Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

第 6 章 为 webhook 创建 secret

您可以创建可与通用、GitHub 或 GitLab Webhook 搭配使用的 secret,以触发 Git 存储库中的应用构建。根据用于应用程序代码的 Git 托管平台类型,JWS Operator 提供了 webhookSecrets:generic,webhookSecrets:github, 和 webhookSecrets:gitlab 参数,可用于在自定义资源文件中为 web 应用程序指定 secret。

流程

  1. 创建 Base64 编码的 secret 字符串。

    例如: 

    echo -n "qwerty" | base64
    Copy to Clipboard Toggle word wrap

    前面的命令对纯文本字符串 qwerty 进行编码,并显示编码的字符串。

    例如: 

    cXdlcnR5
    Copy to Clipboard Toggle word wrap

  2. 创建定义 Secret 对象的 secret.yaml 文件。

    例如: 

    kind: Secret
apiVersion: v1
metadata:
  name: jws-secret
data:
  WebHookSecretKey: cXdlcnR5
    Copy to Clipboard Toggle word wrap

    在前面的示例中,jws-secret 是 secret 的名称,cXdlcnR5 是编码的 secret 字符串。

  3. 运行以下命令来创建 secret: 

    oc create -f secret.yaml
    Copy to Clipboard Toggle word wrap

    前面的命令会显示一条消息,以确认该机密已创建好。

    例如: 

    secret/jws-secret created
    Copy to Clipboard Toggle word wrap

    根据上例,您可以将 webhookSecrets:generic 参数设置为 jws-secret

验证

  1. 获取 Webhook 的 URL: 

    oc describe BuildConfig | grep webhooks
    Copy to Clipboard Toggle word wrap

    前面的命令生成 Webhook URL,格式为: 

    https://<host>:<port>/apis/build.openshift.io/v1/namespaces/<namespace>/buildconfigs/<name>/webhooks/<secret>/generic
    Copy to Clipboard Toggle word wrap

  2. 要向 webhook 发送请求,请输入以下 curl 命令: 

    curl -k -X POST https://<host>:<port>/apis/build.openshift.io/v1/namespaces/<namespace>/buildconfigs/<name>/webhooks/<secret>/generic
    Copy to Clipboard Toggle word wrap

    在前面的命令中,将 URL 字符串中的 & lt;host& gt ;、&lt ;port >、<namespace > 和 <name > 替换为适合您的环境的值。将 <secret > 替换为纯文本 secret 字符串(如 qwerty)。

    前面的命令以 JSON 格式生成以下 webhook 响应类型,并触发构建: 

    {"kind":"Build","apiVersion":"build.openshift.io/v1","metadata":{"name":"test-2","namespace":"jfc","selfLink":"/apis/build.openshift.io/v1/namespaces/jfc/buildconfigs/test-2/instantiate","uid":"a72dd529-edc6-4e1c-898e-7c0dbbea176e","resourceVersion":"846159","creationTimestamp":"2020-10-30T12:29:30Z","labels":{"application":"test","buildconfig":"test","openshift.io/build-config.name":"test","openshift.io/build.start-policy":"Serial"},"annotations":{"openshift.io/build-config.name":"test","openshift.io/build.number":"2"},"ownerReferences":[{"apiVersion":"build.openshift.io/v1","kind":"BuildConfig","name":"test","uid":"1f78fa3f-2f3b-421b-9f49-192184cc2280","controller":true}],"managedFields":[{"manager":"openshift-apiserver","operation":"Update","apiVersion":"build.openshift.io/v1","time":"2020-10-30T12:29:30Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:openshift.io/build-config.name":{},"f:openshift.io/build.number":{}},"f:labels":{".":{},"f:application":{},"f:buildconfig":{},"f:openshift.io/build-config.name":{},"f:openshift.io/build.start-policy":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"1f78fa3f-2f3b-421b-9f49-192184cc2280\"}":{".":{},"f:apiVersion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:output":{"f:to":{".":{},"f:kind":{},"f:name":{}}},"f:serviceAccount":{},"f:source":{"f:contextDir":{},"f:git":{".":{},"f:ref":{},"f:uri":{}},"f:type":{}},"f:strategy":{"f:sourceStrategy":{".":{},"f:env":{},"f:forcePull":{},"f:from":{".":{},"f:kind":{},"f:name":{}},"f:pullSecret":{".":{},"f:name":{}}},"f:type":{}},"f:triggeredBy":{}},"f:status":{"f:conditions":{".":{},"k:{\"type\":\"New\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:status":{},"f:type":{}}},"f:config":{".":{},"f:kind":{},"f:name":{},"f:namespace":{}},"f:phase":{}}}}]},"spec":{"serviceAccount":"builder","source":{"type":"Git","git":{"uri":"https://github.com/jfclere/demo-webapp.git","ref":"master"},"contextDir":"/"},"strategy":{"type":"Source","sourceStrategy":{"from":{"kind":"DockerImage","name":"image-registry.openshift-image-registry.svc:5000/jfc/jboss-webserver54-tomcat9-openshift@sha256:75dcdf81011e113b8c8d0a40af32dc705851243baa13b68352706154174319e7"},"pullSecret":{"name":"builder-dockercfg-rvbh8"},"env":[{"name":"MAVEN_MIRROR_URL"},{"name":"ARTIFACT_DIR"}],"forcePull":true}},"output":{"to":{"kind":"ImageStreamTag","name":"test:latest"}},"resources":{},"postCommit":{},"nodeSelector":null,"triggeredBy":[{"message":"Generic WebHook","genericWebHook":{"secret":"\u003csecret\u003e"}}]},"status":{"phase":"New","config":{"kind":"BuildConfig","namespace":"jfc","name":"test"},"output":{},"conditions":[{"type":"New","status":"True","lastUpdateTime":"2020-10-30T12:29:30Z","lastTransitionTime":"2020-10-30T12:29:30Z"}]}}
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Success",
  "message": "invalid Content-Type on payload, ignoring payload and continuing with build",
  "code": 200
}
    Copy to Clipboard Toggle word wrap
    注意

    如果 User "system:anonymous" 无法创建资源错误 结果,您可以通过将未经身份验证的用户添加到 system:webhook 角色绑定或创建令牌并运行 curl 命令来解决这个错误。

    例如,要创建令牌并运行 curl 命令: 

    TOKEN=`oc create token builder`

curl -H "Authorization: Bearer $TOKEN" -k -X POST https://<host>:<port>/apis/build.openshift.io/v1/namespaces/<namespace>/buildconfigs/<name>/webhooks/<secret>/generic
    Copy to Clipboard Toggle word wrap

  3. 如果要在 GitHub 中使用 Webhook:

    1. 在 GitHub 项目中,选择 Settings > Webhooks > Add webhook
    2. 在 Payload URL 字段中,添加 URL。
    3. 将内容类型设置为 application/json
    4. 如有必要,禁用 SSL 验证。
    5. 点击 Add webhook

    如需更多信息,请参阅 https://docs.openshift.com/container-platform/4.6/builds/triggering-builds-build-hooks.html

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat