Tekton Tasks 基础
Tasks 概述
Task是一系列Step的组合,每个Step主要负责运行特定的构建或交付工具从而完成相关的一次特定事项;Task以Kubernetes集群上Pod运行。Task是名称空间级别的资源。
Tasks 组成
Parameters:是使得Task及Pipeline资源定义出的“模板”更加具有通用性的关键要素之一
Steps:具体执行的任务
Workspaces:由Task声明的,且需要由TaskRun在运行时提供的文件系统
Results:它将Task中Step生成的结果保存于临时文件中
Results
Results 概述
在Pipeline的Task之间使用同一个共享的Workspace可以完成数据共享,但对于简单的字符串数据的传递,则可以使用Results API完成;
Results用于让Task及其Step保存执行结果,并可在同一Pipeline中的后续Task中调用该结果;
Results 保存路径
Task将会为每个results条目自动创建一个文件以进行保存,这些文件统一放置于/tektons/results目录中;
每个results条目的相关值(value)需要在Step中进行生成并保存,且Task不会对相关数据进行任何多余的操作;
Results 变量
在Task中引用Results时使用的变量
results.<resultName>.path
results['<resultName>'].path 或 results["<resultName>"].path
在Pipeline中引用Results时使用的变量
tasks.<taskName>.results.<resultName>
tasks.<taskName>.results['<resultName>'] 或 tasks.<taskName>.results["<resultName>"]
Workspace
Workspace 概述
Workspace用于为Task中的各Step提供工作目录,基于该Task运行的TaskRun需要在运行时提供该目录
Workspace 运行方式
TaskRun的实际运行形式为Pod,因而Workspace对应的实际组件为Pod上的Volume
由Task声明的,且需要由TaskRun在运行时提供的文件系统;通常对应于Kubernetes上的ConfigMap、Secret、emptyDir、静态PVC类型的卷,或者是VolumeClaimTemplate动态请求的PVC;emptyDir的生命周期与Pod相同,因此仅能在一个TaskRun的各Step间共享数据;若要跨Task共享数据,则需要使用PVC;
ConfigMap和Secret:只读式的Workspace
PersistentVolumeClaim:支持跨Task共享数据的Workspace
静态预配
动态预配:基于VolumeClaimTemplate动态创建
emptyDir:临时工作目录,用后即弃
Workspace 作用
1. 跨Task共享数据
2. 借助于Secrets加载机密凭据
3. 借助于ConfigMap加载配置数据
4. 持久化存储数据
5. 为Task提供缓存以加速构建过程
Workspace 变量
$(workspaces.<name>.path):由<name>指定的Workspace挂载的路径,对于可选且TaskRun未声明时,其值为空;
$(workspaces.<name>.bound):其值为true或false,用于标识指定的Workspace是已经绑定;对于optional为false的Workspace,该变量的值将始终为true;
$(workspaces.<name>.claim):由<name>标示的Workspace所使用的PVC的名称;对于非PVC类型的存储卷,该变量值为空;
$(workspaces.<name>.volume):由<name>标示的Workspace所使用的存储卷的名称;
Task 资源清单
apiVersion: tekton.dev/v1 # 指定 API 版本。
kind: Task # 将此资源对象标识为一个Task对象。
metadata: # 指定唯一标识 Task资源对象的元数据。例如,一个name.
name: hello
spec: # 指定该资源对象Task的配置信息
workspaces:
- name: signals # 必选字段,该Workspace的唯一标识符
description: # 描述信息,通常标明其使用目的
mountPath: # 在各Step中的挂载路径,默认为“/workspace/<name>”,其中<name>是当前Workspace的名称
readOnly: # 是否为只读,默认为false
optional: # 是否为可选,默认为false
results:
- name: current-date-unix-timestamp # 唯一名称
description: # 描述信息
params: # 定义变量信息
- name: # 变量名称
type: string # 参数类型,有string、array (beta feature)、object (beta feature),默认值 string
description: # 描述信息
default: # 默认值
enum: ["v1", "v2"] # 枚举
value: # 静态赋值
- name: gitrepo
type: object
properties:
url:
type: string
commit:
type: string
- name: flags
type: array
steps:
- name: # task名称
image: # 执行task的镜像
command: ["echo"] # 执行的命令
args: ["push", "$(params.gitrepo)"] # 执行命令的参数
script: | # 指定运行的脚本,多行脚本,可以使用“|”启用,script同command互斥
#!/usr/bin/env bash
echo "Hello from Bash!"
date +%s | tee $(results.current-date-unix-timestamp.path) # 调用results结果
securityContext: # 设置允许容器用户id
runAsUser: 2000
env: # 设置环境变量
- name:
value:
computeResources: # 资源限制
requests:
memory: 1Gi
cpu: 500m
limits:
memory: 2Gi
cpu: 800m
timeout: 60s # 超时时间,例如 1s 或 1ms
onError: continue # 本次step执行失败则跳过本次任务,继续向下执行其它step
stdoutConfig: # 标准输出
path: ...
stderrConfig: # 标准错误输出
path: ...
sidecars:
- image: alpine
# Note: must explicitly include volumeMount for the workspace to be accessible in the Sidecar
volumeMounts:
- name: $(workspaces.signals.volume) # 调用workspace
mountPath: $(workspaces.signals.path)
Task 示例
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: git-clone
spec:
description: Clone the code repository to the workspace.
params:
- name: git-repo-url
type: string
description: git repository url to clone
- name: git-revision
type: string
description: git revision to checkout (branch, tag, sha, ref)
workspaces:
- name: source
description: The git repo will be cloned onto the volume backing this workspace
steps:
- name: git-clone
image: alpine/git:v2.36.1
script: |
git clone -v $(params.git-repo-url) $(workspaces.source.path)/source
cd $(workspaces.source.path)/source && git reset --hard $(params.git-revision)
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: build-to-package
spec:
description: build application and package the files to image
workspaces:
- name: source
description: The git repo that cloned onto the volume backing this workspace
steps:
- name: build
image: maven:3.8-openjdk-11-slim
workingDir: $(workspaces.source.path)/source
volumeMounts:
- name: m2
mountPath: /root/.m2
script: mvn clean install
volumes:
- name: m2
persistentVolumeClaim:
claimName: maven-cache
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: generate-build-id
spec:
params:
- name: version
description: The version of the application
type: string
results:
- name: datetime
description: The current date and time
- name: buildId
description: The build ID
steps:
- name: generate-datetime
image: ikubernetes/admin-box:v1.2
script: |
#!/usr/bin/env bash
datetime=`date +%Y%m%d-%H%M%S`
echo -n ${datetime} | tee $(results.datetime.path)
- name: generate-buildid
image: ikubernetes/admin-box:v1.2
script: |
#!/usr/bin/env bash
buildDatetime=`cat $(results.datetime.path)`
buildId=$(params.version)-${buildDatetime}
echo -n ${buildId} | tee $(results.buildId.path)
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: image-build-and-push
spec:
description: package the application files to image
params:
- name: dockerfile
description: The path to the dockerfile to build (relative to the context)
default: Dockerfile
- name: image-url
description: Url of image repository
- name: image-tag
description: Tag to apply to the built image
workspaces:
- name: source
- name: dockerconfig
mountPath: /kaniko/.docker
steps:
- name: image-build-and-push
image: gcr.dockerproxy.com/kaniko-project/executor:latest
securityContext:
runAsUser: 0
env:
- name: DOCKER_CONFIG
value: /kaniko/.docker
command:
- /kaniko/executor
args:
- --dockerfile=$(params.dockerfile)
- --context=$(workspaces.source.path)/source
- --destination=$(params.image-url):$(params.image-tag)
- --cache=true
- --cache-dir=$(workspaces.source.path)/cache
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: deploy-using-kubectl
spec:
workspaces:
- name: source
description: The git repo
params:
- name: deploy-config-file
description: The path to the yaml file to deploy within the git source
- name: image-url
description: Image name including repository
- name: image-tag
description: Image tag
steps:
- name: update-yaml
image: alpine:3.16
command: ["sed"]
args:
- "-i"
- "-e"
- "s@__IMAGE__@$(params.image-url):$(params.image-tag)@g"
- "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
- name: run-kubectl
image: lachlanevenson/k8s-kubectl
command: ["kubectl"]
args:
- "apply"
- "-f"
- "$(workspaces.source.path)/source/deploy/$(params.deploy-config-file)"
---
参考文档
https://tekton.dev/docs/pipelines/tasks/