阿里云Kubernetes服务上使用Tekton完成应用发布初体验
生活随笔
收集整理的這篇文章主要介紹了
阿里云Kubernetes服务上使用Tekton完成应用发布初体验
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
Tekton 是一個(gè)功能強(qiáng)大且靈活的 Kubernetes 原生開(kāi)源框架,用于創(chuàng)建持續(xù)集成和交付(CI/CD)系統(tǒng)。通過(guò)抽象底層實(shí)現(xiàn)細(xì)節(jié),用戶可以跨多云平臺(tái)和本地系統(tǒng)進(jìn)行構(gòu)建、測(cè)試和部署。
本文是基于阿里云Kubernetes服務(wù)部署Tekton Pipeline,并使用它完成源碼拉取、應(yīng)用打包、鏡像推送和應(yīng)用部署的實(shí)踐過(guò)程。
Tekton Pipeline中有5類對(duì)象,核心理念是通過(guò)定義yaml定義構(gòu)建過(guò)程.構(gòu)建任務(wù)的狀態(tài)存放在status字段中。
其中5類對(duì)象分別是:PipelineResouce、Task、TaskRun、Pipeline、PipelineRun。
Task是單個(gè)任務(wù)的構(gòu)建過(guò)程,需要通過(guò)定義TaskRun任務(wù)去運(yùn)行Task。
Pipeline包含多個(gè)Task,并在此基礎(chǔ)上定義input和output,input和output以PipelineResource作為交付。
PipelineResource是可用于input和output的對(duì)象集合。
同樣地,需要定義PipelineRun才會(huì)運(yùn)行Pipeline。
1. 在阿里云Kubernetes集群中部署Tekton Pipeline
kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml查看Tekton Pipelines組件是否運(yùn)行正常:
$ kubectl -n tekton-pipelines get po NAME READY STATUS RESTARTS AGE tekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25h tekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h2. 創(chuàng)建Git Resource, Registry Resource
編輯?git-pipeline-resource.yaml?:
apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata:name: git-pipeline-resource spec:type: gitparams:- name: revisionvalue: tekton- name: urlvalue: https://code.aliyun.com/haoshuwei/jenkins-demo.gitgit repo的分支名稱為?tekton?。
編輯?registry-pipeline-resource.yaml?:
apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata:name: registry-pipeline-resource spec:type: imageparams:- name: urlvalue: registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo容器鏡像倉(cāng)庫(kù)地址為?registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo, 標(biāo)簽為?latest
創(chuàng)建pipeline resource:
$ kubectl -n tekton-pipelines create -f git-pipeline-resource.yaml $ kubectl -n tekton-pipelines create -f registry-pipeline-resource.yaml查看已創(chuàng)建的pipeline resource資源:
$ kubectl -n tekton-pipelines get PipelineResource NAME AGE git-pipeline-resource 2h registry-pipeline-resource 2h3. 創(chuàng)建Git Repo/Docker Registry Authentication
拉取私有g(shù)it源碼項(xiàng)目需要配置使用Git Repo Authentication;拉取和推送docker鏡像需要配置Docker Registry Authentication。在Tekton Pipeline中,Git Repo/Docker Registry Authentication會(huì)被定義成ServiceAccount來(lái)使用。
編輯 secret?tekton-basic-user-pass-git.yaml?:
apiVersion: v1 kind: Secret metadata:name: tekton-basic-user-pass-gitannotations:tekton.dev/git-0: https://code.aliyun.com type: kubernetes.io/basic-auth stringData:username: <cleartext non-encoded>password: <cleartext non-encoded>編輯 secret?tekton-basic-user-pass-registry.yaml?:
apiVersion: v1 kind: Secret metadata:name: tekton-basic-user-pass-registryannotations:tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.com type: kubernetes.io/basic-auth stringData:username: <cleartext non-encoded>password: <cleartext non-encoded>編輯 serviceaccount?tekton-git-and-registry.yaml?:
apiVersion: v1 kind: ServiceAccount metadata:name: tekton-git-and-registry secrets:- name: tekton-basic-user-pass-git- name: tekton-basic-user-pass-registry創(chuàng)建serviceaccount:
$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-git.yaml $ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-registry.yaml $ kubectl -n tekton-pipelines create -f tekton-git-and-registry.yaml查看secret以及sa:
$ kubectl -n tekton-pipelines get secret NAME TYPE DATA AGE default-token-pwncj kubernetes.io/service-account-token 3 25h tekton-basic-user-pass-git kubernetes.io/basic-auth 2 151m tekton-basic-user-pass-registry kubernetes.io/basic-auth 2 151m tekton-git-and-registry-token-tr95m kubernetes.io/service-account-token 3 151m tekton-pipelines-controller-token-lc2fv kubernetes.io/service-account-token 3 25h webhook-certs Opaque 3 25h $ kubectl -n tekton-pipelines get sa NAME SECRETS AGE default 1 25h tekton-git-and-registry 3 152m tekton-pipelines-controller 1 25h4. 配置serviceaccount tekton-git-and-registry獲取命名空間tekton-pipelines的管理權(quán)限用于部署應(yīng)用
創(chuàng)建ClusterRoleBinding?tekton-cluster-admin?:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: tekton-cluster-admin subjects:- kind: ServiceAccountname: tekton-git-and-registrynamespace: tekton-pipelines roleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.io5. 創(chuàng)建一個(gè)Task
創(chuàng)建task?build-app.yaml?:
apiVersion: tekton.dev/v1alpha1 kind: Task metadata:name: build-app spec:inputs:resources:- name: java-demotype: gitparams:- name: pathToDockerFiledescription: The path to the dockerfile to builddefault: /workspace/java-demo/Dockerfile- name: pathToContextdescription: The build context used by Kanikodefault: /workspace/java-dem- name: pathToYamldescription: The path to teh manifest to applyoutputs:resources:- name: builtImagetype: imagesteps:- name: build-mvn-packageimage: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-maven:3.3.9-jdk-8-alpineworkingDir: /workspace/java-democommand:- mvnargs:- package- -B- -DskipTests- name: build-docker-imageimage: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kaniko:0.6.0command:- kanikoargs:- --dockerfile=${inputs.params.pathToDockerFile}- --destination=${outputs.resources.builtImage.url}- --context=${inputs.params.pathToContext}- name: deploy-appimage: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kubectl:1.11.5command:- kubectlargs:- apply- -f- ${inputs.params.pathToYaml}6. 創(chuàng)建TaskRun運(yùn)行任務(wù)
創(chuàng)建taskrun?build-app-task-run.yaml?:
apiVersion: tekton.dev/v1alpha1 kind: TaskRun metadata:name: build-app-task-run spec:serviceAccount: tekton-git-and-registrytaskRef:name: build-apptrigger:type: manualinputs:resources:- name: java-demoresourceRef:name: git-pipeline-resourceparams:- name: pathToDockerFilevalue: Dockerfile- name: pathToContextvalue: /workspace/java-demo- name: pathToYamlvalue: /workspace/java-demo/deployment.yamloutputs:resources:- name: builtImageresourceRef:name: registry-pipeline-resource7. 查看構(gòu)建狀態(tài)以及日志
查看taskrun狀態(tài):
$ kubectl -n tekton-pipelines get taskrun NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME build-app-task-run Unknown Pending 4s查看構(gòu)建日志:
$ kubectl -n tekton-pipelines get po NAME READY STATUS RESTARTS AGE build-app-task-run-pod-b8f890 3/5 Running 0 75s tekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25h tekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h $ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 Error from server (BadRequest): a container name must be specified for pod build-app-task-run-pod-b8f890, choose one of: [build-step-git-source-git-pipeline-resource-77l5v build-step-build-mvn-package build-step-build-docker-image build-step-deploy-app nop] or one of the init containers: [build-step-credential-initializer-8dsnm build-step-place-tools]mvn build的日志:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-mvn-package [INFO] Scanning for projects... [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building jenkins-demo-web 1.0.0-SNAPSHOT [INFO] ------------------------------------------------------------------------ [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8 KB at 7.3 KB/sec) [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9 KB at 26.7 KB/sec) [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 KB at 61.3 KB/sec) [INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom [INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 KB at 45.3 KB/sec) ....docker build的日志:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-docker-image INFO[0000] Downloading base image tomcat 2019/05/06 11:58:46 No matching credentials were found, falling back on anonymous INFO[0003] Taking snapshot of full filesystem... INFO[0003] Skipping paths under /builder/home, as it is a whitelisted directory INFO[0003] Skipping paths under /builder/tools, as it is a whitelisted directory INFO[0003] Skipping paths under /dev, as it is a whitelisted directory INFO[0003] Skipping paths under /kaniko, as it is a whitelisted directory INFO[0003] Skipping paths under /proc, as it is a whitelisted directory INFO[0003] Skipping paths under /run/secrets/kubernetes.io/serviceaccount, as it is a whitelisted directory INFO[0003] Skipping paths under /sys, as it is a whitelisted directory INFO[0003] Skipping paths under /var/run, as it is a whitelisted directory INFO[0003] Skipping paths under /workspace, as it is a whitelisted directory INFO[0003] Using files from context: [/workspace/java-demo/target/demo.war] INFO[0003] ADD target/demo.war /usr/local/tomcat/webapps/demo.war INFO[0003] Taking snapshot of files... ...app-deploy的日志:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-637855 -c build-step-deploy-app deployment.extensions/jenkins-java-demo created service/jenkins-java-demo createdtaskrun的完成狀態(tài)為T(mén)rue則構(gòu)建部署過(guò)程完成:
$ kubectl -n tekton-pipelines get taskrun NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME build-app-task-run True 4m 2m8. 小結(jié)
Tekton Pipeline中任務(wù)模板可以拿來(lái)復(fù)用,而不需要重復(fù)定義,另外通過(guò)CRD重新定義CI/CD是一大亮點(diǎn),初學(xué)者可能會(huì)覺(jué)得有些繞。
持續(xù)實(shí)驗(yàn)持續(xù)更新中。
原文鏈接
本文為云棲社區(qū)原創(chuàng)內(nèi)容,未經(jīng)允許不得轉(zhuǎn)載。
總結(jié)
以上是生活随笔為你收集整理的阿里云Kubernetes服务上使用Tekton完成应用发布初体验的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 深度学习为图片人物换装【python代码
- 下一篇: 信用算力基于 RocketMQ 实现金融