场景介绍
我们在上一篇文章中构建了一个最简单的ci,接下来我们对我们的github的项目构建一个较标准的ci。
ci是持续集成,我们只需要考虑部署前的事情:
pipeline:
clone repo
run test
build image
push image
有了这个思路,我们就把它们实现。 我们按照最简单ci/cd的步骤先写task, taskrun,然后写pipeline, pipelinerun。
构建ci
task git-clone
bash
# task-clone.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
labels:
app.kubernetes.io/version: "0.8"
spec:
workspaces:
- name: output
description: The git repo will be cloned into the dir
params:
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: which commit you would like to get, master or others
type: string
- name: base_image
description: base_image for git & unit testing
type: string
steps:
- name: clone
image: "$(params.base_image)"
env:
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
- name: GIT_REPO_URL
value: $(params.url)
- name: GIT_REPO_REVISION
value: $(params.revision)
script: |
#!/usr/bin/env sh
set -eu
whoami
pwd
cd ${WORKSPACE_OUTPUT_PATH}
pwd
rm -rf *
git clone ${GIT_REPO_URL}
repo_dir=$(echo $GIT_REPO_URL | rev | cut -d '/' -f 1 | rev | sed 's/.git//g')
cd ${repo_dir}
pwd
git checkout ${GIT_REPO_REVISION}
ls -al
pipeline & pipelinerun for git-clone
bash
# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: pipeline
spec:
workspaces:
- name: git-repo-pvc
params:
- name: git_url
type: string
- name: revision
type: string
default: main
- name: git_base_image
type: string
tasks:
- name: clone
taskRef:
name: git-clone
workspaces:
- name: output
workspace: git-repo-pvc
params:
- name: url
value: $(params.git_url)
- name: revision
value: $(params.revision)
- name: base_image
value: $(params.git_base_image)
bash
# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: pipelinerun
spec:
pipelineRef:
name: pipeline
workspaces:
- name: git-repo-pvc
persistentVolumeClaim:
claimName: git-repo-pvc
params:
- name: git_url
value: https://github.com/testcara/tekton_triggers_learning.git
- name: git_base_image
value: docker.io/cara/cara-pipeline-base:V1
现在让我们测试执行
bash
kubectl apply -f task-clone.yaml
kubectl pipeline.yaml
kubectl pipelinerun.yaml
查看结果
bash
kubectl get pods
# 当查看到pipelinerun-clone-pod status 为completed时
# 查看pipelinerun logs
tkn pipelinerun logs pipelinerun
可以看到我的输出表明其是正常完成的
bash
carawang@ci %tkn pipelinerun logs pipelinerun
[clone : clone] root
[clone : clone] /
[clone : clone] /workspace/output
[clone : clone] Cloning into 'tekton_triggers_learning'...
[clone : clone] /workspace/output/tekton_triggers_learning
[clone : clone] Already on 'main'
[clone : clone] total 28
[clone : clone] drwxr-xr-x 4 root root 4096 Sep 6 02:40 .
[clone : clone] drwxrwxrwx 3 root root 4096 Sep 6 02:40 ..
[clone : clone] drwxr-xr-x 8 root root 4096 Sep 6 02:40 .git
[clone : clone] -rw-r--r-- 1 root root 67 Sep 6 02:40 Dockerfile
[clone : clone] -rw-r--r-- 1 root root 77 Sep 6 02:40 README.md
[clone : clone] -rw-r--r-- 1 root root 496 Sep 6 02:40 index.html
[clone : clone] drwxr-xr-x 2 root root 4096 Sep 6 02:40 nginx
task test
我们就简单的fake个test
bash
# task-test.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: test
spec:
workspaces:
- name: output
description: The git repo will be cloned into the dir
params:
- name: base_image
description: base_image for git & unit testing
type: string
steps:
- name: test
image: "$(params.base_image)"
env:
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
script: |
#!/usr/bin/env sh
set -eu
whoami
pwd
cd ${WORKSPACE_OUTPUT_PATH}
pwd
ls -al
if [ -e tekton_triggers_learning/Dockerfile ]
then
echo 'fake test passed'
else
exit 1
fi
pipeline & pipelinerun for test
我们仅列出新编写的代码
bash
# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: pipeline
spec:
params:
- name: test_base_image
type: string
tasks:
- name: test
taskRef:
name: test
runAfter:
- clone
workspaces:
- name: output
workspace: git-repo-pvc
params:
- name: base_image
value: $(params.test_base_image)
bash
# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: pipelinerun
spec:
params:
- name: test_base_image
value: centos:7
我们安装这些yaml,然后观察pod,查看pipelinerun logs.
通过我的log, 可以看到pipelinerun顺利完成。
bash
carawang@tekton_trigger_learning %tkn pipelinerun logs pipelinerun
[clone : clone] root
[clone : clone] /
[clone : clone] /workspace/output
[clone : clone] Cloning into 'tekton_triggers_learning'...
[clone : clone] /workspace/output/tekton_triggers_learning
[clone : clone] Already on 'main'
[clone : clone] total 28
[clone : clone] drwxr-xr-x 4 root root 4096 Sep 6 04:10 .
[clone : clone] drwxrwxrwx 3 root root 4096 Sep 6 04:10 ..
[clone : clone] drwxr-xr-x 8 root root 4096 Sep 6 04:10 .git
[clone : clone] -rw-r--r-- 1 root root 67 Sep 6 04:10 Dockerfile
[clone : clone] -rw-r--r-- 1 root root 77 Sep 6 04:10 README.md
[clone : clone] -rw-r--r-- 1 root root 496 Sep 6 04:10 index.html
[clone : clone] drwxr-xr-x 2 root root 4096 Sep 6 04:10 nginx
[test : test] root
[test : test] /
[test : test] /workspace/output
[test : test] total 12
[test : test] drwxrwxrwx 3 root root 4096 Sep 6 04:10 .
[test : test] drwxrwxrwx 3 root root 4096 Sep 6 04:10 ..
[test : test] drwxr-xr-x 4 root root 4096 Sep 6 04:10 tekton_triggers_learning
[test : test] fake test passed
task build
我们仅列出新编写的代码
bash
# task-build.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build
labels:
app.kubernetes.io/version: "0.8"
spec:
workspaces:
- name: output
params:
- name: base_image
description: base_image for docker build
type: string
steps:
- name: build
image: "$(params.base_image)"
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
env:
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
script: |
#!/usr/bin/env sh
set -eu
whoami
pwd
cd ${WORKSPACE_OUTPUT_PATH}
cd tekton_triggers_learning
pwd
docker version
docker build . -t cara/cara-hello-nginx:latest
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
pipeline & pipelinerun for build
我们仅列出新编写的代码
bash
# pipeline.yaml
spec:
params:
- name: docker_build_base_image
type: string
tasks:
- name: build
taskRef:
name: build
runAfter:
- test
workspaces:
- name: output
workspace: git-repo-pvc
params:
- name: base_image
value: $(params.docker_build_base_image)
bash
# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: pipelinerun
spec:
params:
- name: docker_build_base_image
value: docker.io/cara/my-dind-docker:latest
我们安装这些yaml,然后观察pod,查看pipelinerun logs.
通过我的pod status, 可以看到pipelinerun顺利完成。logs太长,这里不再列出。
bash
carawang@ci %kubectl get pods
NAME READY STATUS RESTARTS AGE
hello-nginx-b786f45d4-7lndt 1/1 Running 3 (50m ago) 20h
hello-nginx-b786f45d4-cpj2g 1/1 Running 3 (50m ago) 20h
hello-nginx-b786f45d4-rv7ch 1/1 Running 3 (50m ago) 20h
pipelinerun-build-pod 0/1 Completed 0 74s
pipelinerun-clone-pod 0/1 Completed 0 90s
pipelinerun-test-pod 0/1 Completed 0 81s
project-ci-cd-pipeline-run-fake-ci-cd-pod 0/1 Completed 0 45h
task push
为了简便,我们之间登陆,而不用credentials secrect的方式。这种方式仅作为自己测试和学习使用。不能用于生产。
bash
# task-build.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: push
labels:
app.kubernetes.io/version: "0.8"
spec:
params:
- name: base_image
description: base_image for docker build
type: string
steps:
- name: push
image: "$(params.base_image)"
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
env:
script: |
#!/usr/bin/env sh
set -eu
echo mypassword | docker login --username myname --password-stdin
docker push cara/cara-hello-nginx:latest
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
pipeline & pipelinerun for push
我们仅列出新编写的代码
# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: pipeline
spec:
tasks:
- name: push
taskRef:
name: push
runAfter:
- build
params:
- name: base_image
value: $(params.docker_build_base_image)
pipeline run没有任何变化,这里不列出。
我们安装这些yaml,然后观察pod,查看pipelinerun logs.
通过我的pod status, 可以看到pipelinerun顺利完成。logs太长,这里不再列出。
bash
carawang@ci %kubectl get pods
NAME READY STATUS RESTARTS AGE
hello-nginx-b786f45d4-7lndt 1/1 Running 3 (120m ago) 21h
hello-nginx-b786f45d4-cpj2g 1/1 Running 3 (120m ago) 21h
hello-nginx-b786f45d4-rv7ch 1/1 Running 3 (120m ago) 21h
pipelinerun-build-pod 0/1 Completed 0 7m32s
pipelinerun-clone-pod 0/1 Completed 0 7m47s
pipelinerun-push-pod 0/1 Completed 0 7m25s
pipelinerun-test-pod 0/1 Completed 0 7m38s
project-ci-cd-pipeline-run-fake-ci-cd-pod 0/1 Completed 0 46h
结语
这里我们的tekton ci已经构建完成。我们将在接下文的文章中,介绍用tekton进行部署和用argocd进行部署。这两种部署都是比较流行的cd的形式。