阅读 401

基于Tekton和Argocd的CICD实现(1/4)

本文基于Google的GKE搭建的kubernetes集群,所以不存在墙的问题。

本地使用WSL2安装gcloud工具访问GKE。

远程镜像仓库采用华为云的SWR服务。

个人博客原文地址


使用buildpacks实现基于代码自动构建镜像并推送至远程仓库

本章使用tekton构建工作流,使用Buildpacks无需Dockerfile从源码构建镜像,并将镜像推送至华为云SWR镜像仓库。

安装tekton

# 安装tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

# 安装tekton CLI
# 可以去github下载安装  https://github.com/tektoncd/cli/releases

# 安装tekton dashboard
kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml

# 对外暴露tekton dashboard
# 本地浏览器访问`loaclhost:9097`即可访问tekton dashboard
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
复制代码

Task

Task是一个任务执行模板,task定义中可以包含变量,可以由taskrun传入。Task的steps字段表示有哪些步骤,每一个步骤就是基于镜像启动一个container执行一些操作,container的启动参数可以通过task的入参进行配置。

# 部署buildpacks task
# Buildpacks task使用Cloud Native Buildpacks能够将源码构建成镜像并推送到仓库。
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.1/buildpacks.yaml

# 部署git-clone task
# git-clone task用来ckone repository
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.2/git-clone.yaml
复制代码

创建文件buildpacks_vpc.yaml定义buildpacks需要的pvc,一个用来放源码,一个作为构建镜像时的缓存

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: buildpacks-source-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: buildpacks-cache-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi
复制代码

Authorization

如果使用本地镜像仓库,则不需要授权

创建文件swr_auth.yaml,定义需要的secret和sa

apiVersion: v1
kind: Secret
metadata:
    name: basic-user-pass
    annotations:
        tekton.dev/docker-0: swr.cn-north-1.myhuaweicloud.com
type: kubernetes.io/basic-auth
stringData:
    username: <USERNAME> 
    password: <PASSWORD>
---
apiVersion: v1
kind: ServiceAccount
metadata:
    name: buildpacks-service-account
secrets:
    - name: basic-user-pass
复制代码

Pipeline

Pipeline可以编排多个task,pipeline的params声明了执行时的入参,spec.tasks定义了需要编排的task,通过runAfter可以定义task执行的顺序。在编排task的时候在spec.tasks.params中可以指定传入task的参数。 创建文件buildpacks_pipeline.yaml,PipelineResource是用来在task之间共享资源的,这里把image的url放在PipelineResource里,这样所有的task就可以共享这些信息了。

apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
  name: buildpacks-app-image 
spec:
  type: image
  params:
    - name: url
      value: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go #This defines the name of output image
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: buildpacks-test-pipeline
spec:
  workspaces:
  - name: shared-workspace
  resources:
  - name: build-image
    type: image
  tasks:
  - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task we installed
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-workspace
    params:
    - name: url
      value: https://github.com/Myrat92/sample-go
    - name: subdirectory
      value: ""
    - name: deleteExisting
      value: "true"
  - name: buildpacks # This task uses the `buildpacks` task to build the application
    taskRef:
      name: buildpacks
    runAfter:
    - fetch-repository
    workspaces:
    - name: source
      workspace: shared-workspace
    params:
    - name: SOURCE_SUBPATH
      value: 'apps/java-maven' # This is the path within our samples repo we want to build
    - name: BUILDER_IMAGE
      value: 'paketobuildpacks/builder:base' # This is the builder we want the task to use
    - name: CACHE
      value: buildpacks-cache
    resources:
      outputs:
      - name: image
        resource: build-image
复制代码

使用kubectl应用这些配置

kubectl apply -f buildpacks_vpc.yaml swr_auth.yaml buildpacks_pipeline.yaml
复制代码

PipelineRun

Task和Pipeline都是一些模板,真正执行需要PipelineRun。PipelineRun可以给Pipeline传参,并执行Pipeline。 创建文件buildpacks_pipelinerun.yaml,spec.pipelineRef.name指定了要执行的Pipeline:buildpacks-test-pipeline

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: buildpacks-test-pipeline-run
spec:
  serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
  pipelineRef:
    name: buildpacks-test-pipeline
  workspaces:
  - name: shared-workspace
    persistentvolumeclaim:
      claimName: buildpacks-source-pvc
  resources:
  - name: build-image
    resourceRef:
      name: buildpacks-app-image
  podTemplate:
    volumes:
    - name: buildpacks-cache
      persistentVolumeClaim:
        claimName: buildpacks-cache-pvc
复制代码

使用kubectl应用配置

kubectl apply -f run.yml
复制代码

查看运行日志

使用kubectl命令可以查看PipelineRun的日志

kubectl describe pipelinerun buildpacks-test-pipeline-run
复制代码

也可以本地浏览器访问http://localhost:9097/#/namespaces/default/pipelineruns 在tekton dashboard上查看日志

参考链接

文章分类
后端
文章标签