tekton构建标准ci(clone repo, test, build push img)

场景介绍

我们在上一篇文章中构建了一个最简单的ci，接下来我们对我们的github的项目构建一个较标准的ci。

Tekton简介，安装和构建最简单ci/cd-CSDN博客文章浏览阅读239次，点赞2次，收藏2次。本文介绍了tekton是什么，如何安装，以及实践了下task和task runhttps://blog.csdn.net/solinger/article/details/141898338?csdn_share_tail=%7B%22type%22%3A%22blog%22%2C%22rType%22%3A%22article%22%2C%22rId%22%3A%22141898338%22%2C%22source%22%3A%22solinger%22%7D

ci是持续集成，我们只需要考虑部署前的事情:

pipeline:

- clone repo

- run test

- build image

- push image

有了这个思路，我们就把它们实现。 我们按照最简单ci/cd的步骤先写task, taskrun,然后写pipeline, pipelinerun。

构建ci

task git-clone

# task-clone.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: git-clonelabels:app.kubernetes.io/version: "0.8"
spec:workspaces:- name: outputdescription: The git repo will be cloned into the dirparams:- name: urldescription: Repository URL to clone from.type: string- name: revisiondescription: which commit you would like to get, master or otherstype: string- name: base_imagedescription: base_image for git & unit testingtype: stringsteps:- name: cloneimage: "$(params.base_image)"env:- name: WORKSPACE_OUTPUT_PATHvalue: $(workspaces.output.path)- name: GIT_REPO_URLvalue: $(params.url)- name: GIT_REPO_REVISIONvalue: $(params.revision)script: |#!/usr/bin/env shset -euwhoamipwdcd ${WORKSPACE_OUTPUT_PATH}pwdrm -rf *git clone ${GIT_REPO_URL}repo_dir=$(echo $GIT_REPO_URL | rev  | cut -d '/' -f 1 | rev | sed 's/.git//g')cd ${repo_dir}pwdgit checkout ${GIT_REPO_REVISION}ls -al

pipeline & pipelinerun for git-clone

# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: pipeline
spec:workspaces:- name: git-repo-pvcparams:- name: git_urltype: string- name: revisiontype: stringdefault: main- name: git_base_imagetype: stringtasks:- name: clonetaskRef:name: git-cloneworkspaces:- name: outputworkspace: git-repo-pvcparams:- name: urlvalue: $(params.git_url)- name: revisionvalue: $(params.revision)- name: base_imagevalue: $(params.git_base_image)

# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: pipelinerun
spec:pipelineRef:name: pipelineworkspaces:- name: git-repo-pvcpersistentVolumeClaim:claimName: git-repo-pvcparams:- name: git_urlvalue: https://github.com/testcara/tekton_triggers_learning.git- name: git_base_imagevalue: docker.io/cara/cara-pipeline-base:V1

现在让我们测试执行

kubectl apply -f task-clone.yaml
kubectl pipeline.yaml
kubectl pipelinerun.yaml

查看结果

kubectl get pods
# 当查看到pipelinerun-clone-pod status 为completed时
# 查看pipelinerun logs
tkn pipelinerun logs pipelinerun

可以看到我的输出表明其是正常完成的

carawang@ci %tkn pipelinerun logs pipelinerun
[clone : clone] root
[clone : clone] /
[clone : clone] /workspace/output
[clone : clone] Cloning into 'tekton_triggers_learning'...
[clone : clone] /workspace/output/tekton_triggers_learning
[clone : clone] Already on 'main'
[clone : clone] total 28
[clone : clone] drwxr-xr-x 4 root root 4096 Sep  6 02:40 .
[clone : clone] drwxrwxrwx 3 root root 4096 Sep  6 02:40 ..
[clone : clone] drwxr-xr-x 8 root root 4096 Sep  6 02:40 .git
[clone : clone] -rw-r--r-- 1 root root   67 Sep  6 02:40 Dockerfile
[clone : clone] -rw-r--r-- 1 root root   77 Sep  6 02:40 README.md
[clone : clone] -rw-r--r-- 1 root root  496 Sep  6 02:40 index.html
[clone : clone] drwxr-xr-x 2 root root 4096 Sep  6 02:40 nginx

task test

我们就简单的fake个test

# task-test.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: test
spec:workspaces:- name: outputdescription: The git repo will be cloned into the dirparams:- name: base_imagedescription: base_image for git & unit testingtype: stringsteps:- name: testimage: "$(params.base_image)"env:- name: WORKSPACE_OUTPUT_PATHvalue: $(workspaces.output.path)script: |#!/usr/bin/env shset -euwhoamipwdcd ${WORKSPACE_OUTPUT_PATH}pwdls -alif [ -e tekton_triggers_learning/Dockerfile ]thenecho 'fake test passed'elseexit 1fi

pipeline & pipelinerun for test

我们仅列出新编写的代码

# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: pipeline
spec:params:- name: test_base_imagetype: stringtasks:- name: testtaskRef:name: testrunAfter:- cloneworkspaces:- name: outputworkspace: git-repo-pvcparams:- name: base_imagevalue: $(params.test_base_image)

# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: pipelinerun
spec:params:- name: test_base_imagevalue: centos:7

我们安装这些yaml，然后观察pod，查看pipelinerun logs.

通过我的log, 可以看到pipelinerun顺利完成。

carawang@tekton_trigger_learning %tkn pipelinerun logs pipelinerun
[clone : clone] root
[clone : clone] /
[clone : clone] /workspace/output
[clone : clone] Cloning into 'tekton_triggers_learning'...
[clone : clone] /workspace/output/tekton_triggers_learning
[clone : clone] Already on 'main'
[clone : clone] total 28
[clone : clone] drwxr-xr-x 4 root root 4096 Sep  6 04:10 .
[clone : clone] drwxrwxrwx 3 root root 4096 Sep  6 04:10 ..
[clone : clone] drwxr-xr-x 8 root root 4096 Sep  6 04:10 .git
[clone : clone] -rw-r--r-- 1 root root   67 Sep  6 04:10 Dockerfile
[clone : clone] -rw-r--r-- 1 root root   77 Sep  6 04:10 README.md
[clone : clone] -rw-r--r-- 1 root root  496 Sep  6 04:10 index.html
[clone : clone] drwxr-xr-x 2 root root 4096 Sep  6 04:10 nginx[test : test] root
[test : test] /
[test : test] /workspace/output
[test : test] total 12
[test : test] drwxrwxrwx 3 root root 4096 Sep  6 04:10 .
[test : test] drwxrwxrwx 3 root root 4096 Sep  6 04:10 ..
[test : test] drwxr-xr-x 4 root root 4096 Sep  6 04:10 tekton_triggers_learning
[test : test] fake test passed

task build

我们仅列出新编写的代码

# task-build.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: buildlabels:app.kubernetes.io/version: "0.8"
spec:workspaces:- name: outputparams:- name: base_imagedescription: base_image for docker buildtype: stringsteps:- name: buildimage: "$(params.base_image)"volumeMounts:- name: docker-socketmountPath: /var/run/docker.sockenv:- name: WORKSPACE_OUTPUT_PATHvalue: $(workspaces.output.path)script: |#!/usr/bin/env shset -euwhoamipwdcd ${WORKSPACE_OUTPUT_PATH}cd tekton_triggers_learningpwddocker versiondocker build . -t cara/cara-hello-nginx:latestvolumes:- name: docker-sockethostPath:path: /var/run/docker.socktype: Socket

pipeline & pipelinerun for build

我们仅列出新编写的代码

# pipeline.yaml
spec:params:- name: docker_build_base_imagetype: stringtasks:- name: buildtaskRef:name: buildrunAfter:- testworkspaces:- name: outputworkspace: git-repo-pvcparams:- name: base_imagevalue: $(params.docker_build_base_image)

# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:name: pipelinerun
spec:params:- name: docker_build_base_imagevalue: docker.io/cara/my-dind-docker:latest

我们安装这些yaml，然后观察pod，查看pipelinerun logs.

通过我的pod status, 可以看到pipelinerun顺利完成。logs太长，这里不再列出。

carawang@ci %kubectl get pods
NAME                                        READY   STATUS      RESTARTS      AGE
hello-nginx-b786f45d4-7lndt                 1/1     Running     3 (50m ago)   20h
hello-nginx-b786f45d4-cpj2g                 1/1     Running     3 (50m ago)   20h
hello-nginx-b786f45d4-rv7ch                 1/1     Running     3 (50m ago)   20h
pipelinerun-build-pod                       0/1     Completed   0             74s
pipelinerun-clone-pod                       0/1     Completed   0             90s
pipelinerun-test-pod                        0/1     Completed   0             81s
project-ci-cd-pipeline-run-fake-ci-cd-pod   0/1     Completed   0             45h

task push

为了简便，我们之间登陆，而不用credentials secrect的方式。这种方式仅作为自己测试和学习使用。不能用于生产。

# task-build.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:name: pushlabels:app.kubernetes.io/version: "0.8"
spec:params:- name: base_imagedescription: base_image for docker buildtype: stringsteps:- name: pushimage: "$(params.base_image)"volumeMounts:- name: docker-socketmountPath: /var/run/docker.sockenv:script: |#!/usr/bin/env shset -euecho mypassword |  docker login --username myname --password-stdindocker push cara/cara-hello-nginx:latestvolumes:- name: docker-sockethostPath:path: /var/run/docker.socktype: Socket

pipeline & pipelinerun for push

我们仅列出新编写的代码

# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:name: pipeline
spec:tasks:- name: pushtaskRef:name: pushrunAfter:- buildparams:- name: base_imagevalue: $(params.docker_build_base_image)

pipeline run没有任何变化，这里不列出。

我们安装这些yaml，然后观察pod，查看pipelinerun logs.

通过我的pod status, 可以看到pipelinerun顺利完成。logs太长，这里不再列出。

carawang@ci %kubectl get pods
NAME                                        READY   STATUS      RESTARTS       AGE
hello-nginx-b786f45d4-7lndt                 1/1     Running     3 (120m ago)   21h
hello-nginx-b786f45d4-cpj2g                 1/1     Running     3 (120m ago)   21h
hello-nginx-b786f45d4-rv7ch                 1/1     Running     3 (120m ago)   21h
pipelinerun-build-pod                       0/1     Completed   0              7m32s
pipelinerun-clone-pod                       0/1     Completed   0              7m47s
pipelinerun-push-pod                        0/1     Completed   0              7m25s
pipelinerun-test-pod                        0/1     Completed   0              7m38s
project-ci-cd-pipeline-run-fake-ci-cd-pod   0/1     Completed   0              46h

结语

这里我们的tekton ci已经构建完成。我们将在接下文的文章中，介绍用tekton进行部署和用argocd进行部署。这两种部署都是比较流行的cd的形式。