案例环境说明
-
示例项目:
代码仓库:https://gitee.com/mageedu/spring-boot-helloWorld.git
构建工具maven
-
pipeline各Task
-
git-clone:克隆项目的源代码
-
build-to-package: 代码测试,构建和打包
-
generate-build-id:生成build id
-
image-build-and-push:镜像构建和推送
-
deploy-to-cluster:将新版本的镜像部署到kubernetes集群
-
-
Workspace
- 基于PVC,跨task数据共享
2.2.5.2 pipeline完成Image构建,推送和部署
-
01-git-clone的Task
apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: git-clone spec: description: Clone code to the workspace params: - name: url type: string description: git url to clone default: "" - name: branch type: string description: git branch to checkout default: "main" workspaces: - name: source description: The code repo will clone in the workspace steps: - name: git-clone image: alpine/git:v2.36.1 script: git clone -b $(params.branch) -v $(params.url) $(workspaces.source.path)/source -
02–build-to-package.yaml
apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: build-to-package spec: workspaces: - name: source description: The code repo in the workspaces steps: - name: build image: maven:3.8-openjdk-11-slim workingDir: $(workspaces.source.path)/source volumeMounts: - name: m2 mountPath: /root/.m2 script: mvn clean install # 定义volume提供maven cache,但是前提得创建出来maven-cache的pvc volumes: - name: m2 persistentVolumeClaim: claimName: maven-cache -
03-generate-build-id.yaml
apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: generate-build-id spec: params: - name: version description: The version of the application type: string results: - name: datetime description: The current date and time - name: buildId description: The build ID steps: - name: generate-datetime image: ikubernetes/admin-box:v1.2 script: | #!/usr/bin/env bash datetime=`date +%Y%m%d-%H%M%S` echo -n ${datetime} | tee $(results.datetime.path) - name: generate-buildid image: ikubernetes/admin-box:v1.2 script: | #!/usr/bin/env bash buildDatetime=`cat $(results.datetime.path)` buildId=$(params.version)-${buildDatetime} echo -n ${buildId} | tee $(results.buildId.path) -
04-build-image-push.yaml
要想能推送镜像到镜像仓库,必须创建一个secret对象,挂在到kaniko的/kaniko/.docker目录下,具体创建secret的方法有两种:
1、先在一台机器上login镜像仓库,这里以dockerhub为例,将会把认证文件保存在
~/.docker/config.json:
-
基于config,json创建sectet,这里的secret的类型选择generic
kubectl create secret generic docker-config --from-file=/root/.docker/config.json2、先基于user/password创建一个base64:
echo -n USER:PASSWORD | base64创建一个config.json,然后将创建出来的base64替换到下面xxxxxxxxxxxxxxx
{ "auths": { "https://index.docker.io/v1/": { "auth": "xxxxxxxxxxxxxxx" } } }最后创建一个secret
kubectl create secret generic docker-config --from-file=<path to .docker/config.json> -
05-deploy-task.yaml
apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: deploy-using-kubectl spec: workspaces: - name: source description: The git repo params: - name: deploy-config-file description: The path to the yaml file to deploy within the git source - name: image-url description: Image name including repository - name: image-tag description: Image tag steps: - name: update-yaml image: alpine:3.16 command: ["sed"] args: - "-i" - "-e" - "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g" - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)" - name: run-kubectl image: lachlanevenson/k8s-kubectl command: ["kubectl"] args: - "apply" - "-f" - "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)" -
06-pipelinerun-s2i.yaml
apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: source-to-image spec: params: - name: git-url - name: pathToContext description: The path to the build context, used by Kaniko - within the workspace default: . - name: image-url description: Url of image repository - name: deploy-config-file description: The path to the yaml file to deploy within the git source default: all-in-one.yaml - name: version description: The version of the application type: string default: "v0.10" workspaces: - name: codebase - name: docker-config tasks: - name: git-clone taskRef: name: git-clone params: - name: url value: "$(params.git-url)" workspaces: - name: source workspace: codebase - name: build-to-package taskRef: name: build-to-package workspaces: - name: source workspace: codebase runAfter: - git-clone - name: generate-build-id taskRef: name: generate-build-id params: - name: version value: "$(params.version)" runAfter: - git-clone - name: image-build-and-push taskRef: name: image-build-and-push params: - name: image-url value: "$(params.image-url)" - name: image-tag value: "$(tasks.generate-build-id.results.buildId)" workspaces: - name: source workspace: codebase - name: dockerconfig workspace: docker-config runAfter: - generate-build-id - build-to-package - name: deploy-to-cluster taskRef: name: deploy-using-kubectl workspaces: - name: source workspace: codebase params: - name: deploy-config-file value: $(params.deploy-config-file) - name: image-url value: $(params.image-url) - name: image-tag value: "$(tasks.generate-build-id.results.buildId)" runAfter: - image-build-and-push -
07-rbac.yaml
因为06task的容器要执行kubectl,所以,给这个pod要指定一个serviceaccount,这样才能操作集群的资源
--- apiVersion: v1 kind: ServiceAccount metadata: name: helloworld-admin --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: helloworld-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: helloworld-admin namespace: default -
08-pipelinerun-s2i.yaml
apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: name: s2i-buildid-run-00002 spec: serviceAccountName: default taskRunSpecs: - pipelineTaskName: deploy-to-cluster taskServiceAccountName: helloworld-admin pipelineRef: name: source-to-image params: - name: git-url value: https://gitee.com/mageedu/spring-boot-helloWorld.git - name: image-url value: icloud2native/spring-boot-helloworld - name: version value: v0.1.2 workspaces: - name: codebase volumeClaimTemplate: spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: nfs-csi - name: docker-config secret: secretName: docker-config运行:
kubectl apply -f .结果:
- 整个pipeline执行成功
2、image推送到dockerhub
3、查看部署
更多关于tekton文章,后续更新。。。
- 整个pipeline执行成功
![[NOIP2002 普及组] 过河卒](https://img-blog.csdnimg.cn/b816aaea74df43e99e02192b8569591a.png)
