Tekton Pipeline Auth Git basic auth 1 2 3 4 5 6 7 8 9 10 11 apiVersion:v1kind:Secretmetadata:name:gitlab-basic-authannotations:tekton.dev/git-0:http://gitlab.cloudnative.cn:8081tekton.dev/git-1:http://github.cloudnative.cn:8081type:kubernetes.io/basic-authstringData:username:xxxpassword:xxx Git ssh auth 1 2 3 4 5 6 7 8 9 10 11 12 13 apiVersion:v1kind:Secretmetadata:name:gitlab-ssh-keyannotations:tekton.dev/git-0:gitlab.cloudnative.cntype:kubernetes.io/ssh-authstringData:ssh-privatekey:|------BEGIN RSA PRIVATE KEY----- xxx -----END RSA PRIVATE KEY-----known_hosts:xxx Docker basic auth 1 2 3 4 5 6 7 8 9 10 apiVersion:v1kind:Secretmetadata:name:docker-basic-authannotations:tekton.dev/docker-0:https://registry.cn-hangzhou.aliyuncs.comtype:kubernetes.io/basic-authstringData:username:xxxpassword:xxx ServiceAccount 1 2 3 4 5 6 7 8 apiVersion:v1kind:ServiceAccountmetadata:name:tekton-pipelinessecrets:- name:gitlab-basic-auth- name:gitlab-ssh-key- name:docker-basic-auth Task Git clone 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 apiVersion:tekton.

Tekton Triggers EventListener 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 apiVersion:triggers.tekton.dev/v1alpha1kind:EventListenermetadata:name:gitlab-listener-interceptorspec:serviceAccountName:tekton-triggerstriggers:- name:gitlab-listenerinterceptors:- gitlab:secretRef:secretName:gitlab-secretsecretKey:secretTokeneventTypes:- Push Hook- cel:# filter: header.match('X-Gitlab-Event', 'Push Hook') && header.canonical('X-Gitlab-Token').compareSecret('secretToken', 'gitlab-secret')filter:body.commits[0].message.indexOf('[skip ci]') == -1 && body.commits[0].message.indexOf('[ci skip]') == -1overlays:- key:branch_nameexpression:"body.ref.split('/')[2]"- key:commit_idexpression:"body.commits[0].id.truncate(7)"bindings:- ref:pipeline-bindingtemplate:ref:pipeline-templateresources:kubernetesResource:serviceType:NodePort---apiVersion:v1kind:Secretmetadata:name:gitlab-secrettype:OpaquestringData:secretToken:"cloudnative" Rbac 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 apiVersion:v1kind:ServiceAccountmetadata:name:tekton-triggers---apiVersion:rbac.

Kaniko kaniko在构建镜像时无需特权模式，提供缓存功能，开启缓存--cache=true第一种是Dockerfile中定义的执行命令，每个命令

CoreDns Pod 内/etc/resolv.conf详解 1 2 3 nameserver 22.68.0.2 search kube-system.svc.cluster.local svc.cluster.local cluster.local options ndots:5 nameserver 定义DNS服务器的IP地址。 search 设置域名的查找后缀规则，查找配置越多，说明域

Helm Use 1 2 3 4 5 6 7 8 # valueshello:world# template{{.Values.hello | title }}# outputhello:World # 开头首字母大写 1 2 3 4 5 6 7 8 # valueshello:world# template{{.Values.hello | upper }}# outputhello:WORLD # 全部大写 1 2 3 4 5 6 7 8 # valueshello:world# template{{.Values.hello | quote }}# outputhello:"world"# 附加双引号 1 2 3 4 5