完成镜像推送后自动修改配置仓库yaml信息
前面三篇已经完成了更改代码后自动拉取最新代码并编译打包成镜像,将镜像上传至SWR镜像仓库。同时当配置仓内yaml文件变化时,ArgoCD会自动更新集群内的应用信息。
本篇将整个流程串起来,当镜像更新后,自动更新配置仓内的yaml文件,修改yaml文件内的image字段,从而触发ArgoCD的部署,构建整套的CICD流程。
Task
首先需要一个task能够修改配置仓内的yaml文件。 创建一个update_yaml_task.yaml。Task使用了yq工具用来操作yaml文件,将代码的commit id作为镜像的image tag,修改配置仓内yaml的image字段。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: change-manifests
spec:
params:
- name: imageurl
- name: git_url
description: Git repository containing manifest files to update
default: github.com/Myrat92/sample-go.git
- name: git_email
default: pipeline@k8s.local
- name: git_name
default: Tekton Pipeline
- name: git_manifest_dir
description: Manifests files dir
default: demo-go
- name: tool_image
default: cnych/helm-kubectl-curl-git-jq-yq
steps:
- name: git-push
image: $(params.tool_image)
env:
- name: GIT_USERNAME
valueFrom:
secretKeyRef:
name: gitlab-auth
key: username
optional: true
- name: GIT_PASSWORD
valueFrom:
secretKeyRef:
name: gitlab-auth
key: password
optional: true
command: ["/bin/bash"]
args:
- -c
- |
set -eu
echo Load environment variables from previous steps
# source /workspace/env-config
git config --global user.email "$(params.git_email)"
git config --global user.name "$(params.git_name)"
git clone --branch master --depth 1 http://${GIT_USERNAME}:${GIT_PASSWORD}@$(params.git_url) repo
cd "repo/$(params.git_manifest_dir)"
ls -l
echo old value:
cat demo-go-deployment.yaml | yq r - 'spec.template.spec.containers[0].image'
echo replacing with new value:
yq w -i demo-go-deployment.yaml 'spec.template.spec.containers[0].image' "$(params.imageurl)"
echo verifying new value
yq r demo-go-deployment.yaml spec.template.spec.containers[0].image
if ! git diff-index --quiet HEAD --; then
git status
git add .
git commit -m "auto updated yaml by tekton pipeline"
git push
else
echo "no changes, git repository is up to date"
fi
同时需要GitHub的密钥
登录自己GitHub账号中进入Setting -> Developer setting -> Personal access tokens,可以生成访问令牌。
创建secret.yaml,将上面生成的访问令牌填入password供该task访问GitHub使用。
apiVersion: v1
kind: Secret
metadata:
name: gitlab-auth
type: Opaque
stringData:
username: <USERNAME>
password: <PASSWORD>
Pipeline
修改第一篇中的Pipeline,在最后加入刚刚创建的Task,并且设置runAfter为buildpacks,表示在buildpacks执行完之后再执行更新yaml的操作。
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: buildpacks-test-pipeline
spec:
params:
- name: imageurl
workspaces:
- name: shared-workspace
resources:
- name: build-image
type: image
tasks:
- name: fetch-repository # This task fetches a repository from github, using the `git-clone` task we installed
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-workspace
params:
- name: url
value: https://github.com/Myrat92/sample-go
- name: subdirectory
value: ""
- name: deleteExisting
value: "true"
- name: buildpacks # This task uses the `buildpacks` task to build the application
taskRef:
name: buildpacks
runAfter:
- fetch-repository
workspaces:
- name: source
workspace: shared-workspace
params:
- name: imageurl
value: $(params.imageurl)
- name: SOURCE_SUBPATH
value: '' # This is the path within our samples repo we want to build
- name: BUILDER_IMAGE
value: 'paketobuildpacks/builder:base' # This is the builder we want the task to use
- name: CACHE
value: buildpacks-cache
resources:
outputs:
- name: image
resource: build-image
- name: update-yaml # Update image url to yaml
taskRef:
name: change-manifests
runAfter:
- buildpacks
params:
- name: imageurl
value: $(params.imageurl)
测试
至此整套CICD就搭建完成了。 我们修改我们项目的源码,并push到GitHub仓库,Tekton就会自动拉取对应代码并构建为镜像,并将commit id作为镜像tag,将镜像推送至SWR仓库。之后Tekton会修改配置仓库内应用yaml的image字段,更新其tag为最新镜像的tag。然后ArgoCD会监测到配置仓库的变化,自动同步集群内的应用信息,应用拉取对应tag的镜像,完成应用升级。
