add gitlab tekton pipeline

Author: fmeng

tekton/local-gitlab/gitlab-deploy.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitlab
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: gitlab
+  template:
+    metadata:
+      labels:
+        run: gitlab
+    spec:
+      containers:
+      - image: gitlab/gitlab-ee
+        imagePullPolicy: IfNotPresent
+        name: gitlab
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitlab
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    run: gitlab
+  type: NodePort

tekton/local-gitlab/gitlab-pipeline.yaml

@@ -0,0 +1,160 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cncamp-gitlab-sa
+---
+apiVersion: triggers.tekton.dev/v1alpha1 
+kind: EventListener 
+metadata: 
+  name: gitlab-listener
+spec: 
+  serviceAccountName: cncamp-gitlab-sa
+  triggers: 
+  - name: gitlab-push-events-trigger 
+    interceptors: 
+    - ref: 
+        name: gitlab 
+      params: 
+      - name: secretRef
+        value: 
+          secretName: cncamp-gitlab-secret 
+          secretKey: secretToken 
+      - name: eventTypes 
+        value: 
+          - Push Hook
+    bindings: 
+    - ref: gitlab-binding 
+    template: 
+      ref: gitlab-triggertemplate
+---
+apiVersion: v1 
+kind: Secret 
+metadata: 
+  name: cncamp-gitlab-secret 
+type: Opaque 
+stringData: 
+  secretToken: '1234567' 
+--- 
+apiVersion: v1 
+kind: Secret 
+metadata: 
+  name: cncamp-gitlab-auth
+  annotations: 
+    tekton.dev/git-1: http://gitlab.default.svc.cluster.local
+type: kubernetes.io/basic-auth 
+stringData: 
+  username: root
+  password: lzKyburULL0j4qnumSNI2fZycQCMkw8Is5t6D5iy790= 
+---
+apiVersion: triggers.tekton.dev/v1alpha1 
+kind: TriggerBinding 
+metadata: 
+  name: gitlab-binding 
+spec: 
+  params: 
+    - name: gitrevision 
+      value: $(body.checkout_sha) 
+    - name: gitrepositoryurl 
+      value: http://gitlab.default.svc.cluster.local/root/test.git
+---
+apiVersion: triggers.tekton.dev/v1alpha1 
+kind: TriggerTemplate 
+metadata: 
+  name: gitlab-triggertemplate 
+spec: 
+  params:
+    - name: gitrevision 
+    - name: gitrepositoryurl 
+  resourcetemplates:
+    - apiVersion: tekton.dev/v1beta1 
+      kind: TaskRun
+      metadata: 
+        generateName: gitlab-run-
+      spec: 
+        serviceAccountName: cncamp-gitlab-sa
+        taskSpec:
+          resources: 
+            inputs:
+              - name: source 
+                type: git 
+          steps: 
+            - name: show-path 
+              image: ubuntu
+              script: | 
+                #! /bin/bash 
+                ls -la $(resources.inputs.source.path) 
+        resources:
+          inputs: 
+            - name: source
+              resourceSpec:
+                type: git 
+                params: 
+                  - name: revision 
+                    value: $(tt.params.gitrevision)
+                  - name: url 
+                    value: $(tt.params.gitrepositoryurl) 
+---
+apiVersion: v1 
+kind: ServiceAccount 
+metadata: 
+  name: cncamp-gitlab-sa
+secrets: 
+  - name: cncamp-gitlab-secret
+  - name: cncamp-gitlab-auth
+--- 
+apiVersion: rbac.authorization.k8s.io/v1 
+kind: Role 
+metadata: 
+  name: tekton-triggers-gitlab-minimal 
+rules: 
+  - apiGroups: ['triggers.tekton.dev'] 
+    resources: 
+      ['eventlisteners', 'triggerbindings', 'triggertemplates', 'triggers'] 
+    verbs: ['get', 'list', 'watch'] 
+  - apiGroups: [''] 
+    resources: ['configmaps'] 
+    verbs: ['get', 'list', 'watch'] 
+  - apiGroups: ['tekton.dev'] 
+    resources: ['pipelineruns', 'pipelineresources', 'taskruns'] 
+    verbs: ['create'] 
+  - apiGroups: [''] 
+    resources: ['serviceaccounts'] 
+    verbs: ['impersonate'] 
+  - apiGroups: ['policy'] 
+    resources: ['podsecuritypolicies'] 
+    resourceNames: ['tekton-triggers'] 
+    verbs: ['use'] 
+--- 
+apiVersion: rbac.authorization.k8s.io/v1 
+kind: RoleBinding 
+metadata: 
+  name: tekton-triggers-gitlab-binding 
+subjects: 
+  - kind: ServiceAccount 
+    name: cncamp-gitlab-sa 
+roleRef: 
+  apiGroup: rbac.authorization.k8s.io 
+  kind: Role 
+  name: tekton-triggers-gitlab-minimal 
+--- 
+kind: ClusterRole 
+apiVersion: rbac.authorization.k8s.io/v1 
+metadata: 
+  name: tekton-triggers-gitlab-clusterrole 
+rules: 
+  - apiGroups: ['triggers.tekton.dev'] 
+    resources: ['clustertriggerbindings', 'clusterinterceptors'] 
+    verbs: ['get', 'list', 'watch'] 
+--- 
+apiVersion: rbac.authorization.k8s.io/v1 
+kind: ClusterRoleBinding 
+metadata: 
+  name: tekton-triggers-gitlab-clusterbinding 
+subjects: 
+  - kind: ServiceAccount 
+    name: cncamp-gitlab-sa 
+    namespace: default 
+roleRef: 
+  apiGroup: rbac.authorization.k8s.io 
+  kind: ClusterRole 
+  name: tekton-triggers-gitlab-clusterrole 

tekton/local-gitlab/gitlab.md

@@ -0,0 +1,29 @@
+## create tekton gitlab pipeline
+kubectl apply -f gitlab-pipeline.yaml
+
+## create gitlab deploy
+kubectl create -f gitlab-deploy.yaml
+
+## config gitlab
+### get root password
+kubectl get po -l run=gitlab
+kubectl exec -it <podname> grep 'Password:' /etc/gitlab/initial_root_password
+### access gitlab portal, and register a user cncamp
+kubectl get svc gitlab, check nodeport and access the portal via
+http://192.168.34.2:<nodeport>
+### login to gitlab with credential 
+root/<password>
+### change admin setting via 
+http://192.168.34.2:30370/admin/application_settings/network
+or browse menu->admin area->network->outbound request
+check `Allow requests to the local network from web hooks and services`
+### create a new project
+create a new project named test
+### create webhook
+go http://192.168.34.2:30370/root/test
+browse settings->webhook
+enter http://el-gitlab-listener:8080, and click add webhook
+### test webhook
+Test->Push Event
+kubectl get po, you show see the taskrun pod
+kubectl logs --all-containers -f <podname>