Kubernetes 部署 Tekton-Operator

willops

已于 2024-02-22 14:39:54 修改

阅读量601

点赞数 24

分类专栏： devops 文章标签： kubernetes tekton 容器 ci/cd

于 2024-02-22 14:29:37 首次发布

本文链接：https://blog.csdn.net/networken/article/details/136232473

版权

devops 专栏收录该内容

22 篇文章 2 订阅

订阅专栏

Tekton Operator 简介

Tekton Operator 是一个 Kubernetes 扩展，用于在任何 Kubernetes 集群上安装、升级和管理 TektonCD Pipelines, Dashboard, Triggers（和其他组件）。
在这里插入图片描述
官方文档：https://tekton.dev/docs/operator/

项目地址：https://github.com/tektoncd/operator

Tekton Operator 定义了以下实体：

实体	描述
`TektonConfig`	配置要安装和管理的 Tekton 组件。
`TektonPipeline`	配置要安装和管理的 Tekton Pipeline 组件。
`TektonTrigger`	配置要安装和管理的 Tekton Trigger 组件。
`TektonDashboard`	配置要安装和管理的 Tekton Dashboard 组件。
`TektonResult`	配置要安装和管理的 Tekton Result 组件。
`TektonChain`	配置要安装和管理的 Tekton Chain 组件。
`OpenShiftPipelinesAsCode`	配置要安装和管理的 Pipelines as Code 组件。
`TektonAddon`	配置要安装和管理的插件。

安装 Tekton Operator

下载release.yaml文件，安装指定版本

wget https://storage.googleapis.com/tekton-releases/operator/previous/v0.69.1/release.yaml

由于网络原因无法直接拉取官方提供的gcr.io镜像，因此需要提前准备好镜像并push到私有仓库。

同步镜像

依赖哪些镜像可以通过初次部署tekton-operator确认，镜像版本可以通过components.yaml确认。

假设已准备能够访问谷歌 gcr.io 的特殊节点(否则可以考虑使用github action获取镜像)，并且该节点能够将镜像推送到本地私有仓库http://registry.zot.com:5000，使用以下脚本通过skopeo镜像同步工具直接推送镜像到本地私有镜像仓库。

$ cat tekton_image_sync.sh
#!/bin/bash
dest_registry="registry.zot.com:5000"

images=(
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:v0.69.1
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/proxy-webhook:v0.69.1
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.53.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.25.3
gcr.io/tekton-releases/github.com/tektoncd/chains/cmd/controller:v0.19.0
gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0
gcr.io/tekton-releases/dogfooding/tkn:latest
)

for image in "${images[@]}"
do
    skopeo copy --dest-tls-verify=false docker://${image} docker://${dest_registry}/${image#*/}
done

执行脚本

bash tekton_image_sync.sh

这里以zotregistry为例，确认镜像同步完成。也可以使用docker registry代替。

在这里插入图片描述

手动替换release.yaml中的operator镜像

查看release.yaml依赖的operator自身镜像

root@node1:~# cat release.yaml | grep image: | sort -u
          image: gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1@sha256:142c59f97aac2fba714e928012b5576476313c7cd4394b568df656b0693dbea0
          image: gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:v0.69.1@sha256:6e56a9a25b74c3758fd9d2f57aa9e2984a0a41477b1a4cde63e4e20160d02800

使用sed命令进行替换

sed -i 's|gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:.*|registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1|g' release.yaml
sed -i 's|gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:.*|registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/webhook:v0.69.1|g' release.yaml

替换tekton组件镜像

需要要替换掉release.yaml里所有的gcr.io的镜像，找到release.yaml里的tekton-operator-lifecycle容器，在环境变量里添加如下内容。支持的环境变量官方文档暂未记录，可以从项目文件config.yaml中查看。

$ vim release.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tekton-operator
  namespace: tekton-operator
spec:
  template:
    spec:
      containers:
        - name: tekton-operator-lifecycle
          image: registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator:v0.69.1
          env:
            - name: IMAGE_PIPELINES_PROXY
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/proxy-webhook:v0.69.1
            - name: IMAGE_PIPELINES_TEKTON_EVENTS_CONTROLLER
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.3
            - name: IMAGE_PIPELINES_WEBHOOK
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.53.3
            - name: IMAGE_PIPELINES_TEKTON_PIPELINES_CONTROLLER
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.53.3
            - name: IMAGE_PIPELINES_CONTROLLER
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.53.3
            - name: IMAGE_PIPELINES_ARG__ENTRYPOINT_IMAGE
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.53.3
            - name: IMAGE_TRIGGERS_TEKTON_TRIGGERS_CORE_INTERCEPTORS
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/triggers/cmd/interceptors:v0.25.3
            - name: IMAGE_TRIGGERS_TEKTON_TRIGGERS_CONTROLLER
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.25.3
            - name: IMAGE_TRIGGERS_WEBHOOK
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.25.3
            - name: IMAGE_CHAINS_TEKTON_CHAINS_CONTROLLER
              value: registry.zot.com:5000/tekton-releases/github.com/tektoncd/chains/cmd/controller:v0.19.0
            - name: IMAGE_JOB_PRUNER_TKN
              value: registry.zot.com:5000/tekton-releases/dogfooding/tkn:latest

确认是否自动安装组件（这里保持默认）

另外，在配置文件中，有如下配置。AUTOINSTALL_COMPONENTS控制tekton-operator在部署完成是否自动部署tekton组件。DEFAULT_TARGET_NAMESPACE指定组件所属命名空间。

apiVersion: v1
data:
  AUTOINSTALL_COMPONENTS: "true"
  DEFAULT_TARGET_NAMESPACE: tekton-pipelines
kind: ConfigMap
metadata:
  labels:
    operator.tekton.dev/release: devel
  name: tekton-config-defaults
  namespace: tekton-operator

默认AUTOINSTALL_COMPONENTS为true，自动部署所有tekton组件，如果AUTOINSTALL_COMPONENTS配置为false，在operator部署成功后，可以手动触发tekton组件的部署。

在tekton-operator中有个TektonConfig的自定义资源，创建其他组件的顶级 CRD。

当我们创建自己所需的 TektonConfig 对象后，operator会根据配置中的profile字段帮助我们安装相应的其他组件。

Tekton Operator 内置了 3 个 profile：lite、all、basic。

安装组件（使用installation profiles： lite 、 all 、 basic ）

Profile 轮廓	Installed Component	Platform
lite	Pipeline	Kubernetes, Openshift Kubernetes、Openshift
basic	Pipeline, Trigger	Kubernetes, Openshift Kubernetes、Openshift
all	Pipeline, Trigger, Dashboard	Kubernetes
	Pipeline, Trigger, Addons, Pipelines as Code	Openshift

安装pipelines、triggers和dashboard，使用 profile all

# To install pipelines, triggers, chains and dashboard (use profile 'all')
kubectl apply -f https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/kubernetes/config/all/operator_v1alpha1_config_cr.yaml

示例配置

apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  profile: all     
  targetNamespace: tekton-pipelines   # 指定命名空间
  pruner:
    resources:  # 指定可以自动清理的资源
    - pipelinerun
    - taskrun
    keep: 100  # 清理时要保留的最大资源数
    schedule: "0 8 * * *"  # 清理资源的频率

部署tekton operator

kubectl apply -f release.yaml

替换dashboard镜像
因为环境变量里还不支持dashboard的镜像替换，这里需要手动更改。

$ kubectl get TektonInstallerSet

编辑dashboard-main-deployment-xrlc2，替换镜像

$ kubectl edit TektonInstallerSet dashboard-main-deployment-xrlc2
            #image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0
            image: registry.zot.com:5000/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0

查看创建的pods

root@node1:~# kubectl -n tekton-operator get pods
NAME                                      READY   STATUS    RESTARTS   AGE
tekton-operator-57bfb7cf9-6sv49           2/2     Running   0          6m42s
tekton-operator-webhook-77cb6d65f-fbqhl   1/1     Running   0          51m

root@node1:~# kubectl -n tekton-pipelines get pods
NAME                                                 READY   STATUS    RESTARTS   AGE
tekton-chains-controller-797b4b7db5-wvfhx            1/1     Running   0          3m43s
tekton-dashboard-6685748fd7-4zfk8                    1/1     Running   0          89s
tekton-events-controller-c7b7db8d7-cdb48             1/1     Running   0          4m16s
tekton-operator-proxy-webhook-554b69d9b6-8cvbv       1/1     Running   0          4m11s
tekton-pipelines-controller-6b8d99dd9b-fdzj4         1/1     Running   0          4m16s
tekton-pipelines-remote-resolvers-86bccb68cc-zqq4p   1/1     Running   0          4m14s
tekton-pipelines-webhook-7745484f8d-bn4md            1/1     Running   0          4m16s
tekton-triggers-controller-7cf7696878-cclfz          1/1     Running   0          3m55s
tekton-triggers-core-interceptors-6d964f57d9-v4dpp   1/1     Running   0          3m54s
tekton-triggers-webhook-566dfd4fb7-xnddh             1/1     Running   0          3m54s

Tekton Operator卸载

删除CRD

kubectl get crd | grep tekton |awk '{print $1}' | xargs kubectl delete crd

删除operator

kubectl delete -f release.yaml

willops

关注

24
点赞
踩
24

收藏

觉得还不错? 一键收藏
0
评论
Kubernetes 部署 Tekton-Operator

Tekton Operator 是一个 Kubernetes 扩展，用于在任何 Kubernetes 集群上安装、升级和管理 TektonCD Pipelines, Dashboard, Triggers（和其他组件）。实体描述配置要安装和管理的 Tekton 组件。配置要安装和管理的 Tekton Pipeline 组件。配置要安装和管理的 Tekton Trigger 组件。配置要安装和管理的 Tekton Dashboard 组件。配置要安装和管理的 Tekton Result 组件。
复制链接

扫一扫