger.yaml | 54 ---------------- sample-build/01-serviceaccount.yaml | 64 +++++++++++++++++++ sample-build/02-task-build.yaml | 27 ++++++++ .../03-secret-dockerconfig.yaml.sample | 10 +++ sample-build/04-task-build.yaml | 39 +++++++++++ .../05-pipeline-build.yaml | 25 +++++--- sample-build/06-trigger-binding.yaml | 12 ++++ sample-build/07-trigger-template.yaml | 36 +++++++++++ sample-build/08-event-listener.yaml | 14 ++++ sample-build/09.ing-proxy.yaml | 12 ++++ 13 files changed, 242 insertions(+), 98 deletions(-) create mode 100644 .gitignore delete mode 100644 k8s/tekton/task-build.yaml delete mode 100644 k8s/tekton/trigger.yaml create mode 100644 sample-build/01-serviceaccount.yaml create mode 100644 sample-build/02-task-build.yaml create mode 100644 sample-build/03-secret-dockerconfig.yaml.sample create mode 100644 sample-build/04-task-build.yaml rename k8s/tekton/pipeline-build.yaml => sample-build/05-pipeline-build.yaml (57%) create mode 100644 sample-build/06-trigger-binding.yaml create mode 100644 sample-build/07-trigger-template.yaml create mode 100644 sample-build/08-event-listener.yaml create mode 100644 sample-build/09.ing-proxy.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..84ae026 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**03-secret-dockerconfig.yaml diff --git a/index.html b/index.html index e5ec9bc..8d87e42 100644 --- a/index.html +++ b/index.html @@ -1 +1,11 @@ -

test - 01

+ + + + Tekton Demo + + +

✅ Hello Tekton CI/CD!

+

This page is built automatically using Tekton Pipeline.

+ + + diff --git a/k8s/tekton/task-build.yaml b/k8s/tekton/task-build.yaml deleted file mode 100644 index 4c6d813..0000000 --- a/k8s/tekton/task-build.yaml +++ /dev/null @@ -1,34 +0,0 @@ -#task-build.yaml -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: build-and-push - namespace: tekton-demo -spec: - params: - - name: IMAGE - type: string - description: "Target image" - - name: GIT_URL - type: string - - name: GIT_REVISION - type: string - default: "main" - steps: - - name: git-clone - image: alpine/git - script: | - #!/bin/sh - git clone $(params.GIT_URL) source - cd source - git checkout $(params.GIT_REVISION) - - - name: build-image - image: gcr.io/kaniko-project/executor:latest - args: - - "--dockerfile=source/Dockerfile" - - "--context=source/" - - "--destination=$(params.IMAGE)" - - "--insecure" - - "--skip-tls-verify" - diff --git a/k8s/tekton/trigger.yaml b/k8s/tekton/trigger.yaml deleted file mode 100644 index 0f38ad6..0000000 --- a/k8s/tekton/trigger.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# trigger.yaml -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerTemplate -metadata: - name: nginx-build-template - namespace: tekton-demo -spec: - params: - - name: git-repo-url - - name: git-revision - resourcetemplates: - - apiVersion: tekton.dev/v1 - kind: PipelineRun - metadata: - generateName: nginx-build-run- - spec: - pipelineRef: - name: nginx-build-pipeline - params: - - name: GIT_URL - value: $(tt.params.git-repo-url) - - name: GIT_REVISION - value: $(tt.params.git-revision) - - name: IMAGE - value: harbor.icurfer.com/open/nginx-demo:latest - ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: TriggerBinding -metadata: - name: nginx-build-binding - namespace: tekton-demo -spec: - params: - - name: git-repo-url - value: $(body.repository.clone_url) - - name: git-revision - value: $(body.ref) - ---- -apiVersion: triggers.tekton.dev/v1beta1 -kind: EventListener -metadata: - name: nginx-build-listener - namespace: tekton-demo -spec: - serviceAccountName: tekton-triggers-sa - triggers: - - name: nginx-build-trigger - bindings: - - ref: nginx-build-binding - template: - ref: nginx-build-template - diff --git a/sample-build/01-serviceaccount.yaml b/sample-build/01-serviceaccount.yaml new file mode 100644 index 0000000..d4d0fd2 --- /dev/null +++ b/sample-build/01-serviceaccount.yaml @@ -0,0 +1,64 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-sa + namespace: tekton-demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-build-role + namespace: tekton-demo +rules: + - apiGroups: ["", "apps", "tekton.dev", "triggers.tekton.dev"] + resources: ["pods", "pipelineruns", "tasks", "events"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-build-sa-binding + namespace: tekton-demo +subjects: + - kind: ServiceAccount + name: tekton-build-sa +roleRef: + kind: Role + name: tekton-build-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-build-sa + namespace: tekton-demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-role +rules: +- apiGroups: [""] # core API + resources: ["pods", "services", "endpoints", "configmaps", "secrets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["triggers.tekton.dev"] + resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-build-sa-binding +subjects: + - kind: ServiceAccount + name: tekton-build-sa + namespace: tekton-demo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + diff --git a/sample-build/02-task-build.yaml b/sample-build/02-task-build.yaml new file mode 100644 index 0000000..161bd07 --- /dev/null +++ b/sample-build/02-task-build.yaml @@ -0,0 +1,27 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: build-image + namespace: tekton-demo +spec: + params: + - name: IMAGE + type: string + description: Image name to build + steps: + - name: build-and-push + image: gcr.io/kaniko-project/executor:latest + args: + - "--dockerfile=/workspace/source/Dockerfile" + - "--context=/workspace/source/" + - "--destination=$(params.IMAGE)" + volumeMounts: + - name: docker-config + mountPath: /kaniko/.docker + workspaces: + - name: source + volumes: + - name: docker-config + secret: + secretName: harbor-dockerconfig + diff --git a/sample-build/03-secret-dockerconfig.yaml.sample b/sample-build/03-secret-dockerconfig.yaml.sample new file mode 100644 index 0000000..0ec4003 --- /dev/null +++ b/sample-build/03-secret-dockerconfig.yaml.sample @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: harbor-dockerconfig + namespace: tekton-demo +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {base64} # harbor 로그인 정보 + +# cat config.json | base64 -w 0 diff --git a/sample-build/04-task-build.yaml b/sample-build/04-task-build.yaml new file mode 100644 index 0000000..1424f22 --- /dev/null +++ b/sample-build/04-task-build.yaml @@ -0,0 +1,39 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: build-image + namespace: tekton-demo +spec: + params: + - name: IMAGE + type: string + description: Image name to build + - name: GIT_URL + type: string + - name: GIT_REVISION + type: string + default: main + steps: + - name: clone + image: alpine/git + script: | + #!/bin/sh + git clone $(params.GIT_URL) /workspace/source + cd /workspace/source + git checkout $(params.GIT_REVISION) + - name: build-and-push + image: gcr.io/kaniko-project/executor:latest + args: + - "--dockerfile=/workspace/source/Dockerfile" + - "--context=/workspace/source/" + - "--destination=$(params.IMAGE)" + volumeMounts: + - name: docker-config + mountPath: /kaniko/.docker + workspaces: + - name: source + volumes: + - name: docker-config + secret: + secretName: harbor-dockerconfig + diff --git a/k8s/tekton/pipeline-build.yaml b/sample-build/05-pipeline-build.yaml similarity index 57% rename from k8s/tekton/pipeline-build.yaml rename to sample-build/05-pipeline-build.yaml index a13d45e..7b00366 100644 --- a/k8s/tekton/pipeline-build.yaml +++ b/sample-build/05-pipeline-build.yaml @@ -1,24 +1,31 @@ -# pipeline-build.yaml -apiVersion: tekton.dev/v1 +apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: - name: nginx-build-pipeline + name: pipeline-build namespace: tekton-demo spec: params: - - name: GIT_URL - - name: GIT_REVISION - default: "main" - name: IMAGE + type: string + - name: GIT_URL + type: string + - name: GIT_REVISION + type: string + default: main + workspaces: + - name: shared-data tasks: - name: build taskRef: - name: build-and-push + name: build-image params: + - name: IMAGE + value: $(params.IMAGE) - name: GIT_URL value: $(params.GIT_URL) - name: GIT_REVISION value: $(params.GIT_REVISION) - - name: IMAGE - value: $(params.IMAGE) + workspaces: + - name: source + workspace: shared-data diff --git a/sample-build/06-trigger-binding.yaml b/sample-build/06-trigger-binding.yaml new file mode 100644 index 0000000..153148d --- /dev/null +++ b/sample-build/06-trigger-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: gitea-trigger-binding + namespace: tekton-demo +spec: + params: + - name: git-url + value: $(body.repository.clone_url) + - name: git-revision + value: $(body.ref) + diff --git a/sample-build/07-trigger-template.yaml b/sample-build/07-trigger-template.yaml new file mode 100644 index 0000000..b663e71 --- /dev/null +++ b/sample-build/07-trigger-template.yaml @@ -0,0 +1,36 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: gitea-trigger-template + namespace: tekton-demo +spec: + params: + - name: git-url + - name: git-revision + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: PipelineRun + metadata: + generateName: build-run- + spec: + serviceAccountName: tekton-build-sa + pipelineRef: + name: pipeline-build + params: + - name: IMAGE + value: harbor.icurfer.com/open/tekton-demo:latest + - name: GIT_URL + value: $(params.git-url) + - name: GIT_REVISION + value: $(params.git-revision) + workspaces: + - name: shared-data + volumeClaimTemplate: + metadata: + name: source-pvc + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + diff --git a/sample-build/08-event-listener.yaml b/sample-build/08-event-listener.yaml new file mode 100644 index 0000000..3bdd7c7 --- /dev/null +++ b/sample-build/08-event-listener.yaml @@ -0,0 +1,14 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: gitea-event-listener + namespace: tekton-demo +spec: + serviceAccountName: tekton-build-sa + triggers: + - name: gitea-trigger + bindings: + - ref: gitea-trigger-binding + template: + ref: gitea-trigger-template + diff --git a/sample-build/09.ing-proxy.yaml b/sample-build/09.ing-proxy.yaml new file mode 100644 index 0000000..d3f65c5 --- /dev/null +++ b/sample-build/09.ing-proxy.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: el-tekton-demo-proxy + namespace: tekton-pipelines +spec: + type: ExternalName + externalName: el-gitea-event-listener.tekton-demo.svc.cluster.local + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP