Continuous Integration (CI) is a cornerstone of modern software development, ensuring that code changes are tested and integrated into the main codebase frequently and reliably. Tekton Triggers, coupled with GitHub integration, offers a powerful solution for automating CI workflows in Kubernetes environments. In this tutorial, we'll walk through the process of setting up Tekton Triggers with GitHub integration, enabling seamless automation of CI tasks in response to GitHub events. Let's dive in to the tutorial.
Prerequisites
Before you begin, ensure that you have the following:
A Kubernetes cluster with Tekton installed
Kubectl
Tekton Pipelines
A GitHub account
Install Triggers
Now that we have the prerequisites in place, let's install Tekton Triggers. To do this, we'll use the following command:
1 2 3 4 5 6 7
## Install the triggers kubectl apply --filename \ https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
## Install the interceptors kubectl apply --filename \ https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
This command installs the Tekton Triggers and Interceptors, which are essential for setting up the CI workflow. Once the installation is complete, we can proceed to the next step. Now you can monitor the installation by running the following command:
1
kubectl get pods --namespace tekton-pipelines --watch
Set up RBAC
Event Listeners need a proper Kubernetes Service Account for role access control (RBAC), so the first step is creating the RBAC objects. You can create Service Account, Role, RoleBinding, ClusterRole and ClusterRoleBinding using the following YAML:
apiVersion:v1 kind:ServiceAccount metadata: name:tekton-triggers-sa --- apiVersion:rbac.authorization.k8s.io/v1 kind:Role metadata: name:tekton-triggers-example-minimal rules: # EventListeners need to be able to fetch all namespaced resources -apiGroups:["triggers.tekton.dev"] resources:["eventlisteners","triggerbindings","triggertemplates","triggers","interceptors"] verbs:["get","list","watch"] -apiGroups:[""] # configmaps is needed for updating logging config resources:["configmaps"] verbs:["get","list","watch"] # Permissions to create resources in associated TriggerTemplates -apiGroups:["tekton.dev"] resources:["pipelineruns","pipelineresources","taskruns"] verbs:["create"] -apiGroups:[""] resources:["serviceaccounts"] verbs:["impersonate"] -apiGroups:["policy"] resources:["podsecuritypolicies"] resourceNames:["tekton-triggers"] verbs:["use"] --- apiVersion:rbac.authorization.k8s.io/v1 kind:RoleBinding metadata: name:tekton-triggers-example-binding subjects: -kind:ServiceAccount name:tekton-triggers-sa roleRef: apiGroup:rbac.authorization.k8s.io kind:Role name:tekton-triggers-example-minimal --- kind:ClusterRole apiVersion:rbac.authorization.k8s.io/v1 metadata: name:tekton-triggers-example-clusterrole rules: # EventListeners need to be able to fetch any clustertriggerbindings -apiGroups:["triggers.tekton.dev"] resources:["clustertriggerbindings","clusterinterceptors"] verbs:["get","list","watch"] --- apiVersion:rbac.authorization.k8s.io/v1 kind:ClusterRoleBinding metadata: name:tekton-triggers-example-clusterbinding subjects: -kind:ServiceAccount name:tekton-triggers-sa namespace:default roleRef: apiGroup:rbac.authorization.k8s.io kind:ClusterRole name:tekton-triggers-example-clusterrole
The RBAC yaml can be found here. Once you have created the RBAC objects, you can proceed to the next step.
Create an Event Listener
The next step is to create an Event Listener, which will listen for GitHub events and trigger the CI workflow. You can create an Event Listener using the following YAML:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
apiVersion:triggers.tekton.dev/v1beta1 kind:EventListener metadata: name:github-listener annotations: tekton.dev/payload-validation:"false" tekton.dev/disable-ssl-verify:"true" spec: serviceAccountName:tekton-triggers-sa# This is referring to the Service Account created in the previous step triggers: -name:github-listener bindings: -ref:github-binding# TriggerBinding metada.name we are going to create in the next step template: ref:github-template# TriggerTemplate metadata.name we are going to create in the next step
Create a Trigger Binding
The next step is to create a Trigger Binding, which will define the parameters for the GitHub event. You can create a Trigger Binding using the following YAML:
In here we are using the head_commit.id as the gitrevision parameter. You can use any other parameter as per your requirement.
Create a Trigger Template
The next step is to create a Trigger Template, which will define the CI workflow to be triggered by the GitHub event. You can create a Trigger Template using the following YAML:
TriggerTemplate is similar to PipelineRun, except that the latter is triggered manually as we’ve seen in the previous posts. Then, the TriggerTemplate “sends” the needed params to the PipelineRef, along with the definition of Workspace volume claim templates.
Exposing the Event Listener
Now we need to expose the Event Listener to the outside world so that GitHub can send events to it. But before it you can check the Event Listener by running the following command:
1 2 3 4 5
kubectl get el
or
tkn el list
To expose the Event Listener, we can use the kubectl port-forward command to forward traffic from a local port to the Event Listener’s service port. You can do this using the following command:
Great, our host is receiving in the port 8080 (localhost:8080), but how do we tunnel Github to our port using some service in the cloud? We can use a service like ngrok to expose our local port to the internet. You can download and install ngrok from here. Once you have ngrok installed, you can expose your local port to the internet using the following command:
1
ngrok http http://localhost:8080
Now you can see the public URL that ngrok has generated for you. You can use this URL to configure the GitHub webhook.
Configure the GitHub Webhook
In the repository settings, go to Webhooks and then you need to fillout the following details:
Payload URL: The public URL generated by ngrok
Content type: application/json
Secret: Leave it empty
Which events would you like to trigger this webhook?: Just the push event
Conclusion
In this tutorial, we've walked through the process of setting up Tekton Triggers with GitHub integration, enabling seamless automation of CI tasks in response to GitHub events. We've installed Tekton Triggers, set up RBAC, created an Event Listener, Trigger Binding, and Trigger Template, and exposed the Event Listener to the outside world. We've also configured the GitHub webhook to send events to the Event Listener. With this setup in place, we can now automate CI workflows in response to GitHub events, ensuring that code changes are tested and integrated into the main codebase frequently and reliably.
You can find the all the related scripts and code for this tutorial from here. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail.
