阅读 414

基于tekton和argocd的CICD实现(4/4)

个人博客原文链接

完成镜像推送后自动修改配置仓库yaml信息

前面三篇已经完成了更改代码后自动拉取最新代码并编译打包成镜像,将镜像上传至SWR镜像仓库。同时当配置仓内yaml文件变化时,ArgoCD会自动更新集群内的应用信息。

本篇将整个流程串起来,当镜像更新后,自动更新配置仓内的yaml文件,修改yaml文件内的image字段,从而触发ArgoCD的部署,构建整套的CICD流程。

Task

首先需要一个task能够修改配置仓内的yaml文件。 创建一个update_yaml_task.yaml。Task使用了yq工具用来操作yaml文件,将代码的commit id作为镜像的image tag,修改配置仓内yaml的image字段。

apiVersion: tekton.dev/v1beta1 
kind: Task 
metadata: 
  name: change-manifests 
spec: 
  params: 
    - name: imageurl
    - name: git_url 
      description: Git repository containing manifest files to update
      default: github.com/Myrat92/sample-go.git
    - name: git_email
      default: pipeline@k8s.local 
    - name: git_name 
      default: Tekton Pipeline 
    - name: git_manifest_dir 
      description: Manifests files dir 
      default: demo-go
    - name: tool_image 
      default: cnych/helm-kubectl-curl-git-jq-yq 
  steps: 
    - name: git-push 
      image: $(params.tool_image) 
      env: 
        - name: GIT_USERNAME 
          valueFrom: 
            secretKeyRef: 
              name: gitlab-auth 
              key: username 
              optional: true 
        - name: GIT_PASSWORD 
          valueFrom: 
            secretKeyRef: 
              name: gitlab-auth 
              key: password 
              optional: true 
      command: ["/bin/bash"] 
      args: 
        - -c 
        - | 
          set -eu 
          echo Load environment variables from previous steps 
          # source /workspace/env-config 
          git config --global user.email "$(params.git_email)" 
          git config --global user.name "$(params.git_name)" 
          git clone --branch master --depth 1 http://${GIT_USERNAME}:${GIT_PASSWORD}@$(params.git_url) repo 
          cd "repo/$(params.git_manifest_dir)" 
          ls -l 
          echo old value: 
          cat demo-go-deployment.yaml | yq r - 'spec.template.spec.containers[0].image'
          echo replacing with new value: 
          yq w -i demo-go-deployment.yaml 'spec.template.spec.containers[0].image' "$(params.imageurl)"
          echo verifying new value 
          yq r demo-go-deployment.yaml spec.template.spec.containers[0].image
          if ! git diff-index --quiet HEAD --; then 
            git status 
            git add . 
            git commit -m "auto updated yaml by tekton pipeline" 
            git push 
          else 
              echo "no changes, git repository is up to date" 
          fi 
复制代码

同时需要GitHub的密钥 登录自己GitHub账号中进入Setting -> Developer setting -> Personal access tokens,可以生成访问令牌。 创建secret.yaml,将上面生成的访问令牌填入password供该task访问GitHub使用。

apiVersion: v1
kind: Secret
metadata:
  name: gitlab-auth
type: Opaque
stringData:
  username: <USERNAME>
  password: <PASSWORD>
复制代码

Pipeline

修改第一篇中的Pipeline,在最后加入刚刚创建的Task,并且设置runAfterbuildpacks,表示在buildpacks执行完之后再执行更新yaml的操作。

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: buildpacks-test-pipeline
spec:
  params:
  - name: imageurl
  workspaces:
  - name: shared-workspace
  resources:
  - name: build-image
    type: image
  tasks:
  - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task we installed
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-workspace
    params:
    - name: url
      value: https://github.com/Myrat92/sample-go
    - name: subdirectory
      value: ""
    - name: deleteExisting
      value: "true"
  - name: buildpacks # This task uses the `buildpacks` task to build the application
    taskRef:
      name: buildpacks
    runAfter:
    - fetch-repository
    workspaces:
    - name: source
      workspace: shared-workspace
    params:
    - name: imageurl
      value: $(params.imageurl)
    - name: SOURCE_SUBPATH
      value: '' # This is the path within our samples repo we want to build
    - name: BUILDER_IMAGE
      value: 'paketobuildpacks/builder:base' # This is the builder we want the task to use
    - name: CACHE
      value: buildpacks-cache
    resources:
      outputs:
      - name: image
        resource: build-image
  - name: update-yaml # Update image url to yaml
    taskRef:
      name: change-manifests
    runAfter:
    - buildpacks
    params:
    - name: imageurl
      value: $(params.imageurl) 
复制代码

测试

至此整套CICD就搭建完成了。 我们修改我们项目的源码,并push到GitHub仓库,Tekton就会自动拉取对应代码并构建为镜像,并将commit id作为镜像tag,将镜像推送至SWR仓库。之后Tekton会修改配置仓库内应用yaml的image字段,更新其tag为最新镜像的tag。然后ArgoCD会监测到配置仓库的变化,自动同步集群内的应用信息,应用拉取对应tag的镜像,完成应用升级。

文章分类
后端
文章标签