Tekton:Kubernetes 原生 CI/CD 流水线
Jenkins 太重、GitHub Actions 依赖外部服务、Drone CI 功能有限------Tekton 是 Google 推出的 Kubernetes 原生 CI/CD 框架,每个流水线步骤都是一个普通的 Pod,资源弹性、易扩展,非常适合已经在使用 K8s 的团队。这篇文章讲如何在 K3s 上安装 Tekton,并实现一条完整的构建→测试→推送流水线。
Tekton 核心概念
Step = 流水线里的一步(一个容器命令)
Task = 一组 Step 的集合(可重用)
Pipeline = 多个 Task 的编排
TaskRun = Task 的一次运行实例
PipelineRun = Pipeline 的一次运行实例
Trigger = 触发器(响应 Webhook 自动运行)服务器配置
Tekton 跑在 K8s 集群上,建议先有一个 K3s 集群:
- 单节点 K3s:4 核 8GB,用于开发/测试
- 生产集群:推荐 3 个 worker 节点
我把 K3s 集群搭在雨云服务器 rainyun+com 上,多台服务器组集群,注册填优惠码 2026off 领 5 折优惠券,买多台服务器有明显的价格优势。
安装 Tekton
安装 K3s(如果还没有)
bash
curl -sfL https://get.k3s.io | sh -
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl get nodes安装 Tekton Pipelines
bash
# 安装 Tekton Pipelines(核心组件)
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# 安装 Tekton Dashboard(Web UI)
kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
# 安装 Tekton Triggers(Webhook 触发)
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
# 查看安装状态
kubectl -n tekton-pipelines get pods -w访问 Tekton Dashboard
bash
# 端口转发查看
kubectl -n tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
# 或创建 Ingress(需要 Traefik/Nginx Ingress)
kubectl apply -f - << 'EOF'
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-dashboard
namespace: tekton-pipelines
spec:
rules:
- host: tekton.你的域名.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
number: 9097
EOF编写第一个 Task
yaml
# task-build-go.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-go
namespace: default
spec:
params:
- name: repo-url
type: string
- name: image-name
type: string
- name: image-tag
default: "latest"
type: string
workspaces:
- name: source
steps:
# 第一步:克隆代码
- name: clone
image: alpine/git:latest
command:
- git
- clone
- "$(params.repo-url)"
- .
workingDir: $(workspaces.source.path)
# 第二步:运行测试
- name: test
image: golang:1.22-alpine
command:
- go
- test
- ./...
workingDir: $(workspaces.source.path)
# 第三步:构建镜像并推送
- name: build-push
image: gcr.io/kaniko-project/executor:latest
args:
- "--context=$(workspaces.source.path)"
- "--dockerfile=Dockerfile"
- "--destination=$(params.image-name):$(params.image-tag)"
env:
- name: DOCKER_CONFIG
value: /kaniko/.docker
volumeMounts:
- name: docker-config
mountPath: /kaniko/.docker
volumes:
- name: docker-config
secret:
secretName: docker-registry-secret
bash
kubectl apply -f task-build-go.yaml创建 Pipeline
yaml
# pipeline-ci.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: ci-pipeline
namespace: default
spec:
params:
- name: repo-url
- name: image-name
- name: image-tag
workspaces:
- name: shared-workspace
tasks:
- name: build
taskRef:
name: build-go
params:
- name: repo-url
value: "$(params.repo-url)"
- name: image-name
value: "$(params.image-name)"
- name: image-tag
value: "$(params.image-tag)"
workspaces:
- name: source
workspace: shared-workspace
bash
kubectl apply -f pipeline-ci.yaml手动触发 PipelineRun
yaml
# pipelinerun-manual.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: ci-pipeline-run-
namespace: default
spec:
pipelineRef:
name: ci-pipeline
params:
- name: repo-url
value: "https://github.com/你的用户名/你的仓库.git"
- name: image-name
value: "registry.你的域名.com/my-app"
- name: image-tag
value: "v1.0.0"
workspaces:
- name: shared-workspace
volumeClaimTemplate:
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 1Gi
bash
kubectl apply -f pipelinerun-manual.yaml
# 查看运行状态
kubectl get pipelineruns -w
# 查看日志
tkn pipelinerun logs -f ci-pipeline-run-xxxxx配置 Git Webhook 自动触发
bash
# 安装 tkn CLI
curl -LO https://github.com/tektoncd/cli/releases/latest/download/tkn_linux_amd64.tar.gz
tar -xzf tkn_linux_amd64.tar.gz
sudo mv tkn /usr/local/bin/创建 EventListener:
yaml
# trigger.yaml
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: git-webhook
namespace: default
spec:
triggers:
- name: push-trigger
interceptors:
- ref:
name: github
params:
- name: secretRef
value:
secretName: github-webhook-secret
secretKey: token
- name: eventTypes
value: ["push"]
bindings:
- ref: git-push-binding
template:
ref: pipeline-trigger-template
bash
kubectl apply -f trigger.yaml
# 暴露 EventListener 接收 Webhook
kubectl -n default expose svc el-git-webhook --type=NodePortTekton 是 Kubernetes 生态里最原生的 CI/CD 方案,每次构建都是标准的 Pod,天然支持并行、资源限制、弹性伸缩。在雨云rainyun的 K3s 集群上部署 Tekton,多台服务器的集群方案性价比很高,打造完整的 GitOps 工作流。