Tekton 是一个功能强大且灵活的Kubernetes 原生开源框架,用于创建持续集成和交付(CI/CD)系统。使用前需要先学习Kubernetes。
官方git:https://github.com/tektoncd
需要多看官方文档和示例。
以下所有yaml,包括yaml内部使用的其他镜像,都存在google上,需要翻墙。可以先下载下来所有用到的yaml和镜像,再更改路径
1、安装Tekton Pipelines
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
安装后查看
kubectl get pod -n tekton-pipelines
看到 tekton-pipelines-controller 和 tekton-pipelines-webhook,正常running,则安装成功
2、安装Tekton CLI
curl -LO https://github.com/tektoncd/cli/releases/download/v0.11.0/tkn_0.11.0_Linux_x86_64.tar.gz
sudo tar xvzf tkn_0.11.0_Linux_x86_64.tar.gz -C /usr/local/bin/ tkn
看到tkn命令可以正常执行,则安装成功
3、安装Tekton Dashboard
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
安装后查看
kubectl get pod -n tekton-pipelines
看到 tekton-dashboard 正常running,则安装成功
浏览器访问http://{masterIp}:30097/
有页面弹出来的:
4、自动拉取git代码 -> 打成镜像
Tekton定义了Task, TaskRun, Pipeline, PipelineRun, PipelineResource 五类核心资源。每个资源可以用yaml来表示。Tekton通过对Task和Pipeline的抽象,我们可以定义出任意组合的pipeline模板来完成各种各样的CICD任务。通过TaskRun,PipelineRun,PipelineResource可以将这些模板套用到各个实际的项目中。
用到的yaml:
git路径,PipelineResource
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git17 #资源名,后面用到
spec:
type: git
params:
- name: revision
value: master #git分支
- name: url
value: git@git.123.com:xxx/yyy.git #git地址
image路径,PipelineResource
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: image17 #资源名,后面用到
spec:
type: image
params:
- name: url
value: hub.123.com/serverless_image/xxx #目标镜像地址
git认证,Secret。 git生成ssh key
apiVersion: v1
kind: Secret
metadata:
name: git-ssh #资源名,后面用到
annotations:
tekton.dev/git-0: git.123.com #git仓库
type: kubernetes.io/ssh-auth
data:
ssh-privatekey: xxxxxxxxRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBOTZSeUVRSi9ONmw2NjJDM1FHekI4RnVQUEJYQ0RXRWZXSWxVSEoyOVl6UFhwZEpiCjlNclB3amR6aTZ0NEp5cFlTM0gzMUJudzJoT0Z5YXpJU1ltRGh0ODI5cEo3YWM0RkEwdUZ0RXhxQzMyYWNQSGkKVlVJK2gwVytpdHJ2b1VqM0JmTkVLZmVnVGpSUVZiM2x5NEhHbmJ4cUVycUEyTHpDR0huM2l2NEgySlg3bkNMdgp5N1NESHlTdis1bGJBRldKUXIyTnU3Y2I4RFc5aFNXK1lnbnNtVTdLWEJXL1JaUE9hZStWcnQ0Rk0rWkY2WkxGCjhzODI5aDJ1K3BDWVEzMXQyOVpHRnovbmpRMFpkQU1weWVZK2tFYllGc3hQamx2OUltTWUxcW9ubHRjblpUTWcKbGZKaEQ2a0pQdExIM1c4RlY4anBQMHMycUVqcmNDenplMVQyL29NME1yR1cvNml0NVNwanZWWEhOdSt6bmhragp3Umk4aXNuNDZXaDlLTnl5K1NSSHF4Z2U0dEIwYU5jTE5xbFBBb3p3M0NMMTFHMnNpS2plZExna1NYUDhWMUxsCkhqYzBQbUxOOGRhOE1aaFJCeG9hTCtrQjZZN05DMVJoVDlvWDBwRi9ObkFhaEJINlFoU2NnNy8zRkp0OWpmVXUKVERGaHVSenRYUjc0aWVoejhkYmt3YTFxSk1QRVNyVFUvNUJoc1V0Yk9zRzdoWHVHM1RkVExYWWhnWlY1cE1pMgptZGtSOW9nR3pQQWdON2cwQy90NTFUUmpTelB1eHNWcGwzcmpkTDNyUHRIOWErY0xtdGF4SEpEUWh2T3dsVGFhClhhaklXVDNRWU9VS3dIZGlRMnlpRkp1SHIxRnFhUWRYTnBEVEI0enhJUzRsQ1BId3NKSHNHbitoZzRjQ0F3RUEKQVFLQ0FnRUEza1BOVVRFQmg2N29zVHYwSGJHL2U0QmlGWmFkdmE1dkdPTGhDSElYV21OY2FPdGVOMTZVakFlRApBRmZkRnFIdDc0RVI0MStKQ2VJOTBSM3dBZmlYZ1VUMHF1Z2NOb0YvaEU2VGFaaXdFVElobkwrczJjTUVKaHRXCkFvQ3dWUDBOSVYwT3orLytCRkwxeTQ4T0lkS1B0bUUyZnlxL25FZ0dtVHRYRDN3akJLVFEySG1PNmpGUkFuSEcKTmJhVnM3NFIzVUlPWk8zYStJVHpYZjdiV2xqMzd6MkZhSkxvUW9WLzNScjVLS01DM21zT1VxNjJWZERmenBRagp5YVpmMHl0UG4rRTR0WU5ZeXdOMzFlVkU2MzVvcHN1L0JPOUpkRWRoOGl3dXNKSzF4Ni9DSHhWOWFMZkxuK2VpCmNhMXpUMjVteUR4K0JKMzRKNkNURi9Kd2NrQjNFWUltcjF2d2g1bHViT3hsd1QvNEpQSGUyU2xwNXhuZWRaTmEKcWJmSHltZ2ZsMjFpSHUrOFYyL21uT0VuWGU0cENrcXQ2ZTBSYnNHSnRPVDBvYkIzVU5RdmhpVmttN3VmZFRQSworRjZHbGpNTVRlWWpGMUpNV2o4NnJEZjZlSnVZZGZLbzNZU0ZEV29NWkhhUFB3cGtMaVVtMHBSbmdPRk9CRnRjCnpwODhiLzlGd0Q4VTJ1SWtZL3p6ODIwVzBOVE93YzAwMVgwQ0txN2J6YXRlZzE5Y2ZSYko5NkZvQy8yenVpbFYKL04vK0lKNFZ2cm1BR3k2d0h5cjVydFRvS0dDMEhFSFVqZjJGWHpYQ2ovNmI5Y3ZRSVJiaGlHM25Ec0twQzB6RApzL2NpRVVuNURmQUo3bmVqanRaUTNLU1F3WE1acy9lM3dpYW8wL2prRDBZY1E2UDJFNUVDZ2dFQkFQNkVSTWk3Cm5uVFNHd2hkbzhIR0lyN3M4V29QcnZpcTg0SUFHNW5ZT2lMTDgvL2Q2NFhSdUlTQnN2UFFrcE5YZHJxVC9lU1kKZWVNTG5KNnJqU2RpSzJOdGdZM0lTcENGUmpPVjBSZmVZbFVEUTYxeDY1Y3hiNjJhWjZtVy9IMVg0QzJoOWRPVgo5aTZBTEFJT0Jyem9VMjdTbCtweXB6UU1IQUIvcm9RY2I3czdpZXN3T3NHUUZ6M3dGUFphdE1JMHowWVM5YjAvCll3ZjF2clc5ZWc4MG1JRzgrbGd1Z0YwOEE2REFQN0g4TDlFdEJUQndjMmVoVHlSWGhXSUZTRzJ1V3lWNEZObTkKZzRLRmFGOTU3TWlwb1cyZU1ENVlIVzZoTWhnS3ZKN3psclpKY25CUk5tVHhQa2Z0VlVIVTJVUXUwVzk3RzVTSQo5bjlhNHEvM3FZclkrZDhDZ2dFQkFQa1Y2NjIyRWdYOW9YSHdxWjZNUDhjU01HKy8yNnYwUzJBZDViWTdDd0hQCkxBdnFwVW9NcjlNMzIrZXRDYTl4VUdYdmtza1VrcVF1d09wZFdsellhWlBKdEtRNFI2R3NXK0lkZXBCWW1ub1EKclNLTmVpZUo0OU9vazhtY0NaNVptbEI1NE16NCtiMWNmVGNWOU14OERyUHhVTHgxWXNvUHozb3RuakF6VWE1cwp3SFUvTmFwOVMwbWFpSGwvczh0NWNzSFRNblRFdXZ1QVAyOGdXRjR1dDhtUkZ3RFZpNFE0SW9ERnNQWVNwMzhJCjRzQm5yWXEyUk9jdFZTM3ZHQzRJcWhFTjI5NlEyTGxtekJOTVdwcWZ3TDB1VHRoL3J2aEVHcFZuMXhZWERvdFMKL1BKWFcvblV2YlNyak5FcHBBVEpRdUh2OWtkTkdtMG5UQkNhaFpOcisxa0NnZ0VCQU5EemJqVU9NeXpkUVd4QQoxQ3hGcWtqczVkV1pRcURNV0ZZbUdJTFpUZ0U3Ui9xTUNzdzJQVElyK09yS0ZVdjV4bk92QkFZa1dBemFmNTZVCllMSXdta1pxcEszdC9hbGdnUjNncFdUZklnT0JScEtpc0RQVVZrZEVPRTYyc2x1RlJYcXhPTXlZbFIvZ0FrRTkKbXJLRVdkcmw4ZXA4Ym1FQWdBeTR4bUdYcHZNa0VqcVB3ZTBmaXJWQzRUTFBqUTdUcEVkM1VXQXBKZmhtL0ViZwpZOUVQOFJTeVBTVWdLQ3BqRnVkbWJlU0ZrZ3c4MWNISzBEUUg3cDE3YlBub05HbzNkb1R3Yk0zR0ZLMlhNUFVSCmVCL1ZnNzRtM0p5U1lyZHNoMS9Oa01VK1hrRVJVMjU2ZmhtcEpPU1FLQ3Avd0UrRjBGT2gwaWJEdXZzYmRuZlkKNzh3YURpa0NnZ0VBRWRvUlZ4VGFlOVZ1c2JUVzQwY1g5eE9GcHl5ditNWDhkUG9Qa1p6dnNBU0NHcVNKamlJVQpvK1czL0FXNTBQb2xFZmsyb3ZTM2djN2NBckFJSHVsZnY3alFHb2p5RVZOQ0RwV2dTQ0loaUNnVDBJc2xPeG8xCjJ1Q1ZIdmp3ODRsbWR1Z1ZSWHQrb3FTelVMUmhKQnFzRHhkM2V0cEs1MEowMDBQYnQ0YW1Ed002VSt6ZzBzUkMKRmhkZU9wNzlhdExjZDZuRVR2d2VqcEhsZWZodWZPbUtRSWNHaUFmR0JRYms2aWZCQkJIWU1WR1l0c04zZTU2TwpsNmIzR09DdThmV3JBcWZrbnpId1puRklwUVZ1NVBBWUp6YmZiY0xRN25nckU1UXFwU21uNERKbGNKVDBRWmFPCnRoa3BjWUF6Z2loT2c5VG42THBNNzQvR2N0WXdScDJSbVFLQ0FRQmxCOUdJZHR5YWFldlJnbkRyVVExSUxFUi8KdHY2WlRmNmlDcFJCc0t4b29VZjNLL2NPSjl4UjA2MGUvSVdabWVNNVcwVnRKQXZzdytyMThieGZvS2VsRndqVAo0NnpnL2pwTS9ZTGdkY0lWS29nQ3labFd4a1BtWWYvSTRMcXpQMHpUdUt1T0tIY1MzUFlFRjdydzVKYVFFMUhQCm93bjdtdXRPL3V4WkZhdTBOS3FMTW9JWERBRG56YzAzMXo0UTUyRFlNdXpTSnlwQlJIcU5JdDJqRzhQZWgvV2oKbWNRdGtUaHd6UTNzK2E3REU0MTBXRGR2OC9Oc283Wm9rU2xhek9Vc3VLRHc0MG5zV2RlMUVsSzBhSWg2UUtHRgovOHdmcldCa0NobFJYSUswVGRMeDdRcGhCcEhnV1hFZmtqbUFXaWRnQ2k2Z0RLQUhXVkd1NFRlZ2ZGbjEKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
known_hosts: yyyyyyyydXNvZnQuY29tIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRRHZIVklmakRaMnlVZW41OHcvZHJhQVJnR3NzamVTaE0rS2Mra0RJc21oMHM3UWVZcXBVeS9VLzljVVZvYjdoQzF4UkhzODFsc2hjZFhJM2NVL3VGUyt2YTUyaTVoRzJZQlMwNnVpbnJOTUIrcDgwVXh4alpERlVTUjNzV1hhOVdsR1M0V2lFMjN5cmY4UWhKZXNOZFg1RTNlYjMyRCtVMlBmWGRhV1FwcEMzM0JBOTRPMXpTK0dQUVlJUS9mbDdPdzBlcWtvUCtpMmI1WUZEMTUweEhxVVlCVzIrRE1hYmNvREVPUDFoOVdLVG9EL1ZNM3RZRmFIZzl1dnl2VGZuaktRQkNCVUU4cWJtV3VyRExybm8xOFZFeDJkL1lpT3JORDBsdDlBc1YwNnJWWGpnN3ZOSlRQTDFkUGx3cmNDV3lUUUZxRVNDMEt3RHNjTnNCNEtiVUpqCmdpdC4xN3Vzb2Z0LmNvbSBlY2RzYS1zaGEyLW5pc3RwMjU2IEFBQUFFMlZqWkhOaExYTm9ZVEl0Ym1semRIQXlOVFlBQUFBSWJtbHpkSEF5TlRZQUFBQkJCSFhlMlhYbzJ2eURScWRONUhTZ0MzMlMwK2F1TnA4cFJ6LzBYTVpnL2JLQmJadXpmWVYvc2ZFTzhiYmlJbG5iR3A0eW9OdVBTOFFvaW00dEZlVjlpRTA9CmdpdC4xN3Vzb2Z0LmNvbSBzc2gtZWQyNTUxOSBBQUFBQzNOemFDMWxaREkxTlRFNUFBQUFJREp1TkpVYVoyK2NQemtyRkpPbkN4cEIyUUhIamRBMWRwdXNLNjBZaHM5Sgo=
镜像仓库认证,Secret
apiVersion: v1
kind: Secret
metadata:
name: regcred #资源名,后面用到
annotations:
tekton.dev/docker-0: https://hub.123.com #目标镜像仓库地址
type: kubernetes.io/basic-auth
stringData:
username: "robot$docker_reg_robot"
password: "xxxyyy"
认证账号,ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: serverless-default-account #资源名,后面用到
secrets:
- name: regcred #镜像仓库认证
- name: git-ssh #git仓库认证
git到镜像,Task
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-docker-image-from-git-source #资源名,后面用到
spec:
params:
- name: pathToDockerFile
type: string
- name: pathToContext
type: string
resources:
inputs:
- name: git-source
type: git
outputs:
- name: builtImage
type: image
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:v0.16.0 #kaniko镜像
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- --dockerfile=$(params.pathToDockerFile)
- --destination=$(resources.outputs.builtImage.url)
- --context=$(params.pathToContext)
git到镜像,Taskrun
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-docker-image-from-git-source-task-run
spec:
serviceAccountName: serverless-default-account #认证账号
taskRef:
name: build-docker-image-from-git-source #用到的task
params:
- name: pathToDockerFile
value: Dockerfile
- name: pathToContext
value: $(resources.inputs.git-source.path)
resources:
inputs:
- name: git-source
resourceRef:
name: git17 #git资源
outputs:
- name: builtImage
resourceRef:
name: image17 #image资源
将以上资源依次运行:kubectl -apply -f xxx.yml
tkn taskrun describe build-docker-image-from-git-source-task-run
出现如下提示,表明taskrun运行成功