本篇文章給大家分享的是有關如何進行tekton云原生的CI/CD在gitlab應用�,小編覺得挺實用的,因此分享給大家學習�,希望大家閱讀完這篇文章后可以有所收獲,話不多說����,跟著小編一起來看看吧。
創(chuàng)新互聯(lián)公司是一家專注于成都網(wǎng)站設計���、成都網(wǎng)站建設與策劃設計,額濟納網(wǎng)站建設哪家好?創(chuàng)新互聯(lián)公司做網(wǎng)站,專注于網(wǎng)站建設10余年,網(wǎng)設計領域的專業(yè)建站公司;建站業(yè)務涵蓋:額濟納等地區(qū)���。額濟納做網(wǎng)站價格咨詢:18980820575
環(huán)境:科學環(huán)境,kubernetes 1.18+, tekton latest
說明
Tekton 是一個強大且靈活的 Kubernetes 原生開源框架�,可用于創(chuàng)建持續(xù)集成和交付 (CI/CD) 系統(tǒng)。該框架可讓您跨多個云服務商或本地系統(tǒng)進行構建���、測試和部署���,而無需操心基礎實現(xiàn)詳情。
Tekton 提供的內(nèi)置最佳做法可讓您快速創(chuàng)建云原生 CI/CD 流水線����。其目標是讓開發(fā)者創(chuàng)建和部署不可變映管理基礎架構的版本控制��,或者更輕松地執(zhí)行回滾��。借助 Tekton�����,您還可以利用高級部署模式�����,例如滾動部署����、藍/綠部署���、Canary 部署或 GitOps 工作流��。
Tekton配置起來很繞��,真繞�,又慢�。真心推薦drone���。https://my.oschina.net/u/160697/blog/4487417
針對push代碼到gitlab后觸發(fā)webhook,通過打包docker鏡像并推送到harbor私有倉庫�����。
安裝tekton
# pipeline
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# 本例使用到了triggers
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
# 使用dashboard就可以不用安裝ctl了
kubectl apply -f https://storage.gogleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
暴露tekton dashboard外網(wǎng)使用���,參考https://my.oschina.net/u/160697/blog/4437939 dashboard安全使用
apiVersion: v1
kind: Secret
metadata:
name: tekton-dashboard-auth-secret
namespace: tekton-pipelines
type: Opaque
stringData:
users: admin:$apr1$tQ1iFwRf$8SvGrGQcBT.RdZS73ULXH1
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tekton-dashboard-auth
namespace: tekton-pipelines
spec:
basicAuth:
secret: tekton-dashboard-auth-secret
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tekton-dashboard
namespace: tekton-pipelines
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`tekton.your_domain.com`)
services:
- name: tekton-dashboard
port: 9097
middlewares:
- name: tekton-dashboard-auth
tls:
certResolver: aliyun
domains:
- main: "tekton.your_domain.com"
通過tekton trigger自動創(chuàng)建TaskRun,本例只使用gitlab倉庫�����。參考官方例子��,只是參考�,不合實際情況
mkdir gitlab-trigger
wget https://raw.githubusercontent.com/tektoncd/triggers/master/examples/gitlab/binding.yaml
wget https://raw.githubusercontent.com/tektoncd/triggers/master/examples/gitlab/role.yaml
生成ssh公私鑰。把公鑰復制到gitlab的Deploy Keys����。私鑰放到k8s中的Secret中。參考官方
ssh-keygen -t rsa
cat ~/.ssh/id_rsa | base64 -w 0
cat ~/.ssh/known_hosts | base64 -w 0
創(chuàng)建secret.yaml�,并把上面輸出的結果復制到ssh-privatekey和known_hosts中
apiVersion: v1
kind: Secret
metadata:
name: gitlab-webhook-secret
type: Opaque
stringData:
secretToken: "qxFtJX5jh88b83P"
---
apiVersion: v1
kind: Secret
metadata:
name: gitlab-ssh-secret
annotations:
tekton.dev/git-0: your_gitlab_addr:8000
type: kubernetes.io/ssh-auth
data:
ssh-privatekey:
known_hosts:
# 私有倉庫
# https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/
# kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email=
---
apiVersion: v1
kind: Secret
metadata:
name: harbor-registry-secret
annotations:
tekton.dev/docker-0: registry.you_harbor_addr.com:31000
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson:
創(chuàng)建serviceaccount.yaml ServiceAcount就包含了上面創(chuàng)建的三個secret,通過ServiceAcount就可以使用了
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-triggers-gitlab-sa
secrets:
- name: gitlab-webhook-secret
- name: gitlab-ssh-secret
- name: harbor-registry-secret
imagePullSecrets:
- name: harbor-registry-secret
創(chuàng)建gitlab-push-listener.yaml�����。使用kaniko來構建鏡像,,可以緩存鏡像�����,但在dockerfile中使用copy等命令時會發(fā)生Unpacking rootfs as cmd COPY . . requires it. �����,每次都要拉鏡像�����,需要更好的科學環(huán)境�����,不然很慢�。需要要gcr.io, docker.com, docker.io都使用代理訪問。也參考了這個篇幅
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: workspace-cache-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
#rook-cephfs就是storageclass.yaml里面定義的
storageClassName: rook-cephfs
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: gitlab-build-and-push
spec:
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: $(resources.inputs.git-source.path)/Dockerfile
- name: pathToContext
type: string
description: |
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: $(resources.inputs.git-source.path)
resources:
inputs:
- name: git-source
type: git
outputs:
- name: builtImage
type: image
# 緩存
workspaces:
- name: workspace-cache
mountPath: /cache
steps:
- name: cache-images
image: gcr.io/kaniko-project/warmer:latest
# 在最后添加需要緩存的image
args: ["--cache-dir=/cache",
"--image=golang:alpine"]
- name: build-and-push
image: gcr.io/kaniko-project/executor:latest
workingDir: "$(params.pathToContext)"
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- --cache=true
- --cache-dir=/cache
- --dockerfile=$(params.pathToDockerFile)
- --destination=$(resources.outputs.builtImage.url)
- --context=$(params.pathToContext)
- --log-timestamp=true
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: gitlab-build-deploy-template
spec:
params:
- name: gitrevision
- name: gitrepositoryurl
- name: gitrepositoryname
resourcetemplates:
- apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: $(tt.params.gitrepositoryname)-run-
spec:
serviceAccountName: tekton-triggers-gitlab-sa
taskRef:
name: gitlab-build-and-push
params:
- name: pathToDockerFile
value: Dockerfile
resources:
inputs:
- name: git-source
resourceSpec:
type: git
params:
- name: revision
value: $(tt.params.gitrevision)
- name: url
value: $(tt.params.gitrepositoryurl)
outputs:
- name: builtImage
resourceSpec:
type: image
params:
- name: url
value: registry.your_registry.com:31000/your_project/$(tt.params.gitrepositoryname)
workspaces:
- name: workspace-cache # must match workspace name in the Task
persistentVolumeClaim:
claimName: workspace-cache-pvc # this PVC must already exist
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: gitlab-push-binding
spec:
params:
- name: gitrevision
value: $(body.checkout_sha)
- name: gitrepositoryurl
value: $(body.repository.git_ssh_url)
- name: gitrepositoryname
value: $(body.repository.name)
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: EventListener
metadata:
name: gitlab-listener
spec:
serviceAccountName: tekton-triggers-gitlab-sa
triggers:
- name: gitlab-push-events-trigger
interceptors:
- gitlab:
secretRef:
secretName: gitlab-webhook-secret
secretKey: secretToken
eventTypes:
- Push Hook # Only push events
bindings:
- ref: gitlab-push-binding
template:
name: gitlab-build-deploy-template
創(chuàng)建一個Ingress讓外網(wǎng)的gitlab能push event到tekton中���。
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tekton-trigger
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`tekton-trigger.your_domain.com`)
services:
- name: el-gitlab-listener
port: 8080
tls:
certResolver: aliyun
domains:
- main: "tekton-trigger.your_domain.com"
在gitlab的項目中創(chuàng)建一個webhook��。url就是暴露的�����,Secret Token就是secret.yaml中的那個 
把5-9步驟生成的文件應用到k8s中�����。本例單獨放到一個tekton-gitlab的命名空間中
kubectl create ns tekton-gitlab
kubectl apply -n tekton-gitlab -f secret.yaml
kubectl apply -n tekton-gitlab -f role.yaml
kubectl apply -n tekton-gitlab -f binding.yaml
kubectl apply -n tekton-gitlab -f serviceaccount.yaml
kubectl apply -n tekton-gitlab -f gitlab-push-listener.yaml
kubectl apply -n tekton-gitlab -f ingress-tekton-trigger.yaml
push到gitlab后會自動創(chuàng)建taskrun���,并運行�。效果如下: 
以上就是如何進行tekton云原生的CI/CD在gitlab應用�,小編相信有部分知識點可能是我們?nèi)粘9ぷ鲿姷交蛴玫降?�。希望你能通過這篇文章學到更多知識���。更多詳情敬請關注創(chuàng)新互聯(lián)行業(yè)資訊頻道�����。
網(wǎng)站欄目:如何進行tekton云原生的CI/CD在gitlab應用
本文網(wǎng)址:
http://weahome.cn/article/jjoehp.html
重慶分公司
重慶分公司
