Argo Events source github

July 13, 2021

创建一个github token

也可以使用配置文件，不过注意 token值是 base64编码之后的

apiVersion: v1
data:
  token: xxxxxxxxxxxxxxxxxxxxxx
kind: Secret
metadata:
  annotations:
    lifecycle.cattle.io/create.secretsController_local: "true"
    secret.user.cattle.io/secret: "true"
  name: github-access
  namespace: default
type: Opaque

创建Event source

# Info on GitHub Webhook: https://developer.github.com/v3/repos/hooks/#create-a-hook
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
  name: github
  namespace: argo
spec:
  service:
    ports:
      - port: 12000
        targetPort: 12000
  github:
    example:
      repositories:
        - owner: zl86790
          names:
            - argogithubsource
      # Github will send events to following port and endpoint
      webhook:
        # endpoint to listen to events on
        endpoint: /push
        # port to run internal HTTP server on
        port: "30001"
        # HTTP request method to allow. In this case, only POST requests are accepted
        method: POST
        # url the event-source will use to register at Github.
        # This url must be reachable from outside the cluster.
        # The name for the service is in `<event-source-name>-eventsource-svc` format.
        # You will need to create an Ingress or Openshift Route for the event-source service so that it can be reached from GitHub.
        url: http://YOURIPADDRESS
      # type of events to listen to.
      # following listens to everything, hence *
      # You can find more info on https://developer.github.com/v3/activity/events/types/
      events:
        - "*"

      # apiToken refers to K8s secret that stores the github api token
      # if apiToken is provided controller will create webhook on GitHub repo
      # +optional
      apiToken:
        # Name of the K8s secret that contains the access token
        name: github-access
        # Key within the K8s secret whose corresponding value (must be base64 encoded) is access token
        key: token

#      # webhookSecret refers to K8s secret that stores the github hook secret
#      # +optional
#      webhookSecret:
#        # Name of the K8s secret that contains the hook secret
#        name: github-access
#        # Key within the K8s secret whose corresponding value (must be base64 encoded) is hook secret
#        key: secret

      # type of the connection between event-source and Github.
      # You should set it to false to avoid man-in-the-middle and other attacks.
      insecure: true
      # Determines if notifications are sent when the webhook is triggered
      active: true
      # The media type used to serialize the payloads
      contentType: json
      
    example-without-api-credentials:
      owner: "argoproj"
      repository: "argo"
      webhook:
        endpoint: "/push"
        port: "13000"
        method: "POST"
      events:
        - "*"
      webhookSecret:
        name: github-access
        key: secret
      insecure: true
      active: true
      contentType: "json"

#    example-with-secure-connection:
#      owner: "argoproj"
#      repository: "argo"
#      webhook:
#        endpoint: "/push"
#        port: "13000"
#        method: "POST"
#        url: "http://myargofakeurl.fake"
#        # k8s secret that contains the cert
#        serverCertSecret:
#          name: my-secret
#          key: cert-key
#        # k8s secret that contains the private key
#        serverKeySecret:
#          name: my-secret
#          key: pk-key
#      events:
#        - "push"
#        - "delete"
#      apiToken:
#        name: github-access
#        key: token
#      webhookSecret:
#        name: github-access
#        key: secret
#      insecure: true
#      active: true
#      contentType: "json"

apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: argo
  name: operate-workflow-sa
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: operate-workflow-role
  namespace: argo
rules:
  - apiGroups:
      - argoproj.io
    verbs:
      - "*"
    resources:
      - workflows
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: operate-workflow-role-binding
  namespace: argo
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: operate-workflow-role
subjects:
  - kind: ServiceAccount
    name: operate-workflow-sa
    namespace: argo

sensor

# Info on GitHub Webhook: https://developer.github.com/v3/repos/hooks/#create-a-hook
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
  name: github
  namespace: argo
spec:
  service:
    ports:
      - port: 12000
        targetPort: 12000
  github:
    example:
      repositories:
        - owner: zl86790
          names:
            - argogithubsource
      # Github will send events to following port and endpoint
      webhook:
        # endpoint to listen to events on
        endpoint: /push
        # port to run internal HTTP server on
        port: "12000"
        # HTTP request method to allow. In this case, only POST requests are accepted
        method: POST
        # url the event-source will use to register at Github.
        # This url must be reachable from outside the cluster.
        # The name for the service is in `<event-source-name>-eventsource-svc` format.
        # You will need to create an Ingress or Openshift Route for the event-source service so that it can be reached from GitHub.
        url: http://13.115.24.93:30001
      # type of events to listen to.
      # following listens to everything, hence *
      # You can find more info on https://developer.github.com/v3/activity/events/types/
      events:
        - "*"

      # apiToken refers to K8s secret that stores the github api token
      # if apiToken is provided controller will create webhook on GitHub repo
      # +optional
      apiToken:
        # Name of the K8s secret that contains the access token
        name: github-access
        # Key within the K8s secret whose corresponding value (must be base64 encoded) is access token
        key: token

#      # webhookSecret refers to K8s secret that stores the github hook secret
#      # +optional
#      webhookSecret:
#        # Name of the K8s secret that contains the hook secret
#        name: github-access
#        # Key within the K8s secret whose corresponding value (must be base64 encoded) is hook secret
#        key: secret

      # type of the connection between event-source and Github.
      # You should set it to false to avoid man-in-the-middle and other attacks.
      insecure: true
      # Determines if notifications are sent when the webhook is triggered
      active: true
      # The media type used to serialize the payloads
      contentType: json
      
    example-without-api-credentials:
      owner: "argoproj"
      repository: "argo"
      webhook:
        endpoint: "/push"
        port: "13000"
        method: "POST"
      events:
        - "*"
      webhookSecret:
        name: github-access
        key: secret
      insecure: true
      active: true
      contentType: "json"

#    example-with-secure-connection:
#      owner: "argoproj"
#      repository: "argo"
#      webhook:
#        endpoint: "/push"
#        port: "13000"
#        method: "POST"
#        url: "http://myargofakeurl.fake"
#        # k8s secret that contains the cert
#        serverCertSecret:
#          name: my-secret
#          key: cert-key
#        # k8s secret that contains the private key
#        serverKeySecret:
#          name: my-secret
#          key: pk-key
#      events:
#        - "push"
#        - "delete"
#      apiToken:
#        name: github-access
#        key: token
#      webhookSecret:
#        name: github-access
#        key: secret
#      insecure: true
#      active: true
#      contentType: "json"

sensor 创建完成之后，如果你提供了 github token，那么会自动创建 webhook