tekton安装
安装完成后查看pod是否启动成功
oc get pods --namespace tekton-pipelines --watch
如果有两个running的pod则代表成功;
安装成功后可以看到对应的k8s的命名空间会多出来一个tekton-pipelines, 此名称实在release.yaml中进行设定的 查看命令:
oc get namespaces
tkn 安装
查看tektoncd task taskrun的一个命令行小工具 github.com/tektoncd/cl… 比如,查看taskrun列表, 列表中包含对应的运行时长以及状态 命令:
tkn taskrun -n tekton-pipelines list
dashboard安装
#下载dashboard的文件: https://raw.githubusercontent.com/tektoncd/dashboard/master/config/release/gcr-tekton-dashboard.yaml
#修改对应是Service:
kind: Service
apiVersion: v1
metadata:
name: tekton-dashboard
namespace: tekton-pipelines
labels:
app: tekton-dashboard
spec:
type: NodePort # 新增, 启动后默认会将9097端口映射出来
ports:
- name: http
protocol: TCP
port: 9097
targetPort: 9097
selector:
app: tekton-dashboard
# 将deployment中的image替换 (此地址需要替换为自己的可以访问的镜像仓库地址)
j-hub.test.com/tektoncd/tekton-dashboard:latest
然后启动
简单的示例
没有输入输出的测试
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: echo-hello-world
spec:
steps:
- name: echo
image: j-hub.test.com/jeci/docker:stable-git
command:
- echo
args:
- "hello world"
---
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: echo-hello-world-task-run
spec:
taskRef:
name: echo-hello-world
执行对应的命令:
# 启动taskrun
kubectl -n tekton-pipelines apply -f hello-world.yaml
# 查看启动后的ya m l
kubectl -n tekton-pipelines get taskruns/echo-hello-world-task-run -o yaml
执行完启动命令后, 可以在console.testevops.okstack.com:8443 中找到对应的命名空间te ton-pipelines 进入到pods中可以看到对应的echo-hello-world-task-run-pod-随机字符然后在logs页签中可以查看到对应的输出hello world
可以使用tkn 命令查看对应taskrun运行的状态, 命令如下:
tkn taskrun -n tekton-pipelines list
含有输入输出的示例
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: skaffold-git
spec:
type: git
params:
- name: revision
value: master
- name: url
value: https://github.com/GoogleContainerTools/skaffold
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: skaffold-image-leeroy-web
spec:
type: image
params:
- name: url
value: j-hub.test.com/tektoncd
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-docker-image-from-git-source
spec:
inputs:
resources:
- name: docker-source
type: git
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/docker-source/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: /workspace/docker-source
outputs:
resources:
- name: builtImage
type: image
steps:
- name: build-and-push
image: j-hub.test.com/tektoncd/kanikp-executor:latest
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
command:
- /kaniko/executor
args:
- --dockerfile=$(inputs.params.pathToDockerFile)
- --destination=$(outputs.resources.builtImage.url)
- --context=$(inputs.params.pathToContext)
---
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: build-docker-image-from-git-source-task-run
spec:
taskRef:
name: build-docker-image-from-git-source
inputs:
resources:
- name: docker-source
resourceRef:
name: skaffold-git
params:
- name: pathToDockerFile
value: Dockerfile
- name: pathToContext
value: /workspace/docker-source/examples/microservices/leeroy-web
outputs:
resources:
- name: builtImage
resourceRef:
name: skaffold-image-leeroy-web
启动命令如上
其他示例讲解: juejin.cn/post/684490…
使用私有的代码库
配置Secret
# tekton-basic-user-pass-git.yaml
apiVersion: v1
kind: Secret
metadata:
name: tekton-basic-user-pass-git
namespace: tekton-pipelines # 作用与哪个namespace
annotations:
tekton.dev/git-0: http://git.test.com
type: kubernetes.io/basic-auth
stringData:
username: admin
password: passwd
启动
kubectl -n tekton-pipelines apply -f tekton-basic-user-pass-git.yaml
配置ServiceAccount
# tekton-git-and-registry.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
# 第3处
name: tekton-git-and-registry
secrets:
# 此处的name 可以配置多个, 也就意味着有多个Secret
- name: tekton-basic-user-pass-git # 为tekton-basic-user-pass-git.yaml设置的metadata.name值
- name: tekton-basic-user-pass-registry
启动
kubectl -n tekton-pipelines apply -f tekton-git-and-registry.yaml
在taskrun中配置ServiceAccount
# git-test-task-run.yaml
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: jex-test-git # 第4处
spec:
type: git
params:
- name: revision
value: master
- name: url
value: http://git.test.com/jex/jex-test.git
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
# 第2处
name: jex-test-git-web
spec:
type: image
params:
- name: url
# 任务输出到的镜像仓库, tektoncd为项目名称, jex-test为构建镜像的名称, 同时会自动构建完成后会自动天际latest标签 即出来的镜像为j-hub.test.com/tektoncd/jex-test:latest
value: j-hub.test.com/tektoncd/jex-test
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: git-task
spec:
inputs: # task 默认的输入
resources:
- name: docker-source
type: git
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/docker-source/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
default: /workspace/docker-source
outputs: #task默认的输出
resources:
- name: builtImage
type: image
steps:
- name: build-and-push
image: j-hub.test.com/tektoncd/kanikp-executor:latest
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
command:
- /kaniko/executor
args:
- --insecure
- --dockerfile=$(inputs.params.pathToDockerFile) # 从taskrun中传入的参数值
- --destination=$(outputs.resources.builtImage.url)
- --context=$(inputs.params.pathToContext)
---
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: git-task-task-run-3
spec:
taskRef:
name: git-task # 此taskrun要运行的task名字,即Kind: Task中的matedata.name
inputs: # 作为task的输入
resources:
# 此name的名称决定了代码的下载到的目录,git拉取代码可以认为是一个默认的steps,这个steps的逻辑里Tekton会把代码放到/workspace/{resources.name}, 此处我们定义的resources.name=docker-source, 因此下载的代码会被下载到/workspace/docker-source中 -------- 第1处
- name: docker-source
resourceRef:
name: jex-test-git # 具体使用的pipelineResource的metadata.name 即 使用 第4处 的metadata.name
params: # 执行时把参数传给Task,这样就不需要重复定义task,只需要增加input output 和taskrun 就可以跑一个别的工程
- name: pathToDockerFile
value: Dockerfile
- name: pathToContext
#
value: /workspace/docker-source
outputs: # task的输出
resources:
- name: builtImage
resourceRef:
name: jex-test-git-web # 使用 第2处 的metadata.name
# tekton-git-and-registry.yaml中metadata.name 即 第3处 的metadata.names
serviceAccount: tekton-git-and-registry
taskRef:
name: git-task
运行task-run
kubectl -n tekton-pipelines apply -f git-test-tasl-run.yaml
此示例中:
输出是镜像, 把构建好的镜像push到jex-test-git-web中设定的仓库
上面的git-test-task-run.yaml文件, 其实每个已---进行分割的都可以单独作为一个文件
因为每次出发我们仅仅运行taskrun节点接口(每次运行名字不可以重复);
一个项目的构建地址不会频繁的修改, 如果有修改可以先把历史的删除掉, 命令如下:
kubectl -n tekton-pipelines delete pipelineresources jex-test-git
然后在启动即可, 对应的文件名最好不要修改, 如果修改会引发后续联动的修改;
如果项目的构建命令修改,则需要修改task中的编译命令, 则需要删除历史的task, 命令如下:
kubectl -n tekton-pipelines delete task git-task
然后在启动即可
Task中的step包含多个步骤
注: PipelineResource与上文中的一样, 如果在同一个命名空间下已经启动了这两个, 则不需要再单独的创建
下面为task.yaml
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-task-3
spec:
inputs:
resources:
- name: docker-source
type: git
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/docker-source/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
default: /workspace/docker-source
outputs:
resources:
- name: builtImage
type: image
steps:
- name: maven
image: j-hub.test.com/tektoncd/maven:3.5.0-testk8-alpine
# 指定maven命令执行的工作目录, 此目录为上一节中第1处的描述
workingDir: /workspace/docker-source
command:
- mvn
args:
- clean
- package
- -D maven.test.skip=true
- name: build-and-push
image: j-hub.test.com/tektoncd/kanikp-executor:latest
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
command:
- /kaniko/executor
args:
- --insecure
- --dockerfile=$(inputs.params.pathToDockerFile)
- --destination=$(outputs.resources.builtImage.url)
- --context=$(inputs.params.pathToContext)
对于初学者来说在同一个steps中含有多个步骤有一个不太容易注意的点就是 两个步骤之间需要有一个空行; 如果没有此空行 在使用taskrun的时候会直接报错, 导致对应的pod无法启动成功
单独定义一个Task-run, 格式参考上面中的节点git-task-task-run-3即可 , 需要把对应taskRef.name修改为task.yaml中的name(build-task-3)
分别启动task.yaml task-run.yaml即可 ; 在对应的pod中可以看到两个对应的步骤
###pipeline
pipeline的触发是使用的pipelinerun触发的
测试例子 pipeline.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: default-cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: unit-tests
spec:
steps:
- name: run-tests
image: j-hub.test.com/tektoncd/maven:3.5.0-testk8-alpine
command:
- /bin/bash
args:
- -c
- |
echo "111111"
sleep 10000
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-push
spec:
steps:
- name: build-and-push
image: j-hub.test.com/tektoncd/maven:3.5.0-testk8-alpine
command:
- /bin/bash
args:
- -c
- |
echo "22222"
sleep 10000
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: demo-deploy-kubectl
spec:
steps:
- name: replace-image
image: j-hub.test.com/tektoncd/maven:3.5.0-testk8-alpine
command:
- /bin/bash
args:
- -c
- |
echo "333333"
sleep 10000
- name: run-kubectl
image: j-hub.test.com/tektoncd/maven:3.5.0-testk8-alpine
command:
- /bin/bash
args:
- -c
- |
echo "444444"
sleep 10000
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: demo-pipeline
spec:
tasks:
# 每一个name都对应一个pod
- name: skaffold-unit-tests
taskRef:
name: unit-tests
- name: build-skaffold-web
runAfter: [skaffold-unit-tests] #含有此参数说明此节点需要在skaffold-unit-tests节点之后才能运行,对应的pod也是在skaffold-unit-tests节点运行完成之后pod才会创建
taskRef:
name: build-push
- name: build-skaffold-app
taskRef:
name: build-push
- name: deploy-app
taskRef:
name: demo-deploy-kubectl
- name: deploy-web
taskRef:
name: demo-deploy-kubectl
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: demo-pipeline-run-1
spec:
pipelineRef:
name: demo-pipeline
serviceAccount: 'default'
如果节点中含有resource, 可以在pipeline中传入, 如下 :
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: jex-test-git-branch
spec:
type: git
params:
- name: revision
value: master
- name: url
value: http://test.test.com/jex/jex-test.git
省略jex-test-git-commit jex-test-git-tag 定义
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: unit-tests
spec:
inputs:
resources:
- name: jex-test-git-branch-re #pipeline spec.tasks.inputs.resources.name
type: git
省略下面的steps
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: demo-pipeline-30
spec:
tasks:
- name: skaffold-unit-tests
taskRef:
name: unit-tests
inputs:
resources:
- name: jex-test-git-branch-re # 在对应的task name == unit-tests中中引用此名称即可
resourceRes:
name: jex-test-git-branch # pipelineResource metadata.name
可以有多个-name 表示此 pipeline可以并行多个task(前提是在pipeline的task中没有使用runAfter | from属性)
也可以在pipelineRun中传入, 如下:
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: jex-test-git-branch
spec:
type: git
params:
- name: revision
value: master
- name: url
value: http://test.test.com/jex/jex-test.git
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: unit-tests
spec:
inputs:
resources:
- name: jex-test-git-branch-pipeline #pipeline spec.tasks.inputs.resources.name
type: git
省略下面的steps
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: {{ pipelineName }}
spec:
resources:
- name: {{ pipelineName }}-{{ resource["name"] }}
type: {{ resource["type"] }}
tasks:
- name: {{ task["taskName"] }}
taskRef: {{ task["taskName"] }}
resources:
inputs:
- name: jex-test-git-branch-pipeline
resource:
name: jex-test-git-branch-pipelinerun # pipelinerun resources.name
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: {{ pipelineRunName }}
spec:
pipelineRef:
name: {{ pipelineName }}
serviceAccount: {{ serviceAccount }}
resources:
- name: jex-test-git-branch-pipelinerun
resourceRef:
name: jex-test-git-branch # pipelineResource metadata.name
pipeline Run参数传递
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
labels:
build-config-id: '408'
commit: cafebef
jobe-id: '161'
project-id: '498'
name: bc-408-job-161-plr
namespace: tekton-pipelines
spec:
params: #----------------------------------------------------------- 第一处
- name: imageName #需要传入的参数的名字
value: j-hub.test.com/tektoncd/jex-test # 参数的值
- name: dockerfilePath
value: jex-test/bin/conf/Dockerfile
- name: contextPath
value: jex-test
- name: tag
value: cafebef-20191014180454
pipelineRef:
name: bc-408-pl
resources:
- name: git-bc-408-resource
resourceRef:
name: git-bc-408-resource
serviceAccount: pr-498-sa
---
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
labels:
build-config-id: '408'
project-id: '498'
name: bc-408-pl
namespace: tekton-pipelines
spec:
params: #----------------------------------------------------------- 第二处
- name: tag
type: string # 类型必须传入, 如果不传入对应的pod无法正常启动
- name: dockerfilePath
type: string
- name: contextPath
type: string
- name: imageName
type: string
resources:
- name: git-bc-408-resource
type: git
tasks:
- name: bc-compile-408-task
params:
- name: tag # 对应task中需要的参数
value: $(params.tag) #----------------------------------------------- 第三处
- name: dockerfilePath
value: $(params.dockerfilePath)
- name: contextPath
value: $(params.contextPath)
- name: imageName
value: $(params.imageName)
resources:
inputs:
- name: git-bc-408-resource
resource: git-bc-408-resource
taskRef:
name: bc-compile-408-task
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
clusterName: ''
creationTimestamp: '2019-10-14T10:04:49Z'
generation: 1
labels:
build-config-id: '408'
project-id: '498'
name: bc-compile-408-task
namespace: tekton-pipelines
resourceVersion: '110567472'
selfLink: >-
/apis/tekton.dev/v1alpha1/namespaces/tekton-pipelines/tasks/bc-compile-408-task
uid: 0f19da94-ee6a-11e9-9586-40f2e9cef902
spec:
inputs:
params:
- name: tag
type: string # 必须传入参数的类型
- name: dockerfilePath
type: string
- name: contextPath
type: string
- name: imageName
type: string
resources:
- name: git-bc-408-resource
targetPath: jex-test
type: git
steps:
- args:
- mvn clean -U package -Dmaven.test.skip=true
command:
- /bin/bash
- '-c'
env:
- name: DOCKER_CONFIG
value: /builder/home/.docker/
image: 'j-hub.test.com/jeci/maven:3.0.4-testk-1.8'
name: bc-compile
workingDir: /workspace/jex-test
- args:
- '--insecure'
- '--insecure-pull'
- '--dockerfile=/workspace/$(inputs.params.dockerfilePath)' # 真正用到参数的值
- '--destination=$(inputs.params.imageName):$(inputs.params.tag)'
- '--context=/workspace/$(inputs.params.contextPath)'
command:
- /kaniko/executor
env:
- name: DOCKER_CONFIG
value: /builder/home/.docker/
image: 'j-hub.test.com/tektoncd/kanikp-executor:fix-insecure'
name: docker-build-and-push
workingDir: /workspace/jex-test
参数可以直接在pipeline中传入, 在pipeline run中的第一处删除, pipeline中的第二处去掉, 真正的值在第三处传入即可
小点汇总
- 使用kaniko构建&push镜像, 设定镜像tag
- --destination=$(outputs.resources.builtImage.url):tag name
- pipeline中引用的task如果在没有使用runAfter参数的话, 默认是并行的
- taskRun中定义的多个step是串行的
- pipelineRun中可以对task根据具体的需求进行编排, 也就是可串 可并
删除对应资源命令
# 删除某个命名空间下的某个资源, 最后一个参数是对应的资源名称
kubectl -n tekton-pipelines delete secrets basic-user-pass
kubectl -n tekton-pipelines delete serviceaccounts build-bot
kubectl -n tekton-pipelines delete pipelineresources skaffold-image-leeroy-web
kubectl -n tekton-pipelines delete pipelineresources skaffold-git
kubectl -n tekton-pipelines delete taskruns build-docker-image-from-git-source-task-run
kubectl -n tekton-pipelines delete task build-docker-image-from-git-source
