Argo Events source github
创建一个github token
https://github.com/settings/tokens
也可以使用配置文件,不过注意 token值是 base64编码之后的
apiVersion: v1
data:
token: xxxxxxxxxxxxxxxxxxxxxx
kind: Secret
metadata:
annotations:
lifecycle.cattle.io/create.secretsController_local: "true"
secret.user.cattle.io/secret: "true"
name: github-access
namespace: default
type: Opaque
创建Event source
# Info on GitHub Webhook: https://developer.github.com/v3/repos/hooks/#create-a-hook
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
name: github
namespace: argo
spec:
service:
ports:
- port: 12000
targetPort: 12000
github:
example:
repositories:
- owner: zl86790
names:
- argogithubsource
# Github will send events to following port and endpoint
webhook:
# endpoint to listen to events on
endpoint: /push
# port to run internal HTTP server on
port: "30001"
# HTTP request method to allow. In this case, only POST requests are accepted
method: POST
# url the event-source will use to register at Github.
# This url must be reachable from outside the cluster.
# The name for the service is in `<event-source-name>-eventsource-svc` format.
# You will need to create an Ingress or Openshift Route for the event-source service so that it can be reached from GitHub.
url: http://YOURIPADDRESS
# type of events to listen to.
# following listens to everything, hence *
# You can find more info on https://developer.github.com/v3/activity/events/types/
events:
- "*"
# apiToken refers to K8s secret that stores the github api token
# if apiToken is provided controller will create webhook on GitHub repo
# +optional
apiToken:
# Name of the K8s secret that contains the access token
name: github-access
# Key within the K8s secret whose corresponding value (must be base64 encoded) is access token
key: token
# # webhookSecret refers to K8s secret that stores the github hook secret
# # +optional
# webhookSecret:
# # Name of the K8s secret that contains the hook secret
# name: github-access
# # Key within the K8s secret whose corresponding value (must be base64 encoded) is hook secret
# key: secret
# type of the connection between event-source and Github.
# You should set it to false to avoid man-in-the-middle and other attacks.
insecure: true
# Determines if notifications are sent when the webhook is triggered
active: true
# The media type used to serialize the payloads
contentType: json
example-without-api-credentials:
owner: "argoproj"
repository: "argo"
webhook:
endpoint: "/push"
port: "13000"
method: "POST"
events:
- "*"
webhookSecret:
name: github-access
key: secret
insecure: true
active: true
contentType: "json"
# example-with-secure-connection:
# owner: "argoproj"
# repository: "argo"
# webhook:
# endpoint: "/push"
# port: "13000"
# method: "POST"
# url: "http://myargofakeurl.fake"
# # k8s secret that contains the cert
# serverCertSecret:
# name: my-secret
# key: cert-key
# # k8s secret that contains the private key
# serverKeySecret:
# name: my-secret
# key: pk-key
# events:
# - "push"
# - "delete"
# apiToken:
# name: github-access
# key: token
# webhookSecret:
# name: github-access
# key: secret
# insecure: true
# active: true
# contentType: "json"
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: argo
name: operate-workflow-sa
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operate-workflow-role
namespace: argo
rules:
- apiGroups:
- argoproj.io
verbs:
- "*"
resources:
- workflows
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: operate-workflow-role-binding
namespace: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: operate-workflow-role
subjects:
- kind: ServiceAccount
name: operate-workflow-sa
namespace: argo
sensor
# Info on GitHub Webhook: https://developer.github.com/v3/repos/hooks/#create-a-hook
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
name: github
namespace: argo
spec:
service:
ports:
- port: 12000
targetPort: 12000
github:
example:
repositories:
- owner: zl86790
names:
- argogithubsource
# Github will send events to following port and endpoint
webhook:
# endpoint to listen to events on
endpoint: /push
# port to run internal HTTP server on
port: "12000"
# HTTP request method to allow. In this case, only POST requests are accepted
method: POST
# url the event-source will use to register at Github.
# This url must be reachable from outside the cluster.
# The name for the service is in `<event-source-name>-eventsource-svc` format.
# You will need to create an Ingress or Openshift Route for the event-source service so that it can be reached from GitHub.
url: http://13.115.24.93:30001
# type of events to listen to.
# following listens to everything, hence *
# You can find more info on https://developer.github.com/v3/activity/events/types/
events:
- "*"
# apiToken refers to K8s secret that stores the github api token
# if apiToken is provided controller will create webhook on GitHub repo
# +optional
apiToken:
# Name of the K8s secret that contains the access token
name: github-access
# Key within the K8s secret whose corresponding value (must be base64 encoded) is access token
key: token
# # webhookSecret refers to K8s secret that stores the github hook secret
# # +optional
# webhookSecret:
# # Name of the K8s secret that contains the hook secret
# name: github-access
# # Key within the K8s secret whose corresponding value (must be base64 encoded) is hook secret
# key: secret
# type of the connection between event-source and Github.
# You should set it to false to avoid man-in-the-middle and other attacks.
insecure: true
# Determines if notifications are sent when the webhook is triggered
active: true
# The media type used to serialize the payloads
contentType: json
example-without-api-credentials:
owner: "argoproj"
repository: "argo"
webhook:
endpoint: "/push"
port: "13000"
method: "POST"
events:
- "*"
webhookSecret:
name: github-access
key: secret
insecure: true
active: true
contentType: "json"
# example-with-secure-connection:
# owner: "argoproj"
# repository: "argo"
# webhook:
# endpoint: "/push"
# port: "13000"
# method: "POST"
# url: "http://myargofakeurl.fake"
# # k8s secret that contains the cert
# serverCertSecret:
# name: my-secret
# key: cert-key
# # k8s secret that contains the private key
# serverKeySecret:
# name: my-secret
# key: pk-key
# events:
# - "push"
# - "delete"
# apiToken:
# name: github-access
# key: token
# webhookSecret:
# name: github-access
# key: secret
# insecure: true
# active: true
# contentType: "json"
sensor 创建完成之后,如果你提供了 github token,那么会自动创建 webhook
为了使用nodeport来开放 对应的 source pod,需要额外的 nodeport,默认它会创建一个 clusterip service
github-eventsource-svc
我们仿造它写一个nodeport
DEBUG 说明,这里如果出现了无法顺利触发 workflow的情况,请进行如下检查
- Github 是否进行了消息投递
2. Postman能否正确请求你的webhook,可以分别通过 映射端口 和 nodeport 测试
如果一切顺利
稍等片刻执行完成