《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.12环境中验证
文章目录
Tekton是Google推崇的云原生(就是面向Kubernetes)开源CICD框架,2019年已经得到Redhat等云厂商的支持。在OpenShift 4的 OpenShift Pipeline中已经通过Operator Frame集成了Tekton框架,这样无需复杂集成和操作,我们就可实现各种基于Tekton的CICD Pipeline构建、操作、运行和监控了。
Tekton核心概念
在 K8s 或 OpenShift 中 Tekton Pipeline 是通过 CRDs 的方式进行定义的。Tekton Pipeline 包括以下几种核心对象:
- Task 和 TaskRun:Task 对象用来定义要在 CICD 中要干的一件事。Task中可以包括多个 Step,每个 step 定义一个独立操作。例如下面定义了一个运行在 registry.access.redhat.com/ubi8/ubi-minimal 容器镜像中并输出 hello world 的 Task。TaskRun 对象是用来运行 Task 的(运行载体是 Pod ),其中 Tesk 中 Step 是顺序执行的,而每个 Step 都运行在各自的 Container 中。
$ cat << EOF > echo-hello-world.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: echo-hello-world
spec:
steps:
- name: echo
image: registry.access.redhat.com/ubi8/ubi-minimal
command:
- echo
args:
- "hello world"
EOF
先创建项目,然后创建 Task,最后运行 Task:
$ oc new-project tasks-tutorial
$ oc apply -f echo-hello-world.yaml
$ tkn task list
NAME DESCRIPTION AGE
echo-hello-world 1 minute ago
$ tkn task start echo-hello-world
TaskRun started: echo-hello-world-run-hp8jr
In order to track the TaskRun progress run:
tkn taskrun logs echo-hello-world-run-hp8jr -f -n tasks-tutorial
$ tkn taskrun logs echo-hello-world-run-hp8jr -f -n tasks-tutorial
[echo] hello world
- Pipeline和PipelineRun:Pipeline用来定义按照指定顺序执行的一组Task。PipelineRun用来按照定义运行一些列的TaskRun。
- PipelineResource:在Pipeline运行期间向执行的Task传递参数,这些参数主要和环境相关,例如git repository的地址。
在运行Tekton Pipeline的时候,OpenShift会使用TaskRun和PipelineRun对象分别运行Tesk和Pipeline。Pipeline会按照指定的顺序执行Task,并获取结果。
CICD Pipeine场景说明
本CICD Pipeline场景会部署两个模块,api和ui。这两个部分都是从git上获取代码,然后使用S2I方式构建镜像,然后再部署运行。
创建OpenShift项目
- 执行命令,创建一个项目。
$ oc new-project pipelines-tutorial
- 当安装OpenShift Pipelines Operator后,它会自动为项目创建一个名为pipeline 的ServiceAccount,以拥有build和push镜像的权限。执行命令,验证是否有名为pipeline的ServiceAccount。
$ oc get serviceaccount pipeline -n pipelines-tutorial
NAME SECRETS AGE
pipeline 1 12s
配置OpenShift Pipeline
创建Task对象
这里我们创建的独立的Task对象,而在后面步骤中在我们创建的Pipeline对象中包含多个tasks,这些不是独立的Task对象,而只是Pipeline对象执行tasks的说明。
- 执行命令创建2个Task对象。
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/master/01_pipeline/01_apply_manifest_task.yaml -n pipelines-tutorial
task.tekton.dev/update-deployment created
$ oc create -f https://github.com/openshift/pipelines-tutorial/raw/master/01_pipeline/02_update_deployment_task.yaml -n pipelines-tutorial
task.tekton.dev/apply-manifests created
- 在执行成功后可以用命令验证其状态
$ oc get task -n pipelines-tutorial
NAME AGE
apply-manifests 26s
update-deployment 6s
- 也可以用Tekton的的客户端获取Task的状态
$ tkn task ls -n pipelines-tutorial
NAME DESCRIPTION AGE
apply-manifests 18 seconds ago
update-deployment 28 seconds ago
查看ClusterTask
- 除了上面定制的两个 Task,我们还会用到 buildah 和 git-clone 这两个 ClusterTask。执行命令查看集群范围的 ClusterTask。
$ tkn clustertask ls
NAME DESCRIPTION AGE
argocd-task-sync-and-wait This task syncs (de... 3 hours ago
buildah Buildah task builds... 3 hours ago
buildah-1-9-0 Buildah task builds... 3 hours ago
git-cli This task can be us... 3 hours ago
git-clone These Tasks are Git... 3 hours ago
git-clone-1-9-0 These Tasks are Git... 3 hours ago
helm-upgrade-from-repo These tasks will in... 3 hours ago
helm-upgrade-from-source These tasks will in... 3 hours ago
jib-maven This Task builds Ja... 3 hours ago
kn This Task performs ... 3 hours ago
kn-1-9-0 This Task performs ... 3 hours ago
kn-apply This task deploys a... 3 hours ago
kn-apply-1-9-0 This task deploys a... 3 hours ago
kubeconfig-creator This Task do a simi... 3 hours ago
maven This Task can be us... 3 hours ago
maven-1-9-0 This Task can be us... 3 hours ago
openshift-client This task runs comm... 3 hours ago
openshift-client-1-9-0 This task runs comm... 3 hours ago
pull-request This Task allows a ... 3 hours ago
s2i-dotnet s2i-dotnet task fet... 3 hours ago
s2i-dotnet-1-9-0 s2i-dotnet task fet... 3 hours ago
s2i-go s2i-go task clones ... 3 hours ago
s2i-go-1-9-0 s2i-go task clones ... 3 hours ago
s2i-java s2i-java task clone... 3 hours ago
s2i-java-1-9-0 s2i-java task clone... 3 hours ago
s2i-nodejs s2i-nodejs task clo... 3 hours ago
s2i-nodejs-1-9-0 s2i-nodejs task clo... 3 hours ago
s2i-perl s2i-perl task clone... 3 hours ago
s2i-perl-1-9-0 s2i-perl task clone... 3 hours ago
s2i-php s2i-php task clones... 3 hours ago
s2i-php-1-9-0 s2i-php task clones... 3 hours ago
s2i-python s2i-python task clo... 3 hours ago
s2i-python-1-9-0 s2i-python task clo... 3 hours ago
s2i-ruby s2i-ruby task clone... 3 hours ago
s2i-ruby-1-9-0 s2i-ruby task clone... 3 hours ago
skopeo-copy Skopeo is a command... 3 hours ago
skopeo-copy-1-9-0 Skopeo is a command... 3 hours ago
tkn This task performs ... 3 hours ago
tkn-1-9-0 This task performs ... 3 hours ago
trigger-jenkins-job The following task ... 3 hours ago
- 查看名为“buildah”的ClusterTask,注意“Input Resources”、“Output Resources”和“Params”、“Results”、“Workspaces”、“Steps”。
$ tkn clustertask describe buildah
Name: buildah
Description: Buildah task builds source into a container image and then pushes it to a container registry.
Buildah Task builds source into a container image using Project Atomic's Buildah build tool.It uses Buildah's support for building from Dockerfiles, using its buildah bud command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry.
Annotations:
operator.tekton.dev/last-applied-hash=58681883ea13ace8e98f4a1e343aed0c59053cc74f2f7c2114b7e320feaf55fc
tekton.dev/pipelines.minVersion=0.12.1
tekton.dev/tags=image-build
⚓ Params
NAME TYPE DESCRIPTION DEFAULT VALUE
∙ IMAGE string Reference of the im... ---
∙ BUILDER_IMAGE string The location of the... registry.redhat.io/rhel8/buildah@sha256:ac0b8714cc260c94435cab46fe41b3de0ccbc3d93e38c395fa9d52ac49e521fe
∙ STORAGE_DRIVER string Set buildah storage... vfs
∙ DOCKERFILE string Path to the Dockerf... ./Dockerfile
∙ CONTEXT string Path to the directo... .
∙ TLSVERIFY string Verify the TLS on t... true
∙ FORMAT string The format of the b... oci
∙ BUILD_EXTRA_ARGS string Extra parameters pa...
∙ PUSH_EXTRA_ARGS string Extra parameters pa...
∙ SKIP_PUSH string Skip pushing the bu... false
📝 Results
NAME DESCRIPTION
∙ IMAGE_DIGEST Digest of the image...
∙ IMAGE_URL Image repository wh...
📂 Workspaces
NAME DESCRIPTION
∙ source
∙ dockerconfig An optional workspa...
🦶 Steps
∙ build-and-push
创建Pipeline对象
- 执行命令,创建一个通用Pipeline对象。
$ oc create -f https://github.com/openshift/pipelines-tutorial/raw/master/01_pipeline/04_pipeline.yaml -n pipelines-tutorial
pipeline.tekton.dev/build-and-deploy created
- 执行命令查看Pipeline状态。
$ tkn pipeline ls -n pipelines-tutorial
NAME AGE LAST RUN STARTED DURATION STATUS
build-and-deploy 2 minutes ago build-and-deploy-5kezve --- --- ---
- 在OpenShift控制台中查看“build-and-deploy”管道,在“YAML”中可以查看定义Pipeline对象。可以看到其中“任务”区域定义了4个任务。
- 查看Pipeline的运行参数。
运行Pipeline
- 通过命令运行 Tekton Pipeline。
$ tkn pipeline start build-and-deploy -n pipelines-tutorial \
-w name=shared-workspace,volumeClaimTemplateFile=https://github.com/openshift/pipelines-tutorial/raw/master/01_pipeline/03_persistent_volume_claim.yaml \
-p deployment-name=pipelines-vote-api \
-p git-url=https://github.com/openshift/pipelines-vote-api.git \
-p IMAGE=image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/pipelines-vote-api \
--use-param-defaults
$ tkn pipeline start build-and-deploy -n pipelines-tutorial \
-w name=shared-workspace,volumeClaimTemplateFile=https://github.com/openshift/pipelines-tutorial/raw/master/01_pipeline/03_persistent_volume_claim.yaml \
-p deployment-name=pipelines-vote-ui \
-p git-url=https://github.com/openshift/pipelines-vote-ui.git \
-p IMAGE=image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/pipelines-vote-ui \
--use-param-defaults
- 然后查看 pipeline 运行状态。当前是 Running 状态,在运行完后可再次执行,其状态会变为 Succeeded。
$ tkn pipeline list -n pipelines-tutorial
NAME AGE LAST RUN STARTED DURATION STATUS
build-and-deploy 41 minutes ago build-and-deploy-run-vv57k 1 minute ago --- Running
- 此时在 OpenShift 控制台的 Developer 视图中的 Pipelines 中可以查看 build-and-deploy 的 PipelineRun 情况。还执行以下命令可以查看TaskRun 和 PipelineRun 的执行状态。
$ oc get pipelineruns -n pipelines-tutorial
get pipelineruns -n pipelines-tutorial
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-and-deploy-3phjbv True Succeeded 18m 17m
build-and-deploy-run-gzjl2 True Succeeded 2m 29s
$ oc get taskruns -n pipelines-tutorial
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-and-deploy-3phjbv-apply-manifests True Succeeded 18m 18m
build-and-deploy-3phjbv-build-image True Succeeded 19m 18m
build-and-deploy-3phjbv-fetch-repository True Succeeded 19m 19m
build-and-deploy-3phjbv-update-deployment True Succeeded 18m 18m
build-and-deploy-run-6qgwn-build-image False Failed 20m 20m
build-and-deploy-run-6qgwn-fetch-repository True Succeeded 21m 20m
build-and-deploy-run-gzjl2-apply-manifests True Succeeded 93s 87s
build-and-deploy-run-gzjl2-build-image True Succeeded 2m45s 93s
build-and-deploy-run-gzjl2-fetch-repository True Succeeded 2m52s 2m45s
build-and-deploy-run-gzjl2-update-deployment True Succeeded 87s 81s
- 可执行命令查看最新的 Pipeline 执行日志或在控制台中查看 PipelineRun 的日志
$ tkn pipeline logs -f -L
- 在Pipeline执行成功后执行命令生成Route。
$ oc expose svc pipelines-vote-ui -n pipelines-tutorial
- 我们可以在Openshift控制台Developer视图的Topology中看到应用的状态已经是蓝色可访问状态。
- 最后点击 vote-ui 的 Route 的链接即可访问到应用。
在创建应用中自动生成 Pipeline
在控制台上通过 S2I 部署应用的时候,OpenShift能够自动生成Pipeline来描述构建和部署应用的过程。
- 进入OpenShift 控制台的 Developer 视图,先进入左侧的“+添加”菜单,然后在右侧进入“从 Git 导入”区域。
- 在Git Repo URL中填写 https://github.com/sclorg/cakephp-ex.git;在“构建器镜像”中选择 PHP,在“构建容器镜像版本”中选择“7.4-ubi8”;选中“添加管道”选项,然后可以在“管道视觉化”中查看 Pipeline。最后点击“创建”按钮。
- 进入左侧“拓扑”菜单,可查看PHP应用通过Pipeline执行build的状态和日志,在成功完成后显示以下界面。
- 通过上图中的Route访问该应用即可。
- 从上面(3)进入“管道运行” 的 “查看日志”,此时就可查看 Pipeline Run 的日志。
使用 VSCode 针对OpenShift的Tekton Pipeline扩展
以上对 Pipeline 的操作还可在 VSCode 中实现,这需要用到 VSCode 针对 OpenShift 的 Tekton Pipeline 扩展,具体可参见以下链接中的说明,本文不再赘述。
https://marketplace.visualstudio.com/items?itemName=redhat.vscode-tekton-pipelines
参考
- HelloWorld Tekton Pipeline on OpenShift
- https://github.com/openshift/pipelines-tutorial
- https://www.openshift.com/learn/topics/pipelines
- https://openshift.github.io/pipelines-docs/docs/0.10.5/index.html
- https://redhat-scholars.github.io/tekton-tutorial/tekton-tutorial/index.html