diff --git a/sources/tech/20211119 Dynamic scheduling of Tekton workloads using Triggers.md b/sources/tech/20211119 Dynamic scheduling of Tekton workloads using Triggers.md new file mode 100644 index 0000000000..1809366d53 --- /dev/null +++ b/sources/tech/20211119 Dynamic scheduling of Tekton workloads using Triggers.md @@ -0,0 +1,367 @@ +[#]: subject: "Dynamic scheduling of Tekton workloads using Triggers" +[#]: via: "https://opensource.com/article/21/11/kubernetes-dynamic-scheduling-tekton" +[#]: author: "Savita Ashture https://opensource.com/users/savita-ashture" +[#]: collector: "lujun9972" +[#]: translator: " " +[#]: reviewer: " " +[#]: publisher: " " +[#]: url: " " + +Dynamic scheduling of Tekton workloads using Triggers +====== +Upgrade your CI/CD pipeline with this Kubernetes-native application. +![Parts, modules, containers for software][1] + +[Tekton][2] is a Kubernetes-native continuous integration and delivery (CI/CD) framework. It allows you to create containerized, composable, and configurable workloads declaratively through Kubernetes Custom Resource Definitions (CRD). + +[Tekton Triggers][3] is a Tekton component that allows you to detect and extract information from events from various sources and execute [TaskRuns][4] and [PipelineRuns][5] based on that information. It also enables passing extracted information to TaskRuns and PipelineRuns from events. + +This article demonstrates how Tekton Triggers integrates with external services, such as a Git repository, using GitLab as an example. + +### Prerequisites + +If you want to follow the steps in this article, you must have a Kubernetes cluster running Kubernetes 1.18 or above with an ingress controller installed that can give you an external IP. You must also have [Tekton Pipelines][6] and [Tekton Triggers][7] installed. + +### Triggers flow + +A Trigger works because Tekton, using a special pod called an EventListener, is able to monitor your cluster for a specific event. To pick up on relevant events, you can use a ClusterInterceptor. When an event occurs that you have identified as significant, the Tekton Trigger starts an action or workflow you have defined. + +![A flow chart showing the interactions among EventListener, Trigger, and ClusterInterceptor.][8] + +Credits: + +Tekton Trigger allows you to create a special resource called an EventListener, which is a Kubernetes service that listens for incoming HTTP requests from different sources, usually a Git repository, including those hosted on GitLab, GitHub, and others. Based on those events, the EventListener pod performs actions and creates Tekton resources, such as TaskRun or PipelineRun. + +All Triggers resource definitions are created in YAML, the configuration format most commonly used in Kubernetes. However, before writing YAML files to define a Trigger, it's important to understand Tekton Triggers terminology. + +#### EventListener + +An [EventListener][9] is a Kubernetes service that listens for incoming HTTP requests and executes a Trigger. For example, after receiving a specific incoming request, this definition executes the `gitlab-listener-trigger` Trigger: + + +``` + + +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: gitlab-event-listener +spec: + serviceAccountName: gitlab-listener-sa + triggers: +   - triggerRef: gitlab-listener-trigger + resources: +   kubernetesResource: +     serviceType: NodePort + +``` + +#### Trigger + +A [Trigger][10] decides what to do with a received event. It also sets a TriggerBinding, TriggerTemplate, and optional interceptors to run. Triggers make use of interceptors to validate or modify incoming requests before proceeding. + + +``` + + +apiVersion: triggers.tekton.dev/v1beta1 +kind: Trigger +metadata: + name: gitlab-listener-trigger +spec: + interceptors: +   - name: "verify-gitlab-payload" +     ref: +       name: "gitlab" +       kind: ClusterInterceptor +     params: +       - name: secretRef +         value: +           secretName: "gitlab-secret" +           secretKey: "secretToken" +       - name: eventTypes +         value: +          - "Push Hook" + bindings: +   - ref: binding + template: +   ref: template + +``` + +#### Interceptor + +An [interceptor][11] is an event processor that runs before the TriggerBinding. It also performs payload filtering, verification (using a secret), and transformation; defines and tests trigger conditions; and implements other useful processing. + +By default, four core interceptors are installed when installing Triggers: GitHub, GitLab, Bitbucket, and CEL. The installation also includes one Webhook interceptor for implementing custom business logic. + +##### GitLab interceptors + +GitLab interceptors help to validate and filter GitLab webhooks and filter incoming events by event type. The GitLab interceptor requires a secret token. This token is set when creating the webhook in GitLab and is validated by the GitLab interceptor when the request arrives. + + +``` + + +apiVersion: v1 +kind: Secret +metadata: + name: gitlab-secret +type: Opaque +stringData: + secretToken: "1234567" + +``` + +#### TriggerBinding + +After validating and modifying the incoming request, you need to extract values from the request and bind them to variables that you can later use in a TriggerTemplate to pass our Pipeline. + +For our example, you just need a URL and a revision. + + +``` + + +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: binding +spec: + params: +   - name: gitrevision +     value: $(body.checkout_sha) +   - name: gitrepositoryurl +     value: $(body.repository.git_http_url) + +``` + +#### TriggerTemplate + +The [TriggerTemplate][12] is a blueprint that instantiates `TaskRun` or `PipelineRun` when EventListener detects an event. + + +``` + + +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: template +spec: + params: +   - name: gitrevision +   - name: gitrepositoryurl + resourcetemplates: +   - apiVersion: tekton.dev/v1alpha1 +     kind: TaskRun +     metadata: +       generateName: gitlab-run- +     spec: +       taskSpec: +         inputs: +           resources: +             - name: source +               type: git +         steps: +           - image: ubuntu +             script: | +              #! /bin/bash +               ls -al $(inputs.resources.source.path) +       inputs: +         resources: +           - name: source +             resourceSpec: +               type: git +               params: +                 - name: revision +                   value: $(tt.params.gitrevision) +                 - name: url +                   value: $(tt.params.gitrepositoryurl) + +``` + +Note that the pipeline resources module is, at the time of writing, being deprecated and will be replaced by [git-clone][13] tasks, from [tektoncd/catalog][14]. + +### Dynamically schedule workloads by configuring a webhook + +First, create a new namespace, `demo`: + + +``` +`$ kubectl create ns demo` +``` + +Next, before applying the Triggers resource, configure the required role-based access control (RBAC): + + +``` + + +$ kubectl -n demo apply -f \ +"" + +``` + +Note: RBAC configurations vary depending on the permissions. + +Apply Triggers resources: + + +``` + + +$ kubectl -n demo apply -f \ +"" + +``` + +After applying, verify the successful creation of the EventListener object and pod: + +EL object READY status should be **True. ** + + +``` + + +$ kubectl get el -n demo +NAME                    ADDRESS                                                     AVAILABLE REASON              READY             REASON                                                                                                             +gitlab-event-listener     True                 MinimumReplicasAvailable   True + +``` + +EL Pod status should be **Running.** + + +``` + + +$ kubectl get pods -n demo +NAME                                       READY          STATUS    RESTARTS              AGE +el-gitlab-event-listener-fb77ff8f7-p5wnv   1/1            Running   0                     4m22s + +``` + +Create ingress to get the external IP to configure in the GitLab webhook: + + +``` + + +$ kubectl -n demo apply -f \ +"" + +``` + +Get the ingress IP: + + +``` + + +$ kubectl get ingress triggers-ingress-resource -n demo + +NAME               CLASS    HOSTS     ADDRESS                             PORTS   AGE +ingress-resource   <none>   *         <address>                            80      6s + +``` + +Configure a webhook in GitLab. In your GitLab repository, go to **Settings -> Webhooks**. + +Then set the below fields: + + * URL: external IP Address from the Ingress with `/` path + * Secret token: 1234567, which should match the secret value created above from `triggers-resource.yaml` file + + + +Choose event type from the Trigger section, then just select **Push events,** uncheck **Enable SSL verification**, and click on **Add webhook.** + +![screenshot of GitLab Webhooks configurations][15] + +Savita Ashture, [CC BY-SA 4.0][16] + +#### Testing GitLab events by pushing PR + +Clone your own GitLab repository, make changes, and push. For example: + + +``` + + +$ git clone +$ cd gitlabtest-triggers +               $ git commit -m "empty-commit" --allow-empty && git push origin main +[main 934ecba] empty-commit +Username for '': savitaashture +Password for '': +warning: redirecting to +Enumerating objects: 1, done. +Counting objects: 100% (1/1), done. +Writing objects: 100% (1/1), 183 bytes | 183.00 KiB/s, done. +Total 1 (delta 0), reused 0 (delta 0) +To +   ff1d11e..934ecba  main -> main + +``` + +Events will be generated and sent to the EventListener pod. You can verify this by doing: + + +``` + + +kubectl get pods -n demo +kubectl logs -f <pod_name> -n demo + +``` + +Verify successful delivery of events by doing a `get` operation for `TaskRun`. + + +``` + + +$ kubectl  -n demo get taskruns | grep gitlab-run- + +gitlab-run-hvtll   True        Succeeded   95s         87s + +``` + +Clean all resources created by Triggers by removing namespace `demo`: + +`$ kubectl delete ns demo` + +### Conclusion + +Tekton Triggers is one of the most useful modules that help schedule workloads dynamically in response to a user-defined set of events. Because of this module, my team was able to achieve end-to-end CI/CD. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/21/11/kubernetes-dynamic-scheduling-tekton + +作者:[Savita Ashture][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/savita-ashture +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/containers_modules_networking_hardware_parts.png?itok=rPpVj92- (Parts, modules, containers for software) +[2]: https://opensource.com/article/21/11/cicd-pipeline-kubernetes-tekton +[3]: https://github.com/tektoncd/triggers +[4]: https://github.com/tektoncd/pipeline/blob/master/docs/taskruns.md +[5]: https://github.com/tektoncd/pipeline/blob/master/docs/pipelineruns.md +[6]: https://github.com/tektoncd/pipeline/blob/main/docs/install.md#installing-tekton-pipelines-on-kubernetes +[7]: https://github.com/tektoncd/triggers/blob/main/docs/install.md#installing-tekton-triggers-on-your-cluster +[8]: https://opensource.com/sites/default/files/uploads/tekton_event_chart.png (Trigger flow) +[9]: https://github.com/tektoncd/triggers/blob/main/docs/eventlisteners.md +[10]: https://github.com/tektoncd/triggers/blob/main/docs/triggers.md +[11]: https://github.com/tektoncd/triggers/blob/main/docs/interceptors.md +[12]: https://github.com/tektoncd/triggers/blob/main/docs/triggertemplates.md +[13]: https://github.com/tektoncd/catalog/blob/main/task/git-clone/0.4/git-clone.yaml +[14]: https://github.com/tektoncd/catalog +[15]: https://opensource.com/sites/default/files/uploads/tekton_trigger_screenshot.png (GitLab repository) +[16]: https://creativecommons.org/licenses/by-sa/4.0/