Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

第 6 章 为 webhook 创建 secret

您可以创建一个密钥,并将其与通用、GitHub 或 GitLab webhook 一起使用,以触发 Git 存储库中的应用程序构建。根据您用于应用程序代码的 Git 托管平台的类型,JWS Operator 提供webhookSecrets:genericwebhookSecrets:githubwebhookSecrets:gitlab参数,您可以使用这些参数在 Web 应用程序的自定义资源文件中指定机密。

流程

  1. 创建 Base64 编码的秘密字符串。

    例如: 

    echo -n "qwerty" | base64
    Copy to Clipboard Toggle word wrap

    上述命令对纯文本字符串qwerty进行编码,并显示编码后的字符串。

    例如: 

    cXdlcnR5
    Copy to Clipboard Toggle word wrap

  2. 创建定义 Secret 对象的 secret.yaml 文件。

    例如: 

    kind: Secret
apiVersion: v1
metadata:
  name: jws-secret
data:
  WebHookSecretKey: cXdlcnR5
    Copy to Clipboard Toggle word wrap

    在上面的示例中, jws-secret是密钥的名称, cXdlcnR5是编码的密钥字符串。

  3. 运行以下命令来创建 secret: 

    oc create -f secret.yaml
    Copy to Clipboard Toggle word wrap

    前面的命令会显示一条消息,以确认该机密已创建好。

    例如: 

    secret/jws-secret created
    Copy to Clipboard Toggle word wrap

    基于上面的例子,你可以将webhookSecrets:generic参数设置为jws-secret

验证

  1. 获取 Webhook 的 URL: 

    oc describe BuildConfig | grep webhooks
    Copy to Clipboard Toggle word wrap

    前面的命令生成 Webhook URL,格式为: 

    https://<host>:<port>/apis/build.openshift.io/v1/namespaces/<namespace>/buildconfigs/<name>/webhooks/<secret>/generic
    Copy to Clipboard Toggle word wrap

  2. 要向 webhook 发送请求,请输入以下 curl 命令: 

    curl -k -X POST https://<host>:<port>/apis/build.openshift.io/v1/namespaces/<namespace>/buildconfigs/<name>/webhooks/<secret>/generic
    Copy to Clipboard Toggle word wrap

    在上面的命令中,将 URL 字符串中的<host><port><namespace><name>替换为适合您环境的值。将<secret>替换为纯文本秘密字符串(例如qwerty )。

    上述命令将生成以下类型的 JSON 格式的 webhook 响应,并触发构建: 

    {"kind":"Build","apiVersion":"build.openshift.io/v1","metadata":{"name":"test-2","namespace":"jfc","selfLink":"/apis/build.openshift.io/v1/namespaces/jfc/buildconfigs/test-2/instantiate","uid":"a72dd529-edc6-4e1c-898e-7c0dbbea176e","resourceVersion":"846159","creationTimestamp":"2020-10-30T12:29:30Z","labels":{"application":"test","buildconfig":"test","openshift.io/build-config.name":"test","openshift.io/build.start-policy":"Serial"},"annotations":{"openshift.io/build-config.name":"test","openshift.io/build.number":"2"},"ownerReferences":[{"apiVersion":"build.openshift.io/v1","kind":"BuildConfig","name":"test","uid":"1f78fa3f-2f3b-421b-9f49-192184cc2280","controller":true}],"managedFields":[{"manager":"openshift-apiserver","operation":"Update","apiVersion":"build.openshift.io/v1","time":"2020-10-30T12:29:30Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:openshift.io/build-config.name":{},"f:openshift.io/build.number":{}},"f:labels":{".":{},"f:application":{},"f:buildconfig":{},"f:openshift.io/build-config.name":{},"f:openshift.io/build.start-policy":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"1f78fa3f-2f3b-421b-9f49-192184cc2280\"}":{".":{},"f:apiVersion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:output":{"f:to":{".":{},"f:kind":{},"f:name":{}}},"f:serviceAccount":{},"f:source":{"f:contextDir":{},"f:git":{".":{},"f:ref":{},"f:uri":{}},"f:type":{}},"f:strategy":{"f:sourceStrategy":{".":{},"f:env":{},"f:forcePull":{},"f:from":{".":{},"f:kind":{},"f:name":{}},"f:pullSecret":{".":{},"f:name":{}}},"f:type":{}},"f:triggeredBy":{}},"f:status":{"f:conditions":{".":{},"k:{\"type\":\"New\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:status":{},"f:type":{}}},"f:config":{".":{},"f:kind":{},"f:name":{},"f:namespace":{}},"f:phase":{}}}}]},"spec":{"serviceAccount":"builder","source":{"type":"Git","git":{"uri":"https://github.com/jfclere/demo-webapp.git","ref":"master"},"contextDir":"/"},"strategy":{"type":"Source","sourceStrategy":{"from":{"kind":"DockerImage","name":"image-registry.openshift-image-registry.svc:5000/jfc/jboss-webserver54-tomcat9-openshift@sha256:75dcdf81011e113b8c8d0a40af32dc705851243baa13b68352706154174319e7"},"pullSecret":{"name":"builder-dockercfg-rvbh8"},"env":[{"name":"MAVEN_MIRROR_URL"},{"name":"ARTIFACT_DIR"}],"forcePull":true}},"output":{"to":{"kind":"ImageStreamTag","name":"test:latest"}},"resources":{},"postCommit":{},"nodeSelector":null,"triggeredBy":[{"message":"Generic WebHook","genericWebHook":{"secret":"\u003csecret\u003e"}}]},"status":{"phase":"New","config":{"kind":"BuildConfig","namespace":"jfc","name":"test"},"output":{},"conditions":[{"type":"New","status":"True","lastUpdateTime":"2020-10-30T12:29:30Z","lastTransitionTime":"2020-10-30T12:29:30Z"}]}}
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Success",
  "message": "invalid Content-Type on payload, ignoring payload and continuing with build",
  "code": 200
}
    Copy to Clipboard Toggle word wrap
    注意

    如果出现用户“system:anonymous”无法创建资源错误结果,您可以通过将未经身份验证的用户添加到system:webhook角色绑定或创建令牌并运行curl命令来解决此错误。

    例如,要创建令牌并运行curl命令: 

    TOKEN=`oc create token builder`

curl -H "Authorization: Bearer $TOKEN" -k -X POST https://<host>:<port>/apis/build.openshift.io/v1/namespaces/<namespace>/buildconfigs/<name>/webhooks/<secret>/generic
    Copy to Clipboard Toggle word wrap

  3. 如果你想在 GitHub 中使用 webhook:

    1. 在您的 GitHub 项目中,选择设置 > Webhooks > 添加 webhook
    2. 在 Payload URL 字段中,添加 URL。
    3. 将内容类型设置为application/json
    4. 如有必要,禁用 SSL 验证。
    5. 点击 Add webhook

    有关更多信息,请参阅https://docs.openshift.com/container-platform/4.6/builds/triggering-builds-build-hooks.html

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat