阿里雲Kubernetes服務上使用Tekton完成應用釋出初體驗
Tekton 是一個功能強大且靈活的 Kubernetes 原生開源框架,用於建立持續整合和交付(CI/CD)系統。透過抽象底層實現細節,使用者可以跨多雲平臺和本地系統進行構建、測試和部署。
本文是基於阿里雲Kubernetes服務部署Tekton Pipeline,並使用它完成原始碼拉取、應用打包、映象推送和應用部署的實踐過程。
Tekton Pipeline中有5類物件,核心理念是透過定義yaml定義構建過程.構建任務的狀態存放在status欄位中。
其中5類物件分別是:PipelineResouce、Task、TaskRun、Pipeline、PipelineRun。
Task是單個任務的構建過程,需要透過定義TaskRun任務去執行Task。
Pipeline包含多個Task,並在此基礎上定義input和output,input和output以PipelineResource作為交付。
PipelineResource是可用於input和output的物件集合。
同樣地,需要定義PipelineRun才會執行Pipeline。
1. 在阿里雲Kubernetes叢集中部署Tekton Pipeline
kubectl apply --filename
檢視Tekton Pipelines元件是否執行正常:
$ kubectl -n tekton-pipelines get po
NAME READY STATUS RESTARTS AGE
tekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25h
tekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h
2. 建立Git Resource, Registry Resource
編輯 git-pipeline-resource.yaml :
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-pipeline-resource
spec:
type: git
params:
- name: revision
value: tekton
- name: url
value:
git repo的分支名稱為 tekton 。
編輯 registry-pipeline-resource.yaml :
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: registry-pipeline-resource
spec:
type: image
params:
- name: url
value: registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo
容器映象倉庫地址為 http:// registry.cn-hangzhou.aliyuncs.com /haoshuwei/tekton-demo , 標籤為 latest
建立pipeline resource:
$ kubectl -n tekton-pipelines create -f git-pipeline-resource.yaml
$ kubectl -n tekton-pipelines create -f registry-pipeline-resource.yaml
檢視已建立的pipeline resource資源:
$ kubectl -n tekton-pipelines get PipelineResource
NAME AGE
git-pipeline-resource 2h
registry-pipeline-resource 2h
3. 建立Git Repo/Docker Registry Authentication
拉取私有git原始碼專案需要配置使用Git Repo Authentication;拉取和推送docker映象需要配置Docker Registry Authentication。在Tekton Pipeline中,Git Repo/Docker Registry Authentication會被定義成ServiceAccount來使用。
編輯 secret tekton-basic-user-pass-git.yaml :
apiVersion: v1
kind: Secret
metadata:
name: tekton-basic-user-pass-git
annotations:
tekton.dev/git-0:
type: kubernetes.io/basic-auth
stringData:
username: <cleartext non-encoded>
password: <cleartext non-encoded>
編輯 secret tekton-basic-user-pass-registry.yaml :
apiVersion: v1
kind: Secret
metadata:
name: tekton-basic-user-pass-registry
annotations:
tekton.dev/docker-0:
type: kubernetes.io/basic-auth
stringData:
username: <cleartext non-encoded>
password: <cleartext non-encoded>
編輯 serviceaccount tekton-git-and-registry.yaml :
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-git-and-registry
secrets:
- name: tekton-basic-user-pass-git
- name: tekton-basic-user-pass-registry
建立serviceaccount:
$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-git.yaml
$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-registry.yaml
$ kubectl -n tekton-pipelines create -f tekton-git-and-registry.yaml
檢視secret以及sa:
$ kubectl -n tekton-pipelines get secret
NAME TYPE DATA AGE
default-token-pwncj kubernetes.io/service-account-token 3 25h
tekton-basic-user-pass-git kubernetes.io/basic-auth 2 151m
tekton-basic-user-pass-registry kubernetes.io/basic-auth 2 151m
tekton-git-and-registry-token-tr95m kubernetes.io/service-account-token 3 151m
tekton-pipelines-controller-token-lc2fv kubernetes.io/service-account-token 3 25h
webhook-certs Opaque 3 25h
$ kubectl -n tekton-pipelines get sa
NAME SECRETS AGE
default 1 25h
tekton-git-and-registry 3 152m
tekton-pipelines-controller 1 25h
4. 配置serviceaccount tekton-git-and-registry獲取名稱空間tekton-pipelines的管理許可權用於部署應用
建立ClusterRoleBinding tekton-cluster-admin :
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-cluster-admin
subjects:
- kind: ServiceAccount
name: tekton-git-and-registry
namespace: tekton-pipelines
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
5. 建立一個Task
建立task build-app.yaml :
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-app
spec:
inputs:
resources:
- name: java-demo
type: git
params:
- name: pathToDockerFile
description: The path to the dockerfile to build
default: /workspace/java-demo/Dockerfile
- name: pathToContext
description: The build context used by Kaniko
default: /workspace/java-dem
- name: pathToYaml
description: The path to teh manifest to apply
outputs:
resources:
- name: builtImage
type: image
steps:
- name: build-mvn-package
image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-maven:3.3.9-jdk-8-alpine
workingDir: /workspace/java-demo
command:
- mvn
args:
- package
- -B
- -DskipTests
- name: build-docker-image
image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kaniko:0.6.0
command:
- kaniko
args:
- --dockerfile=${inputs.params.pathToDockerFile}
- --destination=${outputs.resources.builtImage.url}
- --context=${inputs.params.pathToContext}
- name: deploy-app
image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kubectl:1.11.5
command:
- kubectl
args:
- apply
- -f
- ${inputs.params.pathToYaml}
6. 建立TaskRun執行任務
建立taskrun build-app-task-run.yaml :
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: build-app-task-run
spec:
serviceAccount: tekton-git-and-registry
taskRef:
name: build-app
trigger:
type: manual
inputs:
resources:
- name: java-demo
resourceRef:
name: git-pipeline-resource
params:
- name: pathToDockerFile
value: Dockerfile
- name: pathToContext
value: /workspace/java-demo
- name: pathToYaml
value: /workspace/java-demo/deployment.yaml
outputs:
resources:
- name: builtImage
resourceRef:
name: registry-pipeline-resource
7. 檢視構建狀態以及日誌
檢視taskrun狀態:
$ kubectl -n tekton-pipelines get taskrun
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-app-task-run Unknown Pending 4s
檢視構建日誌:
$ kubectl -n tekton-pipelines get po
NAME READY STATUS RESTARTS AGE
build-app-task-run-pod-b8f890 3/5 Running 0 75s
tekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25h
tekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890
Error from server (BadRequest): a container name must be specified for pod build-app-task-run-pod-b8f890, choose one of: [build-step-git-source-git-pipeline-resource-77l5v build-step-build-mvn-package build-step-build-docker-image build-step-deploy-app nop] or one of the init containers: [build-step-credential-initializer-8dsnm build-step-place-tools]
mvn build的日誌:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-mvn-package
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building jenkins-demo-web 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] Downloading:
[INFO] Downloaded: (8 KB at 7.3 KB/sec)
[INFO] Downloading:
[INFO] Downloaded: (9 KB at 26.7 KB/sec)
[INFO] Downloading:
[INFO] Downloaded: (30 KB at 61.3 KB/sec)
[INFO] Downloading:
[INFO] Downloaded: (15 KB at 45.3 KB/sec)
....
docker build的日誌:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-docker-image
INFO[0000] Downloading base image tomcat
2019/05/06 11:58:46 No matching credentials were found, falling back on anonymous
INFO[0003] Taking snapshot of full filesystem...
INFO[0003] Skipping paths under /builder/home, as it is a whitelisted directory
INFO[0003] Skipping paths under /builder/tools, as it is a whitelisted directory
INFO[0003] Skipping paths under /dev, as it is a whitelisted directory
INFO[0003] Skipping paths under /kaniko, as it is a whitelisted directory
INFO[0003] Skipping paths under /proc, as it is a whitelisted directory
INFO[0003] Skipping paths under /run/secrets/kubernetes.io/serviceaccount, as it is a whitelisted directory
INFO[0003] Skipping paths under /sys, as it is a whitelisted directory
INFO[0003] Skipping paths under /var/run, as it is a whitelisted directory
INFO[0003] Skipping paths under /workspace, as it is a whitelisted directory
INFO[0003] Using files from context: [/workspace/java-demo/target/demo.war]
INFO[0003] ADD target/demo.war /usr/local/tomcat/webapps/demo.war
INFO[0003] Taking snapshot of files...
...
app-deploy的日誌:
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-637855 -c build-step-deploy-app
deployment.extensions/jenkins-java-demo created
service/jenkins-java-demo created
taskrun的完成狀態為True則構建部署過程完成:
$ kubectl -n tekton-pipelines get taskrun
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-app-task-run True 4m 2m
8. 小結
Tekton Pipeline中任務模板可以拿來複用,而不需要重複定義,另外透過CRD重新定義CI/CD是一大亮點,初學者可能會覺得有些繞。
持續實驗持續更新中。
本文為雲棲社群原創內容,未經允許不得轉載。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/69922229/viewspace-2644332/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 阿里雲應用高可用服務公測釋出阿里
- 使用Knative和Tekton在Kubernetes上釋出金絲雀版本 - Piotr
- 阿里雲釋出 Elasticsearch 雲服務阿里Elasticsearch
- 阿里雲安全管家服務重磅釋出!阿里
- 阿里雲張新濤:支援沉浸式體驗應用快速落地,阿里云云XR平臺釋出阿里
- 阿里雲應用身份服務 IDaaS 重磅升級,雲原生、高安全、更經濟,極致使用者體驗!阿里
- Kubernetes POD與NodePort服務釋出
- Kubernetes--初體驗
- 快應用初體驗
- Dapr初體驗之服務呼叫
- 阿里雲釋出區塊鏈服務 專注基礎設施 不做應用與商業化阿里區塊鏈
- 讓SAP雲平臺上的Web應用使用destination服務Web
- EMQX Cloud BYOC 版本釋出:在您的雲上體驗全託管的 MQTT 訊息服務MQCloudQT
- 阿里雲 Serverless 應用引擎(SAE)釋出 v1.2.0阿里Server
- 阿里雲服務網格 ASM 正式釋出商業化版本阿里ASM
- docker初體驗:docker部署nginx服務DockerNginx
- 阿里雲日誌服務sls的典型應用場景阿里
- 阿里雲商業產品-區塊鏈服務(公測)釋出阿里區塊鏈
- 阿里雲訊息服務使用教程阿里
- 初體驗之開源Git服務GogsGitGo
- 阿里雲Kubernetes容器服務Istio實踐之整合日誌服務Log Service阿里
- 使用InstallUtil釋出windows服務Windows
- 零元嚐鮮|阿里雲 Grafana 商業化服務正式釋出阿里Grafana
- 阿里雲簡訊服務的使用-----獲取簡訊驗證碼阿里
- 餓了麼快應用初體驗
- Vue 初體驗(上)Vue
- 阿里雲日誌服務SLS攜手觀測雲釋出可觀測性解決方案,共建可觀測應用創新阿里
- 阿里雲EDAS 3.0重磅釋出,無侵入構建雲原生應用阿里
- 在阿里雲上單機使用Nginx負載均衡釋出網站阿里Nginx負載網站
- 保護企業資訊保安,阿里雲滲透測試服務釋出阿里
- 新一代視訊AI服務 —— 阿里雲智慧視覺重磅釋出AI阿里視覺
- 阿里雲Serverless Kubernetes通過Ingress提供7層服務訪問阿里Server
- Google釋出VS Code,支援Kubernetes應用開發Go
- containerd 與安全沙箱的 Kubernetes 初體驗AI
- 阿里雲簡訊服務使用代理的坑阿里
- springboot 專案使用阿里雲簡訊服務傳送手機驗證碼Spring Boot阿里
- 阿里雲私服釋出啦阿里
- 博睿資料攜阿里雲釋出雙十一電商網站使用者體驗報告阿里網站