02 Tekton Pipeline

One background

Two Pipeline step

2.1 Code pull

Code is the cornerstone of delivery , It's all the subsequent actions that pave the way , We need to create a pull code Task.

But this Task, We don't have to write it ourselves , Direct use Tekton Hub It's written by others , The address is ：https://hub.tekton.dev/tekton/task/git-clone. This Task The functions supported are quite complete , There are many parameters , What specific parameters can be viewed and learned at the above address .

There are two installation methods ：kubectl and tkn client .

（1） Use kubectl Installation

$ kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.5/git-clone.yaml

（2） Use tkn Client to install

$ tkn hub install task git-clone

see task details

$ tkn task list$ kubectl get task git-clone -oyaml

Create a test taskRun To test that the master can pull the code normally .

cat > git-clone-taskrun.yaml << EOFapiVersion: tekton.dev/v1beta1kind: TaskRunmetadata: name: test-git-clone namespace: defaultspec: workspaces: - name: output emptyDir: {} params: - name: url value: "https://gitee.com/coolops/tekton-install.git" - name: revision value: "master" - name: gitInitImage value: "registry.cn-hangzhou.aliyuncs.com/coolops/tekton-git-init:v0.29" taskRef: name: git-cloneEOF

2.2 unit testing

Unit testing is relatively simple , Basically, it's execution go test ./... Command line , such as .

> go test ./...ok      devops-hello-world      0.313sok      devops-hello-world/pkg  (cached)

So this Task, Just one Go Environmental Science , Can execute Go Command is enough , as follows ：

cat > unit-test-task.yaml <<EOFapiVersion: tekton.dev/v1beta1kind: Task metadata: name: unit-testspec: workspaces: - name: source steps: - name: unit-test workingDir: \$(workspaces.source.path) image: golang:1.17.5 env: - name: GOPROXY value: https://goproxy.cn command: ['go'] args: - "test" - "./..."EOF

2.3 Mirror construction / push

Why is there no separate application building component here Task Well ？ The main reason is that we have adopted Multistage construction , We can build applications into - The image is packaged and written in a Dockerfile in , So here's just one thing to write Task.

cat > docker-build-push.yaml << EOFapiVersion: tekton.dev/v1beta1kind: Task metadata: name: build-push-imagespec: params: - name: pathToDockerfile description: The path to the dockerfile to build (relative to the context) default: Dockerfile - name: imageUrl description: Url of image repository - name: imageTag description: Tag to apply to the built image default: latest workspaces: - name: source - name: dockerconfig mountPath: /kaniko/.docker # config.json  The mount directory for  steps: - name: build-and-push image: registry.cn-hangzhou.aliyuncs.com/coolops/kaniko-executor:v1.5.0 workingDir: \$(workspaces.source.path) command: - /kaniko/executor args: - --dockerfile=\$(params.pathToDockerfile) - --destination=\$(params.imageUrl):\$(params.imageTag) - --context=\$(workspaces.source.path)EOF

We use kaniko Mirror build , In this way, there is no need to mount docker.sock file , But we need to docker config Save in /kaniko/.docker Under the table of contents . We can create... With the following command secret.

kubectl create secret docker-registry dockerhub --docker-server=https://index.docker.io/v1/ --docker-username=xxxxxxxxx --docker-password=xxxxxxxxxxx --dry-run=client -o json | jq -r '.data.".dockerconfigjson"' | base64 -d > /tmp/config.json && kubectl create secret generic docker-config --from-file=/tmp/config.json && rm -f /tmp/config.json

Because the key of the image warehouse is required when the image is pushed .

2.4 Deploy

take kubeconfig Create as secret

$ kubectl create secret generic kubernetes-config --from-file=/root/.kube/config$ kubectl get secretNAME                  TYPE                                  DATA   AGEdefault-token-mcrdh   kubernetes.io/service-account-token   3      30hdocker-config         Opaque                                1      2m48skubernetes-config     Opaque                                1      6s

establish task

cat > deploy-to-k8s.yaml <<EOFapiVersion: tekton.dev/v1alpha1kind: Taskmetadata: name: deploy-to-k8sspec: workspaces: - name: source - name: kubernetesconfig mountPath: /root/.kube params: - name: pathToYamlFile description: The path to the yaml file to deploy within the git source default: deployment.yaml - name: IMAGE - name: TAG steps: - name: run-kubectl image: registry.cn-hangzhou.aliyuncs.com/coolops/kubectl:1.19.16 workingDir: \$(workspaces.source.path) script: | sed -i s#IMAGE#\$(params.IMAGE)#g \$(params.pathToYamlFile) sed -i s#TAG#\$(params.TAG)#g \$(params.pathToYamlFile) kubectl apply -f \$(params.pathToYamlFile)EOF

3、 ... and Integrate Pipeline

Above, we have sorted each step into Task, The following should be done Pipeline A combination of , Then declare the required variables , as follows ：

cat > pipeline.yaml <<EOFapiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: devops-hello-world-pipeline spec: workspaces: #  Statement  workspaces - name: go-repo-pvc - name: docker-config - name: kubernetes-config params: - name: git_url - name: revision type: string default: "master" - name: gitInitImage type: string default: "registry.cn-hangzhou.aliyuncs.com/coolops/tekton-git-init:v0.29" - name: pathToDockerfile description: The path to the build context, used by Kaniko - within the workspace default: . - name: imageUrl description: Url of image repository - name: imageTag description: Tag to apply to the built image default: latest tasks: #  add to task Into the assembly line  - name: clone taskRef: name: git-clone workspaces: - name: output workspace: go-repo-pvc params: - name: url value: \$(params.git_url) - name: revision value: \$(params.revision) - name: gitInitImage value: \$(params.gitInitImage) - name: unit-test workspaces: #  Pass on  workspaces - name: source workspace: go-repo-pvc taskRef: name: unit-test runAfter: - clone - name: build-push-image params: - name: pathToDockerfile value: \$(params.pathToDockerfile) - name: imageUrl value: \$(params.imageUrl) - name: imageTag value: \$(params.imageTag) taskRef: name: build-push-image runAfter: - unit-test workspaces: #  Pass on  workspaces - name: source workspace: go-repo-pvc - name: dockerconfig workspace: docker-config - name: deploy-to-k8s taskRef: name: deploy-to-k8s params: - name: pathToYamlFile value: deployment.yaml - name: IMAGE value: \$(params.imageUrl) - name: TAG value: \$(params.imageTag) workspaces: - name: source workspace: go-repo-pvc - name: kubernetesconfig workspace: kubernetes-config runAfter: - build-push-imageEOF

Run the test

To run a test is to create PipelineRun, But before you create it , Let's first create the required authentication information .

cat > auth.yaml <<EOFapiVersion: v1 kind: Secret metadata:   name: gitlab-auth   annotations:     tekton.dev/git-0: https://gitee.com/  #  the gitee Warehouse type: kubernetes.io/basic-auth stringData:   username: xxxx  password: xxxx---apiVersion: v1 kind: ServiceAccount metadata:   name: tekton-build-sa secrets:    - name: gitlab-auth---apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   name: tekton-clusterrole-binding roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: edit subjects: - kind: ServiceAccount   name: tekton-build-sa   namespace: default  EOF

Four PipelineRun test

cat > pipelinerun.yaml <<EOFapiVersion: tekton.dev/v1beta1kind: PipelineRunmetadata: name: devops-hello-world-pipeline-runspec: pipelineRef: name: devops-hello-world-pipeline params: - name: revision value: master - name: git_url value: https://gitee.com/coolops/devops-hello-world.git - name: imageUrl value: registry.cn-hangzhou.aliyuncs.com/coolops/devops-hello-world - name: imageTag value: latest - name: pathToDockerfile value: Dockerfile workspaces: - name: go-repo-pvc volumeClaimTemplate: spec: accessModes: - ReadWriteOnce storageClassName: openebs-hostpath resources: requests: storage: 1Gi - name: docker-config secret: secretName: docker-config - name: kubernetes-config secret: secretName: kubernetes-config serviceAccountName: tekton-build-sa EOF

Reference link

• https://hub.tekton.dev/tekton/
• https://mp.weixin.qq.com/s/Aa1K1kOHq_FRtKiLfM2H8w