# Tekton 빌드 및 트리거 공용 ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: name: tekton-build-sa namespace: tekton-demo secrets: - name: harbor-dockerconfig # Harbor 인증용 Secret imagePullSecrets: - name: harbor-dockerconfig # Docker 인증 정보 사용 --- # Tekton 파이프라인 실행 및 리소스 접근 권한(Role) apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: tekton-build-role namespace: tekton-demo rules: - apiGroups: ["", "apps", "tekton.dev", "triggers.tekton.dev"] resources: ["pods", "pipelineruns", "tasks", "events"] verbs: ["get", "list", "watch", "create", "update", "delete"] --- # RoleBinding - 해당 네임스페이스에서 tekton-build-sa에 Role 부여 apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-build-rolebinding namespace: tekton-demo subjects: - kind: ServiceAccount name: tekton-build-sa roleRef: kind: Role name: tekton-build-role apiGroup: rbac.authorization.k8s.io --- # Tekton Triggers(ClusterScope)용 권한 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-triggers-role rules: - apiGroups: [""] resources: ["pods", "services", "endpoints", "configmaps", "secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["triggers.tekton.dev"] resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- # ClusterRoleBinding - tekton-build-sa에 Triggers ClusterRole 부여 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-triggers-clusterrolebinding subjects: - kind: ServiceAccount name: tekton-build-sa namespace: tekton-demo roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tekton-triggers-role --- # 02-task-build.yaml apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: build-docker-image namespace: tekton-demo spec: params: - name: git-url type: string - name: git-revision type: string default: "main" - name: image-url type: string steps: - name: git-clone image: alpine/git script: | #!/bin/sh set -e git clone $(params.git-url) /workspace/source cd /workspace/source git checkout $(params.git-revision) - name: build-and-push image: gcr.io/kaniko-project/executor:latest env: - name: DOCKER_CONFIG value: /tekton/home/.docker/ args: - --dockerfile=/workspace/source/Dockerfile - --context=/workspace/source - --destination=harbor.icurfer.com/open/tekton-demo:latest - --insecure --- apiVersion: v1 kind: Secret metadata: name: harbor-dockerconfig namespace: tekton-demo type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: ewoJImF1dGhzJoYXJib3IuaWN1cmZlci5jb20iOiB7CgkSIKCQl9Cgl9Cn0= # harbor 로그인 정보 --- # 05-pipeline-build.yaml apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: docker-build-pipeline namespace: tekton-demo spec: params: - name: git-url type: string - name: git-revision type: string default: "main" - name: image-url type: string tasks: - name: build taskRef: name: build-docker-image params: - name: git-url value: $(params.git-url) - name: git-revision value: $(params.git-revision) - name: image-url value: $(params.image-url) --- # 06-trigger-binding.yaml apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerBinding metadata: name: docker-build-binding namespace: tekton-demo spec: params: - name: git-url value: $(body.repository.clone_url) - name: git-revision value: $(body.ref) --- # 07-trigger-template.yaml apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerTemplate metadata: name: docker-build-template namespace: tekton-demo spec: params: - name: git-url - name: git-revision resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: generateName: docker-build-run- spec: serviceAccountName: tekton-build-sa pipelineRef: name: docker-build-pipeline params: - name: git-url value: $(tt.params.git-url) - name: git-revision value: $(tt.params.git-revision) - name: image-url value: harbor.icurfer.com/open/tekton-demo:latest --- # 08-event-listener.yaml apiVersion: triggers.tekton.dev/v1beta1 kind: EventListener metadata: name: gitea-event-listener namespace: tekton-demo spec: serviceAccountName: tekton-build-sa triggers: - name: gitea-trigger bindings: - ref: docker-build-binding # ✅ 수정 template: ref: docker-build-template # ✅ 수정