本文主要是介绍tekton试用,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
这里写自定义目录标题
- 介绍
- 部署
- 修改依赖镜像
- 安装
- 示例
- 任务的输入定义
- 任务输出定义
- 镜像仓库认证
- 创建secret
- 创建serviceaccount
- 定义Task
- 定义TaskRun
- 完整的yaml
- 执行示例
介绍
谷歌开源了一个 Kubernetes 原生 CI/CD 构建框架——Tekton
Tekton 是一个功能强大且灵活的 Kubernetes 原生框架,用于创建 CI/CD 系统。通过抽象出底层实现细节,允许开发者跨多云环境或本地系统进行构建、测试与部署。
特性包括:
工件管理:存储、管理和保护工件,同时 Tetkon 管道可以很好地与其它第三方工具相配合。
部署管道:部署管道旨在支持复杂的工作流程,包括跨多个环境的部署以及金丝雀部署和蓝/绿部署。
结果:作为内置结果存储 API 的一部分,通过日志可以深入了解测试与构建结果。
参考:https://cloud.google.com/tekton/
部署
修改依赖镜像
部署基于kubernetes集群。部署文件参考:https://github.com/tektoncd/pipeline/releases/download/v0.2.0/release.yaml
国内下载gcr镜像需要使用代理,为了方便我将tekton工具链中所有依赖镜像全部推送至了阿里云,修改后的release.yaml内容如下:
apiVersion: v1
kind: Namespace
metadata:name: tekton-pipelines---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: tekton-pipelines-admin
rules:
- apiGroups:- ""resources:- pods- namespaces- secrets- events- serviceaccounts- configmaps- persistentvolumeclaimsverbs:- get- list- create- update- delete- patch- watch
- apiGroups:- extensionsresources:- deploymentsverbs:- get- list- create- update- delete- patch- watch
- apiGroups:- extensionsresources:- deployments/finalizersverbs:- get- list- create- update- delete- patch- watch
- apiGroups:- admissionregistration.k8s.ioresources:- mutatingwebhookconfigurationsverbs:- get- list- create- update- delete- patch- watch
- apiGroups:- tekton.devresources:- tasks- clustertasks- taskruns- pipelines- pipelineruns- pipelineresourcesverbs:- get- list- create- update- delete- patch- watch
- apiGroups:- tekton.devresources:- taskruns/finalizers- pipelineruns/finalizersverbs:- get- list- create- update- delete- patch- watch
- apiGroups:- tekton.devresources:- tasks/status- clustertasks/status- taskruns/status- pipelines/status- pipelineruns/status- pipelineresources/statusverbs:- get- list- create- update- delete- patch- watch---
apiVersion: v1
kind: ServiceAccount
metadata:name: tekton-pipelines-controllernamespace: tekton-pipelines---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: tekton-pipelines-controller-admin
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: tekton-pipelines-admin
subjects:
- kind: ServiceAccountname: tekton-pipelines-controllernamespace: tekton-pipelines---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: clustertasks.tekton.dev
spec:group: tekton.devnames:categories:- all- knative- tekton-pipelineskind: ClusterTaskplural: clustertasksscope: Clustersubresources:status: {}version: v1alpha1---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: images.caching.internal.knative.dev
spec:group: caching.internal.knative.devnames:categories:- all- knative-internal- cachingkind: Imageplural: imagesshortNames:- imgsingular: imagescope: Namespacedsubresources:status: {}version: v1alpha1---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: pipelines.tekton.dev
spec:group: tekton.devnames:categories:- all- knative- tekton-pipelineskind: Pipelineplural: pipelinesscope: Namespacedsubresources:status: {}version: v1alpha1---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: pipelineruns.tekton.dev
spec:group: tekton.devnames:categories:- all- knative- tekton-pipelineskind: PipelineRunplural: pipelinerunsscope: Namespacedsubresources:status: {}version: v1alpha1---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: pipelineresources.tekton.dev
spec:group: tekton.devnames:categories:- all- knative- tekton-pipelineskind: PipelineResourceplural: pipelineresourcesscope: Namespacedsubresources:status: {}version: v1alpha1---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: tasks.tekton.dev
spec:group: tekton.devnames:categories:- all- knative- tekton-pipelineskind: Taskplural: tasksscope: Namespacedsubresources:status: {}version: v1alpha1---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: taskruns.tekton.dev
spec:group: tekton.devnames:categories:- all- knative- tekton-pipelineskind: TaskRunplural: taskrunsscope: Namespacedsubresources:status: {}version: v1alpha1---
apiVersion: v1
kind: Service
metadata:labels:app: tekton-pipelines-controllername: tekton-pipelines-controllernamespace: tekton-pipelines
spec:ports:- name: metricsport: 9090protocol: TCPtargetPort: 9090selector:app: tekton-pipelines-controller---
apiVersion: v1
kind: Service
metadata:labels:app: tekton-pipelines-webhookname: tekton-pipelines-webhooknamespace: tekton-pipelines
spec:ports:- port: 443targetPort: 443selector:app: tekton-pipelines-webhook---
apiVersion: v1
data: null
kind: ConfigMap
metadata:name: config-artifact-bucketnamespace: tekton-pipelines---
apiVersion: v1
data:loglevel.controller: infologlevel.webhook: infozap-logger-config: |{"level": "info","development": false,"sampling": {"initial": 100,"thereafter": 100},"outputPaths": ["stdout"],"errorOutputPaths": ["stderr"],"encoding": "json","encoderConfig": {"timeKey": "","levelKey": "level","nameKey": "logger","callerKey": "caller","messageKey": "msg","stacktraceKey": "stacktrace","lineEnding": "","levelEncoder": "","timeEncoder": "","durationEncoder": "","callerEncoder": ""}}
kind: ConfigMap
metadata:name: config-loggingnamespace: tekton-pipelines---
apiVersion: apps/v1beta1
kind: Deployment
metadata:name: tekton-pipelines-controllernamespace: tekton-pipelines
spec:replicas: 1template:metadata:labels:app: tekton-pipelines-controllerspec:containers:- args:- -logtostderr- -stderrthreshold- INFO- -kubeconfig-writer-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-kubeconfigwriter:v0.2.0- -creds-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-creds-init:v0.2.0- -git-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-git-init:v0.2.0- -nop-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-nop:v0.2.0- -bash-noop-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-bash:v0.2.0- -gsutil-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-gsutil:v0.2.0- -entrypoint-image- registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-entrypoint:v0.2.0image: registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-controller:v0.2.0name: tekton-pipelines-controllervolumeMounts:- mountPath: /etc/config-loggingname: config-loggingserviceAccountName: tekton-pipelines-controllervolumes:- configMap:name: config-loggingname: config-logging---
apiVersion: apps/v1beta1
kind: Deployment
metadata:name: tekton-pipelines-webhooknamespace: tekton-pipelines
spec:replicas: 1template:metadata:labels:app: tekton-pipelines-webhookspec:containers:- image: registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-webhook:v0.2.0name: webhookvolumeMounts:- mountPath: /etc/config-loggingname: config-loggingserviceAccountName: tekton-pipelines-controllervolumes:- configMap:name: config-loggingname: config-logging---安装
参考: https://github.com/tektoncd/pipeline/blob/master/docs/install.md
- 使用kubectl apple 命令安装Tekton Pipelines与其依赖:
kubectl apply --filename ./release.yaml
- 使用kubectl get 命令来监视Tekton Pipelines组件启动情况,直到所有的组件状态为
Running
$ kubectl get pods --namespace tekton-pipelines --watch
NAME READY STATUS RESTARTS AGE
tekton-pipelines-controller-5d4ff79776-bznx8 1/1 Running 0 41s
tekton-pipelines-webhook-6b5b4f96f4-c2zz4 1/1 Running 0 41s
至此tekton pipeline已经安装完成
示例
参考: https://github.com/tektoncd/pipeline/blob/master/docs/tutorial.md
此处示例演示github官方例子Task Inputs and Outputs
任务的输入定义
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:name: skaffold-git
spec:type: gitparams:- name: revisionvalue: master- name: urlvalue: https://github.com/GoogleContainerTools/skaffold
PipelineResource类型为git
任务输出定义
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:name: skaffold-image-leeroy-web
spec:type: imageparams:- name: urlvalue: registry.cn-hangzhou.aliyuncs.com/shenshouer/leeroy-web
PipelineResource类型为image
镜像仓库认证
当任务执行完成后,将生成镜像并推送至镜像仓库registry.cn-hangzhou.aliyuncs.com/shenshouer,而镜像仓库需要认证,认证配置参考:https://github.com/tektoncd/pipeline/blob/master/docs/auth.md
创建secret
apiVersion: v1
kind: Secret
metadata:name: basic-user-passannotations:tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.com # Described below
type: kubernetes.io/basic-auth
stringData:username: [阿里云镜像仓库账号]password: [阿里云镜像仓库密码]
注意
secret类型为kubernetes.io/basic-authannotations中需要指定key:tekton.dev/docker-0value:https://registry.cn-hangzhou.aliyuncs.com;当然可以配置多个对应的registry仓库,使用同一套账号密码- 替换账号密码
创建serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:name: build-bot
secrets:- name: basic-user-pass
serviceaccount关联创建的secret
定义Task
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:name: build-docker-image-from-git-source
spec:inputs:resources:- name: docker-sourcetype: gitparams:- name: pathToDockerFiledescription: The path to the dockerfile to builddefault: /workspace/docker-source/Dockerfile- name: pathToContextdescription:The build context used by Kaniko(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)default: /workspace/docker-sourceoutputs:resources:- name: builtImagetype: imagesteps:- name: build-and-pushimage: registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-executorcommand:- /kaniko/executorargs:- --dockerfile=${inputs.params.pathToDockerFile}- --destination=${outputs.resources.builtImage.url}- --context=${inputs.params.pathToContext}
此任务将直接用于构建镜像并提交至指定镜像仓库,所依赖的构建工具为kaniko;镜像我已经推送至阿里云registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-executor并且在yaml文件中已经替换
具体executor【既kaniko】使用参考kaniko试用
定义TaskRun
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:name: build-docker-image-from-git-source-task-run
spec:serviceAccount: build-bottaskRef:name: build-docker-image-from-git-sourcetrigger:type: manualinputs:resources:- name: docker-sourceresourceRef:name: skaffold-gitparams:- name: pathToDockerFilevalue: Dockerfile- name: pathToContextvalue: /workspace/docker-source/examples/microservices/leeroy-web #configure: may change according to your sourceoutputs:resources:- name: builtImageresourceRef:name: skaffold-image-leeroy-web
在TaskRun中需要关联以上创建的serviceaccount: serviceAccount: build-bot
完整的yaml
整合以上示例各部分,完整yaml如下pipeline_resource.yaml:
# https://github.com/tektoncd/pipeline/blob/master/docs/auth.md
apiVersion: v1
kind: Secret
metadata:name: basic-user-passannotations:tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.com # Described below
type: kubernetes.io/basic-auth
stringData:username: [阿里云镜像仓库账号]password: [阿里云镜像仓库密码]---
apiVersion: v1
kind: ServiceAccount
metadata:name: build-bot
secrets:- name: basic-user-pass---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:name: skaffold-git
spec:type: gitparams:- name: revisionvalue: master- name: urlvalue: https://github.com/GoogleContainerTools/skaffold #configure: change if you want to build something else, perhaps from your own local GitLab---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:name: skaffold-image-leeroy-web
spec:type: imageparams:- name: urlvalue: registry.cn-hangzhou.aliyuncs.com/shenshouer/leeroy-web #configure: replace with where the image should go: perhaps your local registry or Dockerhub with a secret and configured service account---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:name: build-docker-image-from-git-source
spec:inputs:resources:- name: docker-sourcetype: gitparams:- name: pathToDockerFiledescription: The path to the dockerfile to builddefault: /workspace/docker-source/Dockerfile- name: pathToContextdescription:The build context used by Kaniko(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)default: /workspace/docker-sourceoutputs:resources:- name: builtImagetype: imagesteps:- name: build-and-pushimage: registry.cn-hangzhou.aliyuncs.com/shenshouer/tektoncd-executorcommand:- /kaniko/executorargs:- --dockerfile=${inputs.params.pathToDockerFile}- --destination=${outputs.resources.builtImage.url}- --context=${inputs.params.pathToContext}---
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:name: build-docker-image-from-git-source-task-run
spec:serviceAccount: build-bottaskRef:name: build-docker-image-from-git-sourcetrigger:type: manualinputs:resources:- name: docker-sourceresourceRef:name: skaffold-gitparams:- name: pathToDockerFilevalue: Dockerfile- name: pathToContextvalue: /workspace/docker-source/examples/microservices/leeroy-web #configure: may change according to your sourceoutputs:resources:- name: builtImageresourceRef:name: skaffold-image-leeroy-web
执行示例
使用kubectl create
$ # 创建一个用于运行示例的namespace$ kubectl create ns tekton-test
$ kubectl -n tekton-test create -f pipeline_resource.yaml
secret/basic-user-pass created
serviceaccount/build-bot created
pipelineresource.tekton.dev/skaffold-git created
pipelineresource.tekton.dev/skaffold-image-leeroy-web created
task.tekton.dev/build-docker-image-from-git-source created
taskrun.tekton.dev/build-docker-image-from-git-source-task-run created
查看状态:
查看tekton-pipelines
$ kubectl -n tekton-test get tekton-pipelines
NAME AGE
build-docker-image-from-git-source 13sNAME AGE
build-docker-image-from-git-source-task-run 13sNAME AGE
skaffold-git 13s
skaffold-image-leeroy-web 13s查看POD状态
$ kubectl -n tekton-test get po -o wide --watch
NAME READY STATUS RESTARTS AGE IP NODE
build-docker-image-from-git-source-task-run-pod-75b73f 0/3 PodInitializing 0 4s 10.220.0.164 prod-l27-4-91
build-docker-image-from-git-source-task-run-pod-75b73f 2/3 Running 0 5s 10.220.0.164 prod-l27-4-91
build-docker-image-from-git-source-task-run-pod-75b73f 1/3 Running 0 22s 10.220.0.164 prod-l27-4-91
build-docker-image-from-git-source-task-run-pod-75b73f 0/3 Completed 0 1m 10.220.0.164 prod-l27-4-91
当Pod状态为Completed表示当前任务已经完成,查看阿里云镜像是否推送成功
这篇关于tekton试用的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
