网站中心,wordpress项目管理插件,百度快照是啥,网站 设置特殊的字体一. 概念
Tekton 官网
Github
Tekton 是一种用于构建 CI/CD 管道的云原生解决方案#xff0c;它由提供构建块的 Tekton Pipelines#xff0c;Tekton 作为 Kubernetes 集群上的扩展安装和运行#xff0c;包含一组 Kubernetes 自定义资源#xff0c;这些资源定义了您可以为…
一. 概念
Tekton 官网
Github
Tekton 是一种用于构建 CI/CD 管道的云原生解决方案它由提供构建块的 Tekton PipelinesTekton 作为 Kubernetes 集群上的扩展安装和运行包含一组 Kubernetes 自定义资源这些资源定义了您可以为管道创建和重用的构建块。安装后Tekton Pipelines 可通过 Kubernetes CLI (kubectl) 和 API 调用使用。
1. 组件介绍 Tekton 由以下组件组成 Tekton Pipelines 是 Tekton 的基础它定义了一组 Kubernetes自定义资源 这些资源充当构建块您可以从中组装 CI/CD 管道Tekton Triggers 允许您根据事件实例化管道。例如您可以在每次将 PR 合并到 GitHub 存储库时触发管道的实例化和执行。您还可以构建一个用户界面来启动特定的 Tekton 触发器Tekton CLI 提供了一个名为 的命令行界面tkn它构建在 Kubernetes CLI 之上允许您与 Tekton 进行交互Tekton Dashboard 是 Tekton Pipelines 的基于 Web 的图形界面可显示有关管道执行的信息。它目前正在进行中Tekton Catalog 是高质量、社区贡献的 Tekton 构建块Tasks、、Pipelines等等的存储库可以在您自己的管道中使用Tekton Hub 是一个基于 Web 的图形界面用于访问 Tekton CatalogTekton Operator 是一种 Kubernetes Operator 模式 允许您在 Kubernetes 集群上安装、更新和删除 Tekton 项目
二. 部署
参考一 参考二
1. Tekton Pipelines
Pipelines 部署
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml# 指定版本
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.47.0/release.yaml1). 修改依赖的镜像 vim release.yaml 找到名字叫 tekton-pipelines-controller 的 Deployment 进行修改,如上图可以看到很多镜像是 gcr.io 开头的这些是后面 pipeline 启动所需要的我们可以讲这些镜像 pull下来放到镜像仓库
sed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/controller:v0.47.0sha256:e1a541216f70bfc519739e056111d0f69e7959913e28ccbf98ce9fe2fd0dd406/lixd96\/tektoncd-pipeline-cmd-controller:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/resolvers:v0.47.0sha256:5ea2565c256a5085ee422d4778166fd1fe0f985ff6e3816542728379433f30db/lixd96\/tektoncd-pipeline-cmd-resolvers:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/webhook:v0.47.0sha256:e2bc5e55370049efa5ed3e16868ecec65fb9cdb6df0fd7e08568a8b6f3193186/lixd96\/tektoncd-pipeline-cmd-webhook:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/kubeconfigwriter:v0.47.0sha256:449fae542ca42a94171c7e6fe41af4451c62126743f77b47f09bbcecc932145e/lixd96\/tektoncd-pipeline-cmd-kubeconfigwriter:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/git-init:v0.47.0sha256:cd5fb697a91af1883917e5e8ab230566bff60fd1310fb2d0e12badcee7db5db6/lixd96\/tektoncd-pipeline-cmd-git-init:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/entrypoint:v0.47.0sha256:50333090b874cdff1706d9f4de9d367270586d91a3204f223ad3c9c8f8b5968b/lixd96\/tektoncd-pipeline-cmd-entrypoint:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/nop:v0.47.0sha256:6c99e85668d5c5d383ee341fb22affb71ea2908f5615a3ec0157980ac1891ef4/lixd96\/tektoncd-pipeline-cmd-nop:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/sidecarlogresults:v0.47.0sha256:8c7e3dbb3cbfa76e9d291d869d50c93b4b9001dab6e3143d5db7b4e297144814/lixd96\/tektoncd-pipeline-cmd-sidecarlogresults:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/imagedigestexporter:v0.47.0sha256:768185690a3c5b5a79c764fe3d66bac8351136a14dd82d9fd7da019789b4ed95/lixd96\/tektoncd-pipeline-cmd-imagedigestexporter:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/pullrequest-init:v0.47.0sha256:8f5809192c455ea3a657203337e139482b06ffdef1a32d3ad494d6bcdb7c1465/lixd96\/tektoncd-pipeline-cmd-pullrequest-init:v0.47.0/ pipeline.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/pipeline\/cmd\/workingdirinit:v0.47.0sha256:707cf41528b19e7b20925fcfe17b1ebf8e61a22fe824df6b79c17b36f81a2d19/lixd96\/tektoncd-pipeline-cmd-workingdirinit:v0.47.0/ pipeline.yaml2). HA
Tekton HA
默认 Tekton 是1个副本想要高可用版本 首先需要将 Tokton Deployment 副本数增加到3个, 然后需要配置选举
# scale
kubectl -n tekton-pipelines scale deployment tekton-pipelines-controller --replicas3vim config-leader-election.yaml 选举的信息是在 config-leader-election 的configmap中设定的 apiVersion: v1
kind: ConfigMap
metadata:name: config-leader-electionnamespace: tekton-pipelineslabels:app.kubernetes.io/instance: defaultapp.kubernetes.io/part-of: tekton-pipelines
data:_example: |lease-duration: 60srenew-deadline: 40sretry-period: 10s# 如果 buckets 的值为MTekton的控制器熟练为N 那么buckets: 12. triggers
triggers 作为 触发器
Triggers 部署
# 镜像处理
sed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/controller:v0.22.1sha256:47f18d03c08ebc8ef474dd62e7d83ead3c4aa802c72668dafb73fd6afedd305f/lixd96\/tektoncd-triggers-cmd-controller:v0.22.1/ trigger-release.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/webhook:v0.22.1sha256:9a124b2ead10a6bc3ae1d32d05b9fe664465cfe6d09830ef89f3987a443a5c86/lixd96\/tektoncd-triggers-cmd-webhook:v0.22.1/ trigger-release.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/eventlistenersink:v0.22.1sha256:bd8b2ec63012605739dc74871d1a20634d1055ed3d77864a582a9b5f2d22ab92/lixd96\/tektoncd-triggers-cmd-eventlistenersink:v0.22.1/ trigger-release.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/controller:v0.22.1sha256:47f18d03c08ebc8ef474dd62e7d83ead3c4aa802c72668dafb73fd6afedd305f/lixd96\/tektoncd-triggers-cmd-controller:v0.22.1/ trigger-interceptors.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/eventlistenersink:v0.22.1sha256:bd8b2ec63012605739dc74871d1a20634d1055ed3d77864a582a9b5f2d22ab92/lixd96\/tektoncd-triggers-cmd-eventlistenersink:v0.22.1/ trigger-interceptors.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/webhook:v0.22.1sha256:9a124b2ead10a6bc3ae1d32d05b9fe664465cfe6d09830ef89f3987a443a5c86/lixd96\/tektoncd-triggers-cmd-webhook:v0.22.1/ trigger-interceptors.yamlsed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/triggers\/cmd\/interceptors:v0.22.1sha256:eda7af449fb82b06e952da0f5c0d1c2a3eddbab041e43065d37f67523c60c494/lixd96\/tektoncd-triggers-cmd-interceptors:v0.22.1/ trigger-interceptors.yaml
3. Tekton dashboard
Dashboard 部署
默认安装只能以 只读 的形式安装 dashboard
kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml# 指定版本 之前的旧版本需要加一个 previous 只能读版本
kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.35.0/release.yaml# 管理人员以读写的形式安装
kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml# 指定版本
kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.35.0/release-full.yaml# 镜像处理
sed -i s/gcr.io\/tekton-releases\/github.com\/tektoncd\/dashboard\/cmd\/dashboard:v0.35.0sha256:454a405aa4f874a0c22db7ab47ccb225a95addd3de904084e35c5de78e4f2c48/lixd96\/tektoncd-dashboard-cmd-dashboard:v0.35.0/ tekton-dashboard-release.yaml只有可读写的 dashboard 才有创建按钮 1). dashboard Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: dashboardnamespace: tekton-pipelinesannotations:kubernetes.io/ingress.class: nginx
spec:rules:- host: tekton.yeemiao.net.cnhttp:paths:- backend:service:name: tekton-dashboardport:number: 9097path: /pathType: Prefix4. CLI
CLI 部署
https://github.com/tektoncd/cli/releases/download/v0.30.1/tkn_0.30.1_Linux_x86_64.tar.gztar xvzf tkn_0.30.1_Linux_x86_64.tar.gz -C /usr/local/bin/[rootcontroller-1 ~/xingguang/tekton]# tkn version
Client version: 0.30.1
Pipeline version: v0.47.0
Dashboard version: v0.34.01). 常用命令
tkn taskrun ls
NAME STARTED DURATION STATUS
hello-run 21 hours ago 43s Succeeded# 可以看到 taskrun 输出的日志
[roothhy-1 ~/manifest/tekton/hhy-1]# tkn -n default taskrun logs -f hello-run-q5kpl
[hello] Hello World# 可以看到 taskrun 创建了一个 pod, 然后用这个pod 输出了一句话, 当然 pod 执行完任务 状态就会是 Completed 的
[roothhy-1 ~/manifest/tekton/hhy-1]# kubectl get po
NAME READY STATUS RESTARTS AGE
hello-run-q5kpl-pod 0/1 Completed 0 3m59s
[roothhy-1 ~/manifest/tekton/hhy-1]# kubectl logs -f hello-run-q5kpl-pod
Defaulted container step-hello out of: step-hello, prepare (init), place-scripts (init)
Hello World三. 构建流水线
1. Task
Task任务模版是tekton的最小单元代表一个任务包括多个步骤将比较通用的步骤单独定义为 task可以复用, 然后使用 pipeline 将多个 task 编排为一个流水线一个task最好只做一件事比如 git clonedocker builddocker push
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: hello
spec:steps:- name: echoimage: alpinescript: |#!/bin/shecho Hello World 2. TaskRun TaskRun任务执行实例拥有任务的运行状态 Pipeline ClusterTask 弃用
apiVersion: tekton.dev/v1
kind: TaskRun
metadata:name: hello
spec:taskRef: # 引用 名字为 hello 的 Taskname: hello3. Pipeline
Pipeline流水线模版控制完成多个task的运行流程, 是多个 Task 的组合
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata: # 唯一标识name: hello-goodbyenamespace: devops
spec:params: # 指定 Parameters 需要的 pipeline- name: usernametype: stringtasks:- name: hellotaskRef:name: hello- name: goodbyerunAfter:- hellotaskRef:name: goodbyeparams:- name: usernamevalue: $(params.username)4. PipelineRun
PipelineRun流水线执行实例拥有流水线运行状态真正的流水线他会调用流水线Pipeline中定义的参数继而调用task中定义的任务pipelinerun 和 taskrun 基本一致用于触发流水线以及为 pipeline 提供必要的参数PipelineResource 弃用 5. Workspace
Workspace
TaskRun 在 Task Workspace 中适配的卷存储称为存储卷源volume source支持类型如下 persistentVolumeClaimvolumeClaimTemplateemptyDirconfigMapsecret
1). 使用说明 $(workspaces.name.path)- 指定 的路径其中Workspace 是name的名称Workspace。当工作空间被声明为可选并且不是由 TaskRun 提供时这将是一个空字符串。$(workspaces.name.bound)- 或truefalse指定是否绑定工作区。true如果需要工作空间则始终如此。$(workspaces.name.claim)PersistentVolumeClaim- 指定用作卷源的名称Workspace 其中name是 的名称Workspace。PersistentVolumeClaim如果使用其他卷源则返回空字符串。$(workspaces.name.volume)Volume - 指定为 a 提供的名称Workspace其中name是 的名称Workspace 2). 案例
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: source-lister
spec:params:- name: git-repotype: stringdescription: Git repository to be clonedworkspaces:- name: sourcesteps:- name: git-cloneimage: alpine/qit:v2.32.0script: git clone -v $(params.git-repo) $(workspaces.source.path)/source- name: list-filesimage: alpine:3.15command:- /bin/shargs:- -c- ls $(workspaces.source.path)/source(一). git-clone官网task
官方提供了一个代码 clone 的 task写的很全直接照搬就可以
git-clone
流水线官方demo文档
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: git-clonelabels:app.kubernetes.io/version: 0.5annotations:tekton.dev/pipelines.minVersion: 0.21.0tekton.dev/categories: Gittekton.dev/tags: gittekton.dev/displayName: git clonetekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
spec:description: -These Tasks are Git tasks to work with repositories used by other tasksin your Pipeline.The git-clone Task will clone a repo from the provided url into theoutput Workspace. By default the repo will be cloned into the root ofyour Workspace. You can clone into a subdirectory by setting this Taskssubdirectory param. This Task also supports sparse checkouts. To performa sparse checkout, pass a list of comma separated directory patterns tothis Tasks sparseCheckoutDirectories param.workspaces:- name: outputdescription: The git repo will be cloned onto the volume backing this Workspace.- name: ssh-directoryoptional: truedescription: |A .ssh directory with private key, known_hosts, config, etc. Copied tothe users home before git commands are executed. Used to authenticatewith the git remote when performing the clone. Binding a Secret to thisWorkspace is strongly recommended over other volume types.- name: basic-authoptional: truedescription: |A Workspace containing a .gitconfig and .git-credentials file. Thesewill be copied to the users home before any git commands are run. Anyother files in this Workspace are ignored. It is strongly recommendedto use ssh-directory over basic-auth whenever possible and to bind aSecret to this Workspace over other volume types.- name: ssl-ca-directoryoptional: truedescription: |A workspace containing CA certificates, this will be used by Git toverify the peer with when fetching or pushing over HTTPS.params:- name: urldescription: Repository URL to clone from.type: string- name: revisiondescription: Revision to checkout. (branch, tag, sha, ref, etc...)type: stringdefault: - name: refspecdescription: Refspec to fetch before checking out revision.default: - name: submodulesdescription: Initialize and fetch git submodules.type: stringdefault: true- name: depthdescription: Perform a shallow clone, fetching only the most recent N commits.type: stringdefault: 1- name: sslVerifydescription: Set the http.sslVerify global git config. Setting this to false is not advised unless you are sure that you trust your git remote.type: stringdefault: true- name: subdirectorydescription: Subdirectory inside the output Workspace to clone the repo into.type: stringdefault: - name: sparseCheckoutDirectoriesdescription: Define the directory patterns to match or exclude when performing a sparse checkout.type: stringdefault: - name: deleteExistingdescription: Clean out the contents of the destination directory if it already exists before cloning.type: stringdefault: true- name: httpProxydescription: HTTP proxy server for non-SSL requests.type: stringdefault: - name: httpsProxydescription: HTTPS proxy server for SSL requests.type: stringdefault: - name: noProxydescription: Opt out of proxying HTTP/HTTPS requests.type: stringdefault: - name: verbosedescription: Log the commands that are executed during git-clones operation.type: stringdefault: true- name: gitInitImagedescription: The image providing the git-init binary that this Task runs.type: stringdefault: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0- name: userHomedescription: |Absolute path to the users home directory. Set this explicitly if you are running the image as a non-root user or have overriddenthe gitInitImage param with an image containing custom user configuration.type: stringdefault: /tekton/homeresults:- name: commitdescription: The precise commit SHA that was fetched by this Task.- name: urldescription: The precise URL that was fetched by this Task.steps:- name: cloneimage: $(params.gitInitImage)env:- name: HOMEvalue: $(params.userHome)- name: PARAM_URLvalue: $(params.url)- name: PARAM_REVISIONvalue: $(params.revision)- name: PARAM_REFSPECvalue: $(params.refspec)- name: PARAM_SUBMODULESvalue: $(params.submodules)- name: PARAM_DEPTHvalue: $(params.depth)- name: PARAM_SSL_VERIFYvalue: $(params.sslVerify)- name: PARAM_SUBDIRECTORYvalue: $(params.subdirectory)- name: PARAM_DELETE_EXISTINGvalue: $(params.deleteExisting)- name: PARAM_HTTP_PROXYvalue: $(params.httpProxy)- name: PARAM_HTTPS_PROXYvalue: $(params.httpsProxy)- name: PARAM_NO_PROXYvalue: $(params.noProxy)- name: PARAM_VERBOSEvalue: $(params.verbose)- name: PARAM_SPARSE_CHECKOUT_DIRECTORIESvalue: $(params.sparseCheckoutDirectories)- name: PARAM_USER_HOMEvalue: $(params.userHome)- name: WORKSPACE_OUTPUT_PATHvalue: $(workspaces.output.path)- name: WORKSPACE_SSH_DIRECTORY_BOUNDvalue: $(workspaces.ssh-directory.bound)- name: WORKSPACE_SSH_DIRECTORY_PATHvalue: $(workspaces.ssh-directory.path)- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUNDvalue: $(workspaces.basic-auth.bound)- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATHvalue: $(workspaces.basic-auth.path)- name: WORKSPACE_SSL_CA_DIRECTORY_BOUNDvalue: $(workspaces.ssl-ca-directory.bound)- name: WORKSPACE_SSL_CA_DIRECTORY_PATHvalue: $(workspaces.ssl-ca-directory.path)script: |#!/usr/bin/env shset -euif [ ${PARAM_VERBOSE} true ] ; thenset -xfiif [ ${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND} true ] ; thencp ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials ${PARAM_USER_HOME}/.git-credentialscp ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig ${PARAM_USER_HOME}/.gitconfigchmod 400 ${PARAM_USER_HOME}/.git-credentialschmod 400 ${PARAM_USER_HOME}/.gitconfigfiif [ ${WORKSPACE_SSH_DIRECTORY_BOUND} true ] ; thencp -R ${WORKSPACE_SSH_DIRECTORY_PATH} ${PARAM_USER_HOME}/.sshchmod 700 ${PARAM_USER_HOME}/.sshchmod -R 400 ${PARAM_USER_HOME}/.ssh/*fiif [ ${WORKSPACE_SSL_CA_DIRECTORY_BOUND} true ] ; thenexport GIT_SSL_CAPATH${WORKSPACE_SSL_CA_DIRECTORY_PATH}fiCHECKOUT_DIR${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}cleandir() {# Delete any existing contents of the repo directory if it exists.## We dont just rm -rf ${CHECKOUT_DIR} because ${CHECKOUT_DIR} might be /# or the root of a mounted volume.if [ -d ${CHECKOUT_DIR} ] ; then# Delete non-hidden files and directoriesrm -rf ${CHECKOUT_DIR:?}/*# Delete files and directories starting with . but excluding ..rm -rf ${CHECKOUT_DIR}/.[!.]*# Delete files and directories starting with .. plus any other characterrm -rf ${CHECKOUT_DIR}/..?*fi}if [ ${PARAM_DELETE_EXISTING} true ] ; thencleandirfitest -z ${PARAM_HTTP_PROXY} || export HTTP_PROXY${PARAM_HTTP_PROXY}test -z ${PARAM_HTTPS_PROXY} || export HTTPS_PROXY${PARAM_HTTPS_PROXY}test -z ${PARAM_NO_PROXY} || export NO_PROXY${PARAM_NO_PROXY}/ko-app/git-init \-url${PARAM_URL} \-revision${PARAM_REVISION} \-refspec${PARAM_REFSPEC} \-path${CHECKOUT_DIR} \-sslVerify${PARAM_SSL_VERIFY} \-submodules${PARAM_SUBMODULES} \-depth${PARAM_DEPTH} \-sparseCheckoutDirectories${PARAM_SPARSE_CHECKOUT_DIRECTORIES}cd ${CHECKOUT_DIR}RESULT_SHA$(git rev-parse HEAD)EXIT_CODE$?if [ ${EXIT_CODE} ! 0 ] ; thenexit ${EXIT_CODE}fiprintf %s ${RESULT_SHA} $(results.commit.path)printf %s ${PARAM_URL} $(results.url.path)四.
生命周期同PipelineRun或者TaskRun
workspaces:
- name: git-sourcevolumeClaimTemplate:spec:accessModes:- ReadWriteManyresources:requests:storage: 1Gi(一). 案例
代码内容
1. git-clone
# 官网提供的git 的 demo
kubectl -n kube-ops apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.5/git-clone.yaml2. 单元测试
apiVersion: tekton.dev/v1beta1
kind: Task
metadata: name: unit-testnamespace: kube-ops
spec: workspaces:- name: sourcesteps: - name: unit-testworkingDir: $(workspaces.source.path)image: golang:1.17.5env:- name: GOPROXYvalue: https://goproxy.cncommand: [go] args:- test- ./...3. make-build-push
采用 kaniko 来做的镜像需要镜像仓库的认证信息需要创建 secret
apiVersion: v1
data:.dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2hhcmJvci55ZWVtaWFvLm5ldC5jbiI6eyJ1c2VybmFtZSI6ImNoZW54aW5nZ3VhbmciLCJwYXNzd29yZCI6ImR3MmV4czZuRCFkZmprMTIyIiwiYXV0aCI6IlkyaGxibmhwYm1kbmRXRnVaenBrZHpKbGVITTJia1FoWkdacWF6RXlNZz09In19fQ
kind: Secret
metadata:name: dockerhubnamespace: kube-ops
type: kubernetes.io/dockerconfigjson# 也可以用名称创建
kubectl -n kube-ops create secret docker-registry dockerhub --docker-serverhttps://harbor.yeemiao.net.cn --docker-usernamechenxingguang --docker-passworddw2exs6nD!dfjk122apiVersion: tekton.dev/v1beta1
kind: Task
metadata: name: build-push-imagenamespace: kube-ops
spec: params:- name: pathToDockerfiledescription: The path to the dockerfile to build (relative to the context)default: Dockerfile- name: imageUrldescription: Url of image repository- name: imageTagdescription: Tag to apply to the built imagedefault: latestworkspaces:- name: source- name: dockerconfigmountPath: /kaniko/.dockersteps:- name: build-and-pushimage: registry.cn-hangzhou.aliyuncs.com/coolops/kaniko-executor:v1.5.0workingDir: $(workspaces.source.path)command:- /kaniko/executorargs:- --dockerfile$(params.pathToDockerfile)- --destination$(params.imageUrl):$(params.imageTag)- --context$(workspaces.source.path)4. deploy-to-k8s
部署到k8s中需要认证
kubectl create secret generic kubernetes-config --from-file/root/.kube/configapiVersion: tekton.dev/v1alpha1
kind: Task
metadata:name: deploy-to-k8snamespace: kube-ops
spec:workspaces:- name: source- name: kubernetesconfigmountPath: /root/.kubeparams:- name: pathToYamlFiledescription: The path to the yaml file to deploy within the git sourcedefault: deployment.yaml- name: IMAGE- name: TAGsteps:- name: run-kubectlimage: registry.cn-hangzhou.aliyuncs.com/coolops/kubectl:1.19.16workingDir: $(workspaces.source.path)script: |sed -i s#IMAGE#$(params.IMAGE)#g $(params.pathToYamlFile)sed -i s#TAG#$(params.TAG)#g $(params.pathToYamlFile)kubectl apply -f $(params.pathToYamlFile)5. pipeline
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata: name: devops-hello-world-pipelinenamespace: kube-ops
spec: workspaces: # 声明 workspaces - name: go-repo-pvc - name: docker-config- name: kubernetes-configparams: # 定义代码仓库 - name: git_url - name: revision type: string default: master - name: gitInitImagetype: stringdefault: registry.cn-hangzhou.aliyuncs.com/coolops/tekton-git-init:v0.29# 定义镜像参数 - name: pathToDockerfiledescription: The path to the build context, used by Kaniko - within the workspacedefault: .- name: imageUrldescription: Url of image repository- name: imageTagdescription: Tag to apply to the built imagedefault: latesttasks: # 添加task到流水线中 - name: clone taskRef: name: git-clone workspaces: - name: output workspace: go-repo-pvc params: - name: url value: $(params.git_url) - name: revision value: $(params.revision) - name: gitInitImagevalue: $(params.gitInitImage)- name: unit-test workspaces: # 传递 workspaces - name: sourceworkspace: go-repo-pvctaskRef: name: unit-testrunAfter:- clone- name: build-push-imageparams:- name: pathToDockerfilevalue: $(params.pathToDockerfile)- name: imageUrlvalue: $(params.imageUrl)- name: imageTagvalue: $(params.imageTag)taskRef: name: build-push-image runAfter:- unit-test workspaces: # 传递 workspaces - name: sourceworkspace: go-repo-pvc- name: dockerconfigworkspace: docker-config- name: deploy-to-k8staskRef: name: deploy-to-k8sparams:- name: pathToYamlFilevalue: deployment.yaml- name: IMAGEvalue: $(params.imageUrl)- name: TAGvalue: $(params.imageTag)workspaces:- name: sourceworkspace: go-repo-pvc - name: kubernetesconfigworkspace: kubernetes-configrunAfter:- build-push-image6. PipelineRun
需要创建一个用户
apiVersion: v1
kind: Secret
metadata: name: gitlab-auth namespace: kube-opsannotations: tekton.dev/git-0: http://gitlab-tekton.yeemiao.net.cn/root/tekton-deploy.git # 代码仓库
type: kubernetes.io/basic-auth
stringData: username: rootpassword: Hhy0304moon
---
apiVersion: v1
kind: ServiceAccount
metadata: name: tekton-build-sanamespace: kube-ops
secrets: - name: gitlab-auth
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: name: tekton-clusterrole-bindingnamespace: kube-ops
roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edit
subjects:
- kind: ServiceAccount name: tekton-build-sa namespace: kube-ops真正的执行过程 apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: devops-hello-world-pipeline-runnamespace: kube-ops
spec:serviceAccountName: tekton-build-sapipelineRef:name: devops-hello-world-pipeline params:- name: revisionvalue: master- name: git_urlvalue: http://gitlab-tekton.yeemiao.net.cn/root/tekton-deploy.git- name: imageUrlvalue: harbor.yeemiao.net.cn/library/tekton-quiz- name: imageTagvalue: v1beta1- name: pathToDockerfilevalue: Dockerfileworkspaces:- name: go-repo-pvcvolumeClaimTemplate:spec:accessModes:- ReadWriteManystorageClassName: soin-nfsresources:requests:storage: 1Gi- name: docker-configsecret:secretName: docker-config- name: kubernetes-configsecret:secretName: kubernetes-config查看部署的pod [rootcontroller-1 ~/xingguang/tekton/case]# kubectl -n kube-ops get po |grep http
httpserver-78b8445f5c-wqcwm 1/1 Running 0 17s
