02 Tekton Pipeline
【摘要】 一 背景 二 Pipeline 步骤 2.1 代码拉取代码是交付的基石,是后续的所有动作做铺垫的,我们需要创建一个拉取代码的Task。不过这个Task,我们可以不用自己写,直接用Tekton Hub上别人写好的,地址是:https://hub.tekton.dev/tekton/task/git-clone。这个Task支持的功能比较全,参数也比较多,具体有哪些参数可以到上面的地址进行查看...
一 背景
二 Pipeline 步骤
2.1 代码拉取
代码是交付的基石,是后续的所有动作做铺垫的,我们需要创建一个拉取代码的Task。
不过这个Task,我们可以不用自己写,直接用Tekton Hub上别人写好的,地址是:https://hub.tekton.dev/tekton/task/git-clone。这个Task支持的功能比较全,参数也比较多,具体有哪些参数可以到上面的地址进行查看和学习。
其安装方式有两种:kubectl和tkn客户端。
(1)使用kubectl进行安装
$ kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.5/git-clone.yaml
(2)使用tkn客户端进行安装
$ tkn hub install task git-clone
查看task详情
$ tkn task list
$ kubectl get task git-clone -oyaml
创建一个测试taskRun来测试师傅可以正常拉取代码。
cat > git-clone-taskrun.yaml << EOF
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: test-git-clone
namespace: default
spec:
workspaces:
- name: output
emptyDir: {}
params:
- name: url
value: "https://gitee.com/coolops/tekton-install.git"
- name: revision
value: "master"
- name: gitInitImage
value: "registry.cn-hangzhou.aliyuncs.com/coolops/tekton-git-init:v0.29"
taskRef:
name: git-clone
EOF
2.2 单元测试
单元测试比较简单,基本就是执行go test ./...命令就行,比如。
> go test ./...
ok devops-hello-world 0.313s
ok devops-hello-world/pkg (cached)
所以这个Task,只需要一个Go环境,能执行Go命令即可,如下:
cat > unit-test-task.yaml <<EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: unit-test
spec:
workspaces:
- name: source
steps:
- name: unit-test
workingDir: \$(workspaces.source.path)
image: golang:1.17.5
env:
- name: GOPROXY
value: https://goproxy.cn
command: ['go']
args:
- "test"
- "./..."
EOF
2.3 镜像构建/推送
为什么这里没有单独把应用构建组成一个Task呢?主要是我们在这里采用了多阶段构建,我们可以将应用构建-镜像打包写在一个Dockerfile中,所以这里只需要写一个Task。
cat > docker-build-push.yaml << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-push-image
spec:
params:
- name: pathToDockerfile
description: The path to the dockerfile to build (relative to the context)
default: Dockerfile
- name: imageUrl
description: Url of image repository
- name: imageTag
description: Tag to apply to the built image
default: latest
workspaces:
- name: source
- name: dockerconfig
mountPath: /kaniko/.docker # config.json 的挂载目录
steps:
- name: build-and-push
image: registry.cn-hangzhou.aliyuncs.com/coolops/kaniko-executor:v1.5.0
workingDir: \$(workspaces.source.path)
command:
- /kaniko/executor
args:
- --dockerfile=\$(params.pathToDockerfile)
- --destination=\$(params.imageUrl):\$(params.imageTag)
- --context=\$(workspaces.source.path)
EOF
我们这里采用kaniko进行构建镜像,用这种方式不用挂载docker.sock文件,但是我们需要将docker config保存在/kaniko/.docker目录下。我们可以通过如下命令来创建secret。
kubectl create secret docker-registry dockerhub --docker-server=https://index.docker.io/v1/ --docker-username=xxxxxxxxx --docker-password=xxxxxxxxxxx --dry-run=client -o json | jq -r '.data.".dockerconfigjson"' | base64 -d > /tmp/config.json && kubectl create secret generic docker-config --from-file=/tmp/config.json && rm -f /tmp/config.json
因为在镜像推送的时候需要镜像仓库的密钥。
2.4 部署
将kubeconfig创建为secret
$ kubectl create secret generic kubernetes-config --from-file=/root/.kube/config
$ kubectl get secret
NAME TYPE DATA AGE
default-token-mcrdh kubernetes.io/service-account-token 3 30h
docker-config Opaque 1 2m48s
kubernetes-config Opaque 1 6s
创建task
cat > deploy-to-k8s.yaml <<EOF
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: deploy-to-k8s
spec:
workspaces:
- name: source
- name: kubernetesconfig
mountPath: /root/.kube
params:
- name: pathToYamlFile
description: The path to the yaml file to deploy within the git source
default: deployment.yaml
- name: IMAGE
- name: TAG
steps:
- name: run-kubectl
image: registry.cn-hangzhou.aliyuncs.com/coolops/kubectl:1.19.16
workingDir: \$(workspaces.source.path)
script: |
sed -i s#IMAGE#\$(params.IMAGE)#g \$(params.pathToYamlFile)
sed -i s#TAG#\$(params.TAG)#g \$(params.pathToYamlFile)
kubectl apply -f \$(params.pathToYamlFile)
EOF
三 整合Pipeline
上面我们已经把每一步整理成了Task,下面就应该进行Pipeline的组合了,然后再声明需要的变量就可以,如下:
cat > pipeline.yaml <<EOF
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: devops-hello-world-pipeline
spec:
workspaces: # 声明 workspaces
- name: go-repo-pvc
- name: docker-config
- name: kubernetes-config
params:
- name: git_url
- name: revision
type: string
default: "master"
- name: gitInitImage
type: string
default: "registry.cn-hangzhou.aliyuncs.com/coolops/tekton-git-init:v0.29"
- name: pathToDockerfile
description: The path to the build context, used by Kaniko - within the workspace
default: .
- name: imageUrl
description: Url of image repository
- name: imageTag
description: Tag to apply to the built image
default: latest
tasks: # 添加task到流水线中
- name: clone
taskRef:
name: git-clone
workspaces:
- name: output
workspace: go-repo-pvc
params:
- name: url
value: \$(params.git_url)
- name: revision
value: \$(params.revision)
- name: gitInitImage
value: \$(params.gitInitImage)
- name: unit-test
workspaces: # 传递 workspaces
- name: source
workspace: go-repo-pvc
taskRef:
name: unit-test
runAfter:
- clone
- name: build-push-image
params:
- name: pathToDockerfile
value: \$(params.pathToDockerfile)
- name: imageUrl
value: \$(params.imageUrl)
- name: imageTag
value: \$(params.imageTag)
taskRef:
name: build-push-image
runAfter:
- unit-test
workspaces: # 传递 workspaces
- name: source
workspace: go-repo-pvc
- name: dockerconfig
workspace: docker-config
- name: deploy-to-k8s
taskRef:
name: deploy-to-k8s
params:
- name: pathToYamlFile
value: deployment.yaml
- name: IMAGE
value: \$(params.imageUrl)
- name: TAG
value: \$(params.imageTag)
workspaces:
- name: source
workspace: go-repo-pvc
- name: kubernetesconfig
workspace: kubernetes-config
runAfter:
- build-push-image
EOF
运行测试
运行测试就是创建PipelineRun,不过在创建之前,我们先创建需要的认证信息。
cat > auth.yaml <<EOF
apiVersion: v1
kind: Secret
metadata:
name: gitlab-auth
annotations:
tekton.dev/git-0: https://gitee.com/ # 这里使用的gitee仓库
type: kubernetes.io/basic-auth
stringData:
username: xxxx
password: xxxx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-build-sa
secrets:
- name: gitlab-auth
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-clusterrole-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: edit
subjects:
- kind: ServiceAccount
name: tekton-build-sa
namespace: default
EOF
四 PipelineRun测试
cat > pipelinerun.yaml <<EOF
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: devops-hello-world-pipeline-run
spec:
pipelineRef:
name: devops-hello-world-pipeline
params:
- name: revision
value: master
- name: git_url
value: https://gitee.com/coolops/devops-hello-world.git
- name: imageUrl
value: registry.cn-hangzhou.aliyuncs.com/coolops/devops-hello-world
- name: imageTag
value: latest
- name: pathToDockerfile
value: Dockerfile
workspaces:
- name: go-repo-pvc
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: openebs-hostpath
resources:
requests:
storage: 1Gi
- name: docker-config
secret:
secretName: docker-config
- name: kubernetes-config
secret:
secretName: kubernetes-config
serviceAccountName: tekton-build-sa
EOF
参考链接
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)