本文基于Google的GKE搭建的kubernetes集群,所以不存在墙的问题。
本地使用WSL2安装gcloud工具访问GKE。
远程镜像仓库采用华为云的SWR服务。
使用buildpacks实现基于代码自动构建镜像并推送至远程仓库
本章使用tekton构建工作流,使用Buildpacks无需Dockerfile从源码构建镜像,并将镜像推送至华为云SWR镜像仓库。
安装tekton
# 安装tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# 安装tekton CLI
# 可以去github下载安装 https://github.com/tektoncd/cli/releases
# 安装tekton dashboard
kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml
# 对外暴露tekton dashboard
# 本地浏览器访问`loaclhost:9097`即可访问tekton dashboard
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
Task
Task是一个任务执行模板,task定义中可以包含变量,可以由taskrun传入。Task的steps字段表示有哪些步骤,每一个步骤就是基于镜像启动一个container执行一些操作,container的启动参数可以通过task的入参进行配置。
# 部署buildpacks task
# Buildpacks task使用Cloud Native Buildpacks能够将源码构建成镜像并推送到仓库。
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.1/buildpacks.yaml
# 部署git-clone task
# git-clone task用来ckone repository
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.2/git-clone.yaml
创建文件buildpacks_vpc.yaml定义buildpacks需要的pvc,一个用来放源码,一个作为构建镜像时的缓存
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: buildpacks-source-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: buildpacks-cache-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
Authorization
如果使用本地镜像仓库,则不需要授权
创建文件swr_auth.yaml,定义需要的secret和sa
apiVersion: v1
kind: Secret
metadata:
name: basic-user-pass
annotations:
tekton.dev/docker-0: swr.cn-north-1.myhuaweicloud.com
type: kubernetes.io/basic-auth
stringData:
username: <USERNAME>
password: <PASSWORD>
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: buildpacks-service-account
secrets:
- name: basic-user-pass
Pipeline
Pipeline可以编排多个task,pipeline的params声明了执行时的入参,spec.tasks定义了需要编排的task,通过runAfter可以定义task执行的顺序。在编排task的时候在spec.tasks.params中可以指定传入task的参数。 创建文件buildpacks_pipeline.yaml,PipelineResource是用来在task之间共享资源的,这里把image的url放在PipelineResource里,这样所有的task就可以共享这些信息了。
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: buildpacks-app-image
spec:
type: image
params:
- name: url
value: swr.cn-north-1.myhuaweicloud.com/zhf/demo-go #This defines the name of output image
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: buildpacks-test-pipeline
spec:
workspaces:
- name: shared-workspace
resources:
- name: build-image
type: image
tasks:
- name: fetch-repository # This task fetches a repository from github, using the `git-clone` task we installed
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-workspace
params:
- name: url
value: https://github.com/Myrat92/sample-go
- name: subdirectory
value: ""
- name: deleteExisting
value: "true"
- name: buildpacks # This task uses the `buildpacks` task to build the application
taskRef:
name: buildpacks
runAfter:
- fetch-repository
workspaces:
- name: source
workspace: shared-workspace
params:
- name: SOURCE_SUBPATH
value: 'apps/java-maven' # This is the path within our samples repo we want to build
- name: BUILDER_IMAGE
value: 'paketobuildpacks/builder:base' # This is the builder we want the task to use
- name: CACHE
value: buildpacks-cache
resources:
outputs:
- name: image
resource: build-image
使用kubectl应用这些配置
kubectl apply -f buildpacks_vpc.yaml swr_auth.yaml buildpacks_pipeline.yaml
PipelineRun
Task和Pipeline都是一些模板,真正执行需要PipelineRun。PipelineRun可以给Pipeline传参,并执行Pipeline。
创建文件buildpacks_pipelinerun.yaml,spec.pipelineRef.name指定了要执行的Pipeline:buildpacks-test-pipeline。
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: buildpacks-test-pipeline-run
spec:
serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
pipelineRef:
name: buildpacks-test-pipeline
workspaces:
- name: shared-workspace
persistentvolumeclaim:
claimName: buildpacks-source-pvc
resources:
- name: build-image
resourceRef:
name: buildpacks-app-image
podTemplate:
volumes:
- name: buildpacks-cache
persistentVolumeClaim:
claimName: buildpacks-cache-pvc
使用kubectl应用配置
kubectl apply -f run.yml
查看运行日志
使用kubectl命令可以查看PipelineRun的日志
kubectl describe pipelinerun buildpacks-test-pipeline-run
也可以本地浏览器访问http://localhost:9097/#/namespaces/default/pipelineruns
在tekton dashboard上查看日志
参考链接
