Tekton 是一個功能強大的 Kubernetes 原生開源框架,用於建立持續集成和交付系統。java
經過抽象底層實現細節,用戶能夠跨多雲平臺和本地系統進行構建、測試和部署。git
Tekton 提供的開源組件能夠跨供應商,Tekton 提供的管道、版本、工做流程和其餘 CI/CD 組件的行業規範一致,能夠和你現有的 CI/CD 工具(例如:Jenkins、Jenkins X、Skaffold 和 Knative 等)配合使用。github
Tekton 和其它幾種 CI/CD 工具的比較。web
使用 Tekton 的內置最佳實踐能夠快速建立雲原生 CI / CD 管道,目標是讓開發人員建立和部署不可變鏡像,管理基礎架構的版本控制或執行更簡單的回滾。還能夠利用 Tekton 的滾動部署,藍 / 綠部署,金絲雀部署或 GitOps 工做流等高級部署模式。docker
使用 Tekton 可跨多個環境(例如:VM、無服務器、Kubernetes 或 Firebase)進行構建,測試和部署。你還能夠使用 Tekton 管道跨多雲平臺或混合環境進行部署。apache
Tekton 提供了最大的靈活性,讓你能夠使用本身喜歡的 CI/CD 工具構建強大的管道。api
官方項目地址:https://github.com/tektoncd/pipelinetomcat
下面來看一個基於阿里雲 Kubernetes 服務部署 Tekton Pipeline 的實例,部署完成後咱們使用它來完成源碼拉取、應用打包、鏡像推送和應用部署。
服務器
Tekton Pipeline 中有 5 類對象,核心理念是經過定義 YAML 定義構建過程,構建任務的狀態存放在 status 字段中。微信
其中 5 類對象分別是:PipelineResouce、Task、TaskRun、Pipeline、PipelineRun。
Task 是單個任務的構建過程,須要經過定義 TaskRun 任務去運行 Task。
Pipeline 包含多個 Task,並在此基礎上定義 input 和 output,input 和 output 以 PipelineResource 做爲交付。
PipelineResource 是可用於 input 和 output 的對象集合。
一樣地,須要定義 PipelineRun 纔會運行 Pipeline。
在阿里雲 Kubernetes 集羣中部署 Tekton Pipeline
$ kubectl apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml
查看Tekton Pipelines組件是否運行正常:
$ kubectl -n tekton-pipelines get poNAME READY STATUS RESTARTS AGEtekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25htekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h
建立 Git Resource 和 Registry Resource
編輯 git-pipeline-resource.yaml 文件
# git repo 的分支名稱爲 tektonapiVersion: tekton.dev/v1alpha1kind: PipelineResourcemetadata: name: git-pipeline-resourcespec: type: git params: - name: revision value: tekton - name: url value: https://code.aliyun.com/haoshuwei/jenkins-demo.git
編輯 registry-pipeline-resource.yaml 文件
# 容器鏡像倉庫地址爲 registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo, 標籤爲 latestapiVersion: tekton.dev/v1alpha1kind: PipelineResourcemetadata: name: registry-pipeline-resourcespec: type: image params: - name: url value: registry.cn-hangzhou.aliyuncs.com/haoshuwei/tekton-demo
建立 pipeline resource
$ kubectl -n tekton-pipelines create -f git-pipeline-resource.yaml$ kubectl -n tekton-pipelines create -f registry-pipeline-resource.yaml
查看已建立的 pipeline resource 資源
$ kubectl -n tekton-pipelines get PipelineResourceNAME AGEgit-pipeline-resource 2hregistry-pipeline-resource 2h
建立 Git Repo / Docker Registry Authentication
拉取私有 Git 源碼項目須要配置使用 Git Repo Authentication,拉取和推送 Docker 鏡像須要配置 Docker Registry Authentication。
在 Tekton Pipeline 中,Git Repo / Docker Registry Authentication 會被定義成ServiceAccount來使用。
編輯 secret tekton-basic-user-pass-git.yaml
apiVersion: v1kind: Secretmetadata: name: tekton-basic-user-pass-git annotations: tekton.dev/git-0: https://code.aliyun.comtype: kubernetes.io/basic-authstringData: username: <cleartext non-encoded> password: <cleartext non-encoded>
編輯 secret tekton-basic-user-pass-registry.yaml
apiVersion: v1kind: Secretmetadata: name: tekton-basic-user-pass-registry annotations: tekton.dev/docker-0: https://registry.cn-hangzhou.aliyuncs.comtype: kubernetes.io/basic-authstringData: username: <cleartext non-encoded> password: <cleartext non-encoded>
編輯 serviceaccount tekton-git-and-registry.yaml
apiVersion: v1kind: ServiceAccountmetadata: name: tekton-git-and-registrysecrets: - name: tekton-basic-user-pass-git - name: tekton-basic-user-pass-registry
建立 serviceaccount
$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-git.yaml$ kubectl -n tekton-pipelines create -f tekton-basic-user-pass-registry.yaml$ kubectl -n tekton-pipelines create -f tekton-git-and-registry.yaml
查看 secret 以及 sa
$ kubectl -n tekton-pipelines get secretNAME TYPE DATA AGEdefault-token-pwncj kubernetes.io/service-account-token 3 25htekton-basic-user-pass-git kubernetes.io/basic-auth 2 151mtekton-basic-user-pass-registry kubernetes.io/basic-auth 2 151mtekton-git-and-registry-token-tr95m kubernetes.io/service-account-token 3 151mtekton-pipelines-controller-token-lc2fv kubernetes.io/service-account-token 3 25h webhook-certs Opaque 3 25h
$ kubectl -n tekton-pipelines get saNAME SECRETS AGEdefault 1 25htekton-git-and-registry 3 152mtekton-pipelines-controller 1 25h
配置 serviceaccount
配置一個 tekton-git-and-registry 賬號以獲取命名空間 tekton-pipelines 的管理權限,用於部署應用。
建立 ClusterRoleBinding tekton-cluster-admin
apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: name: tekton-cluster-adminsubjects: - kind: ServiceAccount name: tekton-git-and-registry namespace: tekton-pipelinesroleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
建立一個 Task
建立 task build-app.yaml
apiVersion: tekton.dev/v1alpha1kind: Taskmetadata: name: build-appspec: inputs: resources: - name: java-demo type: git params: - name: pathToDockerFile description: The path to the dockerfile to build default: /workspace/java-demo/Dockerfile - name: pathToContext description: The build context used by Kaniko default: /workspace/java-dem - name: pathToYaml description: The path to teh manifest to apply outputs: resources: - name: builtImage type: image steps: - name: build-mvn-package image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-maven:3.3.9-jdk-8-alpine workingDir: /workspace/java-demo command: - mvn args: - package - -B - -DskipTests - name: build-docker-image image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kaniko:0.6.0 command: - kaniko args: - --dockerfile=${inputs.params.pathToDockerFile} - --destination=${outputs.resources.builtImage.url} - --context=${inputs.params.pathToContext} - name: deploy-app image: registry.cn-beijing.aliyuncs.com/acs-sample/jenkins-slave-kubectl:1.11.5 command: - kubectl args: - apply - -f - ${inputs.params.pathToYaml}
建立 TaskRun 運行任務
建立 taskrun build-app-task-run.yaml
apiVersion: tekton.dev/v1alpha1kind: TaskRunmetadata: name: build-app-task-runspec: serviceAccount: tekton-git-and-registry taskRef: name: build-app trigger: type: manual inputs: resources: - name: java-demo resourceRef: name: git-pipeline-resource params: - name: pathToDockerFile value: Dockerfile - name: pathToContext value: /workspace/java-demo - name: pathToYaml value: /workspace/java-demo/deployment.yaml outputs: resources: - name: builtImage resourceRef: name: registry-pipeline-resource
查看構建狀態以及日誌
查看 taskrun 狀態
$ kubectl -n tekton-pipelines get taskrunNAME SUCCEEDED REASON STARTTIME COMPLETIONTIMEbuild-app-task-run Unknown Pending 4s
查看構建日誌
$ kubectl -n tekton-pipelines get poNAME READY STATUS RESTARTS AGEbuild-app-task-run-pod-b8f890 3/5 Running 0 75stekton-pipelines-controller-6bcd7ff5d6-vzmrh 1/1 Running 0 25htekton-pipelines-webhook-6856cf9c47-l6nj6 1/1 Running 0 25h
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890Error from server (BadRequest): a container name must be specified for pod build-app-task-run-pod-b8f890, choose one of: [build-step-git-source-git-pipeline-resource-77l5v build-step-build-mvn-package build-step-build-docker-image build-step-deploy-app nop] or one of the init containers: [build-step-credential-initializer-8dsnm build-step-place-tools]
MVN Build 的日誌
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-mvn-package[INFO] Scanning for projects...[INFO][INFO] ------------------------------------------------------------------------[INFO] Building jenkins-demo-web 1.0.0-SNAPSHOT[INFO] ------------------------------------------------------------------------[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8 KB at 7.3 KB/sec)[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9 KB at 26.7 KB/sec)[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 KB at 61.3 KB/sec)[INFO] Downloading: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom[INFO] Downloaded: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 KB at 45.3 KB/sec)....
Docker Build 的日誌
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-b8f890 -c build-step-build-docker-imageINFO[0000] Downloading base image tomcat2019/05/06 11:58:46 No matching credentials were found, falling back on anonymousINFO[0003] Taking snapshot of full filesystem...INFO[0003] Skipping paths under /builder/home, as it is a whitelisted directoryINFO[0003] Skipping paths under /builder/tools, as it is a whitelisted directoryINFO[0003] Skipping paths under /dev, as it is a whitelisted directoryINFO[0003] Skipping paths under /kaniko, as it is a whitelisted directoryINFO[0003] Skipping paths under /proc, as it is a whitelisted directoryINFO[0003] Skipping paths under /run/secrets/kubernetes.io/serviceaccount, as it is a whitelisted directoryINFO[0003] Skipping paths under /sys, as it is a whitelisted directoryINFO[0003] Skipping paths under /var/run, as it is a whitelisted directoryINFO[0003] Skipping paths under /workspace, as it is a whitelisted directoryINFO[0003] Using files from context: [/workspace/java-demo/target/demo.war]INFO[0003] ADD target/demo.war /usr/local/tomcat/webapps/demo.warINFO[0003] Taking snapshot of files......
app-deploy 的日誌
$ kubectl -n tekton-pipelines logs -f build-app-task-run-pod-637855 -c build-step-deploy-appdeployment.extensions/jenkins-java-demo createdservice/jenkins-java-demo created
taskrun 的完成狀態爲 True 則構建部署過程完成
$ kubectl -n tekton-pipelines get taskrunNAME SUCCEEDED REASON STARTTIME COMPLETIONTIMEbuild-app-task-run True 4m 2m
小結
Tekton Pipeline 中的任務模板能夠拿來複用,而不須要重複定義,另外經過 CRD 從新定義 CI/CD 是一大亮點。
參考文檔
https://www.google.com
https://www.infoq.cn/article/tZ6E1_lhsWeh26C9xUJf
https://yq.aliyun.com/articles/701368?utm_content=g_1000055966
https://juejin.im/post/5d5a612a6fb9a06b2d77d39a
推薦閱讀:
本文分享自微信公衆號 - kubernetes中文社區(kubernetes_cn)。
若有侵權,請聯繫 support@oschina.cn 刪除。
本文參與「OSC源創計劃」,歡迎正在閱讀的你也加入,一塊兒分享。