From 315196d1552a14ee06ad0eb094e37219f562893c Mon Sep 17 00:00:00 2001 From: Khurram Baig Date: Mon, 14 Nov 2022 23:03:58 +0530 Subject: [PATCH] Add Example for NamespacedInterceptor Example utilizes Core Interceptor from v0.19 Triggers. --- .../namespacedinterceptor/eventlistener.yaml | 37 ++++ .../interceptors-deployment.yaml | 160 ++++++++++++++++++ .../namespacedinterceptor/interceptors.yaml | 25 +++ .../v1alpha1/namespacedinterceptor/rbac.yaml | 29 ++++ 4 files changed, 251 insertions(+) create mode 100644 examples/v1alpha1/namespacedinterceptor/eventlistener.yaml create mode 100644 examples/v1alpha1/namespacedinterceptor/interceptors-deployment.yaml create mode 100644 examples/v1alpha1/namespacedinterceptor/interceptors.yaml create mode 100644 examples/v1alpha1/namespacedinterceptor/rbac.yaml diff --git a/examples/v1alpha1/namespacedinterceptor/eventlistener.yaml b/examples/v1alpha1/namespacedinterceptor/eventlistener.yaml new file mode 100644 index 0000000000..e57975fe4d --- /dev/null +++ b/examples/v1alpha1/namespacedinterceptor/eventlistener.yaml @@ -0,0 +1,37 @@ +apiVersion: triggers.tekton.dev/v1alpha1 +kind: EventListener +metadata: + name: example-interceptor-cel +spec: + serviceAccountName: tekton-triggers-example-sa + triggers: + - name: cel-trig + interceptors: + - ref: + name: "example-interceptor-cel" + kind: NamespacedInterceptor + params: + - name: "filter" + value: "header.match('X-GitHub-Event', 'pull_request')" + bindings: + - name: gitrevision + value: $(body.head_commit.id) + - name: gitrepositoryurl + value: $(body.repository.url) + template: + spec: + params: + - name: gitrevision + - name: gitrepositoryurl + resourcetemplates: + - apiVersion: tekton.dev/v1beta1 + kind: TaskRun + metadata: + generateName: gitlab-run- + spec: + taskSpec: + steps: + - image: ubuntu + script: | + #! /bin/bash + echo "Revision is : $(tt.params.gitrevision). RepoURL is $(tt.params.gitrepositoryurl)" diff --git a/examples/v1alpha1/namespacedinterceptor/interceptors-deployment.yaml b/examples/v1alpha1/namespacedinterceptor/interceptors-deployment.yaml new file mode 100644 index 0000000000..d870ce470a --- /dev/null +++ b/examples/v1alpha1/namespacedinterceptor/interceptors-deployment.yaml @@ -0,0 +1,160 @@ +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: example-interceptor-cel +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: example-interceptor-cel +subjects: + - kind: ServiceAccount + name: example-interceptor-cel + namespace: default +roleRef: + kind: ClusterRole + name: example-interceptor-cel + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: example-interceptor-cel-secrets +subjects: + - kind: ServiceAccount + name: example-interceptor-cel + namespace: default +roleRef: + kind: ClusterRole + name: example-interceptor-cel-secrets + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: example-interceptor-cel + namespace: default +subjects: + - kind: ServiceAccount + name: example-interceptor-cel + namespace: default +roleRef: + kind: Role + name: example-interceptor-cel + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: example-interceptor-cel + namespace: default +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: example-interceptor-cel +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: example-interceptor-cel-secrets +rules: + - apiGroups: ["triggers.tekton.dev"] + resources: ["clusterinterceptors"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update"] + resourceNames: ["example-interceptor-cel-certs"] +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: example-interceptor-cel + name: example-interceptor-cel +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: example-interceptor-cel + template: + metadata: + labels: + app.kubernetes.io/component: example-interceptor-cel + spec: + containers: + - args: + - -logtostderr + - -stderrthreshold + - INFO + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.19.0@sha256:69fb65c702c74d086851b4c9852bd63b057b08fa5f8d54ddd1c0585e5f66dec1" + imagePullPolicy: IfNotPresent + name: example-interceptor-cel + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: 8082 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccount: example-interceptor-cel + serviceAccountName: example-interceptor-cel + terminationGracePeriodSeconds: 30 +--- +apiVersion: v1 +kind: Service +metadata: + name: example-interceptor-cel +spec: + ports: + - name: "http" + port: 8082 + targetPort: 8082 + selector: + app.kubernetes.io/component: example-interceptor-cel diff --git a/examples/v1alpha1/namespacedinterceptor/interceptors.yaml b/examples/v1alpha1/namespacedinterceptor/interceptors.yaml new file mode 100644 index 0000000000..72fcfb0a9e --- /dev/null +++ b/examples/v1alpha1/namespacedinterceptor/interceptors.yaml @@ -0,0 +1,25 @@ +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: triggers.tekton.dev/v1alpha1 +kind: Interceptor +metadata: + name: example-interceptor-cel +spec: + clientConfig: + service: + name: example-interceptor-cel + namespace: default + path: cel + port: 8082 diff --git a/examples/v1alpha1/namespacedinterceptor/rbac.yaml b/examples/v1alpha1/namespacedinterceptor/rbac.yaml new file mode 100644 index 0000000000..7e441ecc12 --- /dev/null +++ b/examples/v1alpha1/namespacedinterceptor/rbac.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-example-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: triggers-example-eventlistener-binding +subjects: +- kind: ServiceAccount + name: tekton-triggers-example-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-triggers-eventlistener-roles +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: triggers-example-eventlistener-clusterbinding +subjects: +- kind: ServiceAccount + name: tekton-triggers-example-sa + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-triggers-eventlistener-clusterroles