Tekton 是一个功能强大且灵活的 Kubernetes 原生开源框架,用于创建持续集成和交付(CI/CD)系统。通过抽象底层实现细节,用户可以跨多云平台和本地系统进行构建、测试和部署。

本文是基于阿里云Kubernetes服务部署Tekton Pipeline,并使用它完成源码拉取、应用打包、镜像推送和应用部署的实践过程。

Tekton Pipeline中有5类对象,核心理念是通过定义yaml定义构建过程.构建任务的状态存放在status字段中。

其中5类对象分别是:PipelineResouce、Task、TaskRun、Pipeline、PipelineRun。

Task是单个任务的构建过程,需要通过定义TaskRun任务去运行Task。

Pipeline包含多个Task,并在此基础上定义input和output,input和output以PipelineResource作为交付。

PipelineResource是可用于input和output的对象集合。

同样地,需要定义PipelineRun才会运行Pipeline。

1. 在阿里云Kubernetes集群中部署Tekton Pipeline

kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml

查看Tekton Pipelines组件是否运行正常:

$ kubectl -n tekton-pipelines get po

NAME                                                     READY   STATUS      RESTARTS   AGE

tekton-pipelines-controller-6bcd7ff5d6-vzmrh             1/1     Running     0          25h

tekton-pipelines-webhook-6856cf9c47-l6nj6                1/1     Running     0          25h

2. 创建Git Resource, Registry Resource

编辑 git-pipeline-resource.yaml :

apiVersion: tekton.dev/v1alpha1

kind: PipelineResource

metadata:

  name: git-pipeline-resource

spec:

  type: git

  params:

    - name: revision

      value: tekton

    - name: url

      value: https://code.aliyun.com/haoshuwei/jenkins-demo.git

git repo的分支名称为 tekton 。

编辑 registry-pipeline-resource.yaml :

apiVersion: tekton.dev/v1alpha1

kind: PipelineResource

metadata:

  name: registry-pipeline-resource

spec:

  type: image

  params:

    - name: url

      value: registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo

容器镜像仓库地址为 registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo, 标签为 latest

创建pipeline resource:

$ kubectl -n tekton-pipelines create -f git-pipeline-resource.yaml

$ kubectl -n tekton-pipelines create -f registry-pipeline-resource.yaml

查看已创建的pipeline resource资源:

$ kubectl -n tekton-pipelines get PipelineResource

NAME                         AGE

git-pipeline-resource        2h

registry-pipeline-resource   2h

3. 创建Git Repo/Docker Registry Authentication

拉取私有git源码项目需要配置使用Git Repo Authentication;拉取和推送docker镜像需要配置Docker Registry Authentication。在Tekton Pipeline中,Git Repo/Docker Registry Authentication会被定义成ServiceAccount来使用。

编辑 secret tekton-basic-user-pass-git.yaml :

apiVersion: v1

kind: Secret

metadata:

  name: tekton-basic-user-pass-git

  annotations:

    tekton.dev/git-0: https://code.aliyun.com

type: kubernetes.io/basic-auth

stringData:

  username: <cleartext non-encoded>

  password: <cleartext non-encoded>

编辑 secret tekton-basic-user-pass-registry.yaml :

apiVersion: v1

kind: Secret

metadata:

  name: tekton-basic-user-pass-registry

  annotations:

    tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.com

type: kubernetes.io/basic-auth

stringData:

  username: <cleartext non-encoded>

  password: <cleartext non-encoded>

编辑 serviceaccount tekton-git-and-registry.yaml :

apiVersion: v1

kind: ServiceAccount

metadata:

  name: tekton-git-and-registry

secrets:

  - name: tekton-basic-user-pass-git

  - name: tekton-basic-user-pass-registry

创建serviceaccount:

$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-git.yaml

$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-registry.yaml

$ kubectl -n tekton-pipelines create -f tekton-git-and-registry.yaml

查看secret以及sa:

$ kubectl -n tekton-pipelines get secret

NAME                                      TYPE                                  DATA   AGE

default-token-pwncj                       kubernetes.io/service-account-token   3      25h

tekton-basic-user-pass-git                kubernetes.io/basic-auth              2      151m

tekton-basic-user-pass-registry           kubernetes.io/basic-auth              2      151m

tekton-git-and-registry-token-tr95m       kubernetes.io/service-account-token   3      151m

tekton-pipelines-controller-token-lc2fv   kubernetes.io/service-account-token   3      25h

webhook-certs                             Opaque                                3      25h



$  kubectl -n tekton-pipelines get sa

NAME                          SECRETS   AGE

default                       1         25h

tekton-git-and-registry       3         152m

tekton-pipelines-controller   1         25h

4. 配置serviceaccount tekton-git-and-registry获取命名空间tekton-pipelines的管理权限用于部署应用

创建ClusterRoleBinding tekton-cluster-admin :

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: tekton-cluster-admin

subjects:

  - kind: ServiceAccount

    name: tekton-git-and-registry

    namespace: tekton-pipelines

roleRef:

  kind: ClusterRole

  name: cluster-admin

  apiGroup: rbac.authorization.k8s.io

5. 创建一个Task

创建task build-app.yaml :

apiVersion: tekton.dev/v1alpha1

kind: Task

metadata:

  name: build-app

spec:

  inputs:

    resources:

      - name: java-demo

        type: git

    params:

      - name: pathToDockerFile

        description: The path to the dockerfile to build

        default: /workspace/java-demo/Dockerfile

      - name: pathToContext

        description: The build context used by Kaniko

        default: /workspace/java-dem

      - name: pathToYaml

        description: The path to teh manifest to apply

  outputs:

    resources:

      - name: builtImage

        type: image

  steps:

    - name: build-mvn-package

      image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-maven:3.3.9-jdk-8-alpine

      workingDir: /workspace/java-demo

      command:

        - mvn

      args:

        - package

        - -B

        - -DskipTests

    - name: build-docker-image

      image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kaniko:0.6.0

      command:

        - kaniko

      args:

        - --dockerfile=${inputs.params.pathToDockerFile}

        - --destination=${outputs.resources.builtImage.url}

        - --context=${inputs.params.pathToContext}

    - name: deploy-app

      image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kubectl:1.11.5

      command:

        - kubectl

      args:

        - apply

        - -f

        - ${inputs.params.pathToYaml}

6. 创建TaskRun运行任务

创建taskrun build-app-task-run.yaml :

apiVersion: tekton.dev/v1alpha1

kind: TaskRun

metadata:

  name: build-app-task-run

spec:

  serviceAccount: tekton-git-and-registry

  taskRef:

    name: build-app

  trigger:

    type: manual

  inputs:

    resources:

      - name: java-demo

        resourceRef:

          name: git-pipeline-resource

    params:

      - name: pathToDockerFile

        value: Dockerfile

      - name: pathToContext

        value: /workspace/java-demo

      - name: pathToYaml

        value: /workspace/java-demo/deployment.yaml

  outputs:

    resources:

      - name: builtImage

        resourceRef:

          name: registry-pipeline-resource

7. 查看构建状态以及日志

查看taskrun状态:

$ kubectl -n tekton-pipelines get taskrun

NAME                 SUCCEEDED   REASON    STARTTIME   COMPLETIONTIME

build-app-task-run   Unknown     Pending   4s

查看构建日志:

$ kubectl -n tekton-pipelines get po

NAME                                           READY   STATUS    RESTARTS   AGE

build-app-task-run-pod-b8f890                  3/5     Running   0          75s

tekton-pipelines-controller-6bcd7ff5d6-vzmrh   1/1     Running   0          25h

tekton-pipelines-webhook-6856cf9c47-l6nj6      1/1     Running   0          25h



$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890

Error from server (BadRequest): a container name must be specified for pod build-app-task-run-pod-b8f890, choose one of:   [build-step-git-source-git-pipeline-resource-77l5v build-step-build-mvn-package build-step-build-docker-image build-step-deploy-app nop] or one of the init containers: [build-step-credential-initializer-8dsnm build-step-place-tools]

mvn build的日志:

$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-mvn-package

[INFO] Scanning for projects...

[INFO]

[INFO] ------------------------------------------------------------------------

[INFO] Building jenkins-demo-web 1.0.0-SNAPSHOT

[INFO] ------------------------------------------------------------------------

[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom

[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8 KB at 7.3 KB/sec)

[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom

[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9 KB at 26.7 KB/sec)

[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom

[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 KB at 61.3 KB/sec)

[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom

[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 KB at 45.3 KB/sec)

....

docker build的日志:

$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-docker-image

INFO[0000] Downloading base image tomcat

2019/05/06 11:58:46 No matching credentials were found, falling back on anonymous

INFO[0003] Taking snapshot of full filesystem...

INFO[0003] Skipping paths under /builder/home, as it is a whitelisted directory

INFO[0003] Skipping paths under /builder/tools, as it is a whitelisted directory

INFO[0003] Skipping paths under /dev, as it is a whitelisted directory

INFO[0003] Skipping paths under /kaniko, as it is a whitelisted directory

INFO[0003] Skipping paths under /proc, as it is a whitelisted directory

INFO[0003] Skipping paths under /run/secrets/kubernetes.io/serviceaccount, as it is a whitelisted directory

INFO[0003] Skipping paths under /sys, as it is a whitelisted directory

INFO[0003] Skipping paths under /var/run, as it is a whitelisted directory

INFO[0003] Skipping paths under /workspace, as it is a whitelisted directory

INFO[0003] Using files from context: [/workspace/java-demo/target/demo.war]

INFO[0003] ADD target/demo.war /usr/local/tomcat/webapps/demo.war

INFO[0003] Taking snapshot of files...

...

app-deploy的日志:

$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-637855 -c build-step-deploy-app

deployment.extensions/jenkins-java-demo created

service/jenkins-java-demo created

taskrun的完成状态为True则构建部署过程完成:

$ kubectl -n tekton-pipelines get taskrun

NAME                 SUCCEEDED   REASON   STARTTIME   COMPLETIONTIME

build-app-task-run   True                 4m          2m

8. 小结

Tekton Pipeline中任务模板可以拿来复用,而不需要重复定义,另外通过CRD重新定义CI/CD是一大亮点,初学者可能会觉得有些绕。

持续实验持续更新中。

本文作者:流生

原文链接

本文为云栖社区原创内容,未经允许不得转载。

阿里云Kubernetes服务上使用Tekton完成应用发布初体验的更多相关文章

  1. 15分钟在阿里云Kubernetes服务上快速建立Jenkins X Platform并运用GitOps管理应用发布

    本文主要介绍如何在阿里云容器服务Kubernetes上快速安装部署Jenkins X Platform并结合demo实践演示GitOps的操作流程. 注意:本文中使用的jx工具.cloud-envir ...

  2. 在阿里云容器服务上开发基于Docker的Spring Cloud微服务应用

    本文为阿里云容器服务Spring Cloud应用开发系列文章的第一篇. 一.在阿里云容器服务上开发Spring Cloud微服务应用(本文) 二.部署Spring Cloud应用示例 三.服务发现 四 ...

  3. Knative 应用在阿里云容器服务上的最佳实践

    作者|元毅 阿里云智能事业群高级开发工程师 相信通过前面几个章节的内容,大家对 Knative 有了初步的体感,那么在云原生时代如何在云上玩转 Knative?本篇内容就给你带来了 Knative 应 ...

  4. 阿里云Kubernetes服务 - Service Broker快速入门指南

    4月底阿里云容器服务上线了基于Kubernetes集群的服务目录功能.阿里云的容器的服务目录遵循Open Service Broker API标准,提供了一系列的服务代理组件,实现了对主流开源服务如M ...

  5. 品尝阿里云容器服务:用nginx镜像创建容器,体验基于域名的路由机制

    在前一篇博文中我们了解了阿里云容器服务的路由机制: 请求 -> 负载均衡80端口 -> 容器主机9080端口 -> acsrouting路由容器80端口 --基于域名--> W ...

  6. 阿里云容器服务通过LoadBalancer暴露IPv6服务

    背景: IPv4地址已接近枯竭,被誉为下一代互联网技术的IPv6成为新的“全球互联网门牌号”,它可以让地球上的每一粒沙子都拥有地址.当下,各国都在加速推进下一代互联网的部署,工信部也互联网服务商提出了 ...

  7. 利用阿里云容器服务打通TensorFlow持续训练链路

    本系列将利用Docker和阿里云容器服务,帮助您上手TensorFlow的机器学习方案 第一篇:打造TensorFlow的实验环境 第二篇:轻松搭建TensorFlow Serving集群 第三篇:打 ...

  8. 品尝阿里云容器服务:初步尝试ASP.NET Core Web API站点的Docker自动化部署

    部署场景是这样的,我们基于 ASP.NET Core 2.0 Preview 1 开发了一个用于管理缓存的 Web API ,想通过阿里云容器服务基于 Docker 部署为内网服务. 在这篇博文中分享 ...

  9. 阿里云日志服务采集自建Kubernetes日志(标准输出日志)

    日志服务支持通过Logtail采集Kubernetes集群日志,并支持CRD(CustomResourceDefinition)进行采集配置管理.本文主要介绍如何安装并使用Logtail采集Kuber ...

随机推荐

  1. VMware 安装 ubuntu 后安装 VMWare tools

    1.如果 VMware 的安装 VMWare tools 的菜单是灰色, 很可能原因是:    你的 cdrom 被占用着. 关闭系统, 编辑配置, 把cdrom 改为 自动检测. 即不要开始就加载一 ...

  2. Bootstrap常见的类

    一.标题 h1,h2,h3,h4,h5,h6

  3. Linux 下安装和使用 Redis

    系统: CentOS-7-1611 首先安装gcc 因为要make编译 参照官网 wget  下载包 解压  make 编译完成后会在src目录下生成几个可执行文件 然后执行:make install ...

  4. C++函数部分总结

    目录 为什么要使用函数 为什么要用函数重载 C++传参方式 特殊的函数--递归函数 为什么要使用函数 使用函数可以将一个比较复杂的程序系统的分为若干块简洁的模块,使程序更加清晰明了 比如,我们想要模拟 ...

  5. jQuery的deferred对象使用详解【转载】

    一.什么是deferred对象? 开发网站的过程中,我们经常遇到某些耗时很长的javascript操作.其中,既有异步的操作(比如ajax读取服务器数据),也有同步的操作(比如遍历一个大型数组),它们 ...

  6. 微信小程序之上拉加载更多

    loadmore 加载更多(分页加载) 当用户打开一个页面时,假设后台数据量庞大时,一次性地返回所有数据给客户端,页面的打开速度就会有所下降,而且用户只看上面的内容而不需要看后面的内容时,也浪费用户流 ...

  7. meta标签、利用媒体查询 link不同的CSS文件

    利用媒体查询 link不同的CSS文件:<link rel="stylesheet" media="screen and (min-width:1px) and ( ...

  8. kaptcha验证码的使用(转)

    使用kaptcha可以方便的配置: 验证码的字体 验证码字体的大小 验证码字体的字体颜色 验证码内容的范围(数字,字母,中文汉字!) 验证码图片的大小,边框,边框粗细,边框颜色 验证码的干扰线(可以自 ...

  9. python csv文件打开错误:_csv.Error: line contains NULL byte

    当python读取文件出现_csv.Error: line contains NULL byte时, # -*- coding:utf-8 -*- import csv with open(r'E:\ ...

  10. babel 7.x 结合 webpack 4.x 配置

    今天在学习webpack的使用的时候,由于学习的教程是2018年初的,使用的是 webpack 3.x 和 babel 6.x ,然后学习的过程中出现的了很多问题. 解决问题之后,总结一下新的 bab ...