Toolbox for Tekton
Overview
A set of tools and services which simplify a process to work with Tekton.
Simple flow
- :octocat: GitHub Webhook
- โ Kube-Pipeline-Config
- ๐ Retrieve default PipelineRun config from ConfigMap
- :octocat: GitHub-Pipeline-Config
- ๐ Get
.tekton.yaml
from the repository
- โก Pipeline-Config-Trigger
- ๐ Merge and generate configs for PipelineRuns
Interceptors setup
To deploy interceptor (the same approach works for each cluster interceptor listed abouve) e.g kube-pipeline-config
k8s deployment must have the following ENV vars:
- name: SYSTEM_NAMESPACE
value: tekton-pipelines
- name: INTERCEPTER_NAME # Keep k8s service name and clusterintercepter name the same.
value: kube-pipeline-config
- name: SVC_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
k8s deployment must use https to check readiness and liveness:
readinessProbe:
httpGet:
path: /health
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8443
scheme: HTTPS
Interceptor will listens only on 8443 port HTTPS on start, an interceptor will check if the secret (the secret name has the interceptor's name) with certificates exists.
If it's missing interceptor will create one and fill it with the data. Next start and/or redeploy will check if it exists and use existing certs.
Custom resource kind: ClusterInterceptor
will be created by the interceptor and updated with caBundle
taking ca-cert.pem
from the secret.
IMPORTANT
If a cert secret was deleted, certificates will be regenerated and caBundle
will be updated accordingly. You MUST restart deploy/el-github-listener
and deploy/el-events-listener
otherwise events-listeners will with X509 SelfSign certificate
error.