Toolbox for Tekton
A set of tools and services which simplify a process to work with Tekton.
gcs-log-proxy- A proxy to load Tekton external logs from Google Cloud Storage.github-pipeline-config- Tekton Interceptor to getpipeline-configfrom GitHub.github-status-sync- Tekton Interceptor to sync Tekton status with GitHub based on Cloud Event.kube-pipeline-config- Tekton Interceptor to getpipeline-configfrom Kubernetes ConfigMap.pipeline-config-trigger- Tekton Interceptor to get a list of TektonPipelineRunfrompipeline-configand trigger them.
GitHub Webhook
- 📥 Receive payload
- ⚙️ Kube-Pipeline-Config
- 📁 Retrieve default PipelineRun config from ConfigMap
- GitHub-Pipeline-Config
- 📜 Get
.tekton.yamlfrom the repository
- 📜 Get
- ⚡ Pipeline-Config-Trigger
- 🔀 Merge and generate configs for PipelineRuns
To deploy interceptor (the same approach works for each cluster interceptor listed abouve) e.g kube-pipeline-config
k8s deployment must have the following ENV vars:
- name: SYSTEM_NAMESPACE
value: tekton-pipelines
- name: INTERCEPTER_NAME # Keep k8s service name and clusterintercepter name the same.
value: kube-pipeline-config
- name: SVC_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespacek8s deployment must use https to check readiness and liveness:
readinessProbe:
httpGet:
path: /health
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8443
scheme: HTTPSInterceptor will listens only on 8443 port HTTPS on start, an interceptor will check if the secret (the secret name has the interceptor's name) with certificates exists.
If it's missing interceptor will create one and fill it with the data. Next start and/or redeploy will check if it exists and use existing certs.
Custom resource kind: ClusterInterceptor will be created by the interceptor and updated with caBundle taking ca-cert.pem from the secret.
IMPORTANT
If a cert secret was deleted, certificates will be regenerated and caBundle will be updated accordingly. You MUST restart deploy/el-github-listener and deploy/el-events-listener otherwise events-listeners will with X509 SelfSign certificate error.