《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.10环境中验证
Task
在 Task 中执行命令
在 Task 中可以使用“command”和“script”方式在运行 Task 的容器中执行命令。在一个“Step”中只允许使用一种方式,不允许两者同时使用。
command 的使用方式
一个 Task 的 command 只能运行一个命令
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: my-command
spec:
steps:
- name: say-hello-1
image: registry.access.redhat.com/ubi8/ubi-minimal
command:
- /bin/bash
args: ['-c', 'echo Hello World']
- name: say-hello-2
image: registry.access.redhat.com/ubi8/ubi-minimal
command:
- echo
args:
- Hello World
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: say-hello-3
command:
- /bin/bash
- '-c'
- echo Hello World
执行任务
$ TASKRUN_NAME=$(tkn task start my-command --prefix-name first-command --output yaml | yq -e .metadata.name)
$ tkn taskrun logs ${TASKRUN_NAME}
[say-hello-1] Hello World
[say-hello-2] Hello World
[say-hello-3] Hello World
script 的使用方式
在一个 Task的script 中可以使用多个命令。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: my-script
spec:
params:
- name: GIT
type: string
- name: APP_NAME
type: string
- name: IMAGE_NAME
type: string
steps:
- image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
name: oc-script
script: |
#!/usr/bin/env bash
oc new-app $(params.IMAGE_NAME)~$(params.GIT) --name=$(params.APP_NAME)
执行任务
$ tkn task start my-script --showlog \
-p IMAGE_NAME='centos/ruby-25-centos7' \
-p GIT=https://github.com/sclorg/ruby-ex.git \
-p APP_NAME=my-ruby-app
TaskRun 的缺省运行属性
每个 Task 对应一个 TaskRun 运行,而每个 TaskRun 对应一个 Pod;而 Task 中的每个 Step 对应一个 Container。如果一个 Task 中有多个 Step,则这些 Step 都在同一个 Pod 中。可以查看上面名为“my-command”的 Task 对应的 TaskRun 实例中的Pod 内部包含的容器。
$ oc get pod ${TASKRUN_NAME}-pod -ojsonpath={.spec.containers[*].name}
step-say-hello-1 step-say-hello-2 step-say-hello-3
每个 TaskRun 缺省使用当前项目中名为“pipeline”的‘ServiceAccountName’运行,同时设置运行该 Task 的超时“timeout”为一小时。
serviceAccountName: pipeline
timeout: 1h0m0s
Task 下的缺省目录
在 Task 中可以设置在运行期间与其对应的运行 Pod 使用的目录:
(1)Task 缺省所处目录是“/”,可以通过设置“step”的“workingDir”来更改缺省所处目录。
(2)Task 缺省 HOME 目录(即“~”)是“/root”。
(3)Task 的 step 脚本保存在“/tekton/scripts”目录下。
(4)Task 的 step 脚本执行状态“/tekton/steps”目录下。
(5)Task 的 step 脚本执行结果保存在“/tekton/results”目录下。
- 创建 Task 对象
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: directory-task
spec:
steps:
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: step-1
script: |
#!/usr/bin/env bash
echo "pwd"
pwd
echo -e "\necho ~"
echo ~
echo -e "\nls -l /workspace/src"
ls -l /workspace/src
echo -e "\nls -l /tekton"
ls -l /tekton
echo -e "\nls -l /tekton/results"
ls -l /tekton/results
echo -e "\nls -l /tekton/scripts"
ls -l /tekton/scripts
echo -e "\nls -l /tekton/steps"
ls -l /tekton/steps
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: step-2
workingDir: /workspace/src/step-2
script: |
#!/usr/bin/env bash
echo "pwd"
pwd
- 执行 Task 并查看结果
$ tkn task start directory-task --showlog
TaskRun started: directory-task-run-bjdzp
Waiting for logs to be available...
[step-1] pwd
[step-1] /
[step-1]
[step-1] echo ~
[step-1] /root
[step-1]
[step-1] ls -l /workspace/src
[step-1] total 0
[step-1] drwxr-sr-x. 2 root 1000720000 6 Jul 3 03:04 step-2
[step-1]
[step-1] ls -l /tekton
[step-1] total 0
[step-1] drwxrwsrwx. 2 root 1000720000 24 Jul 3 02:38 bin
[step-1] drwxrwsrwt. 3 root 1000720000 60 Jul 3 02:38 creds
[step-1] drwxr-xr-x. 3 root root 38 Jul 3 02:38 creds-secrets
[step-1] drwxrwsrwt. 3 root 1000720000 100 Jul 3 02:38 downward
[step-1] drwxrwsrwx. 2 root 1000720000 6 Jul 3 02:38 home
[step-1] drwxrwsrwx. 2 root 1000720000 6 Jul 3 02:38 results
[step-1] drwxr-xr-x. 4 root root 24 Jul 3 02:38 run
[step-1] drwxrwsrwx. 2 root 1000720000 50 Jul 3 02:38 scripts
[step-1] drwxrwsrwx. 2 root 1000720000 62 Jul 3 02:38 steps
[step-1] -rw-rw-rw-. 1 root root 0 Jul 3 02:38 termination
[step-1]
[step-1] ls -l /tekton/results
[step-1] total 0
[step-1]
[step-1] ls -l /tekton/scripts
[step-1] total 8
[step-1] -rwxr-xr-x. 1 root 1000720000 329 Jul 3 02:55 script-0-b2fdv
[step-1] -rwxr-xr-x. 1 root 1000720000 24 Jul 3 02:55 script-1-tgfx9
[step-1]
[step-1] ls -l /tekton/steps
[step-1] total 0
[step-1] lrwxrwxrwx. 1 root 1000720000 20 Jul 3 02:55 0 -> /tekton/run/0/status
[step-1] lrwxrwxrwx. 1 root 1000720000 20 Jul 3 02:55 1 -> /tekton/run/1/status
[step-1] lrwxrwxrwx. 1 root 1000720000 20 Jul 3 02:55 step-step-1 -> /tekton/run/0/status
[step-1] lrwxrwxrwx. 1 root 1000720000 20 Jul 3 02:55 step-step-2 -> /tekton/run/1/status
[step-2] pwd
[step-2] /workspace/src/step-2
用 result 保存 Task 中字符串
可以用 Task 的 results 保存任务中的字符内容,内容会被写入名为“results.<RESULT-NAME>.path”的文件中,字符内容不能超过 4096 个字节。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: task-result
spec:
results:
- name: current-date-unix-timestamp
- name: current-date-human-readable
steps:
- name: print-date-unix-timestamp
image: bash:latest
script: |
#!/usr/bin/env bash
date +%s | tee $(results.current-date-unix-timestamp.path)
echo $(results.current-date-unix-timestamp.path)
- name: print-date-human-readable
image: bash:latest
script: |
#!/usr/bin/env bash
date | tee $(results.current-date-human-readable.path)
echo $(results.current-date-human-readable.path)
执行 Task 并查看结果。确认每个 “results.<RESULT-NAME>.path” 对应的是 “/tekton/results/<result-name>” 文件。
$ tkn task start task-result --showlog
TaskRun started: task-result-run-8gvll
Waiting for logs to be available...
[task-result-unix-timestamp] 1630845531
[task-result-unix-timestamp] /tekton/results/current-date-unix-timestamp
[task-result-human-readable] Sun Sep 5 12:38:52 UTC 2021
[task-result-human-readable] /tekton/results/current-date-human-readable
除了可以在 Task 级别使用 result,还可在 Pipeline 级别使用 result。可以在 Pipeline 中通过使用 “”$(tasks.<task-name>.results.<result-name>)" 访问到 Task 的 result。
在 Task 中不同的 Step 共享数据
由于同一 Task 中不同的 Step 是一个 Pod 中的多个 Container,因此这些 Step 可以利用 Pod 内部的存储共享数据。
使用 results 目录共享字符串数据
可以将字符串数据结果保存在 Task 的 results 区域,这些数据实际存放在 “/tekton/results/<RESULT-NAME>”文件里,而文件内容为共享的字符串数据。在 Step 中可以用 $(results.<RESULT-NAME>.path) 作为文件名获取到 “<RESULT-NAME>” 代表的字符串数据。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: sharing-message
spec:
results:
- name: shared-message
description: Message to be shared
steps:
- name: write
image: registry.access.redhat.com/ubi8/ubi-minimal
script: |
#!/usr/bin/env bash
echo "Secret Message" | base64 > $(results.shared-message.path)
ls -al $(results.shared-message.path)
- name: read
image: registry.access.redhat.com/ubi8/ubi-minimal
script: |
#!/usr/bin/env bash
cat $(results.shared-message.path)
执行结果
$ tkn task start sharing-message --showlog
TaskRun started: sharing-message-run-vcjj4
Waiting for logs to be available...
[write] -rw-r--r--. 1 root 1000760000 21 Sep 7 15:21 /tekton/results/shared-message
[read] U2VjcmV0IE1lc3NhZ2UK
使用 home 目录共享文件
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: sharing-by-home
spec:
steps:
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: write-file
script: |
#!/usr/bin/env bash
echo Hello Tekton > ~/hello.txt
ls -l ~/hello.txt
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: read-file
script: |
#!/usr/bin/env bash
cat ~/hello.txt
执行结果
$ tkn task start sharing-by-home --showlog
TaskRun started: sharing-by-home-run-4vrt5
Waiting for logs to be available...
[write-file] -rw-r--r--. 1 root 1000630000 13 Sep 6 09:30 /tekton/home/hello.txt
[read-file] Hello Tekton
利用 Pod 的 emptyDir 存储目录共享文件
在 Pod 级别定义名为“my-volume”的空卷,然后挂到对应“Step”对应的容器上。可以有多个不同的空卷,但是它们对应的Pod 上的存储是对应不同目录。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: sharing-by-volume
spec:
steps:
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: write
script: |
#!/usr/bin/env bash
echo hello > /var/write-volume/$(context.taskRun.uid)
ls -l /var/write-volume/
volumeMounts:
- mountPath: /var/write-volume
name: my-volume
- image: registry.access.redhat.com/ubi8/ubi
name: read
script: |
#!/usr/bin/env bash
ls -l /etc/read-volume/
cat /etc/read-volume/$(context.taskRun.uid)
volumeMounts:
- mountPath: /etc/read-volume
name: my-volume
volumes:
- emptyDir: {}
name: my-volume
$ tkn task start sharing-by-volume --showlog
TaskRun started: sharing-by-volume-run-9zxrq
Waiting for logs to be available...
[write] total 4
[write] -rw-r--r--. 1 root 1000750000 6 Sep 6 10:29 96313f65-bb96-478f-984a-8febe34d041d
[read] total 4
[read] -rw-r--r--. 1 root 1000750000 6 Sep 6 10:29 96313f65-bb96-478f-984a-8febe34d041d
[read] hello
Task 超时
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: task-timeout
spec:
steps:
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: sleep-then-timeout
script: |
#!/usr/bin/env bash
echo "I am supposed to sleep for 60 seconds!"
sleep 60
timeout: 5s
执行结果
$ tkn task start task-timeout --showlog
TaskRun started: task-timeout-run-jx2w5
Waiting for logs to be available...
[sleep-then-timeout] I am supposed to sleep for 60 seconds!
[sleep-then-timeout] 2021/09/04 12:32:31 Error executing command: context deadline exceeded
container step-sleep-then-timeout has failed : [{"key":"StartedAt","value":"2021-09-04T12:32:26.611Z","type":"InternalTektonResult"},{"key":"Reason","value":"TimeoutExceeded","type":"InternalTektonResult"}]
ClusterTask 和 Task
Tekton 的 ClusterTask 可以在任何项目中被使用,而一般的 Task 只能在对应的项目中被使用。
$ oc get clustertask
NAME AGE
argocd-task-sync-and-wait 20h
buildah 20h
buildah-1-7-0 20h
git-cli 20h
git-clone 20h
git-clone-1-7-0 20h
helm-upgrade-from-repo 20h
helm-upgrade-from-source 20h
jib-maven 20h
kn 20h
kn-1-7-0 20h
kn-apply 20h
kn-apply-1-7-0 20h
kubeconfig-creator 20h
maven 20h
maven-1-7-0 20h
openshift-client 20h
openshift-client-1-7-0 20h
pull-request 20h
s2i-dotnet 20h
s2i-dotnet-1-7-0 20h
s2i-go 20h
s2i-go-1-7-0 20h
s2i-java 20h
s2i-java-1-7-0 20h
s2i-nodejs 20h
s2i-nodejs-1-7-0 20h
s2i-perl 20h
s2i-perl-1-7-0 20h
s2i-php 20h
s2i-php-1-7-0 20h
s2i-python 20h
s2i-python-1-7-0 20h
s2i-ruby 20h
s2i-ruby-1-7-0 20h
skopeo-copy 20h
skopeo-copy-1-7-0 20h
tkn 20h
tkn-1-7-0 20h
trigger-jenkins-job 20h
查看 ClusterTask,可以看到在名为“openshift-client”的 ClusterTask 中使用了 “image-registry.openshift-image-registry.svc:5000/openshift/cli” 镜像。
$ oc get clustertask openshift-client -o yaml
。。。
spec:
description: |-
This task runs commands against the cluster provided by user and if not provided then where the Task is being executed.
OpenShift is a Kubernetes distribution from Red Hat which provides oc, the OpenShift CLI that complements kubectl for simplifying deployment and configuration applications on OpenShift.
params:
- default: oc help
description: The OpenShift CLI arguments to run
name: SCRIPT
type: string
- default: latest
description: The OpenShift Version to use
name: VERSION
type: string
steps:
- image: image-registry.openshift-image-registry.svc:5000/openshift/cli:$(params.VERSION)
name: oc
script: |
#!/usr/bin/env bash
[[ "$(workspaces.manifest-dir.bound)" == "true" ]] && \
cd $(workspaces.manifest-dir.path)
[[ "$(workspaces.kubeconfig-dir.bound)" == "true" ]] && \
[[ -f $(workspaces.kubeconfig-dir.path)/kubeconfig ]] && \
export KUBECONFIG=$(workspaces.kubeconfig-dir.path)/kubeconfig
$(params.SCRIPT)
workspaces:
- description: The workspace which contains kubernetes manifests which we want to apply on the cluster.
name: manifest-dir
optional: true
- description: The workspace which contains the the kubeconfig file if in case we want to run the oc command on another cluster.
name: kubeconfig-dir
optional: true
运行上面的ClusterTask,确认运行结果。
$ tkn clustertask start openshift-client -p SCRIPT="oc version" --showlog --use-param-defaults
? Do you want to give specifications for the optional workspace `manifest-dir`: (y/N) N
? Do you want to give specifications for the optional workspace `kubeconfig-dir`: (y/N) N
TaskRun started: openshift-client-run-2spwv
Waiting for logs to be available...
[oc] Client Version: 4.10.0-202205311508.p0.g878f5a8.assembly.stream-878f5a8
[oc] Kubernetes Version: v1.23.5+3afdacb
Pipeline 运行 Task 的顺序
先创建以下 Task
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: say-something
spec:
params:
- name: say-what
description: What should I say
default: hello
type: string
- name: pause-duration
description: How long to wait before saying something
default: '0'
type: string
steps:
- name: say-it
image: registry.access.redhat.com/ubi8/ubi-minimal
command:
- /bin/bash
args: ['-c', 'sleep $(params.pause-duration) && echo $(params.say-what)']
并行运行 Task
创建以下可并行运行 4 个 Task 的 Pipeline。
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: say-things-in-parallel
spec:
tasks:
- name: task-1
params:
- name: say-what
value: "Hello, this is the task 1"
- name: pause-duration
value: "1"
taskRef:
name: say-something
- name: task-2
params:
- name: say-what
value: "Hello, this is the task 2"
- name: pause-duration
value: "1"
taskRef:
name: say-something
- name: task-3
params:
- name: say-what
value: "Hello, this is the task 3"
- name: pause-duration
value: "1"
taskRef:
name: say-something
- name: task-4
params:
- name: say-what
value: "Hello, this is the task 4"
- name: pause-duration
value: "1"
taskRef:
name: say-something
多运行几次 pipeline ,可以看到 Task 执行的顺序是不确定的。
$ tkn pipeline start say-things-in-parallel --showlog
PipelineRun started: say-things-in-parallel-run-rp2kw
Waiting for logs to be available...
[task-3 : say-it] Hello, this is the task 3
[task-4 : say-it] Hello, this is the task 4
[task-1 : say-it] Hello, this is the task 1
[task-2 : say-it] Hello, this is the task 3
串并运行 Task
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: say-things-in-order
spec:
tasks:
- name: task-1
params:
- name: pause-duration
value: "2"
- name: say-what
value: "Hello, this is the first task"
taskRef:
name: say-something
- name: task-2
params:
- name: say-what
value: "Happening after task 1, in parallel with task 3"
- name: pause-duration
value: "2"
taskRef:
name: say-something
runAfter:
- task-1
- name: task-3
params:
- name: say-what
value: "Happening after task 1, in parallel with task 2"
- name: pause-duration
value: "1"
taskRef:
name: say-something
runAfter:
- task-1
- name: task-4
params:
- name: say-what
value: "Happening after task 2 and 3"
taskRef:
name: say-something
runAfter:
- task-2
- task-3
执行并确认结果,其中 task1 最先执行,task4 最后执行,task2 和 task3 并行执行。
$ tkn pipeline start say-things-in-order --showlog
PipelineRun started: say-things-in-order-run-4rkzz
Waiting for logs to be available...
[task-1 : say-it] Hello, this is the first task
[task-3 : say-it] Happening after task 1, in parallel with task 2
[task-2 : say-it] Happening after task 1, in parallel with task 3
[task-4 : say-it] Happening after task 2 and 3
使用 PipelineResources 访问外部资源
注意:PipelineResources 即将被 Tekton 废除。详细替代方案见 https://tekton.dev/docs/pipelines/migrating-v1alpha1-to-v1beta1/#replacing-pipelineresources-with-tasks
用 Workspace 共享数据
Workspace 允许 Task 声明文件系统,文件系统由 TaskRun 运行期间提供。TaskRun 可以通过多种方式供应文件系统:使用只读的 ConfigMap 或 Secret、与其他 Task 共享的现有的 PersistentVolumeClaim,或者是一个在 TaskRun 完成后被丢弃的 emptyDir。
-
PVC 可用在 Pipeline 的不同 Task 之间共享文件数据
name=my-pvc,claimName=pvc1[,subPath=dir] -
Secret 可用在 Pipeline 的不同 Task 之间共享 Secret 数据
name=my-secret,secret=secret-name -
ConfigMap 可用在 Pipeline 的不同 Task 之间共享 ConfigMap 数据
name=my-config,config=rpg[,item=ultimav=1] -
emptyDir emptyDir 字段引用一个 emptyDir 卷,它持有一个临时目录,其寿命与调用它的 TaskRun 一样长。emptyDir 卷不适合在一个管道内的任务之间共享数据。然而,它们对于单个任务运行来说效果很好,因为存储在 emptyDir 中的数据需要在任务的步骤中共享,并在执行后被丢弃。
name=my-empty-dir,emptyDir=“”
创建 PVC 资源
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pipeline-pvc-1
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
在 Pipeline 中不同的 Task 读写同一文件
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: write-file
spec:
workspaces:
- name: write-dir
steps:
- name: write
image: registry.access.redhat.com/ubi8/ubi
command:
- /bin/bash
args: ['-c', 'echo hello > $(workspaces.write-dir.path)/hello.txt && echo done']
- image: registry.access.redhat.com/ubi8/ubi
name: print-dir
script: |
#!/usr/bin/env bash
echo [ls -l $(workspaces.write-dir.path)]
ls -l $(workspaces.write-dir.path)
echo workspaces.write-dir.bound=$(workspaces.write-dir.bound)
echo workspaces.write-dir.claim=$(workspaces.write-dir.claim)
echo workspaces.write-dir.volume=$(workspaces.write-dir.volume)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: read-file
spec:
workspaces:
- name: read-dir
steps:
- name: read
image: registry.access.redhat.com/ubi8/ubi
command:
- /bin/bash
args: ['-c', 'cat $(workspaces.read-dir.path)/hello.txt']
- image: registry.access.redhat.com/ubi8/ubi
name: print-dir
script: |
#!/usr/bin/env bash
echo [ls -l $(workspaces.read-dir.path)]
ls -l $(workspaces.read-dir.path)
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: workspaces-sharing
spec:
workspaces:
- name: pipeline-ws
tasks:
- name: write-file
taskRef:
name: write-file
workspaces:
- name: write-dir
workspace: pipeline-ws
- name: read-file
taskRef:
name: read-file
workspaces:
- name: read-dir
workspace: pipeline-ws
runAfter:
- write-file
执行结果:
$ tkn pipeline start workspaces-sharing -w name=pipeline-ws,claimName=pipeline-pvc-1 --showlog
PipelineRun started: workspaces-sharing-run-5scgt
Waiting for logs to be available...
[write-file : write] done
[write-file : print-dir] [ls -l /workspace/write-dir]
[write-file : print-dir] total 20
[write-file : print-dir] -rw-r--r--. 1 root 1000720000 6 Jul 3 14:29 hello.txt
[write-file : print-dir] drwxrws---. 2 root 1000720000 16384 Jul 3 14:29 lost+found
[write-file : print-dir] workspaces.write-dir.bound=true
[write-file : print-dir] workspaces.write-dir.claim=pipeline-pvc-1
[write-file : print-dir] workspaces.write-dir.volume=ws-wtcjk
[read-file : read] hello
[read-file : print-dir] [ls -l /workspace/read-dir]
[read-file : print-dir] total 20
[read-file : print-dir] -rw-rw-r--. 1 root 1000720000 6 Jul 3 14:29 hello.txt
[read-file : print-dir] drwxrws---. 2 root 1000720000 16384 Jul 3 14:29 lost+found
更改 Workspace 挂载资源位置
可以使用“mountPath”参数更改 Workspace 的挂载的目录位置。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: change-ws-mountpath
spec:
steps:
- image: registry.access.redhat.com/ubi8/ubi-minimal
name: write-message
script: |
#!/usr/bin/env bash
pwd
echo $(workspaces.my-ws.path)
workspaces:
- mountPath: /custom/path/relative/to/root
name: my-ws
执行结果
$ tkn task start change-ws-mountpath --showlog -w name=my-ws,claimName=pipeline-pvc-1
TaskRun started: change-ws-mountpath-run-hdkc7
Waiting for logs to be available...
[write-message] /
[write-message] /custom/path/relative/to/root
使用 Workspace 的 subPath
如果没有设置“subPath”,数据将写入 Task 对应容器的"/workspace/<WORKSPACE-NAME>"目录下,如果设置了“subPath”,则数据则写到“/workspace/<WORKSPACE-NAME>/<SUBPATH>"目录下。
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: write
spec:
steps:
- name: write
image: registry.access.redhat.com/ubi8/ubi-minimal
script: |
#!/usr/bin/env bash
echo $(date +%N) > $(workspaces.write-ws.path)/foo
ls -l $(workspaces.write-ws.path)/foo
cat $(workspaces.write-ws.path)/foo
workspaces:
- name: write-ws
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: read-both
spec:
params:
- name: directory1
type: string
- name: directory2
type: string
workspaces:
- name: read-ws
steps:
- name: read
image: ubuntu
script: |
#!/usr/bin/env bash
ls -l $(workspaces.read-ws.path)/$(params.directory1)/foo
ls -l $(workspaces.read-ws.path)/$(params.directory2)/foo
cat $(workspaces.read-ws.path)/$(params.directory1)/foo
cat $(workspaces.read-ws.path)/$(params.directory2)/foo
rm -rf $(workspaces.read-ws.path)/$(params.directory1)/*
rm -rf $(workspaces.read-ws.path)/$(params.directory2)/*
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: change-ws-subpath
spec:
workspaces:
- name: ws
tasks:
- name: write-1
taskRef:
name: write
workspaces:
- name: write-ws
workspace: ws
subPath: dir-1
- name: write-2
runAfter:
- write-1
taskRef:
name: write
workspaces:
- name: write-ws
workspace: ws
subPath: dir-2
- name: read-all
runAfter:
- write-2
params:
- name: directory1
value: dir-1
- name: directory2
value: dir-2
taskRef:
name: read-both
workspaces:
- name: read-ws
workspace: ws
执行 pipeline,确认在2次 write 过程是看不到 subpath(但实际上有,因此 2 次 write 的文件内容不同),而 read-both 则会全部显示。
$ tkn pipeline start change-ws-subpath --showlog -w name=ws,claimName=pipeline-pvc-1
PipelineRun started: change-ws-subpath-run-psnqn
Waiting for logs to be available...
[writer-1 : write] -rw-rw-r--. 1 root 1000760000 4 Sep 7 11:58 /workspace/write-ws/foo
[writer-2 : write] -rw-rw-r--. 1 root 1000760000 4 Sep 7 11:58 /workspace/write-ws/foo
[read-all : read] -rw-rw-r--. 1 root 1000760000 4 Sep 7 11:58 /workspace/read-ws/dir-1/foo
[read-all : read] -rw-rw-r--. 1 root 1000760000 4 Sep 7 11:58 /workspace/read-ws/dir-2/foo
也可用以下命令单独运行每个 Task。
$ tkn task start write --showlog -w name=write-ws,claimName=pipeline-pvc-1,subPath=dir-1
$ tkn task start write --showlog -w name=write-ws,claimName=pipeline-pvc-1,subPath=dir-2
$ tkn task start read-both --showlog -w name=read-ws,claimName=pipeline-pvc-1 -p directory1=dir-1 -p directory2=dir-2
关联 Workspace 和 PVC
使用 PVC 模板
- 命令引用方式
$ tkn pipeline start PIPELINE-NAME -w name=WORKSPACE-NAME,volumeClaimTemplateFile=PVC-FILE.yaml
- 文件引用方式
。。。
workspaces:
- name: WORKSPACE-NAME
volumeClaimTemplate:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: PVC-NAME
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
。。。
$ oc get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
PVC-NAME Bound pvc-910260a3-3adc-4426-a95a-b6bb940a6179 1Gi RWO gp2 26m
使用 PVC 对象
- 命令引用方式
$ tkn pipeline start PIPELINE-NAME -w name=WORKSPACE-NAME,claimName=PVC-NAME
- 文件引用方式
。。。
workspaces:
- name: PIPELINE-NAME
persistentVolumeClaim:
claimName: PVC-NAME
。。。
参考
https://tekton.dev/docs/pipelines/migrating-v1alpha1-to-v1beta1
https://github.com/tektoncd/pipeline/blob/main/docs/tutorial.md
https://github.com/joellord/handson-tekton
https://github.com/joellord/tekton-lab
https://books.google.com.hk/books?id=hQg8EAAAQBAJ&pg=PR15&lpg=PR15&dq=Building+CI/CD+systems+using+Tekton+book+download+pdf&source=bl&ots=3tAy-keCOB&sig=ACfU3U2zEdQRI8uQBOVPKxkTqNYdhGig2A&hl=zh-CN&sa=X&redir_esc=y&sourceid=cndr#v=twopage&q&f=false
https://github.com/joellord/handson-tekton/tree/master/demo
https://redhat-scholars.github.io/tekton-tutorial/tekton-tutorial/workspaces.html
https://github.com/tektoncd/pipeline/tree/main/examples/v1beta1